Implementation of LDAPControls

Ingo Steuwer steuwer at
Sat Feb 19 10:48:21 CET 2005

Am Freitag, 18. Februar 2005 19:53 schrieb Deepak Giridharagopal:
> Hello, me again. :)
> On Thu, 2005-02-17 at 16:30 -0600, Deepak Giridharagopal wrote:
> > The project I'm working on is at a point where this feature is a
> > necessity, so if implementation of this feature is at a standstill I'm
> > willing to get the ball rolling again.
> As a proof of concept, I've gone ahead and begun coding up support for
> LDAP Controls. My goal for the test was to successfully do an
> ldap_modify_ext operation on our Active Directory server, using AD's
> Security Descriptor Modification control (
> It works great!


I answered your mail yesterday but it was rejected because my attachement was 
too big. Enclosed you find my mail including the necessary code-extraction 
for basic ldap-controls in python-ldap.

Ingo Steuwer

> Hello
> we've implemented basic support for LDAP-Controls in Python LDAP. We defined 
> an LDAPControl Python-class and some helper function and pre-defined OID's 
> for using it. It is prepared for but lacks support of bervals (we don't need 
> it at the moment). We're using this version in our test-cases and think it 
> stable.
> You can i.e. see deleted DN's in AD by using:
> ------------------------------------------------------------------------
> import ldap
> lo ="ad-host")
> login_dn = "cn=Administrator,cn=Users,dc=windomain"
> login_pw = 'secret'
> lo.simple_bind_s(login_dn, login_pw)
> lc1 = ldap.create_control("LDAP_SERVER_SHOW_DELETED_OID")
> res = lo.search_ext_s(
>  "dc=w2k3st,dc=univention,dc=de",ldap.SCOPE_SUBTREE,sys.argv[1],serverctrls=[lc1])
> # print res
> ------------------------------------------------------------------------
> I wanted to send you this files earlier, but didn't had the time for it. 
> Attached you will find a tgz of "our" python-ldap -- I'm still to short on 
> time to make a patch...
> Included is an other extension of python-ldap which makes it possible to 
> request ldap-schema-definitions from an open-ldap-server. We're using this 
> for a long time but AFAIK it is not our implementation (at least not mine).
> To get a part of the "official" python-ldap package our 
> LDAP-Control-Implementation is provided with acknowledgment of the 
> python-license and there provided without any guaranty -- which means we are 
> not responsible for your problems with our code. Enough 
> "Legal-Department"-comments.
> We're interested in your meanings and experiences looking at or using our 
> and will try to help if there are any problems.
> Regards
> Ingo Steuwer

Ingo Steuwer       steuwer at         fon: +49 421 22 232- 0
Entwicklung        Linux for Your Business
Univention GmbH     fax: +49 421 22 232-99
-------------- next part --------------
A non-text attachment was scrubbed...
Name: python-ldap-controls.tgz
Type: application/x-tgz
Size: 48851 bytes
Desc: not available
URL: <>

More information about the python-ldap mailing list