controls and BER encoding of its values
Andreas Hasenack
ahasenack at terra.com.br
Fri Jun 1 00:23:36 CEST 2007
On Mon, May 28, 2007 at 08:07:09PM +0200, Michael Ströder wrote:
> Andreas Hasenack wrote:
> >
> > last Friday I played a bit with controls in python-ldap. I was trying to
> > get the matched-values control (LDAP_CONTROL_VALUESRETURNFILTER) to
> > work.
>
> Feel free to contribute your results.
>
> > It seems I have to manually do the BER encoding of the values. I googled
> > for some modules and pyasn1 seems to be the most complete one, but I
> > would have to basically write classes for the whole LDAP spec :(
>
> You can use pyasn1 for just creating the BER en-/decoding the control
> values. Please look into Lib/ldap/controls.py to get the idea how you
> can implement the methods for encoding and decoding in sub-classes of
> ldap.controls.LDAPControl.
I think it worked. Luckily in my case the OpenLDAP library already has a
function called ldap_put_vrFilter() which I could use to do all the
encoding of a ValuesReturn filter.
Using a bit of monkey see, monkey do, I have such a filter working now:
mv = MatchedValuesControl(criticality=True,"(mail=*@example.com)")
res = ld.search_ext_s(base, scope, filter, attrlist = ['mail'], serverctrls = [mv])
In this example, if the entry matching the filter has:
mail: foo at example.com
mail: foo at example.org
The result will only have "mail: foo at example.com". Without the control,
the result would have both mail attributes.
I will still see about the decode part and then post what I have.
More information about the python-ldap
mailing list