python-ldap as replication client

Eric Brunson brunson at
Tue Mar 22 21:59:05 CET 2011

On 03/11/2011 11:24 AM, Michael Ströder wrote:
> Eric Brunson wrote:
>> On 03/11/2011 11:00 AM, Michael Ströder wrote:
>>> Eric Brunson wrote:
>>>> On 03/11/2011 05:40 AM, Michael Ströder wrote:
>>>>> No matter which sync protocol you implement it's very likely that
>>>>> you need
>>>>> python-LDAP from CVS HEAD (will be python 2.4) since this version
>>>>> contains
>>>>> code to extract response controls from intermediate responses.
>>>> I'm currently working on a project that requires me to do a syncrepl
>>>> from python and after much, much reading I'm afraid that the python-ldap
>>>> library does not implement 4533 correctly.
>>>> Sync cookies are only retrieved by python-ldap if they are returned in a
>>>> server control, however this is only the case in an
>>>> protocol passes both deletes and presence records in
>>>> LDAP_RES_INTERMEDIATE packets, which don't get returned to the python
>>>> caller as they don't have LDAP entries in them, and cookies are also
>>>> returned in these intermediate result packets, but not in a server
>>>> control, so those are missed.
>>> The patches in CVS HEAD were contributed by Rich exactly to make syncrepl
>>> possible with python-ldap. If you think the current implementation in
>>> still has deficiencies regarding controls in intermediate responses I
>>> happily
>>> will review a patch. ;-)
>> Wow, Michael, that is super awesome news.  I'll check the CVS head, try
>> it out and get back to you.
> Make sure to set the right arguments for LDAPObject.result4().
> Ciao, Michael.

Michael and all,

The new code works great, thanks so much for the new features.

I do have one issue, and maybe I'm just not looking in the correct 
place.  The Sync Info Message returns a syncInfoValue which is a BER 
encoded ASN.1 CHOICE structure:

    syncInfoValue ::= CHOICE {
               newcookie      [0] syncCookie,
               refreshDelete  [1] SEQUENCE {
                   cookie         syncCookie OPTIONAL,
                   refreshDone    BOOLEAN DEFAULT TRUE
               refreshPresent [2] SEQUENCE {
                   cookie         syncCookie OPTIONAL,
                   refreshDone    BOOLEAN DEFAULT TRUE
               syncIdSet      [3] SEQUENCE {
                   cookie         syncCookie OPTIONAL,
                   refreshDeletes BOOLEAN DEFAULT FALSE,
                   syncUUIDs      SET OF syncUUID

The data is returned and I've been able to successfully decode it with 
the PyASN1 BER codec, but I can't find any indication of the choice 
index being returned in the value.   I don't know that the refreshDelete 
and the refreshPresent are distinguishable from each other without 
additional information, but I see that the value being returned from 
result4() is simply what ldap_parse_intermediate() returns, without any 
indication of the choice index.  Looking at the raw BER encoded packet 
in wireshark, it would seem that the two bytes before the data being 
returned have the index embedded in the second byte.

I'm sure this must simply be something I'm overlooking.  Any help?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the python-ldap mailing list