[python-ldap] Attribute syntax definitions
Michael Ströder
michael at stroeder.com
Mon Dec 3 22:12:29 CET 2012
Nyasha Chigwamba wrote:
> What you do you want to do with LDAP syntaxes?
>
> I would like to I would like to validate input in my client when adding or
> modifying new object instances.
LDAP syntaxes are most times not sufficient for input validation of attribute
values. Most times one needs more. In web2ldap I have plugin classes I can
register for LDAP syntaxes and attribute types. They have full access to the
whole LDAP entry and the subschema. Very handy.
> I would like to be able to create new instances of the various object classes
> from my client with the correct attributes in the correct format.
How generic should this be?
Note that DIT content rules also influence the set of attributes usable in an
entry. Some developers of a widely used LDAP client blame MS AD for not having
LDAPv3 compliant subschema but they fail to evaluate the DIT content rules...
Luckily python-ldap supports DIT content rules out-of-the-box.
> The ideal
> would be to support the all CRUD functions but I can live with create, read,
> and delete. In my client, I am doing the following:
> 1. Read the dn of the 'subschemaSubentry' from the root DSE (bearing in mind
> that this might not be possible due to access restrictions).
'subschemaSubentry' is an operational attribute in every entry. Bear in mind
that each part of the DIT could have its own subschema.
> 2. Read the schema by searching the dn retrieved in (1) for 'objectClasses'
> and 'attributeTypes'.
> 3. Package the schema into a format that is compatible with the rest of my
> application (pretty much the object classes and their attributes, including
> data_formats of the attributes). [I should probably only restrict this to the
> leaf nodes in the object class hierarchies]
You should also implement subschema caching.
> 4. The next task that I would like to tackle involves listing all the
> instances of each [structural?] object class under a given base dn.
> 5. If (4) works, I would like to start adding and deleting the instances.
How generic is this meant to be? Do you aim to fully support all LDAP servers?
Are you using python-ldap's module ldap.schema for that?
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20121203/109597f3/attachment.bin>
More information about the python-ldap
mailing list