[python-ldap] LDAP Schema: MUST/MAY Attributes

Nyasha Chigwamba nyasha.chigwamba at voss-solutions.com
Wed Jan 16 10:06:17 CET 2013


Hi All,

I have created a client application that has minimal "schema-awareness". I
would like to validate my data before I send to Active Directory. When
creating a new instance for a user (objectClass: 'top',
'organizationalPerson', 'person', 'user'), I find that there are some
attributes that are marked as MUST, yet they are not required by AD for the
instance to be created. An example of one such attribute is
'nTSecurityDescriptor'.

I have looked at the web2lap interface and the addition of instances only
has shows cn, objectClass, and sn as the required attributes. How can I do
something similar? Should look at the USAGE property (0 = userApplications
1 = directoryOperation, 2 = distributedOperation, 3 = dSAOperation), in
addition to the MUST or MAY property?

Regards,
Nyasha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20130116/853b9756/attachment.html>


More information about the python-ldap mailing list