[python-ldap] LDAP Schema: MUST/MAY Attributes
michael at stroeder.com
Wed Jan 16 19:24:28 CET 2013
Nyasha Chigwamba wrote:
> I have created a client application that has minimal "schema-awareness". I
> would like to validate my data before I send to Active Directory. When
> creating a new instance for a user (objectClass: 'top',
> 'organizationalPerson', 'person', 'user'), I find that there are some
> attributes that are marked as MUST, yet they are not required by AD for the
> instance to be created. An example of one such attribute is
> I have looked at the web2lap interface and the addition of instances only has
> shows cn, objectClass, and sn as the required attributes. How can I do
> something similar? Should look at the USAGE property (0 = userApplications 1 =
> directoryOperation, 2 = distributedOperation, 3 = dSAOperation), in addition
> to the MUST or MAY property?
MS AD does not have a single attribute type description with USAGE in its
subschema (checked today on W2K8R2 because of OpenLDAP ITS#7493).
web2ldap does look at AttributeType.no_user_mod and AttributeType.collective.
If any of them is not None the attribute is considered not to be editable by
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
More information about the python-ldap