[python-ldap] Inconsistent capitalization breaks schema parsing

Fri Sep 13 20:04:56 CEST 2013

Petr Viktorin wrote:
> Is this the proper place to bring bugs to the attention of python-ldap
> developers?

Yes.

Thanks for reporting issues here.

> I've noticed that inconsistent capitalization of attributes in a schema LDIF
> file can result in a SubSchema with some entries missing.
> Use the attached files to reproduce the issue.
> 
> The problem is that the LDIF parsing yields to something like
> `{'attributeTypes': [...], 'attributetypes': [...]}`, but when that is
> converted to a case-insensitive dict, one of the keys overwrites the other.
> 
> I'm not sure where to do a proper fix. Clean up the dictionary before
> converting? Modify the LDIF parser to normalize attribute names to the first
> value seen? Modify cidict to optionally handle conflicts like these?

For now I've added a work-around in function ldap.schema.subentry.urlfetch():

http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Lib/ldap/schema/subentry.py?r1=1.33&r2=1.34

The down-side is that it might not perform very well since list.extend() is
used and usually lots of attribute values are in the schema per multi-valued
attribute.

Please test and provide feedback.

Ciao, Michael.

Index: Lib/ldap/schema/subentry.py
===================================================================
RCS file: /cvsroot/python-ldap/python-ldap/Lib/ldap/schema/subentry.py,v
retrieving revision 1.33
diff -u -r1.33 subentry.py

--- Lib/ldap/schema/subentry.py	19 Feb 2012 13:49:30 -0000	1.33
+++ Lib/ldap/schema/subentry.py	13 Sep 2013 18:01:55 -0000
@@ -464,13 +464,13 @@
     l.simple_bind_s(ldap_url.who or '', ldap_url.cred or '')
     subschemasubentry_dn = l.search_subschemasubentry_s(ldap_url.dn)
     if subschemasubentry_dn is None:
-      subschemasubentry_entry = None
+      s_temp = None
     else:
       if ldap_url.attrs is None:
         schema_attrs = SCHEMA_ATTRS
       else:
         schema_attrs = ldap_url.attrs
-      subschemasubentry_entry = l.read_subschemasubentry_s(
+      s_temp = l.read_subschemasubentry_s(
         subschemasubentry_dn,attrs=schema_attrs
       )
     l.unbind_s()
@@ -480,7 +480,16 @@
     ldif_file = urllib.urlopen(uri)
     ldif_parser = ldif.LDIFRecordList(ldif_file,max_entries=1)
     ldif_parser.parse()
-    subschemasubentry_dn,subschemasubentry_entry = ldif_parser.all_records[0]
+    subschemasubentry_dn,s_temp = ldif_parser.all_records[0]
+  # Work-around for mixed-cased attribute names
+  subschemasubentry_entry = ldap.cidict.cidict()
+  for at,av in s_temp.items():
+    if at in SCHEMA_CLASS_MAPPING:
+      try:
+        subschemasubentry_entry[at].extend(av)
+      except KeyError:
+        subschemasubentry_entry[at] = av
+  # Finally parse the schema
   if subschemasubentry_dn!=None:
     parsed_sub_schema = ldap.schema.SubSchema(subschemasubentry_entry)
   else:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2398 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20130913/096bf5d9/attachment.bin>
