[python-ldap] Overlays and python-ldap

Ondřej Kuzník ondra at mistotebe.net
Tue Nov 17 10:45:06 EST 2020

On Mon, Nov 16, 2020 at 05:10:30PM +0100, Éloi Rivard wrote:
> Hi.
> I would like to check what overlays are installed and enabled in a
> slapd instance (for instance ppolicy or memberof). I am not really sure
> how to achieve this, and was hopping to find some clues here.

Hi Éloi,
to see what overlays are enabled on a backend, you need read access to
cn=config or cn=monitor to tell. If you just want to use a control, see
if it's listed in the rootDSE, if you want to use an objectClass, see if
it's listed in the schema subentry.

> Also, by playing with the ObjectClass [1] class and the subschema
> module, I can find all the available attributes for a given class, say
> inetOrgPerson. Enabling the memberof module would allow a new virtual
> 'memberof' attribute. However I could not manage to get the information
> "the memberof attribute is available on that class" in a pythonic way.

Depends on the attribute. If memberof is marked operational (which the
OpenLDAP overlay does), it is managed by the server and operates outside
objectClass restrictions.

> Do you have some clues? Should I open a feature request ticket?

More information about the python-ldap mailing list