[python-ldap] Overlays and python-ldap
Christian Heimes
christian at python.org
Tue Nov 17 13:18:16 EST 2020
On 16/11/2020 17.10, Éloi Rivard wrote:
> Hi.
>
> I would like to check what overlays are installed and enabled in a
> slapd instance (for instance ppolicy or memberof). I am not really sure
> how to achieve this, and was hopping to find some clues here.
>
> Also, by playing with the ObjectClass [1] class and the subschema
> module, I can find all the available attributes for a given class, say
> inetOrgPerson. Enabling the memberof module would allow a new virtual
> 'memberof' attribute. However I could not manage to get the information
> "the memberof attribute is available on that class" in a pythonic way.
>
> Do you have some clues? Should I open a feature request ticket?
As Ondřej already explained, supported controls are listed in the root
DSE entry. Supported controls, extensions, features, and other flags are
available for anonymous binds. The attribute names and OIDs are
standardized.
Example:
>>> import ldap
>>> from ldap.controls import SimplePagedResultsControl
>>> oid = SimplePagedResultsControl.controlType.encode('ascii')
>>> oid
b'1.2.840.113556.1.4.319'
>>> conn = ldap.initialize("ldap://localhost")
>>> oid in conn.read_rootdse_s()['supportedControl']
True
Features like memberOf plugin are implementation specific. 389-DS has
its configuration in "cn=MemberOf Plugin,cn=plugins,cn=config". The
entry is only accessible by "cn=Directory Manager" user. OpenLDAP may
store the plugin configuration somewhere else.
In 389-DS the "memberOf" attribute must be defined in one or more
objectClasses of an entry. For example 389-DS defines nsMemberOf class:
( 2.16.840.1.113730.3.2.329 NAME 'nsMemberOf' DESC 'Allow memberOf
assignment on groups for nesting and users' SUP top AUXILIARY MAY
memberOf X-ORIGIN ( '389 Directory Server Project' 'user defined' ) )
Fun fact: The "ns" prefixes stands for Netscape.
Christian
More information about the python-ldap
mailing list