A first look at ldaplib.connection.LDAPConnection

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Federico Di Gregorio wrote:
> 
>         anyway, i begun to study/use ldap only 1 month ago, so comments
> and criticism is not only wellcome, but needed!

My comments about class ldap.connection.LDAPConnection:

1. Do you really think you need a high-level wrapper class around
_ldap?
Why are you doing this?

2. You make several assumptions which are not valid on most LDAP
hosts:

What's the meaning of filter = '(!(dn=*))' ?
On most systems entries do not have a dn attribute. The dn does not
appear in the entry's data itself.

self.filter = 'cn=*' does not make sense for general browsing of the
next sub-level. E.g. entries with object class organizationalUnit
does not have a cn attribute. Use the filter objectClass=* instead
because having an attribute objectClass is mandantory for entries.

You're setting self.base = binding_dn in ldap.connection.__init__().
I'm not sure what you're trying to do. The bind DN and the DN of the
current node you're browsing are most times not related at all. E.g.
you should set self.base = '' for start browsing from the RootDSE or
to a base DN pre-configured on the client side.

General note:
I highly recommend testing your library and client against
well-designed public LDAP hosts. E.g. nldap.com, ldap.novell.com,
elvira.innosoft.com (I'm not sure if they're happy about it). E.g.
db.debian.org is not a well-designed LDAP host because most entries
do not even have (correct) objectClass attributes. And
ldap.bigfoot.com, netcenter and other LDAP hosts pre-configured in
Netscape Communicator really suck!

Personal note:
I also highly recommend that you play around with web2ldap since
it's tested against various servers (OpenLDAP, Lotus Domino, several
public servers) and trys to be as tolerant as possible and behave
nicely for handling all the different situations/errors. Despite its
bad design web2ldap is also one of the most complete generic LDAP
clients around.
The handling of schemes and attributes is rather rude. There's no
class library yet. (I will write a proposal for a class lib in a
different posting). To be honest: E.g. displaying attributes is done
brute-force by figuring out which data is displayed (e.g. by pattern
checking for LDAP-URLs, URLs, DNs like e-mail clients usually do).
And the object class handling just knows about required and allowed
attributes. But I think the UI is quite useful now and browsing is
correctly done. Look at your server's log to learn about the search
filters used.

It does not have a tree view since this impossible on non-graphic
browsers like lynx. Use the "Go down" buttons to browse next level
below of the current entry.

Feel free to send comments about web2ldap!

Ciao, Michael.