Re: Implementation of LDAPControls

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Am Freitag, 18. Februar 2005 19:53 schrieb Deepak Giridharagopal:
> Hello, me again. :)
>
> On Thu, 2005-02-17 at 16:30 -0600, Deepak Giridharagopal wrote:
> > The project I'm working on is at a point where this feature is a
> > necessity, so if implementation of this feature is at a standstill I'm
> > willing to get the ball rolling again.
>
> As a proof of concept, I've gone ahead and begun coding up support for
> LDAP Controls. My goal for the test was to successfully do an
> ldap_modify_ext operation on our Active Directory server, using AD's
> Security Descriptor Modification control (http://tinyurl.com/5tlok).
>
> It works great!
>

Hello

I answered your mail yesterday but it was rejected because my attachement w=
as=20
too big. Enclosed you find my mail including the necessary code-extraction=
=20
for basic ldap-controls in python-ldap.

Regards
Ingo Steuwer

> Hello
>=20
> we've implemented basic support for LDAP-Controls in Python LDAP. We defi=
ned=20
> an LDAPControl Python-class and some helper function and pre-defined OID'=
s=20
> for using it. It is prepared for but lacks support of bervals (we don't n=
eed=20
> it at the moment). We're using this version in our test-cases and think i=
t=20
is=20
> stable.
>=20
> You can i.e. see deleted DN's in AD by using:
>=20
> ------------------------------------------------------------------------
> import ldap
> lo =3D ldap.open("ad-host")
> login_dn =3D "cn=3DAdministrator,cn=3DUsers,dc=3Dwindomain"
> login_pw =3D 'secret'
>=20
> lo.simple_bind_s(login_dn, login_pw)
> lc1 =3D ldap.create_control("LDAP_SERVER_SHOW_DELETED_OID")
> res =3D lo.search_ext_s(
> =A0"dc=3Dw2k3st,dc=3Dunivention,dc=3Dde",ldap.SCOPE_SUBTREE,sys.argv[1],s=
erverctrls=3D[lc1])
> # print res
> ------------------------------------------------------------------------
>=20
> I wanted to send you this files earlier, but didn't had the time for it.=
=20
> Attached you will find a tgz of "our" python-ldap -- I'm still to short o=
n=20
> time to make a patch...
>=20
> Included is an other extension of python-ldap which makes it possible to=
=20
> request ldap-schema-definitions from an open-ldap-server. We're using thi=
s=20
> for a long time but AFAIK it is not our implementation (at least not mine=
).
>=20
> To get a part of the "official" python-ldap package our=20
> LDAP-Control-Implementation is provided with acknowledgment of the=20
> python-license and there provided without any guaranty -- which means we =
are=20
> not responsible for your problems with our code. Enough=20
> "Legal-Department"-comments.
>=20
> We're interested in your meanings and experiences looking at or using our=
=20
code=20
> and will try to help if there are any problems.
>=20
> Regards
> Ingo Steuwer
>=20

=2D-=20
Ingo Steuwer       st...@un...         fon: +49 421 22 232- 0
Entwicklung        Linux for Your Business
Univention GmbH    http://www.univention.de/     fax: +49 421 22 232-99