python-ldap-dev — discussion among developers

Re: Error: Schema fetching on Oracle Directory Server

[<mi...@st...>]

Wido Depping wrote:
> 
> Attached are the updated testcase file and my improved split_tokens() function.

Hmm, I really dislike your constant keywordDict although I somewhat like 
the idea behind it. But this list of keywords is simply not sufficient.
=> I modified function ldap.schema.tokenizer.extract_tokens() to pass 
argument known_tokens down to your version of split_tokens() as new 
argument keywordDict.

But now the test_tokenizer.py script does not work anymore although 
web2ldap and the script Demo/schema.py seems to work with it.

Well, this surely needs more testing. Please remember to send me a LDIF 
file of Oracle's sub schema sub entry.

Ciao, Michael.

Re: Python-LDAP for Python 2.4?

[<mi...@st...>]

Mauro Cicognini wrote:
> Michael Ströder wrote:
> 
>> Mauro Cicognini wrote:
>>
>>> BTW the Windows setup.cfg in the distro still is the old "MSVC" one, 
>>> I have the new MinGW one I'm using if anyone's interested.
>>
>> Please send it to the list. I'll add it under Build/.
>>
>> Maybe you already sent it to me. In that case I simply lost track of it.
> 
> Here it is (sorry for the delay).
> Hope someone finds it useful :-)

Added to CVS.

Ciao, Michael.

LDAP sorting routines

[Marc B. <ma...@ms...>]

Hi

OpenLDAP specifies a set of functions to sort a result set:

ldap_sort_entries(),  ldap_sort_values(), and ldap_sort_strcasecmp()

I did not find these functions in the documentation of python-ldap.  Is 
there a reason they are not available in python?  Could they be added?

Regards,
Marc Balmer

Re: Python-LDAP for Python 2.4?

[Mauro C. <mci...@li...>]

Michael Str=F6der wrote:

> Mauro Cicognini wrote:
>
>> BTW the Windows setup.cfg in the distro still is the old "MSVC" one,=20
>> I have the new MinGW one I'm using if anyone's interested.
>
>
> Please send it to the list. I'll add it under Build/.
>
> Maybe you already sent it to me. In that case I simply lost track of it=
=2E
>
> Ciao, Michael.=20

Here it is (sorry for the delay).
Hope someone finds it useful :-)

Ciao,
Mauro

Re: Error: Schema fetching on Oracle Directory Server

[Wido D. <wid...@gm...>]

On Thu, 20 Jan 2005 09:23:22 +0100, Michael Str=F6der
<mi...@st...> wrote:
> There seems to be something wrong with your version of function
> ldap.schema.tokenizer.split_tokens(). I've experienced some strange
> issues when accessing MS AD with web2ldap.
>=20
> Find attached a script I'm using for regression testing. It fails with
> your implementation. Maybe it helps you to sort out the problems. Please
> extend this script to also cover the Oracle-specific test cases and send
> it back to me. Hmm, the script should be also in
> Tests/Lib/ldap/schema/test_tokenizer.py of python-ldap's CVS.
> (Not sure, I'm off-line on the train while writing this.)
>=20
> Ciao, Michael.

Hi Michael,
Attached are the updated testcase file and my improved split_tokens() funct=
ion.
This time I use string.split() and string.join() to benefit from their
speed. The added checking in order to comply with the test cases has
the result, that the new algorithm is only slightly faster than the
old one. But now it should work with all known servers :)

mfg.
  Wido
--=20
Wido Depping
ICQ: 51303067    AIM: wido3379
Jabber: wi...@ja...
Blog: http://widoww.blogspot.com

Re: Error: Schema fetching on Oracle Directory Server

[<mi...@st...>]

Wido,

Michael Ströder wrote:
> 
>> Since the old split_token(string) function wasn't documented and not
>> well prepared for handling these special cases, I rewrote the
>> function. It can be found here:
>> http://home.tu-clausthal.de/~ifwd/luma/split_tokens.py
> 
> I'm currently testing your code.

There seems to be something wrong with your version of function 
ldap.schema.tokenizer.split_tokens(). I've experienced some strange 
issues when accessing MS AD with web2ldap.

Find attached a script I'm using for regression testing. It fails with 
your implementation. Maybe it helps you to sort out the problems. Please 
extend this script to also cover the Oracle-specific test cases and send 
it back to me. Hmm, the script should be also in 
Tests/Lib/ldap/schema/test_tokenizer.py of python-ldap's CVS.
(Not sure, I'm off-line on the train while writing this.)

Ciao, Michael.

Re: Python-LDAP for Python 2.4?

[<mi...@st...>]

Mauro Cicognini wrote:
> BTW the Windows setup.cfg in the distro still is the old "MSVC" one, I 
> have the new MinGW one I'm using if anyone's interested.

Please send it to the list. I'll add it under Build/.

Maybe you already sent it to me. In that case I simply lost track of it.

Ciao, Michael.

Re: Python-LDAP for Python 2.4?

[Mauro C. <mci...@si...>]

Mauro Cicognini scrive:

> Wim Hoekman scrive:
>
>> Hi,
>>
>> I'm currently using an older version of Python-ldap, but I've 
>> recently switched to Python 2.4.
>>
>> Is there any change of having a build for Python 2.4 (Windows version)?
>>
>> Thanks in advance.
>>
>> Best regards,
>>
>> Wim Hoekman.
>>
> I'm just having trouble finding the time to launch make :-(
> But don't worry, I need the new build for myself too, so it should be 
> a matter of days.
>
> Check back on my site next week.
>
> Mauro
>
The new Python-LDAP 2.0.6  for Python 2.4 build is on my site.

It still is built against OpenLDAP 2.2.18 since no improvements were 
made to the client libs. OpenSSL has not released anything newer than 
0.9.7e which is what I'm using.

Sorry I did not upgrade the Python 2.3 component (it's still PythonLDAP 
2.0.4), I don't think it's worthwhile.

BTW the Windows setup.cfg in the distro still is the old "MSVC" one, I 
have the new MinGW one I'm using if anyone's interested.

BR,
Mauro

Re: Totally stumped on how to use async.

[<mi...@st...>]

Ryan Parrish wrote:
> I would like to recall issue #2, I'm an idiot and it DOES work.  But
> I'm still stumped on getting all my results.

I'm a little bit in a hurry and did not analyze your code.

But this might be for you:

http://python-ldap.sourceforge.net/doc/python-ldap/ldap.async-example.List.html

You still should think about dividing your single search request into 
several search requests with more fine-grained search filter values.

Ciao, Michael.

RE: Totally stumped on how to use async.

[Ryan P. <Ry...@fo...>]

I would like to recall issue #2, I'm an idiot and it DOES work.  But I'm =
still stumped on getting all my results.
=20


-Ryan Parrish=20
-----Original Message-----
From: pyt...@li... =
[mailto:pyt...@li...] On Behalf Of Ryan =
Parrish
Sent: Thursday, January 13, 2005 9:39 AM
To: pyt...@li...
Subject: Totally stumped on how to use async.

Let me preface by saying that I am kind of a newbie with LDAP. =20
Here is my problem, I would like to use python-ldap to query the =
proxyAddresses on my AD domain controller, and eventually write it out =
to a file.  But since this is AD I have to limit my queries to under =
1000 results. =20
I am trying to mimic the functionality of this Perl script =
http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl

1.) When I use the example on the site for asynchronies queries, I don't =
get all the results - I get 2000 (which I don't understand why, but =
there is actually =
3106)http://homepage.mac.com/mengelhart/python-ldap-samples.html#search
2.) The way I understand 'retrieveAttribuites' to work would be that I =
only retrieve one particular attribute for each 'cn', and that is how it =
appears to work in the 'directoyassist' 3rd party script off the site.  =
So I figured that I could put ['proxyAddresses'] in there and only =
receive the proxyAddresses, but when I use anything except None I get no =
results back.

Here is what I have, it is almost a verbatim copy of the example, if you =
could just give me some pointers on how to use the async queries I will =
be on my way. Thanks.=20
PS I have tried on both my Linux and win box and get the exact same =
results.


#!/usr/bin/env python
import ldap
from string import split

try:
    l =3D ldap.open("10.11.2.33")
    l.simple_bind_s('A user name','*****') except ldap.LDAPError, e:
    print e

baseDN =3D "dc=3Dfoxracing,dc=3Dcom"
searchScope =3D ldap.SCOPE_SUBTREE
retrieveAttributes =3D None
#sizelimit =3D 990

searchFilter =3D "(& (mailnickname=3D*) (| (&(objectCategory=3Dperson) \
(objectClass=3Duser)(!(homeMDB=3D*))(!(msExchHomeServerName=3D*))) \
(&(objectCategory=3Dperson)(objectClass=3Duser)(|(homeMDB=3D*) \
(msExchHomeServerName=3D*)))(&(objectCategory=3Dperson)(objectClass=3Dcon=
tact)) \
(objectCategory=3Dgroup)(objectCategory=3DpublicFolder) ))"

try:
    ldap_result_id =3D l.search(baseDN, searchScope, searchFilter, =
retrieveAttributes)
    while 1:
	result_type, result_data =3D l.result(ldap_result_id, 0)
	if (result_data =3D=3D []):
            break
        else:
	    if result_type =3D=3D ldap.RES_SEARCH_ENTRY:
		for entry in result_data[0][1]['proxyAddresses']:
		    if 'SMTP' in entry:
			email =3D "%s OK" % (split(entry, ':')[1])
			print email
except ldap.LDAPError, e:
    print e

_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_

Ryan Parrish
ry...@fo...
IT Dept.
408-776-8633 extension 1229
Please direct all support questions to - (=AF`=B7.=B8=B8.-> =
its...@fo...

_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_=20


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE =
limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Python-LDAP-dev mailing list
Pyt...@li...
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev

Totally stumped on how to use async.

[Ryan P. <Ry...@fo...>]

Let me preface by saying that I am kind of a newbie with LDAP. =20
Here is my problem, I would like to use python-ldap to query the =
proxyAddresses on my AD domain controller, and eventually write it out =
to a file.  But since this is AD I have to limit my queries to under =
1000 results. =20
I am trying to mimic the functionality of this Perl script =
http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl

1.) When I use the example on the site for asynchronies queries, I don't =
get all the results - I get 2000 (which I don't understand why, but =
there is actually =
3106)http://homepage.mac.com/mengelhart/python-ldap-samples.html#search
2.) The way I understand 'retrieveAttribuites' to work would be that I =
only retrieve one particular attribute for each 'cn', and that is how it =
appears to work in the 'directoyassist' 3rd party script off the site.  =
So I figured that I could put ['proxyAddresses'] in there and only =
receive the proxyAddresses, but when I use anything except None I get no =
results back.

Here is what I have, it is almost a verbatim copy of the example, if you =
could just give me some pointers on how to use the async queries I will =
be on my way. Thanks.=20
PS I have tried on both my Linux and win box and get the exact same =
results.


#!/usr/bin/env python
import ldap
from string import split

try:
    l =3D ldap.open("10.11.2.33")
    l.simple_bind_s('A user name','*****')=20
except ldap.LDAPError, e:
    print e

baseDN =3D "dc=3Dfoxracing,dc=3Dcom"
searchScope =3D ldap.SCOPE_SUBTREE
retrieveAttributes =3D None
#sizelimit =3D 990

searchFilter =3D "(& (mailnickname=3D*) (| (&(objectCategory=3Dperson) \
(objectClass=3Duser)(!(homeMDB=3D*))(!(msExchHomeServerName=3D*))) \
(&(objectCategory=3Dperson)(objectClass=3Duser)(|(homeMDB=3D*) \
(msExchHomeServerName=3D*)))(&(objectCategory=3Dperson)(objectClass=3Dcon=
tact)) \
(objectCategory=3Dgroup)(objectCategory=3DpublicFolder) ))"

try:
    ldap_result_id =3D l.search(baseDN, searchScope, searchFilter, =
retrieveAttributes)
    while 1:
	result_type, result_data =3D l.result(ldap_result_id, 0)
	if (result_data =3D=3D []):
            break
        else:
	    if result_type =3D=3D ldap.RES_SEARCH_ENTRY:
		for entry in result_data[0][1]['proxyAddresses']:
		    if 'SMTP' in entry:
			email =3D "%s OK" % (split(entry, ':')[1])
			print email
except ldap.LDAPError, e:
    print e

_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_

Ryan Parrish
ry...@fo...
IT Dept.
408-776-8633 extension 1229
Please direct all support questions to -
(=AF`=B7.=B8=B8.-> its...@fo...

_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_=20

Re: Error: Schema fetching on Oracle Directory Server

[Wido D. <wid...@gm...>]

On Wed, 12 Jan 2005 07:51:29 +0100, Michael Str=F6der
<mi...@st...> wrote:
> > In the current shape, the function is only 3% slower than the old
> > code, but works with all LDAP servers, including Oracle now.
>=20
> I will test. I'd be happy if you provide a LDIF dump of a sub schema
> entry of Oracle's OID.

I'll do that tomorrow.

>=20
> > But if we
> > could use string.split(aList), this algorithm would be 3 times faster
> > than the current one.
>=20
> I currently do not have the time to analyse this any further. Can you
> please explain why string.split(aList) can't be used within your
> implementation?

Hmm, nothing. I may not have expressed myself clearly enough. I wasn't
sure if you were following certain coding conventions, so i tried to
do the algortihm as simple as possible and keeping the usage of the
string module low. But since we can use this module, the part can be
replaced by string.split().

If have a more general question about some things you do in the source
code. At some points you assign a function from a module to a
variable, like "string_split =3D string.split".
I've asked myself, why you do this. Is it to improve speed? Your
assignment would spare a lookup of split in the string module and be
somehow faster.
But some quick testing showed, that this trick only gains 0.3 seconds
when splitting a string 1.000.000 times.

> > I leave it up to you, to integrate my function, or find your own
> > solution.
>=20
> I'd add your code to python-ldap provided you give away copyright for it
> to the python-ldap project. Please confirm (list Cc:-ed).

I hereby grant the python-ldap project
(http://python-ldap.sourceforge.net/) my copyright belonging to all
parts of code, which is meant to be included into python-ldap. This
includes all future commits, unless otherwise stated.
=20
mfg.
  Wido
--=20
Wido Depping
ICQ: 51303067    AIM: wido3379
Jabber: wi...@ja...
Blog: http://widoww.blogspot.com

Re: valid DN and empty password : bug?

[<mi...@st...>]

Olivier Grisel wrote:
> 
> The server has an inetOrgPerson entry 'uid=toto,dc=mydomain,dc=com' with
> the corresponding userPassword set to some regular non empty value
> (something like '{SSHA}sgqsdfqs[...]' ).
> 
> When a do a simple_bind_s with toto's DN and the empty password string,
> the simple_bind_s succeeds! Although, if I try with another (non empty)
> wrong password string I get the expected ldap.INVALID_CREDENTIALS 
> exception.

This is a normal behaviour. But as you already experienced it depends on 
the LDAP server implementation.

(I remember this being debated to death on some IETF mailing lists.)

> but I
> haven't asked python-ldap to bind anonymously, I want it to try to bind
> with the specified DN (uid=toto,dc=mydomain,dc=com).

Some LDAP servers regard an empty password as implicitly being an 
anonymous bind but the log the bind-DN.

> I can't reproduce this bug with my OpenLDAP (slapd) server, since I get
> the following exception ( toto's DN with an empty password):
> """
> ldap.UNWILLING_TO_PERFORM: {'info': 'unauthenticated bind (DN with no
> password) disallowed', 'desc': 'Server is unwilling to perform'}
> """
> OpenLDAP refuses empty passwords.

The OpenLDAP developers simply had a different point of view how to 
handle such a simple bind request by default. You can change this 
behaviour. See the description for config directive "allow bind_anon_dn" in
man 5 slapd.conf:

allow <features>
[..]
bind_anon_dn allows unauthenticated (anonymous) bind when DN
is not empty.
[..]

Refer to the OpenLDAP lists and their archives for reading more about it.

> It seems to me that python-ldap falls back to anonymous if the
> authentication with empty password fails,

Nope! The LDAP client parts are just a primitive wrapper around the 
OpenLDAP API.

Note that my LDAP client application web2ldap implicitly assumes a anon 
bind if a users enters a bind-DN without a password. The bind-DN is set 
to empty string by web2ldap in this case. But python-ldap simply passes 
what the client application told it to send to the LDAP server.

> which is not the expected
> behavior (or is it ?). I would like it to raise ldap.INVALID_CREDENTIALS
> instead.

In case of an error python-ldap directly maps the result code returned 
by the LDAP server to an ldap.LDAPError exception raised. python-ldap 
has no additional behaviour regarding error handling. Your LDAP client 
application has to deal with different error codes returned by different 
LDAP server implementations.

> I am sorry if this is an known bug,

It's definitely not a python-ldap bug.

Ciao, Michael.

valid DN and empty password : bug?

[Olivier G. <og...@nu...>]

Hello list,

I experiment a strange behavior (bug?) with python-ldap 2.0.4 and
Sun/Netscape iPlanet LDAP server.

Use case:
The server has an inetOrgPerson entry 'uid=toto,dc=mydomain,dc=com' with
the corresponding userPassword set to some regular non empty value
(something like '{SSHA}sgqsdfqs[...]' ).

When a do a simple_bind_s with toto's DN and the empty password string,
the simple_bind_s succeeds! Although, if I try with another (non empty)
wrong password string I get the expected ldap.INVALID_CREDENTIALS exception.

NB: anonymous has the 'read' permission on the whole directory, but I
haven't asked python-ldap to bind anonymously, I want it to try to bind
with the specified DN (uid=toto,dc=mydomain,dc=com).

I can't reproduce this bug with my OpenLDAP (slapd) server, since I get
the following exception ( toto's DN with an empty password):
"""
ldap.UNWILLING_TO_PERFORM: {'info': 'unauthenticated bind (DN with no
password) disallowed', 'desc': 'Server is unwilling to perform'}
"""
OpenLDAP refuses empty passwords.

It seems to me that python-ldap falls back to anonymous if the
authentication with empty password fails, which is not the expected
behavior (or is it ?). I would like it to raise ldap.INVALID_CREDENTIALS
instead.

I am sorry if this is an known bug, but google couldn't help mefind
references on it.

Regards

Olivier

valid DN and empty password : bug?

[Olivier G. <og...@nu...>]

Hello list,

I experiment a strange behavior (bug?) with python-ldap 2.0.4 and 
Sun/Netscape iPlanet LDAP server.

Use case:
The server has an inetOrgPerson entry 'uid=toto,dc=mydomain,dc=com' with 
the corresponding userPassword set to some regular non empty value 
(something like '{SSHA}sgqsdfqs[...]' ).

When a do a simple_bind_s with toto's DN and the empty password string, 
the simple_bind_s succeeds! Although, if I try with another (non empty) 
wrong password string I get the expected ldap.INVALID_CREDENTIALS exception.

NB: anonymous has the 'read' permission on the whole directory, but I 
haven't asked python-ldap to bind anonymously, I want it to try to bind 
with the specified DN (uid=toto,dc=mydomain,dc=com).

I can't reproduce this bug with my OpenLDAP (slapd) server, since I get 
the following exception ( toto's DN with an empty password):
"""
ldap.UNWILLING_TO_PERFORM: {'info': 'unauthenticated bind (DN with no 
password) disallowed', 'desc': 'Server is unwilling to perform'}
"""
OpenLDAP refuses empty passwords.

It seems to me that python-ldap falls back to anonymous if the 
authentication with empty password fails, which is not the expected 
behavior (or is it ?). I would like it to raise ldap.INVALID_CREDENTIALS 
instead.

I am sorry if this is an known bug, but google couldn't help mefind 
references on it.

Regards

Olivier

Re: Error: Schema fetching on Oracle Directory Server

[<mi...@st...>]

Wido Depping wrote:
> I've looked into this issue the last hours and have found a solution
> to this. Unfortunately this means (from my perspective) that the old
> split_tokens(string) function must be replaced.

Thanks for diving into it.

> Since the old split_token(string) function wasn't documented and not
> well prepared for handling these special cases, I rewrote the
> function. It can be found here:
> http://home.tu-clausthal.de/~ifwd/luma/split_tokens.py

I'm currently testing your code.

> In the README file
> is specified, that the code should be compatible with Python 1.5. My
> code is compatible with this version. But it needs at least the import
> of the string module, which is provided with 1.5 (Checked in the docs
> from python.org).

Well, ldap.schema is probably not compatible with Python 1.5. I'd really 
like to drop support for older Python versions but that's another issue.

> In the current shape, the function is only 3% slower than the old
> code, but works with all LDAP servers, including Oracle now.

I will test. I'd be happy if you provide a LDIF dump of a sub schema 
entry of Oracle's OID.

> But if we
> could use string.split(aList), this algorithm would be 3 times faster
> than the current one.

I currently do not have the time to analyse this any further. Can you 
please explain why string.split(aList) can't be used within your 
implementation?

> I leave it up to you, to integrate my function, or find your own
> solution.

I'd add your code to python-ldap provided you give away copyright for it 
to the python-ldap project. Please confirm (list Cc:-ed).

Ciao, Michael.

Re: Python-LDAP for Python 2.4?

[Mauro C. <mci...@si...>]

Wim Hoekman scrive:

> Hi,
>
> I'm currently using an older version of Python-ldap, but I've recently 
> switched to Python 2.4.
>
> Is there any change of having a build for Python 2.4 (Windows version)?
>
> Thanks in advance.
>
> Best regards,
>
> Wim Hoekman.
>
I'm just having trouble finding the time to launch make :-(
But don't worry, I need the new build for myself too, so it should be a 
matter of days.

Check back on my site next week.

Mauro

Error: Schema fetching on Oracle Directory Server

[Wido D. <wid...@gm...>]

Hi All,
I've a problem with Luma when fetching the schema information from an
Oracle Directory Server. Normal search operations work fine, but since
I won't allow any editing of attributes without knowing the schema,
I'm somehow stuck.
Upgrading to 2.0.6 didn't solve the problem either :(

Here's the relevant part of the backtrace I get:

Traceback (most recent call last):
 File "/home/wido/src/luma/lib/luma/base/backend/ObjectClassAttributeInfo.py",
line 83, in retrieveInfoFromServer
   subschemasubentry_dn,schema = ldap.schema.urlfetch(tmpUrl)
 File "/usr/lib/python2.3/site-packages/ldap/schema/subentry.py",
line 415, in urlfetch
   parsed_sub_schema = ldap.schema.SubSchema(subschemasubentry_entry)
 File "/usr/lib/python2.3/site-packages/ldap/schema/subentry.py",
line 51, in __init__
   se_instance = se_class(attr_value)
 File "/usr/lib/python2.3/site-packages/ldap/schema/models.py", line
49, in __init__
   d = extract_tokens(l,self.token_defaults)
 File "/usr/lib/python2.3/site-packages/ldap/schema/tokenizer.py",
line 56, in extract_tokens
   assert l[0].strip()=="(" and l[-1].strip()==")",ValueError(l)
AssertionError: ['(', '2.16.840.1.113894.5.101.1.1063', 'NAME',
'orclUMCTGroupConfig', 'DESC', 'Configuration name defined in the
Media Service', 's', 'Application', 'Profile', ' SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )']

The value for tmpUrl, the url of the server, is something like this:
 tmpUrl = "ldap://my.oracle.server.com:389"

If you aren't able to fix this bug only with the backtrace, I can give
you the mail of the server admin, who may give you access to his
machine.

mfg.
  Wido
-- 
Wido Depping
ICQ: 51303067    AIM: wido3379
Jabber: wi...@ja...
Blog: http://widoww.blogspot.com

Re: how to use modlist?

[Wido D. <wid...@gm...>]

On Tue, 04 Jan 2005 16:12:12 +0700, tn...@it... <tn...@it...> wrote:
> Sorry for my stupid question but the document on ldap.modlist is not
> clear and no example.
> I've tried to use function addModlist like below
> ldap.modlist.addModlist(['key','value'])
> and receive the error
> ...
> AttributeError: 'list' object has no attribute 'keys'
> 
> Could you give me a small example to use modlist correctly.
> Thanks.
> 
> (--ntdt--)

addModlist works on the dictionary of an entry which you get for every
search result. You get something like this: [('cn=foo,o=bar',
{'objectClass': ['top', 'account'], 'uid': ['1028'], 'cn': ['Foo
Bar']}), (second result)]
Get the data dictionary and use addModlist. See here some sample code
from the python console:
>>> a = {'objectClass': ['top', 'account'], 'uid': ['1028'], 'cn': ['Foo Bar']}
>>> import ldap.modlist
>>> ldap.modlist.addModlist(a)
[('objectClass', ['top', 'account']), ('uid', ['1028']), ('cn', ['Foo Bar'])]

The result is your modlist. I hope this makes verything clear.

mfg.
  Wido
-- 
Wido Depping
ICQ: 51303067    AIM: wido3379
Jabber: wi...@ja...
Blog: http://widoww.blogspot.com

how to use modlist?

[<tn...@it...>]

Sorry for my stupid question but the document on ldap.modlist is not 
clear and no example.
I've tried to use function addModlist like below
ldap.modlist.addModlist(['key','value'])
and receive the error
...
AttributeError: 'list' object has no attribute 'keys'

Could you give me a small example to use modlist correctly.
Thanks.

(--ntdt--)

Re: Implementation of LDAPControls

[Ingo S. <st...@un...>]

Am Mo, den 20.12.2004 schrieb Michael Str=F6der um 10:01:
> Ingo Steuwer wrote:
> >=20
> > To fulfill our upcomming goals we need to use LDAPControls, but the
> > latest released version of python-ldap doesn't support them.=20
>=20
> Yes, you'll find a hint in file TODO.
>=20
> > We did some experimental implementations in the C-backend (for "proof=
 of
> > concept") and would now like to define a general approach. This shoul=
d
> > be done in coordination with you to see our work in upcoming versions=
 of
> > python-ldap.
>=20
> Since I'm not a C programmer (David wrote the C code) I'd be really gla=
d=20
> if someone would jump on in and contribute code for LDAP controls and=20
> extended operations.
>=20
> I already tried to wrap the arguments whereever appropriate. Please=20
> review this.
>=20
> > My attempt would defining a python-class LDAPControl (containing OID,
> > iscritcal and value (dictionary)) and implement a correspondig wrappe=
r
> > to *LDAPControl.
>=20
> But value can be a complex ASN.1 structure as well.
>=20
> > I think the most diffcult part will be the
> > representation of berval/berelement in python.
>=20
> Yes.
>=20
> > - is there somebody else implementing this (I didn't look at the cvs)=
 ?
>=20
> No. And I'm currently rather short on time. I'd highly appreciate your=20
> contributions. But note that you should give away copyright for your=20
> contributed code. Make sure that your legal department agrees on that.

Sorry for my late answer. It's Ok.

> > - are there already thoughts, definitions or an approach I should kno=
w ?
>=20
> There are several approaches.
>=20
> 1. Python classes for controls with a method berencode(). This method=20
> would be called before passing the controls as argument to the function=
s=20
> in _ldap. This would be the most flexible approach and independent of=20
> the underlying OpenLDAP API. Drawbacks are that you need a BER module=20
> for this and it's much work for complex controls.
>=20
> 1.a Wrap libber.
>=20
> 1.b Implement a pure Python BER module. Maybe we could get one from a=20
> SNMP implementation implemented in Python?

I'd prefer this way, as mentioned by Hans there are already
implementations. In our first attempt we will not include but prepare
for them.


Ingo Steuwer

> 2. We could also wrap the helper functions in libldap (see controls.c,=20
> vlvctrl.c, sortctrl.c). But this would add another strong dependency on=
=20
> the OpenLDAP libs.
>=20
> > - do you know about wrappers between berval/berelement and python ?
>=20
> No. You could try to wrap OpenLDAP's libber.
>=20
> Ciao, Michael.
--=20
Ingo Steuwer       st...@un...         fon: +49 421 22 232- 0
Entwicklung        Linux for Your Business      =20
Univention GmbH    http://www.univention.de/     fax: +49 421 22 232-99

Re: Export to LDIF

[Wido D. <wid...@gm...>]

On Tue, 21 Dec 2004 08:04:05 +0100, Michael Str=F6der
<mi...@st...> wrote:
> Wido Depping wrote:
> > Is it possible that the LDIFWriter class can be extended to return the
> > LDIF string and don't write it to a file handler? This is useful if
> > you want to save the content to a resource which is not accessible
> > with a file handler.
>=20
> Use StringIO or for that.
>=20
> try:
>    from cStringIO import StringIO
> except ImportError:
>    from StringIO import StringIO

Thanks for the tip. Initially I was searching for something like this,
but wasn't successfull. Maybe I need to get to know the python
standard library even more :)

mfg.
  Wido
--=20
Wido Depping
ICQ: 51303067    AIM: wido3379
Jabber: wi...@ja...
Blog: http://widoww.blogspot.com

Re: Export to LDIF

[<mi...@st...>]

Wido Depping wrote:
> Is it possible that the LDIFWriter class can be extended to return the
> LDIF string and don't write it to a file handler? This is useful if
> you want to save the content to a resource which is not accessible
> with a file handler.

Use StringIO or for that.

try:
   from cStringIO import StringIO
except ImportError:
   from StringIO import StringIO

...

Ciao, Michael.

Export to LDIF

[Wido D. <wid...@gm...>]

Is it possible that the LDIFWriter class can be extended to return the
LDIF string and don't write it to a file handler? This is useful if
you want to save the content to a resource which is not accessible
with a file handler.
In my case I have created something like 'smart' LDAP objects for
Luma. They are aware of the server schemas and provide functions which
go beyond the data structure provided by python-ldap. One function of
these objects is the ability to export its own data into LDIF format.
An instance has control over all data entries and collects the LDIF
strings to export the data into a file. But in the future other
resource should be implemented, like access to KDE io-slaves.
Somehow I feel uncomfortable doing the LDIF encoding stuff myself and
I thought python-ldap is the ideal place to implement this
functionality.

Thanks in advance,
  Wido
-- 
Wido Depping
ICQ: 51303067    AIM: wido3379
Jabber: wi...@ja...
Blog: http://widoww.blogspot.com

Re: Implementation of LDAPControls

[<mi...@st...>]

Hans Aschauer wrote:
> On Monday 20 December 2004 10:01, Michael Str=F6der wrote:
>=20
>>1.b Implement a pure Python BER module. Maybe we could get one from a
>>SNMP implementation implemented in Python?
>=20
> To me, pySNMP looks fine (feature and license-wise).

I also glanced over it quite a while ago. Do you argue for requiring it=20
as a 3rd-party module? This would be overkill. Hmm, maybe we could=20
convince the author to extract and separately distribute the BER-related =

stuff?

Ciao, Michael.