python-ldap-dev

SASL (part 3)

[Hans A. <Han...@Ph...>]

Its me again :-)

I have something usable now, as I think. The interface looks like this:
-------------------------8<----------------------------
import ldap
# from sasl import sasl_digest_md5  # XXX  

l = ldap.initialize("ldap://localhost/")
auth = sasl_digest_md5("aschauer","secret")
l.sasl_bind_s("", auth)
res = l.search_s("dc=myorg,dc=com", ldap.SCOPE_ONELEVEL,
                 "objectclass=*")
print res
l.unbind()
-------------------------8<-------------------------

Comments?

The interesting part is the sasl_digest_md5 class, that handles the 
SASL callbacks (source attached, also for sasl_gssapi and, as a base 
class, a generic sasl class). 

The diff is against cvs (made with "cvs diff"). 

If anybody wants to test it and needs assistance with setting things 
up, feel free to contact me.

Hans

-- 
Han...@Ph...

Re: SASL (part 3)

[Jacek K. <ja...@bn...>]

On Tue, Mar 26, 2002 at 02:34:49PM +0100, Hans Aschauer wrote:
> Jacek,
> 
> > Seems very nice. I hope it will be soon commited to CVS, as we really
> > need SASL support.
> 
> I am not sure if this should be commited before 2.0. You know, this is 
> first time I do something SASL related, and first time that I hack 
> python-C bindings. 
The SASL code doesn't seem to break anything else. It an be IMHO marked
as "experimental" even in official release if required. But I think it's
Michael who should decide. He did most of the work recently, so he is
the boss here :-) And the stable and working relase of python-ldap is
also a think we need very much.

> However, if you think it should go into 2.0, it is 
> fine for me and I will try my best ;-) Anyway: how would I get write 
> access to CVS? 
Ask Michael.

> > But there are some things, that should be fixed:
> >
> > - it seems comments about SASL support in LDAPObject.c are outdated
> >   they still describe "callback-function" interface
> >
> > - I found now way to set realm for my bind so I wasn't able to bind
> > to my server. Realms are important feature of SASL, so there should
> > be an easy way to set them. Probably as another optional argument to
> > sasl_digest_md5
This is not true. CB_GETREALM works as it should. I don't know why it
didn't worked for me the first time I tried this.

> > - SASL_CB_... constants should probably be defined in constants.c
> > file, as other constants. The only problem is that these constants
> > are sasl-related, not ldap-related, but I cannot think about any
> > better place. When implemented them in C they are defined from the
> > good source: C header files
> >
> > - classes sasl... should be moved out of the demo to ldap package,
> > maybe to separate module
> 
> I think that I will have a few hours mid next-week in order to 
> fix/change/modify these things. Thanks!

Great :-)

Greets,
        Jacek

PS.
  I Cc to the list and didn't cut quotes, because these are parts of my
original message, which was intended to go here, but by my mistake it
was only sent to Hans.

Re: SASL (part 3)

[Hans A. <Han...@Ph...>]

On Tue, Mar 26, 2002 at 19:14, Jacek Konieczny wrote:
> On Tue, Mar 26, 2002 at 02:34:49PM +0100, Hans Aschauer wrote:

[...]

> > However, if you think it should go into 2.0, it is
> > fine for me and I will try my best ;-) Anyway: how would I get
> > write access to CVS?
>
> Ask Michael.

Michael, would it be ok for you to give me write access to CVS? If so: 
should patches be announced on this list before submitting them to CVS? 

Somewhat related: I started writing a (simplistic) wrapper for 
ldap_schema.h, which will do rootDSE schema string parsing. In fact, 
the parsing of the schema description is done by libldap (so there is 
no need for a home-brew parser which has to be tested). I think it will 
be finished by the end of next week.

Hans

-- 
Han...@Ph...

Re: SASL (part 3)

[<mi...@st...>]

Hans Aschauer wrote:
 > On Tue, Mar 26, 2002 at 19:14, Jacek Konieczny wrote:
 >
 >>On Tue, Mar 26, 2002 at 02:34:49PM +0100, Hans Aschauer wrote:
 >
 > [...]
 >
 >
 >>>However, if you think it should go into 2.0, it is
 >>>fine for me and I will try my best ;-)

SASL should be in 2.0 final release.

  >>> Anyway: how would I get
 >>>write access to CVS?
 >>
 >>Ask Michael.
 >
 > Michael, would it be ok for you to give me write access to CVS?

No problem to give you write access to the CVS tree. But please don't check
this in as is.

I need some time to comment. I hope to get back this easter weekend. Up to
now I just had the chance to glance over it. E.g. I'd like to see an own
class for SASL mechanisms in a separate sub-module ldap.sasl.

 > If so:
 > should patches be announced on this list before submitting them to CVS?

Yes, I think so. People have the chance to glance over it and comment.
Development in CVS should not have much rough edges at the moment.

 > Somewhat related: I started writing a (simplistic) wrapper for
 > ldap_schema.h, which will do rootDSE schema string parsing. In fact,
 > the parsing of the schema description is done by libldap (so there is
 > no need for a home-brew parser which has to be tested). I think it will
 > be finished by the end of next week.

Great!

Make sure to place it in a different sub-module - at least the Python
interface part for it.

Ciao, Michael.

Re: SASL (part 3)

[Hans A. <Han...@Ph...>]

On Wednesday, 27. March 2002 15:42, Michael Ströder wrote:

> No problem to give you write access to the CVS tree. But please don't
> check this in as is.

Ack.

> I need some time to comment. I hope to get back this easter weekend.
> Up to now I just had the chance to glance over it. E.g. I'd like to
> see an own class for SASL mechanisms in a separate sub-module
> ldap.sasl.

That's fine. Could someone please give me a hand with the distutil 
stuff? (Joe?) 

[...]

[schema support]

> Make sure to place it in a different sub-module - at least the Python
> interface part for it.

At the moment, I have no plans for an high-level python interface. What 
I plan to do (and have paritally done) is a simple wrapper for the C 
functions in ldap_schema (i.e. str2objectclass and friends). Is it ok 
to just plug these wrappers into function.c? Saves some hazzles with 
distutlis... 

Probably it would be necessary to plug this into the 
Lib/ldap/functions.py mechanism, right? I am not really sure if the 
underlying C functions are thread safe...


For example:

------------------------------------------------------------------------
import ldap

a = ldap.str2objectclass("(2.5.6.4 NAME 'organization' SUP top 
STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ 
businessCategory $ x121Address $ registeredAddress $ 
destinationIndicator $ preferredDeliveryMethod $ telexNumber $ 
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ 
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )")

print a
------------------------------------------------------------------------

returns

------------------------------------------------------------------------
['2.5.6.4', ['organization'], '', 0, ['top'], 1, ['o'], 
['userPassword', 'searchGuide', 'seeAlso', 'businessCategory', 
'x121Address', 'registeredAddress', 'destinationIndicator', 
'preferredDeliveryMethod', 'telexNumber', 'teletexTerminalIdentifier', 
'telephoneNumber', 'internationaliSDNNumber', 
'facsimileTelephoneNumber', 'street', 'postOfficeBox', 'postalCode', 
'postalAddress', 'physicalDeliveryOfficeName', 'st', 'l', 
'description']]
------------------------------------------------------------------------

The fields are 

1. oid
2. List of names
3. Description string
4. Obsolete flag
5. List of SUP oid's
6. "kind" flag (0=ABSTRACT, 1=STRUCTURAL, 2=AUXILIARY)
7. list of "must" attributes
8. list of "may" attributes

BTW. does anybody know what the LDAPSchemaExtensionItem is about?

Hans

-- 
Han...@Ph...

Re: SASL (part 3)

[Joe L. <jl...@op...>]

I'll be happy to package it up and do some rudimentary tests. I don't have
effective code at this point to use the schema stuff, and nothing in the wa=
y
of SASL support.=20

As to dist-utils.. I'm as uninitiated as the next fellow when it comes to
DistUtils.. but I'll help where I can.

On 3/27/02 7:34 AM, "Hans Aschauer" <Han...@Ph...>
wrote:

> On Wednesday, 27. March 2002 15:42, Michael Str=F6der wrote:
>=20
>> No problem to give you write access to the CVS tree. But please don't
>> check this in as is.
>=20
> Ack.
>=20
>> I need some time to comment. I hope to get back this easter weekend.
>> Up to now I just had the chance to glance over it. E.g. I'd like to
>> see an own class for SASL mechanisms in a separate sub-module
>> ldap.sasl.
>=20
> That's fine. Could someone please give me a hand with the distutil
> stuff? (Joe?)=20
>=20
> [...]
>=20
> [schema support]
>=20
>> Make sure to place it in a different sub-module - at least the Python
>> interface part for it.
>=20
> At the moment, I have no plans for an high-level python interface. What
> I plan to do (and have paritally done) is a simple wrapper for the C
> functions in ldap_schema (i.e. str2objectclass and friends). Is it ok
> to just plug these wrappers into function.c? Saves some hazzles with
> distutlis...=20
>=20
> Probably it would be necessary to plug this into the
> Lib/ldap/functions.py mechanism, right? I am not really sure if the
> underlying C functions are thread safe...
>=20
>=20
> For example:
>=20
> ------------------------------------------------------------------------
> import ldap
>=20
> a =3D ldap.str2objectclass("(2.5.6.4 NAME 'organization' SUP top
> STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $
> businessCategory $ x121Address $ registeredAddress $
> destinationIndicator $ preferredDeliveryMethod $ telexNumber $
> teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
> facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
> postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )")
>=20
> print a
> ------------------------------------------------------------------------
>=20
> returns
>=20
> ------------------------------------------------------------------------
> ['2.5.6.4', ['organization'], '', 0, ['top'], 1, ['o'],
> ['userPassword', 'searchGuide', 'seeAlso', 'businessCategory',
> 'x121Address', 'registeredAddress', 'destinationIndicator',
> 'preferredDeliveryMethod', 'telexNumber', 'teletexTerminalIdentifier',
> 'telephoneNumber', 'internationaliSDNNumber',
> 'facsimileTelephoneNumber', 'street', 'postOfficeBox', 'postalCode',
> 'postalAddress', 'physicalDeliveryOfficeName', 'st', 'l',
> 'description']]
> ------------------------------------------------------------------------
>=20
> The fields are=20
>=20
> 1. oid
> 2. List of names
> 3. Description string
> 4. Obsolete flag
> 5. List of SUP oid's
> 6. "kind" flag (0=3DABSTRACT, 1=3DSTRUCTURAL, 2=3DAUXILIARY)
> 7. list of "must" attributes
> 8. list of "may" attributes
>=20
> BTW. does anybody know what the LDAPSchemaExtensionItem is about?
>=20
> Hans

Re: SASL (part 3)

[<mi...@st...>]

Hans Aschauer wrote:
 > On Wednesday, 27. March 2002 15:42, Michael Str=F6der wrote:
 >
 > Could someone please give me a hand with the distutil
 > stuff?

It's far less struggle to add a module to a DistUtils package than you
believe. Have a look at ext_modules and py_modules list in setup.py to ge=
t
the idea. I will happily extend setup.py.

 >>Make sure to place it in a different sub-module - at least the Python
 >>interface part for it.
 >
 > At the moment, I have no plans for an high-level python interface. Wha=
t
 > I plan to do (and have paritally done) is a simple wrapper for the C
 > functions in ldap_schema (i.e. str2objectclass and friends).

You can provide very primitive C wrapper functions in module _ldap and le=
ave
the Python parts up to me (applies to SASL and schema). I will start with=

the SASL stuff this weekend and check in what I believe the Python parts
should look like.

 > Is it ok to just plug these wrappers into function.c?

Please go for a separate C source schema.c. The C code is already kludgy
enough. Maybe take template.c as a start.

 > Probably it would be necessary to plug this into the
 > Lib/ldap/functions.py mechanism, right?

I'd suggest to write a new Python wrapper class in a separate module
ldap.schema (Lib/ldap/schema.py). The class methods could also contain so=
me
sanitizing (say Pythonizing ;-) which is more convenient to implement in
Python itself.

  > I am not really sure if the
  > underlying C functions are thread safe...

  From my knowledge about OpenLDAP I'm almost sure they're not. That's wh=
at
the module-wide thread lock is for.

Ciao, Michael.