python-ldap-dev

get or set OpenLDAPaci

[<jer...@li...>]

I've got a problem (again).

Then I create an openexchange account on an ldap account, I must set OpenLDAPaci. like this

*if* *not* "OpenLDAPaci" *in* newattrs:
	newattrs["OpenLDAPaci"]='1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,street,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephonenumber,telephonenumber,labeleduri,jpegphoto,loginDestination,sn,givenname,;r,s,c;[all]#self#"'

mlist = ldap.modlist.modifyModlist(attrs, newattrs)
self.l.modify_s(cn, mlist)

attrs is the entire attributes list.
newattrs is the modified list.

When I create and delete... it works.

But if I recreate OX attributes... OpenLDAPaci already exist... but don't appear in attributes list and cause this:

ldap.INAPPROPRIATE_MATCHING: {'info': 'modify/add: OpenLDAPaci: no equality matching rule', 'desc': 'Inappropriate matching'}

How can I get OpenLDAPaci attribute to prevent this error ?

thanks in advance

Re: get or set OpenLDAPaci

[<mi...@st...>]

J=E9r=F4me Wax wrote:
>=20
> Then I create an openexchange account on an ldap account,

Just curious, what project are you working on?

> mlist =3D ldap.modlist.modifyModlist(attrs, newattrs)
> self.l.modify_s(cn, mlist)

Can you please post repr(mlist)?

>  attrs is the entire attributes list.
> newattrs is the modified list.

These are dictionaries, not lists!

> When I create and delete... it works.
>=20
> But if I recreate OX attributes... OpenLDAPaci already exist... but don=
't appear in attributes list and cause this:
>=20
> ldap.INAPPROPRIATE_MATCHING: {'info': 'modify/add: OpenLDAPaci: no equa=
lity matching rule', 'desc': 'Inappropriate matching'}
>=20
> How can I get OpenLDAPaci attribute to prevent this error ?

Probably you have to use ldap.MOD_REPLACE in mlist for attribute
OpenLDAPaci instead of ldap.MOD_DELETE. Not sure if usage of
ldap.modlist.modifyModlist() in every case.

But first turn on python-ldap's debugging by setting trace_level=3D2 when
calling ldap.initialize() and post the output.

Example:
l =3D ldap.initialize('ldap://localhost:1390',trace_level=3D2)

Ciao, Michael.

Re: get or set OpenLDAPaci

[<jer...@li...>]

Michael Str=F6der a =E9crit :

>J=E9r=F4me Wax wrote:
> =20
>
>>Then I create an openexchange account on an ldap account,
>>   =20
>>
>
>Just curious, what project are you working on?
> =20
>

> =20
>
>>mlist =3D ldap.modlist.modifyModlist(attrs, newattrs)
>>self.l.modify_s(cn, mlist)
>>   =20
>>
>
>Can you please post repr(mlist)?
> =20
>
[(0, 'mailDomain', 'linbox.com'), (1, 'objectClass', None), (0,=20
'objectClass', ['inetOrgPerson', 'posixAccount', 'shadowAccount', 'top',=20
'person', 'sambaSamAccount', 'OXUserObject']), (0, 'OXTimeZone',=20
'Europe/Paris'), (0, 'OXTaskDays', '5'), (0, 'OpenLDAPaci',=20
'1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,s=
treet,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephon=
enumber,telephonenumber,labeleduri,jpegphoto,loginDestination,sn,givennam=
e,;r,s,c;[all]#self#"'),=20
(1, 'preferredLanguage', None), (0, 'preferredLanguage', 'EN'), (0,=20
'OXGroupID', '500'), (1, 'mail', None), (0, 'mail',=20
'vi...@li...'), (0, 'lnetMailAccess', '5'), (0,=20
'OXAppointmentDays', '5'), (0, 'userCountry', 'Tuxworld'), (1, 'o',=20
None), (0, 'o', 'linbox'), (1, 'givenName', None), (0, 'givenName',=20
'vincent'), (0, 'mailEnabled', 'TRUE')]

but attrs fetch on ldap entry of this user contain

{'shadowMin': ['-1'], 'cn': ['vincent'], 'objectClass':=20
['inetOrgPerson', 'posixAccount', 'shadowAccount', 'top', 'person',=20
'sambaSamAccount'], 'uidNumber': ['10021'], 'sambaAcctFlags':=20
['[U          ]'], 'shadowMax': ['99999'], 'shadowLastChange':=20
['11192'], 'shadowExpire': ['-1'], 'sambaPwdCanChange': ['1121872460'],=20
'uid': ['vincent'], 'shadowFlag': ['134538308'], 'preferredLanguage':=20
['EN'], 'userPassword': ['{crypt}351Hd48lGvZKo'], 'sambaPwdMustChange':=20
['2147483647'], 'sambaLMPassword': ['4E6319FFC67D969DAAD3B435B51404EE'],=20
'postalCode': ['57950'], 'mail': ['vi...@co...'], 'loginShell':=20
['/bin/false'], 'gidNumber': ['10018'], 'sambaPasswordHistory':=20
['0000000000000000000000000000000000000000000000000000000000000000'],=20
'sambaPwdLastSet': ['1121872460'], 'sambaPrimaryGroupSID':=20
['S-1-5-21-1297919630-73438211-3158585458-21037'], 'sambaNTPassword':=20
['90076DCEE4C9C5772477679A8CFE38AE'], 'displayName': ['franky vincent'],=20
'shadowWarning': ['7'], 'labeledURI': ['http://lo2k.net'],=20
'shadowInactive': ['-1'], 'l': ['Montigny les Metz'], 'o': ['linbox'],=20
'sambaSID': ['S-1-5-21-1297919630-73438211-3158585458-21042'], 'gecos':=20
['vincent franky'], 'sn': ['franky'], 'homeDirectory':=20
['/home/vincent'], 'givenName': ['vincent']}

so no OpenLDAPaci key


> =20
>
>> attrs is the entire attributes list.
>>newattrs is the modified list.
>>   =20
>>
>
>These are dictionaries, not lists!
> =20
>
You have reason :)

> =20
>
>>When I create and delete... it works.
>>
>>But if I recreate OX attributes... OpenLDAPaci already exist... but don=
't appear in attributes list and cause this:
>>
>>ldap.INAPPROPRIATE_MATCHING: {'info': 'modify/add: OpenLDAPaci: no equa=
lity matching rule', 'desc': 'Inappropriate matching'}
>>
>>How can I get OpenLDAPaci attribute to prevent this error ?
>>   =20
>>
>
>Probably you have to use ldap.MOD_REPLACE in mlist for attribute
>OpenLDAPaci instead of ldap.MOD_DELETE. Not sure if usage of
>ldap.modlist.modifyModlist() in every case.
> =20
>
I'm not following you... I don't want to delete... just add or replace.

>But first turn on python-ldap's debugging by setting trace_level=3D2 whe=
n
>calling ldap.initialize() and post the output.
>
>Example:
>l =3D ldap.initialize('ldap://localhost:1390',trace_level=3D2)
> =20
>
Just respond me that

*** ldap://127.0.0.1 - SimpleLDAPObject.set_option ((17, 3),{})