ldapsearch vs. python-ldap
Hey, I'm trying to use python-ldap to do something that works with the ldapsearch command line tool. I've posted code samples, can someone point out why the python-ldap fails? What is different about what python-ldap is doing. It seems that it forgets that it just _did_ bind successfully... thanks in advance, _James [email protected] # from a command line you can successfully run: # $ # ldapsearch -x -b "" -D "place\" -h -p 389 -W "(&(objectcategory=person)(objectclass=user)(samaccountname=))" # # # however this doesn't work: import ldap import sys import getpass l = ldap.initialize('ldap://:389') try: #l.simple_bind_s('[email protected]', getpass.getpass()) l.simple_bind_s('\', getpass.getpass()) # Works except Exception, e: print e print 'Bind Failed' sys.exit(1) try: r = l.search_s('dc=', ldap.SCOPE_SUBTREE, '(&(objectcategory=person)(objectclass=user)(samaccountname=))', ['*']) except Exception, e: print e # this prints: # {'info': ': LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece', 'desc': 'Operations error'} print 'Search Died' sys.exit(1) for x in r: print x -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
LDAP ORM
Hi all, The current Python LDAP interface is a bit low level for my liking, so I've started work on an LDAP ORM[1]. Currently there's very little RM going on, but I have got a nice Python object representing an LDAP object with attribute access and deletion, no adding or saving to the ldap server just yet. ldap.schema is really quite handy. Which brings me to my next point - could someone update the API docs on the website? They're 3.5 years out of date, and so missing things like ldap.schema and cidict. Here's a patch for cidict to implement __contains__, which makes foo in somecidict work right: --- cidict.py~ 2003-08-25 00:28:12.0 +0800 +++ cidict.py 2007-10-22 20:16:54.0 +0800 @@ -43,6 +43,9 @@ def has_key(self,key): return UserDict.has_key(self,lower(key)) + def __contains__(self,key): +return UserDict.has_key(self,lower(key)) + def get(self,key,failobj=None): try: return self[key] Anyway, I'd appreciate any comments or suggestions (including for a new name) on LDAP ORM. I have a vague goal of being able to use LDAP as an ORM for Django or whatever other web framework tickles your fancy. [1] http://trs80.ucc.asn.au/ldaporm.py James Andrewartha - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: LDAP ORM
On Mon, 2007-10-22 at 15:05 +0200, Michael Ströder wrote: > James Andrewartha wrote: > > > > --- cidict.py~ 2003-08-25 00:28:12.0 +0800 > > +++ cidict.py 2007-10-22 20:16:54.0 +0800 > > @@ -43,6 +43,9 @@ > >def has_key(self,key): > > return UserDict.has_key(self,lower(key)) > > > > + def __contains__(self,key): > > +return UserDict.has_key(self,lower(key)) > > + > >def get(self,key,failobj=None): > > try: > >return self[key] > > I'd prefer if it's ok for you: > > def __contains__(self,key): > return self.has_key(self,key) Sure, I was just copying has_key(). > If you're using ldap.schema you might want to look into using class > ldap.schema.models.Entry instead of simply ldap.cidict.cidict because > you don't have to care about attribute description aliases and mapping > them to OIDs. I'm happy with the setup I've got now, but if I ever need to deal with attribute OIDs then I'll look into it. James Andrewartha - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: LDAP ORM
On Mon, 2007-10-22 at 07:12 -0700, Anil Jangity wrote: > I was toying with the idea of doing just this thing a few days ago. > It'll be nice if it also handles all the modifications of an entry > with ease. (changing rdn when the attributes change etc...) > > Let me know how I can help. :) Well, have a look and see if what I've got so far seems sane, or if it needs more comments/explanation etc. > My main dev environment is pylons. Site doesn't work. > > ~ $ wget http://trs80.ucc.asn.au/ldaporm.py > --07:11:50-- http://trs80.ucc.asn.au/ldaporm.py >=> `ldaporm.py' > Resolving trs80.ucc.asn.au... 130.95.13.9 > Connecting to trs80.ucc.asn.au[130.95.13.9]:80... connected. > HTTP request sent, awaiting response... 500 Internal Server Error > 07:11:51 ERROR 500: Internal Server Error. Oops, it wasn't supposed to be interpreted by the webserver. Try http://trs80.ucc.asn.au/ldaporm.pys instead. James Andrewartha - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: LDAP ORM
On Mon, 2007-10-22 at 16:13 +0200, Michael Ströder wrote: > James Andrewartha wrote: > > On Mon, 2007-10-22 at 15:05 +0200, Michael Ströder wrote: > >> If you're using ldap.schema you might want to look into using class > >> ldap.schema.models.Entry instead of simply ldap.cidict.cidict because > >> you don't have to care about attribute description aliases and mapping > >> them to OIDs. > > > > I'm happy with the setup I've got now, but if I ever need to deal with > > attribute OIDs then I'll look into it. > > Well, it's not a matter of you personally need to deal with it. There > might be the case that an attribute type or object class does not have > NAME assigned at all. Also think about language sub-types and transfer > type ;binary separated by ; from the name. And dashes (-) are allowed in > AttributeTypeDescription. You really should dive into RFC 4512. Thanks for the pointer. I've updated the code to map _ in attribute names to -. Attributes without a short name are impossible to wrap - I'm not expecting clients of this library to know OIDs. Attributes with options are accessible via obj.['cn;lang-en'] (as are normal attributes). There should probably be some functions to ask for a specific language, RFC 3866 will guide me there. James Andrewartha - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
documentation updates
Hi,
The first patch removes an invalid LDAP option. The second updates the
LDAPObject documentation, and the third updates LDAPObject docstrings.
Hopefully I'll have time to look at updating the rest of the docs soon.
James Andrewartha
Index: Modules/constants.c
===
RCS file: /cvsroot/python-ldap/python-ldap/Modules/constants.c,v
retrieving revision 1.30
diff -u -r1.30 constants.c
--- Modules/constants.c 17 Jul 2007 19:37:27 - 1.30
+++ Modules/constants.c 23 Oct 2007 01:10:45 -
@@ -154,7 +154,6 @@
add_int(d,OPT_HOST_NAME);
add_int(d,OPT_ERROR_STRING);
add_int(d,OPT_MATCHED_DN);
- add_int(d,OPT_PRIVATE_EXTENSION_BASE);
add_int(d,OPT_DEBUG_LEVEL);
add_int(d,OPT_TIMEOUT);
add_int(d,OPT_REFHOPLIMIT);
Index: Doc/ldap.tex
===
RCS file: /cvsroot/python-ldap/python-ldap/Doc/ldap.tex,v
retrieving revision 1.30
diff -u -r1.30 ldap.tex
--- Doc/ldap.tex 27 Mar 2007 22:31:51 - 1.30
+++ Doc/ldap.tex 23 Oct 2007 01:10:45 -
@@ -120,8 +120,10 @@
\subsubsection{Options}
-For use with functions and method set_option() and get_option() the
-following option identifiers are defined as constants:
+To manage the behavior of python-ldap there are a number of options that can be
+set. For more details, see \manpage{ldap.conf}{5} and \manpage{ldap_get_options}{3}.
+The functions and method set_option() and get_option() use the following option
+identifiers, which are defined as constants:
\begin{datadesc}{OPT_API_FEATURE_INFO}
\end{datadesc}
@@ -136,6 +138,7 @@
\end{datadesc}
\begin{datadesc}{OPT_DEREF}
+ Specifies how alias derefencing is done when performing a search.
\end{datadesc}
\begin{datadesc}{OPT_ERROR_STRING}
@@ -157,6 +160,7 @@
\end{datadesc}
\begin{datadesc}{OPT_REFERRALS}
+ Boolean specifying if referrals should be automatically followed, defaults to \code{True}.
\end{datadesc}
\begin{datadesc}{OPT_REFHOPLIMIT}
@@ -300,9 +304,6 @@
The entry already exists. E.g. the \var{dn} specified with \method{add()}
already exists in the DIT.
\end{excdesc}
-\begin{excdesc}{}
-
-\end{excdesc}
\begin{excdesc}{AUTH_UNKNOWN}
The authentication method specified to \method{bind()} is not known.
\end{excdesc}
@@ -522,12 +523,17 @@
and wait for and return with the server's result, or with
\constant{None} if no data is expected.
-LDAPObject instances, have the following methods:
+Methods with `\constant{_ext}' (and some without) accept two extra arguments,
+\var{serverctrls} and \var{clientctrls} which are server and client controls.
+They can be constructed with the \refmodule{ldap.controls} module.
+
+LDAPObject instances have the following methods:
%%
%% abandon
\begin{methoddesc}[LDAPObject]{abandon}{msgid}
+ \methodline[LDAPObject]{abandon_ext}{msgid \optional{, serverctrls=\constant{None} \optional{, clientctrls=\constant{None
Abandons or cancels an LDAP operation in progress. The \var{msgid} argument
should be the message ID of an outstanding LDAP operation as returned by
the asynchronous methods \method{search()}, \method{modify()}, etc.
@@ -541,11 +547,13 @@
\begin{methoddesc}[LDAPObject]{add}{dn, modlist} % -> int
\methodline{add_s}{dn, modlist}
+ \methodline{add_ext}{dn, modlist \optional{, serverctrls=\constant{None} \optional{, clientctrls=\constant{None
+ \methodline{add_ext_s}{dn, modlist \optional{, serverctrls=\constant{None} \optional{, clientctrls=\constant{None
Performs an LDAP add operation. The \var{dn} argument is the distinguished
name (DN) of the entry to add, and \var{modlist} is a list of attributes to be
added. The modlist is similar the one passed to \method{modify()}, except that the
operation integer is omitted from the tuples in modlist. You might want to
-look into sub-module l\refmodule{ldap.modlist} for generating the modlist.
+look into sub-module \refmodule{ldap.modlist} for generating the modlist.
\end{methoddesc}
%%
@@ -573,19 +581,19 @@
\end{methoddesc}
%%
-%%
-\begin{methoddesc}[LDAPObject]{cancel}{
-cancelid,
-\optional{, serverctrls=\constant{None}
-\optional{, clientctrls=\constant{None
- Send cancels extended operation for an LDAP operation specified by \var{cancelid}.
- The \var{cancelid} should be the message id of an outstanding LDAP operation as returned
- by the asynchronous methods search(), modify() etc. The caller
- can expect that the result of an abandoned operation will not be
- returned from a future call to result().
- In opposite to abandon() this extended operation gets an result from
- the server and thus should be preferred if the server supports it.
-\end{methoddesc}
+%% cacncel is not imp
Re: documentation updates
On Tue, 2007-10-23 at 09:15 +0800, James Andrewartha wrote:
> Hi,
>
> The first patch removes an invalid LDAP option. The second updates the
> LDAPObject documentation, and the third updates LDAPObject docstrings.
> Hopefully I'll have time to look at updating the rest of the docs soon.
Here's one for ldap-controls.tex, and a minor fix to ldap/controls.py
to use the constant it defines. I've noted that the controlValue passed
to SimplePagedResultsControl's constructor is ignored, but didn't remove
it because that would be an API change.
James Andrewartha
Index: Lib/ldap/controls.py
===
RCS file: /cvsroot/python-ldap/python-ldap/Lib/ldap/controls.py,v
retrieving revision 1.5
diff -p -u -p -u -r1.5 controls.py
--- Lib/ldap/controls.py 16 Jul 2007 10:49:48 - 1.5
+++ Lib/ldap/controls.py 23 Oct 2007 09:22:36 -
@@ -71,7 +71,7 @@ class SimplePagedResultsControl(LDAPCont
controlType = ldap.LDAP_CONTROL_PAGE_OID
def __init__(self,controlType,criticality,controlValue=None,encodedControlValue=None):
-LDAPControl.__init__(self,ldap.LDAP_CONTROL_PAGE_OID,criticality,controlValue,encodedControlValue)
+LDAPControl.__init__(self,self.controlType,criticality,controlValue,encodedControlValue)
def encodeControlValue(self,value):
size,cookie = value
Index: Doc/ldap-controls.tex
===
RCS file: /cvsroot/python-ldap/python-ldap/Doc/ldap-controls.tex,v
retrieving revision 1.1
diff -u -r1.1 ldap-controls.tex
--- Doc/ldap-controls.tex 2 Mar 2005 09:32:52 - 1.1
+++ Doc/ldap-controls.tex 23 Oct 2007 09:20:10 -
@@ -12,16 +12,56 @@
\modulesynopsis{High-level access to LDAP controls.}
-The \module{ldap.controls} module defines the following functions:
+The \module{ldap.controls} module defines the following classes:
-\begin{funcdesc}{EncodeControlTuples}{ldapControls} % -> list
+\begin{classdesc}{LDAPControl}{controlType, criticality \optional{, controlValue=\constant{None} \optional{, encodedControlValue=\constant{None
+Base class for all LDAP controls. This class should not be used directly,
+instead one of the following subclasses should be used as appropriate.
+
+\begin{methoddesc}[LDAPControl]{encodeControlValue}{value}
+Dummy class to be overridden by subclasses.
+\end{methoddesc}
+
+\begin{methoddesc}[LDAPControl]{decodeControlValue}{value}
+Dummy class to be overridden by subclasses.
+\end{methoddesc}
+
+\begin{methoddesc}[LDAPControl]{getEncodedTuple}{}
+Return a readily encoded 3-tuple which can be directly
+passed to C module _ldap. Called by \function{ldap.EncodeControlTuples}.
+\end{methoddesc}
+\end{classdesc}
+
+\begin{classdesc}{BooleanControl}{controlType, criticality \optional{, controlValue=\constant{None} \optional{, encodedControlValue=\constant{None
+Base class for simple controls with booelan control value.
+
+In this base class \var{controlValue} has to be passed as
+boolean type (\constant{True}/\constant{False} or \constant{1}/\constant{0}).
+\end{classdesc}
+\begin{classdesc}{SimplePagedResultsControl}{controlType, criticality \optional{, controlValue=\constant{None} \optional{, encodedControlValue=\constant{None
+The class provides the LDAP Control Extension for Simple Paged Results Manipulation. \var{controlType} is ignored
+in favor of \constant{ldap.LDAP_CONTROL_PAGE_OID}.
+\begin{seealso}
+\seerfc{2696}{LDAP Control Extension for Simple Paged Results Manipulation}{}
+\end{seealso}
+\end{classdesc}
+
+\begin{classdesc}{MatchedValuesControl}{criticality \optional{, controlValue=\constant{None}}}
+This class provides the LDAP Matched Values control. \var{controlValue} is an LDAP filter.
+\begin{seealso}
+\seerfc{3876}{Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)}{}
+\end{seealso}
+\end{classdesc}
+The \module{ldap.controls} module defines the following functions:
+\begin{funcdesc}{EncodeControlTuples}{ldapControls} % -> list
+ Return list of readily encoded 3-tuples which can be directly
+ passed to C module _ldap.
\end{funcdesc}
\begin{funcdesc}{DecodeControlTuples}{ldapControlTuples} % -> list
-
-
+ Decode a list of readily encoded 3-tuples as returned by the C module _ldap.
\end{funcdesc}
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/___
Python-LDAP-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: documentation updates
On Tue, 2007-10-23 at 17:27 +0800, James Andrewartha wrote:
> On Tue, 2007-10-23 at 09:15 +0800, James Andrewartha wrote:
> > Hi,
> >
> > The first patch removes an invalid LDAP option. The second updates the
> > LDAPObject documentation, and the third updates LDAPObject docstrings.
> > Hopefully I'll have time to look at updating the rest of the docs soon.
>
> Here's one for ldap-controls.tex, and a minor fix to ldap/controls.py
> to use the constant it defines. I've noted that the controlValue passed
> to SimplePagedResultsControl's constructor is ignored, but didn't remove
> it because that would be an API change.
ldap-{cidict,resiter,sasl}.tex are all new files covering previously
undocumented modules. dn.diff adds the dn2str method and has a few
formatting fixes. contents.diff updates python-ldap.tex to include the
new sections, and I added a new chapter for ldapurl and ldif called
"Standalone modules". ldap.tex.2.diff applies over my previous patch and
adds a few references and more cleanups.
Remaining undocumented modules include all of ldap.schema and dsml. I
had a quick look at porting the docstrings of dsml, but it refers to
DSMLv1 when v2 was released in 2002. Under-documented modules (generally
only having examples) include ldap.async, ldif and ldapurl.
Is there anything else I need to do to get these applied, and the
version of the docs on the website updated?
James Andrewartha
% $Id: ldap-cidict.tex,v 1.2 2007/03/27 22:10:17 stroeder Exp $
\section{\module{ldap.cidict} ---
LDAP filter handling }
\declaremodule{standard}{ldap.cidict}
% Author of the module code;
\moduleauthor{Michael Str\"[EMAIL PROTECTED]
% Author of the documentation,
\sectionauthor{Michael Str\"[EMAIL PROTECTED]
\sectionauthor{James [EMAIL PROTECTED]
\modulesynopsis{Case insensitive dictionary.}
The \module{ldap.cidict} module is a convenience wrapper for
dictionaries returned from LDAP servers containing attribute names of variable
case. It defines the following class:
\begin{classdesc}{cidict}{\optional{default=\constant{None}}}
This module is a subclass of \class{UserDict} and provides
a case-insensitive but case-respecting dictionary.
\end{classdesc}
The \module{ldap.cidict} module defines the following functions:
\begin{funcdesc}{strlist_minus}{a,b} % -> list
Returns a list of all items in \var{a} which are not in \var{b} (\var{a} - \var{b}).
\var{a},\var{b} are supposed to be lists of case-insensitive strings.
\end{funcdesc}
\begin{funcdesc}{strlist_intersection}{a,b} % -> list
Returns the intersection of two lists of case-insensitive strings \var{a},\var{b}.
\end{funcdesc}
\begin{funcdesc}{strlist_union}{a,b} % -> list
Returns the union of two lists of case-insensitive strings \var{a},\var{b}.
\end{funcdesc}
% $Id: ldap-resiter.tex,v 1.2 2007/03/27 22:10:17 stroeder Exp $
\section{\module{ldap.resiter} ---
LDAP filter handling }
\declaremodule{standard}{ldap.resiter}
% Author of the module code;
\moduleauthor{Michael Str\"[EMAIL PROTECTED]
% Author of the documentation,
\sectionauthor{Michael Str\"[EMAIL PROTECTED]
\sectionauthor{James [EMAIL PROTECTED]
\modulesynopsis{Processing LDAP results with iterators}
Due to its use of generators, the \module{ldap.resiter} module
requires Python 2.3 or later. It provides the following class:
\begin{classdesc}{ResultProcessor}{}
This is a mix-in class for \class{ldap.ldapopbject.LDAPObject} which adds one generator
method:
\begin{methoddesc}{allresults}{msgid \optional{, timeout=-1}}
Generator function which returns an iterator for processing all LDAP operation
results of the given \var{msgid}.
\end{methoddesc}
\end{classdesc}
% $Id: ldap-sasl.tex,v 1.2 2007/03/27 22:10:17 stroeder Exp $
\section{\module{ldap.sasl} ---
LDAP filter handling }
\declaremodule{standard}{ldap.sasl}
% Author of the module code;
\moduleauthor{Hans [EMAIL PROTECTED]
% Author of the documentation,
\sectionauthor{Hans [EMAIL PROTECTED]
\sectionauthor{James [EMAIL PROTECTED]
\modulesynopsis{Support for SASL mechanisms}
The \module{ldap.sasl} module provides SASL authentication classes.
Each class provides support for one SASL mechanism. This is done by
implementing a \method{callback()} method, which will be called by the
\class{LDAPObject}'s \method{sasl_bind_s()} method.
Implementing support for new SASL mechanism is very easy --- see
the examples of \class{digest_md5} and \class{gssapi}.
\begin{classdesc}{sasl}{cb_value_dict,mech}
This class handles SASL interactions for authentication.
If an instance of this class is passed to ldap's \method{sasl_bind_s()}
method, the library will call its callback() method. For
specific SASL authentication mechanisms, this method can be
overridden.
The (generic) base class takes a \var{cb_value_dictionary} of
question-answer pairs. Questions are specified by the respective
SAS
Re: LDAP ORM
On Mon, 2007-10-22 at 19:22 +0200, Michael Ströder wrote: > James Andrewartha wrote: > > > > Thanks for the pointer. I've updated the code to map _ in attribute > > names to -. Attributes without a short name are impossible to wrap - I'm > > not expecting clients of this library to know OIDs. > > If you don't support schema elements without NAME you're not LDAPv3 > compliant. I saw schema elements without NAME and my web2ldap choked on > this in the beginning. In this case the LDAP server returns the OIDs in > search results. Ok, I've added handling for them - they should end up being accessible by obj['9.9.9'], assuming the OID is returned as a string key in the results dictionary. Source is now available at http://forgetldap.svn.sourceforge.net/viewvc/forgetldap/trunk/ thanks to Gagatan on #luma. It now supports modification of an entry, although it doesn't change the rdn as yet. I'll probably look at that after I add support for saving changes back to the LDAP server. Anil - I've added some notes at the bottom of the source on the API the Django ORM expects, what does Pylons expect? James Andrewartha - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: STRONG_AUTH_REQUIRED
On Tue, 2007-12-11 at 17:15 -0200, Fernando Ribeiro wrote: > How to fix STRONG_AUTH_REQUIRED error? (My ldapserver is master) > I'm receiving this error while using modify(dn, modlist) > I have a bind with rootdn and rootpw right. How are you connecting and binding to the server? Simple bind or SASL? Unencrypted or SSL/TLS? Also, which LDAP server is it? OpenLDAP can be configured to require stronger authentication for modifications - search for ssf (Security Strength Factor) in the slapd.access(5) and slap.conf(5) man pages. James Andrewartha - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: documentation updates
On Wed, 2007-12-26 at 14:24 +0100, Michael Ströder wrote: > Well, actually it took more time to have a running latex environment again. > > I've committed many modifications to ldap*.tex but not all. Please > review. Some new module descriptions are still not in there. Looks pretty good. > > One general note: I didn't document some stuff since I didn't want to > > endorse it because I don't consider certain APIs to be really stable > > (say: designed well). Examples are class SmartLDAPObject, the API of > > ldap.schema etc. > > Hmm, I don't know whether I want to endorse the use of module > ldap.cidict. Since Python 2.3 has support for sets now this is somewhat > outdated. The main feature of cidict is that it's case-insensitive - I didn't think Python's sets were? cidict is still being used in this example written at the end of last year: http://www.packtpub.com/article/python-ldap-applications-ldap-opearations James Andrewartha - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Missing method in ldap.cidict
Hi, The cidict class needs the following method for "attr in cidict" to work properly: def __contains__(self,key): return self.has_key(key) Otherwise it defaults to using the UserDict __contains__ which isn't case-insensitive. Thanks, James Andrewartha - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: hello everybody
Michael Ströder wrote: > Łukasz Mierzwa wrote: >> I'm writing LDAP library (ORM without R as I call it) for python, it's using >> python-ldap to do the hard work and let You manage LDAP entries in more ORM >> style. > > 1. You're not the first one implementing such a module on top of python-ldap. > You might want to dig the mailing list's archive to find others. Yes, I started one, then someone developed it further at https://launchpad.net/python-ldap-om > 2. Most implementations of higher-level APIs fall short with mapping attribute > type descriptors (OIDs or NAME) to Python class attribute names since they > ignore the fact that there are sub-types defined in LDAP (;binary and language > sub-types such as ;de-DE). Also there does not have to be a NAME in an > attribute type description. So raw OIDs might be returned in a LDAP search > result. > > 3. No implementation is dealing correctly with attribute type descriptor > aliasing with OIDs and several values for NAME. You might want to look at > ldap.schema.models.Entry to get an idea. I'm aware of these and chose to ignore them - my library wasn't meant to be general purpose, it was for scenarios where you have control of the LDAP server and can make these things can't happen. In fact my ultimate idea was to upload user-defined model schema to the LDAP server via cn=config. -- James Andrewartha -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
On 04/02/11 03:31, Michael Ströder wrote: > Michael Wood wrote: >> On 3 February 2011 18:16, Rich Megginson wrote: >>> On 02/03/2011 04:34 AM, Michael Wood wrote: >>>> e.g. Ubuntu Lucid Lynx with libldap2-dev version 2.4.21-0ubuntu5.3 and >>>> python-ldap 2.3.10-1ubuntu1. >> [..] >> But I thought it was worth a try to recompile OpenLDAP and link with >> OpenSSL instead of GnuTLS. >> >> After doing that, the problem went away! > > That was my first idea when I read that you're using Ubuntu (based on Debian). > There have been so many issues with OpenLDAP linked with GnuTLS during the > last years. I really wonder why the Debian folks force everybody to use this. > IMO that's a major issue with Debian. Debian uses GnuTLS because OpenSSL has the non-GPL compatible advertising clause, and libldap is linked into many GPL applications. So the solutions are fix the OpenSSL licensing or make GnuTLS not suck; I have no hope of either occurring. James Andrewartha -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
