Schema support

Michael Ströder michael at stroeder.com
Wed Apr 3 16:37:44 CEST 2002 

Hans Aschauer wrote:
 > I have finished a first version of schema support for python-ldap.

Great!

 > * Thread safe wrappers for the four C functions (str2xyz), which return
 >   lists of entries which correspond to the C data types (defined in
 >   ldap_schema.h). For thread safety, they simply use the _ldap_call()
 >   function (Michael, is this a good idea?).

I don't know if it's good idea. But it was the best idea I came up with. So
it's the right way to do it.

 > * Four simple classes (attributeType, objectClass, ldapSyntax,
 >   matchingRule). Their constructors take a string description
 >   of the schema, pass it to the wrapper functions and fill in the
 >   object attributes. See RFC2252 for details.

Ok.

 > * The class rootDSESchema (looking for a better name...), which takes
 >   an initialize()'d and simple_bind_s()'ed ldap object.

You should not do initialize() and simple_bind_s() because it could be a
waste of resource and the root DSE and/or schema could be subject of access
control.  The application is responsible to make the connection and set up
the right bind context => simply let the application pass in a instance of
ldap.LDAPObject and solely do the search_s() calls within your class.

  > The constructor
 >   queries the rootDSE and fills the attributeTypes, objectClasses,
 >   ldapSyntaxes, and matchingRules which are known by the ldap server
 >   into 8 dictionaries: for each of the four classes, there is one
 >   dictionary which takes the oid's as keys (these are those funny
 >   "1.2.3.4" things, which are supposed to be unique), and one
 >   dictionary takes the names as keys. The latter is necessary, since
 >   for example, in objectClasses, the allowed or required attributes are
 >   referred to by name rather than by oid.

I'd like to have a single OID registry since OIDs are really unique. There
are no collisions. Simply map the OID in string notation to the schema
element instance with a single dictionary. The reverse mapping can also be
done by a single dictionary. I don't think that people are using the same
names for attribute types and object classes.

 > there was some
 > try/error involved in the RootDSE search...

He, he.

BTW: Theoretically the sub schema sub entry can be different in each part of
   the DIT. Therefore an application has to query the subschemaSubentry
attribute each time it uses the schema somewhere. Schema can be cached if
the DN in subschemaSubentry attribute is the same. Maybe the OID registry
could be a nested dictionary...

Taken from web2ldap's module ldapsession (lines wrapped!):

    def getSubschemaEntryDN(self,dn):
      """Get DN of subschemaSubentry for dn"""
      # Search for DN of subschemaSubentry
      search_result = self.readEntry(dn,['subschemaSubentry'])
      if search_result:
        entry = search_result[0][1]
        return
entry.get('subschemaSubentry',entry.get('subschemaSubentry',[None]))[0]
      else:
        return None

Ciao, Michael.

More information about the python-ldap mailing list