[python-ldap] Attribute syntax definitions
Nyasha Chigwamba
nyasha.chigwamba at voss-solutions.com
Fri Nov 30 09:51:28 CET 2012
Thank you Michael. Comments inline. Regards, Nyasha.
On Thu, Nov 29, 2012 at 11:08 PM, Michael Ströder <michael at stroeder.com>wrote:
> nyasha.chigwamba at voss-solutions.com wrote:
> > I am implementing a mini LDAP client that is schema aware.
>
> Hmm, LDAP clients which are schema-aware don't stay "mini"... ;-)
>
Hmmm...a look at the schema directory of your web2ldap application, I see
it gets quite involved!
>
> > I am at a point
> > where I can retrieve all object classes and information about their
> > attributes. I have seen that for the attribute syntax, only the oid of
> the
> > syntax is available. Is there a reference table that describes what all
> > syntax oids map to. I can only find RFC 4517 (
> > http://tools.ietf.org/html/rfc4517). Is this sufficient and accurate
> enough
> > for any LDAP server type?
>
> RFC 4517 is a good start and most server deployments do not go beyond this.
> But there are vendor specific LDAPSyntax implementations with any possible
> OID.
>
> What you do you want to do with LDAP syntaxes?
>
I would like to I would like to validate input in my client when adding or
modifying new object instances.
>
> In general: If you want to write a truely generic schema-aware LDAP client
> be
> prepared to get a lot of stuff you did not expect. Being the author of
> web2ldap - IMHO the LDAP client with the most versatile schema support - I
> went through struggling a lot with various LDAP server implementations each
> with their own limitations and bugs in the schema.
>
I have been using JExplore on Ubuntu. I can't remember why I never
completed the web2ldap installation but now that you mention, it might be
worthwhile for me to try out the standalone installation.
> Also be prepared that you're client might not be allowed to read the
> subschema
> subentry due to access control restrictions.
>
> Maybe you should describe in more detail what you're trying to achieve.
>
I would like to be able to create new instances of the various object
classes from my client with the correct attributes in the correct format.
The ideal would be to support the all CRUD functions but I can live with
create, read, and delete. In my client, I am doing the following:
1. Read the dn of the 'subschemaSubentry' from the root DSE (bearing in
mind that this might not be possible due to access restrictions).
2. Read the schema by searching the dn retrieved in (1) for 'objectClasses'
and 'attributeTypes'.
3. Package the schema into a format that is compatible with the rest of my
application (pretty much the object classes and their attributes, including
data_formats of the attributes). [I should probably only restrict this to
the leaf nodes in the object class hierarchies]
4. The next task that I would like to tackle involves listing all the
instances of each [structural?] object class under a given base dn.
5. If (4) works, I would like to start adding and deleting the instances.
Could I be reinventing the wheel here? I need to integrate LDAP into other
applications that I work with so I might need interface directly with the
LDAP servers.
>
> Ciao, Michael.
>
>
> _______________________________________________
> python-ldap mailing list
> python-ldap at python.org
> http://mail.python.org/mailman/listinfo/python-ldap
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20121130/9aa7c04a/attachment.html>
More information about the python-ldap
mailing list