[python3-ldap] Submit LDIF data for processing via ldap3

[Giovanni Cannata]

Hi Mike,
so you need a way to read a LDIF-CONTENT stream and get it back as a
sequence of LDAP add or modify operations. The problem with this
feature is that when you are reading the stream of LDIF-CONTENT there
could be some "forward reference" to a not still existing object that
is ahead in the stream (for example membership to a group not yet
defined). For this reason LDAP servers "relax" their controls while
importing an LDIF-CONTENT until the end of the stream, to see if
"forward references are resolved.
I think that this can be accomplished in the ldap3 client library
carefully preloading the LDIF-CONTENT stream to give priority to
referenced objects, I will try to define a utility function to do this
in the next few weeks.

To have a working LDIF import feature I think that there should be a
way to "reverse" LDIF-CHANGE too in the library, so I will work on
both.

Bye,
Giovanni

2015-02-18 23:55 GMT+01:00 Michael Ward <mward at cims.nyu.edu>:
> Thanks Giovanni!  Yes, you're exactly right --- we already have the
> standard "ldapadd" and "ldapmodify" utilities that can accomplish LDIF
> processing, I was just wondering if there was some way to use ldap3
> instead, that way we can keep all of our LDAP tools in one place and in
> Python.
>
> My interest in this function is that, for example, when we expire user
> accounts, we keep archive their LDAP records as LDIF files.  In some cases
> an expired user returns and needs their account reopened, and we need to
> recreate their accounts as they existed when they were expired.  It would
> be cool if I could just feed the old LDIF records into ldap3 and say
> "re-create these records."  I write everything in Python, and when I write
> a script like unexpire-user.py, I was just wondering if I could do these
> operations in native Python with ldap3.  But for now I can just make shell
> calls to /usr/bin/ldapadd and pass it the LDIF filename.
>
> Thanks for your prompt response.
>
> Mike
>
> On Wed, February 18, 2015 17:22, Giovanni Cannata wrote:
>> Hello Michael,
>> converting an LDIF-CHANGE to an operation is a feature not provided by
>> the ldap3 library, but it should be easy to develop.
>>
>> Can I ask why you need that? Keep in mind that LDIF-CHANGE is related
>> to LDAP server operations, not client's, and usually you already have
>> some server utilities to do that.
>>
>> Bye,
>> Giovanni
>>
>>
>> 2015-02-18 22:23 GMT+01:00 Michael Ward <mward at cims.nyu.edu>:
>>> Really digging this project so far.  Just a quick question:
>>>
>>> I noticed that it's possible to turn an ldap3 LDAP operation into an
>>> LDIF
>>> format (either with response_to_ldif(results) for CONTENT or an LDIF
>>> connection strategy for CHANGE), but is it possible to go the other way
>>> around?  i.e. I have an LDIF change record in plain text --- can I feed
>>> that into ldap3 somehow to perform the corresponding LDAP operation?  I
>>> read the docs and I don't think this is possible, but I just want to
>>> double check.
>>>
>>> Thanks!
>>> Mike
>>>
>>> _______________________________________________
>>> python3-ldap mailing list
>>> python3-ldap at python.org
>>> https://mail.python.org/mailman/listinfo/python3-ldap
>>
>
>