[Tutor] python-ldap
Dan Lowe
dan at tangledhelix.com
Tue Nov 22 22:18:29 CET 2005
On Nov 22, 2005, at 2:08 PM, Pat Martin wrote:
> I am new to python and fairly new to programming. I have written some
> ldap scripts in perl and am trying to learn how to do that in
> python. I
> found some code on the net using the python-ldap module (the unaltered
> code is at the bottom of this email) and have adapted it to my needs,
> the code works fine. I want to learn what some of the things in the
> code
> are. The two things I don't understand are
> ldap.SCOPE_SUBTREE and
> ldap.RES_SEARCH_ENTRY
> when I print those out I get integers 2 and 100 respectively, I am not
> sure if they change but that is what they start out at. I am figuring
> other modules use similar things (variables?), can someone point me to
> where I can understand what more about what these are.
SCOPE_SUBTREE is one of three possible scopes you can use. Remember
that LDAP is a tree-based heirarchy (arranged much like the old
Windows Explorer file tree view). So that tree is divided into
branches, sub branches, etc. How you limit your search depends on two
things:
1. The starting branch point (the base)
2. The scope (which is applied to the base).
So say you have ou=foo,ou=bar,o=root. There are three bases you could
choose to start from.
o=root
ou=bar,o=root
ou=foo,ou=bar,o=root
If you used base o=root with a scope of SCOPE_BASE, the only possible
entry that could be returned is o=root itself. SCOPE_BASE indicates
that the scope of the search should be limited to the base itself -
not to any of its sub branches or sub entries. Just itself.
If you used base o=root with a scope of SCOPE_ONE, you would be able
to obtain entries like this:
ou=bar,o=root
cn=something,o=root
cn=another,o=root
cn=third,o=root
In other words, given a base, you can get entries one level below;
the entries immediately subordinate to your base (but not the base
itself). You could not get back ou=foo,ou=bar,o=root because that is
not immediately beneath o=root.
If you used base o=root with a scope of SCOPE_SUBTREE, you would be
able to obtain any entry anywhere in the tree, including the base.
This translates to: start the base, anything further down the line is
okay.
Therefore, if you used a base of ou=bar,o=root, you could get these
entries:
ou=bar,o=root
cn=something,ou=bar,o=root
cn=something-else,ou=foo,ou=bar,o=root
But you could not get:
o=root
Because that is outside the scope (at a higher level than the base).
Behind the scenes, the scopes have different numbers, which is why
you get the integer value when you printed SCOPE_SUBTREE. These
numbers don't really matter; they're just values used by the
libraries. Just ignore them and use the constants SCOPE_BASE,
SCOPE_ONE, SCOPE_SUBTREE.
Unless you have a specific reason to use another scope, subtree is
usually the default choice. I've had plenty of occasion to use the
other two scopes, though.
RES_SEARCH_ENTRY is, as far as I know, just a way to test if
something is an LDAP entry object. So if you are iterating through a
set of results, you can say
if result_type == ldap.RES_SEARCH_ENTRY:
result_set.append(result_data)
Which means, append the entry to the result set only if it actually
is an entry object.
More information here:
http://python-ldap.sourceforge.net/doc/python-ldap/ldap-objects.html
-dan
--
Television is one of the Six Fundamental Forces of the Universe; with
the other five being Gravity, Duct Tape, Whining, Remote Control, and
the Force That Pulls Dogs Toward the Groins of Stranges. -Dave Barry
More information about the Tutor
mailing list