python-ldap-doc-2.3.orig/0000755000175000001440000000000010607005075014342 5ustar mvelauserspython-ldap-doc-2.3.orig/Demo/0000755000175000001440000000000010607005105015220 5ustar mvelauserspython-ldap-doc-2.3.orig/Demo/Lib/0000755000175000001440000000000010607005105015726 5ustar mvelauserspython-ldap-doc-2.3.orig/Demo/Lib/ldap/0000755000175000001440000000000010607005105016646 5ustar mvelauserspython-ldap-doc-2.3.orig/Demo/Lib/ldap/async/0000755000175000001440000000000010607005105017763 5ustar mvelauserspython-ldap-doc-2.3.orig/Demo/Lib/ldap/async/deltree.py0000644000175000001440000000501110411503653021762 0ustar mvelausersimport ldap,ldap.async class DeleteLeafs(ldap.async.SearchHandler): """ Class for deleting entries which are results of a search. DNs of Non-leaf entries are collected in DeleteLeafs.nonLeafEntries. """ _entryResultTypes = ldap.async._entryResultTypes def __init__(self,l): ldap.async.SearchHandler.__init__(self,l) self.nonLeafEntries = [] self.deletedEntries = 0 def startSearch(self,searchRoot,searchScope): if not searchScope in [ldap.SCOPE_ONELEVEL,ldap.SCOPE_SUBTREE]: raise ValueError, "Parameter searchScope must be either ldap.SCOPE_ONELEVEL or ldap.SCOPE_SUBTREE." self.nonLeafEntries = [] self.deletedEntries = 0 ldap.async.SearchHandler.startSearch( self, searchRoot, searchScope, filterStr='(objectClass=*)', attrList=['hasSubordinates','numSubordinates'], attrsOnly=0, ) def _processSingleResult(self,resultType,resultItem): if self._entryResultTypes.has_key(resultType): # Don't process search references dn,entry = resultItem hasSubordinates = entry.get( 'hasSubordinates', entry.get('hassubordinates',['FALSE'] ) )[0] numSubordinates = entry.get( 'numSubordinates', entry.get('numsubordinates',['0']) )[0] if hasSubordinates=='TRUE' or int(numSubordinates): self.nonLeafEntries.append(dn) else: try: self._l.delete_s(dn) except ldap.NOT_ALLOWED_ON_NONLEAF,e: self.nonLeafEntries.append(dn) else: self.deletedEntries = self.deletedEntries+1 def DelTree(l,dn,scope=ldap.SCOPE_ONELEVEL): """ Recursively delete entries below or including entry with name dn. """ leafs_deleter = DeleteLeafs(l) leafs_deleter.startSearch(dn,scope) leafs_deleter.processResults() deleted_entries = leafs_deleter.deletedEntries non_leaf_entries = leafs_deleter.nonLeafEntries[:] while non_leaf_entries: dn = non_leaf_entries.pop() print deleted_entries,len(non_leaf_entries),dn leafs_deleter.startSearch(dn,ldap.SCOPE_SUBTREE) leafs_deleter.processResults() deleted_entries = deleted_entries+leafs_deleter.deletedEntries non_leaf_entries.extend(leafs_deleter.nonLeafEntries) return # DelTree() # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1390') # Try a bind to provoke failure if protocol version is not supported l.bind_s('cn=Directory Manager,dc=IMC,dc=org','controller',ldap.AUTH_SIMPLE) DelTree( l,'dc=Delete,dc=IMC,dc=org',ldap.SCOPE_ONELEVEL ) python-ldap-doc-2.3.orig/Demo/Lib/ldap/async/ldifwriter.py0000644000175000001440000000176110411503653022521 0ustar mvelausers""" ldifwriter - using ldap.async module for output of LDIF stream of LDAP search results Written by Michael Stroeder $Id: ldifwriter.py,v 1.4 2006/03/26 12:23:07 stroeder Exp $ This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. Python compability note: Tested on Python 2.0+, should run on Python 1.5.x. """ import sys,ldap,ldap.async s = ldap.async.LDIFWriter( ldap.initialize('ldap://localhost:1390'), sys.stdout ) s.startSearch( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( s.endResultBreak-s.beginResultsDropped ) ) python-ldap-doc-2.3.orig/Demo/Lib/ldap/async/sizelimit.py0000644000175000001440000000204010411503653022346 0ustar mvelausers""" ldifwriter - using ldap.async module for retrieving partial results in a list even though the exception ldap.SIZELIMIT_EXCEEDED was raised.output of LDIF stream Written by Michael Stroeder $Id: sizelimit.py,v 1.4 2006/03/26 12:23:07 stroeder Exp $ This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. Python compability note: Tested on Python 2.0+, should run on Python 1.5.x. """ import sys,ldap,ldap.async s = ldap.async.List( ldap.initialize('ldap://localhost:1390'), ) s.startSearch( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( len(s.allResults) ) ) python-ldap-doc-2.3.orig/Demo/Lib/ldif/0000755000175000001440000000000010607005105016644 5ustar mvelauserspython-ldap-doc-2.3.orig/Demo/Lib/ldif/ldifcopy.py0000644000175000001440000000124207405752201021036 0ustar mvelausers""" ldifcopy - reads LDIF from stdin, retrieve values by URL and write resulting LDIF to stdout Written by Michael Stroeder $Id: ldifcopy.py,v 1.2 2001/12/12 22:04:49 stroeder Exp $ This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. Python compability note: Tested on Python 2.0+, should run on Python 1.5.x. """ import sys,ldif infile = sys.stdin outfile = sys.stdout ldif_collector = ldif.LDIFCopy( infile, outfile, process_url_schemes=['file','ftp','http'] ) ldif_collector.parse() python-ldap-doc-2.3.orig/Demo/Lib/ldapurl/0000755000175000001440000000000010607005105017371 5ustar mvelauserspython-ldap-doc-2.3.orig/Demo/Lib/ldapurl/urlsearch.py0000644000175000001440000000144207617316074021755 0ustar mvelausers""" Do a search with the LDAP URL specified at command-line. No output of LDAP data is produced except trace output. """ import sys,getpass,ldap,ldapurl try: ldapUrl = ldapurl.LDAPUrl(ldapUrl=sys.argv[1]) except IndexError: print 'Usage: %s [LDAP URL]' % (sys.argv[0]) sys.exit(1) for a in [ 'urlscheme','hostport','dn','attrs','scope', 'filterstr','extensions','who','cred' ]: print a,repr(getattr(ldapUrl,a)) l = ldap.initialize(ldapUrl.initializeUrl(),trace_level=1) if ldapUrl.who!=None: if ldapUrl.cred!=None: cred=ldapUrl.cred else: print 'Enter password for simple bind with',repr(ldapUrl.who) cred=getpass.getpass() l.simple_bind_s(ldapUrl.who,cred) res = l.search_s(ldapUrl.dn,ldapUrl.scope,ldapUrl.filterstr,ldapUrl.attrs) print len(res),'search results' python-ldap-doc-2.3.orig/Demo/initialize.py0000644000175000001440000000443210600701555017743 0ustar mvelausers""" Various examples how to connect to a LDAP host with the new factory function ldap.initialize() introduced in OpenLDAP 2 API. Assuming you have LDAP servers running on ldap://localhost:1389 (LDAP with StartTLS) ldaps://localhost:1636 (LDAP over SSL) ldapi://%2ftmp%2fopenldap2 (domain socket /tmp/openldap2) """ import sys,ldap # Set debugging level ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 1 ldapmodule_trace_file = sys.stderr # Set path name of file containing all CA certificates # needed to validate server certificates ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem') print """################################################################## # LDAPv3 connection with StartTLS ################################################################## """ # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1390',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 l.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND) # Now try StartTLS extended operation l.start_tls_s() # Try a bind to provoke failure if protocol version is not supported l.bind_s('','',ldap.AUTH_SIMPLE) # Close connection l.unbind_s() print """################################################################## # LDAPv3 connection over SSL ################################################################## """ # Create LDAPObject instance l = ldap.initialize('ldaps://localhost:1636',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 # Try a bind to provoke failure if protocol version is not supported l.bind_s('','',ldap.AUTH_SIMPLE) # Close connection l.unbind_s() print """################################################################## # LDAPv3 connection over Unix domain socket ################################################################## """ # Create LDAPObject instance l = ldap.initialize('ldapi://%2ftmp%2fopenldap2',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 # Try a bind to provoke failure if protocol version is not supported l.bind_s('','',ldap.AUTH_SIMPLE) # Close connection l.unbind_s() python-ldap-doc-2.3.orig/Demo/ldapcontrols.py0000644000175000001440000000147710256025543020317 0ustar mvelausersimport ldap,ldapurl,pprint from ldap.controls import LDAPControl,BooleanControl l = ldap.initialize('ldap://localhost:1390',trace_level=2) print 60*'#' pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) l.manage_dsa_it(1,1) pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) print 60*'#' # Search with ManageDsaIT control (which has no value) pprint.pprint(l.search_ext_s( 'cn=Test-Referral,ou=Testing,dc=stroeder,dc=de', ldap.SCOPE_BASE, '(objectClass=*)', ['*','+'], serverctrls = [ LDAPControl('2.16.840.1.113730.3.4.2',1,None) ], )) print 60*'#' # Search with Subentries control (which has boolean value) pprint.pprint(l.search_ext_s( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=subentry)', ['*','+'], serverctrls = [ BooleanControl('1.3.6.1.4.1.4203.1.10.1',1,1) ], )) print 60*'#' python-ldap-doc-2.3.orig/Demo/options.py0000644000175000001440000000164107635354564017316 0ustar mvelausers import ldap host="localhost:1390" print "API info:",ldap.get_option(ldap.OPT_API_INFO) print "debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL) #print "Setting debug level to 255..." #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) #print "debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL) print "default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT) print "Setting default size limit to 10..." ldap.set_option(ldap.OPT_SIZELIMIT,10) print "default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT) print "Creating connection to",host,"..." l=ldap.init(host) print "size limit:",l.get_option(ldap.OPT_SIZELIMIT) print "Setting connection size limit to 20..." l.set_option(ldap.OPT_SIZELIMIT,20) print "size limit:",l.get_option(ldap.OPT_SIZELIMIT) #print "Setting time limit to 60 secs..." l.set_option(ldap.OPT_TIMELIMIT,60) #print "time limit:",l.get_option(ldap.OPT_TIMELIMIT) print "Binding..." l.simple_bind_s("","") python-ldap-doc-2.3.orig/Demo/page_control.py0000644000175000001440000000214110541444443020255 0ustar mvelausersurl = "ldap://localhost:1390/" base = "dc=stroeder,dc=de" search_flt = r'(objectClass=*)' page_size = 10 import ldap from ldap.controls import SimplePagedResultsControl ldap.set_option(ldap.OPT_REFERRALS, 0) l = ldap.initialize(url) l.protocol_version = 3 l.simple_bind_s("", "") lc = SimplePagedResultsControl( ldap.LDAP_CONTROL_PAGE_OID,True,(page_size,'') ) # Send search request msgid = l.search_ext( base, ldap.SCOPE_SUBTREE, search_flt, serverctrls=[lc] ) pages = 0 while True: pages += 1 print "Getting page %d" % (pages,) rtype, rdata, rmsgid, serverctrls = l.result3(msgid) print '%d results' % len(rdata) pctrls = [ c for c in serverctrls if c.controlType == ldap.LDAP_CONTROL_PAGE_OID ] if pctrls: est, cookie = pctrls[0].controlValue if cookie: lc.controlValue = (page_size, cookie) msgid = l.search_ext(base, ldap.SCOPE_SUBTREE, search_flt, serverctrls=[lc]) else: break else: print "Warning: Server ignores RFC 2696 control." break python-ldap-doc-2.3.orig/Demo/passwd_ext_op.py0000644000175000001440000000141510137547500020462 0ustar mvelausers""" Example showing the use of the password extended operation. """ import sys,ldap,ldapurl,getpass # Set debugging level ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr lu = ldapurl.LDAPUrl(sys.argv[1]) print 'Old password' oldpw = getpass.getpass() print 'New password' newpw = getpass.getpass() # Set path name of file containing all CA certificates # needed to validate server certificates ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem') # Create LDAPObject instance l = ldap.initialize(lu.initializeUrl(),trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) l.protocol_version=ldap.VERSION3 l.simple_bind_s(lu.dn,oldpw) l.passwd(lu.dn,oldpw,newpw) l.unbind_s() python-ldap-doc-2.3.orig/Demo/pickle_ldapobject.py0000644000175000001440000000063107650130021021230 0ustar mvelausersimport os,ldap,pickle temp_file_name = os.path.join(os.environ.get('TMP','/tmp'),'pickle_ldap-%d' % (os.getpid())) l1 = ldap.ldapobject.ReconnectLDAPObject('ldap://localhost:1390',trace_level=1) l1.protocol_version = 3 l1.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') pickle.dump(l1,open(temp_file_name,'wb')) l2 = pickle.load(open(temp_file_name,'rb')) l2.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') python-ldap-doc-2.3.orig/Demo/reconnect.py0000644000175000001440000000103107524237466017572 0ustar mvelausersimport sys,time,ldap,ldap.ldapobject,ldapurl from ldap.ldapobject import * ldap_url = ldapurl.LDAPUrl(sys.argv[1]) ldap_url.applyDefaults({ 'who':'', 'cred':'', 'filterstr':'(objectClass=*)', 'scope':ldap.SCOPE_BASE }) ldap.trace_level=1 l = ldap.ldapobject.ReconnectLDAPObject( ldap_url.initializeUrl(),trace_level=ldap.trace_level ) l.protocol_version = ldap.VERSION3 l.simple_bind_s(ldap_url.who,ldap_url.cred) while 1: l.search_s(ldap_url.dn,ldap_url.scope,ldap_url.filterstr,ldap_url.attrs) sys.stdin.readline() python-ldap-doc-2.3.orig/Demo/rename.py0000644000175000001440000000203107426477316017063 0ustar mvelausersimport ldap from getpass import getpass # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1389',trace_level=1) print 'Password:' cred = getpass() try: # Set LDAP protocol version used l.set_option(ldap.OPT_PROTOCOL_VERSION,3) # Try a bind to provoke failure if protocol version is not supported l.bind_s('cn=root,dc=stroeder,dc=com',cred,ldap.AUTH_SIMPLE) print 'Using rename_s():' l.rename_s( 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', 'cn=Fred Feuerstein', 'dc=stroeder,dc=com', 0 ) l.rename_s( 'cn=Fred Feuerstein,dc=stroeder,dc=com', 'uid=fred', 'ou=Unstructured testing tree,dc=stroeder,dc=com', 0 ) m = l.rename( 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', 'cn=Fred Feuerstein', 'dc=stroeder,dc=com', 0 ) r = l.result(m,1) m = l.rename( 'cn=Fred Feuerstein,dc=stroeder,dc=com', 'uid=fred', 'ou=Unstructured testing tree,dc=stroeder,dc=com', 0 ) r = l.result(m,1) finally: l.unbind_s() python-ldap-doc-2.3.orig/Demo/resiter.py0000644000175000001440000000130110333634551017253 0ustar mvelausers""" Demo for using ldap.resiter.ResultProcessor written by Michael Stroeder See http://python-ldap.sourceforge.net for details. \$Id: resiter.py,v 1.1 2005/11/07 11:24:25 stroeder Exp $ Python compability note: Requires Python 2.3+ """ import ldap,ldap.resiter class LDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass l = LDAPObject('ldap://localhost:1390',trace_level=1) l.protocol_version = 3 msgid = l.search('dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=m*)') result_iter = l.allresults(msgid) for result_type,result_list,result_msgid,result_serverctrls in result_iter: print result_type,result_list,result_msgid,result_serverctrls l.unbind_s() python-ldap-doc-2.3.orig/Demo/sasl_bind.py0000644000175000001440000000311710075161013017532 0ustar mvelausers# For documentation, see comments in Module/LDAPObject.c and the # ldap.sasl module documentation. import ldap,ldap.sasl ldap.sasl._trace_level=0 ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) for ldap_uri,sasl_mech,sasl_cb_value_dict in [ ( "ldap://localhost:1390/", 'CRAM-MD5', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://localhost:1390/", 'PLAIN', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://localhost:1390/", 'LOGIN', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldapi://%2Ftmp%2Fopenldap-socket/", 'EXTERNAL', { } ), ( "ldap://localhost:1390/", 'GSSAPI', { } ), ( "ldap://localhost:1390/", 'NTLM', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://localhost:1390/", 'DIGEST-MD5', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ]: sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict,sasl_mech) print 20*'*',sasl_auth.mech,20*'*' # Open the LDAP connection l = ldap.initialize(ldap_uri,trace_level=0) # Set protocol version to LDAPv3 to enable SASL bind! l.protocol_version = 3 try: l.sasl_interactive_bind_s("", sasl_auth) except ldap.LDAPError,e: print 'Error using SASL mechanism',sasl_auth.mech,str(e) else: print 'Sucessfully bound using SASL mechanism',sasl_auth.mech,'as',repr(l.whoami_s()) l.unbind() python-ldap-doc-2.3.orig/Demo/schema.py0000644000175000001440000000351710416365076017056 0ustar mvelausersimport sys,ldap,ldap.schema schema_attrs = ldap.schema.SCHEMA_ATTRS ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) ldap._trace_level = 0 subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1]) schema_reverse = ldap.schema.SubSchema(schema.ldap_entry()) if subschemasubentry_dn is None: print 'No sub schema sub entry found!' sys.exit(1) print '*** Schema from',repr(subschemasubentry_dn) # Display schema for attr_type,schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(): print '*'*20,attr_type,'*'*20 for element_id in schema.listall(schema_class): se_orig = schema.get_obj(schema_class,element_id) se_reverse = schema_reverse.get_obj(schema_class,element_id) # assert str(se_orig)==str(se_reverse) print attr_type,str(se_orig) print '*** Testing object class inetOrgPerson ***' inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson') if not inetOrgPerson is None: print inetOrgPerson.must,inetOrgPerson.may print '*** person,organizationalPerson,inetOrgPerson ***' try: print schema.attribute_types( ['person','organizationalPerson','inetOrgPerson'] ) print schema.attribute_types( ['person','organizationalPerson','inetOrgPerson'], attr_type_filter = [ ('no_user_mod',[0]), ('usage',range(2)), ] ) except KeyError,e: print '***KeyError',str(e) drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink') if not drink is None: print '*** drink ***' print 'drink.names',repr(drink.names) print 'drink.collective',repr(drink.collective) schema.ldap_entry() print str(schema.get_obj(ldap.schema.MatchingRule,'2.5.13.0')) print str(schema.get_obj(ldap.schema.MatchingRuleUse,'2.5.13.0')) print str(schema.get_obj(ldap.schema.AttributeType,'name')) print str(schema.get_inheritedobj(ldap.schema.AttributeType,'cn',['syntax','equality','substr','ordering'])) python-ldap-doc-2.3.orig/Demo/schema_tree.py0000644000175000001440000000450710256025756020075 0ustar mvelausers""" Outputs the object class tree read from LDAPv3 schema of a given server Usage: schema_oc_tree.py [--html] [LDAP URL] """ import sys,getopt,ldap,ldap.schema ldap.trace_level = 1 def PrintSchemaTree(schema,se_class,se_tree,se_oid,level): """ASCII text output for console""" se_obj = schema.get_obj(se_class,se_oid) if se_obj!=None: print '| '*(level-1)+'+---'*(level>0), \ ', '.join(se_obj.names), \ '(%s)' % se_obj.oid for sub_se_oid in se_tree[se_oid]: print '| '*(level+1) PrintSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) def HTMLSchemaTree(schema,se_class,se_tree,se_oid,level): """HTML output for browser""" se_obj = schema.get_obj(se_class,se_oid) if se_obj!=None: print """
%s (%s)
%s """ % (', '.join(se_obj.names),se_obj.oid,se_obj.desc) if se_tree[se_oid]: print '
' for sub_se_oid in se_tree[se_oid]: HTMLSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) print '
' print '
' ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) ldap._trace_level = 0 subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1],ldap.trace_level) if subschemasubentry_dn is None: print 'No sub schema sub entry found!' sys.exit(1) try: options,args=getopt.getopt(sys.argv[1:],'',['html']) except getopt.error,e: print 'Error: %s\nUsage: schema_oc_tree.py [--html] [LDAP URL]' html_output = options and options[0][0]=='--html' oc_tree = schema.tree(ldap.schema.ObjectClass) at_tree = schema.tree(ldap.schema.AttributeType) #for k,v in oc_tree.items(): # print k,'->',v #for k,v in at_tree.items(): # print k,'->',v if html_output: print """ Object class tree

Object class tree

""" HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) print """

Attribute type tree

""" for a in schema.listall(ldap.schema.AttributeType): if at_tree[a]: HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0) print print """
""" else: print '*** Object class tree ***\n' print PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) print '\n*** Attribute types tree ***\n' PrintSchemaTree(schema,ldap.schema.AttributeType,at_tree,'_',0) python-ldap-doc-2.3.orig/Demo/simple.py0000644000175000001440000000450607426477316017116 0ustar mvelausersimport sys,getpass import ldap #l = ldap.open("localhost", 31001) l = ldap.open("marta.it.uq.edu.au") login_dn = "cn=root,ou=CSEE,o=UQ,c=AU" login_pw = getpass.getpass("Password for %s: " % login_dn) l.simple_bind_s(login_dn, login_pw) # # create a new sub organisation # try: dn = "ou=CSEE,o=UQ,c=AU" print "Adding", repr(dn) l.add_s(dn, [ ("objectclass",["organizationalUnit"]), ("ou", ["CSEE"]), ("description", [ "Department of Computer Science and Electrical Engineering"]), ] ) except _ldap.LDAPError: pass # # create an entry for me # dn = "cn=David Leonard,ou=CSEE,o=UQ,c=AU" print "Updating", repr(dn) try: l.delete_s(dn) except: pass l.add_s(dn, [ ("objectclass", ["organizationalPerson"]), ("sn", ["Leonard"]), ("cn", ["David Leonard"]), ("description", ["Ph.D. student"]), ("display-name", ["David Leonard"]), #("commonname", ["David Leonard"]), ("mail", ["david.leonard@csee.uq.edu.au"]), ("othermailbox", ["d@openbsd.org"]), ("givenname", ["David"]), ("surname", ["Leonard"]), ("seeAlso", ["http://www.csee.uq.edu.au/~leonard/"]), ("url", ["http://www.csee.uq.edu.au/~leonard/"]), #("homephone", []), #("fax", []), #("otherfacsimiletelephonenumber",[]), #("officefax", []), #("mobile", []), #("otherpager", []), #("officepager", []), #("pager", []), ("info", ["info"]), ("title", ["Mr"]), #("telephonenumber", []), ("l", ["Brisbane"]), ("st", ["Queensland"]), ("c", ["AU"]), ("co", ["co"]), ("o", ["UQ"]), ("ou", ["CSEE"]), #("homepostaladdress", []), #("postaladdress", []), #("streetaddress", []), #("street", []), ("department", ["CSEE"]), ("comment", ["comment"]), #("postalcode", []), ("physicaldeliveryofficename", ["Bldg 78, UQ, St Lucia"]), ("preferredDeliveryMethod", ["email"]), ("initials", ["DRL"]), ("conferenceinformation", ["MS-conferenceinformation"]), #("usercertificate", []), ("labeleduri", ["labeleduri"]), ("manager", ["cn=Jaga Indulska"]), ("reports", ["reports"]), ("jpegPhoto", [open("/www/leonard/leonard.jpg","r").read()]), ("uid", ["leonard"]), ("userPassword", [""]) ]) # # search beneath the CSEE/UQ/AU tree # res = l.search_s( "ou=CSEE, o=UQ, c=AU", _ldap.SCOPE_SUBTREE, "objectclass=*", ) print res l.unbind() python-ldap-doc-2.3.orig/Demo/simplebrowse.py0000644000175000001440000000615107410130511020306 0ustar mvelausers#! python # # simple LDAP server browsing example # import ldap import string from traceback import print_exc url = "ldap://ldap.openldap.org/" dn = "dc=openldap,dc=org" print "Connecting to", url l = ldap.initialize(url) l.bind_s("", "", ldap.AUTH_SIMPLE); lastdn = dn dnlist = None while 1: #-- read a command try: cmd = raw_input(dn + "> ") except EOFError: print break try: if cmd == "?": print "cd - change DN to " print "cd - change DN to number of last 'ls'" print "cd - - change to previous DN" print "cd .. - change to one-level higher DN" print "cd - change to root DN" print "ls - list children of crrent DN" print ". - show attributes of current DN" print "/ - list descendents matching filter " print "? - show this help" elif cmd == "ls": print "Children of", `dn`, ":" dnlist = [] # # List the children at one level down from the current dn # We use the filter 'objectclass=*' to match everything. # We're not interested in attributes at this stage, so # we specify [] as the list of attribute names to retreive. # for name,attrs in l.search_s(dn, ldap.SCOPE_ONELEVEL, "objectclass=*", []): #-- shorten resulting dns for output brevity if name.startswith(dn+", "): shortname = "+ "+name[len(dn)+2:] elif name.endswith(", "+dn): shortname = name[:-len(dn)-2]+" +" else: shortname = name print " %3d. %s" % (len(dnlist), shortname) dnlist.append(name) elif cmd == "cd": dn = "" dnlist = None elif cmd.startswith("cd "): arg = cmd[3:] if arg == '-': lastdn,dn = dn,lastdn elif arg == '..': dn = string.join(ldap.explode_dn(dn)[1:], ",") dn = string.strip(dn) else: try: i = int(arg) except: godn = arg else: if dnlist is None: print "do an ls first" else: godn = dnlist[i] lastdn = dn dn = godn elif cmd == ".": # # Retrieve all the attributes for the current dn. # We construct a search using SCOPE_BASE (ie just the # given DN) and again filter with "objectclass=*". # No attributes are listed, so the default is for # the client to receive all attributes on the DN. # print "Attributes of", `dn`, ":" for name,attrs in l.search_s(dn, ldap.SCOPE_BASE, "objectclass=*"): print " %-24s" % name for k,vals in attrs.items(): for v in vals: if len(v) > 200: v = `v[:200]` + \ ("... (%d bytes)" % len(v)) else: v = `v` print " %-12s: %s" % (k, v) elif cmd.startswith("/"): # # Search descendent objects to match a given filter. # We use SCOPE_SUBTREE to indicate descendents, and # again specify an empty attribute list to indicate # that we're not interested in them. # expr = cmd[1:] print "Descendents matching filter", `expr`, ":" for name,attrs in l.search_s(dn, ldap.SCOPE_SUBTREE, expr, []): print " %24s", name else: print "unknown command - try '?' for help" except: print_exc() python-ldap-doc-2.3.orig/Doc/0000755000175000001440000000000010607005105015041 5ustar mvelauserspython-ldap-doc-2.3.orig/Doc/Makefile0000644000175000001440000000221610600701555016507 0ustar mvelausers# $Id: Makefile,v 1.14 2007/03/22 23:25:16 stroeder Exp $ PYTHONSRC= /home/michael/src/Python-2.5 DOCTOOLSDIR= $(PYTHONSRC)/Doc/tools PAPER= a4 DVIPS= dvips -N0 -t $(PAPER) PYTHON= python MKHOWTO= $(DOCTOOLSDIR)/mkhowto MKDVI= $(MKHOWTO) --dvi MKPDF= $(MKHOWTO) --pdf TEXINPUTS= $(PYTHONSRC)/Doc/texinputs:: ENV= /usr/bin/env TEXINPUTS=$(TEXINPUTS) SRCS=python-ldap.tex ldap.tex version.tex ldif.tex ldapurl.tex \ ldap-async.tex ldap-modlist.tex ldap-schema.tex all: python-ldap.dvi python-ldap.ps python-ldap.pdf python-ldap/index.html python-ldap/index.html: $(SRCS) $(ENV) $(MKHOWTO) --html python-ldap.tex python-ldap.ps: python-ldap.dvi $(ENV) $(DVIPS) -o python-ldap.ps python-ldap.dvi python-ldap.dvi: $(SRCS) $(ENV) $(MKDVI) python-ldap.tex python-ldap.pdf: $(SRCS) $(ENV) $(MKPDF) python-ldap.tex version.tex: v=`${PYTHON} ../setup.py --version`; \ d=`date +"%B %e, %Y"`; \ echo "%release{$$v}%setshortversion{$$v}%date{$$d}" | tr % "\\\\" >$@ clean: rm -f *~ *.bck *.aux *.idx *.ilg *.ind *.log *.toc rm -f *.bkm *.syn *.pla *.l2h *.how rm -f python-ldap.dvi python-ldap.ps python-ldap.pdf rm -f version.tex rm -rf python-ldap python-ldap-doc-2.3.orig/Doc/ldap-async.tex0000644000175000001440000000377607614072050017642 0ustar mvelausers% $Id: ldap-async.tex,v 1.2 2003/01/23 23:00:56 stroeder Exp $ \section{\module{ldap.async} --- Framework for stream-processing of large search results } \declaremodule{standard}{ldap.async} % Author of the module code; \moduleauthor{Michael Str\"oder}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} \modulesynopsis{Framework for stream-processing of large search results.} \subsection{Examples for ldap.async \label{ldap.async-example}} \subsubsection{Using ldap.async.List \label{ldap.async-example.List}} This example demonstrates how to use class ldap.async.List for retrieving partial search results even though the exception ldap.SIZELIMIT_EXCEEDED was raised because a server side limit was hit. \begin{verbatim} import sys,ldap,ldap.async s = ldap.async.List( ldap.initialize('ldap://localhost'), ) s.startSearch( 'dc=stroeder,dc=com', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stdout.write( '%d results received.\n' % ( len(s.allResults) ) ) \end{verbatim} \subsubsection{Using ldap.async.LDIFWriter \label{ldap.async-example.LDIFWriter}} This example demonstrates how to use class ldap.async.LDIFWriter for writing search results as LDIF to stdout. \begin{verbatim} import sys,ldap,ldap.async s = ldap.async.LDIFWriter( ldap.initialize('ldap://localhost:1390'), sys.stdout ) s.startSearch( 'dc=stroeder,dc=com', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( s.endResultBreak-s.beginResultsDropped ) ) \end{verbatim} python-ldap-doc-2.3.orig/Doc/ldap-controls.tex0000644000175000001440000000122510211304104020334 0ustar mvelausers% $Id: ldap-controls.tex,v 1.1 2005/03/02 09:32:52 stroeder Exp $ \section{\module{ldap.controls} --- High-level access to LDAP controls } \declaremodule{standard}{ldap.controls} % Author of the module code; \moduleauthor{Michael Str\"oder}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} \modulesynopsis{High-level access to LDAP controls.} The \module{ldap.controls} module defines the following functions: \begin{funcdesc}{EncodeControlTuples}{ldapControls} % -> list \end{funcdesc} \begin{funcdesc}{DecodeControlTuples}{ldapControlTuples} % -> list \end{funcdesc} python-ldap-doc-2.3.orig/Doc/ldap-dn.tex0000644000175000001440000000351710603400134017105 0ustar mvelausers% $Id: ldap-dn.tex,v 1.3 2007/03/27 22:16:45 stroeder Exp $ \section{\module{ldap.dn} --- LDAP Distinguished Name handling } \declaremodule{standard}{ldap.dn} % Author of the module code; \moduleauthor{Michael Str\"oder}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} \modulesynopsis{LDAP Distinguished Name handling.} \begin{seealso} \seerfc{4514}{Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names.}{} \end{seealso} The \module{ldap.dn} module defines the following functions: \begin{funcdesc}{escape_dn_chars}{s} % -> string This function escapes characters in string \var{s} which are special in LDAP distinguished names. You should use this function when building LDAP DN strings from arbitrary input. \end{funcdesc} \begin{funcdesc}{str2dn}{s} % -> list This function takes \var{dn} and breaks it up into its component parts down to AVA level. \end{funcdesc} \begin{funcdesc}{explode_dn}{dn \optional{, notypes=\constant{0}}} % -> list This function takes \var{dn} and breaks it up into its component parts. Each part is known as an RDN (Relative Distinguished Name). The \var{notypes} parameter is used to specify that only the RDN values be returned and not their types. For example, the DN \code{"cn=Bob, c=US"} would be returned as either \code{["cn=Bob", "c=US"]} or \code{["Bob","US"]} depending on whether \var{notypes} was \constant{0} or \constant{1}, respectively. \end{funcdesc} \begin{funcdesc}{explode_rdn}{rdn \optional{, notypes=\constant{0}}} % -> list This function takes a (multi-valued) \var{rdn} and breaks it up into a list of characteristic attributes. The \var{notypes} parameter is used to specify that only the RDN values be returned and not their types. \end{funcdesc} python-ldap-doc-2.3.orig/Doc/ldap-filter.tex0000644000175000001440000000227710603400134017773 0ustar mvelausers% $Id: ldap-filter.tex,v 1.2 2007/03/27 22:10:17 stroeder Exp $ \section{\module{ldap.filter} --- LDAP filter handling } \declaremodule{standard}{ldap.filter} % Author of the module code; \moduleauthor{Michael Str\"oder}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} \modulesynopsis{LDAP filter handling.} The \module{ldap.filter} module defines the following functions: \begin{funcdesc}{escape_filter_chars}{assertion_value} % -> string This function escapes characters in \var{assertion_value} which are special in LDAP filters. You should use this function when building LDAP filter strings from arbitrary input. \begin{seealso} \seerfc{4515}{Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters.}{} \end{seealso} \end{funcdesc} \begin{funcdesc}{filter_format}{filter_template, assertion_values} % -> string This function applies \function{escape_filter_chars()} to each of the strings in list \var{assertion_values}. After that \var{filter_template} containing as many \constant{\%s} placeholders as count of assertion values is used to build the whole filter string. \end{funcdesc} python-ldap-doc-2.3.orig/Doc/ldap-modlist.tex0000644000175000001440000000371207614067062020175 0ustar mvelausers% $Id: ldap-modlist.tex,v 1.2 2003/01/23 22:35:30 stroeder Exp $ \section{\module{ldap.modlist} --- Generate modify lists } \declaremodule{standard}{ldap.modlist} % Author of the module code; \moduleauthor{Michael Str\"oder}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} \modulesynopsis{Generate modify lists.} The \module{ldap.modlist} module defines the following functions: \begin{funcdesc}{addModlist}{entry \optional{, ignore_attr_types=\constant{[]}}} % -> list This function builds a list suitable for passing it directly as argument \var{modlist} to method \method{add()} or its synchronous counterpart \method{add_s()}. \var{entry} is a dictionary like returned when receiving search results. \end{funcdesc} \begin{funcdesc}{modifyModlist}{ old_entry, new_entry \optional{, ignore_attr_types=\constant{[]} \optional{, ignore_oldexistent=\constant{0}}}} % -> list This function builds a list suitable for passing it directly as argument \var{modlist} to method \method{modify()} or its synchronous counterpart \method{modify_s()}. Roughly when applying the resulting modify list to an entry holding the data \var{old_entry} it will be modified in such a way that the entry holds \var{new_entry} after the modify operation. It is handy in situations when it is impossible to track user changes to an entry's data or for synchronizing operations. \var{old_entry} and \var{new_entry} are dictionaries like returned when receiving search results. \var{ignore_attr_types} is a list of attribute type names which shall be ignored completely. These attribute types will not appear in the result. If \var{ignore_oldexistent} is non-zero attribute type names which are in \var{old_entry} but are not found in \var{new_entry} at all are not deleted. This is handy for situations where your application sets attribute value to '' for deleting an attribute. In most cases leave zero. \end{funcdesc} python-ldap-doc-2.3.orig/Doc/ldap-schema.tex0000644000175000001440000000104407622003030017736 0ustar mvelausers% $Id: ldap-schema.tex,v 1.1 2003/02/10 20:05:44 stroeder Exp $ \section{\module{ldap.schema} --- Processing LDAPv3 sub schema sub entry } \declaremodule{standard}{ldap.schema} % Author of the module code; \moduleauthor{Michael Str\"oder}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} \modulesynopsis{Processing LDAPv3 sub schema sub entry} \subsection{Examples for ldap.schema \label{ldap.schema-example}} \begin{verbatim} import ldap.schema \end{verbatim} python-ldap-doc-2.3.orig/Doc/ldap.tex0000644000175000001440000010676410603400134016516 0ustar mvelausers% $Id: ldap.tex,v 1.30 2007/03/27 22:31:51 stroeder Exp $ % ==== 1. ==== % The section prologue. Give the section a title and provide some % meta-information. References to the module should use % \refbimodindex, \refstmodindex, \refexmodindex or \refmodindex, as % appropriate. \section{\module{ldap} --- LDAP library interface module} \declaremodule{extension}{ldap} % not standard, in C \platform{UNIX,Windows} % Author of the module code; \moduleauthor{Michael Str\"oder}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} % Leave at least one blank line after this, to simplify ad-hoc tools % that are sometimes used to massage these files. \modulesynopsis{Access to an underlying LDAP C library.} % ==== 2. ==== % Give a short overview of what the module does. % If it is platform specific, mention this. % Mention other important restrictions or general operating principles. This module provides access to the LDAP (Lightweight Directory Access Protocol) \C\ API implemented in OpenLDAP 2.3 or newer. It is similar to the C API, with the notable differences that lists are manipulated via Python list operations and errors appear as exceptions. For far more detailed information on the \C\ interface, please see the (expired) draft-ietf-ldapext-ldap-c-api-04. This documentation is current for the Python LDAP module, version $\version$. Source and binaries are available from \url{http://python-ldap.sourceforge.net/}. % ==== 3. ==== % List the public functions defined by the module. Begin with a % standard phrase. You may also list the exceptions and other data % items defined in the module, insofar as they are important for the % user. \subsection{Functions} The \module{ldap} module defines the following functions: % ---- 3.1. ---- % For each function, use a ``funcdesc'' block. This has exactly two % parameters (each parameters is contained in a set of curly braces): % the first parameter is the function name (this automatically % generates an index entry); the second parameter is the function's % argument list. If there are no arguments, use an empty pair of % curly braces. If there is more than one argument, separate the % arguments with backslash-comma. Optional parts of the parameter % list are contained in \optional{...} (this generates a set of square % brackets around its parameter). Arguments are automatically set in % italics in the parameter list. Each argument should be mentioned at % least once in the description; each usage (even inside \code{...}) % should be enclosed in \var{...}. \begin{funcdesc}{initialize}{uri} % -> LDAPObject Opens a new connection with an LDAP server, and return an LDAP object (see \ref{ldap-objects}) used to perform operations on that server. Parameter \var{uri} has to be a valid LDAP URL. \begin{seealso} \seerfc{4516}{Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator}{} \end{seealso} \end{funcdesc} \begin{funcdesc}{open}{host \optional{, port=\constant{PORT}}} % -> LDAPObject Opens a new connection with an LDAP server, and return an LDAP object (see \ref{ldap-objects}) used to perform operations on that server. \var{host} is a string containing solely the host name. \var{port} is an integer specifying the port where the LDAP server is listening (default is 389). Note: Using this function is deprecated. \end{funcdesc} \begin{funcdesc}{get_option}{option} % -> None This function returns the value of the global option specified by \var{option}. \end{funcdesc} \begin{funcdesc}{set_option}{option, invalue} % -> None This function sets the value of the global option specified by \var{option} to \var{invalue}. \end{funcdesc} % ---- 3.2. ---- % Data items are described using a ``datadesc'' block. This has only % one parameter: the item's name. \subsection{Constants} The module defines various constants. \subsubsection{General} \begin{datadesc}{PORT} The assigned TCP port number (389) that LDAP servers listen on. \end{datadesc} \begin{datadesc}{SASL_AVAIL} Boolean flag indicating whether python-ldap was built with support for SASL (Cyrus-SASL). \end{datadesc} \begin{datadesc}{TLS_AVAIL} Boolean flag indicating whether python-ldap was built with support for SSL/TLS (OpenSSL). \end{datadesc} \subsubsection{Options} For use with functions and method set_option() and get_option() the following option identifiers are defined as constants: \begin{datadesc}{OPT_API_FEATURE_INFO} \end{datadesc} \begin{datadesc}{OPT_API_INFO} \end{datadesc} \begin{datadesc}{OPT_CLIENT_CONTROLS} \end{datadesc} \begin{datadesc}{OPT_DEBUG_LEVEL} \end{datadesc} \begin{datadesc}{OPT_DEREF} \end{datadesc} \begin{datadesc}{OPT_ERROR_STRING} \end{datadesc} \begin{datadesc}{OPT_HOST_NAME} \end{datadesc} \begin{datadesc}{OPT_MATCHED_DN} \end{datadesc} \begin{datadesc}{OPT_NETWORK_TIMEOUT} \end{datadesc} \begin{datadesc}{OPT_PRIVATE_EXTENSION_BASE} \end{datadesc} \begin{datadesc}{OPT_PROTOCOL_VERSION} \end{datadesc} \begin{datadesc}{OPT_REFERRALS} \end{datadesc} \begin{datadesc}{OPT_REFHOPLIMIT} \end{datadesc} \begin{datadesc}{OPT_RESTART} \end{datadesc} \begin{datadesc}{OPT_SERVER_CONTROLS} \end{datadesc} \begin{datadesc}{OPT_SIZELIMIT} \end{datadesc} \begin{datadesc}{OPT_SUCCESS} \end{datadesc} \begin{datadesc}{OPT_TIMELIMIT} \end{datadesc} \begin{datadesc}{OPT_TIMEOUT} \end{datadesc} \begin{datadesc}{OPT_URI} \end{datadesc} \begin{datadesc}{OPT_X_SASL_AUTHCID} \end{datadesc} \begin{datadesc}{OPT_X_SASL_AUTHZID} \end{datadesc} \begin{datadesc}{OPT_X_SASL_MECH} \end{datadesc} \begin{datadesc}{OPT_X_SASL_REALM} \end{datadesc} \begin{datadesc}{OPT_X_SASL_SECPROPS} \end{datadesc} \begin{datadesc}{OPT_X_SASL_SSF} \end{datadesc} \begin{datadesc}{OPT_X_SASL_SSF_EXTERNAL} \end{datadesc} \begin{datadesc}{OPT_X_SASL_SSF_MAX} \end{datadesc} \begin{datadesc}{OPT_X_SASL_SSF_MIN} \end{datadesc} \begin{datadesc}{OPT_X_TLS} \end{datadesc} \begin{datadesc}{OPT_X_TLS_ALLOW} \end{datadesc} \begin{datadesc}{OPT_X_TLS_CACERTDIR} \end{datadesc} \begin{datadesc}{OPT_X_TLS_CACERTFILE} \end{datadesc} \begin{datadesc}{OPT_X_TLS_CERTFILE} \end{datadesc} \begin{datadesc}{OPT_X_TLS_CIPHER_SUITE} \end{datadesc} \begin{datadesc}{OPT_X_TLS_CTX} \end{datadesc} \begin{datadesc}{OPT_X_TLS_DEMAND} \end{datadesc} \begin{datadesc}{OPT_X_TLS_HARD} \end{datadesc} \begin{datadesc}{OPT_X_TLS_KEYFILE} \end{datadesc} \begin{datadesc}{OPT_X_TLS_NEVER} \end{datadesc} \begin{datadesc}{OPT_X_TLS_RANDOM_FILE} \end{datadesc} \begin{datadesc}{OPT_X_TLS_REQUIRE_CERT} \end{datadesc} \begin{datadesc}{OPT_X_TLS_TRY} \end{datadesc} % --- 3.3. --- % Exceptions are described using a ``excdesc'' block. This has only % one parameter: the exception name. Exceptions defined as classes in % the source code should be documented using this environment, but % constructor parameters must be ommitted. \subsection{Exceptions} \label{subsec:exceptfrommeth} The module defines the following exceptions: \begin{excdesc}{LDAPError} This is the base class of all execeptions raised by the module \module{ldap}. Unlike the \C\ interface, errors are not returned as result codes, but are instead turned into exceptions, raised as soon an the error condition is detected. The exceptions are accompanied by a dictionary possibly containing an string value for the key \constant{'desc'} (giving an English description of the error class) and/or a string value for the key \constant{'info'} (giving a string containing more information that the server may have sent). A third possible field of this dictionary is \constant{'matched'} and is set to a truncated form of the name provided or alias dereferenced for the lowest entry (object or alias) that was matched. \end{excdesc} \begin{excdesc}{ADMINLIMIT_EXCEEDED} \end{excdesc} \begin{excdesc}{AFFECTS_MULTIPLE_DSAS} \end{excdesc} \begin{excdesc}{ALIAS_DEREF_PROBLEM} A problem was encountered when dereferencing an alias. (Sets the \constant{'matched'} field.) \end{excdesc} \begin{excdesc}{ALIAS_PROBLEM} An alias in the directory points to a nonexistent entry. (Sets the \constant{'matched'} field.) \end{excdesc} \begin{excdesc}{ALREADY_EXISTS} The entry already exists. E.g. the \var{dn} specified with \method{add()} already exists in the DIT. \end{excdesc} \begin{excdesc}{} \end{excdesc} \begin{excdesc}{AUTH_UNKNOWN} The authentication method specified to \method{bind()} is not known. \end{excdesc} \begin{excdesc}{BUSY} The DSA is busy. \end{excdesc} \begin{excdesc}{CLIENT_LOOP} \end{excdesc} \begin{excdesc}{COMPARE_FALSE} A compare operation returned false. (This exception should never be seen because \method{compare()} returns a boolean result.) \end{excdesc} \begin{excdesc}{COMPARE_TRUE} A compare operation returned true. (This exception should never be seen because \method{compare()} returns a boolean result.) \end{excdesc} \begin{excdesc}{CONFIDENTIALITY_REQUIRED} Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality. \end{excdesc} \begin{excdesc}{CONNECT_ERROR} \end{excdesc} \begin{excdesc}{CONSTRAINT_VIOLATION} An attribute value specified or an operation started violates some server-side constraint (e.g., a postalAddress has too many lines or a line that is too long or a password is expired). \end{excdesc} \begin{excdesc}{CONTROL_NOT_FOUND} \end{excdesc} \begin{excdesc}{DECODING_ERROR} An error was encountered decoding a result from the LDAP server. \end{excdesc} \begin{excdesc}{ENCODING_ERROR} An error was encountered encoding parameters to send to the LDAP server. \end{excdesc} \begin{excdesc}{FILTER_ERROR} An invalid filter was supplied to method{search()} (e.g. unbalanced parentheses). \end{excdesc} \begin{excdesc}{INAPPROPRIATE_AUTH} Inappropriate authentication was specified (e.g. \constant{LDAP_AUTH_SIMPLE} was specified and the entry does not have a userPassword attribute). \end{excdesc} \begin{excdesc}{INAPPROPRIATE_MATCHING} Filter type not supported for the specified attribute. \end{excdesc} \begin{excdesc}{INSUFFICIENT_ACCESS} The user has insufficient access to perform the operation. \end{excdesc} \begin{excdesc}{INVALID_CREDENTIALS} Invalid credentials were presented during \method{bind()} or \method{simple_bind()}. (e.g., the wrong password). \end{excdesc} \begin{excdesc}{INVALID_DN_SYNTAX} A syntactically invalid DN was specified. (Sets the \constant{'matched'} field.) \end{excdesc} \begin{excdesc}{INVALID_SYNTAX} An attribute value specified by the client did not comply to the syntax defined in the server-side schema. \end{excdesc} \begin{excdesc}{IS_LEAF} The object specified is a leaf of the diretcory tree. Sets the \constant{'matched'} field of the exception dictionary value. \end{excdesc} \begin{excdesc}{LOCAL_ERROR} Some local error occurred. This is usually due to failed memory allocation. \end{excdesc} \begin{excdesc}{LOOP_DETECT} A loop was detected. \end{excdesc} \begin{excdesc}{MORE_RESULTS_TO_RETURN} \end{excdesc} \begin{excdesc}{NAMING_VIOLATION} A naming violation occurred. This is raised e.g. if the LDAP server has constraints about the tree naming. \end{excdesc} \begin{excdesc}{NO_OBJECT_CLASS_MODS} Modifying the objectClass attribute as requested is not allowed (e.g. modifying structural object class of existing entry). \end{excdesc} \begin{excdesc}{NOT_ALLOWED_ON_NONLEAF} The operation is not allowed on a non-leaf object. \end{excdesc} \begin{excdesc}{NOT_ALLOWED_ON_RDN} The operation is not allowed on an RDN. \end{excdesc} \begin{excdesc}{NOT_SUPPORTED} \end{excdesc} \begin{excdesc}{NO_MEMORY} \end{excdesc} \begin{excdesc}{NO_OBJECT_CLASS_MODS} Object class modifications are not allowed. \end{excdesc} \begin{excdesc}{NO_RESULTS_RETURNED} \end{excdesc} \begin{excdesc}{NO_SUCH_ATTRIBUTE} The attribute type specified does not exist in the entry. \end{excdesc} \begin{excdesc}{NO_SUCH_OBJECT} The specified object does not exist in the directory. Sets the \constant{'matched'} field of the exception dictionary value. \end{excdesc} \begin{excdesc}{OBJECT_CLASS_VIOLATION} An object class violation occurred when the LDAP server checked the data sent by the client against the server-side schema (e.g. a "must" attribute was missing in the entry data). \end{excdesc} \begin{excdesc}{OPERATIONS_ERROR} An operations error occurred. \end{excdesc} \begin{excdesc}{OTHER} An unclassified error occurred. \end{excdesc} \begin{excdesc}{PARAM_ERROR} An ldap routine was called with a bad parameter. \end{excdesc} \begin{excdesc}{PARTIAL_RESULTS} Partial results only returned. This exception is raised if a referral is received when using LDAPv2. (This exception should never be seen with LDAPv3.) \end{excdesc} \begin{excdesc}{PROTOCOL_ERROR} A violation of the LDAP protocol was detected. \end{excdesc} \begin{excdesc}{RESULTS_TOO_LARGE} The result does not fit into a UDP packet. This happens only when using UDP-based CLDAP (connection-less LDAP) which is not supported anyway. \end{excdesc} \begin{excdesc}{SASL_BIND_IN_PROGRESS} \end{excdesc} \begin{excdesc}{SERVER_DOWN} The LDAP library can't contact the LDAP server. \end{excdesc} \begin{excdesc}{SIZELIMIT_EXCEEDED} An LDAP size limit was exceeded. This could be due to a `sizelimit' configuration on the LDAP server. \end{excdesc} \begin{excdesc}{STRONG_AUTH_NOT_SUPPORTED} The LDAP server does not support strong authentication. \end{excdesc} \begin{excdesc}{STRONG_AUTH_REQUIRED} Strong authentication is required for the operation. \end{excdesc} \begin{excdesc}{TIMELIMIT_EXCEEDED} An LDAP time limit was exceeded. \end{excdesc} \begin{excdesc}{TIMEOUT} A timelimit was exceeded while waiting for a result from the server. \end{excdesc} \begin{excdesc}{TYPE_OR_VALUE_EXISTS} An attribute type or attribute value specified already exists in the entry. \end{excdesc} \begin{excdesc}{UNAVAILABLE} The DSA is unavailable. \end{excdesc} \begin{excdesc}{UNAVAILABLE_CRITICAL_EXTENSION} Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type. \end{excdesc} \begin{excdesc}{UNDEFINED_TYPE} An attribute type used is not defined in the server-side schema. \end{excdesc} \begin{excdesc}{UNWILLING_TO_PERFORM} The DSA is unwilling to perform the operation. \end{excdesc} \begin{excdesc}{USER_CANCELLED} The operation was cancelled via the \method{abandon()} method. \end{excdesc} The above exceptions are raised when a result code from an underlying API call does not indicate success. % ---- 3.4. ---- % Other standard environments: % % classdesc - Python classes; same arguments are funcdesc % methoddesc - methods, like funcdesc but has an optional parameter % to give the type name: \begin{methoddesc}[mytype]{name}{args} % By default, the type name will be the name of the % last class defined using classdesc. The type name % is required if the type is implemented in C (because % there's no classdesc) or if the class isn't directly % documented (if it's private). % memberdesc - data members, like datadesc, but with an optional % type name like methoddesc. \subsection{LDAPObject class \label{ldap-objects}} % This label is generally useful for referencing this section, but is % also used to give a filename when generating HTML. %\noindent Instances of \class{ldap.LDAPObject} are returned by \function{initialize()} and \function{open()} (deprecated). The connection is automatically unbound and closed when the LDAP object is deleted. Most methods on LDAP objects initiate an asynchronous request to the LDAP server and return a message id that can be used later to retrieve the result with \method{result()}. Methods with names ending in `\constant{_s}' are the synchronous form and wait for and return with the server's result, or with \constant{None} if no data is expected. LDAPObject instances, have the following methods: %%------------------------------------------------------------ %% abandon \begin{methoddesc}[LDAPObject]{abandon}{msgid} Abandons or cancels an LDAP operation in progress. The \var{msgid} argument should be the message ID of an outstanding LDAP operation as returned by the asynchronous methods \method{search()}, \method{modify()}, etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to \method{result()}. \end{methoddesc} %%------------------------------------------------------------ %% add \begin{methoddesc}[LDAPObject]{add}{dn, modlist} % -> int \methodline{add_s}{dn, modlist} Performs an LDAP add operation. The \var{dn} argument is the distinguished name (DN) of the entry to add, and \var{modlist} is a list of attributes to be added. The modlist is similar the one passed to \method{modify()}, except that the operation integer is omitted from the tuples in modlist. You might want to look into sub-module l\refmodule{ldap.modlist} for generating the modlist. \end{methoddesc} %%------------------------------------------------------------ %% bind \begin{methoddesc}[LDAPObject]{bind}{who, cred, method} % -> int \methodline[LDAPObject]{bind_s}{who, cred, method} % -> None \methodline[LDAPObject]{simple_bind}{\optional{who=\constant{''} \optional{, cred=\constant{''}}}} % -> int \methodline[LDAPObject]{simple_bind_s}{\optional{who=\constant{''} \optional{, cred=\constant{''}}}} % -> None After an LDAP object is created, and before any other operations can be attempted over the connection, a bind operation must be performed. This method attempts to bind with the LDAP server using either simple authentication, or Kerberos (if available). The first and most general method, \method{bind()}, takes a third parameter, \var{method}, which can currently solely be \constant{AUTH_SIMPLE}. \end{methoddesc} %%------------------------------------------------------------ %% sasl_interactive_bind_s \begin{methoddesc}[None]{sasl_interactive_bind_s}{who, auth} % -> None This call is used to bind to the directory with a SASL bind request. \end{methoddesc} %%------------------------------------------------------------ %% \begin{methoddesc}[LDAPObject]{cancel}{ cancelid, \optional{, serverctrls=\constant{None} \optional{, clientctrls=\constant{None}}}} Send cancels extended operation for an LDAP operation specified by \var{cancelid}. The \var{cancelid} should be the message id of an outstanding LDAP operation as returned by the asynchronous methods search(), modify() etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to result(). In opposite to abandon() this extended operation gets an result from the server and thus should be preferred if the server supports it. \end{methoddesc} %%------------------------------------------------------------ %% compare \begin{methoddesc}[LDAPObject]{compare}{dn, attr, value} % -> int \methodline[LDAPObject]{compare_s}{dn, attr, value} % -> tuple Perform an LDAP comparison between the attribute named \var{attr} of entry \var{dn}, and the value \var{value}. The synchronous form returns \constant{0} for false, or \constant{1} for true. The asynchronous form returns the message ID of the initiated request, and the result of the asynchronous compare can be obtained using \method{result()}. Note that the asynchronous technique yields the answer by raising the exception objects \constant{COMPARE_TRUE} or \constant{COMPARE_FALSE}. \textbf{Note} A design fault in the LDAP API prevents \var{value} from containing nul characters. \end{methoddesc} %%------------------------------------------------------------ %% delete \begin{methoddesc}[LDAPObject]{delete}{dn} % -> int \methodline[LDAPObject]{delete_s}{dn} % -> None Performs an LDAP delete operation on \var{dn}. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to \method{result()}. \end{methoddesc} %%------------------------------------------------------------ %% modify \begin{methoddesc}[LDAPObject]{modify}{ dn, modlist } % -> int \methodline[LDAPObject]{modify_s}{ dn, modlist } % -> None Performs an LDAP modify operation on an entry's attributes. The \var{dn} argument is the distinguished name (DN) of the entry to modify, and \var{modlist} is a list of modifications to make to that entry. Each element in the list \var{modlist} should be a tuple of the form \code{(mod_op,mod_type,mod_vals)}, where \var{mod_op} indicates the operation (one of \constant{MOD_ADD}, \constant{MOD_DELETE}, or \constant{MOD_REPLACE}), \var{mod_type} is a string indicating the attribute type name, and \var{mod_vals} is either a string value or a list of string values to add, delete or replace respectively. For the delete operation, \var{mod_vals} may be \constant{None} indicating that all attributes are to be deleted. The asynchronous method \method{modify()} returns the message ID of the initiated request. You might want to look into sub-module \refmodule{ldap.modlist} for generating \var{modlist}. \end{methoddesc} %%------------------------------------------------------------ %% modrdn \begin{methoddesc}[LDAPObject]{modrdn}{dn, newrdn \optional{, delold=\constant{1}}} %-> int \methodline[LDAPObject]{modrdn_s}{dn, newrdn \optional{, delold=\constant{1}}} % -> None Perform a `modify RDN' operation, (i.e. a renaming operation). These routines take \var{dn} (the DN of the entry whose RDN is to be changed, and \var{newrdn}, the new RDN to give to the entry. The optional parameter \var{delold} is used to specify whether the old RDN should be kept as an attribute of the entry or not. The asynchronous version returns the initiated message id. This operation is emulated by \method{rename()} and \method{rename_s()} methods since the modrdn2* routines in the C library are deprecated. \end{methoddesc} %%------------------------------------------------------------ %% passwd \begin{methoddesc}[LDAPObject]{passwd}{user,oldpw,newpw} %-> int \methodline[LDAPObject]{passwd_s}{user,oldpw,newpw} % -> None Perform a `LDAP Password Modify Extended Operation' operation on the entry specified by \var{user}. The old password in \var{oldpw} is replaced with the new password in \var{newpw} by a LDAP server supporting this operation. The asynchronous version returns the initiated message id. \begin{seealso} \seerfc{3062}{LDAP Password Modify Extended Operation}{} \end{seealso} \end{methoddesc} %%------------------------------------------------------------ %% rename \begin{methoddesc}[LDAPObject]{rename}{dn, newrdn \optional{, newsuperior=\constant{None}} \optional{, delold=\constant{1}}} %-> int \methodline[LDAPObject]{rename_s}{dn, newrdn \optional{, newsuperior=\constant{None} \optional{, delold=\constant{1}}}} % -> None Perform a `Rename' operation, (i.e. a renaming operation). These routines take \var{dn} (the DN of the entry whose RDN is to be changed, and \var{newrdn}, the new RDN to give to the entry. The optional parameter \var{newsuperior} is used to specify a new parent DN for moving an entry in the tree (not all LDAP servers support this). The optional parameter \var{delold} is used to specify whether the old RDN should be kept as an attribute of the entry or not. \end{methoddesc} %%------------------------------------------------------------ %% result \begin{methoddesc}[LDAPObject]{result}{\optional{ msgid=\constant{RES_ANY} \optional{, all=\constant{1} \optional{, timeout=\constant{-1}}}}} % -> 2-tuple This method is used to wait for and return the result of an operation previously initiated by one of the LDAP \emph{asynchronous} operations (eg \method{search()}, \method{modify()}, etc.) The \var{msgid} parameter is the integer identifier returned by that method. The identifier is guaranteed to be unique across an LDAP session, and tells the \method{result()} method to request the result of that specific operation. If a result is desired from any one of the in-progress operations, \var{msgid} should be specified as the constant \constant{RES_ANY} and the method \method{result2()} should be used instead. The \var{all} parameter only has meaning for \method{search()} responses and is used to select whether a single entry of the search response should be returned, or to wait for all the results of the search before returning. A search response is made up of zero or more search entries followed by a search result. If \var{all} is 0, search entries will be returned one at a time as they come in, via separate calls to \method{result()}. If all is 1, the search response will be returned in its entirety, i.e. after all entries and the final search result have been received. For \var{all} set to 0, result tuples trickle in (with the same message id), and with the result types \constant{RES_SEARCH_ENTRY} and \constant{RES_SEARCH_REFERENCE}, until the final result which has a result type of \constant{RES_SEARCH_RESULT} and a (usually) empty data field. When all is set to 1, only one result is returned, with a result type of RES_SEARCH_RESULT, and all the result tuples listed in the data field. The \var{timeout} parameter is a limit on the number of seconds that the method will wait for a response from the server. If \var{timeout} is negative (which is the default), the method will wait indefinitely for a response. The timeout can be expressed as a floating-point value, and a value of \constant{0} effects a poll. If a timeout does occur, a \exception{TIMEOUT} exception is raised, unless polling, in which case \constant{(None, None)} is returned. The \method{result()} method returns a tuple of the form \code{(\textit{result-type}, \textit{result-data})}. The first element, \textit{result-type} is a string, being one of these module constants: \constant{RES_BIND}, \constant{RES_SEARCH_ENTRY}, \constant{RES_SEARCH_REFERENCE}, \constant{RES_SEARCH_RESULT}, \constant{RES_MODIFY}, \constant{RES_ADD}, \constant{RES_DELETE}, \constant{RES_MODRDN}, or \constant{RES_COMPARE}. If \var{all} is \constant{0}, one response at a time is returned on each call to \method{result()}, with termination indicated by \textit{result-data} being an empty list. See \method{search()} for a description of the search result's \var{result-data}, otherwise the \var{result-data} is normally meaningless. \end{methoddesc} \begin{methoddesc}[LDAPObject]{result2}{\optional{ msgid=\constant{RES_ANY} \optional{, all=\constant{1} \optional{, timeout=\constant{-1}}}}} % -> 3-tuple This method behaves almost exactly like \method{result()}. But it returns a 3-tuple also containing the message id of the outstanding LDAP operation a particular result message belongs to. This is especially handy if one needs to dispatch results obtained with \var{msgid=\constant{RES_ANY}} to several consumer threads which invoked a particular LDAP operation. \end{methoddesc} %%------------------------------------------------------------ %% search \begin{methoddesc}[LDAPObject]{search}{base, scope \optional{,filterstr=\constant{'(objectClass=*)'} \optional{, attrlist=\constant{None} \optional{, attrsonly=\constant{0}}}}} %->int \methodline[LDAPObject]{search_s}{base, scope \optional{,filterstr=\constant{'(objectClass=*)'} \optional{, attrlist=\constant{None} \optional{, attrsonly=\constant{0}}}}} %->list|None \methodline[LDAPObject]{search_st}{base, scope \optional{,filterstr=\constant{'(objectClass=*)'} \optional{, attrlist=\constant{None} \optional{, attrsonly=\constant{0} \optional{, timeout=\constant{-1}}}}}} \methodline[LDAPObject]{search_ext}{ base, scope \optional{,filterstr=\constant{'(objectClass=*)'} \optional{, attrlist=\constant{None} \optional{, attrsonly=\constant{0} \optional{, serverctrls=\constant{None} \optional{, clientctrls=\constant{None} \optional{, timeout=\constant{-1} \optional{, sizelimit=\constant{0}}}}}}}}} %->int \methodline[LDAPObject]{search_ext_s}{ base, scope \optional{,filterstr=\constant{'(objectClass=*)'} \optional{, attrlist=\constant{None} \optional{, attrsonly=\constant{0} \optional{, serverctrls=\constant{None} \optional{, clientctrls=\constant{None} \optional{, timeout=\constant{-1} \optional{, sizelimit=\constant{0}}}}}}}}} %->list|None Perform an LDAP search operation, with \var{base} as the DN of the entry at which to start the search, \var{scope} being one of \constant{SCOPE_BASE} (to search the object itself), \constant{SCOPE_ONELEVEL} (to search the object's immediate children), or \constant{SCOPE_SUBTREE} (to search the object and all its descendants). The \var{filterstr} argument is a string representation of the filter to apply in the search. \begin{seealso} \seerfc{4515}{Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters.}{} \end{seealso} Each result tuple is of the form \code{(\var{dn},\var{attrs})}, where \var{dn} is a string containing the DN (distinguished name) of the entry, and \var{attrs} is a dictionary containing the attributes associated with the entry. The keys of \var{attrs} are strings, and the associated values are lists of strings. The DN in \var{dn} is extracted using the underlying \cfunction{ldap_get_dn()} function, which may raise an exception if the DN is malformed. If \var{attrsonly} is non-zero, the values of \var{attrs} will be meaningless (they are not transmitted in the result). The retrieved attributes can be limited with the \var{attrlist} parameter. If \var{attrlist} is \constant{None}, all the attributes of each entry are returned. \var{serverctrls} not implemented yet. \var{clientctrls} not implemented yet. The synchronous form with timeout, \method{search_st()} or \method{search_ext_s()}, will block for at most \var{timeout} seconds (or indefinitely if \var{timeout} is negative). A \exception{TIMEOUT} exception is raised if no result is received within the specified time. The amount of search results retrieved can be limited with the \var{sizelimit} parameter when using \method{search_ext()} or \method{search_ext_s()} (client-side search limit). If non-zero not more than \var{sizelimit} results are returned by the server. \end{methoddesc} %%------------------------------------------------------------ %% unbind \begin{methoddesc}[LDAPObject]{unbind}{} % -> int \methodline{unbind_s}{} % -> None This call is used to unbind from the directory, terminate the current association, and free resources. Once called, the connection to the LDAP server is closed and the LDAP object is marked invalid. Further invocation of methods on the object will yield exceptions. The \method{unbind()} and \method{unbind_s()} methods are both synchronous in nature \end{methoddesc} %%------------------------------------------------------------ %% whoami_s \begin{methoddesc}[LDAPObject]{whoami_s}{} % -> string This synchronous method implements the LDAP "Who Am I?" extended operation. It is useful for finding out to find out which identity is assumed by the LDAP server after a SASL bind. \end{methoddesc} \subsubsection{LDAP options} \begin{methoddesc}[LDAPObject]{get_option}{option} % -> None This function returns the value of the LDAPObject option specified by \var{option}. \end{methoddesc} \begin{methoddesc}[LDAPObject]{set_option}{option, invalue} % -> None This function sets the value of the LDAPObject option specified by \var{option} to \var{invalue}. \end{methoddesc} %%------------------------------------------------------------ %% manage_dsa_it \begin{methoddesc}[LDAPObject]{manage_dsa_it}{enable, \optional{, critical=\constant{0}}} %-> None Enables or disables manageDSAit mode (see draft-zeilenga-ldap-namedref) according to the specified integer flag \var{enable}. The integer flag \var{critical} specifies if the use of this extended control is marked critical. \textbf{Note} This method is somewhat immature and might vanish in future versions if full support for extended controls will be implemented. You have been warned! \end{methoddesc} %%============================================================ %% attributes \subsubsection{Object attributes} If the underlying library provides enough information, each LDAP object will also have the following attributes. These attributes are mutable unless described as read-only. %%------------------------------------------------------------ %% deref \begin{memberdesc}[LDAP]{deref} % -> int Controls whether aliases are automatically dereferenced. This must be one of \constant{DEREF_NEVER}, \constant{DEREF_SEARCHING}, \constant{DEREF_FINDING}, or \constant{DEREF_ALWAYS}. This option is mapped to option constant \constant{OPT_DEREF} and used in the underlying OpenLDAP lib. \end{memberdesc} %%------------------------------------------------------------ %% network_timeout \begin{memberdesc}[LDAP]{network_timeout} % -> int Limit on waiting for a network response, in seconds. Defaults to \constant{NO_LIMIT}. This option is mapped to option constant \constant{OPT_NETWORK_TIMEOUT} and used in the underlying OpenLDAP lib. \end{memberdesc} %%------------------------------------------------------------ %% protocol_version \begin{memberdesc}[LDAP]{protocol_version} % -> int Version of LDAP in use (either \constant{VERSION2} for LDAPv2 or \constant{VERSION3} for LDAPv3). This option is mapped to option constant \constant{OPT_PROTOCOL_VERSION} and used in the underlying OpenLDAP lib. \textbf{Note} It is highly recommended to set the protocol version after establishing a LDAP connection with \function{initialize()} and before submitting the first request. \end{memberdesc} %%------------------------------------------------------------ %% sizelimit \begin{memberdesc}[LDAP]{sizelimit} % -> int Limit on size of message to receive from server. Defaults to \constant{NO_LIMIT}. This option is mapped to option constant \constant{OPT_SIZELIMIT} and used in the underlying OpenLDAP lib. Its use is deprecated in favour of \var{sizelimit} parameter when using \method{search_ext()}. \end{memberdesc} %%------------------------------------------------------------ %% timelimit \begin{memberdesc}[LDAP]{timelimit} % -> int Limit on waiting for any response, in seconds. Defaults to \constant{NO_LIMIT}. This option is mapped to option constant \constant{OPT_TIMELIMIT} and used in the underlying OpenLDAP lib. Its use is deprecated in favour of using \var{timeout}. \end{memberdesc} %%------------------------------------------------------------ %% timeout \begin{memberdesc}[LDAP]{timeout} % -> int Limit on waiting for any response, in seconds. Defaults to \constant{NO_LIMIT}. This option is used in the wrapper module. \end{memberdesc} % ==== 4. ==== % Now is probably a good time for a complete example. (Alternatively, % an example giving the flavor of the module may be given before the % detailed list of functions.) \subsection{Example \label{ldap-example}} The following example demonstrates how to open a connection to an LDAP server using the \module{ldap} module and invoke a synchronous subtree search. \begin{verbatim} >>> import ldap >>> l = ldap.initialize('ldap://localhost:1390') >>> l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,('cn=fred*'),['cn','mail']) [('cn=Fred Feuerstein,ou=Testing,dc=stroeder,dc=de', {'cn': ['Fred Feuerstein']})] >>> r = l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,('objectClass=*'),['cn','mail']) >>> for dn,entry in r: >>> print 'Processing',repr(dn) >>> handle_ldap_entry(entry) \end{verbatim} % ==== 5. ==== % If your module defines new object types (for a built-in module) or % classes (for a module written in Python), you should list the % methods and instance variables (if any) of each type or class in a % separate subsection. python-ldap-doc-2.3.orig/Doc/ldapurl.tex0000644000175000001440000000672310603400134017233 0ustar mvelausers% $Id: ldapurl.tex,v 1.9 2007/03/27 22:10:17 stroeder Exp $ % ==== 1. ==== % The section prologue. Give the section a title and provide some % meta-information. References to the module should use % \refbimodindex, \refstmodindex, \refexmodindex or \refmodindex, as % appropriate. \section{\module{ldapurl} --- LDAP URL handling} \declaremodule{standard}{ldapurl} % Author of the module code; \moduleauthor{python-ldap developers}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} % Leave at least one blank line after this, to simplify ad-hoc tools % that are sometimes used to massage these files. \modulesynopsis{Parses and generates LDAP URLs} % ==== 2. ==== % Give a short overview of what the module does. % If it is platform specific, mention this. % Mention other important restrictions or general operating principles. This module parses and generates LDAP URLs. It is implemented in pure Python and does not rely on any non-standard modules. Therefore it can be used stand-alone without the rest of the python-ldap package. Compability note: This module has been solely tested on Python 2.x and above. The \module{ldapurl} module exports the following constants: \begin{datadesc}{SEARCH_SCOPE} This dictionary maps a search scope string identifier to the corresponding integer value used with search operations in \module{ldap}. \end{datadesc} \begin{datadesc}{SEARCH_SCOPE_STR} This dictionary is the inverse to \constant{SEARCH_SCOPE}. It maps a search scope integer value to the corresponding string identifier used in a LDAP URL string representation. \end{datadesc} \begin{datadesc}{LDAP_SCOPE_BASE} \end{datadesc} \begin{datadesc}{LDAP_SCOPE_ONELEVEL} \end{datadesc} \begin{datadesc}{LDAP_SCOPE_SUBTREE} \end{datadesc} \begin{seealso} \seerfc{4516}{The LDAP URL Format}{} \end{seealso} \subsection{LDAPUrl Objects \label{ldapurl-ldapurl}} A \class{LDAPUrl} object represents a complete LDAP URL. All class methods: Class attributes: Instance attributes: \subsection{LDAPUrlExtension Objects \label{ldapurl-ldapurlextension}} A \class{LDAPUrlExension} object represents a single LDAP URL extension. All class methods: Class attributes: Instance attributes: \subsection{Example \label{ldapurl-example}} Important security advice: For security reasons you shouldn't specify passwords in LDAP URLs unless you really know what you are doing. The following example demonstrates how to parse a LDAP URL with \module{ldapurl} module. \begin{verbatim} >>> import ldapurl >>> ldap_url = ldapurl.LDAPUrl('ldap://localhost:1389/dc=stroeder,dc=com?cn,mail???bindname=cn=Michael%2cdc=stroeder%2cdc=com,X-BINDPW=secret') >>> # Using the parsed LDAP URL by reading the class attributes >>> ldap_url.dn 'dc=stroeder,dc=com' >>> ldap_url.hostport 'localhost:1389' >>> ldap_url.attrs ['cn','mail'] >>> ldap_url.filterstr '(objectclass=*)' >>> ldap_url.who 'cn=Michael,dc=stroeder,dc=com' >>> ldap_url.cred 'secret' >>> ldap_url.scope 0 \end{verbatim} The following example demonstrates how to generate a LDAP URL with \module{ldapurl} module. \begin{verbatim} >>> import ldapurl >>> ldap_url = ldapurl.LDAPUrl(hostport='localhost:1389',dn='dc=stroeder,dc=com',attrs=['cn','mail'],who='cn=Michael,dc=stroeder,dc=com',cred='secret') >>> ldap_url.unparse() 'ldap://localhost:1389/dc=stroeder,dc=com?cn,mail?base?(objectclass=*)?bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secret' \end{verbatim} python-ldap-doc-2.3.orig/Doc/ldif.tex0000644000175000001440000000460210470333034016506 0ustar mvelausers% $Id: ldif.tex,v 1.8 2006/08/15 11:55:08 stroeder Exp $ % ==== 1. ==== % The section prologue. Give the section a title and provide some % meta-information. References to the module should use % \refbimodindex, \refstmodindex, \refexmodindex or \refmodindex, as % appropriate. \section{\module{ldif} --- LDIF parser and generator} \declaremodule{standard}{ldif} % Author of the module code; \moduleauthor{python-ldap developers}{python-ldap-dev@lists.sourceforge.net} % Author of the documentation, \sectionauthor{Michael Str\"oder}{michael@stroeder.com} % Leave at least one blank line after this, to simplify ad-hoc tools % that are sometimes used to massage these files. \modulesynopsis{Parses and generates LDIF files} % ==== 2. ==== % Give a short overview of what the module does. % If it is platform specific, mention this. % Mention other important restrictions or general operating principles. This module parses and generates LDAP data in the format LDIF. It is implemented in pure Python and does not rely on any non-standard modules. Therefore it can be used stand-alone without the rest of the python-ldap package. \begin{seealso} \seerfc{2849}{The LDAP Data Interchange Format (LDIF) - Technical Specification}{} \end{seealso} \subsection{Example \label{ldif-example}} The following example demonstrates how to write LDIF output of an LDAP entry with \module{ldif} module. \begin{verbatim} >>> import sys,ldif >>> entry={'objectClass':['top','person'],'cn':['Michael Stroeder'],'sn':['Stroeder']} >>> dn='cn=Michael Stroeder,ou=Test' >>> ldif_writer=ldif.LDIFWriter(sys.stdout) >>> ldif_writer.unparse(dn,entry) dn: cn=Michael Stroeder,ou=Test cn: Michael Stroeder objectClass: top objectClass: person sn: Stroeder >>> \end{verbatim} The following example demonstrates how to parse an LDIF file with \module{ldif} module, skip some entries and write the result to stdout. \begin{verbatim} import sys from ldif import LDIFParser, LDIFWriter skip_dn = ["uid=foo,ou=People,dc=example,dc=com", "uid=bar,ou=People,dc=example,dc=com"] class MyLDIF(LDIFParser): def __init__(self, input, output): LDIFParser.__init__(self, input) self.writer = LDIFWriter(output) def handle(self, dn, entry): for i in skip_dn: if i == dn: return self.writer.unparse(dn, entry) parser = MyLDIF(open("input.ldif", 'r'), sys.stdout) parser.parse() \end{verbatim} python-ldap-doc-2.3.orig/Doc/python-ldap.tex0000644000175000001440000000227210211304104020015 0ustar mvelausers\documentclass{manual} \title{LDAP programming with Python} % $Id: python-ldap.tex,v 1.10 2005/03/02 09:32:52 stroeder Exp $ \author{David Leonard, Michael Str\"oder} \authoraddress{ python-ldap project at Sourceforge\\ E-mail: \email{python-ldap-dev@lists.sourceforge.net} } \input{version.tex} \makeindex % tell \index to actually write the % .idx file \makemodindex % ... and the module index as well. \begin{document} \maketitle \ifhtml \chapter*{Front Matter\label{front}} \fi \begin{abstract} \noindent This document describes the package python-ldap with its various modules This manual assumes basic knowledge about the Python language and the LDAP standard. \end{abstract} \tableofcontents \chapter{python-ldap package} \input{ldap} \input{ldap-async} \input{ldap-controls} \input{ldap-dn} \input{ldap-filter} \input{ldap-modlist} \input{ldap-schema} \input{ldif} \input{ldapurl} %begin{latexonly} \renewcommand{\indexname}{Module Index} %end{latexonly} \input{modpython-ldap.ind} % Module Index %begin{latexonly} \renewcommand{\indexname}{Index} %end{latexonly} \input{python-ldap.ind} % Index \end{document} python-ldap-doc-2.3.orig/LICENCE0000644000175000001440000000113607542145452015340 0ustar mvelausers The python-ldap package is distributed under Python-style license. Standard disclaimer: This software is made available by the author(s) to the public for free and "as is". All users of this free software are solely and entirely responsible for their own choice and use of this software for their own purposes. By using this software, each user agrees that the author(s) shall not be liable for damages of any kind in relation to its use or performance. The author(s) do not warrant that this software is fit for any purpose. $Id: LICENCE,v 1.1 2002/09/18 18:51:22 stroeder Exp $