ldap.schema Handling LDAPv3 schema

This module deals with schema information usually retrieved from a special subschema subentry provided by the server. It is closely modeled along the directory information model described in the following RFC with which you should make yourself familiar when trying to use this module:

See also

RFC 4512 - Lightweight Directory Access Protocol (LDAP): Directory Information Models

ldap.schema.subentry Processing LDAPv3 subschema subentry

ldap.schema.subentry.NOT_HUMAN_READABLE_LDAP_SYNTAXES

Dictionary where the keys are the OIDs of LDAP syntaxes known to be not human-readable when displayed to a console without conversion and which cannot be decoded to a types.UnicodeType.

Functions

ldap.schema.subentry.urlfetch(uri, trace_level=0)

Fetches a parsed schema entry by uri.

If uri is a LDAP URL the LDAP server is queried directly. Otherwise uri is assumed to point to a LDIF file which is loaded with urllib.

Classes

class ldap.schema.subentry.SubSchema(sub_schema_sub_entry, check_uniqueness=1)

Arguments:

sub_schema_sub_entry
Dictionary usually returned by LDAP search or the LDIF parser containing the sub schema sub entry
check_uniqueness

Defines whether uniqueness of OIDs and NAME is checked.

0
no check
1
check but add schema description with work-around
2
check and raise exception if non-unique OID or NAME is found

Class attributes:

sed
Dictionary holding the subschema information as pre-parsed SchemaElement objects (do not access directly!)
name2oid
Dictionary holding the mapping from NAMEs to OIDs (do not access directly!)
non_unique_oids
List of OIDs used at least twice in the subschema
non_unique_names
List of NAMEs used at least twice in the subschema for the same schema element
attribute_types(object_class_list, attr_type_filter=None, raise_keyerror=1, ignore_dit_content_rule=0)

Returns a 2-tuple of all must and may attributes including all inherited attributes of superior object classes by walking up classes along the SUP attribute.

The attributes are stored in a ldap.cidict.cidict dictionary.

object_class_list
list of strings specifying object class names or OIDs
attr_type_filter
list of 2-tuples containing lists of class attributes which has to be matched
raise_keyerror
All KeyError exceptions for non-existent schema elements are ignored
ignore_dit_content_rule
A DIT content rule governing the structural object class is ignored
get_applicable_aux_classes(nameoroid)

Return a list of the applicable AUXILIARY object classes for a STRUCTURAL object class specified by ‘nameoroid’ if the object class is governed by a DIT content rule. If there’s no DIT content rule all available AUXILIARY object classes are returned.

get_inheritedattr(se_class, nameoroid, name)

Get a possibly inherited attribute specified by name of a schema element specified by nameoroid. Returns None if class attribute is not set at all.

Raises KeyError if no schema element is found by nameoroid.

get_inheritedobj(se_class, nameoroid, inherited=None)

Get a schema element by name or OID with all class attributes set including inherited class attributes

get_obj(se_class, nameoroid, default=None, raise_keyerror=0)

Get a schema element by name or OID

get_structural_oc(oc_list)

Returns OID of structural object class in oc_list if any is present. Returns None else.

get_syntax(nameoroid)

Get the syntax of an attribute type specified by name or OID

getoid(se_class, nameoroid, raise_keyerror=0)

Get an OID by name or OID

ldap_entry()

Returns a dictionary containing the sub schema sub entry

listall(schema_element_class, schema_element_filters=None)

Returns a list of OIDs of all available schema elements of a given schema element class.

tree(schema_element_class, schema_element_filters=None)

Returns a ldap.cidict.cidict dictionary representing the tree structure of the schema elements.

ldap.schema.models Schema elements

class ldap.schema.models.Entry(schema, dn, entry)

Schema-aware implementation of an LDAP entry class.

Mainly it holds the attributes in a string-keyed dictionary with the OID as key.

attribute_types(attr_type_filter=None, raise_keyerror=1)

Convenience wrapper around SubSchema.attribute_types() which passes object classes of this particular entry as argument to SubSchema.attribute_types()

items() → a set-like object providing a view on D's items
keys() → a set-like object providing a view on D's keys
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

class ldap.schema.models.SchemaElement(schema_element_str=None)

Base class for all schema element classes. Not used directly!

Arguments:

schema_element_str
String which contains the schema element description to be parsed. (Bytestrings are decoded using UTF-8)

Class attributes:

schema_attribute
LDAP attribute type containing a certain schema element description
token_defaults
Dictionary internally used by the schema element parser containing the defaults for certain schema description key-words
class ldap.schema.models.AttributeType(schema_element_str=None)

Arguments:

schema_element_str
String containing an AttributeTypeDescription

Class attributes:

oid
OID assigned to the attribute type (string)
names
All NAMEs of the attribute type (tuple of strings)
desc
Description text (DESC) of the attribute type (string, or None if missing)
obsolete
Integer flag (0 or 1) indicating whether the attribute type is marked as OBSOLETE in the schema
single_value
Integer flag (0 or 1) indicating whether the attribute must have only one value
syntax
OID of the LDAP syntax assigned to the attribute type
no_user_mod
Integer flag (0 or 1) indicating whether the attribute is modifiable by a client application
equality
NAME or OID of the matching rule used for checking whether attribute values are equal (string, or None if missing)
substr
NAME or OID of the matching rule used for checking whether an attribute value contains another value (string, or None if missing)
ordering
NAME or OID of the matching rule used for checking whether attribute values are lesser-equal than (string, or None if missing)
usage
USAGE of an attribute type: 0 = userApplications 1 = directoryOperation, 2 = distributedOperation, 3 = dSAOperation
sup
NAMEs or OIDs of attribute types this attribute type is derived from (tuple of strings)
x_origin

Value of the X-ORIGIN extension flag (tuple of strings).

Although it’s not official, X-ORIGIN is used in several LDAP server implementations to indicate the source of the associated schema element

class ldap.schema.models.ObjectClass(schema_element_str=None)

Arguments:

schema_element_str
String containing an ObjectClassDescription

Class attributes:

oid
OID assigned to the object class
names
All NAMEs of the object class (tuple of strings)
desc
Description text (DESC) of the object class (string, or None if missing)
obsolete
Integer flag (0 or 1) indicating whether the object class is marked as OBSOLETE in the schema
must
NAMEs or OIDs of all attributes an entry of the object class must have (tuple of strings)
may
NAMEs or OIDs of additional attributes an entry of the object class may have (tuple of strings)
kind
Kind of an object class: 0 = STRUCTURAL, 1 = ABSTRACT, 2 = AUXILIARY
sup
NAMEs or OIDs of object classes this object class is derived from (tuple of strings)
x_origin

Value of the X-ORIGIN extension flag (tuple of strings)

Although it’s not official, X-ORIGIN is used in several LDAP server implementations to indicate the source of the associated schema element

class ldap.schema.models.MatchingRule(schema_element_str=None)

Arguments:

schema_element_str
String containing an MatchingRuleDescription

Class attributes:

oid
OID assigned to the matching rule
names
All NAMEs of the matching rule (tuple of strings)
desc
Description text (DESC) of the matching rule
obsolete
Integer flag (0 or 1) indicating whether the matching rule is marked as OBSOLETE in the schema
syntax
OID of the LDAP syntax this matching rule is usable with (string, or None if missing)
class ldap.schema.models.MatchingRuleUse(schema_element_str=None)

Arguments:

schema_element_str
String containing an MatchingRuleUseDescription

Class attributes:

oid
OID of the accompanying matching rule
names
All NAMEs of the matching rule (tuple of strings)
desc
Description text (DESC) of the matching rule (string, or None if missing)
obsolete
Integer flag (0 or 1) indicating whether the matching rule is marked as OBSOLETE in the schema
applies
NAMEs or OIDs of attribute types for which this matching rule is used (tuple of strings)
class ldap.schema.models.DITContentRule(schema_element_str=None)

Arguments:

schema_element_str
String containing an DITContentRuleDescription

Class attributes:

oid
OID of the accompanying structural object class
names
All NAMEs of the DIT content rule (tuple of strings)
desc
Description text (DESC) of the DIT content rule (string, or None if missing)
obsolete
Integer flag (0 or 1) indicating whether the DIT content rule is marked as OBSOLETE in the schema
aux
NAMEs or OIDs of all auxiliary object classes usable in an entry of the object class (tuple of strings)
must
NAMEs or OIDs of all attributes an entry of the object class must have, which may extend the list of required attributes of the object classes of an entry. (tuple of strings)
may
NAMEs or OIDs of additional attributes an entry of the object class may have. which may extend the list of optional attributes of the object classes of an entry. (tuple of strings)
nots
NAMEs or OIDs of attributes which may not be present in an entry of the object class. (tuple of strings)
class ldap.schema.models.NameForm(schema_element_str=None)

Arguments:

schema_element_str
String containing an NameFormDescription

Class attributes:

oid
OID of the name form
names
All NAMEs of the name form (tuple of strings)
desc
Description text (DESC) of the name form (string, or None if missing)
obsolete
Integer flag (0 or 1) indicating whether the name form is marked as OBSOLETE in the schema
form
NAMEs or OIDs of associated name forms (tuple of strings)
oc
NAME or OID of structural object classes this name form is usable with (string)
must
NAMEs or OIDs of all attributes an RDN must contain (tuple of strings)
may
NAMEs or OIDs of additional attributes an RDN may contain (tuple of strings)
class ldap.schema.models.DITStructureRule(schema_element_str=None)

Arguments:

schema_element_str
String containing an DITStructureRuleDescription

Class attributes:

ruleid
rule ID of the DIT structure rule (only locally unique)
names
All NAMEs of the DIT structure rule (tuple of strings)
desc
Description text (DESC) of the DIT structure rule (string, or None if missing)
obsolete
Integer flag (0 or 1) indicating whether the DIT content rule is marked as OBSOLETE in the schema
form
NAMEs or OIDs of associated name forms (tuple of strings)
sup
NAMEs or OIDs of allowed structural object classes of superior entries in the DIT (tuple of strings)

Examples for ldap.schema

import ldap.schema