From bbf23757667f732c16c3aaf169e3b5ebc00785cc Mon Sep 17 00:00:00 2001 From: leonard Date: Mon, 14 Aug 2000 02:55:24 +0000 Subject: [PATCH 001/868] package build for OpenBSD --- Build/build-openbsd/pkg/COMMENT | 1 + Build/build-openbsd/pkg/DESCR | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 Build/build-openbsd/pkg/COMMENT create mode 100644 Build/build-openbsd/pkg/DESCR diff --git a/Build/build-openbsd/pkg/COMMENT b/Build/build-openbsd/pkg/COMMENT new file mode 100644 index 0000000..61e03fc --- /dev/null +++ b/Build/build-openbsd/pkg/COMMENT @@ -0,0 +1 @@ +Python interface to LDAP diff --git a/Build/build-openbsd/pkg/DESCR b/Build/build-openbsd/pkg/DESCR new file mode 100644 index 0000000..d3cf0cc --- /dev/null +++ b/Build/build-openbsd/pkg/DESCR @@ -0,0 +1,2 @@ +This Python library provides access to the LDAP (Lightweight Directory Access +Protocol) RFC1823 C interface. From 4e58d8da7d934d53ba27256897656dacae001896 Mon Sep 17 00:00:00 2001 From: leonard Date: Sun, 20 Aug 2000 15:04:23 +0000 Subject: [PATCH 002/868] use the filelist --- Build/build-openbsd/Makefile | 31 +++++++++++++++++++++++++++++++ Build/build-openbsd/pkg/PLIST | 3 +++ 2 files changed, 34 insertions(+) create mode 100644 Build/build-openbsd/Makefile create mode 100644 Build/build-openbsd/pkg/PLIST diff --git a/Build/build-openbsd/Makefile b/Build/build-openbsd/Makefile new file mode 100644 index 0000000..fac650f --- /dev/null +++ b/Build/build-openbsd/Makefile @@ -0,0 +1,31 @@ +# $Id: Makefile,v 1.3 2000/08/20 15:04:23 leonard Exp $ + +WRKDIST= ${.CURDIR}/../.. +VERSION!= sh ${WRKDIST}/Build/version.sh + +PKGNAME= python-ldap-${VERSION} +RUN_DEPENDS= python:lang/python +CATEGORIES= misc +MAINATINER= leonard@users.sourceforge.net +HOMEPAGE= http://python-ldap.sourceforge.net/ + +FAKE= Yes +CONFIGURE_STYLE= gnu +SEPARATE_BUILD= Yes +EXTRACT_ONLY= + +CONFIGURE_ARGS+= --with-ldap=${LOCALBASE} + +do-fetch:; + +#-- put package on sourceforge ftp server +export-ftp: ${PKGFILE} + scp ${PKGFILE} python-ldap.sourceforge.net:/home/groups/ftp/pub/python-ldap/${PKGNAME}-${OPSYS}-${ARCH}${PKG_SUFX} + +post-build: + sed -e 's,^${PREFIX}/,,' <${WRKBUILD}/filelist >${WRKBUILD}/filelist2 + +SED_PLIST+= |sed -e '/^%%filelist/r${WRKBUILD}/filelist2' -e '//d' +ALL_TARGET= build filelist + +.include diff --git a/Build/build-openbsd/pkg/PLIST b/Build/build-openbsd/pkg/PLIST new file mode 100644 index 0000000..e2fa811 --- /dev/null +++ b/Build/build-openbsd/pkg/PLIST @@ -0,0 +1,3 @@ +@comment $OpenBSD$ +%%filelist +@dirrm lib/python1.6/site-packages/python-ldap From 6a6b43f5521ce6567a61556e026ec4cd5f275dca Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Dec 2001 22:04:49 +0000 Subject: [PATCH 003/868] New parameter process_url_scheme for LDIFParser.__init__() specifies which URL schemes are processed in URL input. --- Demo/Lib/ldif/ldifcopy.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 Demo/Lib/ldif/ldifcopy.py diff --git a/Demo/Lib/ldif/ldifcopy.py b/Demo/Lib/ldif/ldifcopy.py new file mode 100644 index 0000000..28c8e6e --- /dev/null +++ b/Demo/Lib/ldif/ldifcopy.py @@ -0,0 +1,28 @@ +""" +ldifcopy - reads LDIF from stdin, retrieve values by URL and + write resulting LDIF to stdout + +Written by Michael Stroeder + +$Id: ldifcopy.py,v 1.2 2001/12/12 22:04:49 stroeder Exp $ + +This example translates the naming context of data read from +input, sanitizes some attributes, maps/removes object classes, +maps/removes attributes., etc. It's far from being complete though. + +Python compability note: +Tested on Python 2.0+, should run on Python 1.5.x. +""" + +import sys,ldif + +infile = sys.stdin +outfile = sys.stdout + +ldif_collector = ldif.LDIFCopy( + infile, + outfile, + process_url_schemes=['file','ftp','http'] +) +ldif_collector.parse() + From 690068eb9bc0a8f643520852ff55b675003e49c3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 19 Dec 2001 15:24:57 +0000 Subject: [PATCH 004/868] Use ldap.explode_dn() instead of string.split() for breaking dn into components --- Demo/simplebrowse.py | 128 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 Demo/simplebrowse.py diff --git a/Demo/simplebrowse.py b/Demo/simplebrowse.py new file mode 100644 index 0000000..f8e7182 --- /dev/null +++ b/Demo/simplebrowse.py @@ -0,0 +1,128 @@ +#! python + +# +# simple LDAP server browsing example +# + +import ldap +import string +from traceback import print_exc + +url = "ldap://ldap.openldap.org/" +dn = "dc=openldap,dc=org" + +print "Connecting to", url + +l = ldap.initialize(url) +l.bind_s("", "", ldap.AUTH_SIMPLE); + +lastdn = dn +dnlist = None + +while 1: + + #-- read a command + try: + cmd = raw_input(dn + "> ") + except EOFError: + print + break + + try: + + if cmd == "?": + print "cd - change DN to " + print "cd - change DN to number of last 'ls'" + print "cd - - change to previous DN" + print "cd .. - change to one-level higher DN" + print "cd - change to root DN" + print "ls - list children of crrent DN" + print ". - show attributes of current DN" + print "/ - list descendents matching filter " + print "? - show this help" + + elif cmd == "ls": + print "Children of", `dn`, ":" + dnlist = [] + # + # List the children at one level down from the current dn + # We use the filter 'objectclass=*' to match everything. + # We're not interested in attributes at this stage, so + # we specify [] as the list of attribute names to retreive. + # + for name,attrs in l.search_s(dn, ldap.SCOPE_ONELEVEL, + "objectclass=*", []): + #-- shorten resulting dns for output brevity + if name.startswith(dn+", "): + shortname = "+ "+name[len(dn)+2:] + elif name.endswith(", "+dn): + shortname = name[:-len(dn)-2]+" +" + else: + shortname = name + print " %3d. %s" % (len(dnlist), shortname) + dnlist.append(name) + + elif cmd == "cd": + dn = "" + dnlist = None + + elif cmd.startswith("cd "): + arg = cmd[3:] + if arg == '-': + lastdn,dn = dn,lastdn + elif arg == '..': + dn = string.join(ldap.explode_dn(dn)[1:], ",") + dn = string.strip(dn) + else: + try: + i = int(arg) + except: + godn = arg + else: + if dnlist is None: + print "do an ls first" + else: + godn = dnlist[i] + lastdn = dn + dn = godn + + elif cmd == ".": + # + # Retrieve all the attributes for the current dn. + # We construct a search using SCOPE_BASE (ie just the + # given DN) and again filter with "objectclass=*". + # No attributes are listed, so the default is for + # the client to receive all attributes on the DN. + # + print "Attributes of", `dn`, ":" + for name,attrs in l.search_s(dn, ldap.SCOPE_BASE, + "objectclass=*"): + print " %-24s" % name + for k,vals in attrs.items(): + for v in vals: + if len(v) > 200: + v = `v[:200]` + \ + ("... (%d bytes)" % len(v)) + else: + v = `v` + print " %-12s: %s" % (k, v) + + elif cmd.startswith("/"): + # + # Search descendent objects to match a given filter. + # We use SCOPE_SUBTREE to indicate descendents, and + # again specify an empty attribute list to indicate + # that we're not interested in them. + # + expr = cmd[1:] + print "Descendents matching filter", `expr`, ":" + for name,attrs in l.search_s(dn, ldap.SCOPE_SUBTREE, + expr, []): + print " %24s", name + + else: + print "unknown command - try '?' for help" + + except: + print_exc() + From 202bbedd81fdc2099ef2d03d39878fd1ffe1e1d1 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 1 Feb 2002 11:41:02 +0000 Subject: [PATCH 005/868] Use ldap.initialize() instead of deprecated ldap.open() in all demos. --- Demo/rename.py | 52 ++++++++++++++++++++++++ Demo/simple.py | 106 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 158 insertions(+) create mode 100644 Demo/rename.py create mode 100644 Demo/simple.py diff --git a/Demo/rename.py b/Demo/rename.py new file mode 100644 index 0000000..1bb6fd7 --- /dev/null +++ b/Demo/rename.py @@ -0,0 +1,52 @@ +import ldap +from getpass import getpass + +# Create LDAPObject instance +l = ldap.initialize('ldap://localhost:1389',trace_level=1) + +print 'Password:' +cred = getpass() + +try: + + # Set LDAP protocol version used + l.set_option(ldap.OPT_PROTOCOL_VERSION,3) + + # Try a bind to provoke failure if protocol version is not supported + l.bind_s('cn=root,dc=stroeder,dc=com',cred,ldap.AUTH_SIMPLE) + + print 'Using rename_s():' + + l.rename_s( + 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', + 'cn=Fred Feuerstein', + 'dc=stroeder,dc=com', + 0 + ) + + l.rename_s( + 'cn=Fred Feuerstein,dc=stroeder,dc=com', + 'uid=fred', + 'ou=Unstructured testing tree,dc=stroeder,dc=com', + 0 + ) + + m = l.rename( + 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', + 'cn=Fred Feuerstein', + 'dc=stroeder,dc=com', + 0 + ) + r = l.result(m,1) + + m = l.rename( + 'cn=Fred Feuerstein,dc=stroeder,dc=com', + 'uid=fred', + 'ou=Unstructured testing tree,dc=stroeder,dc=com', + 0 + ) + r = l.result(m,1) + +finally: + + l.unbind_s() diff --git a/Demo/simple.py b/Demo/simple.py new file mode 100644 index 0000000..e4cf4d0 --- /dev/null +++ b/Demo/simple.py @@ -0,0 +1,106 @@ +import sys,getpass +import ldap + +#l = ldap.open("localhost", 31001) +l = ldap.open("marta.it.uq.edu.au") + +login_dn = "cn=root,ou=CSEE,o=UQ,c=AU" +login_pw = getpass.getpass("Password for %s: " % login_dn) +l.simple_bind_s(login_dn, login_pw) + +# +# create a new sub organisation +# + +try: + dn = "ou=CSEE,o=UQ,c=AU" + print "Adding", repr(dn) + l.add_s(dn, + [ + ("objectclass",["organizationalUnit"]), + ("ou", ["CSEE"]), + ("description", [ + "Department of Computer Science and Electrical Engineering"]), + ] + ) + +except _ldap.LDAPError: + pass + +# +# create an entry for me +# + +dn = "cn=David Leonard,ou=CSEE,o=UQ,c=AU" +print "Updating", repr(dn) + +try: + l.delete_s(dn) +except: + pass + +l.add_s(dn, + [ + ("objectclass", ["organizationalPerson"]), + ("sn", ["Leonard"]), + ("cn", ["David Leonard"]), + ("description", ["Ph.D. student"]), + ("display-name", ["David Leonard"]), + #("commonname", ["David Leonard"]), + ("mail", ["david.leonard@csee.uq.edu.au"]), + ("othermailbox", ["d@openbsd.org"]), + ("givenname", ["David"]), + ("surname", ["Leonard"]), + ("seeAlso", ["http://www.csee.uq.edu.au/~leonard/"]), + ("url", ["http://www.csee.uq.edu.au/~leonard/"]), + #("homephone", []), + #("fax", []), + #("otherfacsimiletelephonenumber",[]), + #("officefax", []), + #("mobile", []), + #("otherpager", []), + #("officepager", []), + #("pager", []), + ("info", ["info"]), + ("title", ["Mr"]), + #("telephonenumber", []), + ("l", ["Brisbane"]), + ("st", ["Queensland"]), + ("c", ["AU"]), + ("co", ["co"]), + ("o", ["UQ"]), + ("ou", ["CSEE"]), + #("homepostaladdress", []), + #("postaladdress", []), + #("streetaddress", []), + #("street", []), + ("department", ["CSEE"]), + ("comment", ["comment"]), + #("postalcode", []), + ("physicaldeliveryofficename", ["Bldg 78, UQ, St Lucia"]), + ("preferredDeliveryMethod", ["email"]), + ("initials", ["DRL"]), + ("conferenceinformation", ["MS-conferenceinformation"]), + #("usercertificate", []), + ("labeleduri", ["labeleduri"]), + ("manager", ["cn=Jaga Indulska"]), + ("reports", ["reports"]), + ("jpegPhoto", [open("/www/leonard/leonard.jpg","r").read()]), + ("uid", ["leonard"]), + ("userPassword", [""]) + + ]) + +# +# search beneath the CSEE/UQ/AU tree +# + +res = l.search_s( + "ou=CSEE, o=UQ, c=AU", + _ldap.SCOPE_SUBTREE, + "objectclass=*", + ) +print res + +l.unbind() + From c2c11cb5d9e23344bf4c380eb157d33979d4a554 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 4 May 2002 18:39:58 +0000 Subject: [PATCH 006/868] Ignore non.CVS files --- Lib/.cvsignore | 4 ++++ Lib/ldap/.cvsignore | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 Lib/.cvsignore create mode 100644 Lib/ldap/.cvsignore diff --git a/Lib/.cvsignore b/Lib/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Lib/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ diff --git a/Lib/ldap/.cvsignore b/Lib/ldap/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Lib/ldap/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ From c2c298491032ff946b941f1c94a0e91f2e440369 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 30 Jun 2002 21:07:56 +0000 Subject: [PATCH 007/868] *** empty log message *** --- .cvsignore | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .cvsignore diff --git a/.cvsignore b/.cvsignore new file mode 100644 index 0000000..1a36453 --- /dev/null +++ b/.cvsignore @@ -0,0 +1,7 @@ +build +dist +MANIFEST +*.pyc +*.pyo +*.bck +*~ From ec40702fcdaaab99fd3bfb2b8f8b30255c10cdfb Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 30 Jun 2002 21:09:47 +0000 Subject: [PATCH 008/868] Ignore editor backup files --- Modules/.cvsignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Modules/.cvsignore diff --git a/Modules/.cvsignore b/Modules/.cvsignore new file mode 100644 index 0000000..244b105 --- /dev/null +++ b/Modules/.cvsignore @@ -0,0 +1,2 @@ +*.bck +*~ From c95f7627c92760b1c6c95f70c04fdf34c181564f Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 30 Jun 2002 21:13:47 +0000 Subject: [PATCH 009/868] Demo/Lib/ldap/async/.cvsignore --- Demo/.cvsignore | 4 ++++ Demo/Lib/.cvsignore | 4 ++++ Demo/Lib/ldap/.cvsignore | 4 ++++ Demo/Lib/ldif/.cvsignore | 4 ++++ 4 files changed, 16 insertions(+) create mode 100644 Demo/.cvsignore create mode 100644 Demo/Lib/.cvsignore create mode 100644 Demo/Lib/ldap/.cvsignore create mode 100644 Demo/Lib/ldif/.cvsignore diff --git a/Demo/.cvsignore b/Demo/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Demo/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ diff --git a/Demo/Lib/.cvsignore b/Demo/Lib/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Demo/Lib/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ diff --git a/Demo/Lib/ldap/.cvsignore b/Demo/Lib/ldap/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Demo/Lib/ldap/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ diff --git a/Demo/Lib/ldif/.cvsignore b/Demo/Lib/ldif/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Demo/Lib/ldif/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ From 96e2046dc5c66fcfa56517c4d3ff8b68a133d082 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 25 Jul 2002 15:15:17 +0000 Subject: [PATCH 010/868] *** empty log message *** --- Demo/Lib/ldap/async/.cvsignore | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 Demo/Lib/ldap/async/.cvsignore diff --git a/Demo/Lib/ldap/async/.cvsignore b/Demo/Lib/ldap/async/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Demo/Lib/ldap/async/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ From 51b9a697c18285d6d6944a49a11ae179ecafe921 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 7 Aug 2002 15:39:34 +0000 Subject: [PATCH 011/868] Demo for ldap.ldapobject.ReconnectLDAPObject --- Demo/reconnect.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 Demo/reconnect.py diff --git a/Demo/reconnect.py b/Demo/reconnect.py new file mode 100644 index 0000000..af3d875 --- /dev/null +++ b/Demo/reconnect.py @@ -0,0 +1,24 @@ +import sys,time,ldap,ldap.ldapobject,ldapurl + +from ldap.ldapobject import * + +ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +ldap_url.applyDefaults({ + 'who':'', + 'cred':'', + 'filterstr':'(objectClass=*)', + 'scope':ldap.SCOPE_BASE +}) + +ldap.trace_level=1 + +l = ldap.ldapobject.ReconnectLDAPObject( + ldap_url.initializeUrl(),trace_level=ldap.trace_level +) +l.protocol_version = ldap.VERSION3 + +l.simple_bind_s(ldap_url.who,ldap_url.cred) + +while 1: + l.search_s(ldap_url.dn,ldap_url.scope,ldap_url.filterstr,ldap_url.attrs) + sys.stdin.readline() From 217cd34e47bd15eb91b8bd14784487b0770ed202 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 8 Aug 2002 09:17:41 +0000 Subject: [PATCH 012/868] Fixed LDAPUrlExtensions.__eq__() and test suite --- Tests/Lib/test_ldapurl.py | 154 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 Tests/Lib/test_ldapurl.py diff --git a/Tests/Lib/test_ldapurl.py b/Tests/Lib/test_ldapurl.py new file mode 100644 index 0000000..0016683 --- /dev/null +++ b/Tests/Lib/test_ldapurl.py @@ -0,0 +1,154 @@ +""" +Performes various tests for module ldapurl +""" + +import ldapurl +from ldapurl import * + +print '\nTesting function isLDAPUrl():' +is_ldap_url_tests = { + # Examples from RFC2255 + 'ldap:///o=University%20of%20Michigan,c=US':1, + 'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US':1, + 'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,':1, + 'ldap://host.com:6666/o=University%20of%20Michigan,':1, + 'ldap://ldap.itd.umich.edu/c=GB?objectClass?one':1, + 'ldap://ldap.question.com/o=Question%3f,c=US?mail':1, + 'ldap://ldap.netscape.com/o=Babsco,c=US??(int=%5c00%5c00%5c00%5c04)':1, + 'ldap:///??sub??bindname=cn=Manager%2co=Foo':1, + 'ldap:///??sub??!bindname=cn=Manager%2co=Foo':1, + # More examples from various sources + 'ldap://ldap.nameflow.net:1389/c%3dDE':1, + 'ldap://root.openldap.org/dc=openldap,dc=org':1, + 'ldap://root.openldap.org/dc=openldap,dc=org':1, + 'ldap://x500.mh.se/o=Mitthogskolan,c=se????1.2.752.58.10.2=T.61':1, + 'ldp://root.openldap.org/dc=openldap,dc=org':0, + 'ldap://localhost:1389/ou%3DUnstructured%20testing%20tree%2Cdc%3Dstroeder%2Cdc%3Dcom??one':1, +} +for ldap_url in is_ldap_url_tests.keys(): + result_is_ldap_url = isLDAPUrl(ldap_url) + if result_is_ldap_url !=is_ldap_url_tests[ldap_url]: + print 'isLDAPUrl("%s") returns %d instead of %d.' % ( + repr(ldap_url),result_is_ldap_url,is_ldap_url_tests[ldap_url] + ) + +print '\nTesting class LDAPUrl:' +parse_ldap_url_tests = [ + ( + 'ldap://root.openldap.org/dc=openldap,dc=org', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=openldap,dc=org' + ) + ), + ( + 'ldap://root.openldap.org/dc%3dboolean%2cdc%3dnet???%28objectClass%3d%2a%29', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=boolean,dc=net', + filterstr='(objectClass=*)' + ) + ), + ( + 'ldap://root.openldap.org/dc=openldap,dc=org??sub?', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=openldap,dc=org', + scope=ldapurl.LDAP_SCOPE_SUBTREE + ) + ), + ( + 'ldap://root.openldap.org/dc=openldap,dc=org??one?', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=openldap,dc=org', + scope=ldapurl.LDAP_SCOPE_ONELEVEL + ) + ), + ( + 'ldap://root.openldap.org/dc=openldap,dc=org??base?', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=openldap,dc=org', + scope=ldapurl.LDAP_SCOPE_BASE + ) + ), + ( + 'ldap://x500.mh.se/o=Mitthogskolan,c=se????1.2.752.58.10.2=T.61', + LDAPUrl( + hostport='x500.mh.se', + dn='o=Mitthogskolan,c=se', + extensions=LDAPUrlExtensions({ + '1.2.752.58.10.2':ldapurl.LDAPUrlExtension( + critical=0,extype='1.2.752.58.10.2',exvalue='T.61' + ) + }) + ) + ), + ( + 'ldap://localhost:12345/dc=stroeder,dc=com????!bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,!X-BINDPW=secretpassword', + LDAPUrl( + hostport='localhost:12345', + dn='dc=stroeder,dc=com', + extensions=LDAPUrlExtensions({ + 'bindname':LDAPUrlExtension( + critical=1,extype='bindname',exvalue='cn=Michael,dc=stroeder,dc=com' + ), + 'X-BINDPW':LDAPUrlExtension( + critical=1,extype='X-BINDPW',exvalue='secretpassword' + ), + }), + ) + ), + ( + 'ldap://localhost:54321/dc=stroeder,dc=com????bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secretpassword', + LDAPUrl( + hostport='localhost:54321', + dn='dc=stroeder,dc=com', + who='cn=Michael,dc=stroeder,dc=com', + cred='secretpassword' + ) + ), + ( + 'ldaps://localhost:12345/dc=stroeder,dc=com', + LDAPUrl( + urlscheme='ldaps', + hostport='localhost:12345', + dn='dc=stroeder,dc=com', + ), + ), + ( + 'ldapi://%2ftmp%2fopenldap2-1389/dc=stroeder,dc=com', + LDAPUrl( + urlscheme='ldapi', + hostport='/tmp/openldap2-1389', + dn='dc=stroeder,dc=com', + ), + ), +] + +for ldap_url_str,test_ldap_url_obj in parse_ldap_url_tests: +# print '\nTesting LDAP URL:',repr(ldap_url) + ldap_url_obj = LDAPUrl(ldapUrl=ldap_url_str) + print '#'*72 + print test_ldap_url_obj.unparse() + if ldap_url_obj.__ne__(test_ldap_url_obj): + print '-'*72 + print 'Parsing error! Attributes of LDAPUrl(%s) are:\n%s\ninstead of:\n%s' % ( + repr(ldap_url_str), + repr(ldap_url_obj), + repr(test_ldap_url_obj) + ) + else: + print 'Parsing ok' + unparsed_ldap_url_str = test_ldap_url_obj.unparse() + unparsed_ldap_url_obj = LDAPUrl(ldapUrl=unparsed_ldap_url_str) + if unparsed_ldap_url_obj.__ne__(test_ldap_url_obj): + print '-'*72 + print 'Unparsing error! Attributes of LDAPUrl(%s) are:\n%s\ninstead of:\n%s' % ( + repr(unparsed_ldap_url_str), + repr(unparsed_ldap_url_obj), + repr(test_ldap_url_obj) + ) + else: + print 'Unparsing ok' From 8274be65d19cf5c66332cbfed7e9109b2f91d93c Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 5 Sep 2002 21:51:56 +0000 Subject: [PATCH 013/868] Lib/ldap/schema/.cvsignore --- Lib/ldap/schema/.cvsignore | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 Lib/ldap/schema/.cvsignore diff --git a/Lib/ldap/schema/.cvsignore b/Lib/ldap/schema/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Lib/ldap/schema/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ From fe06432b1bb7c96b90e809f9ec935101467ed9ea Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 2 Feb 2003 22:31:24 +0000 Subject: [PATCH 014/868] Attribute charset not available in recent ldapurl anymore --- Demo/Lib/ldapurl/urlsearch.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 Demo/Lib/ldapurl/urlsearch.py diff --git a/Demo/Lib/ldapurl/urlsearch.py b/Demo/Lib/ldapurl/urlsearch.py new file mode 100644 index 0000000..996e6da --- /dev/null +++ b/Demo/Lib/ldapurl/urlsearch.py @@ -0,0 +1,32 @@ +""" +Do a search with the LDAP URL specified at command-line. + +No output of LDAP data is produced except trace output. +""" + +import sys,getpass,ldap,ldapurl + +try: + ldapUrl = ldapurl.LDAPUrl(ldapUrl=sys.argv[1]) +except IndexError: + print 'Usage: %s [LDAP URL]' % (sys.argv[0]) + sys.exit(1) + +for a in [ + 'urlscheme','hostport','dn','attrs','scope', + 'filterstr','extensions','who','cred' +]: + print a,repr(getattr(ldapUrl,a)) + +l = ldap.initialize(ldapUrl.initializeUrl(),trace_level=1) +if ldapUrl.who!=None: + if ldapUrl.cred!=None: + cred=ldapUrl.cred + else: + print 'Enter password for simple bind with',repr(ldapUrl.who) + cred=getpass.getpass() + l.simple_bind_s(ldapUrl.who,cred) + +res = l.search_s(ldapUrl.dn,ldapUrl.scope,ldapUrl.filterstr,ldapUrl.attrs) + +print len(res),'search results' From 5ee9476e529bea93b4ee09d220396e41ccdacd28 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 2 Feb 2003 22:38:16 +0000 Subject: [PATCH 015/868] ... --- Demo/Lib/ldapurl/.cvsignore | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 Demo/Lib/ldapurl/.cvsignore diff --git a/Demo/Lib/ldapurl/.cvsignore b/Demo/Lib/ldapurl/.cvsignore new file mode 100644 index 0000000..f7c976a --- /dev/null +++ b/Demo/Lib/ldapurl/.cvsignore @@ -0,0 +1,4 @@ +*.pyc +*.pyo +*.bck +*~ From 93a3c8f2be6df08ebc74777dd1cfd9072f0ebc6b Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 17 Mar 2003 14:19:32 +0000 Subject: [PATCH 016/868] Removed unused __doc__ string related symbols. --- Demo/options.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 Demo/options.py diff --git a/Demo/options.py b/Demo/options.py new file mode 100644 index 0000000..fb37209 --- /dev/null +++ b/Demo/options.py @@ -0,0 +1,29 @@ + +import ldap + +host="localhost:1390" + +print "API info:",ldap.get_option(ldap.OPT_API_INFO) +print "debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL) +#print "Setting debug level to 255..." +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +#print "debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL) +print "default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT) +print "Setting default size limit to 10..." +ldap.set_option(ldap.OPT_SIZELIMIT,10) +print "default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT) +print "Creating connection to",host,"..." +l=ldap.init(host) +print "size limit:",l.get_option(ldap.OPT_SIZELIMIT) +print "Setting connection size limit to 20..." +l.set_option(ldap.OPT_SIZELIMIT,20) +print "size limit:",l.get_option(ldap.OPT_SIZELIMIT) +#print "Setting time limit to 60 secs..." +l.set_option(ldap.OPT_TIMELIMIT,60) +#print "time limit:",l.get_option(ldap.OPT_TIMELIMIT) +print "Binding..." +l.simple_bind_s("","") + + + + From 3b6d52fb1dff50f5fa057d5edc4456d970e7bb98 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 19 Apr 2003 02:10:25 +0000 Subject: [PATCH 017/868] Fixed __setstate__() and __getstate__() of ReconnectLDAPObject --- Demo/pickle_ldapobject.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 Demo/pickle_ldapobject.py diff --git a/Demo/pickle_ldapobject.py b/Demo/pickle_ldapobject.py new file mode 100644 index 0000000..3f7cab2 --- /dev/null +++ b/Demo/pickle_ldapobject.py @@ -0,0 +1,12 @@ +import os,ldap,pickle + +temp_file_name = os.path.join(os.environ.get('TMP','/tmp'),'pickle_ldap-%d' % (os.getpid())) + +l1 = ldap.ldapobject.ReconnectLDAPObject('ldap://localhost:1390',trace_level=1) +l1.protocol_version = 3 +l1.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') + +pickle.dump(l1,open(temp_file_name,'wb')) + +l2 = pickle.load(open(temp_file_name,'rb')) +l2.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') From f8ac88ea0935e4bcbd0fa5f7b15cd9bff9c6c3f7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 20 Aug 2003 10:04:34 +0000 Subject: [PATCH 018/868] Added directory Build/ mainly intended for platform-specific examples of setup.cfg. --- Build/setup.cfg.suse-linux | 33 +++++++++++++++++++++++++++++++++ Build/setup.cfg.win32 | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 Build/setup.cfg.suse-linux create mode 100644 Build/setup.cfg.win32 diff --git a/Build/setup.cfg.suse-linux b/Build/setup.cfg.suse-linux new file mode 100644 index 0000000..884e57a --- /dev/null +++ b/Build/setup.cfg.suse-linux @@ -0,0 +1,33 @@ +# Example for setup.cfg +# You have to edit this file to reflect your system configuation +# $Id: setup.cfg.suse-linux,v 1.1 2003/08/20 10:04:34 stroeder Exp $ + +[_ldap] +# Section for compiling the C extension module +# for wrapping OpenLDAP 2 libs + +library_dirs = /usr/lib/sasl2 +include_dirs = /usr/include/sasl + +extra_compile_args = +extra_objects = + +# Example for full-featured SuSE build: +# Support for StartTLS/LDAPS, SASL bind and reentrant libldap_r. +# This needs recent OpenLDAP 2.0.26+ or 2.1.3+ built with +# ./configure --with-cyrus-sasl --with-tls +libs = ldap_r lber sasl2 ssl crypto + +[install] +# Installation options +compile = 1 +optimize = 1 + +# For SuSE Linux 8.2 +[bdist_rpm] +provides = python-ldap +requires = python openldap2-client openssl cyrus-sasl2 +distribution_name = SuSE Linux 8.2 +release = 1 +packager = Michael Stroeder +doc_files = CHANGES README INSTALL TODO Demo/ diff --git a/Build/setup.cfg.win32 b/Build/setup.cfg.win32 new file mode 100644 index 0000000..7c5270b --- /dev/null +++ b/Build/setup.cfg.win32 @@ -0,0 +1,33 @@ +# Section for compiling the C extension module +# for wrapping OpenLDAP 2 libs + +# Platform: Win32 +# Compile environment: Microsoft Visual Studio .NET 2003 +[_ldap] +class = OpenLDAP2 +defines = WIN32 + +# Cannot have SSL/TLS support under Win32 for the moment +# (OpenLDAP 2.x port is incomplete) +libs = olber32 oldap_r ws2_32 libsasl + +# Set these to your correct Openldap and Cyrus-sasl paths +library_dirs = ../openldap/openldap-2.1.22/Release ../openldap/cyrus-sasl/lib +include_dirs = ../openldap/openldap-2.1.22/include ../openldap/cyrus-sasl/include + +# Needs to compile as /MT ("MS libs to use: multithreaded statically-linked") +# instead of /MD ("MS libs to use: multithreaded DLL") which is distutils' default +# because OpenLDAP libs compile that way, too +# This may change, however +extra_compile_args = /MT +extra_link_args = /NODEFAULTLIB:msvcrt.lib + +# Pull in SASL DLL as a convenience to end-user (which almost never will have it) +# Destination path is a rather crude hack, but site-packages would be created anyway +# Set source path to your Cyrus-sasl lib path +extra_files = Lib/site-packages:../openldap/cyrus-sasl/lib/libsasl.dll + +# Installation options +[install] +compile = 1 +record = python-ldap_install.log From 037f470669c5bcb6ac83129783be645b138ffe00 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 26 Oct 2004 22:27:12 +0000 Subject: [PATCH 019/868] Simple example for extended passwort operation. --- Demo/passwd_ext_op.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 Demo/passwd_ext_op.py diff --git a/Demo/passwd_ext_op.py b/Demo/passwd_ext_op.py new file mode 100644 index 0000000..1030f0e --- /dev/null +++ b/Demo/passwd_ext_op.py @@ -0,0 +1,32 @@ +""" +Example showing the use of the password extended operation. +""" + +import sys,ldap,ldapurl,getpass + +# Set debugging level +ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +lu = ldapurl.LDAPUrl(sys.argv[1]) + +print 'Old password' +oldpw = getpass.getpass() +print 'New password' +newpw = getpass.getpass() + +# Set path name of file containing all CA certificates +# needed to validate server certificates +ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem') + +# Create LDAPObject instance +l = ldap.initialize(lu.initializeUrl(),trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) + +l.protocol_version=ldap.VERSION3 + +l.simple_bind_s(lu.dn,oldpw) + +l.passwd(lu.dn,oldpw,newpw) + +l.unbind_s() From be71747f6eda7bafbd107ae101e77c93eb6ab27d Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 25 Jan 2005 18:54:46 +0000 Subject: [PATCH 020/868] Contributed by Mauro Cicognini via e-mail --- Build/setup.cfg.mingw | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 Build/setup.cfg.mingw diff --git a/Build/setup.cfg.mingw b/Build/setup.cfg.mingw new file mode 100644 index 0000000..b3ef5e0 --- /dev/null +++ b/Build/setup.cfg.mingw @@ -0,0 +1,35 @@ +# Win32 setup.cfg +# You have to edit this file to reflect your system configuration +# +# $Id: setup.cfg.mingw,v 1.1 2005/01/25 18:54:46 stroeder Exp $ + +# Section for compiling the C extension module +# for wrapping OpenLDAP 2 libs + +# Platform: Win32 +# Compile environment: MinGW +[_ldap] +class = OpenLDAP2 +maintainer = Mauro Cicognini +defines = WIN32 + +# modify these to fit your local configuration +library_dirs = C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/libraries/libldap_r/.libs C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/libraries/liblber/.libs C:\msys\1.0\home\mcicogni\openldap-mingw-build-4\openssl-0.9.7e +include_dirs = C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/include + +extra_compile_args = +extra_objects = + +libs = ldap_r lber ssl crypto ws2_32 gdi32 + +[build] +compiler = mingw32 + +# Installation options +[install] +compile = 1 +optimize = 1 +record = python-ldap_install.log + +[bdist_wininst] +target_version = 2.4 From 645526a75e438247444f5896f8dbd067a2c7fcdf Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 21 Jun 2005 14:59:47 +0000 Subject: [PATCH 021/868] Finishing support for receiving controls --- Demo/ldapcontrols.py | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 Demo/ldapcontrols.py diff --git a/Demo/ldapcontrols.py b/Demo/ldapcontrols.py new file mode 100644 index 0000000..214042d --- /dev/null +++ b/Demo/ldapcontrols.py @@ -0,0 +1,33 @@ +import ldap,ldapurl,pprint + +from ldap.controls import LDAPControl,BooleanControl + +l = ldap.initialize('ldap://localhost:1390',trace_level=2) + +print 60*'#' + +pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) +l.manage_dsa_it(1,1) +pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) +print 60*'#' + +# Search with ManageDsaIT control (which has no value) +pprint.pprint(l.search_ext_s( + 'cn=Test-Referral,ou=Testing,dc=stroeder,dc=de', + ldap.SCOPE_BASE, + '(objectClass=*)', + ['*','+'], + serverctrls = [ LDAPControl('2.16.840.1.113730.3.4.2',1,None) ], +)) +print 60*'#' + +# Search with Subentries control (which has boolean value) +pprint.pprint(l.search_ext_s( + 'dc=stroeder,dc=de', + ldap.SCOPE_SUBTREE, + '(objectClass=subentry)', + ['*','+'], + serverctrls = [ BooleanControl('1.3.6.1.4.1.4203.1.10.1',1,1) ], +)) + +print 60*'#' From ea07b5fa9ee2e4118718a7b642cb91a8ab931769 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 21 Jun 2005 15:02:06 +0000 Subject: [PATCH 022/868] Start at 2.5.6.0 --- Demo/schema_tree.py | 100 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 Demo/schema_tree.py diff --git a/Demo/schema_tree.py b/Demo/schema_tree.py new file mode 100644 index 0000000..3b3a091 --- /dev/null +++ b/Demo/schema_tree.py @@ -0,0 +1,100 @@ +""" +Outputs the object class tree read from LDAPv3 schema +of a given server + +Usage: schema_oc_tree.py [--html] [LDAP URL] +""" + +import sys,getopt,ldap,ldap.schema + + +ldap.trace_level = 1 + +def PrintSchemaTree(schema,se_class,se_tree,se_oid,level): + """ASCII text output for console""" + se_obj = schema.get_obj(se_class,se_oid) + if se_obj!=None: + print '| '*(level-1)+'+---'*(level>0), \ + ', '.join(se_obj.names), \ + '(%s)' % se_obj.oid + for sub_se_oid in se_tree[se_oid]: + print '| '*(level+1) + PrintSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) + + +def HTMLSchemaTree(schema,se_class,se_tree,se_oid,level): + """HTML output for browser""" + se_obj = schema.get_obj(se_class,se_oid) + if se_obj!=None: + print """ +
%s (%s)
+
+ %s + """ % (', '.join(se_obj.names),se_obj.oid,se_obj.desc) + if se_tree[se_oid]: + print '
' + for sub_se_oid in se_tree[se_oid]: + HTMLSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) + print '
' + print '
' + + +ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) + +ldap._trace_level = 0 + +subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1],ldap.trace_level) + +if subschemasubentry_dn is None: + print 'No sub schema sub entry found!' + sys.exit(1) + +try: + options,args=getopt.getopt(sys.argv[1:],'',['html']) +except getopt.error,e: + print 'Error: %s\nUsage: schema_oc_tree.py [--html] [LDAP URL]' + +html_output = options and options[0][0]=='--html' + +oc_tree = schema.tree(ldap.schema.ObjectClass) +at_tree = schema.tree(ldap.schema.AttributeType) + +#for k,v in oc_tree.items(): +# print k,'->',v +#for k,v in at_tree.items(): +# print k,'->',v + +if html_output: + + print """ + + Object class tree + + +

Object class tree

+
+""" + HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) + print """
+

Attribute type tree

+
+""" + for a in schema.listall(ldap.schema.AttributeType): + if at_tree[a]: + HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0) + print + + print """
+ + +""" + +else: + + print '*** Object class tree ***\n' + print + PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) + + print '\n*** Attribute types tree ***\n' + PrintSchemaTree(schema,ldap.schema.AttributeType,at_tree,'_',0) + From 3ad1d243c5ac9abc11373b380bc87253e8f15e03 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 7 Nov 2005 11:24:25 +0000 Subject: [PATCH 023/868] New sub-module ldap.resiter which simply provides a mix-in class for ldap.ldapobject.LDAPObject with a generator method allresults(). Obviously this only works with Python 2.3+. And it's still experimental. --- Demo/resiter.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 Demo/resiter.py diff --git a/Demo/resiter.py b/Demo/resiter.py new file mode 100644 index 0000000..4b49fae --- /dev/null +++ b/Demo/resiter.py @@ -0,0 +1,26 @@ +""" +Demo for using ldap.resiter.ResultProcessor +written by Michael Stroeder + +See http://python-ldap.sourceforge.net for details. + +\$Id: resiter.py,v 1.1 2005/11/07 11:24:25 stroeder Exp $ + +Python compability note: +Requires Python 2.3+ +""" + +import ldap,ldap.resiter + +class LDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): + pass + +l = LDAPObject('ldap://localhost:1390',trace_level=1) +l.protocol_version = 3 +msgid = l.search('dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=m*)') + +result_iter = l.allresults(msgid) +for result_type,result_list,result_msgid,result_serverctrls in result_iter: + print result_type,result_list,result_msgid,result_serverctrls + +l.unbind_s() From 84c4043f6e775a95d2a458bda13898fdde795f0a Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 26 Mar 2006 12:23:07 +0000 Subject: [PATCH 024/868] Examples for using ldap.async. --- Demo/Lib/ldap/async/ldifwriter.py | 42 +++++++++++++++++++++++++++++++ Demo/Lib/ldap/async/sizelimit.py | 42 +++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 Demo/Lib/ldap/async/ldifwriter.py create mode 100644 Demo/Lib/ldap/async/sizelimit.py diff --git a/Demo/Lib/ldap/async/ldifwriter.py b/Demo/Lib/ldap/async/ldifwriter.py new file mode 100644 index 0000000..f919cd9 --- /dev/null +++ b/Demo/Lib/ldap/async/ldifwriter.py @@ -0,0 +1,42 @@ +""" +ldifwriter - using ldap.async module for output of LDIF stream + of LDAP search results + +Written by Michael Stroeder + +$Id: ldifwriter.py,v 1.4 2006/03/26 12:23:07 stroeder Exp $ + +This example translates the naming context of data read from +input, sanitizes some attributes, maps/removes object classes, +maps/removes attributes., etc. It's far from being complete though. + +Python compability note: +Tested on Python 2.0+, should run on Python 1.5.x. +""" + +import sys,ldap,ldap.async + +s = ldap.async.LDIFWriter( + ldap.initialize('ldap://localhost:1390'), + sys.stdout +) + +s.startSearch( + 'dc=stroeder,dc=de', + ldap.SCOPE_SUBTREE, + '(objectClass=*)', +) + +try: + partial = s.processResults() +except ldap.SIZELIMIT_EXCEEDED: + sys.stderr.write('Warning: Server-side size limit exceeded.\n') +else: + if partial: + sys.stderr.write('Warning: Only partial results received.\n') + +sys.stderr.write( + '%d results received.\n' % ( + s.endResultBreak-s.beginResultsDropped + ) +) diff --git a/Demo/Lib/ldap/async/sizelimit.py b/Demo/Lib/ldap/async/sizelimit.py new file mode 100644 index 0000000..9915909 --- /dev/null +++ b/Demo/Lib/ldap/async/sizelimit.py @@ -0,0 +1,42 @@ +""" +ldifwriter - using ldap.async module for retrieving partial results + in a list even though the exception ldap.SIZELIMIT_EXCEEDED + was raised.output of LDIF stream + +Written by Michael Stroeder + +$Id: sizelimit.py,v 1.4 2006/03/26 12:23:07 stroeder Exp $ + +This example translates the naming context of data read from +input, sanitizes some attributes, maps/removes object classes, +maps/removes attributes., etc. It's far from being complete though. + +Python compability note: +Tested on Python 2.0+, should run on Python 1.5.x. +""" + +import sys,ldap,ldap.async + +s = ldap.async.List( + ldap.initialize('ldap://localhost:1390'), +) + +s.startSearch( + 'dc=stroeder,dc=de', + ldap.SCOPE_SUBTREE, + '(objectClass=*)', +) + +try: + partial = s.processResults() +except ldap.SIZELIMIT_EXCEEDED: + sys.stderr.write('Warning: Server-side size limit exceeded.\n') +else: + if partial: + sys.stderr.write('Warning: Only partial results received.\n') + +sys.stderr.write( + '%d results received.\n' % ( + len(s.allResults) + ) +) From 12881e807e80c07f5e61323250341e1b54ca7764 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 6 Aug 2007 09:45:59 +0000 Subject: [PATCH 025/868] Demo script for Matched Values Control contributed by Andreas Hasenack --- Demo/matchedvalues.py | 63 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 Demo/matchedvalues.py diff --git a/Demo/matchedvalues.py b/Demo/matchedvalues.py new file mode 100644 index 0000000..4de3e8a --- /dev/null +++ b/Demo/matchedvalues.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python +# +# demo for matched values control (RFC 3876) +# +# suppose the uid=jsmith LDAP entry has two mail attributes: +# +# dn: uid=jsmith,ou=People,dc=example,dc=com +# (...) +# mail: jsmith@example.com +# mail: jsmith@example.org +# +# Let's say you want to fetch only the example.org email. Without MV, +# you would first fetch all mail attributes and then filter them further +# on the client. With the MV control, the result can be given to the +# client already filtered. +# +# Sample output: +# $ ./matchedvalues.py +# LDAP filter used: (&(objectClass=inetOrgPerson)(mail=*@example.org)) +# Requesting 'mail' attribute back +# +# No matched values control: +# dn: uid=jsmith,ou=People,dc=example,dc=com +# mail: jsmith@example.org +# mail: john@example.com +# +# Matched values control: (mail=*@example.org) +# dn: uid=jsmith,ou=People,dc=example,dc=com +# mail: jsmith@example.org + +import ldap +from ldap.controls import MatchedValuesControl + +def print_result(search_result): + for n in range(len(search_result)): + print "dn: %s" % search_result[n][0] + for attr in search_result[n][1].keys(): + for i in range(len(search_result[n][1][attr])): + print "%s: %s" % (attr, search_result[n][1][attr][i]) + print + + +uri = "ldap://ldap.example.com" +base = "dc=example,dc=com" +scope = ldap.SCOPE_SUBTREE +filter = "(&(objectClass=inetOrgPerson)(mail=*@example.org))" +control_filter = "(mail=*@example.org)" + +ld = ldap.initialize(uri) + +mv = MatchedValuesControl(criticality=True, controlValue=control_filter) + +res = ld.search_ext_s(base, scope, filter, attrlist = ['mail']) +print "LDAP filter used: %s" % filter +print "Requesting 'mail' attribute back" +print +print "No matched values control:" +print_result(res) + +res = ld.search_ext_s(base, scope, filter, attrlist = ['mail'], serverctrls = [mv]) +print "Matched values control: %s" % control_filter +print_result(res) + From 305ec15c7233a8a0e867d6570ba2bdcaa819e8f8 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 27 Mar 2008 15:04:25 +0000 Subject: [PATCH 026/868] Simple search util also as a demo for using LDAP URLs with custom extension --- Tests/search.py | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 Tests/search.py diff --git a/Tests/search.py b/Tests/search.py new file mode 100644 index 0000000..2c63009 --- /dev/null +++ b/Tests/search.py @@ -0,0 +1,42 @@ +import sys,pprint,ldap + +from ldap.ldapobject import LDAPObject +from ldapurl import LDAPUrl + +class MyLDAPUrl(LDAPUrl): + attr2extype = { + 'who':'bindname', + 'cred':'X-BINDPW', + 'start_tls':'startTLS', + 'trace_level':'trace', + } + + +ldap_url = MyLDAPUrl(sys.argv[1]) +trace_level = int(ldap_url.trace_level or '0') + +print '***trace_level',trace_level + +ldap.trace_level = trace_level + +l = LDAPObject( + ldap_url.initializeUrl(), + trace_level=trace_level, +) + +l.protocol_version = 3 +l.set_option(ldap.OPT_REFERRALS,0) +l.simple_bind_s((ldap_url.who or ''),(ldap_url.cred or '')) + +result = l.search_s( + ldap_url.dn, + ldap_url.scope or ldap.SCOPE_SUBTREE, + ldap_url.filterstr or '(objectClass=*)', + ldap_url.attrs or ['*'] +) + +pprint.pprint(result) + +print '***DIAGNOSTIC_MESSAGE',repr(l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)) + +l.unbind_s() From 8cf374c2cdb44691a8aa548917d2eb8f3533921f Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 10 Apr 2008 11:08:43 +0000 Subject: [PATCH 027/868] Simplified Makefile --- Doc/Makefile | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 Doc/Makefile diff --git a/Doc/Makefile b/Doc/Makefile new file mode 100644 index 0000000..5c8c6f1 --- /dev/null +++ b/Doc/Makefile @@ -0,0 +1,68 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d .build/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help clean html web htmlhelp latex changes linkcheck + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " web to make files usable by Sphinx.web" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " changes to make an overview over all changed/added/deprecated items" + @echo " linkcheck to check all external links for integrity" + +clean: + -rm -rf .build/* + +html: + mkdir -p .build/html .build/doctrees + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) .build/html + @echo + @echo "Build finished. The HTML pages are in .build/html." + +web: + mkdir -p .build/web .build/doctrees + $(SPHINXBUILD) -b web $(ALLSPHINXOPTS) .build/web + @echo + @echo "Build finished; now you can run" + @echo " python -m sphinx.web .build/web" + @echo "to start the server." + +htmlhelp: + mkdir -p .build/htmlhelp .build/doctrees + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) .build/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in .build/htmlhelp." + +latex: + mkdir -p .build/latex .build/doctrees + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) .build/latex + @echo + @echo "Build finished; the LaTeX files are in .build/latex." + @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \ + "run these through (pdf)latex." + +changes: + mkdir -p .build/changes .build/doctrees + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) .build/changes + @echo + @echo "The overview file is in .build/changes." + +linkcheck: + mkdir -p .build/linkcheck .build/doctrees + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) .build/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in .build/linkcheck/output.txt." From ea882a06e0eea9acc3ebe4205a76d9cff10bc311 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 24 Apr 2008 09:22:05 +0000 Subject: [PATCH 028/868] Other example for ldap_uri --- Demo/ms_ad_bind.py | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 Demo/ms_ad_bind.py diff --git a/Demo/ms_ad_bind.py b/Demo/ms_ad_bind.py new file mode 100644 index 0000000..6333652 --- /dev/null +++ b/Demo/ms_ad_bind.py @@ -0,0 +1,38 @@ +# How to bind to MS AD with python-ldap and various methods + +import ldap,ldap.sasl + +ldap_uri = "ldap://dc1.example.com" +dn = "CN=Anna Blume,CN=Users,DC=addomain,DC=example,DC=com" +sAMAccountName = "ABlume" +userPrincipalName = "ablume@addomain.example.com" +password = 'testsecret' + +trace_level = 2 + +l = ldap.initialize(ldap_uri,trace_level=trace_level) + +# Normal LDAPv3 compliant simple bind +l.simple_bind_s(dn,password) + +# This is AD-specific and not LDAPv3 compliant +l.simple_bind_s(userPrincipalName,password) + +# This is AD-specific and not LDAPv3 compliant +l.simple_bind_s(userPrincipalName,password) + +# SASL bind with mech DIGEST-MD5 with sAMAccountName as SASL user name +sasl_auth = ldap.sasl.sasl( + { + ldap.sasl.CB_AUTHNAME:sAMAccountName, + ldap.sasl.CB_PASS :password, + }, + 'DIGEST-MD5' +) +l.sasl_interactive_bind_s("", sasl_auth) + +# SASL bind with mech GSSAPI +# with the help of Kerberos V TGT obtained before with command +# kinit ablume@ADDOMAIN.EXAMPLE.COM +sasl_auth = ldap.sasl.sasl({},'GSSAPI') +l.sasl_interactive_bind_s("", sasl_auth) From ee42183fd77d9b39c44a1f8da11cd97a2c6ae045 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 19 Jun 2008 08:50:26 +0000 Subject: [PATCH 029/868] Modification due to doc tool change --- Doc/.cvsignore | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 Doc/.cvsignore diff --git a/Doc/.cvsignore b/Doc/.cvsignore new file mode 100644 index 0000000..5557280 --- /dev/null +++ b/Doc/.cvsignore @@ -0,0 +1,4 @@ +python-ldap.pdf +python-ldap.ps +*.bck +*~ From f0b197b2676cf3e73c433c39f39e775a4c64fd39 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 17 Apr 2009 12:19:09 +0000 Subject: [PATCH 030/868] Refer to new project home-page --- Modules/LDAPObject.h | 52 ++++++++ Modules/common.c | 19 +++ Modules/common.h | 39 ++++++ Modules/constants.h | 19 +++ Modules/errors.h | 16 +++ Modules/functions.h | 12 ++ Modules/ldapmodule.c | 49 ++++++++ Modules/options.h | 8 ++ Modules/schema.c | 283 +++++++++++++++++++++++++++++++++++++++++++ Modules/schema.h | 14 +++ Modules/version.c | 20 +++ Modules/version.h | 12 ++ 12 files changed, 543 insertions(+) create mode 100644 Modules/LDAPObject.h create mode 100644 Modules/common.c create mode 100644 Modules/common.h create mode 100644 Modules/constants.h create mode 100644 Modules/errors.h create mode 100644 Modules/functions.h create mode 100644 Modules/ldapmodule.c create mode 100644 Modules/options.h create mode 100644 Modules/schema.c create mode 100644 Modules/schema.h create mode 100644 Modules/version.c create mode 100644 Modules/version.h diff --git a/Modules/LDAPObject.h b/Modules/LDAPObject.h new file mode 100644 index 0000000..b0ffbbe --- /dev/null +++ b/Modules/LDAPObject.h @@ -0,0 +1,52 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: LDAPObject.h,v 1.10 2009/04/17 12:19:09 stroeder Exp $ */ + +#ifndef __h_LDAPObject +#define __h_LDAPObject + +#include "common.h" + +#include "lber.h" +#include "ldap.h" +#if LDAP_API_VERSION < 2000 +#error Current python-ldap requires OpenLDAP 2.x +#endif + +#if PYTHON_API_VERSION < 1007 +typedef PyObject* _threadstate; +#else +typedef PyThreadState* _threadstate; +#endif + +typedef struct { + PyObject_HEAD + LDAP* ldap; + _threadstate _save; /* for thread saving on referrals */ + int valid; +} LDAPObject; + +extern PyTypeObject LDAP_Type; +#define LDAPObject_Check(v) ((v)->ob_type == &LDAP_Type) + +extern LDAPObject *newLDAPObject( LDAP* ); + +/* macros to allow thread saving in the context of an LDAP connection */ + +#define LDAP_BEGIN_ALLOW_THREADS( l ) \ + { \ + LDAPObject *lo = (l); \ + if (lo->_save != NULL) \ + Py_FatalError( "saving thread twice?" ); \ + lo->_save = PyEval_SaveThread(); \ + } + +#define LDAP_END_ALLOW_THREADS( l ) \ + { \ + LDAPObject *lo = (l); \ + _threadstate _save = lo->_save; \ + lo->_save = NULL; \ + PyEval_RestoreThread( _save ); \ + } + +#endif /* __h_LDAPObject */ + diff --git a/Modules/common.c b/Modules/common.c new file mode 100644 index 0000000..ff471f1 --- /dev/null +++ b/Modules/common.c @@ -0,0 +1,19 @@ +/* Miscellaneous common routines + * See http://www.python-ldap.org/ for details. + * $Id: common.c,v 1.3 2009/04/17 12:19:09 stroeder Exp $ */ + +#include "common.h" + +/* dynamically add the methods into the module dictionary d */ + +void +LDAPadd_methods( PyObject* d, PyMethodDef* methods ) +{ + PyMethodDef *meth; + + for( meth = methods; meth->ml_meth; meth++ ) { + PyObject *f = PyCFunction_New( meth, NULL ); + PyDict_SetItemString( d, meth->ml_name, f ); + Py_DECREF(f); + } +} diff --git a/Modules/common.h b/Modules/common.h new file mode 100644 index 0000000..a182a97 --- /dev/null +++ b/Modules/common.h @@ -0,0 +1,39 @@ +/* common utility macros + * See http://www.python-ldap.org/ for details. + * $Id: common.h,v 1.8 2009/04/17 12:19:09 stroeder Exp $ */ + +#ifndef __h_common +#define __h_common + +#define PY_SSIZE_T_CLEAN + +#include "Python.h" + +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + +#if defined(MS_WINDOWS) +#include +#else /* unix */ +#include +#include +#include +#endif + +/* Backwards compability with Python prior 2.5 */ +#if PY_VERSION_HEX < 0x02050000 +typedef int Py_ssize_t; +#define PY_SSIZE_T_MAX INT_MAX +#define PY_SSIZE_T_MIN INT_MIN +#endif + +#include +#define streq( a, b ) \ + ( (*(a)==*(b)) && 0==strcmp(a,b) ) + +void LDAPadd_methods( PyObject*d, PyMethodDef*methods ); +#define PyNone_Check(o) ((o) == Py_None) + +#endif /* __h_common_ */ + diff --git a/Modules/constants.h b/Modules/constants.h new file mode 100644 index 0000000..c77f269 --- /dev/null +++ b/Modules/constants.h @@ -0,0 +1,19 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: constants.h,v 1.6 2009/04/17 12:19:09 stroeder Exp $ */ + +#ifndef __h_constants_ +#define __h_constants_ + +#include "common.h" +extern void LDAPinit_constants( PyObject* d ); +extern PyObject* LDAPconstant( int ); + +#ifndef LDAP_CONTROL_PAGE_OID +#define LDAP_CONTROL_PAGE_OID "1.2.840.113556.1.4.319" +#endif /* !LDAP_CONTROL_PAGE_OID */ + +#ifndef LDAP_CONTROL_VALUESRETURNFILTER +#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.3344810.2.3" /* RFC 3876 */ +#endif /* !LDAP_CONTROL_VALUESRETURNFILTER */ + +#endif /* __h_constants_ */ diff --git a/Modules/errors.h b/Modules/errors.h new file mode 100644 index 0000000..9c672cd --- /dev/null +++ b/Modules/errors.h @@ -0,0 +1,16 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: errors.h,v 1.6 2009/04/17 12:19:09 stroeder Exp $ */ + +#ifndef __h_errors_ +#define __h_errors_ + +#include "common.h" +#include "lber.h" +#include "ldap.h" + +extern PyObject* LDAPexception_class; +extern PyObject* LDAPerror( LDAP*, char*msg ); +extern void LDAPinit_errors( PyObject* ); +PyObject* LDAPerr(int errnum); + +#endif /* __h_errors */ diff --git a/Modules/functions.h b/Modules/functions.h new file mode 100644 index 0000000..515af4d --- /dev/null +++ b/Modules/functions.h @@ -0,0 +1,12 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: functions.h,v 1.4 2009/04/17 12:19:09 stroeder Exp $ */ + +#ifndef __h_functions_ +#define __h_functions_ + +/* $Id: functions.h,v 1.4 2009/04/17 12:19:09 stroeder Exp $ */ + +#include "common.h" +extern void LDAPinit_functions( PyObject* ); + +#endif /* __h_functions_ */ diff --git a/Modules/ldapmodule.c b/Modules/ldapmodule.c new file mode 100644 index 0000000..77cd82b --- /dev/null +++ b/Modules/ldapmodule.c @@ -0,0 +1,49 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: ldapmodule.c,v 1.9 2009/04/17 12:19:09 stroeder Exp $ */ + +#include "common.h" +#include "version.h" +#include "constants.h" +#include "errors.h" +#include "functions.h" +#include "schema.h" +#include "ldapcontrol.h" + +#include "LDAPObject.h" + +DL_EXPORT(void) init_ldap(void); + +/* dummy module methods */ + +static PyMethodDef methods[] = { + { NULL, NULL } +}; + +/* module initialisation */ + +DL_EXPORT(void) +init_ldap() +{ + PyObject *m, *d; + +#if defined(MS_WINDOWS) || defined(__CYGWIN__) + LDAP_Type.ob_type = &PyType_Type; +#endif + + /* Create the module and add the functions */ + m = Py_InitModule("_ldap", methods); + + /* Add some symbolic constants to the module */ + d = PyModule_GetDict(m); + + LDAPinit_version(d); + LDAPinit_constants(d); + LDAPinit_errors(d); + LDAPinit_functions(d); + LDAPinit_schema(d); + LDAPinit_control(d); + + /* Check for errors */ + if (PyErr_Occurred()) + Py_FatalError("can't initialize module _ldap"); +} diff --git a/Modules/options.h b/Modules/options.h new file mode 100644 index 0000000..fb6e0a2 --- /dev/null +++ b/Modules/options.h @@ -0,0 +1,8 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: options.h,v 1.4 2009/04/17 12:19:09 stroeder Exp $ */ + +int LDAP_optionval_by_name(const char *name); +int LDAP_set_option(LDAPObject *self, int option, PyObject *value); +PyObject *LDAP_get_option(LDAPObject *self, int option); + +void set_timeval_from_double( struct timeval *tv, double d ); diff --git a/Modules/schema.c b/Modules/schema.c new file mode 100644 index 0000000..5bfbfa4 --- /dev/null +++ b/Modules/schema.c @@ -0,0 +1,283 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: schema.c,v 1.8 2009/04/17 12:19:09 stroeder Exp $ */ + +#include "common.h" + +#include "schema.h" +#include "ldap_schema.h" + +/* + This utility function takes a null delimited C array of (null + delimited) C strings, creates its python equivalent and returns a + new reference to it. If the array is empty or the pointer to it is + NULL, an empty python array is returned. +*/ +PyObject* c_string_array_to_python(char **string_array) +{ + Py_ssize_t count = 0; + char **s; + PyObject *py_list; + if (string_array) { + for (s=string_array; *s != 0; s++) count++; + py_list = PyList_New(count); + count = 0; + for (s=string_array; *s != 0; s++){ + PyList_SetItem(py_list, count, PyString_FromString(*s)); + count++; + } + } else py_list=PyList_New(0); + return py_list; +} + + +/* + This function returns a list of tuples. The first entry of each + tuple is a string (lsei_name), and the second is a lists built from + lsei_values. + + Probably the C data structure is modeled along the lines of a + mapping "lsei_name -> (list of lsei_values)". However, there seems + to be no guarantee that a lsei_name is unique, so I dare not use a + python mapping for this beast... + */ +PyObject* schema_extension_to_python(LDAPSchemaExtensionItem **extensions) +{ + Py_ssize_t count = 0; + LDAPSchemaExtensionItem **e; + PyObject *py_list, *item_tuple; + if (extensions) { + for (e = extensions; *e !=0; e++) count++; + py_list = PyList_New(count); + count = 0; + for (e = extensions; *e !=0; e++) { + item_tuple = PyTuple_New(2); + PyTuple_SetItem(item_tuple, 0, + PyString_FromString((*e)->lsei_name)); + PyTuple_SetItem(item_tuple, 1, + c_string_array_to_python((*e)->lsei_values)); + PyList_SetItem(py_list, count, item_tuple); + count++; + } + } + else py_list=PyList_New(0); + return py_list; +} + + +/* + The following four functions do the boring job: they take a python + string, feed it into the respective parser functions provided by + openldap, and build a python list from the data structure returned + by the C function. + */ + +static char doc_ldap_str2objectclass[] = +""; + +static PyObject* +l_ldap_str2objectclass(PyObject* self, PyObject *args) +{ + int ret=0, flag = LDAP_SCHEMA_ALLOW_NONE; + char *oc_string; + const char *errp; + LDAPObjectClass *o; + PyObject *oc_names, *oc_sup_oids, *oc_at_oids_must, + *oc_at_oids_may, *py_ret; + + + if (!PyArg_ParseTuple(args, "si", &oc_string, &flag)) + return NULL; + o = ldap_str2objectclass( oc_string, &ret, &errp, flag); + if (ret) { + py_ret = PyInt_FromLong(ret); + return py_ret; + } + + oc_sup_oids = c_string_array_to_python(o->oc_sup_oids); + oc_names = c_string_array_to_python(o->oc_names); + oc_at_oids_must = c_string_array_to_python(o->oc_at_oids_must); + oc_at_oids_may = c_string_array_to_python(o->oc_at_oids_may); + py_ret = PyList_New(9); + PyList_SetItem(py_ret, 0, PyString_FromString(o->oc_oid)); + PyList_SetItem(py_ret, 1, oc_names); + if (o->oc_desc) { + PyList_SetItem(py_ret, 2, PyString_FromString(o->oc_desc)); + } else { + PyList_SetItem(py_ret, 2, PyString_FromString("")); + } + PyList_SetItem(py_ret, 3, PyInt_FromLong(o->oc_obsolete)); + PyList_SetItem(py_ret, 4, oc_sup_oids); + PyList_SetItem(py_ret, 5, PyInt_FromLong(o->oc_kind)); + PyList_SetItem(py_ret, 6, oc_at_oids_must); + PyList_SetItem(py_ret, 7, oc_at_oids_may); + + PyList_SetItem(py_ret, 8, + schema_extension_to_python(o->oc_extensions)); + + ldap_objectclass_free(o); + return py_ret; +} + + +static char doc_ldap_str2attributetype[] = +""; + +static PyObject* +l_ldap_str2attributetype(PyObject* self, PyObject *args) +{ + int ret=0, flag = LDAP_SCHEMA_ALLOW_NONE; + char *at_string; + const char *errp; + LDAPAttributeType *a; + PyObject *py_ret; + PyObject *at_names; + + if (!PyArg_ParseTuple(args, "si", &at_string,&flag)) + return NULL; + a = ldap_str2attributetype( at_string, &ret, &errp, flag); + if (ret) { + py_ret = PyInt_FromLong(ret); + return py_ret; + } + + py_ret = PyList_New(15); + PyList_SetItem(py_ret, 0, PyString_FromString(a->at_oid)); + at_names = c_string_array_to_python(a->at_names); + PyList_SetItem(py_ret, 1, at_names); + if (a->at_desc) { + PyList_SetItem(py_ret, 2, PyString_FromString(a->at_desc)); + } else { + PyList_SetItem(py_ret, 2, PyString_FromString("")); + } + PyList_SetItem(py_ret, 3, PyInt_FromLong(a->at_obsolete)); + if (a->at_sup_oid) { + PyList_SetItem(py_ret, 4, PyString_FromString(a->at_sup_oid)); + } else { + PyList_SetItem(py_ret, 4, PyString_FromString("")); + } + if (a->at_equality_oid) { + PyList_SetItem(py_ret, 5, PyString_FromString(a->at_equality_oid)); + } else { + PyList_SetItem(py_ret, 5, PyString_FromString("")); + } + if (a->at_ordering_oid) { + PyList_SetItem(py_ret, 6, PyString_FromString(a->at_ordering_oid)); + } else { + PyList_SetItem(py_ret, 6, PyString_FromString("")); + } + if (a->at_substr_oid) { + PyList_SetItem(py_ret, 7, PyString_FromString(a->at_substr_oid)); + } else { + PyList_SetItem(py_ret, 7, PyString_FromString("")); + } + if (a->at_syntax_oid) { + PyList_SetItem(py_ret, 8, PyString_FromString(a->at_syntax_oid)); + } else { + PyList_SetItem(py_ret, 8, PyString_FromString("")); + } + PyList_SetItem(py_ret, 9, PyInt_FromLong(a->at_syntax_len)); + PyList_SetItem(py_ret,10, PyInt_FromLong(a->at_single_value)); + PyList_SetItem(py_ret,11, PyInt_FromLong(a->at_collective)); + PyList_SetItem(py_ret,12, PyInt_FromLong(a->at_no_user_mod)); + PyList_SetItem(py_ret,13, PyInt_FromLong(a->at_usage)); + + PyList_SetItem(py_ret, 14, + schema_extension_to_python(a->at_extensions)); + ldap_attributetype_free(a); + return py_ret; +} + +static char doc_ldap_str2syntax[] = +""; + + +static PyObject* +l_ldap_str2syntax(PyObject* self, PyObject *args) +{ + LDAPSyntax *s; + int ret=0, flag = LDAP_SCHEMA_ALLOW_NONE; + const char *errp; + char *syn_string; + PyObject *py_ret, *syn_names; + + if (!PyArg_ParseTuple(args, "si", &syn_string,&flag)) + return NULL; + s = ldap_str2syntax(syn_string, &ret, &errp, flag); + if (ret) { + py_ret = PyInt_FromLong(ret); + return py_ret; + } + py_ret = PyList_New(4); + PyList_SetItem(py_ret, 0, PyString_FromString(s->syn_oid)); + syn_names = c_string_array_to_python(s->syn_names); + PyList_SetItem(py_ret, 1, syn_names); + if (s->syn_desc) { + PyList_SetItem(py_ret, 2, PyString_FromString(s->syn_desc)); + } else { + PyList_SetItem(py_ret, 2, PyString_FromString("")); + } + PyList_SetItem(py_ret, 3, + schema_extension_to_python(s->syn_extensions)); + ldap_syntax_free(s); + return py_ret; +} + +static char doc_ldap_str2matchingrule[] = +""; + +static PyObject* +l_ldap_str2matchingrule(PyObject* self, PyObject *args) +{ + LDAPMatchingRule *m; + int ret=0, flag = LDAP_SCHEMA_ALLOW_NONE; + const char *errp; + char *mr_string; + PyObject *py_ret, *mr_names; + + if (!PyArg_ParseTuple(args, "si", &mr_string,&flag)) + return NULL; + m = ldap_str2matchingrule(mr_string, &ret, &errp, flag); + if (ret) { + py_ret = PyInt_FromLong(ret); + return py_ret; + } + py_ret = PyList_New(6); + PyList_SetItem(py_ret, 0, PyString_FromString(m->mr_oid)); + mr_names = c_string_array_to_python(m->mr_names); + PyList_SetItem(py_ret, 1, mr_names); + if (m->mr_desc) { + PyList_SetItem(py_ret, 2, PyString_FromString(m->mr_desc)); + } else { + PyList_SetItem(py_ret, 2, PyString_FromString("")); + } + PyList_SetItem(py_ret, 3, PyInt_FromLong(m->mr_obsolete)); + if (m->mr_syntax_oid) { + PyList_SetItem(py_ret, 4, PyString_FromString(m->mr_syntax_oid)); + } else { + PyList_SetItem(py_ret, 4, PyString_FromString("")); + } + PyList_SetItem(py_ret, 5, + schema_extension_to_python(m->mr_extensions)); + ldap_matchingrule_free(m); + return py_ret; +} + +/* methods */ + +static PyMethodDef methods[] = { + { "str2objectclass", (PyCFunction)l_ldap_str2objectclass, METH_VARARGS, + doc_ldap_str2objectclass }, + { "str2attributetype", (PyCFunction)l_ldap_str2attributetype, + METH_VARARGS, doc_ldap_str2attributetype }, + { "str2syntax", (PyCFunction)l_ldap_str2syntax, + METH_VARARGS, doc_ldap_str2syntax }, + { "str2matchingrule", (PyCFunction)l_ldap_str2matchingrule, + METH_VARARGS, doc_ldap_str2matchingrule }, + { NULL, NULL } +}; + + +void +LDAPinit_schema( PyObject* d ) { + LDAPadd_methods( d, methods ); +} diff --git a/Modules/schema.h b/Modules/schema.h new file mode 100644 index 0000000..52492b3 --- /dev/null +++ b/Modules/schema.h @@ -0,0 +1,14 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: schema.h,v 1.5 2009/04/17 12:19:09 stroeder Exp $ */ + +#ifndef __h_schema_ +#define __h_schema_ + + + +#include "common.h" +extern void LDAPinit_schema( PyObject* ); + + +#endif /* __h_schema_ */ + diff --git a/Modules/version.c b/Modules/version.c new file mode 100644 index 0000000..264a285 --- /dev/null +++ b/Modules/version.c @@ -0,0 +1,20 @@ +/* Set release version + * See http://www.python-ldap.org/ for details. + * $Id: version.c,v 1.4 2009/04/17 12:19:09 stroeder Exp $ */ + +#include "common.h" + +#define _STR(x) #x +#define STR(x) _STR(x) + +static char version_str[] = STR(LDAPMODULE_VERSION); + +void +LDAPinit_version( PyObject* d ) +{ + PyObject *version; + + version = PyString_FromString(version_str); + PyDict_SetItemString( d, "__version__", version ); + Py_DECREF(version); +} diff --git a/Modules/version.h b/Modules/version.h new file mode 100644 index 0000000..d9a36d9 --- /dev/null +++ b/Modules/version.h @@ -0,0 +1,12 @@ +/* Set release version + * See http://www.python-ldap.org/ for details. + * $Id: version.h,v 1.4 2009/04/17 12:19:09 stroeder Exp $ */ + +#ifndef __h_version_ +#define __h_version_ + + +#include "common.h" +extern void LDAPinit_version( PyObject* d ); + +#endif /* __h_version_ */ From e1aa8183a713d55783c400a71ae382d1d6e56082 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 17 Apr 2009 14:34:34 +0000 Subject: [PATCH 031/868] Refer to new project home-page --- Lib/ldap/cidict.py | 125 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 Lib/ldap/cidict.py diff --git a/Lib/ldap/cidict.py b/Lib/ldap/cidict.py new file mode 100644 index 0000000..b0a0a85 --- /dev/null +++ b/Lib/ldap/cidict.py @@ -0,0 +1,125 @@ +""" +This is a convenience wrapper for dictionaries +returned from LDAP servers containing attribute +names of variable case. + +See http://www.python-ldap.org/ for details. + +$Id: cidict.py,v 1.13 2009/04/17 14:34:34 stroeder Exp $ +""" + +__version__ = """$Revision: 1.13 $""" + +from UserDict import UserDict +from string import lower + +class cidict(UserDict): + """ + Case-insensitive but case-respecting dictionary. + """ + + def __init__(self,default=None): + self._keys = {} + UserDict.__init__(self,{}) + self.update(default or {}) + + def __getitem__(self,key): + return self.data[lower(key)] + + def __setitem__(self,key,value): + lower_key = lower(key) + self._keys[lower_key] = key + self.data[lower_key] = value + + def __delitem__(self,key): + lower_key = lower(key) + del self._keys[lower_key] + del self.data[lower_key] + + def update(self,dict): + for key in dict.keys(): + self[key] = dict[key] + + def has_key(self,key): + return UserDict.has_key(self,lower(key)) + + def __contains__(self,key): + return self.has_key(key) + + def get(self,key,failobj=None): + try: + return self[key] + except KeyError: + return failobj + + def keys(self): + return self._keys.values() + + def items(self): + result = [] + for k in self._keys.values(): + result.append((k,self[k])) + return result + + +def strlist_minus(a,b): + """ + Return list of all items in a which are not in b (a - b). + a,b are supposed to be lists of case-insensitive strings. + """ + temp = cidict() + for elt in b: + temp[elt] = elt + result = [ + elt + for elt in a + if not temp.has_key(elt) + ] + return result + + +def strlist_intersection(a,b): + """ + Return intersection of two lists of case-insensitive strings a,b. + """ + temp = cidict() + for elt in a: + temp[elt] = elt + result = [ + temp[elt] + for elt in b + if temp.has_key(elt) + ] + return result + + +def strlist_union(a,b): + """ + Return union of two lists of case-insensitive strings a,b. + """ + temp = cidict() + for elt in a: + temp[elt] = elt + for elt in b: + temp[elt] = elt + return temp.values() + + +if __debug__ and __name__ == '__main__': + x = { 'AbCDeF' : 123 } + cix = cidict(x) + assert cix["ABCDEF"] == 123 + assert cix.get("ABCDEF",None) == 123 + assert cix.get("not existent",None) is None + cix["xYZ"] = 987 + assert cix["XyZ"] == 987 + assert cix.get("XyZ",None) == 987 + cix_keys = cix.keys() + cix_keys.sort() + assert cix_keys==['AbCDeF','xYZ'],ValueError(repr(cix_keys)) + cix_items = cix.items() + cix_items.sort() + assert cix_items==[('AbCDeF',123),('xYZ',987)],ValueError(repr(cix_items)) + del cix["abcdEF"] + assert not cix._keys.has_key("abcdef") + assert not cix.has_key("AbCDef") From 434b5d44b07fa6b5dbac35c72ee222c4db7693de Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 29 Apr 2009 18:13:55 +0000 Subject: [PATCH 032/868] Fixed ldap.schema.tokenizer.split_tokens() to accept a single DOLLAR as separator --- Lib/ldap/schema/tokenizer.py | 85 +++++++++++++++++++++++++ Tests/Lib/ldap/schema/test_tokenizer.py | 30 +++++++++ 2 files changed, 115 insertions(+) create mode 100644 Lib/ldap/schema/tokenizer.py create mode 100644 Tests/Lib/ldap/schema/test_tokenizer.py diff --git a/Lib/ldap/schema/tokenizer.py b/Lib/ldap/schema/tokenizer.py new file mode 100644 index 0000000..469c326 --- /dev/null +++ b/Lib/ldap/schema/tokenizer.py @@ -0,0 +1,85 @@ +""" +ldap.schema.tokenizer - Low-level parsing functions for schema element strings + +See http://www.python-ldap.org/ for details. + +\$Id: tokenizer.py,v 1.13 2009/04/29 18:13:55 stroeder Exp $ +""" + + +def split_tokens(s,keywordDict): + """ + Returns list of syntax elements with quotes and spaces + stripped. + """ + result = [] + result_append = result.append + s_len = len(s) + i = 0 + while istart: + result_append(s[start:i]) + result_append(s[i]) + i +=1 # Consume parentheses + start = i + elif s[i]==" " or s[i]=="$": + if i>start: + result_append(s[start:i]) + i +=1 + # Consume more space chars + while istart: + result_append(s[start:i]) + i +=1 + if i>=s_len: + break + start = i + while i=start: + result_append(s[start:i]) + i +=1 + return result # split_tokens() + + +def extract_tokens(l,known_tokens): + """ + Returns dictionary of known tokens with all values + """ + assert l[0].strip()=="(" and l[-1].strip()==")",ValueError(l) + result = {} + result_has_key = result.has_key + result.update(known_tokens) + i = 0 + l_len = len(l) + while i',l + print 'differs from',r From 45dd1fc1fa0f14c0f412651f81b714c74df8b062 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 26 Jul 2009 11:09:58 +0000 Subject: [PATCH 033/868] All sub-modules import __version__ from main module ldap --- Lib/ldap/sasl.py | 111 ++++++++++++++++++++++++++++++++++++ Lib/ldap/schema/__init__.py | 12 ++++ 2 files changed, 123 insertions(+) create mode 100644 Lib/ldap/sasl.py create mode 100644 Lib/ldap/schema/__init__.py diff --git a/Lib/ldap/sasl.py b/Lib/ldap/sasl.py new file mode 100644 index 0000000..4e2d23c --- /dev/null +++ b/Lib/ldap/sasl.py @@ -0,0 +1,111 @@ +""" +sasl.py - support for SASL mechanism + +See http://www.python-ldap.org/ for details. + +\$Id: sasl.py,v 1.15 2009/07/26 11:09:58 stroeder Exp $ + +Description: +The ldap.sasl module provides SASL authentication classes. +Each class provides support for one SASL mechanism. This is done by +implementing a callback() - method, which will be called by the +LDAPObject's sasl_bind_s() method +Implementing support for new sasl mechanism is very easy --- see +the examples of digest_md5 and gssapi. + +Compability: +- Tested with Python 2.0+ but should work with Python 1.5.x +""" + +from ldap import __version__ + +if __debug__: + # Tracing is only supported in debugging mode + import traceback + from ldap import _trace_level,_trace_file,_trace_stack_limit + +# These are the SASL callback id's , as defined in sasl.h +CB_USER = 0x4001 +CB_AUTHNAME = 0x4002 +CB_LANGUAGE = 0x4003 +CB_PASS = 0x4004 +CB_ECHOPROMPT = 0x4005 +CB_NOECHOPROMPT= 0x4006 +CB_GETREALM = 0x4007 + +class sasl: + """This class handles SASL interactions for authentication. + If an instance of this class is passed to ldap's sasl_bind_s() + method, the library will call its callback() method. For + specific SASL authentication mechanisms, this method can be + overridden""" + + def __init__(self,cb_value_dict,mech): + """ The (generic) base class takes a cb_value_dictionary of + question-answer pairs. Questions are specified by the respective + SASL callback id's. The mech argument is a string that specifies + the SASL mechaninsm to be uesd.""" + self.cb_value_dict = cb_value_dict or {} + self.mech = mech + + def callback(self,cb_id,challenge,prompt,defresult): + """ The callback method will be called by the sasl_bind_s() + method several times. Each time it will provide the id, which + tells us what kind of information is requested (the CB_ ... + constants above). The challenge might be a short (english) text + or some binary string, from which the return value is calculated. + The prompt argument is always a human-readable description string; + The defresult is a default value provided by the sasl library + + Currently, we do not use the challenge and prompt information, and + return only information which is stored in the self.cb_value_dict + cb_value_dictionary. Note that the current callback interface is not very + useful for writing generic sasl GUIs, which would need to know all + the questions to ask, before the answers are returned to the sasl + lib (in contrast to one question at a time).""" + + # The following print command might be useful for debugging + # new sasl mechanisms. So it is left here + cb_result = self.cb_value_dict.get(cb_id,defresult) or '' + if __debug__: + if _trace_level>=1: + _trace_file.write("*** id=%d, challenge=%s, prompt=%s, defresult=%s\n-> %s\n" % ( + cb_id, challenge, prompt, repr(defresult), repr(self.cb_value_dict.get(cb_result)) + )) + return cb_result + + +class cram_md5(sasl): + """This class handles SASL CRAM-MD5 authentication.""" + + def __init__(self,authc_id, password, authz_id=""): + auth_dict = {CB_AUTHNAME:authc_id, CB_PASS:password, + CB_USER:authz_id} + sasl.__init__(self,auth_dict,"CRAM-MD5") + + +class digest_md5(sasl): + """This class handles SASL DIGEST-MD5 authentication.""" + + def __init__(self,authc_id, password, authz_id=""): + auth_dict = {CB_AUTHNAME:authc_id, CB_PASS:password, + CB_USER:authz_id} + sasl.__init__(self,auth_dict,"DIGEST-MD5") + + +class gssapi(sasl): + """This class handles SASL GSSAPI (i.e. Kerberos V) + authentication.""" + + def __init__(self,authz_id=""): + sasl.__init__(self, {CB_USER:authz_id},"GSSAPI") + + +class external(sasl): + """This class handles SASL EXTERNAL authentication + (i.e. X.509 client certificate)""" + + def __init__(self,authz_id=""): + sasl.__init__(self, {CB_USER:authz_id},"EXTERNAL") + + diff --git a/Lib/ldap/schema/__init__.py b/Lib/ldap/schema/__init__.py new file mode 100644 index 0000000..641afa8 --- /dev/null +++ b/Lib/ldap/schema/__init__.py @@ -0,0 +1,12 @@ +""" +ldap.schema - LDAPv3 schema handling + +See http://www.python-ldap.org/ for details. + +\$Id: __init__.py,v 1.7 2009/07/26 11:09:58 stroeder Exp $ +""" + +from ldap import __version__ + +from ldap.schema.subentry import SubSchema,SCHEMA_ATTRS,SCHEMA_CLASS_MAPPING,SCHEMA_ATTR_MAPPING,urlfetch +from ldap.schema.models import * From 0341c24b6736ea71e16ac9c99c3e19de08aec8f5 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 1 Aug 2009 08:50:29 +0000 Subject: [PATCH 034/868] Correctly use ldap.async.AsyncSearchHandler, some other cosmetic corrections --- Demo/Lib/ldap/async/deltree.py | 80 ++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 Demo/Lib/ldap/async/deltree.py diff --git a/Demo/Lib/ldap/async/deltree.py b/Demo/Lib/ldap/async/deltree.py new file mode 100644 index 0000000..58df3b3 --- /dev/null +++ b/Demo/Lib/ldap/async/deltree.py @@ -0,0 +1,80 @@ +import ldap,ldap.async + +class DeleteLeafs(ldap.async.AsyncSearchHandler): + """ + Class for deleting entries which are results of a search. + + DNs of Non-leaf entries are collected in DeleteLeafs.nonLeafEntries. + """ + _entryResultTypes = ldap.async._entryResultTypes + + def __init__(self,l): + ldap.async.AsyncSearchHandler.__init__(self,l) + self.nonLeafEntries = [] + self.deletedEntries = 0 + + def startSearch(self,searchRoot,searchScope): + if not searchScope in [ldap.SCOPE_ONELEVEL,ldap.SCOPE_SUBTREE]: + raise ValueError, "Parameter searchScope must be either ldap.SCOPE_ONELEVEL or ldap.SCOPE_SUBTREE." + self.nonLeafEntries = [] + self.deletedEntries = 0 + ldap.async.AsyncSearchHandler.startSearch( + self, + searchRoot, + searchScope, + filterStr='(objectClass=*)', + attrList=['hasSubordinates','numSubordinates'], + attrsOnly=0, + ) + + def _processSingleResult(self,resultType,resultItem): + if self._entryResultTypes.has_key(resultType): + # Don't process search references + dn,entry = resultItem + hasSubordinates = entry.get( + 'hasSubordinates', + entry.get('hassubordinates',['FALSE'] + ) + )[0] + numSubordinates = entry.get( + 'numSubordinates', + entry.get('numsubordinates',['0']) + )[0] + if hasSubordinates=='TRUE' or int(numSubordinates): + self.nonLeafEntries.append(dn) + else: + try: + self._l.delete_s(dn) + except ldap.NOT_ALLOWED_ON_NONLEAF,e: + self.nonLeafEntries.append(dn) + else: + self.deletedEntries = self.deletedEntries+1 + + +def DelTree(l,dn,scope=ldap.SCOPE_ONELEVEL): + """ + Recursively delete entries below or including entry with name dn. + """ + leafs_deleter = DeleteLeafs(l) + leafs_deleter.startSearch(dn,scope) + leafs_deleter.processResults() + deleted_entries = leafs_deleter.deletedEntries + non_leaf_entries = leafs_deleter.nonLeafEntries[:] + while non_leaf_entries: + dn = non_leaf_entries.pop() + print deleted_entries,len(non_leaf_entries),dn + leafs_deleter.startSearch(dn,ldap.SCOPE_SUBTREE) + leafs_deleter.processResults() + deleted_entries = deleted_entries+leafs_deleter.deletedEntries + non_leaf_entries.extend(leafs_deleter.nonLeafEntries) + return # DelTree() + + +# Create LDAPObject instance +l = ldap.initialize('ldap://localhost:1390') + +# Try a bind to provoke failure if protocol version is not supported +l.simple_bind_s('cn=Directory Manager,dc=IMC,dc=org','controller') + +# Delete all entries *below* the entry dc=Delete,dc=IMC,dc=org +DelTree(l,'dc=Delete,dc=IMC,dc=org',ldap.SCOPE_ONELEVEL) From 5fac716fb5bd10dc65ea422087bd7d15e718c756 Mon Sep 17 00:00:00 2001 From: leonard Date: Tue, 4 Aug 2009 05:39:10 +0000 Subject: [PATCH 035/868] Changed internal API List_to_LDAPControls() to LDAPControls_from_object() Reasons: exported symbols of the library should begin with "LDAP", also gives us a function with a converter signature we can use later. --- Modules/ldapcontrol.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Modules/ldapcontrol.h diff --git a/Modules/ldapcontrol.h b/Modules/ldapcontrol.h new file mode 100644 index 0000000..f615858 --- /dev/null +++ b/Modules/ldapcontrol.h @@ -0,0 +1,15 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: ldapcontrol.h,v 1.6 2009/08/04 05:39:10 leonard Exp $ */ + +#ifndef __h_ldapcontrol +#define __h_ldapcontrol + +#include "common.h" +#include "ldap.h" + +void LDAPinit_control(PyObject *d); +void LDAPControl_List_DEL( LDAPControl** ); +int LDAPControls_from_object(PyObject *, LDAPControl ***); +PyObject* LDAPControls_to_List(LDAPControl **ldcs); + +#endif /* __h_ldapcontrol */ From c876b63acfcbe64c515e05cb43ec6dd9c166b95e Mon Sep 17 00:00:00 2001 From: leonard Date: Sun, 16 Aug 2009 06:20:46 +0000 Subject: [PATCH 036/868] Add some unit tests --- Tests/t_search.py | 95 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 Tests/t_search.py diff --git a/Tests/t_search.py b/Tests/t_search.py new file mode 100644 index 0000000..e938cab --- /dev/null +++ b/Tests/t_search.py @@ -0,0 +1,95 @@ +import ldap, unittest +import slapd + +from ldap.ldapobject import LDAPObject + +server = None + +class TestSearch(unittest.TestCase): + + def setUp(self): + global server + if server is None: + server = slapd.Slapd() + server.start() + base = server.get_dn_suffix() + + # insert some Foo* objects via ldapadd + server.ldapadd("\n".join([ + "dn: cn=Foo1,"+base, + "objectClass: organizationalRole", + "cn: Foo1", + "", + "dn: cn=Foo2,"+base, + "objectClass: organizationalRole", + "cn: Foo2", + "", + "dn: cn=Foo3,"+base, + "objectClass: organizationalRole", + "cn: Foo3", + "", + "dn: ou=Container,"+base, + "objectClass: organizationalUnit", + "ou: Container", + "", + "dn: cn=Foo4,ou=Container,"+base, + "objectClass: organizationalRole", + "cn: Foo4", + "", + ])+"\n") + + l = LDAPObject(server.get_url()) + l.protocol_version = 3 + l.set_option(ldap.OPT_REFERRALS,0) + l.simple_bind_s(server.get_root_dn(), + server.get_root_password()) + self.ldap = l + self.server = server + + def test_search_subtree(self): + base = self.server.get_dn_suffix() + l = self.ldap + + result = l.search_s(base, ldap.SCOPE_SUBTREE, '(cn=Foo*)', ['*']) + result.sort() + self.assertEquals(result, + [('cn=Foo1,'+base, + {'cn': ['Foo1'], 'objectClass': ['organizationalRole']}), + ('cn=Foo2,'+base, + {'cn': ['Foo2'], 'objectClass': ['organizationalRole']}), + ('cn=Foo3,'+base, + {'cn': ['Foo3'], 'objectClass': ['organizationalRole']}), + ('cn=Foo4,ou=Container,'+base, + {'cn': ['Foo4'], 'objectClass': ['organizationalRole']}), + ] + ) + + def test_search_onelevel(self): + base = self.server.get_dn_suffix() + l = self.ldap + + result = l.search_s(base, ldap.SCOPE_ONELEVEL, '(cn=Foo*)', ['*']) + result.sort() + self.assertEquals(result, + [('cn=Foo1,'+base, + {'cn': ['Foo1'], 'objectClass': ['organizationalRole']}), + ('cn=Foo2,'+base, + {'cn': ['Foo2'], 'objectClass': ['organizationalRole']}), + ('cn=Foo3,'+base, + {'cn': ['Foo3'], 'objectClass': ['organizationalRole']}), + ] + ) + + def test_search_oneattr(self): + base = self.server.get_dn_suffix() + l = self.ldap + + result = l.search_s(base, ldap.SCOPE_SUBTREE, '(cn=Foo4)', ['cn']) + result.sort() + self.assertEquals(result, + [('cn=Foo4,ou=Container,'+base, {'cn': ['Foo4']})] + ) + + +if __name__ == '__main__': + unittest.main() From ce8aca92cfd9340ca50d6c65b483e2a8e4269d53 Mon Sep 17 00:00:00 2001 From: leonard Date: Mon, 17 Aug 2009 00:06:49 +0000 Subject: [PATCH 037/868] Add more tests for the C Extension module. --- Tests/slapd.py | 383 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 383 insertions(+) create mode 100644 Tests/slapd.py diff --git a/Tests/slapd.py b/Tests/slapd.py new file mode 100644 index 0000000..48747fa --- /dev/null +++ b/Tests/slapd.py @@ -0,0 +1,383 @@ + +""" +Utilities for starting up a test slapd server +and talking to it with ldapsearch/ldapadd. +""" + +import sys, os, socket, time, subprocess, logging + +_log = logging.getLogger("slapd") + +def quote(s): + '''Quotes the '"' and '\' characters in a string and surrounds with "..."''' + return '"' + s.replace('\\','\\\\').replace('"','\\"') + '"' + +def mkdirs(path): + """Creates the directory path unless it already exists""" + if not os.access(os.path.join(path, os.path.curdir), os.F_OK): + _log.debug("creating temp directory %s", path) + os.mkdir(path) + return path + +def delete_directory_content(path): + for dirpath,dirnames,filenames in os.walk(path, topdown=False): + for n in filenames: + _log.info("remove %s", os.path.join(dirpath, n)) + os.remove(os.path.join(dirpath, n)) + for n in dirnames: + _log.info("rmdir %s", os.path.join(dirpath, n)) + os.rmdir(os.path.join(dirpath, n)) + +LOCALHOST = '127.0.0.1' + +def find_available_tcp_port(host=LOCALHOST): + s = socket.socket() + s.bind((host, 0)) + port = s.getsockname()[1] + s.close() + _log.info("Found available port %d", port) + return port + +class Slapd: + """ + Controller class for a slapd instance, OpenLDAP's server. + + This class creates a temporary data store for slapd, runs it + on a private port, and initialises it with a top-level dc and + the root user. + + When a reference to an instance of this class is lost, the slapd + server is shut down. + """ + + _log = logging.getLogger("Slapd") + + # Use /var/tmp to placate apparmour on Ubuntu: + PATH_TMPDIR = "/var/tmp/python-ldap-test" + PATH_SBINDIR = "/usr/sbin" + PATH_BINDIR = "/usr/bin" + PATH_SCHEMA_CORE = "/etc/ldap/schema/core.schema" + PATH_LDAPADD = os.path.join(PATH_BINDIR, "ldapadd") + PATH_LDAPSEARCH = os.path.join(PATH_BINDIR, "ldapsearch") + PATH_SLAPD = os.path.join(PATH_SBINDIR, "slapd") + PATH_SLAPTEST = os.path.join(PATH_SBINDIR, "slaptest") + + # TODO add paths for other OSs + + def check_paths(cls): + """ + Checks that the configured executable paths look valid. + If they don't, then logs warning messages (not errors). + """ + for name,path in ( + ("slapd", cls.PATH_SLAPD), + ("ldapadd", cls.PATH_LDAPADD), + ("ldapsearch", cls.PATH_LDAPSEARCH), + ): + cls._log.debug("checking %s executable at %s", name, path) + if not os.access(path, os.X_OK): + cls._log.warn("cannot find %s executable at %s", name, path) + check_paths = classmethod(check_paths) + + def __init__(self): + self._config = [] + self._proc = None + self._port = 0 + self._tmpdir = self.PATH_TMPDIR + self._dn_suffix = "dc=python-ldap,dc=org" + self._root_cn = "Manager" + self._root_password = "password" + self._slapd_debug_level = 0 + + # Setters + def set_port(self, port): + self._port = port + def set_dn_suffix(self, dn): + self._dn_suffix = dn + def set_root_cn(self, cn): + self._root_cn = cn + def set_root_password(self, pw): + self._root_password = pw + def set_tmpdir(self, path): + self._tmpdir = path + def set_slapd_debug_level(self, level): + self._slapd_debug_level = level + def set_debug(self): + self._log.setLevel(logging.DEBUG) + self.set_slapd_debug_level('Any') + + # getters + def get_url(self): + return "ldap://%s:%d/" % self.get_address() + def get_address(self): + if self._port == 0: + self._port = find_available_tcp_port(LOCALHOST) + return (LOCALHOST, self._port) + def get_dn_suffix(self): + return self._dn_suffix + def get_root_dn(self): + return "cn=" + self._root_cn + "," + self.get_dn_suffix() + def get_root_password(self): + return self._root_password + def get_tmpdir(self): + return self._tmpdir + + def __del__(self): + self.stop() + + def configure(self, cfg): + """ + Appends slapd.conf configuration lines to cfg. + Also re-initializes any backing storage. + Feel free to subclass and override this method. + """ + + # Global + cfg.append("include " + quote(self.PATH_SCHEMA_CORE)) + cfg.append("allow bind_v2") + + # Database + ldif_dir = mkdirs(os.path.join(self.get_tmpdir(), "ldif-data")) + delete_directory_content(ldif_dir) # clear it out + cfg.append("database ldif") + cfg.append("directory " + quote(ldif_dir)) + + cfg.append("suffix " + quote(self.get_dn_suffix())) + cfg.append("rootdn " + quote(self.get_root_dn())) + cfg.append("rootpw " + quote(self.get_root_password())) + + def _write_config(self): + """Writes the slapd.conf file out, and returns the path to it.""" + path = os.path.join(self._tmpdir, "slapd.conf") + ldif_dir = mkdirs(self._tmpdir) + if os.access(path, os.F_OK): + self._log.debug("deleting existing %s", path) + os.remove(path) + self._log.debug("writing config to %s", path) + file(path, "w").writelines([line + "\n" for line in self._config]) + return path + + def start(self): + """ + Starts the slapd server process running, and waits for it to come up. + """ + if self._proc is None: + ok = False + config_path = None + try: + self.configure(self._config) + self._test_configuration() + self._start_slapd() + self._wait_for_slapd() + ok = True + self._log.debug("slapd ready at %s", self.get_url()) + self.started() + finally: + if not ok: + if config_path: + try: os.remove(config_path) + except os.error: pass + if self._proc: + self.stop() + + def _start_slapd(self): + # Spawns/forks the slapd process + config_path = self._write_config() + self._log.info("starting slapd") + self._proc = subprocess.Popen([self.PATH_SLAPD, + "-f", config_path, + "-h", self.get_url(), + "-d", str(self._slapd_debug_level), + ]) + self._proc_config = config_path + + def _wait_for_slapd(self): + # Waits until the LDAP server socket is open, or slapd crashed + s = socket.socket() + while 1: + if self._proc.poll() is not None: + self._stopped() + raise RuntimeError("slapd exited before opening port") + try: + self._log.debug("Connecting to %s", repr(self.get_address())) + s.connect(self.get_address()) + s.close() + return + except socket.error: + time.sleep(1) + + def stop(self): + """Stops the slapd server, and waits for it to terminate""" + if self._proc is not None: + self._log.debug("stopping slapd") + if hasattr(self._proc, 'terminate'): + self._proc.terminate() + else: + import posix, signal + posix.kill(self._proc.pid, signal.SIGHUP) + #time.sleep(1) + #posix.kill(self._proc.pid, signal.SIGTERM) + #posix.kill(self._proc.pid, signal.SIGKILL) + self.wait() + + def restart(self): + """ + Restarts the slapd server; ERASING previous content. + Starts the server even it if isn't already running. + """ + self.stop() + self.start() + + def wait(self): + """Waits for the slapd process to terminate by itself.""" + if self._proc: + self._proc.wait() + self._stopped() + + def _stopped(self): + """Called when the slapd server is known to have terminated""" + if self._proc is not None: + self._log.info("slapd terminated") + self._proc = None + try: + os.remove(self._proc_config) + except os.error: + self._log.debug("could not remove %s", self._proc_config) + + def _test_configuration(self): + config_path = self._write_config() + try: + self._log.debug("testing configuration") + verboseflag = "-Q" + if self._log.isEnabledFor(logging.DEBUG): + verboseflag = "-v" + p = subprocess.Popen([ + self.PATH_SLAPTEST, + verboseflag, + "-f", config_path + ]) + if p.wait() != 0: + raise RuntimeError("configuration test failed") + self._log.debug("configuration seems ok") + finally: + os.remove(config_path) + + def ldapadd(self, ldif, extra_args=[]): + """Runs ldapadd on this slapd instance, passing it the ldif content""" + self._log.debug("adding %s", repr(ldif)) + p = subprocess.Popen([self.PATH_LDAPADD, + "-x", + "-D", self.get_root_dn(), + "-w", self.get_root_password(), + "-H", self.get_url()] + extra_args, + stdin = subprocess.PIPE, stdout=subprocess.PIPE) + p.communicate(ldif) + if p.wait() != 0: + raise RuntimeError("ldapadd process failed") + + def ldapsearch(self, base=None, filter='(objectClass=*)', attrs=[], + scope='sub', extra_args=[]): + if base is None: base = self.get_dn_suffix() + self._log.debug("ldapsearch filter=%s", repr(filter)) + p = subprocess.Popen([self.PATH_LDAPSEARCH, + "-x", + "-D", self.get_root_dn(), + "-w", self.get_root_password(), + "-H", self.get_url(), + "-b", base, + "-s", scope, + "-LL", + ] + extra_args + [ filter ] + attrs, + stdout = subprocess.PIPE) + output = p.communicate()[0] + if p.wait() != 0: + raise RuntimeError("ldapadd process failed") + + # RFC 2849: LDIF format + # unfold + lines = [] + for l in output.split('\n'): + if l.startswith(' '): + lines[-1] = lines[-1] + l[1:] + elif l == '' and lines and lines[-1] == '': + pass # ignore multiple blank lines + else: + lines.append(l) + # Remove comments + lines = [l for l in lines if not l.startswith("#")] + + # Remove leading version and blank line(s) + if lines and lines[0] == '': del lines[0] + if not lines or lines[0] != 'version: 1': + raise RuntimeError("expected 'version: 1', got " + repr(lines[:1])) + del lines[0] + if lines and lines[0] == '': del lines[0] + + # ensure the ldif ends with a blank line (unless it is just blank) + if lines and lines[-1] != '': lines.append('') + + objects = [] + obj = [] + for line in lines: + if line == '': # end of an object + if obj[0][0] != 'dn': + raise RuntimeError("first line not dn", repr(obj)) + objects.append((obj[0][1], obj[1:])) + obj = [] + else: + attr,value = line.split(':',2) + if value.startswith(': '): + value = base64.decodestring(value[2:]) + elif value.startswith(' '): + value = value[1:] + else: + raise RuntimeError("bad line: " + repr(line)) + obj.append((attr,value)) + assert obj == [] + return objects + + def started(self): + """ + This method is called when the LDAP server has started up and is empty. + By default, this method adds the two initial objects, + the domain object and the root user object. + """ + assert self.get_dn_suffix().startswith("dc=") + suffix_dc = self.get_dn_suffix().split(',')[0][3:] + assert self.get_root_dn().startswith("cn=") + assert self.get_root_dn().endswith("," + self.get_dn_suffix()) + root_cn = self.get_root_dn().split(',')[0][3:] + + self._log.debug("adding %s and %s", + self.get_dn_suffix(), + self.get_root_dn()) + + self.ldapadd("\n".join([ + 'dn: ' + self.get_dn_suffix(), + 'objectClass: dcObject', + 'objectClass: organization', + 'dc: ' + suffix_dc, + 'o: ' + suffix_dc, + '', + 'dn: ' + self.get_root_dn(), + 'objectClass: organizationalRole', + 'cn: ' + root_cn, + '' + ])) + +Slapd.check_paths() + +if __name__ == '__main__' and sys.argv == ['run']: + logging.basicConfig(level=logging.DEBUG) + slapd = Slapd() + print("Starting slapd...") + slapd.start() + print("Contents of LDAP server follow:\n") + for dn,attrs in slapd.ldapsearch(): + print("dn: " + dn) + for name,val in attrs: + print(name + ": " + val) + print("") + print(slapd.get_url()) + slapd.wait() + From 20bee65a8ba66902675fe6c1d44dd9396c78c802 Mon Sep 17 00:00:00 2001 From: leonard Date: Mon, 17 Aug 2009 01:49:47 +0000 Subject: [PATCH 038/868] Factor out LDAPberval_to_object() Also commit other berval converters which are not yet called by anything. In places where bervals are returned as objects, PyString_FromStringAndSize() was being used. In some rare cases, a NULL berval pointer (not NULL data) is returned as None (not a string). This factors that out to the berval.c compilation unit. --- Modules/berval.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++ Modules/berval.h | 15 ++++++++ Tests/runtests.sh | 26 +++++++++++++ 3 files changed, 138 insertions(+) create mode 100644 Modules/berval.c create mode 100644 Modules/berval.h create mode 100755 Tests/runtests.sh diff --git a/Modules/berval.c b/Modules/berval.c new file mode 100644 index 0000000..1c71bb3 --- /dev/null +++ b/Modules/berval.c @@ -0,0 +1,97 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: berval.c,v 1.1 2009/08/17 01:49:47 leonard Exp $ */ + +#include "common.h" +#include "berval.h" + +/* + * Converts a Python object into a data for a berval structure. + * + * New memory is allocated, and the content of the object is copied into it. + * Then the (pre-existing) berval structure's field are filled in with pointer + * and length data. + * + * The source object must implement the buffer interface, or be None. + * If the source object is None, bv->bv_val will be set to NULL and bv_len to 0. + * Otherwise, bv->bv_val will be non-NULL (even for zero-length data). + * This allows the caller to distinguish a None argument as something special. + * + * Returns 0 on failure, leaving *bv unchanged, and setting an error. + * Returns 1 on success: the berval must be freed with LDAPberval_release(). + */ +int +LDAPberval_from_object(PyObject *obj, struct berval *bv) +{ + const void *data; + char *datacp; + Py_ssize_t len; + + if (PyNone_Check(obj)) { + bv->bv_len = 0; + bv->bv_val = NULL; + return 1; + } + + if (!PyObject_AsReadBuffer(obj, &data, &len)) + return 0; + + datacp = PyMem_MALLOC(len ? len : 1); + if (!datacp) { + PyErr_NoMemory(); + return 0; + } + memcpy(datacp, data, len); + + bv->bv_len = len; + bv->bv_val = datacp; + return 1; +} + +/* + * Returns true if the object could be used to initialize a berval structure + * with LDAPberval_from_object() + */ +int +LDAPberval_from_object_check(PyObject *obj) +{ + return PyNone_Check(obj) || + PyObject_CheckReadBuffer(obj); +} + +/* + * Releases memory allocated by LDAPberval_from_object(). + * Has no effect if the berval pointer is NULL or the berval data is NULL. + */ +void +LDAPberval_release(struct berval *bv) { + if (bv && bv->bv_val) { + PyMem_FREE(bv->bv_val); + bv->bv_len = 0; + bv->bv_val = NULL; + } +} + +/* + * Copies out the data from a berval, and returns it as a new Python object, + * Returns None if the berval pointer is NULL. + * + * Note that this function is not the exact inverse of LDAPberval_from_object + * with regards to the NULL/None conversion. + * + * Returns a new Python object on success, or NULL on failure. + */ +PyObject * +LDAPberval_to_object(const struct berval *bv) +{ + PyObject *ret = NULL; + + if (!bv) { + ret = Py_None; + Py_INCREF(ret); + } + else { + ret = PyString_FromStringAndSize(bv->bv_val, bv->bv_len); + } + + return ret; +} diff --git a/Modules/berval.h b/Modules/berval.h new file mode 100644 index 0000000..0b32438 --- /dev/null +++ b/Modules/berval.h @@ -0,0 +1,15 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: berval.h,v 1.1 2009/08/17 01:49:47 leonard Exp $ */ + +#ifndef __h_berval +#define __h_berval + +#include "common.h" +#include "lber.h" + +int LDAPberval_from_object(PyObject *obj, struct berval *bv); +int LDAPberval_from_object_check(PyObject *obj); +void LDAPberval_release(struct berval *bv); +PyObject *LDAPberval_to_object(const struct berval *bv); + +#endif /* __h_berval_ */ diff --git a/Tests/runtests.sh b/Tests/runtests.sh new file mode 100755 index 0000000..f857025 --- /dev/null +++ b/Tests/runtests.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# +# This script runs all the t_*.py tests in the current directory, +# preparing PYTHONPATH to use the most recent local build +# +# Run with -v option for verbose +# + +set -e +: ${PYTHON:="python"} +plat_specifier=`$PYTHON -c 'import sys,distutils.util; \ + print(distutils.util.get_platform()+"-"+sys.version[0:3])'` +failed= +for test in t_*.py; do + echo "$test:" + PYTHONPATH="../build/lib.$plat_specifier" $PYTHON "$test" "$@" || + failed="$failed $test" +done + +if test -n "$failed"; then + echo "Tests that failed:$failed" >&2 + exit 1 +else + echo "All tests passed. Yay." + exit 0 +fi From e54787d89cfb4da8747cbd2bb8825ced0d6b13ee Mon Sep 17 00:00:00 2001 From: leonard Date: Mon, 17 Aug 2009 05:00:57 +0000 Subject: [PATCH 039/868] issue #1964993: corrected exceptions raised by set_option/get_option --- Modules/functions.c | 151 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 Modules/functions.c diff --git a/Modules/functions.c b/Modules/functions.c new file mode 100644 index 0000000..8224cba --- /dev/null +++ b/Modules/functions.c @@ -0,0 +1,151 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: functions.c,v 1.27 2009/08/17 05:00:57 leonard Exp $ */ + +#include "common.h" +#include "functions.h" +#include "LDAPObject.h" +#include "berval.h" +#include "errors.h" +#include "options.h" + +/* ldap_initialize */ + +static PyObject* +l_ldap_initialize(PyObject* unused, PyObject *args) +{ + char *uri; + LDAP *ld = NULL; + int ret; + + if (!PyArg_ParseTuple(args, "s", &uri)) + return NULL; + + Py_BEGIN_ALLOW_THREADS + ret = ldap_initialize(&ld, uri); + Py_END_ALLOW_THREADS + if (ret != LDAP_SUCCESS) + return LDAPerror(ld, "ldap_initialize"); + return (PyObject*)newLDAPObject(ld); +} + + +/* ldap_str2dn */ + +static PyObject* +l_ldap_str2dn( PyObject* unused, PyObject *args ) +{ + struct berval str; + LDAPDN dn; + int flags = 0; + PyObject *result = NULL, *tmp; + int res, i, j; + Py_ssize_t str_len; + + /* + * From a DN string such as "a=b,c=d;e=f", build + * a list-equivalent of AVA structures; namely: + * ((('a','b',1),('c','d',1)),(('e','f',1),)) + * The integers are a bit combination of the AVA_* flags + */ + if (!PyArg_ParseTuple( args, "z#|i:str2dn", + &str.bv_val, &str_len, &flags )) + return NULL; + str.bv_len = (ber_len_t) str_len; + + res = ldap_bv2dn(&str, &dn, flags); + if (res != LDAP_SUCCESS) + return LDAPerr(res); + + tmp = PyList_New(0); + if (!tmp) + goto failed; + + for (i = 0; dn[i]; i++) { + LDAPRDN rdn; + PyObject *rdnlist; + + rdn = dn[i]; + rdnlist = PyList_New(0); + if (!rdnlist) + goto failed; + if (PyList_Append(tmp, rdnlist) == -1) { + Py_DECREF(rdnlist); + goto failed; + } + + for (j = 0; rdn[j]; j++) { + LDAPAVA *ava = rdn[j]; + PyObject *tuple; + + tuple = Py_BuildValue("(O&O&i)", + LDAPberval_to_object, &ava->la_attr, + LDAPberval_to_object, &ava->la_value, + ava->la_flags & ~(LDAP_AVA_FREE_ATTR|LDAP_AVA_FREE_VALUE)); + if (!tuple) { + Py_DECREF(rdnlist); + goto failed; + } + + if (PyList_Append(rdnlist, tuple) == -1) { + Py_DECREF(tuple); + goto failed; + } + Py_DECREF(tuple); + } + Py_DECREF(rdnlist); + } + + result = tmp; + tmp = NULL; + +failed: + Py_XDECREF(tmp); + ldap_dnfree(dn); + return result; +} + +/* ldap_set_option (global options) */ + +static PyObject* +l_ldap_set_option(PyObject* self, PyObject *args) +{ + PyObject *value; + int option; + + if (!PyArg_ParseTuple(args, "iO:set_option", &option, &value)) + return NULL; + if (!LDAP_set_option(NULL, option, value)) + return NULL; + Py_INCREF(Py_None); + return Py_None; +} + +/* ldap_get_option (global options) */ + +static PyObject* +l_ldap_get_option(PyObject* self, PyObject *args) +{ + int option; + + if (!PyArg_ParseTuple(args, "i:get_option", &option)) + return NULL; + return LDAP_get_option(NULL, option); +} + + +/* methods */ + +static PyMethodDef methods[] = { + { "initialize", (PyCFunction)l_ldap_initialize, METH_VARARGS }, + { "str2dn", (PyCFunction)l_ldap_str2dn, METH_VARARGS }, + { "set_option", (PyCFunction)l_ldap_set_option, METH_VARARGS }, + { "get_option", (PyCFunction)l_ldap_get_option, METH_VARARGS }, + { NULL, NULL } +}; + +/* initialisation */ + +void +LDAPinit_functions( PyObject* d ) { + LDAPadd_methods( d, methods ); +} From 162cedf71ba62b3944d18a27ed206d55e679f966 Mon Sep 17 00:00:00 2001 From: leonard Date: Mon, 17 Aug 2009 05:38:17 +0000 Subject: [PATCH 040/868] Avoid leaking slapd processes when testing --- Tests/t_cext.py | 616 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 616 insertions(+) create mode 100644 Tests/t_cext.py diff --git a/Tests/t_cext.py b/Tests/t_cext.py new file mode 100644 index 0000000..7a44c92 --- /dev/null +++ b/Tests/t_cext.py @@ -0,0 +1,616 @@ + +import unittest, slapd +import _ldap +import logging + +reusable_server = None +def get_reusable_server(): + global reusable_server + if reusable_server is None: + reusable_server = slapd.Slapd() + return reusable_server + +class TestLdapCExtension(unittest.TestCase): + """Tests the LDAP C Extension module, _ldap. + These tests apply only to the _ldap module and bypass the + LDAPObject wrapper completely.""" + + timeout = 3 + + def _init_server(self, reuse_existing=True): + global reusable_server + """Sets self.server to a test LDAP server and self.base + to its base""" + if reuse_existing: + server = get_reusable_server() + else: + server = slapd.Slapd() # private server + #server.set_debug() # enables verbose messages + server.start() # no effect if already started + self.server = server + self.base = server.get_dn_suffix() + return server + + def _init(self, reuse_existing=True, bind=True): + """Starts a server, and returns a LDAPObject bound to it""" + server = self._init_server(reuse_existing) + l = _ldap.initialize(server.get_url()) + if bind: + # Perform a simple bind + l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) + m = l.simple_bind(server.get_root_dn(), server.get_root_password()) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ONE, self.timeout) + self.assertTrue(result, _ldap.RES_BIND) + return l + + def assertNotNone(self, expr, msg=None): + self.failIf(expr is None, msg or repr(expr)) + def assertNone(self, expr, msg=None): + self.failIf(expr is not None, msg or repr(expr)) + + # Test for the existence of a whole bunch of constants + # that the C module is supposed to export + def test_constants(self): + self.assertEquals(_ldap.PORT, 389) + self.assertEquals(_ldap.VERSION1, 1) + self.assertEquals(_ldap.VERSION2, 2) + self.assertEquals(_ldap.VERSION3, 3) + + # constants for result3() + self.assertEquals(_ldap.RES_BIND, 0x61) + self.assertEquals(_ldap.RES_SEARCH_ENTRY, 0x64) + self.assertEquals(_ldap.RES_SEARCH_RESULT, 0x65) + self.assertEquals(_ldap.RES_MODIFY, 0x67) + self.assertEquals(_ldap.RES_ADD, 0x69) + self.assertEquals(_ldap.RES_DELETE, 0x6b) + self.assertEquals(_ldap.RES_MODRDN, 0x6d) + self.assertEquals(_ldap.RES_COMPARE, 0x6f) + self.assertEquals(_ldap.RES_SEARCH_REFERENCE, 0x73) # v3 + self.assertEquals(_ldap.RES_EXTENDED, 0x78) # v3 + #self.assertEquals(_ldap.RES_INTERMEDIATE, 0x79) # v3 + self.assertNotNone(_ldap.RES_ANY) + self.assertNotNone(_ldap.RES_UNSOLICITED) + + self.assertNotNone(_ldap.AUTH_NONE) + self.assertNotNone(_ldap.AUTH_SIMPLE) + + self.assertNotNone(_ldap.SCOPE_BASE) + self.assertNotNone(_ldap.SCOPE_ONELEVEL) + self.assertNotNone(_ldap.SCOPE_SUBTREE) + + self.assertNotNone(_ldap.MOD_ADD) + self.assertNotNone(_ldap.MOD_DELETE) + self.assertNotNone(_ldap.MOD_REPLACE) + self.assertNotNone(_ldap.MOD_INCREMENT) + self.assertNotNone(_ldap.MOD_BVALUES) + + # for result3() + self.assertNotNone(_ldap.MSG_ONE) + self.assertNotNone(_ldap.MSG_ALL) + self.assertNotNone(_ldap.MSG_RECEIVED) + + # for OPT_DEFEF + self.assertNotNone(_ldap.DEREF_NEVER) + self.assertNotNone(_ldap.DEREF_SEARCHING) + self.assertNotNone(_ldap.DEREF_FINDING) + self.assertNotNone(_ldap.DEREF_ALWAYS) + + # for OPT_SIZELIMIT, OPT_TIMELIMIT + self.assertNotNone(_ldap.NO_LIMIT) + + # standard options + self.assertNotNone(_ldap.OPT_API_INFO) + self.assertNotNone(_ldap.OPT_DEREF) + self.assertNotNone(_ldap.OPT_SIZELIMIT) + self.assertNotNone(_ldap.OPT_TIMELIMIT) + self.assertNotNone(_ldap.OPT_REFERRALS) + self.assertNotNone(_ldap.OPT_RESTART) + self.assertNotNone(_ldap.OPT_PROTOCOL_VERSION) + self.assertNotNone(_ldap.OPT_SERVER_CONTROLS) + self.assertNotNone(_ldap.OPT_CLIENT_CONTROLS) + self.assertNotNone(_ldap.OPT_API_FEATURE_INFO) + self.assertNotNone(_ldap.OPT_HOST_NAME) + self.assertNotNone(_ldap.OPT_ERROR_NUMBER) # = OPT_RESULT_CODE + self.assertNotNone(_ldap.OPT_ERROR_STRING) # = OPT_DIAGNOSITIC_MESSAGE + self.assertNotNone(_ldap.OPT_MATCHED_DN) + + # OpenLDAP specific + self.assertNotNone(_ldap.OPT_DEBUG_LEVEL) + self.assertNotNone(_ldap.OPT_TIMEOUT) + self.assertNotNone(_ldap.OPT_REFHOPLIMIT) + self.assertNotNone(_ldap.OPT_NETWORK_TIMEOUT) + self.assertNotNone(_ldap.OPT_URI) + #self.assertNotNone(_ldap.OPT_REFERRAL_URLS) + #self.assertNotNone(_ldap.OPT_SOCKBUF) + #self.assertNotNone(_ldap.OPT_DEFBASE) + #self.assertNotNone(_ldap.OPT_CONNECT_ASYNC) + + # str2dn() + self.assertNotNone(_ldap.DN_FORMAT_LDAP) + self.assertNotNone(_ldap.DN_FORMAT_LDAPV3) + self.assertNotNone(_ldap.DN_FORMAT_LDAPV2) + self.assertNotNone(_ldap.DN_FORMAT_DCE) + self.assertNotNone(_ldap.DN_FORMAT_UFN) + self.assertNotNone(_ldap.DN_FORMAT_AD_CANONICAL) + self.assertNotNone(_ldap.DN_FORMAT_MASK) + self.assertNotNone(_ldap.DN_PRETTY) + self.assertNotNone(_ldap.DN_SKIP) + self.assertNotNone(_ldap.DN_P_NOLEADTRAILSPACES) + self.assertNotNone(_ldap.DN_P_NOSPACEAFTERRDN) + self.assertNotNone(_ldap.DN_PEDANTIC) + self.assertNotNone(_ldap.AVA_NULL) + self.assertNotNone(_ldap.AVA_STRING) + self.assertNotNone(_ldap.AVA_BINARY) + self.assertNotNone(_ldap.AVA_NONPRINTABLE) + + # these two constants are pointless? XXX + self.assertEquals(_ldap.LDAP_OPT_ON, 1) + self.assertEquals(_ldap.LDAP_OPT_OFF, 0) + + # these constants useless after ldap_url_parse() was dropped XXX + self.assertNotNone(_ldap.URL_ERR_BADSCOPE) + self.assertNotNone(_ldap.URL_ERR_MEM) + + def test_simple_bind(self): + l = self._init() + + def test_simple_anonymous_bind(self): + l = self._init(bind=False) + m = l.simple_bind("", "") + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertTrue(result, _ldap.RES_BIND) + self.assertEquals(msgid, m) + self.assertEquals(pmsg, []) + self.assertEquals(ctrls, []) + + # see if we can get the rootdse while we're here + m = l.search_ext("", _ldap.SCOPE_BASE, '(objectClass=*)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertEquals(pmsg[0][0], "") # rootDSE has no dn + self.assertEquals(msgid, m) + self.assertTrue(pmsg[0][1].has_key('objectClass')) + + def test_unbind(self): + l = self._init() + m = l.unbind_ext() + self.assertNone(m) + + # Second attempt to unbind should yield an exception + try: l.unbind_ext() + except _ldap.error: pass + + def test_search_ext_individual(self): + l = self._init() + + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, + '(objectClass=dcObject)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ONE, self.timeout) + + # Expect to get just one object + self.assertEquals(result, _ldap.RES_SEARCH_ENTRY) + self.assertEquals(len(pmsg), 1) + self.assertEquals(len(pmsg[0]), 2) + self.assertEquals(pmsg[0][0], self.base) + self.assertEquals(pmsg[0][0], self.base) + self.assertTrue('dcObject' in pmsg[0][1]['objectClass']) + self.assertTrue('organization' in pmsg[0][1]['objectClass']) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ONE, self.timeout) + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertEquals(pmsg, []) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + def test_abandon(self): + l = self._init() + + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(objectClass=*)') + + ret = l.abandon_ext(m) + self.assertNone(ret) + + got_timeout = False + try: + r = l.result3(m, _ldap.MSG_ALL, 0.3) # (timeout /could/ be longer) + except _ldap.TIMEOUT, e: + got_timeout = True + self.assertTrue(got_timeout) + + def test_search_ext_all(self): + l = self._init() + + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(objectClass=*)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + + # Expect to get some objects + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertTrue(len(pmsg) >= 2) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + def test_add(self): + l = self._init() + + m = l.add_ext("cn=Foo," + self.base, [ + ('objectClass','organizationalRole'), + ('cn', 'Foo'), + ('description', 'testing'), + ]) + + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_ADD) + self.assertEquals(pmsg, []) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + # search for it back + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=Foo)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + + # Expect to get the objects + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertEquals(len(pmsg), 1) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + self.assertEquals(pmsg[0], ('cn=Foo,'+self.base, + { 'objectClass': ['organizationalRole'], + 'cn': ['Foo'], + 'description': ['testing'] })) + + def test_compare(self): + l = self._init() + + # first, add an object with a field we can compare on + dn = "cn=CompareTest," + self.base + m = l.add_ext(dn, [ + ('objectClass','person'), + ('sn', 'CompareTest'), + ('cn', 'CompareTest'), + ('userPassword', 'the_password'), + ]) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_ADD) + + # try a false compare + m = l.compare_ext(dn, "userPassword", "bad_string") + compared_false = False + try: + r = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.fail(repr(r)) + except _ldap.COMPARE_FALSE: + compared_false = True + self.assertTrue(compared_false) + + # try a true compare + m = l.compare_ext(dn, "userPassword", "the_password") + compared_true = False + try: + r = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.fail(repr(r)) + except _ldap.COMPARE_TRUE: + compared_true = True + self.assertTrue(compared_true) + + m = l.compare_ext(dn, "badAttribute", "ignoreme") + raised_error = False + try: + r = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.fail(repr(r)) + except _ldap.error: + raised_error = True + self.assertTrue(raised_error) + + def test_delete_no_such_object(self): + l = self._init() + + # try deleting an object that doesn't exist + not_found = False + m = l.delete_ext("cn=DoesNotExist,"+self.base) + try: + r = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.fail(r) + except _ldap.NO_SUCH_OBJECT: + not_found = True + self.assertTrue(not_found) + + def test_delete(self): + l = self._init() + # first, add an object we will delete + dn = "cn=Deleteme,"+self.base + m = l.add_ext(dn, [ + ('objectClass','organizationalRole'), + ('cn', 'Deleteme'), + ]) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_ADD) + + m = l.delete_ext(dn) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_DELETE) + self.assertEquals(msgid, m) + self.assertEquals(pmsg, []) + self.assertEquals(ctrls, []) + + def test_modify_no_such_object(self): + l = self._init() + + # try deleting an object that doesn't exist + not_found = False + m = l.modify_ext("cn=DoesNotExist,"+self.base, [ + (_ldap.MOD_ADD, 'description', ['blah']), + ]) + try: + r = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.fail(r) + except _ldap.NO_SUCH_OBJECT: + not_found = True + self.assertTrue(not_found) + + def DISABLED_test_modify_no_such_object_empty_attrs(self): + # XXX ldif-backend for slapd appears broken??? + + l = self._init() + + # try deleting an object that doesn't exist + m = l.modify_ext("cn=DoesNotExist,"+self.base, [ + (_ldap.MOD_ADD, 'description', []), + ]) + self.assertTrue(isinstance(m, int)) + r = l.result3(m, _ldap.MSG_ALL, self.timeout) # what should happen?? + self.fail(r) + + def test_modify(self): + l = self._init() + # first, add an object we will delete + dn = "cn=AddToMe,"+self.base + m = l.add_ext(dn, [ + ('objectClass','person'), + ('cn', 'AddToMe'), + ('sn', 'Modify'), + ('description', 'a description'), + ]) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_ADD) + + m = l.modify_ext(dn, [ + (_ldap.MOD_ADD, 'description', ['b desc', 'c desc']), + ]) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_MODIFY) + self.assertEquals(pmsg, []) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + # search for it back + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=AddToMe)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + + # Expect to get the objects + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertEquals(len(pmsg), 1) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + self.assertEquals(pmsg[0][0], dn) + d = list(pmsg[0][1]['description']) + d.sort() + self.assertEquals(d, ['a description', 'b desc', 'c desc']) + + def test_rename(self): + l = self._init() + dn = "cn=RenameMe,"+self.base + m = l.add_ext(dn, [ + ('objectClass','organizationalRole'), + ('cn', 'RenameMe'), + ]) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_ADD) + + # do the rename with same parent + m = l.rename(dn, "cn=IAmRenamed") + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_MODRDN) + self.assertEquals(msgid, m) + self.assertEquals(pmsg, []) + self.assertEquals(ctrls, []) + + # make sure the old one is gone + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=RenameMe)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertEquals(len(pmsg), 0) # expect no results + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + # check that the new one looks right + dn2 = "cn=IAmRenamed,"+self.base + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamed)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + self.assertEquals(len(pmsg), 1) + self.assertEquals(pmsg[0][0], dn2) + self.assertEquals(pmsg[0][1]['cn'], ['IAmRenamed']) + + # create the container + containerDn = "ou=RenameContainer,"+self.base + m = l.add_ext(containerDn, [ + ('objectClass','organizationalUnit'), + ('ou', 'RenameContainer'), + ]) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_ADD) + + # WORKAROUND bug in slapd. (Without an existing child, + # renames into a container object do not work for the ldif backend, + # the renamed object appears to be deleted, not moved.) + # see http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5408 + m = l.add_ext("cn=Bogus," + containerDn, [ + ('objectClass','organizationalRole'), + ('cn', 'Bogus'), + ]) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_ADD) + + # now rename from dn2 to the conater + dn3 = "cn=IAmRenamedAgain," + containerDn + + # Now try renaming dn2 across container (simultaneous name change) + m = l.rename(dn2, "cn=IAmRenamedAgain", containerDn) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_MODRDN) + self.assertEquals(msgid, m) + self.assertEquals(pmsg, []) + self.assertEquals(ctrls, []) + + # make sure dn2 is gone + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamed)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertEquals(len(pmsg), 0) # expect no results + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(objectClass=*)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + + # make sure dn3 is there + m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamedAgain)') + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_SEARCH_RESULT) + self.assertEquals(msgid, m) + self.assertEquals(ctrls, []) + self.assertEquals(len(pmsg), 1) + self.assertEquals(pmsg[0][0], dn3) + self.assertEquals(pmsg[0][1]['cn'], ['IAmRenamedAgain']) + + + def test_whoami(self): + l = self._init() + r = l.whoami_s() + self.assertEquals("dn:" + self.server.get_root_dn(), r) + + def test_whoami_unbound(self): + l = self._init(bind=False) + l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) + r = l.whoami_s() + self.assertEquals("", r) + + def test_whoami_anonymous(self): + l = self._init(bind=False) + l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) + + # Anonymous bind + m = l.simple_bind("", "") + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertTrue(result, _ldap.RES_BIND) + + r = l.whoami_s() + self.assertEquals("", r) + + def test_passwd(self): + l = self._init() + + # first, create a user to change password on + dn = "cn=PasswordTest," + self.base + m = l.add_ext(dn, [ + ('objectClass','person'), + ('sn', 'PasswordTest'), + ('cn', 'PasswordTest'), + ('userPassword', 'initial'), + ]) + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(result, _ldap.RES_ADD) + + # try changing password with a wrong old-pw + m = l.passwd(dn, "bogus", "ignored") + try: + r = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.fail("expected UNWILLING_TO_PERFORM") + except _ldap.UNWILLING_TO_PERFORM: + pass + + # try changing password with a correct old-pw + m = l.passwd(dn, "initial", "changed") + result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + self.assertEquals(msgid, m) + self.assertEquals(pmsg, []) + self.assertEquals(result, _ldap.RES_EXTENDED) + self.assertEquals(ctrls, []) + + def test_options(self): + oldval = _ldap.get_option(_ldap.OPT_PROTOCOL_VERSION) + try: + + try: + _ldap.set_option(_ldap.OPT_PROTOCOL_VERSION, "3") + self.fail("expected string value to raise a type error") + except TypeError: pass + + _ldap.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION2) + v = _ldap.get_option(_ldap.OPT_PROTOCOL_VERSION) + self.assertEquals(v, _ldap.VERSION2) + _ldap.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) + v = _ldap.get_option(_ldap.OPT_PROTOCOL_VERSION) + self.assertEquals(v, _ldap.VERSION3) + finally: + _ldap.set_option(_ldap.OPT_PROTOCOL_VERSION, oldval) + + l = self._init() + + # Try changing some basic options and checking that they took effect + + l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION2) + v = l.get_option(_ldap.OPT_PROTOCOL_VERSION) + self.assertEquals(v, _ldap.VERSION2) + + l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) + v = l.get_option(_ldap.OPT_PROTOCOL_VERSION) + self.assertEquals(v, _ldap.VERSION3) + + # Try setting options that will yield a known error. + try: + _ldap.get_option(_ldap.OPT_MATCHED_DN) + self.fail("expected ValueError") + except ValueError: + pass + + def _require_attr(self, obj, attrname): + """Returns true if the attribute exists on the object. + This is to allow some tests to be optional, because + _ldap is compiled with different properties depending + on the underlying C library. + This could me made to thrown an exception if you want the + tests to be strict.""" + if hasattr(obj, attrname): + return True + #self.fail("required attribute '%s' missing" % attrname) + return False + + def test_sasl(self): + l = self._init() + if not self._require_attr(l, 'sasl_interactive_bind_s'): # HAVE_SASL + return + # TODO + + def test_tls(self): + l = self._init() + if not self._require_attr(l, 'start_tls_s'): # HAVE_TLS + return + # TODO + + def test_cancel(self): + l = self._init() + if not self._require_attr(l, 'cancel'): # FEATURE_CANCEL + return + + def test_str2dn(self): + pass + +if __name__ == '__main__': + unittest.main() From 849cb9389a8b938459b07ba8d41375c6077eeb1e Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 20 Aug 2009 08:51:30 +0000 Subject: [PATCH 041/868] Optionally display result of l.get_option(ldap.OPT_X_SASL_USERNAME) --- Demo/sasl_bind.py | 84 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 Demo/sasl_bind.py diff --git a/Demo/sasl_bind.py b/Demo/sasl_bind.py new file mode 100644 index 0000000..05af652 --- /dev/null +++ b/Demo/sasl_bind.py @@ -0,0 +1,84 @@ +# For documentation, see comments in Module/LDAPObject.c and the +# ldap.sasl module documentation. + +import ldap,ldap.sasl + +ldap.sasl._trace_level=0 + +ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) + +for ldap_uri,sasl_mech,sasl_cb_value_dict in [ + ( + "ldap://nb2.stroeder.local:1390/", + 'CRAM-MD5', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'PLAIN', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'LOGIN', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), + ( + "ldapi://%2Ftmp%2Fopenldap-socket/", + 'EXTERNAL', + { } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'GSSAPI', + { } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'NTLM', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'DIGEST-MD5', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), +]: + sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict,sasl_mech) + print 20*'*',sasl_auth.mech,20*'*' + # Open the LDAP connection + l = ldap.initialize(ldap_uri,trace_level=0) + # Set protocol version to LDAPv3 to enable SASL bind! + l.protocol_version = 3 + try: + l.sasl_interactive_bind_s("", sasl_auth) + except ldap.LDAPError,e: + print 'Error using SASL mechanism',sasl_auth.mech,str(e) + else: + print 'Sucessfully bound using SASL mechanism:',sasl_auth.mech + try: + print 'Result of Who Am I? ext. op:',repr(l.whoami_s()) + except ldap.LDAPError,e: + print 'Error using SASL mechanism',sasl_auth.mech,str(e) + try: + print 'OPT_X_SASL_USERNAME',repr(l.get_option(ldap.OPT_X_SASL_USERNAME)) + except AttributeError: + pass + + l.unbind() + del l From 81035b1505cd6492d98c83a759db495da6e5758f Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 31 Oct 2009 20:00:40 +0000 Subject: [PATCH 042/868] Added PKG-INFO --- MANIFEST.in | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 MANIFEST.in diff --git a/MANIFEST.in b/MANIFEST.in new file mode 100644 index 0000000..7ea2fdd --- /dev/null +++ b/MANIFEST.in @@ -0,0 +1,6 @@ +include MANIFEST.in Makefile CHANGES INSTALL LICENCE README TODO PKG-INFO +include Modules/*.c Modules/*.h Modules/LICENSE +recursive-include Build *.cfg* +recursive-include Lib *.py +recursive-include Demo *.py +recursive-include Tests *.py From 0c20c6f16cf311f237ec1c01dfedc5734cfd050c Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 3 Dec 2009 22:09:35 +0000 Subject: [PATCH 043/868] Enabled more test cases --- Tests/t_ldapurl.py | 242 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 242 insertions(+) create mode 100644 Tests/t_ldapurl.py diff --git a/Tests/t_ldapurl.py b/Tests/t_ldapurl.py new file mode 100644 index 0000000..5ccd442 --- /dev/null +++ b/Tests/t_ldapurl.py @@ -0,0 +1,242 @@ +import ldap, unittest +import urllib + +from ldapurl import LDAPUrl + +class MyLDAPUrl(LDAPUrl): + attr2extype = { + 'who':'bindname', + 'cred':'X-BINDPW', + 'start_tls':'startTLS', + 'trace_level':'trace', + } + +def sort(l): + "Returns a sorted copy of a list" + l2 = [e for e in l] + l2.sort() + return l2 + +class TestLDAPUrl(unittest.TestCase): + + def assertNone(self, expr, msg=None): + self.failIf(expr is not None, msg or ("%r" % expr)) + + def test_combo(self): + u = MyLDAPUrl("ldap://127.0.0.1:1234/dc=example,dc=com" + + "?attr1,attr2,attr3" + + "?sub" + + "?" + urllib.quote("(objectClass=*)") + + "?bindname=" + urllib.quote("cn=d,c=au") + + ",X-BINDPW=" + urllib.quote("???") + + ",trace=8" + ) + self.assertEquals(u.urlscheme, "ldap") + self.assertEquals(u.hostport, "127.0.0.1:1234") + self.assertEquals(u.dn, "dc=example,dc=com") + self.assertEquals(u.attrs, ["attr1","attr2","attr3"]) + self.assertEquals(u.scope, ldap.SCOPE_SUBTREE) + self.assertEquals(u.filterstr, "(objectClass=*)") + self.assertEquals(len(u.extensions), 3) + self.assertEquals(u.who, "cn=d,c=au") + self.assertEquals(u.cred, "???") + self.assertEquals(u.trace_level, "8") + + def test_parse_default_hostport(self): + u = LDAPUrl("ldap://") + self.assertEquals(u.urlscheme, "ldap") + self.assertEquals(u.hostport, "") + + def test_parse_empty_dn(self): + u = LDAPUrl("ldap://") + self.assertEquals(u.dn, "") + u = LDAPUrl("ldap:///") + self.assertEquals(u.dn, "") + u = LDAPUrl("ldap:///?") + self.assertEquals(u.dn, "") + + def test_parse_default_attrs(self): + u = LDAPUrl("ldap://") + self.assertNone(u.attrs) + + def test_parse_default_scope(self): + u = LDAPUrl("ldap://") + self.assertNone(u.scope) # RFC4516 s3 + + def test_parse_default_filter(self): + u = LDAPUrl("ldap://") + self.assertNone(u.filterstr) # RFC4516 s3 + + def test_parse_default_extensions(self): + u = LDAPUrl("ldap://") + self.assertEquals(len(u.extensions), 0) + + def test_parse_schemes(self): + u = LDAPUrl("ldap://") + self.assertEquals(u.urlscheme, "ldap") + u = LDAPUrl("ldapi://") + self.assertEquals(u.urlscheme, "ldapi") + u = LDAPUrl("ldaps://") + self.assertEquals(u.urlscheme, "ldaps") + + def test_parse_hostport(self): + u = LDAPUrl("ldap://a") + self.assertEquals(u.hostport, "a") + u = LDAPUrl("ldap://a.b") + self.assertEquals(u.hostport, "a.b") + u = LDAPUrl("ldap://a.") + self.assertEquals(u.hostport, "a.") + u = LDAPUrl("ldap://%61%62:%32/") + self.assertEquals(u.hostport, "ab:2") + u = LDAPUrl("ldap://[::1]/") + self.assertEquals(u.hostport, "[::1]") + u = LDAPUrl("ldap://[::1]") + self.assertEquals(u.hostport, "[::1]") + u = LDAPUrl("ldap://[::1]:123/") + self.assertEquals(u.hostport, "[::1]:123") + u = LDAPUrl("ldap://[::1]:123") + self.assertEquals(u.hostport, "[::1]:123") + + def test_parse_dn(self): + u = LDAPUrl("ldap:///") + self.assertEquals(u.dn, "") + u = LDAPUrl("ldap:///dn=foo") + self.assertEquals(u.dn, "dn=foo") + u = LDAPUrl("ldap:///dn=foo%2cdc=bar") + self.assertEquals(u.dn, "dn=foo,dc=bar") + u = LDAPUrl("ldap:///dn=foo%20bar") + self.assertEquals(u.dn, "dn=foo bar") + u = LDAPUrl("ldap:///dn=foo%2fbar") + self.assertEquals(u.dn, "dn=foo/bar") + u = LDAPUrl("ldap:///dn=foo%2fbar?") + self.assertEquals(u.dn, "dn=foo/bar") + u = LDAPUrl("ldap:///dn=foo%3f?") + self.assertEquals(u.dn, "dn=foo?") + u = LDAPUrl("ldap:///dn=foo%3f") + self.assertEquals(u.dn, "dn=foo?") + u = LDAPUrl("ldap:///dn=str%c3%b6der.com") + self.assertEquals(u.dn, "dn=str\xc3\xb6der.com") + + def test_parse_attrs(self): + u = LDAPUrl("ldap:///?") + self.assertEquals(u.attrs, None) + u = LDAPUrl("ldap:///??") + self.assertEquals(u.attrs, None) + u = LDAPUrl("ldap:///?*?") + self.assertEquals(u.attrs, ['*']) + u = LDAPUrl("ldap:///?*,*?") + self.assertEquals(u.attrs, ['*','*']) + u = LDAPUrl("ldap:///?a") + self.assertEquals(u.attrs, ['a']) + u = LDAPUrl("ldap:///?%61") + self.assertEquals(u.attrs, ['a']) + u = LDAPUrl("ldap:///?a,b") + self.assertEquals(u.attrs, ['a','b']) + u = LDAPUrl("ldap:///?a%3fb") + self.assertEquals(u.attrs, ['a?b']) + + def test_parse_scope_default(self): + u = LDAPUrl("ldap:///??") + self.assertNone(u.scope) # on opposite to RFC4516 s3 for referral chasing + u = LDAPUrl("ldap:///???") + self.assertNone(u.scope) # on opposite to RFC4516 s3 for referral chasing + + def test_parse_scope(self): + u = LDAPUrl("ldap:///??sub") + self.assertEquals(u.scope, ldap.SCOPE_SUBTREE) + u = LDAPUrl("ldap:///??sub?") + self.assertEquals(u.scope, ldap.SCOPE_SUBTREE) + u = LDAPUrl("ldap:///??base") + self.assertEquals(u.scope, ldap.SCOPE_BASE) + u = LDAPUrl("ldap:///??base?") + self.assertEquals(u.scope, ldap.SCOPE_BASE) + u = LDAPUrl("ldap:///??one") + self.assertEquals(u.scope, ldap.SCOPE_ONELEVEL) + u = LDAPUrl("ldap:///??one?") + self.assertEquals(u.scope, ldap.SCOPE_ONELEVEL) + + def test_parse_filter(self): + u = LDAPUrl("ldap:///???(cn=Bob)") + self.assertEquals(u.filterstr, "(cn=Bob)") + u = LDAPUrl("ldap:///???(cn=Bob)?") + self.assertEquals(u.filterstr, "(cn=Bob)") + u = LDAPUrl("ldap:///???(cn=Bob%20Smith)?") + self.assertEquals(u.filterstr, "(cn=Bob Smith)") + u = LDAPUrl("ldap:///???(cn=Bob/Smith)?") + self.assertEquals(u.filterstr, "(cn=Bob/Smith)") + u = LDAPUrl("ldap:///???(cn=Bob:Smith)?") + self.assertEquals(u.filterstr, "(cn=Bob:Smith)") + u = LDAPUrl("ldap:///???&(cn=Bob)(objectClass=user)?") + self.assertEquals(u.filterstr, "&(cn=Bob)(objectClass=user)") + u = LDAPUrl("ldap:///???|(cn=Bob)(objectClass=user)?") + self.assertEquals(u.filterstr, "|(cn=Bob)(objectClass=user)") + u = LDAPUrl("ldap:///???(cn=Q%3f)?") + self.assertEquals(u.filterstr, "(cn=Q?)") + u = LDAPUrl("ldap:///???(cn=Q%3f)") + self.assertEquals(u.filterstr, "(cn=Q?)") + u = LDAPUrl("ldap:///???(sn=Str%c3%b6der)") # (possibly bad?) + self.assertEquals(u.filterstr, "(sn=Str\xc3\xb6der)") + u = LDAPUrl("ldap:///???(sn=Str\\c3\\b6der)") + self.assertEquals(u.filterstr, "(sn=Str\\c3\\b6der)") # (recommended) + u = LDAPUrl("ldap:///???(cn=*\\2a*)") + self.assertEquals(u.filterstr, "(cn=*\\2a*)") + u = LDAPUrl("ldap:///???(cn=*%5c2a*)") + self.assertEquals(u.filterstr, "(cn=*\\2a*)") + + def test_parse_extensions(self): + u = LDAPUrl("ldap:///????") + self.assertNone(u.extensions) + self.assertNone(u.who) + u = LDAPUrl("ldap:///????bindname=cn=root") + self.assertEquals(len(u.extensions), 1) + self.assertEquals(u.who, "cn=root") + u = LDAPUrl("ldap:///????!bindname=cn=root") + self.assertEquals(len(u.extensions), 1) + self.assertEquals(u.who, "cn=root") + u = LDAPUrl("ldap:///????bindname=%3f,X-BINDPW=%2c") + self.assertEquals(len(u.extensions), 2) + self.assertEquals(u.who, "?") + self.assertEquals(u.cred, ",") + + def test_parse_extensions_nulls(self): + u = LDAPUrl("ldap:///????bindname=%00name") + self.assertEquals(u.who, "\0name") + + def test_parse_extensions_5questions(self): + u = LDAPUrl("ldap:///????bindname=?") + self.assertEquals(len(u.extensions), 1) + self.assertEquals(u.who, "?") + + def test_parse_extensions_novalue(self): + u = LDAPUrl("ldap:///????bindname") + self.assertEquals(len(u.extensions), 1) + self.assertNone(u.who) + + def test_bad_urls(self): + for bad in ("", "ldap:", "ldap:/", ":///", "://", "///", "//", "/", + "ldap:///?????", # extension can't start with '?' + "LDAP://", "invalid://", "ldap:///??invalid", + #XXX-- the following should raise exceptions! + "ldap://:389/", # [host [COLON port]] + "ldap://a:/", # [host [COLON port]] + "ldap://%%%/", # invalid URL encoding + "ldap:///?,", # attrdesc *(COMMA attrdesc) + "ldap:///?a,", # attrdesc *(COMMA attrdesc) + "ldap:///?,a", # attrdesc *(COMMA attrdesc) + "ldap:///?a,,b", # attrdesc *(COMMA attrdesc) + "ldap://%00/", # RFC4516 2.1 + "ldap:///%00", # RFC4516 2.1 + "ldap:///?%00", # RFC4516 2.1 + "ldap:///??%00", # RFC4516 2.1 + "ldap:///????0=0", # extype must start with Alpha + "ldap:///????a_b=0", # extype contains only [-a-zA-Z0-9] + "ldap:///????!!a=0", # only one exclamation allowed + ): + try: + LDAPUrl(bad) + self.fail("should have raised ValueError: %r" % bad) + except ValueError: + pass + +if __name__ == '__main__': + unittest.main() From 6613f0a3e17ad79b57440344e8ba5d36230afc22 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 3 Jun 2010 12:26:39 +0000 Subject: [PATCH 044/868] Module-wide locking is now limited to calling _ldap.initialize(). Still ldap.functions._ldap_function_call() is used to wrap all calls for writing debug log. --- Lib/ldap/dn.py | 110 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 Lib/ldap/dn.py diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py new file mode 100644 index 0000000..b75a03f --- /dev/null +++ b/Lib/ldap/dn.py @@ -0,0 +1,110 @@ +""" +dn.py - misc stuff for handling distinguished names (see RFC 4514) + +See http://www.python-ldap.org/ for details. + +\$Id: dn.py,v 1.11 2010/06/03 12:26:39 stroeder Exp $ + +Compability: +- Tested with Python 2.0+ +""" + +from ldap import __version__ + + +import _ldap + +import ldap.functions + + +def escape_dn_chars(s): + """ + Escape all DN special characters found in s + with a back-slash (see RFC 4514, section 2.4) + """ + if s: + s = s.replace('\\','\\\\') + s = s.replace(',' ,'\\,') + s = s.replace('+' ,'\\+') + s = s.replace('"' ,'\\"') + s = s.replace('<' ,'\\<') + s = s.replace('>' ,'\\>') + s = s.replace(';' ,'\\;') + s = s.replace('=' ,'\\=') + s = s.replace('\000' ,'\\\000') + if s[0]=='#' or s[0]==' ': + s = ''.join(('\\',s)) + if s[-1]==' ': + s = ''.join((s[:-1],'\\ ')) + return s + + +def str2dn(dn,flags=0): + """ + This function takes a DN as string as parameter and returns + a decomposed DN. It's the inverse to dn2str(). + + flags describes the format of the dn + + See also the OpenLDAP man-page ldap_str2dn(3) + """ + if not dn: + return [] + return ldap.functions._ldap_function_call(None,_ldap.str2dn,dn,flags) + + +def dn2str(dn): + """ + This function takes a decomposed DN as parameter and returns + a single string. It's the inverse to str2dn() but will always + return a DN in LDAPv3 format compliant to RFC 4514. + """ + return ','.join([ + '+'.join([ + '='.join((atype,escape_dn_chars(avalue or ''))) + for atype,avalue,dummy in rdn]) + for rdn in dn + ]) + +def explode_dn(dn,notypes=0,flags=0): + """ + explode_dn(dn [, notypes=0]) -> list + + This function takes a DN and breaks it up into its component parts. + The notypes parameter is used to specify that only the component's + attribute values be returned and not the attribute types. + """ + if not dn: + return [] + dn_decomp = str2dn(dn,flags) + rdn_list = [] + for rdn in dn_decomp: + if notypes: + rdn_list.append('+'.join([ + escape_dn_chars(avalue or '') + for atype,avalue,dummy in rdn + ])) + else: + rdn_list.append('+'.join([ + '='.join((atype,escape_dn_chars(avalue or ''))) + for atype,avalue,dummy in rdn + ])) + return rdn_list + + +def explode_rdn(rdn,notypes=0,flags=0): + """ + explode_rdn(rdn [, notypes=0]) -> list + + This function takes a RDN and breaks it up into its component parts + if it is a multi-valued RDN. + The notypes parameter is used to specify that only the component's + attribute values be returned and not the attribute types. + """ + if not rdn: + return [] + rdn_decomp = str2dn(rdn,flags)[0] + if notypes: + return [avalue or '' for atype,avalue,dummy in rdn_decomp] + else: + return ['='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn_decomp] From 37f50da0ef29835c9eddd0801a0fc5cf8da5bddb Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 21 Feb 2011 21:04:00 +0000 Subject: [PATCH 045/868] Patches by Rich for LDAPv3 ext.op. and ext. controls in intermediate results --- Modules/message.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Modules/message.h diff --git a/Modules/message.h b/Modules/message.h new file mode 100644 index 0000000..88af31a --- /dev/null +++ b/Modules/message.h @@ -0,0 +1,14 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: message.h,v 1.6 2011/02/21 21:04:00 stroeder Exp $ */ + +#ifndef __h_message +#define __h_message + +#include "common.h" +#include "lber.h" +#include "ldap.h" + +extern PyObject* LDAPmessage_to_python( LDAP*ld, LDAPMessage*m, int add_ctrls, int add_intermediates ); + +#endif /* __h_message_ */ + From 110aa5bd1dbb5687a0d9d14df85b13f384695749 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 21 Mar 2011 14:19:43 +0000 Subject: [PATCH 046/868] Helper class for using logging as trace file object --- Lib/ldap/logger.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 Lib/ldap/logger.py diff --git a/Lib/ldap/logger.py b/Lib/ldap/logger.py new file mode 100644 index 0000000..a6083dc --- /dev/null +++ b/Lib/ldap/logger.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- +""" +Helper class for using logging as trace file object +""" + +import logging + +class logging_file_class: + + def __init__(self,logging_level): + self._logging_level = logging_level + + def write(self,msg): + logging.log(self._logging_level,msg[:-1]) + +logging_file_obj = logging_file_class(logging.DEBUG) From 415696b54a9ada7d4fd2d398ebdd54d64f7130b6 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 28 Mar 2011 17:43:18 +0000 Subject: [PATCH 047/868] Links to pyasn1 and pyasn1-modules --- Demo/pyasn1/README | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 Demo/pyasn1/README diff --git a/Demo/pyasn1/README b/Demo/pyasn1/README new file mode 100644 index 0000000..a96d6cd --- /dev/null +++ b/Demo/pyasn1/README @@ -0,0 +1,6 @@ +The sample modules/scripts herein require modules pyasn1 and pyasn1-modules. + +http://pyasn1.sourceforge.net/ + +http://pypi.python.org/pypi/pyasn1 +http://pypi.python.org/pypi/pyasn1-modules From 59508ff41a3cd66c71623cddf305428888315a73 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 31 Mar 2011 19:20:37 +0000 Subject: [PATCH 048/868] new class API in ldap.controls, not backwards-compatible\! --- Demo/page_control.py | 64 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 Demo/page_control.py diff --git a/Demo/page_control.py b/Demo/page_control.py new file mode 100644 index 0000000..9d1a0e2 --- /dev/null +++ b/Demo/page_control.py @@ -0,0 +1,64 @@ +url = "ldap://localhost:1390/" +base = "dc=stroeder,dc=de" +search_flt = r'(objectClass=*)' +page_size = 10 + +import ldap,pprint +from ldap.controls import SimplePagedResultsControl + +searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] + +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldap.set_option(ldap.OPT_REFERRALS, 0) +l = ldap.initialize(url,trace_level=1) +l.protocol_version = 3 +l.simple_bind_s("", "") + +req_ctrl = SimplePagedResultsControl(True,size=page_size,cookie='') + +known_ldap_resp_ctrls = { + SimplePagedResultsControl.controlType:SimplePagedResultsControl, +} + +# Send search request +msgid = l.search_ext( + base, + ldap.SCOPE_SUBTREE, + search_flt, + attrlist=searchreq_attrlist, + serverctrls=[req_ctrl] +) + +pages = 0 +while True: + pages += 1 + print "Getting page %d" % (pages) + rtype, rdata, rmsgid, serverctrls = l.result3(msgid,resp_ctrl_classes=known_ldap_resp_ctrls) + print '%d results' % len(rdata) + print 'serverctrls=',pprint.pprint(serverctrls) +# pprint.pprint(rdata) + pctrls = [ + c + for c in serverctrls + if c.controlType == SimplePagedResultsControl.controlType + ] + if pctrls: + print 'pctrls[0].size',repr(pctrls[0].size) + print 'pctrls[0].cookie',repr(pctrls[0].cookie) + if pctrls[0].cookie: + # Copy cookie from response control to request control + req_ctrl.cookie = pctrls[0].cookie + msgid = l.search_ext( + base, + ldap.SCOPE_SUBTREE, + search_flt, + attrlist=searchreq_attrlist, + serverctrls=[req_ctrl] + ) + else: + break + else: + print "Warning: Server ignores RFC 2696 control." + break + +l.unbind_s() From b59d1db282119ab0bde577a53adfce0b0919cc9f Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 2 Apr 2011 22:30:55 +0000 Subject: [PATCH 049/868] Updated/completed dependencies --- INSTALL | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 INSTALL diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..71bbcef --- /dev/null +++ b/INSTALL @@ -0,0 +1,28 @@ +------------------------------ +Installing python-ldap +------------------------------ + +Prerequisites: + + Required: + + - Python 2.3 or newer (see http://www.python.org) + + - OpenLDAP 2.4.11+ client libs (see http://www.openldap.org) + It is not possible and not supported + by the python-ldap project to build with prior versions. + + Optional dependencies of OpenLDAP libs: + + - Cyrus SASL 2.1.x or newer (see http://asg.web.cmu.edu/sasl/sasl-library.html) + + - OpenSSL 0.9.7 or newer (see http://www.openssl.org) + + - MIT Kerberos or heimdal libs + +Quick build instructions: + edit setup.cfg (see Build/ for platform-specific examples) + python setup.py build + python setup.py install + +$Id: INSTALL,v 1.10 2011/04/02 22:30:55 stroeder Exp $ From 4db243647515d09b04a02d076f5efa2bfd5e1a43 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 11 Apr 2011 11:29:59 +0000 Subject: [PATCH 050/868] Substituted tabs by spaces --- Modules/LDAPObject.c | 1382 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1382 insertions(+) create mode 100644 Modules/LDAPObject.c diff --git a/Modules/LDAPObject.c b/Modules/LDAPObject.c new file mode 100644 index 0000000..1b2326a --- /dev/null +++ b/Modules/LDAPObject.c @@ -0,0 +1,1382 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: LDAPObject.c,v 1.90 2011/04/11 11:29:59 stroeder Exp $ */ + +#include "common.h" +#include "patchlevel.h" + +#include +#include +#include "errors.h" +#include "constants.h" +#include "LDAPObject.h" +#include "ldapcontrol.h" +#include "message.h" +#include "berval.h" +#include "options.h" + +#ifdef HAVE_SASL +#include +#endif + +static void free_attrs(char***); + +/* constructor */ + +LDAPObject* +newLDAPObject( LDAP* l ) +{ + LDAPObject* self = (LDAPObject*) PyObject_NEW(LDAPObject, &LDAP_Type); + if (self == NULL) + return NULL; + self->ldap = l; + self->_save = NULL; + self->valid = 1; + return self; +} + +/* destructor */ + +static void +dealloc( LDAPObject* self ) +{ + if (self->ldap) { + if (self->valid) { + LDAP_BEGIN_ALLOW_THREADS( self ); + ldap_unbind_ext( self->ldap, NULL, NULL ); + LDAP_END_ALLOW_THREADS( self ); + self->valid = 0; + } + self->ldap = NULL; + } + PyObject_DEL(self); +} + +/*------------------------------------------------------------ + * utility functions + */ + +/* + * check to see if the LDAPObject is valid, + * ie has been opened, and not closed. An exception is set if not valid. + */ + +static int +not_valid( LDAPObject* l ) { + if (l->valid) { + return 0; + } else { + PyErr_SetString( LDAPexception_class, "LDAP connection invalid" ); + return 1; + } +} + +/* free a LDAPMod (complete or partially) allocated in Tuple_to_LDAPMod() */ + +static void +LDAPMod_DEL( LDAPMod* lm ) +{ + Py_ssize_t i; + + if (lm->mod_type) + PyMem_DEL(lm->mod_type); + if (lm->mod_bvalues) { + for (i = 0; lm->mod_bvalues[i]; i++) { + PyMem_DEL(lm->mod_bvalues[i]); + } + PyMem_DEL(lm->mod_bvalues); + } + PyMem_DEL(lm); +} + +/* + * convert a tuple of the form (int,str,[str,...]) + * or (str, [str,...]) if no_op is true, into an LDAPMod structure. + * See ldap_modify(3) for details. + * + * NOTE: the resulting LDAPMod structure has pointers directly into + * the Python string storage, so LDAPMod structures MUST have a + * shorter lifetime than the tuple passed in. + */ + +/* XXX - there is no way to pass complex-structured BER objects in here! */ + +static LDAPMod* +Tuple_to_LDAPMod( PyObject* tup, int no_op ) +{ + int op; + char *type; + PyObject *list, *item; + LDAPMod *lm = NULL; + Py_ssize_t i, len, nstrs; + + if (!PyTuple_Check(tup)) { + PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", + "expected a tuple", tup)); + return NULL; + } + + if (no_op) { + if (!PyArg_ParseTuple( tup, "sO", &type, &list )) + return NULL; + op = 0; + } else { + if (!PyArg_ParseTuple( tup, "isO", &op, &type, &list )) + return NULL; + } + + lm = PyMem_NEW(LDAPMod, 1); + if (lm == NULL) + goto nomem; + + lm->mod_op = op | LDAP_MOD_BVALUES; + lm->mod_bvalues = NULL; + + len = strlen(type); + lm->mod_type = PyMem_NEW(char, len + 1); + if (lm->mod_type == NULL) + goto nomem; + memcpy(lm->mod_type, type, len + 1); + + if (list == Py_None) { + /* None indicates a NULL mod_bvals */ + } else if (PyString_Check(list)) { + /* Single string is a singleton list */ + lm->mod_bvalues = PyMem_NEW(struct berval *, 2); + if (lm->mod_bvalues == NULL) + goto nomem; + lm->mod_bvalues[0] = PyMem_NEW(struct berval, 1); + if (lm->mod_bvalues[0] == NULL) + goto nomem; + lm->mod_bvalues[1] = NULL; + lm->mod_bvalues[0]->bv_len = PyString_Size(list); + lm->mod_bvalues[0]->bv_val = PyString_AsString(list); + } else if (PySequence_Check(list)) { + nstrs = PySequence_Length(list); + lm->mod_bvalues = PyMem_NEW(struct berval *, nstrs + 1); + if (lm->mod_bvalues == NULL) + goto nomem; + for (i = 0; i < nstrs; i++) { + lm->mod_bvalues[i] = PyMem_NEW(struct berval, 1); + if (lm->mod_bvalues[i] == NULL) + goto nomem; + lm->mod_bvalues[i+1] = NULL; + item = PySequence_GetItem(list, i); + if (item == NULL) + goto error; + if (!PyString_Check(item)) { + PyErr_SetObject( PyExc_TypeError, Py_BuildValue( "sO", + "expected a string in the list", item)); + Py_DECREF(item); + goto error; + } + lm->mod_bvalues[i]->bv_len = PyString_Size(item); + lm->mod_bvalues[i]->bv_val = PyString_AsString(item); + Py_DECREF(item); + } + if (nstrs == 0) + lm->mod_bvalues[0] = NULL; + } + + return lm; + +nomem: + PyErr_NoMemory(); +error: + if (lm) + LDAPMod_DEL(lm); + + return NULL; +} + +/* free the structure allocated in List_to_LDAPMods() */ + +static void +LDAPMods_DEL( LDAPMod** lms ) { + LDAPMod** lmp; + for ( lmp = lms; *lmp; lmp++ ) + LDAPMod_DEL( *lmp ); + PyMem_DEL(lms); +} + +/* + * convert a list of tuples into a LDAPMod*[] array structure + * NOTE: list of tuples must live longer than the LDAPMods + */ + +static LDAPMod** +List_to_LDAPMods( PyObject *list, int no_op ) { + + Py_ssize_t i, len; + LDAPMod** lms; + PyObject *item; + + if (!PySequence_Check(list)) { + PyErr_SetObject( PyExc_TypeError, Py_BuildValue("sO", + "expected list of tuples", list )); + return NULL; + } + + len = PySequence_Length(list); + + if (len < 0) { + PyErr_SetObject( PyExc_TypeError, Py_BuildValue("sO", + "expected list of tuples", list )); + return NULL; + } + + lms = PyMem_NEW(LDAPMod *, len + 1); + if (lms == NULL) + goto nomem; + + for (i = 0; i < len; i++) { + lms[i] = NULL; + item = PySequence_GetItem(list, i); + if (item == NULL) + goto error; + lms[i] = Tuple_to_LDAPMod(item, no_op); + Py_DECREF(item); + if (lms[i] == NULL) + goto error; + } + lms[len] = NULL; + return lms; + +nomem: + PyErr_NoMemory(); +error: + if (lms) + LDAPMods_DEL(lms); + return NULL; +} + +/* + * convert a python list of strings into an attr list (char*[]). + * returns 1 if successful, 0 if not (with exception set) + * XXX the strings should live longer than the resulting attrs pointer. + */ + +int +attrs_from_List( PyObject *attrlist, char***attrsp ) { + + char **attrs = NULL; + Py_ssize_t i, len; + PyObject *item; + + if (attrlist == Py_None) { + /* None means a NULL attrlist */ + } else if (PyString_Check(attrlist)) { + /* caught by John Benninghoff */ + PyErr_SetObject( PyExc_TypeError, Py_BuildValue("sO", + "expected *list* of strings, not a string", attrlist )); + goto error; + } else if (PySequence_Check(attrlist)) { + len = PySequence_Length(attrlist); + attrs = PyMem_NEW(char *, len + 1); + if (attrs == NULL) + goto nomem; + + for (i = 0; i < len; i++) { + attrs[i] = NULL; + item = PySequence_GetItem(attrlist, i); + if (item == NULL) + goto error; + if (!PyString_Check(item)) { + PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", + "expected string in list", item)); + Py_DECREF(item); + goto error; + } + attrs[i] = PyString_AsString(item); + Py_DECREF(item); + } + attrs[len] = NULL; + } else { + PyErr_SetObject( PyExc_TypeError, Py_BuildValue("sO", + "expected list of strings or None", attrlist )); + goto error; + } + + *attrsp = attrs; + return 1; + +nomem: + PyErr_NoMemory(); +error: + free_attrs(&attrs); + return 0; +} + +/* free memory allocated from above routine */ + +static void +free_attrs( char*** attrsp ) { + char **attrs = *attrsp; + + if (attrs != NULL) { + PyMem_DEL(attrs); + *attrsp = NULL; + } +} + +/*------------------------------------------------------------ + * methods + */ + +/* ldap_unbind_ext */ + +static PyObject* +l_ldap_unbind_ext( LDAPObject* self, PyObject* args ) +{ + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int ldaperror; + + if (!PyArg_ParseTuple( args, "|OO", &serverctrls, &clientctrls)) return NULL; + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_unbind_ext( self->ldap, server_ldcs, client_ldcs ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_unbind_ext" ); + + self->valid = 0; + Py_INCREF(Py_None); + return Py_None; +} + +/* ldap_abandon_ext */ + +static PyObject* +l_ldap_abandon_ext( LDAPObject* self, PyObject* args ) +{ + int msgid; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int ldaperror; + + if (!PyArg_ParseTuple( args, "i|OO", &msgid, &serverctrls, &clientctrls)) return NULL; + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_abandon_ext( self->ldap, msgid, server_ldcs, client_ldcs ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_abandon_ext" ); + + Py_INCREF(Py_None); + return Py_None; +} + +/* ldap_add_ext */ + +static PyObject * +l_ldap_add_ext( LDAPObject* self, PyObject *args ) +{ + char *dn; + PyObject *modlist; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int msgid; + int ldaperror; + LDAPMod **mods; + + if (!PyArg_ParseTuple( args, "sO|OO", &dn, &modlist, &serverctrls, &clientctrls )) return NULL; + if (not_valid(self)) return NULL; + + mods = List_to_LDAPMods( modlist, 1 ); + if (mods == NULL) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_add_ext( self->ldap, dn, mods, server_ldcs, client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS( self ); + LDAPMods_DEL( mods ); + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_add_ext" ); + + return PyInt_FromLong(msgid); +} + +/* ldap_simple_bind */ + +static PyObject* +l_ldap_simple_bind( LDAPObject* self, PyObject* args ) +{ + char *who; + int msgid; + int ldaperror; + Py_ssize_t cred_len; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + struct berval cred; + + if (!PyArg_ParseTuple( args, "ss#|OO", &who, &cred.bv_val, &cred_len, &serverctrls, &clientctrls )) return NULL; + cred.bv_len = (ber_len_t) cred_len; + + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_sasl_bind( self->ldap, who, LDAP_SASL_SIMPLE, &cred, server_ldcs, client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_simple_bind" ); + + return PyInt_FromLong( msgid ); +} + + +#ifdef HAVE_SASL +/* The following functions implement SASL binds. A new method + sasl_interactive_bind_s(bind_dn, sasl_mechanism) has been introduced. + + * The bind_dn argument will be passed to the c library; however, + normally it is not needed and should be an empty string. + + * The sasl_mechanism argument is an instance of a class that + implements a callback interface. For convenience, it should be + derived from the sasl class (which lives in the ldap.sasl module). + See the module documentation for more information. + + Check your /usr/lib/sasl/ directory for locally installed SASL + auth modules ("mechanisms"), or try + + ldapsearch -b "" -s base -LLL -x supportedSASLMechanisms + + (perhaps with an additional -h and -p argument for ldap host and + port). The latter will show you which SASL mechanisms are known + to the LDAP server. If you do not want to set up Kerberos, you + can still use SASL binds. Your authentication data should then be + stored in /etc/sasldb (see saslpasswd(8)). If the LDAP server + does not find the sasldb, it wont allow for DIGEST-MD5 and + CRAM-MD5. One important thing to get started with sasldb: you + should first add a dummy user (saslpasswd -c dummy), and this + will give you some strange error messages. Then delete the dummy + user (saslpasswd -d dummy), and now you can start adding users to + your sasldb (again, use the -c switch). Strange, eh? + + * The sasl_mechanism object must implement a method, which will be + called by the sasl lib several times. The prototype of the + callback looks like this: callback(id, challenge, prompt, + defresult) has to return a string (or maybe None). The id + argument specifies, which information should be passed back to + the SASL lib (see SASL_CB_xxx in sasl.h) + + + A nice "Howto get LDAPv3 up and running with Kerberos and SSL" can + be found at http://www.bayour.com/LDAPv3-HOWTO.html. Instead of + MIT Kerberos, I used Heimdal for my tests (since it is included + with SuSE Linux). + + Todo: + + * Find a better interface than the python callback. This is + really ugly. Perhaps one could make use of a sasl class, like + in the perl ldap module. + + * Thread safety? + + * Memory Management? + + * Write more docs + + * ... + +*/ +static int interaction ( unsigned flags, + sasl_interact_t *interact, + PyObject* SASLObject ) +{ +/* const char *dflt = interact->defresult; */ + PyObject *result; + char *c_result; + result = PyObject_CallMethod(SASLObject, + "callback", + "isss", + interact->id, /* see sasl.h */ + interact->challenge, + interact->prompt, + interact->defresult); + + if (result == NULL) + /*searching for a better error code */ + return LDAP_OPERATIONS_ERROR; + c_result = PyString_AsString(result); /*xxx Error checking?? */ + + /* according to the sasl docs, we should malloc() the returned + string only for calls where interact->id == SASL_CB_PASS, so we + probably leak a few bytes per ldap bind. However, if I restrict + the strdup() to this case, I get segfaults. Should probably be + fixed sometimes. + */ + interact->result = strdup( c_result ); + if (interact->result == NULL) + return LDAP_OPERATIONS_ERROR; + interact->len = strlen(c_result); + /* We _should_ overwrite the python string buffer for security + reasons, however we may not (api/stringObjects.html). Any ideas? + */ + + Py_DECREF(result); /*not needed any longer */ + result = NULL; + + return LDAP_SUCCESS; +} + + +/* + This function will be called by ldap_sasl_interactive_bind(). The + "*in" is an array of sasl_interact_t's (see sasl.h for a + reference). The last interact in the array has an interact->id of + SASL_CB_LIST_END. + +*/ + +int py_ldap_sasl_interaction( LDAP *ld, + unsigned flags, + void *defaults, + void *in ) +{ + /* These are just typecasts */ + sasl_interact_t *interact = (sasl_interact_t *) in; + PyObject *SASLObject = (PyObject *) defaults; + /* Loop over the array of sasl_interact_t structs */ + while( interact->id != SASL_CB_LIST_END ) { + int rc = 0; + rc = interaction( flags, interact, SASLObject ); + if( rc ) return rc; + interact++; + } + return LDAP_SUCCESS; +} + +static PyObject* +l_ldap_sasl_interactive_bind_s( LDAPObject* self, PyObject* args ) +{ + char *c_mechanism; + char *who; + + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + PyObject *SASLObject = NULL; + PyObject *mechanism = NULL; + int msgid; + + static unsigned sasl_flags = LDAP_SASL_QUIET; + + /* + * In Python 2.3+, a "I" format argument indicates that we're either converting + * the Python object into a long or an unsigned int. In versions prior to that, + * it will always convert to a long. Since the sasl_flags variable is an + * unsigned int, we need to use the "I" flag if we're running Python 2.3+ and a + * "i" otherwise. + */ +#if (PY_MAJOR_VERSION == 2) && (PY_MINOR_VERSION < 3) + if (!PyArg_ParseTuple(args, "sOOOi", &who, &SASLObject, &serverctrls, &clientctrls, &sasl_flags )) +#else + if (!PyArg_ParseTuple(args, "sOOOI", &who, &SASLObject, &serverctrls, &clientctrls, &sasl_flags )) +#endif + return NULL; + + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + /* now we extract the sasl mechanism from the SASL Object */ + mechanism = PyObject_GetAttrString(SASLObject, "mech"); + if (mechanism == NULL) return NULL; + c_mechanism = PyString_AsString(mechanism); + Py_DECREF(mechanism); + mechanism = NULL; + + /* Don't know if it is the "intended use" of the defaults + parameter of ldap_sasl_interactive_bind_s when we pass the + Python object SASLObject, but passing it through some + static variable would destroy thread safety, IMHO. + */ + msgid = ldap_sasl_interactive_bind_s(self->ldap, + who, + c_mechanism, + (LDAPControl**) server_ldcs, + (LDAPControl**) client_ldcs, + sasl_flags, + py_ldap_sasl_interaction, + SASLObject); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if (msgid != LDAP_SUCCESS) + return LDAPerror( self->ldap, "ldap_sasl_interactive_bind_s" ); + return PyInt_FromLong( msgid ); +} +#endif + + +#ifdef LDAP_API_FEATURE_CANCEL + +/* ldap_cancel */ + +static PyObject* +l_ldap_cancel( LDAPObject* self, PyObject* args ) +{ + int msgid; + int cancelid; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int ldaperror; + + if (!PyArg_ParseTuple( args, "i|OO", &cancelid, &serverctrls, &clientctrls)) return NULL; + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_cancel( self->ldap, cancelid, server_ldcs, client_ldcs, &msgid ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_cancel" ); + + return PyInt_FromLong( msgid ); +} + +#endif + +/* ldap_compare_ext */ + +static PyObject * +l_ldap_compare_ext( LDAPObject* self, PyObject *args ) +{ + char *dn, *attr; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int msgid; + int ldaperror; + Py_ssize_t value_len; + struct berval value; + + if (!PyArg_ParseTuple( args, "sss#|OO", &dn, &attr, &value.bv_val, &value_len, &serverctrls, &clientctrls )) return NULL; + value.bv_len = (ber_len_t) value_len; + + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_compare_ext( self->ldap, dn, attr, &value, server_ldcs, client_ldcs, &msgid ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_compare_ext" ); + + return PyInt_FromLong( msgid ); +} + + +/* ldap_delete_ext */ + +static PyObject * +l_ldap_delete_ext( LDAPObject* self, PyObject *args ) +{ + char *dn; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple( args, "s|OO", &dn, &serverctrls, &clientctrls )) return NULL; + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_delete_ext( self->ldap, dn, server_ldcs, client_ldcs, &msgid ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_delete_ext" ); + + return PyInt_FromLong(msgid); +} + + +/* ldap_modify_ext */ + +static PyObject * +l_ldap_modify_ext( LDAPObject* self, PyObject *args ) +{ + char *dn; + PyObject *modlist; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int msgid; + int ldaperror; + LDAPMod **mods; + + if (!PyArg_ParseTuple( args, "sO|OO", &dn, &modlist, &serverctrls, &clientctrls )) return NULL; + if (not_valid(self)) return NULL; + + mods = List_to_LDAPMods( modlist, 0 ); + if (mods == NULL) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_modify_ext( self->ldap, dn, mods, server_ldcs, client_ldcs, &msgid ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPMods_DEL( mods ); + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_modify_ext" ); + + return PyInt_FromLong( msgid ); +} + + +/* ldap_rename */ + +static PyObject * +l_ldap_rename( LDAPObject* self, PyObject *args ) +{ + char *dn, *newrdn; + char *newSuperior = NULL; + int delold = 1; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple( args, "ss|ziOO", &dn, &newrdn, &newSuperior, &delold, &serverctrls, &clientctrls )) + return NULL; + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_rename( self->ldap, dn, newrdn, newSuperior, delold, server_ldcs, client_ldcs, &msgid ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_rename" ); + + return PyInt_FromLong( msgid ); +} + + +/* ldap_result4 */ + +static PyObject * +l_ldap_result4( LDAPObject* self, PyObject *args ) +{ + int msgid = LDAP_RES_ANY; + int all = 1; + double timeout = -1.0; + int add_ctrls = 0; + int add_intermediates = 0; + int add_extop = 0; + struct timeval tv; + struct timeval* tvp; + int res_type; + LDAPMessage *msg = NULL; + PyObject *result_str, *retval, *pmsg, *pyctrls = 0; + int res_msgid = 0; + char *retoid = 0; + PyObject *valuestr = 0; + + if (!PyArg_ParseTuple( args, "|iidiii", &msgid, &all, &timeout, &add_ctrls, &add_intermediates, &add_extop )) + return NULL; + if (not_valid(self)) return NULL; + + if (timeout >= 0) { + tvp = &tv; + set_timeval_from_double( tvp, timeout ); + } else { + tvp = NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + res_type = ldap_result( self->ldap, msgid, all, tvp, &msg ); + LDAP_END_ALLOW_THREADS( self ); + + if (res_type < 0) /* LDAP or system error */ + return LDAPerror( self->ldap, "ldap_result4" ); + + if (res_type == 0) { + /* Polls return (None, None, None, None); timeouts raise an exception */ + if (timeout == 0) { + if (add_extop) { + return Py_BuildValue("(OOOOOO)", Py_None, Py_None, Py_None, Py_None, Py_None, Py_None); + } else { + return Py_BuildValue("(OOOO)", Py_None, Py_None, Py_None, Py_None); + } + } + else + return LDAPerr(LDAP_TIMEOUT); + } + + if (msg) + res_msgid = ldap_msgid(msg); + + int result = LDAP_SUCCESS; + char **refs = NULL; + LDAPControl **serverctrls = 0; + LDAP_BEGIN_ALLOW_THREADS( self ); + if (res_type == LDAP_RES_SEARCH_ENTRY) { + /* LDAPmessage_to_python will parse entries and read the controls for each entry */ + } else if (res_type == LDAP_RES_SEARCH_REFERENCE) { + /* LDAPmessage_to_python will parse refs and read the controls for each res */ + } else if (res_type == LDAP_RES_INTERMEDIATE) { + /* LDAPmessage_to_python will parse intermediates and controls */ + } else { + int rc; + if (res_type == LDAP_RES_EXTENDED) { + struct berval *retdata = 0; + rc = ldap_parse_extended_result( self->ldap, msg, &retoid, &retdata, 0 ); + /* handle error rc!=0 here? */ + if (rc == LDAP_SUCCESS) { + valuestr = LDAPberval_to_object(retdata); + } + ber_bvfree( retdata ); + } + + rc = ldap_parse_result( self->ldap, msg, &result, NULL, NULL, &refs, + &serverctrls, 0 ); + } + LDAP_END_ALLOW_THREADS( self ); + + if (result != LDAP_SUCCESS) { /* result error */ + char *e, err[1024]; + if (result == LDAP_REFERRAL && refs && refs[0]) { + snprintf(err, sizeof(err), "Referral:\n%s", refs[0]); + e = err; + } else + e = "ldap_parse_result"; + ldap_msgfree(msg); + return LDAPerror( self->ldap, e ); + } + + if (!(pyctrls = LDAPControls_to_List(serverctrls))) { + int err = LDAP_NO_MEMORY; + ldap_set_option(self->ldap, LDAP_OPT_ERROR_NUMBER, &err); + ldap_msgfree(msg); + return LDAPerror(self->ldap, "LDAPControls_to_List"); + } + ldap_controls_free(serverctrls); + + pmsg = LDAPmessage_to_python( self->ldap, msg, add_ctrls, add_intermediates ); + + result_str = LDAPconstant( res_type ); + + if (pmsg == NULL) { + retval = NULL; + } else { + /* s handles NULL, but O does not */ + if (add_extop) { + retval = Py_BuildValue("(OOiOsO)", result_str, pmsg, res_msgid, + pyctrls, retoid, valuestr ? valuestr : Py_None); + } else { + retval = Py_BuildValue("(OOiO)", result_str, pmsg, res_msgid, pyctrls); + } + + if (pmsg != Py_None) { + Py_DECREF(pmsg); + } + } + if (valuestr) { + Py_DECREF(valuestr); + } + Py_XDECREF(pyctrls); + Py_DECREF(result_str); + return retval; +} + + +/* ldap_search_ext */ + +static PyObject* +l_ldap_search_ext( LDAPObject* self, PyObject* args ) +{ + char *base; + int scope; + char *filter; + PyObject *attrlist = Py_None; + char **attrs; + int attrsonly = 0; + + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + double timeout = -1.0; + struct timeval tv; + struct timeval* tvp; + + int sizelimit = 0; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple( args, "sis|OiOOdi", + &base, &scope, &filter, &attrlist, &attrsonly, + &serverctrls, &clientctrls, &timeout, &sizelimit )) return NULL; + if (not_valid(self)) return NULL; + + if (!attrs_from_List( attrlist, &attrs )) + return NULL; + + if (timeout >= 0) { + tvp = &tv; + set_timeval_from_double( tvp, timeout ); + } else { + tvp = NULL; + } + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_search_ext( self->ldap, base, scope, filter, attrs, attrsonly, + server_ldcs, client_ldcs, tvp, sizelimit, &msgid ); + LDAP_END_ALLOW_THREADS( self ); + + free_attrs( &attrs ); + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_search_ext" ); + + return PyInt_FromLong( msgid ); +} + + +/* ldap_whoami_s (available since OpenLDAP 2.1.13) */ + +static PyObject* +l_ldap_whoami_s( LDAPObject* self, PyObject* args ) +{ + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + struct berval *bvalue = NULL; + + PyObject *result; + + int ldaperror; + + if (!PyArg_ParseTuple( args, "|OO", &serverctrls, &clientctrls)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_whoami_s( self->ldap, &bvalue, server_ldcs, client_ldcs ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_whoami_s" ); + + result = LDAPberval_to_object(bvalue); + + return result; +} + +#ifdef HAVE_TLS +/* ldap_start_tls_s */ + +static PyObject* +l_ldap_start_tls_s( LDAPObject* self, PyObject* args ) +{ + int result; + + if (!PyArg_ParseTuple( args, "" )) return NULL; + if (not_valid(self)) return NULL; + + result = ldap_start_tls_s( self->ldap, NULL, NULL ); + if ( result != LDAP_SUCCESS ){ + ldap_set_option(self->ldap, LDAP_OPT_ERROR_NUMBER, &result); + return LDAPerror( self->ldap, "ldap_start_tls_s" ); + } + + Py_INCREF(Py_None); + return Py_None; +} + +#endif + +/* ldap_set_option */ + +static PyObject* +l_ldap_set_option(PyObject* self, PyObject *args) +{ + PyObject *value; + int option; + + if (!PyArg_ParseTuple(args, "iO:set_option", &option, &value)) + return NULL; + if (LDAP_set_option((LDAPObject *)self, option, value) == -1) + return NULL; + Py_INCREF(Py_None); + return Py_None; +} + + +/* ldap_get_option */ + +static PyObject* +l_ldap_get_option(PyObject* self, PyObject *args) +{ + int option; + + if (!PyArg_ParseTuple(args, "i:get_option", &option)) + return NULL; + return LDAP_get_option((LDAPObject *)self, option); +} + + +/* ldap_passwd */ + +static PyObject * +l_ldap_passwd( LDAPObject* self, PyObject *args ) +{ + struct berval user; + Py_ssize_t user_len; + struct berval oldpw; + Py_ssize_t oldpw_len; + struct berval newpw; + Py_ssize_t newpw_len; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple( args, "z#z#z#|OO", &user.bv_val, &user_len, &oldpw.bv_val, &oldpw_len, &newpw.bv_val, &newpw_len, &serverctrls, &clientctrls )) + return NULL; + + user.bv_len = (ber_len_t) user_len; + oldpw.bv_len = (ber_len_t) oldpw_len; + newpw.bv_len = (ber_len_t) newpw_len; + + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_passwd( self->ldap, + user.bv_val != NULL ? &user : NULL, + oldpw.bv_val != NULL ? &oldpw : NULL, + newpw.bv_val != NULL ? &newpw : NULL, + server_ldcs, + client_ldcs, + &msgid ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_passwd" ); + + return PyInt_FromLong( msgid ); +} + + +/* ldap_extended_operation */ + +static PyObject * +l_ldap_extended_operation( LDAPObject* self, PyObject *args ) +{ + char *reqoid = NULL; + struct berval reqvalue = {0, NULL}; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple( args, "sz#|OO", &reqoid, &reqvalue.bv_val, &reqvalue.bv_len, &serverctrls, &clientctrls )) + return NULL; + + if (not_valid(self)) return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_extended_operation( self->ldap, reqoid, + reqvalue.bv_val != NULL ? &reqvalue : NULL, + server_ldcs, + client_ldcs, + &msgid ); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if ( ldaperror!=LDAP_SUCCESS ) + return LDAPerror( self->ldap, "ldap_extended_operation" ); + + return PyInt_FromLong( msgid ); +} + +/* methods */ + +static PyMethodDef methods[] = { + {"unbind_ext", (PyCFunction)l_ldap_unbind_ext, METH_VARARGS }, + {"abandon_ext", (PyCFunction)l_ldap_abandon_ext, METH_VARARGS }, + {"add_ext", (PyCFunction)l_ldap_add_ext, METH_VARARGS }, + {"simple_bind", (PyCFunction)l_ldap_simple_bind, METH_VARARGS }, +#ifdef HAVE_SASL + {"sasl_interactive_bind_s", (PyCFunction)l_ldap_sasl_interactive_bind_s, METH_VARARGS }, +#endif + {"compare_ext", (PyCFunction)l_ldap_compare_ext, METH_VARARGS }, + {"delete_ext", (PyCFunction)l_ldap_delete_ext, METH_VARARGS }, + {"modify_ext", (PyCFunction)l_ldap_modify_ext, METH_VARARGS }, + {"rename", (PyCFunction)l_ldap_rename, METH_VARARGS }, + {"result4", (PyCFunction)l_ldap_result4, METH_VARARGS }, + {"search_ext", (PyCFunction)l_ldap_search_ext, METH_VARARGS }, +#ifdef HAVE_TLS + {"start_tls_s", (PyCFunction)l_ldap_start_tls_s, METH_VARARGS }, +#endif + {"whoami_s", (PyCFunction)l_ldap_whoami_s, METH_VARARGS }, + {"passwd", (PyCFunction)l_ldap_passwd, METH_VARARGS }, + {"set_option", (PyCFunction)l_ldap_set_option, METH_VARARGS }, + {"get_option", (PyCFunction)l_ldap_get_option, METH_VARARGS }, +#ifdef LDAP_API_FEATURE_CANCEL + {"cancel", (PyCFunction)l_ldap_cancel, METH_VARARGS }, +#endif + {"extop", (PyCFunction)l_ldap_extended_operation, METH_VARARGS }, + { NULL, NULL } +}; + +/* get attribute */ + +static PyObject* +getattr(LDAPObject* self, char* name) +{ + return Py_FindMethod(methods, (PyObject*)self, name); +} + +/* set attribute */ + +static int +setattr(LDAPObject* self, char* name, PyObject* value) +{ + PyErr_SetString(PyExc_AttributeError, name); + return -1; +} + +/* type entry */ + +PyTypeObject LDAP_Type = { +#if defined(MS_WINDOWS) || defined(__CYGWIN__) + /* see http://www.python.org/doc/FAQ.html#3.24 */ + PyObject_HEAD_INIT(NULL) +#else /* ! MS_WINDOWS */ + PyObject_HEAD_INIT(&PyType_Type) +#endif /* MS_WINDOWS */ + 0, /*ob_size*/ + "LDAP", /*tp_name*/ + sizeof(LDAPObject), /*tp_basicsize*/ + 0, /*tp_itemsize*/ + /* methods */ + (destructor)dealloc, /*tp_dealloc*/ + 0, /*tp_print*/ + (getattrfunc)getattr, /*tp_getattr*/ + (setattrfunc)setattr, /*tp_setattr*/ + 0, /*tp_compare*/ + 0, /*tp_repr*/ + 0, /*tp_as_number*/ + 0, /*tp_as_sequence*/ + 0, /*tp_as_mapping*/ + 0, /*tp_hash*/ +}; From b89890494322a50720630fc049a27f9daa35533b Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 15 Apr 2011 08:40:19 +0000 Subject: [PATCH 051/868] Small demo script for ldap.controls.psearch --- Demo/pyasn1/psearch.py | 79 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 Demo/pyasn1/psearch.py diff --git a/Demo/pyasn1/psearch.py b/Demo/pyasn1/psearch.py new file mode 100644 index 0000000..86bdb37 --- /dev/null +++ b/Demo/pyasn1/psearch.py @@ -0,0 +1,79 @@ +# -*- coding: utf-8 -*- +""" +Demo script for Persistent Search Control +(see http://tools.ietf.org/html/draft-ietf-ldapext-psearch) + +See http://www.python-ldap.org/ for project details. +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +import sys,ldap,ldapurl,getpass + +from ldap.controls.psearch import PersistentSearchControl,EntryChangeNotificationControl,CHANGE_TYPES_STR + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +except IndexError: + print 'Usage: psearch.py ' + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.cred is None: + print 'Password for %s:' % (repr(ldap_url.who)) + ldap_url.cred = getpass.getpass() + +try: + ldap_conn.simple_bind_s(ldap_url.who,ldap_url.cred) + +except ldap.INVALID_CREDENTIALS,e: + print 'Simple bind failed:',str(e) + sys.exit(1) + +psc = PersistentSearchControl() + +msg_id = ldap_conn.search_ext( + ldap_url.dn, + ldap_url.scope, + ldap_url.filterstr, + attrlist = ldap_url.attrs or ['*','+'], + serverctrls=[psc], +) + +while True: + try: + res_type,res_data,res_msgid,_,_,_ = ldap_conn.result4( + msg_id, + all=0, + timeout=10.0, + add_ctrls=1, + add_intermediates=1, + resp_ctrl_classes={EntryChangeNotificationControl.controlType:EntryChangeNotificationControl}, + ) + except ldap.TIMEOUT: + print 'Timeout waiting for results...' + else: + for dn,entry,srv_ctrls in res_data: + ecn_ctrls = [ + c + for c in srv_ctrls + if c.controlType == EntryChangeNotificationControl.controlType + ] + + if ecn_ctrls: + changeType,previousDN,changeNumber = ecn_ctrls[0].changeType,ecn_ctrls[0].previousDN,ecn_ctrls[0].changeNumber + change_type_desc = CHANGE_TYPES_STR[changeType] + print 'changeType: %s (%d), changeNumber: %s, previousDN: %s' % (change_type_desc,changeType,changeNumber,repr(previousDN)) From 88d35a8369ebc3d65740d777f39bdc0fd96d834a Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 6 Jun 2011 13:07:38 +0000 Subject: [PATCH 052/868] ldap.modlist.modifyModlist(): New key-word argument case_ignore_attr_types used to define attribute types for which comparison of old and new values should be case-insensitive --- Lib/ldap/modlist.py | 126 ++++++++++++++++++++++++++++++ Tests/Lib/ldap/test_modlist.py | 137 +++++++++++++++++++++++++++++++++ 2 files changed, 263 insertions(+) create mode 100644 Lib/ldap/modlist.py create mode 100644 Tests/Lib/ldap/test_modlist.py diff --git a/Lib/ldap/modlist.py b/Lib/ldap/modlist.py new file mode 100644 index 0000000..b0fe364 --- /dev/null +++ b/Lib/ldap/modlist.py @@ -0,0 +1,126 @@ +""" +ldap.modlist - create add/modify modlist's + +See http://www.python-ldap.org/ for details. + +$Id: modlist.py,v 1.18 2011/06/06 13:07:38 stroeder Exp $ + +Python compability note: +This module is known to work with Python 2.0+ but should work +with Python 1.5.2 as well. +""" + +from ldap import __version__ + +import string,ldap,ldap.cidict + + +def list_dict(l,case_insensitive=0): + """ + return a dictionary with all items of l being the keys of the dictionary + + If argument case_insensitive is non-zero ldap.cidict.cidict will be + used for case-insensitive string keys + """ + if case_insensitive: + d = ldap.cidict.cidict() + else: + d = {} + for i in l: + d[i]=None + return d + + +def addModlist(entry,ignore_attr_types=None): + """Build modify list for call of method LDAPObject.add()""" + ignore_attr_types = list_dict(map(string.lower,(ignore_attr_types or []))) + modlist = [] + for attrtype in entry.keys(): + if ignore_attr_types.has_key(string.lower(attrtype)): + # This attribute type is ignored + continue + # Eliminate empty attr value strings in list + attrvaluelist = filter(lambda x:x!=None,entry[attrtype]) + if attrvaluelist: + modlist.append((attrtype,entry[attrtype])) + return modlist # addModlist() + + +def modifyModlist( + old_entry,new_entry,ignore_attr_types=None,ignore_oldexistent=0,case_ignore_attr_types=None +): + """ + Build differential modify list for calling LDAPObject.modify()/modify_s() + + old_entry + Dictionary holding the old entry + new_entry + Dictionary holding what the new entry should be + ignore_attr_types + List of attribute type names to be ignored completely + ignore_oldexistent + If non-zero attribute type names which are in old_entry + but are not found in new_entry at all are not deleted. + This is handy for situations where your application + sets attribute value to '' for deleting an attribute. + In most cases leave zero. + case_ignore_attr_types + List of attribute type names for which comparison will be made + case-insensitive + """ + ignore_attr_types = list_dict(map(string.lower,(ignore_attr_types or []))) + case_ignore_attr_types = list_dict(map(string.lower,(case_ignore_attr_types or []))) + modlist = [] + attrtype_lower_map = {} + for a in old_entry.keys(): + attrtype_lower_map[string.lower(a)]=a + for attrtype in new_entry.keys(): + attrtype_lower = string.lower(attrtype) + if ignore_attr_types.has_key(attrtype_lower): + # This attribute type is ignored + continue + # Filter away null-strings + new_value = filter(lambda x:x!=None,new_entry[attrtype]) + if attrtype_lower_map.has_key(attrtype_lower): + old_value = old_entry.get(attrtype_lower_map[attrtype_lower],[]) + old_value = filter(lambda x:x!=None,old_value) + del attrtype_lower_map[attrtype_lower] + else: + old_value = [] + if not old_value and new_value: + # Add a new attribute to entry + modlist.append((ldap.MOD_ADD,attrtype,new_value)) + elif old_value and new_value: + # Replace existing attribute + replace_attr_value = len(old_value)!=len(new_value) + if not replace_attr_value: + case_insensitive = case_ignore_attr_types.has_key(attrtype_lower) + old_value_dict=list_dict(old_value,case_insensitive) + new_value_dict=list_dict(new_value,case_insensitive) + delete_values = [] + for v in old_value: + if not new_value_dict.has_key(v): + replace_attr_value = 1 + break + add_values = [] + if not replace_attr_value: + for v in new_value: + if not old_value_dict.has_key(v): + replace_attr_value = 1 + break + if replace_attr_value: + modlist.append((ldap.MOD_DELETE,attrtype,None)) + modlist.append((ldap.MOD_ADD,attrtype,new_value)) + elif old_value and not new_value: + # Completely delete an existing attribute + modlist.append((ldap.MOD_DELETE,attrtype,None)) + if not ignore_oldexistent: + # Remove all attributes of old_entry which are not present + # in new_entry at all + for a in attrtype_lower_map.keys(): + if ignore_attr_types.has_key(a): + # This attribute type is ignored + continue + attrtype = attrtype_lower_map[a] + modlist.append((ldap.MOD_DELETE,attrtype,None)) + return modlist # modifyModlist() diff --git a/Tests/Lib/ldap/test_modlist.py b/Tests/Lib/ldap/test_modlist.py new file mode 100644 index 0000000..fef0f65 --- /dev/null +++ b/Tests/Lib/ldap/test_modlist.py @@ -0,0 +1,137 @@ +""" +Tests for module ldap.modlist +""" + +import ldap + +from ldap.modlist import addModlist,modifyModlist + +print '\nTesting function addModlist():' +addModlist_tests = [ + ( + { + 'objectClass':['person','pilotPerson'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':['Str\303\266der'], + 'dummy1':[], + 'dummy2':['2'], + 'dummy3':[''], + }, + [ + ('objectClass',['person','pilotPerson']), + ('cn',['Michael Str\303\266der','Michael Stroeder']), + ('sn',['Str\303\266der']), + ('dummy2',['2']), + ('dummy3',['']), + ] + ), +] +for entry,test_modlist in addModlist_tests: + test_modlist.sort() + result_modlist = addModlist(entry) + result_modlist.sort() + if test_modlist!=result_modlist: + print 'addModlist(%s) returns\n%s\ninstead of\n%s.' % ( + repr(entry),repr(result_modlist),repr(test_modlist) + ) + +print '\nTesting function modifyModlist():' +modifyModlist_tests = [ + + ( + { + 'objectClass':['person','pilotPerson'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':['Str\303\266der'], + 'enum':['a','b','c'], + 'c':['DE'], + }, + { + 'objectClass':['person','inetOrgPerson'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':[], + 'enum':['a','b','d'], + 'mail':['michael@stroeder.com'], + }, + [], + [ + (ldap.MOD_DELETE,'objectClass',None), + (ldap.MOD_ADD,'objectClass',['person','inetOrgPerson']), + (ldap.MOD_DELETE,'c',None), + (ldap.MOD_DELETE,'sn',None), + (ldap.MOD_ADD,'mail',['michael@stroeder.com']), + (ldap.MOD_DELETE,'enum',None), + (ldap.MOD_ADD,'enum',['a','b','d']), + ] + ), + + ( + { + 'c':['DE'], + }, + { + 'c':['FR'], + }, + [], + [ + (ldap.MOD_DELETE,'c',None), + (ldap.MOD_ADD,'c',['FR']), + ] + ), + + # Now a weird test-case for catching all possibilities + # of removing an attribute with MOD_DELETE,attr_type,None + ( + { + 'objectClass':['person'], + 'cn':[None], + 'sn':[''], + 'c':['DE'], + }, + { + 'objectClass':[], + 'cn':[], + 'sn':[None], + }, + [], + [ + (ldap.MOD_DELETE,'c',None), + (ldap.MOD_DELETE,'objectClass',None), + (ldap.MOD_DELETE,'sn',None), + ] + ), + + ( + { + 'objectClass':['person'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':['Str\303\266der'], + 'enum':['a','b','C'], + }, + { + 'objectClass':['Person'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':[], + 'enum':['a','b','c'], + }, + ['objectClass'], + [ + (ldap.MOD_DELETE,'sn',None), + (ldap.MOD_DELETE,'enum',None), + (ldap.MOD_ADD,'enum',['a','b','c']), + ] + ), + +] +for old_entry,new_entry,case_ignore_attr_types,test_modlist in modifyModlist_tests: + test_modlist.sort() + result_modlist = modifyModlist(old_entry,new_entry,case_ignore_attr_types=case_ignore_attr_types) + result_modlist.sort() + + if test_modlist!=result_modlist: + print 'modifyModlist(%s,%s) returns\n%s\ninstead of\n%s.' % ( + repr(old_entry), + repr(new_entry), + repr(result_modlist), + repr(test_modlist) + ) From f4933175f36d230075f9c27bacb02a9753773855 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 8 Jun 2011 20:36:18 +0000 Subject: [PATCH 053/868] Test all LDAP operations --- Demo/pyasn1/readentrycontrol.py | 112 ++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 Demo/pyasn1/readentrycontrol.py diff --git a/Demo/pyasn1/readentrycontrol.py b/Demo/pyasn1/readentrycontrol.py new file mode 100644 index 0000000..077fe6c --- /dev/null +++ b/Demo/pyasn1/readentrycontrol.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python +""" +This sample script demonstrates the use of the pre-read control (see RFC 4527). + +Originally contributed by Andreas Hasenack + +Requires module pyasn1 (see http://pyasn1.sourceforge.net/) +""" + +import pprint,ldap,ldap.modlist + +from ldap.controls.readentry import PreReadControl,PostReadControl + +uri = "ldap://localhost:2071/" + +l = ldap.initialize(uri,trace_level=2) +l.simple_bind_s('uid=diradm,ou=schulung,dc=stroeder,dc=local','testsecret') + +print """#--------------------------------------------------------------------------- +# Add new entry +#--------------------------------------------------------------------------- +""" + +new_test_dn = "uid=ablume,ou=Users,ou=schulung,dc=stroeder,dc=local" +new_test_dn2 = "uid=ablume2,ou=Users,ou=schulung,dc=stroeder,dc=local" +new_test_entry = { + 'objectClass':['account','posixAccount'], + 'uid':['ablume'], + 'cn':['Anna Blume'], + 'uidNumber':['10000'], + 'gidNumber':['10000'], + 'homeDirectory':['/home/ablume'], +} + +pr = PostReadControl(criticality=True,attrList=['entryUUID','entryCSN']) + +msg_id = l.add_ext( + new_test_dn, + ldap.modlist.addModlist(new_test_entry), + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print "resp_ctrls[0].dn:",resp_ctrls[0].dn +print "resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry) + +print """#--------------------------------------------------------------------------- +# Modify entry +#--------------------------------------------------------------------------- +""" + +pr = PreReadControl(criticality=True,attrList=['uidNumber','gidNumber','entryCSN']) + +msg_id = l.modify_ext( + new_test_dn, + [(ldap.MOD_INCREMENT, "uidNumber", "1"),(ldap.MOD_INCREMENT, "gidNumber", "1")], + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print "resp_ctrls[0].dn:",resp_ctrls[0].dn +print "resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry) + +pr = PostReadControl(criticality=True,attrList=['uidNumber','gidNumber','entryCSN']) + +msg_id = l.modify_ext( + new_test_dn, + [(ldap.MOD_INCREMENT, "uidNumber", "1"),(ldap.MOD_INCREMENT, "gidNumber", "1")], + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print "resp_ctrls[0].dn:",resp_ctrls[0].dn +print "resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry) + +print """#--------------------------------------------------------------------------- +# Rename entry +#--------------------------------------------------------------------------- +""" + +pr = PostReadControl(criticality=True,attrList=['uid']) +msg_id = l.rename( + new_test_dn, + "uid=ablume2", + delold=1, + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print "resp_ctrls[0].dn:",resp_ctrls[0].dn +print "resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry) + +pr = PreReadControl(criticality=True,attrList=['uid']) +msg_id = l.rename( + new_test_dn2, + "uid=ablume", + delold=1, + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print "resp_ctrls[0].dn:",resp_ctrls[0].dn +print "resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry) + +print """#--------------------------------------------------------------------------- +# Delete entry +#--------------------------------------------------------------------------- +""" + +pr = PreReadControl(criticality=True,attrList=['*','+']) +msg_id = l.delete_ext( + new_test_dn, + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print "resp_ctrls[0].dn:",resp_ctrls[0].dn +print "resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry) From b7d0dd2a9ab3417fd59fa06780c1bff63803b6ec Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 1 Jul 2011 16:54:50 +0000 Subject: [PATCH 054/868] Corrected tag [1] since a fix for OpenLDAP is available to make it compliant to RFC 2589 --- Lib/ldap/extop/dds.py | 79 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 Lib/ldap/extop/dds.py diff --git a/Lib/ldap/extop/dds.py b/Lib/ldap/extop/dds.py new file mode 100644 index 0000000..5844a61 --- /dev/null +++ b/Lib/ldap/extop/dds.py @@ -0,0 +1,79 @@ +# -*- coding: utf-8 -*- +""" +ldap.extop.dds - Classes for Dynamic Entries extended operations +(see RFC 2589) + +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +from ldap.extop import ExtendedRequest,ExtendedResponse + +# Imports from pyasn1 +from pyasn1.type import namedtype,univ,tag +from pyasn1.codec.der import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPDN + + +class RefreshRequest(ExtendedRequest): + + requestName = '1.3.6.1.4.1.1466.101.119.1' + defaultRequestTtl = 86400 + + class RefreshRequestValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'entryName', + LDAPDN().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) + ) + ), + namedtype.NamedType( + 'requestTtl', + univ.Integer().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + ) + ), + ) + + def __init__(self,requestName=None,entryName=None,requestTtl=None): + self.entryName = entryName + self.requestTtl = requestTtl or self.defaultRequestTtl + + def encodedRequestValue(self): + p = self.RefreshRequestValue() + p.setComponentByName( + 'entryName', + LDAPDN(self.entryName).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,0) + ) + ) + p.setComponentByName( + 'requestTtl', + univ.Integer(self.requestTtl).subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + ) + ) + return encoder.encode(p) + + +class RefreshResponse(ExtendedResponse): + responseName = '1.3.6.1.4.1.1466.101.119.1' + + class RefreshResponseValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'responseTtl', + univ.Integer().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + ) + ) + ) + + def decodeResponseValue(self,value): + respValue,_ = decoder.decode(value,asn1Spec=self.RefreshResponseValue()) + self.responseTtl = int(respValue.getComponentByName('responseTtl')) + return self.responseTtl From cb07e1de4c75291c61b66a19306fc84104ede9a2 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 5 Jul 2011 13:53:12 +0000 Subject: [PATCH 055/868] New module ldap.controls.sessiontrack --- Demo/pyasn1/sessiontrack.py | 59 +++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 Demo/pyasn1/sessiontrack.py diff --git a/Demo/pyasn1/sessiontrack.py b/Demo/pyasn1/sessiontrack.py new file mode 100644 index 0000000..dd4797e --- /dev/null +++ b/Demo/pyasn1/sessiontrack.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +""" +demo_track_ldap_session.py + +Client-seitige Demo-Implementierung von Session Tracking Control + +http://tools.ietf.org/html/draft-wahl-ldap-session-03 +""" + +__version__ = '0.1' + +import sys,getpass,ldap,ldapurl + +from ldap.controls.sessiontrack import SessionTrackingControl,SESSION_TRACKING_FORMAT_OID_USERNAME + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +except IndexError,ValueError: + print 'Usage: %s ' % (sys.argv[0]) + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.who and ldap_url.cred is None: + print 'Password for %s:' % (repr(ldap_url.who)) + ldap_url.cred = getpass.getpass() + +try: + ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') + +except ldap.INVALID_CREDENTIALS,e: + print 'Simple bind failed:',str(e) + sys.exit(1) + +st_ctrl = SessionTrackingControl( + '192.0.2.1', + 'app.example.com', + SESSION_TRACKING_FORMAT_OID_USERNAME, + 'bloggs' +) + +ldap_conn.search_ext_s( + ldap_url.dn or '', + ldap_url.scope or ldap.SCOPE_SUBTREE, + ldap_url.filterstr or '(objectClass=*)', + ldap_url.attrs or ['*'], + serverctrls=[st_ctrl] +) + From 3164f072dd4eff13ac0cab5b20fb0e7e4472d8cd Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 8 Jul 2011 10:15:26 +0000 Subject: [PATCH 056/868] OIDs and NAMEs are checked for uniqueness --- Demo/schema.py | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 Demo/schema.py diff --git a/Demo/schema.py b/Demo/schema.py new file mode 100644 index 0000000..c8103f3 --- /dev/null +++ b/Demo/schema.py @@ -0,0 +1,63 @@ +import sys,ldap,ldap.schema + +schema_attrs = ldap.schema.SCHEMA_ATTRS + +ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) + +ldap._trace_level = 0 + +subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1]) + +if subschemasubentry_dn is None: + print 'No sub schema sub entry found!' + sys.exit(1) + +if schema.non_unique_oids: + print '*** Schema errors ***' + print 'non-unique OIDs:\n','\r\n'.join(schema.non_unique_oids) + +print '*** Schema from',repr(subschemasubentry_dn) + +# Display schema +for attr_type,schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(): + print '*'*20,attr_type,'*'*20 + for element_id in schema.listall(schema_class): + se_orig = schema.get_obj(schema_class,element_id) + print attr_type,str(se_orig) +print '*** Testing object class inetOrgPerson ***' + +drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink') +if not drink is None: + print '*** drink ***' + print 'drink.names',repr(drink.names) + print 'drink.collective',repr(drink.collective) + +inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson') +if not inetOrgPerson is None: + print inetOrgPerson.must,inetOrgPerson.may + +print '*** person,organizationalPerson,inetOrgPerson ***' +try: + print schema.attribute_types( + ['person','organizationalPerson','inetOrgPerson'] + ) + print schema.attribute_types( + ['person','organizationalPerson','inetOrgPerson'], + attr_type_filter = [ + ('no_user_mod',[0]), + ('usage',range(2)), + ] + ) +except KeyError,e: + print '***KeyError',str(e) + + +schema.ldap_entry() + +print str(schema.get_obj(ldap.schema.MatchingRule,'2.5.13.0')) +print str(schema.get_obj(ldap.schema.MatchingRuleUse,'2.5.13.0')) + +print str(schema.get_obj(ldap.schema.AttributeType,'name')) +print str(schema.get_inheritedobj(ldap.schema.AttributeType,'cn',['syntax','equality','substr','ordering'])) + +must_attr,may_attr = schema.attribute_types(['person','organizationalPerson','inetOrgPerson'],raise_keyerror=0) From cb324f9372d2e65b21bd499981a15a07b7ae5410 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 21 Jul 2011 18:29:14 +0000 Subject: [PATCH 057/868] Empty file must be there --- PKG-INFO | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 PKG-INFO diff --git a/PKG-INFO b/PKG-INFO new file mode 100644 index 0000000..e69de29 From 914ef85f3ac80016ed1fa6b93cd6b1a804acb87c Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 21 Jul 2011 20:33:26 +0000 Subject: [PATCH 058/868] Usage of Sphinx domains, lots of clean-ups and repaired function/method results --- Doc/ldap-filter.rst | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 Doc/ldap-filter.rst diff --git a/Doc/ldap-filter.rst b/Doc/ldap-filter.rst new file mode 100644 index 0000000..8295792 --- /dev/null +++ b/Doc/ldap-filter.rst @@ -0,0 +1,41 @@ +.. % $Id: ldap-filter.rst,v 1.4 2011/07/21 20:33:26 stroeder Exp $ + + +:py:mod:`ldap.filter` LDAP filter handling +============================================ + +.. py:module:: ldap.filter + :synopsis: LDAP filter handling. +.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) + + +.. % Author of the module code; + + +.. seealso:: + + :rfc:`4515` - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. + +The :mod:`ldap.filter` module defines the following functions: + + +.. function:: escape_filter_chars(assertion_value[, escape_mode=0]) + + This function escapes characters in *assertion_value* which are special in LDAP + filters. You should use this function when building LDAP filter strings from + arbitrary input. *escape_mode* means: If :const:`0` only special chars + mentioned in RFC 4515 are escaped. If :const:`1` all NON-ASCII chars are + escaped. If :const:`2` all chars are escaped. + + .. % -> string + + +.. function:: filter_format(filter_template, assertion_values) + + This function applies :func:`escape_filter_chars` to each of the strings in + list *assertion_values*. After that *filter_template* containing as many + :const:`%s` placeholders as count of assertion values is used to build the + whole filter string. + + .. % -> string + From bd12e58aa5801f036d182ec6ce2d1aad87694d32 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 22 Jul 2011 07:20:53 +0000 Subject: [PATCH 059/868] Reference newer LDAPv3 RFC 4515 --- Lib/ldap/filter.py | 55 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 Lib/ldap/filter.py diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py new file mode 100644 index 0000000..23f34c6 --- /dev/null +++ b/Lib/ldap/filter.py @@ -0,0 +1,55 @@ +""" +filters.py - misc stuff for handling LDAP filter strings (see RFC2254) + +See http://www.python-ldap.org/ for details. + +\$Id: filter.py,v 1.9 2011/07/22 07:20:53 stroeder Exp $ + +Compability: +- Tested with Python 2.0+ +""" + +from ldap import __version__ + + +def escape_filter_chars(assertion_value,escape_mode=0): + """ + Replace all special characters found in assertion_value + by quoted notation. + + escape_mode + If 0 only special chars mentioned in RFC 4515 are escaped. + If 1 all NON-ASCII chars are escaped. + If 2 all chars are escaped. + """ + if escape_mode: + r = [] + if escape_mode==1: + for c in assertion_value: + if c < '0' or c > 'z' or c in "\\*()": + c = "\\%02x" % ord(c) + r.append(c) + elif escape_mode==2: + for c in assertion_value: + r.append("\\%02x" % ord(c)) + else: + raise ValueError('escape_mode must be 0, 1 or 2.') + s = ''.join(r) + else: + s = assertion_value.replace('\\', r'\5c') + s = s.replace(r'*', r'\2a') + s = s.replace(r'(', r'\28') + s = s.replace(r')', r'\29') + s = s.replace('\x00', r'\00') + return s + + +def filter_format(filter_template,assertion_values): + """ + filter_template + String containing %s as placeholder for assertion values. + assertion_values + List or tuple of assertion values. Length must match + count of %s in filter_template. + """ + return filter_template % (tuple(map(escape_filter_chars,assertion_values))) From 9b1b2d0fbcd7d2ffc9f8f70205b8fb9baca328a4 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 22 Jul 2011 07:43:45 +0000 Subject: [PATCH 060/868] Separate seealso for LDAPv2 RFC --- Doc/ldap-dn.rst | 114 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 Doc/ldap-dn.rst diff --git a/Doc/ldap-dn.rst b/Doc/ldap-dn.rst new file mode 100644 index 0000000..81b6ba7 --- /dev/null +++ b/Doc/ldap-dn.rst @@ -0,0 +1,114 @@ +.. % $Id: ldap-dn.rst,v 1.6 2011/07/22 07:43:45 stroeder Exp $ + + +:py:mod:`ldap.dn` LDAP Distinguished Name handling +==================================================== + +.. py:module:: ldap.dn + :synopsis: LDAP Distinguished Name handling. +.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) + + +.. % Author of the module code; + + +.. seealso:: + + For LDAPv3 DN syntax see: + + :rfc:`4514` - Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names + +.. seealso:: + + For deprecated LDAPv2 DN syntax (obsoleted by LDAPv3) see: + + :rfc:`1779` - A String Representation of Distinguished Names + +The :mod:`ldap.dn` module defines the following functions: + + +.. function:: escape_dn_chars(s) + + This function escapes characters in string *s* which are special in LDAP + distinguished names. You should use this function when building LDAP DN strings + from arbitrary input. + + .. % -> string + + +.. function:: str2dn(s [, flags=0]) + + This function takes *s* and breaks it up into its component parts down to AVA + level. The optional parameter *flags* describes the DN format of s (see + :ref:`ldap-dn-flags`). Note that hex-encoded non-ASCII chars are decoded + to the raw bytes. + + .. % -> list + + +.. function:: dn2str(dn) + + This function takes a decomposed DN in *dn* and returns a single string. It's + the inverse to :func:`str2dn`. Special characters are escaped with the help of + function :func:`escape_dn_chars`. + + .. % -> string + + +.. function:: explode_dn(dn [, notypes=0[, flags=0]]) + + This function takes *dn* and breaks it up into its component parts. Each part + is known as an RDN (Relative Distinguished Name). The optional *notypes* + parameter is used to specify that only the RDN values be returned and not + their types. The optional parameter *flags* describes the DN format of s (see + :ref:`ldap-dn-flags`). This function is emulated by function + :func:`str2dn` since the function ldap_explode_dn() in the C library is + deprecated. + + .. % -> list + + +.. function:: explode_rdn(rdn [, notypes=0[, flags=0]]) + + This function takes a (multi-valued) *rdn* and breaks it up into a list of + characteristic attributes. The optional *notypes* parameter is used to specify + that only the RDN values be returned and not their types. The optional *flags* + parameter describes the DN format of s (see :ref:`ldap-dn-flags`). This + function is emulated by function :func:`str2dn` since the function + ldap_explode_rdn() in the C library is deprecated. + + .. % -> list + + +.. _ldap-dn-example: + +Examples +^^^^^^^^^ + +Splitting a LDAPv3 DN to AVA level. Note that both examples have the same result +but in the first example the non-ASCII chars are passed as is (byte buffer string) +whereas in the second example the hex-encoded DN representation are passed to the function. + +>>> ldap.dn.str2dn('cn=Michael Str\xc3\xb6der,dc=stroeder,dc=com',flags=ldap.DN_FORMAT_LDAPV3) +[[('cn', 'Michael Str\xc3\xb6der', 4)], [('dc', 'stroeder', 1)], [('dc', 'com', 1)]] +>>> ldap.dn.str2dn('cn=Michael Str\C3\B6der,dc=stroeder,dc=com',flags=ldap.DN_FORMAT_LDAPV3) +[[('cn', 'Michael Str\xc3\xb6der', 4)], [('dc', 'stroeder', 1)], [('dc', 'com', 1)]] + + +Splitting a LDAPv2 DN into RDN parts: + +>>> ldap.dn.explode_dn('cn=Michael Stroeder;dc=stroeder;dc=com',flags=ldap.DN_FORMAT_LDAPV2) +['cn=Michael Stroeder', 'dc=stroeder', 'dc=com'] + + +Splitting a multi-valued RDN: + +>>> ldap.dn.explode_rdn('cn=Michael Stroeder+mail=michael@stroeder.com',flags=ldap.DN_FORMAT_LDAPV2) +['cn=Michael Stroeder', 'mail=michael@stroeder.com'] + +Splitting a LDAPv3 DN with a multi-valued RDN into its AVA parts: + + +>>> ldap.dn.str2dn('cn=Michael Stroeder+mail=michael@stroeder.com,dc=stroeder,dc=com') +[[('cn', 'Michael Stroeder', 1), ('mail', 'michael@stroeder.com', 1)], [('dc', 'stroeder', 1)], [('dc', 'com', 1)]] + From 4cf7cb577ffee107e2796af37ec90e3e34378b81 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 22 Jul 2011 13:27:01 +0000 Subject: [PATCH 061/868] doc-string based docs --- Doc/ldapurl.rst | 126 +++++++++++++++++++++++++++++++++++++ Lib/ldap/extop/__init__.py | 74 ++++++++++++++++++++++ 2 files changed, 200 insertions(+) create mode 100644 Doc/ldapurl.rst create mode 100644 Lib/ldap/extop/__init__.py diff --git a/Doc/ldapurl.rst b/Doc/ldapurl.rst new file mode 100644 index 0000000..b5bea92 --- /dev/null +++ b/Doc/ldapurl.rst @@ -0,0 +1,126 @@ +.. % $Id: ldapurl.rst,v 1.9 2011/07/22 13:27:01 stroeder Exp $ + +################################### +:py:mod:`ldapurl` LDAP URL handling +################################### + +.. py:module:: ldapurl + :synopsis: Parses and generates LDAP URLs +.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) + + +This module parses and generates LDAP URLs. It is implemented in pure Python +and does not rely on any non-standard modules. Therefore it can be used stand- +alone without the rest of the python-ldap package. Compability note: This +module has been solely tested on Python 2.x and above. + +.. seealso:: + + :rfc:`4516` - The LDAP URL Format + + +Constants +========= + +The :mod:`ldapurl` module exports the following constants: + +.. py:data:: SEARCH_SCOPE + + This dictionary maps a search scope string identifier to the corresponding + integer value used with search operations in :mod:`ldap`. + + +.. py:data:: SEARCH_SCOPE_STR + + This dictionary is the inverse to :const:`SEARCH_SCOPE`. It maps a search scope + integer value to the corresponding string identifier used in a LDAP URL string + representation. + + +.. py:data:: LDAP_SCOPE_BASE + + +.. py:data:: LDAP_SCOPE_ONELEVEL + + +.. py:data:: LDAP_SCOPE_SUBTREE + + +Functions +========= + +.. autofunction:: ldapurl.isLDAPUrl + + +.. autofunction:: ldapurl.ldapUrlEscape + + +Classes +======= + +.. _ldapurl-ldapurl: + +LDAP URLs +^^^^^^^^^ + +A :py:class:`LDAPUrl` object represents a complete LDAP URL. + +.. autoclass:: ldapurl.LDAPUrl + + +LDAP URL extensions +^^^^^^^^^^^^^^^^^^^ + +A :py:class:`LDAPUrlExtension` object represents a single LDAP URL extension +whereas :py:class:`LDAPUrlExtensions` represents a list of LDAP URL extensions. + + +.. _ldapurl-ldapurlextension: + +.. autoclass:: ldapurl.LDAPUrlExtension + +.. _ldapurl-ldapurlextensions: + +.. autoclass:: ldapurl.LDAPUrlExtensions + + +.. _ldapurl-example: + +Example +^^^^^^^ + +Important security advice: +For security reasons you shouldn't specify passwords in LDAP URLs +unless you really know what you are doing. + +The following example demonstrates how to parse a LDAP URL +with :mod:`ldapurl` module. + + +>>> import ldapurl +>>> ldap_url = ldapurl.LDAPUrl('ldap://localhost:1389/dc=stroeder,dc=com?cn,mail???bindname=cn=Michael%2cdc=stroeder%2cdc=com,X-BINDPW=secret') +>>> # Using the parsed LDAP URL by reading the class attributes +>>> ldap_url.dn +'dc=stroeder,dc=com' +>>> ldap_url.hostport +'localhost:1389' +>>> ldap_url.attrs +['cn','mail'] +>>> ldap_url.filterstr +'(objectclass=*)' +>>> ldap_url.who +'cn=Michael,dc=stroeder,dc=com' +>>> ldap_url.cred +'secret' +>>> ldap_url.scope +0 + + +The following example demonstrates how to generate a LDAP URL +with \module{ldapurl} module. + +>>> import ldapurl +>>> ldap_url = ldapurl.LDAPUrl(hostport='localhost:1389',dn='dc=stroeder,dc=com',attrs=['cn','mail'],who='cn=Michael,dc=stroeder,dc=com',cred='secret') +>>> ldap_url.unparse() +'ldap://localhost:1389/dc=stroeder,dc=com?cn,mail?base?(objectclass=*)?bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secret' + diff --git a/Lib/ldap/extop/__init__.py b/Lib/ldap/extop/__init__.py new file mode 100644 index 0000000..2ab61c6 --- /dev/null +++ b/Lib/ldap/extop/__init__.py @@ -0,0 +1,74 @@ +""" +controls.py - support classes for LDAPv3 extended operations + +See http://www.python-ldap.org/ for details. + +\$Id: __init__.py,v 1.4 2011/07/22 13:27:02 stroeder Exp $ + +Description: +The ldap.extop module provides base classes for LDAPv3 extended operations. +Each class provides support for a certain extended operation request and +response. +""" + +from ldap import __version__ + + +class ExtendedRequest: + """ + Generic base class for a LDAPv3 extended operation request + + requestName + OID as string of the LDAPv3 extended operation request + requestValue + value of the LDAPv3 extended operation request + (here it is the BER-encoded ASN.1 request value) + """ + + def __init__(self,requestName,requestValue): + self.requestName = requestName + self.requestValue = requestValue + + def __repr__(self): + return '%s(%s,%s)' % (self.__class__.__name__,self.requestName,self.requestValue) + + def encodedRequestValue(self): + """ + returns the BER-encoded ASN.1 request value composed by class attributes + set before + """ + return self.requestValue + + +class ExtendedResponse: + """ + Generic base class for a LDAPv3 extended operation response + + requestName + OID as string of the LDAPv3 extended operation response + encodedResponseValue + BER-encoded ASN.1 value of the LDAPv3 extended operation response + """ + + def __init__(self,responseName,encodedResponseValue): + self.responseName = responseName + self.responseValue = self.decodeResponseValue(encodedResponseValue) + + def __repr__(self): + return '%s(%s,%s)' % (self.__class__.__name__,self.responseName,self.responseValue) + + def decodeResponseValue(self,value): + """ + decodes the BER-encoded ASN.1 extended operation response value and + sets the appropriate class attributes + """ + return value + + +# Optionally import sub-modules which need pyasn1 et al +try: + import pyasn1,pyasn1_modules.rfc2251 +except ImportError: + pass +else: + from ldap.extop.dds import * From 68efa3feb60e918a75ffe5910c17394fdb9d5495 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 22 Jul 2011 13:47:47 +0000 Subject: [PATCH 062/868] More doc strings in ldap.controls --- Lib/ldap/controls/psearch.py | 134 +++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 Lib/ldap/controls/psearch.py diff --git a/Lib/ldap/controls/psearch.py b/Lib/ldap/controls/psearch.py new file mode 100644 index 0000000..243fb03 --- /dev/null +++ b/Lib/ldap/controls/psearch.py @@ -0,0 +1,134 @@ +# -*- coding: utf-8 -*- +""" +ldap.controls.psearch - classes for Persistent Search Control +(see http://tools.ietf.org/html/draft-ietf-ldapext-psearch) + +See http://www.python-ldap.org/ for project details. + +$Id: psearch.py,v 1.4 2011/07/22 13:47:47 stroeder Exp $ +""" + +__all__ = [ + 'PersistentSearchControl', + 'EntryChangeNotificationControl', + 'CHANGE_TYPES_INT', + 'CHANGE_TYPES_STR', +] + +# Imports from python-ldap 2.4+ +import ldap.controls +from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS + +# Imports from pyasn1 +from pyasn1.type import namedtype,namedval,univ,constraint +from pyasn1.codec.ber import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPDN + +#--------------------------------------------------------------------------- +# Constants and classes for Persistent Search Control +#--------------------------------------------------------------------------- + +CHANGE_TYPES_INT = { + 'add':1, + 'delete':2, + 'modify':4, + 'modDN':8, +} +CHANGE_TYPES_STR = dict([(v,k) for k,v in CHANGE_TYPES_INT.items()]) + + +class PersistentSearchControl(RequestControl): + """ + Implements the request control for persistent search. + + changeTypes + List of strings specifiying the types of changes returned by the server. + Setting to None requests all changes. + changesOnly + Boolean which indicates whether only changes are returned by the server. + returnECs + Boolean which indicates whether the server should return an + Entry Change Notication response control + """ + + class PersistentSearchControlValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('changeTypes',univ.Integer()), + namedtype.NamedType('changesOnly',univ.Boolean()), + namedtype.NamedType('returnECs',univ.Boolean()), + ) + + controlType = "2.16.840.1.113730.3.4.3" + + def __init__(self,criticality=True,changeTypes=None,changesOnly=False,returnECs=True): + self.criticality,self.changesOnly,self.returnECs = \ + criticality,changesOnly,returnECs + self.changeTypes = changeTypes or CHANGE_TYPES_INT.values() + + def encodeControlValue(self): + if not type(self.changeTypes)==type(0): + # Assume a sequence type of integers to be OR-ed + changeTypes_int = 0 + for ct in self.changeTypes: + changeTypes_int = changeTypes_int|CHANGE_TYPES_INT.get(ct,ct) + self.changeTypes = changeTypes_int + p = self.PersistentSearchControlValue() + p.setComponentByName('changeTypes',univ.Integer(self.changeTypes)) + p.setComponentByName('changesOnly',univ.Boolean(self.changesOnly)) + p.setComponentByName('returnECs',univ.Boolean(self.returnECs)) + return encoder.encode(p) + + +class ChangeType(univ.Enumerated): + namedValues = namedval.NamedValues( + ('add',1), + ('delete',2), + ('modify',4), + ('modDN',8), + ) + subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(1,2,4,8) + + +class EntryChangeNotificationValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('changeType',ChangeType()), + namedtype.OptionalNamedType('previousDN', LDAPDN()), + namedtype.OptionalNamedType('changeNumber',univ.Integer()), + ) + + +class EntryChangeNotificationControl(ResponseControl): + """ + Implements the response control for persistent search. + + Class attributes with values extracted from the response control: + + changeType + String indicating the type of change causing this result to be + returned by the server + previousDN + Old DN of the entry in case of a modrdn change + changeNumber + A change serial number returned by the server (optional). + """ + + controlType = "2.16.840.1.113730.3.4.7" + + def decodeControlValue(self,encodedControlValue): + ecncValue,_ = decoder.decode(encodedControlValue,asn1Spec=EntryChangeNotificationValue()) + self.changeType = int(ecncValue.getComponentByName('changeType')) + if len(ecncValue)==3: + self.previousDN = str(ecncValue.getComponentByName('previousDN')) + self.changeNumber = int(ecncValue.getComponentByName('changeNumber')) + elif len(ecncValue)==2: + if self.changeType==8: + self.previousDN = str(ecncValue.getComponentByName('previousDN')) + self.changeNumber = None + else: + self.previousDN = None + self.changeNumber = int(ecncValue.getComponentByName('changeNumber')) + else: + self.previousDN,self.changeNumber = None,None + return (self.changeType,self.previousDN,self.changeNumber) + +KNOWN_RESPONSE_CONTROLS[EntryChangeNotificationControl.controlType] = EntryChangeNotificationControl From 493644c980c0921de513caacbe787e17ab64f23d Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 22 Jul 2011 17:28:46 +0000 Subject: [PATCH 063/868] Modified references to pyasn1 --- Doc/ldap-extop.rst | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 Doc/ldap-extop.rst diff --git a/Doc/ldap-extop.rst b/Doc/ldap-extop.rst new file mode 100644 index 0000000..10a9c12 --- /dev/null +++ b/Doc/ldap-extop.rst @@ -0,0 +1,43 @@ +.. % $Id: ldap-extop.rst,v 1.4 2011/07/22 17:28:46 stroeder Exp $ + +******************************************************************** +:py:mod:`ldap.extop` High-level access to LDAPv3 extended operations +******************************************************************** + +.. py:module:: ldap.extop + :synopsis: High-level access to LDAPv3 extended operations. + + +Classes +======= + +This module defines the following classes: + +.. autoclass:: ldap.extop.ExtendedRequest + :members: + + +.. autoclass:: ldap.extop.ExtendedResponse + :members: + + +:py:mod:`ldap.extop.dds` Classes for Dynamic Entries extended operations +======================================================================== + +.. py:module:: ldap.extop.dds + :synopsis: Classes for Dynamic Entries extended operations + +This requires :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. + +.. seealso:: + + :rfc:`2589` - Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services + + +.. autoclass:: ldap.extop.dds.RefreshRequest + :members: + + +.. autoclass:: ldap.extop.dds.RefreshResponse + :members: + From 8805dc84e09902d9f4ed3ad1275792b705b1cae0 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 22 Jul 2011 17:39:44 +0000 Subject: [PATCH 064/868] Some clarifications and added case_ignore_attr_types for modifyModlist() --- Doc/ldap-modlist.rst | 53 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 Doc/ldap-modlist.rst diff --git a/Doc/ldap-modlist.rst b/Doc/ldap-modlist.rst new file mode 100644 index 0000000..5fd6351 --- /dev/null +++ b/Doc/ldap-modlist.rst @@ -0,0 +1,53 @@ +.. % $Id: ldap-modlist.rst,v 1.4 2011/07/22 17:39:44 stroeder Exp $ + + +:py:mod:`ldap.modlist` Generate modify lists +============================================== + +.. py:module:: ldap.modlist + + +The :mod:`ldap.modlist` module defines the following functions: + + +.. function:: addModlist(entry [, ignore_attr_types=[]]) -> list + + This function builds a list suitable for passing it directly as argument + *modlist* to method :py:meth:`ldap.ldapobject.LDAPObject.add` or + its synchronous counterpart :py:meth:`ldap.ldapobject.LDAPObject.add_s`. + + *entry* is a dictionary like returned when receiving search results. + + *ignore_attr_types* is a list of attribute type + names which shall be ignored completely. Attributes of these types will not appear + in the result at all. + + +.. function:: modifyModlist( old_entry, new_entry [, ignore_attr_types=[] [, ignore_oldexistent=0 [, case_ignore_attr_types=None]]]) -> list + + This function builds a list suitable for passing it directly as argument + *modlist* to method :py:meth:`ldap.ldapobject.LDAPObject.modify` or + its synchronous counterpart :py:meth:`ldap.ldapobject.LDAPObject.modify_s`. + + Roughly when applying the resulting modify list to an entry + holding the data *old_entry* it will be modified in such a way that the entry + holds *new_entry* after the modify operation. It is handy in situations when it + is impossible to track user changes to an entry's data or for synchronizing + operations. + + *old_entry* and *new_entry* are dictionaries like returned when + receiving search results. + + *ignore_attr_types* is a list of attribute type + names which shall be ignored completely. These attribute types will not appear + in the result at all. + + If *ignore_oldexistent* is non-zero attribute type names which + are in *old_entry* but are not found in *new_entry* at all are not deleted. + This is handy for situations where your application sets attribute value to + an empty string for deleting an attribute. In most cases leave zero. + + If *case_ignore_attr_types* is a list of attribute type names for which + the comparison will be conducted case-insensitive. It is useful in + situations where a LDAP server normalizes values and one wants to avoid + unnecessary changes (e.g. case of attribute type names in DNs). From 591daea36524d1215f6423d3ee085cc1419bf4cd Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 22 Jul 2011 17:46:07 +0000 Subject: [PATCH 065/868] Most stuff done by auto-creation of Sphinx relying on doc strings --- Doc/ldap-schema.rst | 87 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 Doc/ldap-schema.rst diff --git a/Doc/ldap-schema.rst b/Doc/ldap-schema.rst new file mode 100644 index 0000000..81c4236 --- /dev/null +++ b/Doc/ldap-schema.rst @@ -0,0 +1,87 @@ +.. % $Id: ldap-schema.rst,v 1.4 2011/07/22 17:46:07 stroeder Exp $ + + +******************************************** +:py:mod:`ldap.schema` Handling LDAPv3 schema +******************************************** + +.. py:module:: ldap.schema + +This module deals with schema information usually retrieved from +a special subschema subentry provided by the server. +It is closely modeled along the directory information model described +in the following RFC with which you should make yourself familiar +when trying to use this module: + +.. seealso:: + + :rfc:`4512` - Lightweight Directory Access Protocol (LDAP): Directory Information Models + + +:py:mod:`ldap.schema.subentry` Processing LDAPv3 subschema subentry +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.schema.subentry + + +.. py:data:: NOT_HUMAN_READABLE_LDAP_SYNTAXES + + Dictionary where the keys are the OIDs of LDAP syntaxes known to be + not human-readable when displayed to a console without conversion + and which cannot be decoded to a :py:data:`types.UnicodeType`. + + +Functions +========= + +.. autofunction:: ldap.schema.subentry.urlfetch + +Classes +======= + +.. autoclass:: ldap.schema.subentry.SubSchema + :members: + + +:py:mod:`ldap.schema.models` Schema elements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.schema.models + + +.. autoclass:: ldap.schema.models.Entry + :members: + +.. autoclass:: ldap.schema.models.SchemaElement + :members: + +.. autoclass:: ldap.schema.models.AttributeType + :members: + +.. autoclass:: ldap.schema.models.ObjectClass + :members: + +.. autoclass:: ldap.schema.models.MatchingRule + :members: + +.. autoclass:: ldap.schema.models.MatchingRuleUse + :members: + +.. autoclass:: ldap.schema.models.DITContentRule + :members: + +.. autoclass:: ldap.schema.models.NameForm + :members: + +.. autoclass:: ldap.schema.models.DITStructureRule + :members: + + +.. _ldap.schema-example: + +Examples for ldap.schema +^^^^^^^^^^^^^^^^^^^^^^^^ + +:: + + import ldap.schema From 899a353b26e59f876d4e0304b3ca1732c1b3fbf2 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 23 Jul 2011 07:42:04 +0000 Subject: [PATCH 066/868] Added doc strings to classes --- Lib/ldap/controls/libldap.py | 77 ++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 Lib/ldap/controls/libldap.py diff --git a/Lib/ldap/controls/libldap.py b/Lib/ldap/controls/libldap.py new file mode 100644 index 0000000..0615d52 --- /dev/null +++ b/Lib/ldap/controls/libldap.py @@ -0,0 +1,77 @@ +# -*- coding: utf-8 -*- +""" +controls.libldap - LDAP controls wrapper classes with en-/decoding done +by OpenLDAP functions + +See http://www.python-ldap.org/ for details. + +$Id: libldap.py,v 1.2 2011/07/23 07:42:04 stroeder Exp $ +""" + +import _ldap,ldap +from ldap.controls import RequestControl,LDAPControl,KNOWN_RESPONSE_CONTROLS + + +class AssertionControl(RequestControl): + """ + LDAP Assertion control, as defined in RFC 4528 + + filterstr + LDAP filter string specifying which assertions have to match + so that the server processes the operation + """ + + controlType = ldap.CONTROL_ASSERT + def __init__(self,criticality=True,filterstr='(objectClass=*)'): + self.criticality = criticality + self.filterstr = filterstr + + def encodeControlValue(self): + return _ldap.encode_assertion_control(self.filterstr) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_ASSERT] = AssertionControl + + +class MatchedValuesControl(RequestControl): + """ + LDAP Matched Values control, as defined in RFC 3876 + + filterstr + LDAP filter string specifying which attribute values + should be returned + """ + + controlType = ldap.CONTROL_VALUESRETURNFILTER + + def __init__(self,criticality=False,filterstr='(objectClass=*)'): + self.criticality = criticality + self.filterstr = filterstr + + def encodeControlValue(self): + return _ldap.encode_valuesreturnfilter_control(self.filterstr) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_VALUESRETURNFILTER] = MatchedValuesControl + + +class SimplePagedResultsControl(LDAPControl): + """ + LDAP Control Extension for Simple Paged Results Manipulation + + size + Page size requested (number of entries to be returned) + cookie + Cookie string received with last page + """ + controlType = ldap.CONTROL_PAGEDRESULTS + + def __init__(self,criticality=False,size=None,cookie=None): + self.criticality = criticality + self.size,self.cookie = size,cookie + + def encodeControlValue(self): + return _ldap.encode_page_control(self.size,self.cookie) + + def decodeControlValue(self,encodedControlValue): + self.size,self.cookie = _ldap.decode_page_control(encodedControlValue) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_PAGEDRESULTS] = SimplePagedResultsControl From 4cd4d70db41c0024fd6696308f3a78e94f3eb1cb Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2011 19:00:53 +0000 Subject: [PATCH 067/868] Fixed CVS Id --- Doc/installing.rst | 111 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 Doc/installing.rst diff --git a/Doc/installing.rst b/Doc/installing.rst new file mode 100644 index 0000000..475adcf --- /dev/null +++ b/Doc/installing.rst @@ -0,0 +1,111 @@ +.. % $Id: installing.rst,v 1.15 2011/07/24 19:00:53 stroeder Exp $ + +*********************** +Building and installing +*********************** + +python-ldap is built and installed using the Python DistUtils installed +along with your Python installation: + +:: + + python setup.py build + python setup.py install + +If you have more than one Python interpreter installed locally you should +use the same one you plan to use python-ldap with. + +See further instructions for using DistUtils here: http://docs.python.org/install/index.html + +Prerequisites +============= + +The following software packages are required to be installed +on the local system when building python-ldap: + +- Python version 2.3 or later including its development files: http://www.python.org/ +- OpenLDAP client libs version 2.4.11 or later: http://www.openldap.org/ + It is not possible and not supported to build with prior versions. +- OpenSSL (optional): http://www.openssl.org/ +- cyrus-sasl (optional): http://www.cyrussasl.org +- Kerberos libs, MIT or heimdal (optional) + +Furthermore some sub-modules of :py:mod:`ldap.controls` and :py:mod:`ldap.extop` +require :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. + + http://pyasn1.sf.net + + +setup.cfg +========= + +The file setup.cfg allows to set some build and installation +parameters for reflecting the local installation of required +software packages. Only section [_ldap] is described here. +More information about other sections can be found in the +documentation of Python's DistUtils. + +.. data:: library_dirs + + Specifies in which directories to search for required libraries. + +.. data:: include_dirs + + Specifies in which directories to search for include files of required libraries. + +.. data:: libs + + A space-separated list of library names to link to (see :ref:`libs-used-label`). + +.. data:: extra_compile_args + + Compiler options. + +.. data:: extra_objects + +.. _libs-used-label: + +Libs used +--------- + +.. data:: ldap +.. data:: ldap_r + + The LDAP protocol library of OpenLDAP. ldap_r is the reentrant version + and should be preferred. + +.. data:: lber + + The BER encoder/decoder library of OpenLDAP. + +.. data:: sasl2 + + The Cyrus-SASL library if needed and present during build + +.. data:: ssl + + The SSL/TLS library of OpenSSL if needed and present during build + +.. data:: crypto + + The basic cryptographic library of OpenSSL if needed and present during build + +Example +============= + +The following example is for a full-featured build (including SSL and SASL support) +of python-ldap with OpenLDAP installed in a different prefix directory +(here /opt/openldap-2.3) and SASL header files found in /usr/include/sasl. +Debugging symbols are preserved with compile option -g. + +:: + + [_ldap] + library_dirs = /opt/openldap-2.3/lib + include_dirs = /opt/openldap-2.3/include /usr/include/sasl + + extra_compile_args = -g + extra_objects = + + libs = ldap_r lber sasl2 ssl crypto + From ca8051b319c2177b9544a2f14431f4b426e3834b Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 28 Jul 2011 08:23:32 +0000 Subject: [PATCH 068/868] Removed unneeded import statements --- Lib/ldap/resiter.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 Lib/ldap/resiter.py diff --git a/Lib/ldap/resiter.py b/Lib/ldap/resiter.py new file mode 100644 index 0000000..e34fad6 --- /dev/null +++ b/Lib/ldap/resiter.py @@ -0,0 +1,29 @@ +""" +ldap.resiter - processing LDAP results with iterators + +See http://www.python-ldap.org/ for details. + +\$Id: resiter.py,v 1.6 2011/07/28 08:23:32 stroeder Exp $ + +Python compability note: +Requires Python 2.3+ +""" + + +class ResultProcessor: + """ + Mix-in class used with ldap.ldapopbject.LDAPObject or derived classes. + """ + + def allresults(self,msgid,timeout=-1): + """ + Generator function which returns an iterator for processing all LDAP operation + results of the given msgid retrieved with LDAPObject.result3() -> 4-tuple + """ + result_type,result_list,result_msgid,result_serverctrls = self.result3(msgid,0,timeout) + while result_type and result_list: + # Loop over list of search results + for result_item in result_list: + yield (result_type,result_list,result_msgid,result_serverctrls) + result_type,result_list,result_msgid,result_serverctrls = self.result3(msgid,0,timeout) + return # allresults() From 40c88eb9f23d09e75e1278c778a4e968d2c9e2a8 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 28 Jul 2011 08:52:01 +0000 Subject: [PATCH 069/868] Added classes with .. autoclass:: --- Doc/ldap-async.rst | 110 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 Doc/ldap-async.rst diff --git a/Doc/ldap-async.rst b/Doc/ldap-async.rst new file mode 100644 index 0000000..7652ebb --- /dev/null +++ b/Doc/ldap-async.rst @@ -0,0 +1,110 @@ +.. % $Id: ldap-async.rst,v 1.4 2011/07/28 08:52:01 stroeder Exp $ + + +************************************************************** +:py:mod:`ldap.async` Stream-processing of large search results +************************************************************** + +.. py:module:: ldap.async + :synopsis: Framework for stream-processing of large search results. + +With newer Python versions one might want to consider using +:py:mod:`ldap.resiter` instead. + + +Classes +======= + +.. autoclass:: ldap.async.AsyncSearchHandler + :members: + +.. autoclass:: ldap.async.List + :members: + +.. autoclass:: ldap.async.Dict + :members: + +.. autoclass:: ldap.async.IndexedDict + :members: + +.. autoclass:: ldap.async.LDIFWriter + :members: + +.. autoclass:: ldap.async.DSMLWriter + :members: + +.. _ldap.async-example: + +Examples +======== + +.. _ldap.async-example.List: + +Using ldap.async.List +^^^^^^^^^^^^^^^^^^^^^ + +This example demonstrates how to use class ldap.async.List for +retrieving partial search results even though the exception +:exc:`ldap.SIZELIMIT_EXCEEDED` was raised because a server side limit was hit. :: + + import sys,ldap,ldap.async + + s = ldap.async.List( + ldap.initialize('ldap://localhost'), + ) + + s.startSearch( + 'dc=stroeder,dc=com', + ldap.SCOPE_SUBTREE, + '(objectClass=*)', + ) + + try: + partial = s.processResults() + except ldap.SIZELIMIT_EXCEEDED: + sys.stderr.write('Warning: Server-side size limit exceeded.\n') + else: + if partial: + sys.stderr.write('Warning: Only partial results received.\n') + + sys.stdout.write( + '%d results received.\n' % ( + len(s.allResults) + ) + ) + +.. _ldap.async-example.LDIFWriter: + +Using ldap.async.LDIFWriter +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This example demonstrates how to use class ldap.async.LDIFWriter +for writing search results as LDIF to stdout. :: + + import sys,ldap,ldap.async + + s = ldap.async.LDIFWriter( + ldap.initialize('ldap://localhost:1390'), + sys.stdout + ) + + s.startSearch( + 'dc=stroeder,dc=com', + ldap.SCOPE_SUBTREE, + '(objectClass=*)', + ) + + try: + partial = s.processResults() + except ldap.SIZELIMIT_EXCEEDED: + sys.stderr.write('Warning: Server-side size limit exceeded.\n') + else: + if partial: + sys.stderr.write('Warning: Only partial results received.\n') + + sys.stderr.write( + '%d results received.\n' % ( + s.endResultBreak-s.beginResultsDropped + ) + ) + From 5fcccd5c52415dc4a72a65890b6463dbc436b210 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 28 Jul 2011 08:57:12 +0000 Subject: [PATCH 070/868] Class attributes in doc strings --- Lib/ldap/controls/readentry.py | 90 ++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 Lib/ldap/controls/readentry.py diff --git a/Lib/ldap/controls/readentry.py b/Lib/ldap/controls/readentry.py new file mode 100644 index 0000000..19ba9d5 --- /dev/null +++ b/Lib/ldap/controls/readentry.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +""" +ldap.controls.readentry - classes for the Read Entry controls +(see RFC 4527) + +See http://www.python-ldap.org/ for project details. + +$Id: readentry.py,v 1.4 2011/07/28 08:57:12 stroeder Exp $ +""" + +import ldap + +from pyasn1.codec.ber import encoder,decoder +from ldap.controls import LDAPControl,KNOWN_RESPONSE_CONTROLS + +from pyasn1_modules.rfc2251 import AttributeDescriptionList,SearchResultEntry + + +class ReadEntryControl(LDAPControl): + """ + Base class for read entry control described in RFC 4527 + + attrList + list of attribute type names requested + + Class attributes with values extracted from the response control: + + dn + string holding the distinguished name of the LDAP entry + entry + dictionary holding the LDAP entry + """ + + def __init__(self,criticality=False,attrList=None): + self.criticality,self.attrList,self.entry = criticality,attrList or [],None + + def encodeControlValue(self): + attributeSelection = AttributeDescriptionList() + for i in range(len(self.attrList)): + attributeSelection.setComponentByPosition(i,self.attrList[i]) + return encoder.encode(attributeSelection) + + def decodeControlValue(self,encodedControlValue): + decodedEntry,_ = decoder.decode(encodedControlValue,asn1Spec=SearchResultEntry()) + self.dn = str(decodedEntry[0]) + self.entry = {} + for attr in decodedEntry[1]: + self.entry[str(attr[0])] = [ str(attr_value) for attr_value in attr[1] ] + + +class PreReadControl(ReadEntryControl): + """ + Class for pre-read control described in RFC 4527 + + attrList + list of attribute type names requested + + Class attributes with values extracted from the response control: + + dn + string holding the distinguished name of the LDAP entry + before the operation was done by the server + entry + dictionary holding the LDAP entry + before the operation was done by the server + """ + controlType = ldap.CONTROL_PRE_READ + +KNOWN_RESPONSE_CONTROLS[PreReadControl.controlType] = PreReadControl + + +class PostReadControl(ReadEntryControl): + """ + Class for post-read control described in RFC 4527 + + attrList + list of attribute type names requested + + Class attributes with values extracted from the response control: + + dn + string holding the distinguished name of the LDAP entry + after the operation was done by the server + entry + dictionary holding the LDAP entry + after the operation was done by the server + """ + controlType = ldap.CONTROL_POST_READ + +KNOWN_RESPONSE_CONTROLS[PostReadControl.controlType] = PostReadControl From fd86465dba2769bc1483b063b2f729c10d0a3a48 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 28 Jul 2011 09:05:10 +0000 Subject: [PATCH 071/868] Let autoclass also include members --- Doc/dsml.rst | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 Doc/dsml.rst diff --git a/Doc/dsml.rst b/Doc/dsml.rst new file mode 100644 index 0000000..3e9bcbf --- /dev/null +++ b/Doc/dsml.rst @@ -0,0 +1,28 @@ +.. % $Id: dsml.rst,v 1.5 2011/07/28 09:05:10 stroeder Exp $ + +*************************************** +:mod:`dsml` DSMLv1 parser and generator +*************************************** + +.. :py:module:: dsml + :synopsis: Parses and generates DSMLv1 files +.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) + + +This module parses and generates LDAP data in the format DSMLv1. It is +implemented in pure Python and does not rely on any non-standard modules. +Therefore it can be used stand-alone without the rest of the python-ldap +package. + + +.. autoclass:: dsml.DSMLWriter + :members: + +.. autoclass:: dsml.DSMLParser + :members: + + +.. _dsml-example: + +Example +======= From 97d259e302a307446f00a26dd081314c30293e15 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 27 Aug 2011 15:43:06 +0000 Subject: [PATCH 072/868] Fixed cut&paste typo --- Doc/ldap-resiter.rst | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 Doc/ldap-resiter.rst diff --git a/Doc/ldap-resiter.rst b/Doc/ldap-resiter.rst new file mode 100644 index 0000000..443ded5 --- /dev/null +++ b/Doc/ldap-resiter.rst @@ -0,0 +1,52 @@ +.. % $Id: ldap-resiter.rst,v 1.5 2011/08/27 15:43:06 stroeder Exp $ + + +:py:mod:`ldap.resiter` Generator for stream-processing of large search results +============================================================================== + +.. py:module:: ldap.resiter + :synopsis: Generator for stream-processing of large search results. +.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) + + +.. _ldap.resiter-classes: + +.. py:class:: ResultProcessor + +This is a mix-in class to be used with class :py:class:`ldap.LDAPObject` or +derived classes which has these methods: + + .. automethod:: ldap.resiter.ResultProcessor.allresults + + +.. _ldap.resiter-example: + + +Examples +======== + +.. _ldap.resiter.ResultProcessor-example: + +Using ldap.resiter.ResultProcessor +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This example demonstrates how to use mix-in class ldap.resiter.ResultProcessor for +retrieving results formerly requested with :py:meth:`ldap.LDAPObject.search()` and +processing them in a for-loop. + +:: + + import sys,ldap,ldap.resiter + + class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): + pass + + l = MyLDAPObject('ldap://localhost') + + # Asynchronous search method + msg_id = l.search('dc=stroeder,dc=com',ldap.SCOPE_SUBTREE,'(objectClass=*)') + + for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id): + for dn,entry in res_data: + # process dn and entry + print dn,entry['objectClass'] From 06f4b34dc411abc91ef4c2a6d2f60cebfd17f21e Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 14 Sep 2011 18:29:18 +0000 Subject: [PATCH 073/868] Added auto-generated functions/classes --- Doc/ldif.rst | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 Doc/ldif.rst diff --git a/Doc/ldif.rst b/Doc/ldif.rst new file mode 100644 index 0000000..19edf58 --- /dev/null +++ b/Doc/ldif.rst @@ -0,0 +1,83 @@ +.. % $Id: ldif.rst,v 1.8 2011/09/14 18:29:18 stroeder Exp $ + +##################################### +:mod:`ldif` LDIF parser and generator +##################################### + +.. py:module:: ldif + :synopsis: Parses and generates LDIF files +.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) + + +This module parses and generates LDAP data in the format LDIF. It is +implemented in pure Python and does not rely on any non-standard modules. +Therefore it can be used stand-alone without the rest of the python-ldap +package. + +.. seealso:: + + :rfc:`2849` - The LDAP Data Interchange Format (LDIF) - Technical Specification + + +Functions +^^^^^^^^^ + +.. autofunction:: ldif.CreateLDIF + +.. autofunction:: ldif.ParseLDIF + + +Classes +^^^^^^^ + +.. autoclass:: ldif.LDIFWriter + +.. autoclass:: ldif.LDIFParser + +.. autoclass:: LDIFRecordList + +.. autoclass:: LDIFCopy + + +.. _ldif-example: + +Example +^^^^^^^ + +The following example demonstrates how to write LDIF output +of an LDAP entry with :mod:`ldif` module. + +>>> import sys,ldif +>>> entry={'objectClass':['top','person'],'cn':['Michael Stroeder'],'sn':['Stroeder']} +>>> dn='cn=Michael Stroeder,ou=Test' +>>> ldif_writer=ldif.LDIFWriter(sys.stdout) +>>> ldif_writer.unparse(dn,entry) +dn: cn=Michael Stroeder,ou=Test +cn: Michael Stroeder +objectClass: top +objectClass: person +sn: Stroeder + + +The following example demonstrates how to parse an LDIF file +with :mod:`ldif` module, skip some entries and write the result to stdout. :: + + import sys + from ldif import LDIFParser,LDIFWriter + + SKIP_DN = ["uid=foo,ou=People,dc=example,dc=com", + "uid=bar,ou=People,dc=example,dc=com"] + + class MyLDIF(LDIFParser): + def __init__(self,input,output): + LDIFParser.__init__(self,input) + self.writer = LDIFWriter(output) + + def handle(self,dn,entry): + if dn in SKIP_DN: + return + self.writer.unparse(dn,entry) + + parser = MyLDIF(open("input.ldif", 'rb'), sys.stdout) + parser.parse() + From ca45ede28e3dcfddfdd5b13133eb98dc64fc247b Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 26 Oct 2011 18:38:06 +0000 Subject: [PATCH 074/868] Fixes for memory leaks by Chris Mikkelson --- Modules/ldapcontrol.c | 377 ++++++++++++++++++++++++++++++++++++++++++ Modules/message.c | 257 ++++++++++++++++++++++++++++ 2 files changed, 634 insertions(+) create mode 100644 Modules/ldapcontrol.c create mode 100644 Modules/message.c diff --git a/Modules/ldapcontrol.c b/Modules/ldapcontrol.c new file mode 100644 index 0000000..14a8625 --- /dev/null +++ b/Modules/ldapcontrol.c @@ -0,0 +1,377 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: ldapcontrol.c,v 1.20 2011/10/26 18:38:06 stroeder Exp $ */ + +#include "common.h" +#include "LDAPObject.h" +#include "ldapcontrol.h" +#include "berval.h" +#include "errors.h" + +#include "lber.h" + +/* Prints to stdout the contents of an array of LDAPControl objects */ + +/* XXX: This is a debugging tool, and the printf generates some warnings + * about pointer types. I left it here in case something breaks and we + * need to inspect an LDAPControl structure. + +static void +LDAPControl_DumpList( LDAPControl** lcs ) { + LDAPControl** lcp; + LDAPControl* lc; + for ( lcp = lcs; *lcp; lcp++ ) { + lc = *lcp; + printf("OID: %s\nCriticality: %d\nBER length: %d\nBER value: %x\n", + lc->ldctl_oid, lc->ldctl_iscritical, lc->ldctl_value.bv_len, + lc->ldctl_value.bv_val); + } +} */ + +/* Free a single LDAPControl object created by Tuple_to_LDAPControl */ + +static void +LDAPControl_DEL( LDAPControl* lc ) +{ + if (lc == NULL) + return; + + if (lc->ldctl_oid) + PyMem_DEL(lc->ldctl_oid); + PyMem_DEL(lc); +} + +/* Free an array of LDAPControl objects created by LDAPControls_from_object */ + +void +LDAPControl_List_DEL( LDAPControl** lcs ) +{ + LDAPControl** lcp; + if (lcs == NULL) + return; + + for ( lcp = lcs; *lcp; lcp++ ) + LDAPControl_DEL( *lcp ); + + PyMem_DEL( lcs ); +} + +/* Takes a tuple of the form: + * (OID: string, Criticality: int/boolean, Value: string/None) + * and converts it into an LDAPControl structure. + * + * The Value string should represent an ASN.1 encoded structure. + */ + +static LDAPControl* +Tuple_to_LDAPControl( PyObject* tup ) +{ + char *oid; + char iscritical; + struct berval berbytes; + PyObject *bytes; + LDAPControl *lc = NULL; + Py_ssize_t len; + + if (!PyTuple_Check(tup)) { + PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", + "expected a tuple", tup)); + return NULL; + } + + if (!PyArg_ParseTuple( tup, "sbO", &oid, &iscritical, &bytes )) + return NULL; + + lc = PyMem_NEW(LDAPControl, 1); + if (lc == NULL) { + PyErr_NoMemory(); + return NULL; + } + + lc->ldctl_iscritical = iscritical; + + len = strlen(oid); + lc->ldctl_oid = PyMem_NEW(char, len + 1); + if (lc->ldctl_oid == NULL) { + PyErr_NoMemory(); + LDAPControl_DEL(lc); + return NULL; + } + memcpy(lc->ldctl_oid, oid, len + 1); + + /* The berval can either be None or a String */ + if (PyNone_Check(bytes)) { + berbytes.bv_len = 0; + berbytes.bv_val = NULL; + } + else if (PyString_Check(bytes)) { + berbytes.bv_len = PyString_Size(bytes); + berbytes.bv_val = PyString_AsString(bytes); + } + else { + PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", + "expected a string", bytes)); + LDAPControl_DEL(lc); + return NULL; + } + + lc->ldctl_value = berbytes; + + return lc; +} + +/* Convert a list of tuples (of a format acceptable to the Tuple_to_LDAPControl + * function) into an array of LDAPControl objects. */ + +int +LDAPControls_from_object(PyObject* list, LDAPControl ***controls_ret) +{ + Py_ssize_t len, i; + LDAPControl** ldcs; + LDAPControl* ldc; + PyObject* item; + + if (!PySequence_Check(list)) { + PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", + "expected a list", list)); + return 0; + } + + len = PySequence_Length(list); + ldcs = PyMem_NEW(LDAPControl*, len + 1); + if (ldcs == NULL) { + PyErr_NoMemory(); + return 0; + } + + for (i = 0; i < len; i++) { + item = PySequence_GetItem(list, i); + if (item == NULL) { + PyMem_DEL(ldcs); + return 0; + } + + ldc = Tuple_to_LDAPControl(item); + if (ldc == NULL) { + Py_DECREF(item); + PyMem_DEL(ldcs); + return 0; + } + + ldcs[i] = ldc; + Py_DECREF(item); + } + + ldcs[len] = NULL; + *controls_ret = ldcs; + return 1; +} + +PyObject* +LDAPControls_to_List(LDAPControl **ldcs) +{ + PyObject *res = 0, *pyctrl; + LDAPControl **tmp = ldcs; + Py_ssize_t num_ctrls = 0, i; + + if (tmp) + while (*tmp++) num_ctrls++; + + if (!(res = PyList_New(num_ctrls))) + goto endlbl; + + for (i = 0; i < num_ctrls; i++) { + if (!(pyctrl = Py_BuildValue("sbO&", ldcs[i]->ldctl_oid, + ldcs[i]->ldctl_iscritical, + LDAPberval_to_object, + &ldcs[i]->ldctl_value))) { + goto endlbl; + } + PyList_SET_ITEM(res, i, pyctrl); + } + Py_INCREF(res); + + endlbl: + Py_XDECREF(res); + return res; +} + + + +/* --------------- en-/decoders ------------- */ + +/* Matched Values, aka, Values Return Filter */ +static PyObject* +encode_rfc3876(PyObject *self, PyObject *args) +{ + PyObject *res = 0; + int err; + BerElement *vrber = 0; + char *vrFilter; + struct berval *ctrl_val; + + if (!PyArg_ParseTuple(args, "s:encode_valuesreturnfilter_control", &vrFilter)) { + goto endlbl; + } + + if (!(vrber = ber_alloc_t(LBER_USE_DER))) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + err = ldap_put_vrFilter(vrber, vrFilter); + if (err == -1) { + LDAPerr(LDAP_FILTER_ERROR); + goto endlbl; + } + + err = ber_flatten(vrber, &ctrl_val); + if (err == -1) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + res = LDAPberval_to_object(ctrl_val); + +endlbl: + if (vrber) + ber_free(vrber, 1); + + return res; +} + +static PyObject* +encode_rfc2696(PyObject *self, PyObject *args) +{ + PyObject *res = 0; + BerElement *ber = 0; + struct berval cookie, *ctrl_val; + Py_ssize_t cookie_len; + unsigned long size; + ber_tag_t tag; + + if (!PyArg_ParseTuple(args, "is#:encode_page_control", &size, + &cookie.bv_val, &cookie_len)) { + goto endlbl; + } + cookie.bv_len = (ber_len_t) cookie_len; + + if (!(ber = ber_alloc_t(LBER_USE_DER))) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + tag = ber_printf(ber, "{i", size); + if (tag == LBER_ERROR) { + LDAPerr(LDAP_ENCODING_ERROR); + goto endlbl; + } + + if (!cookie.bv_len) + tag = ber_printf(ber, "o", "", 0); + else + tag = ber_printf(ber, "O", &cookie); + if (tag == LBER_ERROR) { + LDAPerr(LDAP_ENCODING_ERROR); + goto endlbl; + } + + tag = ber_printf(ber, /*{ */ "N}"); + if (tag == LBER_ERROR) { + LDAPerr(LDAP_ENCODING_ERROR); + goto endlbl; + } + + if (-1 == ber_flatten(ber, &ctrl_val)) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + res = LDAPberval_to_object(ctrl_val); + + endlbl: + if (ber) + ber_free(ber, 1); + return res; +} + + +static PyObject* +decode_rfc2696(PyObject *self, PyObject *args) +{ + PyObject *res = 0; + BerElement *ber = 0; + struct berval ldctl_value; + ber_tag_t tag; + struct berval *cookiep; + unsigned long count; + Py_ssize_t ldctl_value_len; + + if (!PyArg_ParseTuple(args, "s#:decode_page_control", + &ldctl_value.bv_val, &ldctl_value_len)) { + goto endlbl; + } + ldctl_value.bv_len = (ber_len_t) ldctl_value_len; + + if (!(ber = ber_init(&ldctl_value))) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + tag = ber_scanf(ber, "{iO", &count, &cookiep); + if (tag == LBER_ERROR) { + LDAPerr(LDAP_DECODING_ERROR); + goto endlbl; + } + + res = Py_BuildValue("(lO&)", count, LDAPberval_to_object, cookiep); + + endlbl: + if (ber) + ber_free(ber, 1); + return res; +} + +static PyObject* +encode_assertion_control(PyObject *self, PyObject *args) +{ + int err; + PyObject *res = 0; + char *assertion_filterstr; + struct berval ctrl_val; + LDAP *ld = NULL; + + if (!PyArg_ParseTuple(args, "s:encode_assertion_control", + &assertion_filterstr)) { + goto endlbl; + } + + err = ldap_create(&ld); + if (err != LDAP_SUCCESS) + return LDAPerror(ld, "ldap_create"); + + err = ldap_create_assertion_control_value(ld,assertion_filterstr,&ctrl_val); + if (err != LDAP_SUCCESS) + return LDAPerror(ld, "ldap_create_assertion_control_value"); + + res = LDAPberval_to_object(&ctrl_val); + + endlbl: + + return res; +} + +static PyMethodDef methods[] = { + {"encode_page_control", encode_rfc2696, METH_VARARGS }, + {"decode_page_control", decode_rfc2696, METH_VARARGS }, + {"encode_valuesreturnfilter_control", encode_rfc3876, METH_VARARGS }, + {"encode_assertion_control", encode_assertion_control, METH_VARARGS }, + { NULL, NULL } +}; + +void +LDAPinit_control(PyObject *d) +{ + LDAPadd_methods(d, methods); +} + + diff --git a/Modules/message.c b/Modules/message.c new file mode 100644 index 0000000..7cc7072 --- /dev/null +++ b/Modules/message.c @@ -0,0 +1,257 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: message.c,v 1.19 2011/10/26 18:38:06 stroeder Exp $ */ + +#include "common.h" +#include "message.h" +#include "berval.h" +#include "errors.h" +#include "ldapcontrol.h" +#include "constants.h" + +/* + * Converts an LDAP message into a Python structure. + * + * On success, returns a list of dictionaries. + * On failure, returns NULL, and sets an error. + * + * The message m is always freed, regardless of return value. + * + * If add_ctrls is non-zero, per-entry/referral/partial/intermediate + * controls will be added as a third item to each entry tuple + * + * If add_intermediates is non-zero, intermediate/partial results will + * be returned + */ +PyObject * +LDAPmessage_to_python(LDAP *ld, LDAPMessage *m, int add_ctrls, int add_intermediates) +{ + /* we convert an LDAP message into a python structure. + * It is always a list of dictionaries. + * We always free m. + */ + + PyObject *result, *pyctrls = 0; + LDAPMessage* entry; + LDAPControl **serverctrls = 0; + int rc; + + result = PyList_New(0); + if (result == NULL) { + ldap_msgfree( m ); + return NULL; + } + + for(entry = ldap_first_entry(ld,m); + entry != NULL; + entry = ldap_next_entry(ld,entry)) + { + char *dn; + char *attr; + BerElement *ber = NULL; + PyObject* entrytuple; + PyObject* attrdict; + + dn = ldap_get_dn( ld, entry ); + if (dn == NULL) { + Py_DECREF(result); + ldap_msgfree( m ); + return LDAPerror( ld, "ldap_get_dn" ); + } + + attrdict = PyDict_New(); + if (attrdict == NULL) { + Py_DECREF(result); + ldap_msgfree( m ); + ldap_memfree(dn); + return NULL; + } + + rc = ldap_get_entry_controls( ld, entry, &serverctrls ); + if (rc) { + Py_DECREF(result); + ldap_msgfree( m ); + ldap_memfree(dn); + return LDAPerror( ld, "ldap_get_entry_controls" ); + } + + /* convert serverctrls to list of tuples */ + if ( ! ( pyctrls = LDAPControls_to_List( serverctrls ) ) ) { + int err = LDAP_NO_MEMORY; + ldap_set_option( ld, LDAP_OPT_ERROR_NUMBER, &err ); + Py_DECREF(result); + ldap_msgfree( m ); + ldap_memfree(dn); + ldap_controls_free(serverctrls); + return LDAPerror( ld, "LDAPControls_to_List" ); + } + ldap_controls_free(serverctrls); + + /* Fill attrdict with lists */ + for( attr = ldap_first_attribute( ld, entry, &ber ); + attr != NULL; + attr = ldap_next_attribute( ld, entry, ber ) + ) { + PyObject* valuelist; + struct berval ** bvals = + ldap_get_values_len( ld, entry, attr ); + + /* Find which list to append to */ + if ( PyMapping_HasKeyString( attrdict, attr ) ) { + valuelist = PyMapping_GetItemString( attrdict, attr ); + } else { + valuelist = PyList_New(0); + if (valuelist != NULL && PyMapping_SetItemString(attrdict, + attr, valuelist) == -1) { + Py_DECREF(valuelist); + valuelist = NULL; /* catch error later */ + } + } + + if (valuelist == NULL) { + Py_DECREF(attrdict); + Py_DECREF(result); + if (ber != NULL) + ber_free(ber, 0); + ldap_msgfree( m ); + ldap_memfree(attr); + ldap_memfree(dn); + Py_XDECREF(pyctrls); + return NULL; + } + + if (bvals != NULL) { + Py_ssize_t i; + for (i=0; bvals[i]; i++) { + PyObject *valuestr; + + valuestr = LDAPberval_to_object(bvals[i]); + if (PyList_Append( valuelist, valuestr ) == -1) { + Py_DECREF(attrdict); + Py_DECREF(result); + Py_DECREF(valuestr); + Py_DECREF(valuelist); + if (ber != NULL) + ber_free(ber, 0); + ldap_msgfree( m ); + ldap_memfree(attr); + ldap_memfree(dn); + Py_XDECREF(pyctrls); + return NULL; + } + Py_DECREF(valuestr); + } + ldap_value_free_len(bvals); + } + Py_DECREF( valuelist ); + ldap_memfree(attr); + } + + if (add_ctrls) { + entrytuple = Py_BuildValue("(sOO)", dn, attrdict, pyctrls); + } else { + entrytuple = Py_BuildValue("(sO)", dn, attrdict); + } + ldap_memfree(dn); + Py_DECREF(attrdict); + Py_XDECREF(pyctrls); + PyList_Append(result, entrytuple); + Py_DECREF(entrytuple); + if (ber != NULL) + ber_free(ber, 0); + } + for(entry = ldap_first_reference(ld,m); + entry != NULL; + entry = ldap_next_reference(ld,entry)) + { + char **refs = NULL; + PyObject* entrytuple; + PyObject* reflist = PyList_New(0); + + if (reflist == NULL) { + Py_DECREF(result); + ldap_msgfree( m ); + return NULL; + } + if (ldap_parse_reference(ld, entry, &refs, &serverctrls, 0) != LDAP_SUCCESS) { + Py_DECREF(reflist); + Py_DECREF(result); + ldap_msgfree( m ); + return LDAPerror( ld, "ldap_parse_reference" ); + } + /* convert serverctrls to list of tuples */ + if ( ! ( pyctrls = LDAPControls_to_List( serverctrls ) ) ) { + int err = LDAP_NO_MEMORY; + ldap_set_option( ld, LDAP_OPT_ERROR_NUMBER, &err ); + Py_DECREF(reflist); + Py_DECREF(result); + ldap_msgfree( m ); + ldap_controls_free(serverctrls); + return LDAPerror( ld, "LDAPControls_to_List" ); + } + ldap_controls_free(serverctrls); + if (refs) { + Py_ssize_t i; + for (i=0; refs[i] != NULL; i++) { + PyObject *refstr = PyString_FromString(refs[i]); + PyList_Append(reflist, refstr); + Py_DECREF(refstr); + } + ber_memvfree( (void **) refs ); + } + if (add_ctrls) { + entrytuple = Py_BuildValue("(sOO)", NULL, reflist, pyctrls); + } else { + entrytuple = Py_BuildValue("(sO)", NULL, reflist); + } + Py_DECREF(reflist); + Py_XDECREF(pyctrls); + PyList_Append(result, entrytuple); + Py_DECREF(entrytuple); + } + if (add_intermediates) { + for(entry = ldap_first_message(ld,m); + entry != NULL; + entry = ldap_next_message(ld,entry)) + { + /* list of tuples */ + /* each tuple is OID, Berval, controllist */ + if ( LDAP_RES_INTERMEDIATE == ldap_msgtype( entry ) ) { + PyObject* valtuple; + PyObject *valuestr; + char *retoid = 0; + struct berval *retdata = 0; + + if (ldap_parse_intermediate( ld, entry, &retoid, &retdata, &serverctrls, 0 ) != LDAP_SUCCESS) { + Py_DECREF(result); + ldap_msgfree( m ); + return LDAPerror( ld, "ldap_parse_intermediate" ); + } + /* convert serverctrls to list of tuples */ + if ( ! ( pyctrls = LDAPControls_to_List( serverctrls ) ) ) { + int err = LDAP_NO_MEMORY; + ldap_set_option( ld, LDAP_OPT_ERROR_NUMBER, &err ); + Py_DECREF(result); + ldap_msgfree( m ); + ldap_controls_free(serverctrls); + ldap_memfree( retoid ); + ber_bvfree( retdata ); + return LDAPerror( ld, "LDAPControls_to_List" ); + } + ldap_controls_free(serverctrls); + + valuestr = LDAPberval_to_object(retdata); + ber_bvfree( retdata ); + valtuple = Py_BuildValue("(sOO)", retoid, + valuestr ? valuestr : Py_None, + pyctrls); + ldap_memfree( retoid ); + Py_DECREF(valuestr); + Py_XDECREF(pyctrls); + PyList_Append(result, valtuple); + Py_DECREF(valtuple); + } + } + } + ldap_msgfree( m ); + return result; +} From b25942fae3f638bf3a6830cc94383e922e35d28b Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 26 Oct 2011 18:43:21 +0000 Subject: [PATCH 075/868] Abandon old mailing list name --- README | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 0000000..981f264 --- /dev/null +++ b/README @@ -0,0 +1,102 @@ +--------------------------------------- +python-ldap: LDAP client API for Python +--------------------------------------- + +What is python-ldap? + +python-ldap provides an object-oriented API to access LDAP +directory servers from Python programs. Mainly it wraps the +OpenLDAP client libs for that purpose. + +Additionally the package contains modules for other LDAP-related +stuff (e.g. processing LDIF, LDAPURLs, LDAPv3 sub-schema, etc.). + +Not included: Direct BER support + +See INSTALL for version compability + +See TODO for planned features. Contributors welcome. + +For module documentation, see: + + http://www.python-ldap.org/ + +Quick usage example: + import ldap + l = ldap.initialize("ldap://my_ldap_server.my_domain") + l.simple_bind_s("","") + l.search_s("o=My Organisation, c=AU", ldap.SCOPE_SUBTREE, "objectclass=*") + +See directory Demo/ of source distribution package for more +example code. + +Author(s) contact and documentation: + + http://www.python-ldap.org/ + + If you are looking for help, please try the mailing list archives + first, then send a question to the mailing list. + Be warned that questions will be ignored if they can be + trivially answered by referring to the documentation. + + If you are interested in helping, please contact the mailing list. + If you want new features or upgrades, please check the mailing list + archives and then enquire about any progress. + +Acknowledgements: + + Thanks to Konstantin Chuguev + and Steffen Ries for working + on support for OpenLDAP 2.0.x features. + + Thanks to Michael Stroeder for the + modules ldif, ldapurl, ldap/schema/*.py, ldap/*.py and ldap/controls/*.py. + + Thanks to Hans Aschauer + for the C wrapper schema and SASL support. + + Thanks to Mauro Cicognini for the + WIN32/MSVC6 bits, and the pre-built WIN32 ldap.pyd. + + Thanks to Waldemar Osuch for contributing + the new-style docs based on reStructuredText. + + Thanks to Torsten Kurbad for the + easy_install support. + + Thanks to James Andrewartha for + significant contribution to Doc/*.tex. + + Thanks to Rich Megginson for extending + support for LDAPv3 controls and adding support for LDAPv3 extended + operations. + + Thanks to Peter Gietz, DAASI for funding some control modules. + + Thanks to Chris Mikkelson for various fixes and ldap.syncrepl. + + These very kind people have supplied patches or suggested changes: + + Federico Di Gregorio + John Benninghoff + Donn Cave + Jason Gunthorpe + gurney_j + Eric S. Johansson + David Margrave + Uche Ogbuji + Neale Pickett + Blake Weston + Wido Depping + Deepak Giridharagopal + Ingo Steuwer + Andreas Hasenack + Matej Vela + + Thanks to all the guys on the python-ldap mailing list for + their contributions and input into this package. + + Thanks! We may have missed someone: please mail us if we have omitted + your name. + +$Id: README,v 1.25 2011/10/26 18:43:21 stroeder Exp $ From 50507d02751e6f95e9a3d000f4439364dfbb049e Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 26 Oct 2011 19:41:27 +0000 Subject: [PATCH 076/868] Stub doc based on autoclass --- Doc/ldap-syncrepl.rst | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Doc/ldap-syncrepl.rst diff --git a/Doc/ldap-syncrepl.rst b/Doc/ldap-syncrepl.rst new file mode 100644 index 0000000..388526e --- /dev/null +++ b/Doc/ldap-syncrepl.rst @@ -0,0 +1,25 @@ +.. % $Id: ldap-syncrepl.rst,v 1.1 2011/10/26 19:41:27 stroeder Exp $ + +******************************************************************** +:py:mod:`ldap.syncrepl` Implementation of a syncrepl consumer +******************************************************************** + +.. py:module:: ldap.syncrepl + :synopsis: Implementation of a syncrepl consumer + +.. seealso:: + + :rfc:`4533` - Lightweight Directory Access Protocol (v3): Content Synchronization Operation + +This requires :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. + + +Classes +======= + +This module defines the following classes: + + +.. autoclass:: ldap.syncrepl.SyncreplConsumer + :members: + From 065102e6b57ac6487933a2619bfe704d1f71c16a Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 26 Oct 2011 19:42:25 +0000 Subject: [PATCH 077/868] Added ldap.syncrepl --- Doc/index.rst | 44 +++++++++++++ setup.py | 179 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 223 insertions(+) create mode 100644 Doc/index.rst create mode 100644 setup.py diff --git a/Doc/index.rst b/Doc/index.rst new file mode 100644 index 0000000..ad86059 --- /dev/null +++ b/Doc/index.rst @@ -0,0 +1,44 @@ +########################## +python-ldap Documentation +########################## + +.. % $Id: index.rst,v 1.8 2011/10/26 19:42:45 stroeder Exp $ + +.. topic:: Abstract + + This document describes the package python-ldap with its various modules. + + Depending on what you want to do this manual assumes basic to expert + knowledge about the Python language and the LDAP standard (LDAPv3). + + +******** +Contents +******** + +.. toctree:: + :maxdepth: 3 + + installing.rst + ldap.rst + ldap-async.rst + ldap-controls.rst + ldap-dn.rst + ldap-extop.rst + ldap-filter.rst + ldap-modlist.rst + ldap-resiter.rst + ldap-schema.rst + ldap-syncrepl.rst + ldif.rst + ldapurl.rst + dsml.rst + + +****************** +Indices and tables +****************** + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..a9a6219 --- /dev/null +++ b/setup.py @@ -0,0 +1,179 @@ +""" +setup.py - Setup package with the help Python's DistUtils + +See http://www.python-ldap.org/ for details. + +$Id: setup.py,v 1.71 2011/10/26 19:42:25 stroeder Exp $ +""" + +has_setuptools = False +try: + from setuptools import setup, Extension + has_setuptools = True +except ImportError: + from distutils.core import setup, Extension + +from ConfigParser import ConfigParser +import sys,os,string,time + +################################################################## +# Weird Hack to grab release version of python-ldap from local dir +################################################################## +exec_startdir = os.path.dirname(os.path.abspath(sys.argv[0])) +package_init_file_name = reduce(os.path.join,[exec_startdir,'Lib','ldap','__init__.py']) +f = open(package_init_file_name,'r') +s = f.readline() +while s: + s = string.strip(s) + if s[0:11]=='__version__': + version = eval(string.split(s,'=')[1]) + break + s = f.readline() +f.close() + +#-- A class describing the features and requirements of OpenLDAP 2.0 +class OpenLDAP2: + library_dirs = [] + include_dirs = [] + extra_compile_args = [] + extra_link_args = [] + extra_objects = [] + libs = ['ldap', 'lber'] + defines = [ ] + extra_files = [] + +LDAP_CLASS = OpenLDAP2 + +#-- Read the [_ldap] section of setup.cfg +cfg = ConfigParser() +cfg.read('setup.cfg') +if cfg.has_section('_ldap'): + for name in dir(LDAP_CLASS): + if cfg.has_option('_ldap', name): + print name + ': ' + cfg.get('_ldap', name) + setattr(LDAP_CLASS, name, string.split(cfg.get('_ldap', name))) + +for i in range(len(LDAP_CLASS.defines)): + LDAP_CLASS.defines[i]=((LDAP_CLASS.defines[i],None)) + +for i in range(len(LDAP_CLASS.extra_files)): + destdir, origfiles = string.split(LDAP_CLASS.extra_files[i], ':') + origfileslist = string.split(origfiles, ',') + LDAP_CLASS.extra_files[i]=(destdir, origfileslist) + +#-- Let distutils/setuptools do the rest +name = 'python-ldap' + +# Python 2.3.6+ and setuptools are needed to build eggs, so +# let's handle setuptools' additional keyword arguments to +# setup() in a fashion that doesn't break compatibility to +# distutils. This still allows 'normal' builds where either +# Python > 2.3.5 or setuptools (or both ;o) are not available. +kwargs = dict() +if has_setuptools: + kwargs = dict( + include_package_data = True, + install_requires = ['setuptools'], + zip_safe = False + ) + +setup( + #-- Package description + name = name, + version = version, + description = 'Python modules for implementing LDAP clients', + long_description = """python-ldap: + python-ldap provides an object-oriented API to access LDAP directory servers + from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. + Additionally the package contains modules for other LDAP-related stuff + (e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3 extended operations + and controls, etc.). + """, + author = 'python-ldap project', + author_email = 'python-ldap@python.org', + url = 'http://www.python-ldap.org/', + download_url = 'http://pypi.python.org/pypi/python-ldap/', + classifiers = [ + 'Development Status :: 5 - Production/Stable', + 'Intended Audience :: Developers', + 'Intended Audience :: System Administrators', + 'Operating System :: OS Independent', + 'Operating System :: MacOS :: MacOS X', + 'Operating System :: Microsoft :: Windows', + 'Operating System :: POSIX', + 'Programming Language :: C', + 'Programming Language :: Python', + 'Topic :: Database', + 'Topic :: Internet', + 'Topic :: Software Development :: Libraries :: Python Modules', + 'Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP', + 'License :: OSI Approved :: Python Software Foundation License', + ], + license = 'Python style', + #-- C extension modules + ext_modules = [ + Extension( + '_ldap', + [ + 'Modules/LDAPObject.c', + 'Modules/ldapcontrol.c', + 'Modules/common.c', + 'Modules/constants.c', + 'Modules/errors.c', + 'Modules/functions.c', + 'Modules/schema.c', + 'Modules/ldapmodule.c', + 'Modules/message.c', + 'Modules/version.c', + 'Modules/options.c', + 'Modules/berval.c', + ], + libraries = LDAP_CLASS.libs, + include_dirs = ['Modules'] + LDAP_CLASS.include_dirs, + library_dirs = LDAP_CLASS.library_dirs, + extra_compile_args = LDAP_CLASS.extra_compile_args, + extra_link_args = LDAP_CLASS.extra_link_args, + extra_objects = LDAP_CLASS.extra_objects, + runtime_library_dirs = (not sys.platform.startswith("win"))*LDAP_CLASS.library_dirs, + define_macros = LDAP_CLASS.defines + \ + ('ldap_r' in LDAP_CLASS.libs or 'oldap_r' in LDAP_CLASS.libs)*[('HAVE_LIBLDAP_R',None)] + \ + ('sasl' in LDAP_CLASS.libs or 'sasl2' in LDAP_CLASS.libs or 'libsasl' in LDAP_CLASS.libs)*[('HAVE_SASL',None)] + \ + ('ssl' in LDAP_CLASS.libs and 'crypto' in LDAP_CLASS.libs)*[('HAVE_TLS',None)] + \ + [('LDAPMODULE_VERSION', version)] + ), + ], + #-- Python "stand alone" modules + py_modules = [ + 'ldapurl', + 'ldif', + 'dsml', + 'ldap', + 'ldap.async', + 'ldap.controls', + 'ldap.controls.libldap', + 'ldap.controls.ppolicy', + 'ldap.controls.psearch', + 'ldap.controls.readentry', + 'ldap.controls.sessiontrack', + 'ldap.controls.simple', + 'ldap.cidict', + 'ldap.dn', + 'ldap.extop', + 'ldap.extop.dds', + 'ldap.filter', + 'ldap.functions', + 'ldap.ldapobject', + 'ldap.logger', + 'ldap.modlist', + 'ldap.resiter', + 'ldap.sasl', + 'ldap.schema', + 'ldap.schema.models', + 'ldap.schema.subentry', + 'ldap.schema.tokenizer', + 'ldap.syncrepl', + ], + package_dir = {'': 'Lib',}, + data_files = LDAP_CLASS.extra_files, + **kwargs +) From e4173acd69254b950dfeb7663e83a8e338f5df18 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 23 Nov 2011 17:27:46 +0000 Subject: [PATCH 078/868] Fixed lock acquire() and release() to use the same lock instance --- Lib/ldap/functions.py | 132 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 Lib/ldap/functions.py diff --git a/Lib/ldap/functions.py b/Lib/ldap/functions.py new file mode 100644 index 0000000..03157fe --- /dev/null +++ b/Lib/ldap/functions.py @@ -0,0 +1,132 @@ +""" +functions.py - wraps functions of module _ldap + +See http://www.python-ldap.org/ for details. + +\$Id: functions.py,v 1.28 2011/11/23 17:27:46 stroeder Exp $ + +Compability: +- Tested with Python 2.0+ but should work with Python 1.5.x +- functions should behave exactly the same like in _ldap + +Usage: +Directly imported by ldap/__init__.py. The symbols of _ldap are +overridden. + +Thread-lock: +Basically calls into the LDAP lib are serialized by the module-wide +lock _ldapmodule_lock. +""" + +from ldap import __version__ + +__all__ = [ + 'open','initialize','init', + 'explode_dn','explode_rdn', + 'get_option','set_option', +] + +import sys,pprint,_ldap,ldap + +from ldap import LDAPError + +from ldap.dn import explode_dn,explode_rdn + +from ldap.ldapobject import LDAPObject + +if __debug__: + # Tracing is only supported in debugging mode + import traceback + + +def _ldap_function_call(lock,func,*args,**kwargs): + """ + Wrapper function which locks and logs calls to function + + lock + Instance of threading.Lock or compatible + func + Function to call with arguments passed in via *args and **kwargs + """ + if lock: + lock.acquire() + if __debug__: + if ldap._trace_level>=1: + ldap._trace_file.write('*** %s.%s %s\n' % ( + '_ldap',func.__name__, + pprint.pformat((args,kwargs)) + )) + if ldap._trace_level>=9: + traceback.print_stack(limit=ldap._trace_stack_limit,file=ldap._trace_file) + try: + try: + result = func(*args,**kwargs) + finally: + if lock: + lock.release() + except LDAPError,e: + if __debug__ and ldap._trace_level>=2: + ldap._trace_file.write('=> LDAPError: %s\n' % (str(e))) + raise + if __debug__ and ldap._trace_level>=2: + ldap._trace_file.write('=> result:\n%s\n' % (pprint.pformat(result))) + return result + + +def initialize(uri,trace_level=0,trace_file=sys.stdout,trace_stack_limit=None): + """ + Return LDAPObject instance by opening LDAP connection to + LDAP host specified by LDAP URL + + Parameters: + uri + LDAP URL containing at least connection scheme and hostport, + e.g. ldap://localhost:389 + trace_level + If non-zero a trace output of LDAP calls is generated. + trace_file + File object where to write the trace output to. + Default is to use stdout. + """ + return LDAPObject(uri,trace_level,trace_file,trace_stack_limit) + + +def open(host,port=389,trace_level=0,trace_file=sys.stdout,trace_stack_limit=None): + """ + Return LDAPObject instance by opening LDAP connection to + specified LDAP host + + Parameters: + host + LDAP host and port, e.g. localhost + port + integer specifying the port number to use, e.g. 389 + trace_level + If non-zero a trace output of LDAP calls is generated. + trace_file + File object where to write the trace output to. + Default is to use stdout. + """ + import warnings + warnings.warn('ldap.open() is deprecated! Use ldap.initialize() instead.', DeprecationWarning,2) + return initialize('ldap://%s:%d' % (host,port),trace_level,trace_file,trace_stack_limit) + +init = open + + +def get_option(option): + """ + get_option(name) -> value + + Get the value of an LDAP global option. + """ + return _ldap_function_call(None,_ldap.get_option,option) + + +def set_option(option,invalue): + """ + set_option(name, value) + + Set the value of an LDAP global option. + """ + return _ldap_function_call(None,_ldap.set_option,option,invalue) From 3fd52be6b5579fc8b1eaa26b786e4e03c05c5ae7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 24 Nov 2011 19:40:24 +0000 Subject: [PATCH 079/868] Fallback values for who and cred --- Demo/pyasn1/dds.py | 55 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 Demo/pyasn1/dds.py diff --git a/Demo/pyasn1/dds.py b/Demo/pyasn1/dds.py new file mode 100644 index 0000000..656b439 --- /dev/null +++ b/Demo/pyasn1/dds.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- +""" +Demo script for Dynamic Entries (see RFC 2589) + +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +from ldap.extop.dds import RefreshRequest,RefreshResponse + +import sys,ldap,ldapurl,getpass + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) + request_ttl = int(sys.argv[2]) +except IndexError,ValueError: + print 'Usage: dds.py ' + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.cred is None: + print 'Password for %s:' % (repr(ldap_url.who)) + ldap_url.cred = getpass.getpass() + +try: + ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') + +except ldap.INVALID_CREDENTIALS,e: + print 'Simple bind failed:',str(e) + sys.exit(1) + +else: + extreq = RefreshRequest(entryName=ldap_url.dn,requestTtl=request_ttl) + try: + extop_resp_obj = ldap_conn.extop_s(extreq,extop_resp_class=RefreshResponse) + except ldap.LDAPError,e: + print str(e) + else: + if extop_resp_obj.responseTtl!=request_ttl: + print 'Different response TTL:',extop_resp_obj.responseTtl + else: + print 'Response TTL:',extop_resp_obj.responseTtl From a7c052b701ef4e8e5f6bb9e821122ec3aa92b948 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 24 Nov 2011 19:41:47 +0000 Subject: [PATCH 080/868] Simple demo for ldap.controls.ppolicy --- Demo/pyasn1/ppolicy.py | 50 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 Demo/pyasn1/ppolicy.py diff --git a/Demo/pyasn1/ppolicy.py b/Demo/pyasn1/ppolicy.py new file mode 100644 index 0000000..2bb24a2 --- /dev/null +++ b/Demo/pyasn1/ppolicy.py @@ -0,0 +1,50 @@ +# -*- coding: utf-8 -*- +""" +Demo script for Password Policy Controls +(see http://tools.ietf.org/html/draft-behera-ldap-password-policy) + +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +import sys,ldap,ldapurl,getpass + +from ldap.controls.ppolicy import PasswordPolicyError,PasswordPolicyControl + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +except IndexError,ValueError: + print 'Usage: ppolicy.py ' + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.cred is None: + print 'Password for %s:' % (repr(ldap_url.who)) + ldap_url.cred = getpass.getpass() + +try: + msgid = ldap_conn.simple_bind(ldap_url.who,ldap_url.cred,serverctrls=[PasswordPolicyControl()]) + res_type,res_data,res_msgid,res_ctrls = ldap_conn.result3(msgid) +except ldap.INVALID_CREDENTIALS,e: + print 'Simple bind failed:',str(e) + sys.exit(1) +else: + if res_ctrls[0].controlType==PasswordPolicyControl.controlType: + ppolicy_ctrl = res_ctrls[0] + print 'PasswordPolicyControl' + print 'error',repr(ppolicy_ctrl.error),(ppolicy_ctrl.error!=None)*repr(PasswordPolicyError(ppolicy_ctrl.error)) + print 'timeBeforeExpiration',repr(ppolicy_ctrl.timeBeforeExpiration) + print 'graceAuthNsRemaining',repr(ppolicy_ctrl.graceAuthNsRemaining) From 4e39af9f4d259c2296c51a13f79fba74f903ee1d Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 27 Nov 2011 15:26:06 +0000 Subject: [PATCH 081/868] Another fix for decoding the password policy response control --- Lib/ldap/controls/ppolicy.py | 96 ++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 Lib/ldap/controls/ppolicy.py diff --git a/Lib/ldap/controls/ppolicy.py b/Lib/ldap/controls/ppolicy.py new file mode 100644 index 0000000..7f8cc7f --- /dev/null +++ b/Lib/ldap/controls/ppolicy.py @@ -0,0 +1,96 @@ +# -*- coding: utf-8 -*- +""" +ldap.controls.ppolicy - classes for Password Policy controls +(see http://tools.ietf.org/html/draft-behera-ldap-password-policy) + +See http://www.python-ldap.org/ for project details. + +$Id: ppolicy.py,v 1.3 2011/11/27 15:26:06 stroeder Exp $ +""" + +__all__ = [ + 'PasswordPolicyControl' +] + +# Imports from python-ldap 2.4+ +import ldap.controls +from ldap.controls import RequestControl,ResponseControl,ValueLessRequestControl,KNOWN_RESPONSE_CONTROLS + +# Imports from pyasn1 +from pyasn1.type import tag,namedtype,namedval,univ,constraint +from pyasn1.codec.ber import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPDN + + +class PasswordPolicyWarning(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('timeBeforeExpiration',univ.Integer().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) + )), + namedtype.NamedType('graceAuthNsRemaining',univ.Integer().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + )), + ) + + +class PasswordPolicyError(univ.Enumerated): + namedValues = namedval.NamedValues( + ('passwordExpired',0), + ('accountLocked',1), + ('changeAfterReset',2), + ('passwordModNotAllowed',3), + ('mustSupplyOldPassword',4), + ('insufficientPasswordQuality',5), + ('passwordTooShort',6), + ('passwordTooYoung',7), + ('passwordInHistory',8) + ) + subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0,1,2,3,4,5,6,7,8) + + +class PasswordPolicyResponseValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType( + 'warning', + PasswordPolicyWarning().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) + ), + ), + namedtype.OptionalNamedType( + 'error',PasswordPolicyError().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + ) + ), + ) + + +class PasswordPolicyControl(ValueLessRequestControl,ResponseControl): + controlType = '1.3.6.1.4.1.42.2.27.8.5.1' + + def __init__(self,criticality=False): + self.criticality = criticality + + def decodeControlValue(self,encodedControlValue): + ppolicyValue,_ = decoder.decode(encodedControlValue,asn1Spec=PasswordPolicyResponseValue()) + warning = ppolicyValue.getComponentByName('warning') + if warning is None: + self.timeBeforeExpiration,self.graceAuthNsRemaining = None,None + else: + timeBeforeExpiration = warning.getComponentByName('timeBeforeExpiration') + if timeBeforeExpiration!=None: + self.timeBeforeExpiration = int(timeBeforeExpiration) + else: + self.timeBeforeExpiration = None + graceAuthNsRemaining = warning.getComponentByName('graceAuthNsRemaining') + if graceAuthNsRemaining!=None: + self.graceAuthNsRemaining = int(graceAuthNsRemaining) + else: + self.graceAuthNsRemaining = None + error = ppolicyValue.getComponentByName('error') + if error is None: + self.error = None + else: + self.error = int(error) + + +KNOWN_RESPONSE_CONTROLS[PasswordPolicyControl.controlType] = PasswordPolicyControl From 4c51489dfdb14bee9b46a49966a3c089cd5e5dbb Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 10 Jan 2012 23:28:08 +0000 Subject: [PATCH 082/868] Reference ldap.MOD* constants with module name --- Doc/ldap.rst | 1125 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1125 insertions(+) create mode 100644 Doc/ldap.rst diff --git a/Doc/ldap.rst b/Doc/ldap.rst new file mode 100644 index 0000000..5226c32 --- /dev/null +++ b/Doc/ldap.rst @@ -0,0 +1,1125 @@ +.. % $Id: ldap.rst,v 1.27 2012/01/10 23:28:08 stroeder Exp $ + +******************************************** +:py:mod:`ldap` LDAP library interface module +******************************************** + +.. py:module:: ldap + :platform: Posix, Windows + :synopsis: Access to an underlying LDAP C library. +.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) + + +This module provides access to the LDAP (Lightweight Directory Access Protocol) +C API implemented in OpenLDAP 2.3 or newer. It is similar to the C API, with +the notable differences that lists are manipulated via Python list operations +and errors appear as exceptions. For far more detailed information on the C +interface, please see the (expired) draft-ietf-ldapext-ldap-c-api-04. This +documentation is current for the Python LDAP module, version |release|. Source +and binaries are available from http://www.python-ldap.org/. + + +Functions +========= + +This module defines the following functions: + +.. py:function:: initialize(uri [, trace_level=0 [, trace_file=sys.stdout [, trace_stack_limit=None]]]) -> LDAPObject object + + Initializes a new connection object for accessing the given LDAP server, + and return an LDAP object (see :ref:`ldap-objects`) used to perform operations + on that server. Parameter *uri* has to be a valid LDAP URL. + + Note that the C wrapper function :py:func:_ldap.initialize() is called which calls + the OpenLDAP funtion ldap_initialize(). Calling this function just initializes + the LDAP connection struct in the C API - nothing else. The first call to + an operation method (bind, search etc.) then really opens the connection. + Before that nothing is sent on the wire. + + The optional arguments are for generating debug log information: + *trace_level* specifies the amount of information being logged, + *trace_file* specifies a file-like object as target of the debug log and + *trace_stack_limit* specifies the stack limit of tracebacks in debug log. + + Possible values for *trace_level* are + :py:const:`0` for no logging, + :py:const:`1` for only logging the method calls with arguments, + :py:const:`2` for logging the method calls with arguments and the complete results and + :py:const:`9` for also logging the traceback of method calls. + + .. seealso:: + + :rfc:`4516` - Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator + +.. py:function:: open(host [, port=PORT]) -> LDAPObject object + + Opens a new connection with an LDAP server, and return an LDAP object (see + :ref:`ldap-objects`) used to perform operations on that server. *host* is a + string containing solely the host name. *port* is an integer specifying the + port where the LDAP server is listening (default is 389). + + Note: Using this function is deprecated. + + +.. py:function:: get_option(option) -> int|string + + This function returns the value of the global option specified by *option*. + + +.. py:function:: set_option(option, invalue) -> None + + This function sets the value of the global option specified by *option* to + *invalue*. + + +.. _ldap-constants: + +Constants +========= + +The module defines various constants. Note that some constants depend +on the build options and which underlying libs were used or even on +the version of the libs. So before using those constants the application has +to explicitly check whether they are available. + +General +------- + +.. py:data:: PORT + + The assigned TCP port number (389) that LDAP servers listen on. + +.. py:data:: SASL_AVAIL + + Integer where a non-zero value indicates that python-ldap was built with + support for SASL (Cyrus-SASL). + +.. py:data:: TLS_AVAIL + + Integer where a non-zero value indicates that python-ldap was built with + support for SSL/TLS (OpenSSL or similar libs). + + +.. _ldap-options: + +Options +------- + +.. seealso:: + + :manpage:`ldap.conf{5}` and :manpage:`ldap_get_options{3}` + + +For use with functions :py:func:set_option() and :py:func:get_option() +and methods :py:method:LDAPObject.set_option() and :py:method:LDAPObject.get_option() the +following option identifiers are defined as constants: + +.. py:data:: OPT_API_FEATURE_INFO + +.. py:data:: OPT_API_INFO + +.. py:data:: OPT_CLIENT_CONTROLS + +.. py:data:: OPT_DEBUG_LEVEL + + Sets the debug level within the underlying LDAP C lib. + +.. py:data:: OPT_DEFBASE + +.. py:data:: OPT_DEREF + + Specifies how alias derefencing is done within the underlying LDAP C lib. + +.. py:data:: OPT_ERROR_STRING + +.. py:data:: OPT_DIAGNOSTIC_MESSAGE + +.. py:data:: OPT_HOST_NAME + +.. py:data:: OPT_MATCHED_DN + +.. py:data:: OPT_NETWORK_TIMEOUT + +.. py:data:: OPT_PROTOCOL_VERSION + + Sets the LDAP protocol version used for a connection. This is mapped to + object attribute `ldap.LDAPObject.protocol_version` + +.. py:data:: OPT_REFERRALS + + int specifying whether referrals should be automatically chased within + the underlying LDAP C lib. + +.. py:data:: OPT_REFHOPLIMIT + +.. py:data:: OPT_RESTART + +.. py:data:: OPT_SERVER_CONTROLS + +.. py:data:: OPT_SIZELIMIT + +.. py:data:: OPT_SUCCESS + +.. py:data:: OPT_TIMELIMIT + +.. py:data:: OPT_TIMEOUT + +.. py:data:: OPT_URI + +.. _ldap-sasl-options: + +SASL options +:::::::::::: + +.. py:data:: OPT_X_SASL_AUTHCID + +.. py:data:: OPT_X_SASL_AUTHZID + +.. py:data:: OPT_X_SASL_MECH + +.. py:data:: OPT_X_SASL_NOCANON + + If set to zero SASL host name canonicalization is disabled. + +.. py:data:: OPT_X_SASL_REALM + +.. py:data:: OPT_X_SASL_SECPROPS + +.. py:data:: OPT_X_SASL_SSF + +.. py:data:: OPT_X_SASL_SSF_EXTERNAL + +.. py:data:: OPT_X_SASL_SSF_MAX + +.. py:data:: OPT_X_SASL_SSF_MIN + +.. _ldap-tls-options: + +TLS options +::::::::::: + +.. py:data:: OPT_X_TLS + +.. py:data:: OPT_X_TLS_ALLOW + +.. py:data:: OPT_X_TLS_CACERTDIR + +.. py:data:: OPT_X_TLS_CACERTFILE + +.. py:data:: OPT_X_TLS_CERTFILE + +.. py:data:: OPT_X_TLS_CIPHER_SUITE + +.. py:data:: OPT_X_TLS_CTX + +.. py:data:: OPT_X_TLS_DEMAND + +.. py:data:: OPT_X_TLS_HARD + +.. py:data:: OPT_X_TLS_KEYFILE + +.. py:data:: OPT_X_TLS_NEVER + +.. py:data:: OPT_X_TLS_RANDOM_FILE + +.. py:data:: OPT_X_TLS_REQUIRE_CERT + +.. py:data:: OPT_X_TLS_TRY + +.. _ldap-keepalive-options: + +Keepalive options +::::::::::::::::: + +.. py:data:: OPT_X_KEEPALIVE_IDLE + +.. py:data:: OPT_X_KEEPALIVE_PROBES + +.. py:data:: OPT_X_KEEPALIVE_INTERVAL + +.. _ldap-dn-flags: + +DN format flags +---------------- + +This constants are used for DN-parsing functions found in +sub-module :py:mod:`ldap.dn`. + +.. seealso:: + + :manpage:`ldap_str2dn{3}` + + +.. py:data:: DN_FORMAT_LDAP + +.. py:data:: DN_FORMAT_LDAPV3 + +.. py:data:: DN_FORMAT_LDAPV2 + +.. py:data:: DN_FORMAT_DCE + +.. py:data:: DN_FORMAT_UFN + +.. py:data:: DN_FORMAT_AD_CANONICAL + +.. py:data:: DN_FORMAT_MASK + +.. py:data:: DN_PRETTY + +.. py:data:: DN_SKIP + +.. py:data:: DN_P_NOLEADTRAILSPACES + +.. py:data:: DN_P_NOSPACEAFTERRDN + +.. py:data:: DN_PEDANTIC + + + +.. _ldap-exceptions: + +Exceptions +========== + +The module defines the following exceptions: + +.. py:exception:: LDAPError + + This is the base class of all execeptions raised by the module :py:mod:`ldap`. + Unlike the C interface, errors are not returned as result codes, but + are instead turned into exceptions, raised as soon an the error condition + is detected. + + The exceptions are accompanied by a dictionary possibly + containing an string value for the key :py:const:`desc` + (giving an English description of the error class) + and/or a string value for the key :py:const:`info` + (giving a string containing more information that the server may have sent). + + A third possible field of this dictionary is :py:const:`matched` and + is set to a truncated form of the name provided or alias dereferenced + for the lowest entry (object or alias) that was matched. + + +.. py:exception:: ADMINLIMIT_EXCEEDED + +.. py:exception:: AFFECTS_MULTIPLE_DSAS + +.. py:exception:: ALIAS_DEREF_PROBLEM + + A problem was encountered when dereferencing an alias. + (Sets the :py:const:`matched` field.) + +.. py:exception:: ALIAS_PROBLEM + + An alias in the directory points to a nonexistent entry. + (Sets the :py:const:`matched` field.) + +.. py:exception:: ALREADY_EXISTS + + The entry already exists. E.g. the *dn* specified with :py:meth:`add()` + already exists in the DIT. + +.. py:exception:: AUTH_UNKNOWN + + The authentication method specified to :py:meth:`bind()` is not known. + +.. py:exception:: BUSY + + The DSA is busy. + +.. py:exception:: CLIENT_LOOP + +.. py:exception:: COMPARE_FALSE + + A compare operation returned false. + (This exception should never be seen because :py:meth:`compare()` returns + a boolean result.) + +.. py:exception:: COMPARE_TRUE + + A compare operation returned true. + (This exception should never be seen because :py:meth:`compare()` returns + a boolean result.) + +.. py:exception:: CONFIDENTIALITY_REQUIRED + + Indicates that the session is not protected by a protocol such + as Transport Layer Security (TLS), which provides session + confidentiality. + +.. py:exception:: CONNECT_ERROR + +.. py:exception:: CONSTRAINT_VIOLATION + + An attribute value specified or an operation started violates some + server-side constraint + (e.g., a postalAddress has too many lines or a line that is too long + or a password is expired). + +.. py:exception:: CONTROL_NOT_FOUND + +.. py:exception:: DECODING_ERROR + + An error was encountered decoding a result from the LDAP server. + +.. py:exception:: ENCODING_ERROR + + An error was encountered encoding parameters to send to the LDAP server. + +.. py:exception:: FILTER_ERROR + + An invalid filter was supplied to :py:meth:`search()` + (e.g. unbalanced parentheses). + +.. py:exception:: INAPPROPRIATE_AUTH + + Inappropriate authentication was specified (e.g. :py:const:`AUTH_SIMPLE` + was specified and the entry does not have a userPassword attribute). + +.. py:exception:: INAPPROPRIATE_MATCHING + + Filter type not supported for the specified attribute. + +.. py:exception:: INSUFFICIENT_ACCESS + + The user has insufficient access to perform the operation. + +.. py:exception:: INVALID_CREDENTIALS + + Invalid credentials were presented during :py:meth:`bind()` or + :py:meth:`simple_bind()`. + (e.g., the wrong password). + +.. py:exception:: INVALID_DN_SYNTAX + + A syntactically invalid DN was specified. (Sets the :py:const:`matched` field.) + +.. py:exception:: INVALID_SYNTAX + + An attribute value specified by the client did not comply to the + syntax defined in the server-side schema. + +.. py:exception:: IS_LEAF + + The object specified is a leaf of the diretcory tree. + Sets the :py:const:`matched` field of the exception dictionary value. + +.. py:exception:: LOCAL_ERROR + + Some local error occurred. This is usually due to failed memory allocation. + +.. py:exception:: LOOP_DETECT + + A loop was detected. + +.. py:exception:: MORE_RESULTS_TO_RETURN + +.. py:exception:: NAMING_VIOLATION + + A naming violation occurred. This is raised e.g. if the LDAP server + has constraints about the tree naming. + +.. py:exception:: NO_OBJECT_CLASS_MODS + + Modifying the objectClass attribute as requested is not allowed + (e.g. modifying structural object class of existing entry). + +.. py:exception:: NOT_ALLOWED_ON_NONLEAF + + The operation is not allowed on a non-leaf object. + +.. py:exception:: NOT_ALLOWED_ON_RDN + + The operation is not allowed on an RDN. + +.. py:exception:: NOT_SUPPORTED + +.. py:exception:: NO_MEMORY + +.. py:exception:: NO_OBJECT_CLASS_MODS + + Object class modifications are not allowed. + +.. py:exception:: NO_RESULTS_RETURNED + +.. py:exception:: NO_SUCH_ATTRIBUTE + + The attribute type specified does not exist in the entry. + +.. py:exception:: NO_SUCH_OBJECT + + The specified object does not exist in the directory. + Sets the :py:const:`matched` field of the exception dictionary value. + +.. py:exception:: OBJECT_CLASS_VIOLATION + + An object class violation occurred when the LDAP server checked + the data sent by the client against the server-side schema + (e.g. a "must" attribute was missing in the entry data). + +.. py:exception:: OPERATIONS_ERROR + + An operations error occurred. + +.. py:exception:: OTHER + + An unclassified error occurred. + +.. py:exception:: PARAM_ERROR + + An ldap routine was called with a bad parameter. + +.. py:exception:: PARTIAL_RESULTS + + Partial results only returned. This exception is raised if + a referral is received when using LDAPv2. + (This exception should never be seen with LDAPv3.) + +.. py:exception:: PROTOCOL_ERROR + + A violation of the LDAP protocol was detected. + +.. py:exception:: RESULTS_TOO_LARGE + + The result does not fit into a UDP packet. This happens only when using + UDP-based CLDAP (connection-less LDAP) which is not supported anyway. + +.. py:exception:: SASL_BIND_IN_PROGRESS + +.. py:exception:: SERVER_DOWN + + The LDAP library can't contact the LDAP server. + +.. py:exception:: SIZELIMIT_EXCEEDED + + An LDAP size limit was exceeded. + This could be due to a ``sizelimit`` configuration on the LDAP server. + +.. py:exception:: STRONG_AUTH_NOT_SUPPORTED + + The LDAP server does not support strong authentication. + +.. py:exception:: STRONG_AUTH_REQUIRED + + Strong authentication is required for the operation. + +.. py:exception:: TIMELIMIT_EXCEEDED + + An LDAP time limit was exceeded. + +.. py:exception:: TIMEOUT + + A timelimit was exceeded while waiting for a result from the server. + +.. py:exception:: TYPE_OR_VALUE_EXISTS + + An attribute type or attribute value specified already + exists in the entry. + +.. py:exception:: UNAVAILABLE + + The DSA is unavailable. + +.. py:exception:: UNAVAILABLE_CRITICAL_EXTENSION + + Indicates that the LDAP server was unable to satisfy a request + because one or more critical extensions were not available. Either + the server does not support the control or the control is not appropriate + for the operation type. + +.. py:exception:: UNDEFINED_TYPE + + An attribute type used is not defined in the server-side schema. + +.. py:exception:: UNWILLING_TO_PERFORM + + The DSA is unwilling to perform the operation. + +.. py:exception:: USER_CANCELLED + + The operation was cancelled via the :py:meth:`abandon()` method. + +The above exceptions are raised when a result code from an underlying API +call does not indicate success. + + +.. _ldap-objects: + +LDAPObject classes +================== + +.. py:class:: LDAPObject + + Instances of :py:class:`LDAPObject` are returned by :py:func:`initialize()` + and :py:func:`open()` (deprecated). The connection is automatically unbound + and closed when the LDAP object is deleted. Internally :py:class:`LDAPObject` + is set to :py:class:`SimpleLDAPObject` by default. + + +.. py:class:: SimpleLDAPObject(uri [, trace_level=0 [, trace_file=sys.stdout [, trace_stack_limit=5]]]) + + Instances of :py:class:`LDAPObject` are returned by :py:func:`initialize()` + and :py:func:`open()` (deprecated). The connection is automatically unbound + and closed when the LDAP object is deleted. + + +.. py:class:: ReconnectLDAPObject(uri [, trace_level=0 [, trace_file=sys.stdout [, trace_stack_limit=5] [, retry_max=1 [, retry_delay=60.0]]]]) + + This class is derived from :py:class:`SimpleLDAPObject` and used for automatic + reconnects when using the synchronous request methods (see below). This class + also implements the pickle protocol. + + For automatic reconnects it has additional arguments: + + *retry_max* specifies the number of reconnect attempts before + re-raising the :py:exc:`ldap.SERVER_DOWN` exception. + + *retry_delay* specifies the time in seconds between reconnect attempts. + + +Arguments for LDAPv3 controls +----------------------------- + +The :py:mod:`ldap.controls` module can be used for constructing and +decoding LDAPv3 controls. These arguments are available in the methods +with names ending in :py:const:`_ext` or :py:const:`_ext_s`: + +*serverctrls* + is a list of :py:class:`ldap.controls.LDAPControl` instances sent to the server along + with the LDAP request (see module :py:mod:`ldap.controls`). These are + controls which alter the behaviour of the server when processing the + request if the control is supported by the server. The effect of controls + might differ depending on the type of LDAP request or controls might not + be applicable with certain LDAP requests at all. + +*clientctrls* + is a list of :py:class:`ldap.controls.LDAPControl` instances passed to the + client API and alter the behaviour of the client when processing the + request. + + +Sending LDAP requests +--------------------- + +Most methods on LDAP objects initiate an asynchronous request to the +LDAP server and return a message id that can be used later to retrieve +the result with :py:meth:`result()`. + +Methods with names ending in :py:const:`_s` are the synchronous form +and wait for and return with the server's result, or with +:py:const:`None` if no data is expected. + + +:class:`LDAPObject` instances have the following methods: + +.. py:method:: LDAPObject.abandon(msgid) -> None + +.. py:method:: LDAPObject.abandon_ext(msgid [, serverctrls=None [, clientctrls=None]]) -> None + + Abandons an LDAP operation in progress without waiting for a LDAP response. + The *msgid* argument should be the message ID of an outstanding LDAP + operation as returned by the asynchronous methods :py:meth:`search()`, :py:meth:`modify()`, etc. + The caller can expect that the result of an abandoned operation will not be + returned from a future call to :py:meth:`result()`. + + *serverctrls* and *clientctrls* like described above. + + +.. py:method:: LDAPObject.add(dn, modlist) -> int + +.. py:method:: LDAPObject.add_s(dn, modlist) -> None + +.. py:method:: LDAPObject.add_ext(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.add_ext_s(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> None + + Performs an LDAP add operation. The *dn* argument is the distinguished + name (DN) of the entry to add, and *modlist* is a list of attributes to be + added. The modlist is similar the one passed to :py:meth:`modify()`, except that the + operation integer is omitted from the tuples in modlist. You might want to + look into sub-module \refmodule{ldap.modlist} for generating the modlist. + + The asynchronous methods :py:meth:`add()` and :py:meth:`add_ext()` + return the message ID of the initiated request. + + *serverctrls* and *clientctrls* like described above. + +.. py:method:: LDAPObject.bind(who, cred, method) -> int + +.. py:method:: LDAPObject.bind_s(who, cred, method) -> None + +.. py:method:: LDAPObject.simple_bind([who='' [, cred='']]) -> int + +.. py:method:: LDAPObject.simple_bind_s([who='' [, cred='']]) -> None + + After an LDAP object is created, and before any other operations can be + attempted over the connection, a bind operation must be performed. + + This method attempts to bind with the LDAP server using + either simple authentication, or Kerberos (if available). + The first and most general method, :py:meth:`bind()`, + takes a third parameter, *method* which can currently solely + be :py:const:`AUTH_SIMPLE`. + + +.. py:method:: LDAPObject.sasl_interactive_bind_s(who, auth) -> None + + This call is used to bind to the directory with a SASL bind request. + + +.. py:method:: LDAPObject.cancel( cancelid, [, serverctrls=None [, clientctrls=None]]) -> None + + Send cancels extended operation for an LDAP operation specified by *cancelid*. + The *cancelid* should be the message id of an outstanding LDAP operation as returned + by the asynchronous methods search(), modify() etc. The caller + can expect that the result of an abandoned operation will not be + returned from a future call to :py:meth:`result()`. + In opposite to :py:meth:`abandon()` this extended operation gets an result from + the server and thus should be preferred if the server supports it. + + *serverctrls* and *clientctrls* like described above. + + :rfc:`3909` - Lightweight Directory Access Protocol (LDAP): Cancel Operation + + +.. py:method:: LDAPObject.compare(dn, attr, value) -> int + +.. py:method:: LDAPObject.compare_s(dn, attr, value) -> tuple + +.. py:method:: LDAPObject.compare_ext(dn, attr, value [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.compare_ext_s(dn, attr, value [, serverctrls=None [, clientctrls=None]]) -> tuple + + Perform an LDAP comparison between the attribute named *attr* of + entry *dn*, and the value *value*. The synchronous forms + returns :py:const:`0` for false, or :py:const:`1` for true. + The asynchronous forms returns the message ID of the initiated request, + and the result of the asynchronous compare can be obtained using + :py:meth:`result()`. + + Note that the asynchronous technique yields the answer + by raising the exception objects :py:exc:`ldap.COMPARE_TRUE` or + :py:exc:`ldap.COMPARE_FALSE`. + + *serverctrls* and *clientctrls* like described above. + + .. note:: + + A design fault in the LDAP API prevents *value* + from containing *NULL* characters. + + +.. py:method:: LDAPObject.delete(dn) -> int + +.. py:method:: LDAPObject.delete_s(dn) -> None + +.. py:method:: LDAPObject.delete_ext(dn [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.delete_ext_s(dn [, serverctrls=None [, clientctrls=None]]) -> None + + Performs an LDAP delete operation on *dn*. The asynchronous form + returns the message id of the initiated request, and the result can be obtained + from a subsequent call to :py:meth:`result()`. + + *serverctrls* and *clientctrls* like described above. + + +.. py:method:: extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int + +.. py:method:: extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) -> (respoid,respvalue) + + Performs an LDAP extended operation. The asynchronous + form returns the message id of the initiated request, and the + result can be obtained from a subsequent call to :py:meth:`extop_result()`. + + The *extreq* is an instance of class :py:class:`ldap.extop.ExtendedRequest` + containing the parameters for the extended operation request. + + If argument *extop_resp_class* is set to a sub-class of + :py:class:`ldap.extop.ExtendedResponse` this class is used to return an + object of this class instead of a raw BER value in respvalue. + +.. py:method:: extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None) -> (respoid,respvalue) + + Wrapper method around :py:meth:`result4()` just for retrieving + the result of an extended operation sent before. + + +.. py:method:: LDAPObject.modify(dn, modlist) -> int + +.. py:method:: LDAPObject.modify_s(dn, modlist) -> None + +.. py:method:: LDAPObject.modify_ext(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.modify_ext_s(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> None + + Performs an LDAP modify operation on an entry's attributes. + The *dn* argument is the distinguished name (DN) of the entry to modify, + and *modlist* is a list of modifications to make to that entry. + + Each element in the list *modlist* should be a tuple of the form + *(mod_op,mod_type,mod_vals)*, + where *mod_op* indicates the operation (one of :py:const:`ldap.MOD_ADD`, + :py:const:`ldap.MOD_DELETE`, or :py:const:`ldap.MOD_REPLACE`), + *mod_type* is a string indicating the attribute type name, and + *mod_vals* is either a string value or a list of string values to add, + delete or replace respectively. For the delete operation, *mod_vals* + may be :py:const:`None` indicating that all attributes are to be deleted. + + *serverctrls* and *clientctrls* like described above. + + The asynchronous methods :py:meth:`modify()` and :py:meth:`modify_ext()` + return the message ID of the initiated request. + + You might want to look into sub-module :py:mod:`ldap.modlist` for + generating *modlist*. + + +.. py:method:: LDAPObject.modrdn(dn, newrdn [, delold=1]) -> int + + +.. py:method:: LDAPObject.modrdn_s(dn, newrdn [, delold=1]) -> None + + Perform a ``modify RDN`` operation, (i.e. a renaming operation). + These routines take *dn* (the DN of the entry whose RDN is to be changed, + and *newrdn*, the new RDN to give to the entry. The optional parameter + *delold* is used to specify whether the old RDN should be kept as an + attribute of the entry or not. + The asynchronous version returns the initiated message id. + + This operation is emulated by :py:meth:`rename()` and :py:meth:`rename_s()` methods + since the modrdn2* routines in the C library are deprecated. + + +.. py:method:: LDAPObject.passwd(user, oldpw, newpw [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.passwd_s(user, oldpw, newpw [, serverctrls=None [, clientctrls=None]]) -> None + + Perform a ``LDAP Password Modify Extended Operation`` operation + on the entry specified by *user*. + The old password in *oldpw* is replaced with the new + password in *newpw* by a LDAP server supporting this operation. + + If *oldpw* is not :py:const:`None` it has to match the old password + of the specified *user* which is sometimes used when a user changes + his own password. + + *serverctrls* and *clientctrls* like described above. + + The asynchronous version returns the initiated message id. + + .. seealso:: + + :rfc:`3062` - LDAP Password Modify Extended Operation + + + +.. py:method:: LDAPObject.rename(dn, newrdn [, newsuperior=None [, delold=1 [, serverctrls=None [, clientctrls=None]]]]) -> int + +.. py:method:: LDAPObject.rename_s(dn, newrdn [, newsuperior=None [, delold=1 [, serverctrls=None [, clientctrls=None]]]]) -> None + + Perform a ``Rename`` operation, (i.e. a renaming operation). + These routines take *dn* (the DN of the entry whose RDN is to be changed, + and *newrdn*, the new RDN to give to the entry. + The optional parameter *newsuperior* is used to specify + a new parent DN for moving an entry in the tree + (not all LDAP servers support this). + The optional parameter *delold* is used to specify + whether the old RDN should be kept as an attribute of the entry or not. + + *serverctrls* and *clientctrls* like described above. + +.. py:method:: LDAPObject.result([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 2-tuple + + This method is used to wait for and return the result of an operation + previously initiated by one of the LDAP *asynchronous* operations + (eg :py:meth:`search()`, :py:meth:`modify()`, etc.) + + The *msgid* parameter is the integer identifier returned by that method. + The identifier is guaranteed to be unique across an LDAP session, + and tells the :py:meth:`result()` method to request the result of that + specific operation. + + If a result is desired from any one of the in-progress operations, + *msgid* should be specified as the constant :py:const:`RES_ANY` + and the method :py:meth:`result2()` should be used instead. + + The *all* parameter only has meaning for :py:meth:`search()` responses + and is used to select whether a single entry of the search + response should be returned, or to wait for all the results + of the search before returning. + + A search response is made up of zero or more search entries + followed by a search result. If *all* is 0, search entries will + be returned one at a time as they come in, via separate calls + to :py:meth:`result()`. If all is 1, the search response will be returned + in its entirety, i.e. after all entries and the final search + result have been received. + + For *all* set to 0, result tuples + trickle in (with the same message id), and with the result types + :py:const:`RES_SEARCH_ENTRY` and :py:const:`RES_SEARCH_REFERENCE`, + until the final result which has a result type of :py:const:`RES_SEARCH_RESULT` + and a (usually) empty data field. When all is set to 1, only one result is returned, + with a result type of RES_SEARCH_RESULT, and all the result tuples + listed in the data field. + + The *timeout* parameter is a limit on the number of seconds that the + method will wait for a response from the server. + If *timeout* is negative (which is the default), + the method will wait indefinitely for a response. + The timeout can be expressed as a floating-point value, and + a value of :py:const:`0` effects a poll. + If a timeout does occur, a :py:exc:`ldap.TIMEOUT` exception is raised, + unless polling, in which case ``(None, None)`` is returned. + + The :py:meth:`result()` method returns a tuple of the form + ``(result-type, result-data)``. + The first element, ``result-type`` is a string, being one of + these module constants: + :py:const:`RES_BIND`, :py:const:`RES_SEARCH_ENTRY`, + :py:const:`RES_SEARCH_REFERENCE`, :py:const:`RES_SEARCH_RESULT`, + :py:const:`RES_MODIFY`, :py:const:`RES_ADD`, :py:const:`RES_DELETE`, + :py:const:`RES_MODRDN`, or :py:const:`RES_COMPARE`. + + If *all* is :py:const:`0`, one response at a time is returned on + each call to :py:meth:`result()`, with termination indicated by + ``result-data`` being an empty list. + + See :py:meth:`search()` for a description of the search result's + ``result-data``, otherwise the ``result-data`` is normally meaningless. + + + +.. py:method:: LDAPObject.result2([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 3-tuple + + This method behaves almost exactly like :py:meth:`result()`. But + it returns a 3-tuple also containing the message id of the + outstanding LDAP operation a particular result message belongs + to. This is especially handy if one needs to dispatch results + obtained with ``msgid=``:py:const:`RES_ANY` to several consumer + threads which invoked a particular LDAP operation. + + +.. py:method:: LDAPObject.result3([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 4-tuple + + This method behaves almost exactly like :py:meth:`result2()`. But it + returns an extra item in the tuple, the decoded server controls. + +.. py:method:: LDAPObject.result4([msgid=RES_ANY [, all=1 [, timeout=None [, add_ctrls=0 [, add_intermediates=0 [, add_extop=0 [, resp_ctrl_classes=None]]]]]]]) -> 6-tuple + + This method behaves almost exactly like :py:meth:`result3()`. But it + returns an extra items in the tuple, the decoded results of an extended response. + + The additional arguments are: + + *add_ctrls* (integer flag) specifies whether response controls are returned. + + add_intermediates (integer flag) specifies whether response controls of + intermediate search results are returned. + + *add_extop* (integer flag) specifies whether the response of an + extended operation is returned. If using extended operations you should + consider using the method :py:meth:`extop_result()` or + :py:meth:`extop_s()` instead. + + *resp_ctrl_classes* is a dictionary mapping the OID of a response controls to a + :py:class:`ldap.controls.ResponseControl` class of response controls known by the + application. So the response control value will be automatically decoded. + If :py:const:`None` the global dictionary :py:data:`ldap.controls.KNOWN_RESPONSE_CONTROLS` + is used instead. + +.. py:method:: LDAPObject.search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]) ->int + +.. py:method:: LDAPObject.search_s(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]) ->list|None + +.. py:method:: LDAPObject.search_st(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, timeout=-1]]]]) -> list|None + +.. py:method:: LDAPObject.search_ext(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, serverctrls=None [, clientctrls=None [, timeout=-1 [, sizelimit=0]]]]]]]) -> int + +.. py:method:: LDAPObject.search_ext_s(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, serverctrls=None [, clientctrls=None [, timeout=-1 [, sizelimit=0]]]]]]]) -> list|None + + Perform an LDAP search operation, with *base* as the DN of the entry + at which to start the search, *scope* being one of + :py:const:`SCOPE_BASE` (to search the object itself), + :py:const:`SCOPE_ONELEVEL` (to search the object's immediate children), or + :py:const:`SCOPE_SUBTREE` (to search the object and all its descendants). + + The *filterstr* argument is a string representation of the filter to apply in + the search. + + .. seealso:: + + :rfc:`4515` - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. + + + Each result tuple is of the form ``(dn, attrs)``, + where *dn* is a string containing the DN (distinguished name) of the + entry, and *attrs* is a dictionary containing the attributes associated + with the entry. The keys of *attrs* are strings, and the associated + values are lists of strings. + + The DN in *dn* is automatically extracted using the underlying libldap + function :cfunc:`ldap_get_dn()`, which may raise an exception if the + DN is malformed. + + If *attrsonly* is non-zero, the values of *attrs* will be meaningless + (they are not transmitted in the result). + + The retrieved attributes can be limited with the *attrlist* parameter. + If *attrlist* is :py:const:`None`, all the attributes of each entry are returned. + + *serverctrls* and *clientctrls* like described above. + + The synchronous form with timeout, :py:meth:`search_st()` or :py:meth:`search_ext_s()`, + will block for at most *timeout* seconds (or indefinitely if *timeout* + is negative). A :py:exc:`ldap.TIMEOUT` exception is raised if no result is received + within the specified time. + + The amount of search results retrieved can be limited with the + *sizelimit* parameter when using :py:meth:`search_ext()` + or :py:meth:`search_ext_s()` (client-side search limit). If non-zero + not more than *sizelimit* results are returned by the server. + + + +.. py:method:: LDAPObject.start_tls_s() -> None + + Negotiate TLS with server. The ``version`` attribute must have been + set to :py:const:`VERSION3` (which it is by default) before calling this method. + If TLS could not be started an exception will be raised. + + .. seealso:: + + :rfc:`2830` - Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security + + + +.. py:method:: LDAPObject.unbind() -> int + +.. py:method:: LDAPObject.unbind_s() -> None + +.. py:method:: LDAPObject.unbind_ext([, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.unbind_ext_s([, serverctrls=None [, clientctrls=None]]) -> None + + This call is used to unbind from the directory, terminate the + current association, and free resources. Once called, the connection to the + LDAP server is closed and the LDAP object is marked invalid. + Further invocation of methods on the object will yield exceptions. + + *serverctrls* and *clientctrls* like described above. + + These methods are all synchronous in nature. + + +.. py:method:: LDAPObject.whoami_s() -> string + + This synchronous method implements the LDAP "Who Am I?" + extended operation. + + It is useful for finding out to find out which identity + is assumed by the LDAP server after a SASL bind. + + .. seealso:: + + :rfc:`4532` - Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation + + +Connection-specific LDAP options +-------------------------------- + +.. py:method:: LDAPObject.get_option(option) -> int|string + + This method returns the value of the LDAPObject option + specified by *option*. + + +.. py:method:: LDAPObject.set_option(option, invalue) -> None + + This method sets the value of the LDAPObject option + specified by *option* to *invalue*. + + +Object attributes +----------------- + +If the underlying library provides enough information, +each LDAP object will also have the following attributes. +These attributes are mutable unless described as read-only. + +.. py:attribute:: LDAPObject.deref -> int + + Controls whether aliases are automatically dereferenced. + This must be one of :py:const:`DEREF_NEVER`, :py:const:`DEREF_SEARCHING`, + :py:const:`DEREF_FINDING` or :py:const:`DEREF_ALWAYS`. + This option is mapped to option constant :py:const:`OPT_DEREF` + and used in the underlying OpenLDAP client lib. + + +.. py:attribute:: LDAPObject.network_timeout -> int + + Limit on waiting for a network response, in seconds. + Defaults to :py:const:`NO_LIMIT`. + This option is mapped to option constant :py:const:`OPT_NETWORK_TIMEOUT` + and used in the underlying OpenLDAP client lib. + + +.. py:attribute:: LDAPObject.protocol_version -> int + + Version of LDAP in use (either :py:const:`VERSION2` for LDAPv2 + or :py:const:`VERSION3` for LDAPv3). + This option is mapped to option constant :py:const:`OPT_PROTOCOL_VERSION` + and used in the underlying OpenLDAP client lib. + + .. note:: + + It is highly recommended to set the protocol version after establishing + a LDAP connection with :py:func:`ldap.initialize()` and before submitting + the first request. + + +.. py:attribute:: LDAPObject.sizelimit -> int + + Limit on size of message to receive from server. + Defaults to :py:const:`NO_LIMIT`. + This option is mapped to option constant :py:const:`OPT_SIZELIMIT` + and used in the underlying OpenLDAP client lib. Its use is deprecated + in favour of *sizelimit* parameter when using :py:meth:`search_ext()`. + + +.. py:attribute:: LDAPObject.timelimit -> int + + Limit on waiting for any response, in seconds. + Defaults to :py:const:`NO_LIMIT`. + This option is mapped to option constant :py:const:`OPT_TIMELIMIT` + and used in the underlying OpenLDAP client lib. Its use is deprecated + in favour of using :py:attr:`timeout`. + + +.. py:attribute:: LDAPObject.timeout -> int + + Limit on waiting for any response, in seconds. + Defaults to :py:const:`NO_LIMIT`. + This option is used in the wrapper module. + + +.. _ldap-example: + +Example +======= + +The following example demonstrates how to open a connection to an +LDAP server using the :py:mod:`ldap` module and invoke a synchronous +subtree search. + +>>> import ldap +>>> l = ldap.initialize('ldap://localhost:1390') +>>> l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=fred*)',['cn','mail']) +[('cn=Fred Feuerstein,ou=Testing,dc=stroeder,dc=de', {'cn': ['Fred Feuerstein']})] +>>> r = l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(objectClass=*)',['cn','mail']) +>>> for dn,entry in r: +>>> print 'Processing',repr(dn) +>>> handle_ldap_entry(entry) + From 6455849f82f7860188b641bdea3ce2145d9473c9 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 11 Jan 2012 10:04:48 +0000 Subject: [PATCH 083/868] Fixed memory leak reported by David Malcolm --- Modules/errors.c | 219 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 Modules/errors.c diff --git a/Modules/errors.c b/Modules/errors.c new file mode 100644 index 0000000..35e3dec --- /dev/null +++ b/Modules/errors.c @@ -0,0 +1,219 @@ +/* + * errors that arise from ldap use + * Most errors become their own exception + * See http://www.python-ldap.org/ for details. + * $Id: errors.c,v 1.23 2012/01/11 10:04:48 stroeder Exp $ */ + +#include "common.h" +#include "errors.h" + +/* the base exception class */ + +PyObject* +LDAPexception_class; + +/* list of error objects */ + +#define LDAP_ERROR_MIN LDAP_REFERRAL_LIMIT_EXCEEDED + +#ifdef LDAP_PROXIED_AUTHORIZATION_DENIED + #define LDAP_ERROR_MAX LDAP_PROXIED_AUTHORIZATION_DENIED +#else + #ifdef LDAP_ASSERTION_FAILED + #define LDAP_ERROR_MAX LDAP_ASSERTION_FAILED + #else + #define LDAP_ERROR_MAX LDAP_OTHER + #endif +#endif + +#define LDAP_ERROR_OFFSET -LDAP_ERROR_MIN + +static PyObject* errobjects[ LDAP_ERROR_MAX-LDAP_ERROR_MIN+1 ]; + + +/* Convert a bare LDAP error number into an exception */ +PyObject* +LDAPerr(int errnum) +{ + if (errnum >= LDAP_ERROR_MIN && errnum <= LDAP_ERROR_MAX) + PyErr_SetNone(errobjects[errnum+LDAP_ERROR_OFFSET]); + else + PyErr_SetObject(LDAPexception_class, + Py_BuildValue("{s:i}", "errnum", errnum)); + return NULL; +} + +/* Convert an LDAP error into an informative python exception */ +PyObject* +LDAPerror( LDAP *l, char *msg ) +{ + if (l == NULL) { + PyErr_SetFromErrno( LDAPexception_class ); + return NULL; + } + else { + int errnum, opt_errnum; + PyObject *errobj; + PyObject *info; + PyObject *str; + + char *matched, *error; + + opt_errnum = ldap_get_option(l, LDAP_OPT_ERROR_NUMBER, &errnum); + if (opt_errnum != LDAP_OPT_SUCCESS) + errnum = opt_errnum; + + if (errnum == LDAP_NO_MEMORY) + return PyErr_NoMemory(); + + if (errnum >= LDAP_ERROR_MIN && errnum <= LDAP_ERROR_MAX) + errobj = errobjects[errnum+LDAP_ERROR_OFFSET]; + else + errobj = LDAPexception_class; + + info = PyDict_New(); + if (info == NULL) + return NULL; + + str = PyString_FromString(ldap_err2string(errnum)); + if (str) + PyDict_SetItemString( info, "desc", str ); + Py_XDECREF(str); + + if (ldap_get_option(l, LDAP_OPT_MATCHED_DN, &matched) >= 0 + && matched != NULL) { + if (*matched != '\0') { + str = PyString_FromString(matched); + if (str) + PyDict_SetItemString( info, "matched", str ); + Py_XDECREF(str); + } + ldap_memfree(matched); + } + + if (errnum == LDAP_REFERRAL) { + str = PyString_FromString(msg); + if (str) + PyDict_SetItemString( info, "info", str ); + Py_XDECREF(str); + } else if (ldap_get_option(l, LDAP_OPT_ERROR_STRING, &error) >= 0 + && error != NULL) { + if (error != '\0') { + str = PyString_FromString(error); + if (str) + PyDict_SetItemString( info, "info", str ); + Py_XDECREF(str); + } + ldap_memfree(error); + } + PyErr_SetObject( errobj, info ); + Py_DECREF(info); + return NULL; + } +} + + +/* initialisation */ + +void +LDAPinit_errors( PyObject*d ) { + + /* create the base exception class */ + LDAPexception_class = PyErr_NewException("ldap.LDAPError", + NULL, + NULL); + PyDict_SetItemString( d, "LDAPError", LDAPexception_class ); + + /* XXX - backward compatibility with pre-1.8 */ + PyDict_SetItemString( d, "error", LDAPexception_class ); + + /* create each LDAP error object */ + +# define seterrobj2(n,o) \ + PyDict_SetItemString( d, #n, (errobjects[LDAP_##n+LDAP_ERROR_OFFSET] = o) ) + + +# define seterrobj(n) { \ + PyObject *e = PyErr_NewException("ldap." #n, \ + LDAPexception_class, NULL); \ + seterrobj2(n, e); \ + Py_INCREF(e); \ + } + + seterrobj(ADMINLIMIT_EXCEEDED); + seterrobj(AFFECTS_MULTIPLE_DSAS); + seterrobj(ALIAS_DEREF_PROBLEM); + seterrobj(ALIAS_PROBLEM); + seterrobj(ALREADY_EXISTS); + seterrobj(AUTH_UNKNOWN); + seterrobj(BUSY); + seterrobj(CLIENT_LOOP); + seterrobj(COMPARE_FALSE); + seterrobj(COMPARE_TRUE); + seterrobj(CONFIDENTIALITY_REQUIRED); + seterrobj(CONNECT_ERROR); + seterrobj(CONSTRAINT_VIOLATION); + seterrobj(CONTROL_NOT_FOUND); + seterrobj(DECODING_ERROR); + seterrobj(ENCODING_ERROR); + seterrobj(FILTER_ERROR); + seterrobj(INAPPROPRIATE_AUTH); + seterrobj(INAPPROPRIATE_MATCHING); + seterrobj(INSUFFICIENT_ACCESS); + seterrobj(INVALID_CREDENTIALS); + seterrobj(INVALID_DN_SYNTAX); + seterrobj(INVALID_SYNTAX); + seterrobj(IS_LEAF); + seterrobj(LOCAL_ERROR); + seterrobj(LOOP_DETECT); + seterrobj(MORE_RESULTS_TO_RETURN); + seterrobj(NAMING_VIOLATION); + seterrobj(NO_OBJECT_CLASS_MODS); + seterrobj(NOT_ALLOWED_ON_NONLEAF); + seterrobj(NOT_ALLOWED_ON_RDN); + seterrobj(NOT_SUPPORTED); + seterrobj(NO_MEMORY); + seterrobj(NO_OBJECT_CLASS_MODS); + seterrobj(NO_RESULTS_RETURNED); + seterrobj(NO_SUCH_ATTRIBUTE); + seterrobj(NO_SUCH_OBJECT); + seterrobj(OBJECT_CLASS_VIOLATION); + seterrobj(OPERATIONS_ERROR); + seterrobj(OTHER); + seterrobj(PARAM_ERROR); + seterrobj(PARTIAL_RESULTS); + seterrobj(PROTOCOL_ERROR); + seterrobj(REFERRAL); + seterrobj(REFERRAL_LIMIT_EXCEEDED); + seterrobj(RESULTS_TOO_LARGE); + seterrobj(SASL_BIND_IN_PROGRESS); + seterrobj(SERVER_DOWN); + seterrobj(SIZELIMIT_EXCEEDED); + seterrobj(STRONG_AUTH_NOT_SUPPORTED); + seterrobj(STRONG_AUTH_REQUIRED); + seterrobj(SUCCESS); + seterrobj(TIMELIMIT_EXCEEDED); + seterrobj(TIMEOUT); + seterrobj(TYPE_OR_VALUE_EXISTS); + seterrobj(UNAVAILABLE); + seterrobj(UNAVAILABLE_CRITICAL_EXTENSION); + seterrobj(UNDEFINED_TYPE); + seterrobj(UNWILLING_TO_PERFORM); + seterrobj(USER_CANCELLED); + +#ifdef LDAP_API_FEATURE_CANCEL + seterrobj(CANCELLED); + seterrobj(NO_SUCH_OPERATION); + seterrobj(TOO_LATE); + seterrobj(CANNOT_CANCEL); +#endif + +#ifdef LDAP_ASSERTION_FAILED + seterrobj(ASSERTION_FAILED); +#endif + +#ifdef LDAP_PROXIED_AUTHORIZATION_DENIED + seterrobj(PROXIED_AUTHORIZATION_DENIED); +#endif + +} From c0d1fe899dcd59a464808df942ba09aa9ace9f39 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 25 Jan 2012 19:24:40 +0000 Subject: [PATCH 084/868] Another note about LDAPError instances --- TODO | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 TODO diff --git a/TODO b/TODO new file mode 100644 index 0000000..d205eb7 --- /dev/null +++ b/TODO @@ -0,0 +1,30 @@ +*** List of things to-do in no particular order *** + +General: +- Define common Python style license for all modules +- Support Python 3.2+ + +Modules/ +- Specific support for more controls + - VLV control + - server-side sorting control +- Wrap libldif as faster drop-in replacement for module ldif? +- Attach response controls to LDAPError instances to deliver the + controls to the calling application in case of an error +- Attach more useful information to LDAPError instances, e.g. the filter used + when doing a search in case of ldap.FILTER_ERROR etc. + +Lib/ +- Unicode support for DNs, filter strings, etc. but not entry attributes! +(Everybody asking for the latter should check the mailing list archive first.) +- Caching of search requests for each LDAPObject instance +- LDIF parser for replication logs and change records +- DSMLv2 support + +Tests/ +- Clean up and finish the mess of small test scripts started. +- Create a test script that exercises everything with a server + holding the BLITS test data set + +------------------------------------------------------------------ +$Id: TODO,v 1.38 2012/01/25 19:24:40 stroeder Exp $ From d925c0a74af95ebc463c7322f492eb2ec5b71c92 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 21 Feb 2012 16:51:55 +0000 Subject: [PATCH 085/868] Added expirmental support for draft-vchu-ldap-pwd-policy --- Lib/ldap/controls/pwdpolicy.py | 41 ++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 Lib/ldap/controls/pwdpolicy.py diff --git a/Lib/ldap/controls/pwdpolicy.py b/Lib/ldap/controls/pwdpolicy.py new file mode 100644 index 0000000..81e4330 --- /dev/null +++ b/Lib/ldap/controls/pwdpolicy.py @@ -0,0 +1,41 @@ +# -*- coding: utf-8 -*- +""" +ldap.controls.pwdpolicy - classes for Password Policy controls +(see http://tools.ietf.org/html/draft-vchu-ldap-pwd-policy) + +See http://www.python-ldap.org/ for project details. + +$Id: pwdpolicy.py,v 1.1 2012/02/21 16:51:55 stroeder Exp $ +""" + +__all__ = [ + 'ExpirationWarningControl' +] + +# Imports from python-ldap 2.4+ +import ldap.controls +from ldap.controls import RequestControl,ResponseControl,ValueLessRequestControl,KNOWN_RESPONSE_CONTROLS + + +class PasswordExpiringControl(OctetStringInteger): + """ + Indicates time in seconds when password will expire + """ + controlType = '2.16.840.1.113730.3.4.5' + + def decodeControlValue(self,encodedControlValue): + self.gracePeriod = struct.unpack('!Q',encodedControlValue)[0] + +KNOWN_RESPONSE_CONTROLS[PasswordExpiringControl.controlType] = PasswordExpiringControl + + +class PasswordExpiredControl(ResponseControl): + """ + Indicates that password is expired + """ + controlType = '2.16.840.1.113730.3.4.4' + + def decodeControlValue(self,encodedControlValue): + self.passwordExpired = encodedControlValue=='0' + +KNOWN_RESPONSE_CONTROLS[PasswordExpiredControl.controlType] = PasswordExpiredControl From 3261c5f3d3b721c9c312c12d999a81c33c55d50d Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 21 Feb 2012 17:17:16 +0000 Subject: [PATCH 086/868] Hopefully smoother... --- setup.cfg | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 setup.cfg diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..9ab58af --- /dev/null +++ b/setup.cfg @@ -0,0 +1,38 @@ +# Example for setup.cfg +# You have to edit this file to reflect your system configuation +# +# $Id: setup.cfg,v 1.30 2012/02/21 17:17:16 stroeder Exp $ + +# Section for compiling the C extension module +# for wrapping OpenLDAP 2 libs +[_ldap] + +# Define extra include and library dirs if needed +library_dirs = /opt/openldap-RE24/lib /usr/lib +include_dirs = /opt/openldap-RE24/include /usr/include/sasl /usr/include + +# These defines needs OpenLDAP built with +# ./configure --with-cyrus-sasl --with-tls +defines = HAVE_SASL HAVE_TLS HAVE_LIBLDAP_R + +extra_compile_args = +extra_objects = + +# Example for full-featured build: +# Support for StartTLS/LDAPS, SASL bind and reentrant libldap_r. +libs = ldap_r + +# Installation options +[install] +compile = 1 +optimize = 1 + +# Linux distributors/packagers should adjust these settings +[bdist_rpm] +provides = python-ldap +requires = python libldap-2_4 +vendor = python-ldap project +packager = Michael Ströder +distribution_name = openSUSE 11.x +release = 1 +doc_files = CHANGES README INSTALL TODO Demo/ From b52476013de85b81bfc98d75df7208b40f0b6786 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 7 Jun 2012 18:38:06 +0000 Subject: [PATCH 087/868] Better version of Demo/pyasn1/syncrepl.py --- Demo/pyasn1/syncrepl.py | 170 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 Demo/pyasn1/syncrepl.py diff --git a/Demo/pyasn1/syncrepl.py b/Demo/pyasn1/syncrepl.py new file mode 100644 index 0000000..04fdc66 --- /dev/null +++ b/Demo/pyasn1/syncrepl.py @@ -0,0 +1,170 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +""" +This script implements a syncrepl consumer which syncs data from an OpenLDAP +server to a local (shelve) database. + +Notes: + +The bound user needs read access to the attributes entryDN and entryCSN. + +This needs the following software: +Python +pyasn1 0.1.4+ +pyasn1-modules +python-ldap 2.4.10+ +""" + +# Import the python-ldap modules +import ldap,ldapurl +# Import specific classes from python-ldap +from ldap.ldapobject import ReconnectLDAPObject +from ldap.syncrepl import SyncreplConsumer + +# Import modules from Python standard lib +import shelve,signal,time,sys,logging + + +# Global state +watcher_running = True +ldap_connection = False + + +class SyncReplConsumer(ReconnectLDAPObject,SyncreplConsumer): + """ + Syncrepl Consumer interface + """ + + def __init__(self,db_path,*args,**kwargs): + # Initialise the LDAP Connection first + ldap.ldapobject.ReconnectLDAPObject.__init__(self, *args, **kwargs) + # Now prepare the data store + self.__data = shelve.open(db_path, 'c') + # We need this for later internal use + self.__presentUUIDs = dict() + + def __del__(self): + # Close the data store properly to avoid corruption + self.__data.close() + + def syncrepl_get_cookie(self): + if 'cookie' in self.__data: + return self.__data['cookie'] + + def syncrepl_set_cookie(self,cookie): + self.__data['cookie'] = cookie + + def syncrepl_entry(self,dn,attributes,uuid): + # First we determine the type of change we have here (and store away the previous data for later if needed) + previous_attributes = dict() + if uuid in self.__data: + change_type = 'modify' + previous_attributes = self.__data[uuid] + else: + change_type = 'add' + # Now we store our knowledge of the existence of this entry (including the DN as an attribute for convenience) + attributes['dn'] = dn + self.__data[uuid] = attributes + # Debugging + print 'Detected', change_type, 'of entry:', dn + # If we have a cookie then this is not our first time being run, so it must be a change + if 'ldap_cookie' in self.__data: + self.perform_application_sync(dn, attributes, previous_attributes) + + def syncrepl_delete(self,uuids): + # Make sure we know about the UUID being deleted, just in case... + uuids = [uuid for uuid in uuids if uuid in self.__data] + # Delete all the UUID values we know of + for uuid in uuids: + print 'Detected deletion of entry:', self.__data[uuid]['dn'] + del self.__data[uuid] + + def syncrepl_present(self,uuids,refreshDeletes=False): + # If we have not been given any UUID values, then we have recieved all the present controls... + if uuids is None: + # We only do things if refreshDeletes is false as the syncrepl extension will call syncrepl_delete instead when it detects a delete notice + if refreshDeletes is False: + deletedEntries = [uuid for uuid in self.__data.keys() if uuid not in self.__presentUUIDs and uuid != 'ldap_cookie'] + self.syncrepl_delete( deletedEntries ) + # Phase is now completed, reset the list + self.__presentUUIDs = {} + else: + # Note down all the UUIDs we have been sent + for uuid in uuids: + self.__presentUUIDs[uuid] = True + + def perform_application_sync(self,dn,attributes,previous_attributes): + print 'Performing application sync for:', dn + return True + + +# Shutdown handler +def commenceShutdown(signum, stack): + # Declare the needed global variables + global watcher_running, ldap_connection + print 'Shutting down!' + + # We are no longer running + watcher_running = False + + # Tear down the server connection + if( ldap_connection ): + del ldap_connection + + # Shutdown + sys.exit(0) + +# Time to actually begin execution +# Install our signal handlers +signal.signal(signal.SIGTERM,commenceShutdown) +signal.signal(signal.SIGINT,commenceShutdown) + + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) + database_path = sys.argv[2] +except IndexError,e: + print 'Usage: syncrepl-client.py ' + sys.exit(1) +except ValueError,e: + print 'Error parsing command-line arguments:',str(e) + sys.exit(1) + +while watcher_running: + print 'Connecting to LDAP server now...' + # Prepare the LDAP server connection (triggers the connection as well) + ldap_connection = SyncReplConsumer(database_path,ldap_url.initializeUrl()) + + # Now we login to the LDAP server + try: + ldap_connection.simple_bind_s(ldap_url.who,ldap_url.cred) + except ldap.INVALID_CREDENTIALS, e: + print 'Login to LDAP server failed: ', str(e) + sys.exit(1) + except ldap.SERVER_DOWN: + print 'LDAP server is down, going to retry.' + time.sleep(5) + continue + + # Commence the syncing + print 'Commencing sync process' + ldap_search = ldap_connection.syncrepl_search( + ldap_url.dn or '', + ldap_url.scope or ldap.SCOPE_SUBTREE, + mode = 'refreshAndPersist', + filterstr = ldap_url.filterstr or '(objectClass=*)' + ) + + try: + while ldap_connection.syncrepl_poll( all = 1, msgid = ldap_search): + pass + except KeyboardInterrupt: + # User asked to exit + commenceShutdown() + pass + except Exception, e: + # Handle any exception + if watcher_running: + print 'Encountered a problem, going to retry. Error:', str(e) + time.sleep(5) + pass From c57880be37fb9b6778c8b298063a4cfd7034ce8a Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 9 Aug 2012 07:01:20 +0000 Subject: [PATCH 088/868] Removed class attrs from AuthorizationIdentityRequestControl.__doc__ --- Lib/ldap/controls/simple.py | 147 ++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 Lib/ldap/controls/simple.py diff --git a/Lib/ldap/controls/simple.py b/Lib/ldap/controls/simple.py new file mode 100644 index 0000000..30e7dd3 --- /dev/null +++ b/Lib/ldap/controls/simple.py @@ -0,0 +1,147 @@ +# -*- coding: utf-8 -*- +""" +ldap.controls.simple - classes for some very simple LDAP controls + +See http://www.python-ldap.org/ for details. + +$Id: simple.py,v 1.9 2012/08/09 07:01:20 stroeder Exp $ +""" + +import struct,ldap +from ldap.controls import RequestControl,ResponseControl,LDAPControl,KNOWN_RESPONSE_CONTROLS + + +class ValueLessRequestControl(RequestControl): + """ + Base class for controls without a controlValue. + The presence of the control in a LDAPv3 request changes the server's + behaviour when processing the request simply based on the controlType. + + controlType + OID of the request control + criticality + criticality request control + """ + + def __init__(self,controlType=None,criticality=False): + self.controlType = controlType + self.criticality = criticality + + def encodeControlValue(self): + return None + + +class OctetStringInteger(LDAPControl): + """ + Base class with controlValue being unsigend integer values + + integerValue + Integer to be sent as OctetString + """ + + def __init__(self,controlType=None,criticality=False,integerValue=None): + self.controlType = controlType + self.criticality = criticality + self.integerValue = integerValue + + def encodeControlValue(self): + return struct.pack('!Q',self.integerValue) + + def decodeControlValue(self,encodedControlValue): + self.integerValue = struct.unpack('!Q',encodedControlValue)[0] + + +class BooleanControl(LDAPControl): + """ + Base class for simple request controls with boolean control value. + + Constructor argument and class attribute: + + booleanValue + Boolean (True/False or 1/0) which is the boolean controlValue. + """ + boolean2ber = { 1:'\x01\x01\xFF', 0:'\x01\x01\x00' } + ber2boolean = { '\x01\x01\xFF':1, '\x01\x01\x00':0 } + + def __init__(self,controlType=None,criticality=False,booleanValue=False): + self.controlType = controlType + self.criticality = criticality + self.booleanValue = booleanValue + + def encodeControlValue(self): + return self.boolean2ber[int(self.booleanValue)] + + def decodeControlValue(self,encodedControlValue): + self.booleanValue = self.ber2boolean[encodedControlValue] + + +class ManageDSAITControl(ValueLessRequestControl): + """ + Manage DSA IT Control + """ + + def __init__(self,criticality=False): + ValueLessRequestControl.__init__(self,ldap.CONTROL_MANAGEDSAIT,criticality=False) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_MANAGEDSAIT] = ManageDSAITControl + + +class RelaxRulesControl(ValueLessRequestControl): + """ + Relax Rules Control + """ + + def __init__(self,criticality=False): + ValueLessRequestControl.__init__(self,ldap.CONTROL_RELAX,criticality=False) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_RELAX] = RelaxRulesControl + + +class ProxyAuthzControl(RequestControl): + """ + Proxy Authorization Control + + authzId + string containing the authorization ID indicating the identity + on behalf which the server should process the request + """ + + def __init__(self,criticality,authzId): + RequestControl.__init__(self,ldap.CONTROL_PROXY_AUTHZ,criticality,authzId) + + +class AuthorizationIdentityRequestControl(ValueLessRequestControl): + """ + Authorization Identity Request and Response Controls + """ + controlType = '2.16.840.1.113730.3.4.16' + + def __init__(self,criticality): + ValueLessRequestControl.__init__(self,self.controlType,criticality) + + +class AuthorizationIdentityResponseControl(ResponseControl): + """ + Authorization Identity Request and Response Controls + + Class attributes: + + authzId + decoded authorization identity + """ + controlType = '2.16.840.1.113730.3.4.15' + + def decodeControlValue(self,encodedControlValue): + self.authzId = encodedControlValue + + +KNOWN_RESPONSE_CONTROLS[AuthorizationIdentityResponseControl.controlType] = AuthorizationIdentityResponseControl + + +class GetEffectiveRightsControl(RequestControl): + """ + Get Effective Rights Control + """ + + def __init__(self,criticality,authzId=None): + RequestControl.__init__(self,'1.3.6.1.4.1.42.2.27.9.5.2',criticality,authzId) From 2702f93074ca3f454443c8dbb4ad08467e38cf8c Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 9 Aug 2012 07:18:31 +0000 Subject: [PATCH 089/868] Fixes for Sphinx doc generator --- Lib/ldap/syncrepl.py | 469 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 469 insertions(+) create mode 100644 Lib/ldap/syncrepl.py diff --git a/Lib/ldap/syncrepl.py b/Lib/ldap/syncrepl.py new file mode 100644 index 0000000..1d79bef --- /dev/null +++ b/Lib/ldap/syncrepl.py @@ -0,0 +1,469 @@ +# -*- coding: utf-8 -*- +""" +ldap.syncrepl - for implementing syncrepl consumer (see RFC 4533) + +See http://www.python-ldap.org/ for project details. + +$Id: syncrepl.py,v 1.3 2012/08/09 07:18:31 stroeder Exp $ +""" + +#__all__ = [ +# '', +# '', +#] + +from uuid import UUID + +# Imports from python-ldap 2.4+ +import ldap.ldapobject +from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS + +# Imports from pyasn1 +from pyasn1.type import tag,namedtype,namedval,univ,constraint +from pyasn1.codec.ber import encoder,decoder + +__all__ = [ 'SyncreplConsumer' ] + +# RFC 4533: +# +# syncUUID ::= OCTET STRING (SIZE(16)) +# syncCookie ::= OCTET STRING + +class syncUUID(univ.OctetString): + subtypeSpec = constraint.ValueSizeConstraint(16,16) + +class syncCookie(univ.OctetString): + pass + +# 2.2. Sync Request Control +# +# The Sync Request Control is an LDAP Control [RFC4511] where the +# controlType is the object identifier 1.3.6.1.4.1.4203.1.9.1.1 and the +# controlValue, an OCTET STRING, contains a BER-encoded +# syncRequestValue. The criticality field is either TRUE or FALSE. +# +# syncRequestValue ::= SEQUENCE { +# mode ENUMERATED { +# -- 0 unused +# refreshOnly (1), +# -- 2 reserved +# refreshAndPersist (3) +# }, +# cookie syncCookie OPTIONAL, +# reloadHint BOOLEAN DEFAULT FALSE +# } +# +# The Sync Request Control is only applicable to the SearchRequest +# Message. + +class syncRequestMode(univ.Enumerated): + namedValues = namedval.NamedValues( + ('refreshOnly', 1), + ('refreshAndPersist', 3) + ) + subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(1,3) + +class syncRequestValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('mode', syncRequestMode()), + namedtype.OptionalNamedType('cookie', syncCookie()), + namedtype.DefaultedNamedType('reloadHint', univ.Boolean(False)) + ) + +class SyncRequestControl(RequestControl): + controlType = '1.3.6.1.4.1.4203.1.9.1.1' + + def __init__(self, criticality=1, cookie=None, mode='refreshOnly', reloadHint=False): + self.criticality = criticality + self.cookie = cookie + self.mode = mode + self.reloadHint = reloadHint + + def encodeControlValue(self): + r = syncRequestValue() + r.setComponentByName('mode', syncRequestMode(self.mode)) + if self.cookie is not None: + r.setComponentByName('cookie', syncCookie(self.cookie)) + if self.reloadHint: + r.setComponentbyName('reloadHint', univ.Boolean(self.reloadHint)) + return encoder.encode(r) + +# 2.3. Sync State Control +# +# The Sync State Control is an LDAP Control [RFC4511] where the +# controlType is the object identifier 1.3.6.1.4.1.4203.1.9.1.2 and the +# controlValue, an OCTET STRING, contains a BER-encoded syncStateValue. +# The criticality is FALSE. +# +# syncStateValue ::= SEQUENCE { +# state ENUMERATED { +# present (0), +# add (1), +# modify (2), +# delete (3) +# }, +# entryUUID syncUUID, +# cookie syncCookie OPTIONAL +# } +# +# The Sync State Control is only applicable to SearchResultEntry and +# SearchResultReference Messages. + +class syncStateOp(univ.Enumerated): + namedValues = namedval.NamedValues( + ('present', 0), + ('add', 1), + ('modify', 2), + ('delete', 3) + ) + subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0,1,2,3) + +class syncStateValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('state', syncStateOp()), + namedtype.NamedType('entryUUID', syncUUID()), + namedtype.OptionalNamedType('cookie', syncCookie()) + ) + +class SyncStateControl(ResponseControl): + controlType = '1.3.6.1.4.1.4203.1.9.1.2' + opnames = ( 'present', 'add', 'modify', 'delete' ) + + def decodeControlValue(self, encodedControlValue): + d = decoder.decode(encodedControlValue, asn1Spec = syncStateValue()) + state = d[0].getComponentByName('state') + uuid = UUID(bytes=d[0].getComponentByName('entryUUID')) + self.cookie = d[0].getComponentByName('cookie') + self.state = self.__class__.opnames[int(state)] + self.entryUUID = str(uuid) + if self.cookie is not None: + self.cookie = str(self.cookie) + +KNOWN_RESPONSE_CONTROLS[SyncStateControl.controlType] = SyncStateControl + +# 2.4. Sync Done Control +# +# The Sync Done Control is an LDAP Control [RFC4511] where the +# controlType is the object identifier 1.3.6.1.4.1.4203.1.9.1.3 and the +# controlValue contains a BER-encoded syncDoneValue. The criticality +# is FALSE (and hence absent). +# +# syncDoneValue ::= SEQUENCE { +# cookie syncCookie OPTIONAL, +# refreshDeletes BOOLEAN DEFAULT FALSE +# } +# +# The Sync Done Control is only applicable to the SearchResultDone +# Message. + +class syncDoneValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('cookie', syncCookie()), + namedtype.DefaultedNamedType('refreshDeletes', univ.Boolean(False)) + ) + +class SyncDoneControl(ResponseControl): + controlType = '1.3.6.1.4.1.4203.1.9.1.3' + + def decodeControlValue(self, encodedControlValue): + d = decoder.decode(encodedControlValue, asn1Spec = syncDoneValue()) + self.cookie = d[0].getComponentByName('cookie') + self.refreshDeletes = d[0].getComponentByName('refreshDeletes') + if self.cookie is not None: + self.cookie = str(self.cookie) + if self.refreshDeletes is not None: + self.refreshDeletes = bool(self.refreshDeletes) + +KNOWN_RESPONSE_CONTROLS[SyncDoneControl.controlType] = SyncDoneControl + + +# 2.5. Sync Info Message +# +# The Sync Info Message is an LDAP Intermediate Response Message +# [RFC4511] where responseName is the object identifier +# 1.3.6.1.4.1.4203.1.9.1.4 and responseValue contains a BER-encoded +# syncInfoValue. The criticality is FALSE (and hence absent). +# +# syncInfoValue ::= CHOICE { +# newcookie [0] syncCookie, +# refreshDelete [1] SEQUENCE { +# cookie syncCookie OPTIONAL, +# refreshDone BOOLEAN DEFAULT TRUE +# }, +# refreshPresent [2] SEQUENCE { +# cookie syncCookie OPTIONAL, +# refreshDone BOOLEAN DEFAULT TRUE +# }, +# syncIdSet [3] SEQUENCE { +# cookie syncCookie OPTIONAL, +# refreshDeletes BOOLEAN DEFAULT FALSE, +# syncUUIDs SET OF syncUUID +# } +# } +# + +class refreshDelete(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('cookie', syncCookie()), + namedtype.DefaultedNamedType('refreshDone', univ.Boolean(True)) + ) + +class refreshPresent(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('cookie', syncCookie()), + namedtype.DefaultedNamedType('refreshDone', univ.Boolean(True)) + ) + +class syncUUIDs(univ.SetOf): + componentType = syncUUID() + +class syncIdSet(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('cookie', syncCookie()), + namedtype.DefaultedNamedType('refreshDeletes', univ.Boolean(False)), + namedtype.NamedType('syncUUIDs', syncUUIDs()) + ) + +class syncInfoValue(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'newcookie', + syncCookie().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) + ) + ), + namedtype.NamedType( + 'refreshDelete', + refreshDelete().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1) + ) + ), + namedtype.NamedType( + 'refreshPresent', + refreshPresent().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2) + ) + ), + namedtype.NamedType( + 'syncIdSet', + syncIdSet().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3) + ) + ) + ) + +class SyncInfoMessage: + responseName = '1.3.6.1.4.1.4203.1.9.1.4' + + def __init__(self, encodedMessage): + d = decoder.decode(encodedMessage, asn1Spec = syncInfoValue()) + self.newcookie = None + self.refreshDelete = None + self.refreshPresent = None + self.syncIdSet = None + + for attr in [ 'newcookie', 'refreshDelete', 'refreshPresent', 'syncIdSet']: + comp = d[0].getComponentByName(attr) + + if comp is not None: + + if attr == 'newcookie': + self.newcookie = str(comp) + return + + val = dict() + + cookie = comp.getComponentByName('cookie') + if cookie is not None: + val['cookie'] = str(cookie) + + if attr.startswith('refresh'): + val['refreshDone'] = bool(comp.getComponentByName('refreshDone')) + elif attr == 'syncIdSet': + uuids = [] + ids = comp.getComponentByName('syncUUIDs') + for i in range(len(ids)): + uuid = UUID(bytes=str(ids.getComponentByPosition(i))) + uuids.append(str(uuid)) + val['syncUUIDs'] = uuids + val['refreshDeletes'] = bool(comp.getComponentByName('refreshDeletes')) + + setattr(self,attr,val) + return + + +class SyncreplConsumer: + """ + SyncreplConsumer - LDAP syncrepl consumer object. + """ + + def syncrepl_search(self, base, scope, mode='refreshOnly', cookie=None, **search_args): + """ + Starts syncrepl search operation. + + base, scope, and search_args are passed along to + self.search_ext unmodified (aside from adding a Sync + Request control to any serverctrls provided). + + mode provides syncrepl mode. Can be 'refreshOnly' + to finish after synchronization, or + 'refreshAndPersist' to persist (continue to + receive updates) after synchronization. + + cookie: an opaque value representing the replication + state of the client. Subclasses should override + the syncrepl_set_cookie() and syncrepl_get_cookie() + methods to store the cookie appropriately, rather than + passing it. + + """ + if cookie is None: + cookie = self.syncrepl_get_cookie() + + syncreq = SyncRequestControl(cookie=cookie, mode=mode) + + if 'serverctrls' in search_args: + search_args['serverctrls'] += [syncreq] + else: + search_args['serverctrls'] = [syncreq] + + self.__refreshDone = False + return self.search_ext(base, scope, **search_args) + + + def syncrepl_poll(self, msgid=-1, timeout=None, all=0): + """ + polls for and processes responses to the syncrepl_search() operation. + Returns False when operation finishes, True if it is in progress, or + raises an exception on error. + + If timeout is specified, raises ldap.TIMEOUT in the event of a timeout. + + If all is set to a nonzero value, poll() will return only when finished + or when an exception is raised. + + """ + while True: + type, msg, mid, ctrls, n, v = self.result4( + msgid=msgid, timeout=timeout, + add_intermediates=1, add_ctrls=1, all = 0 + ) + + if type == 101: + # search result. This marks the end of a refreshOnly session. + # look for a SyncDone control, save the cookie, and if necessary + # delete non-present entries. + for c in ctrls: + if c.__class__.__name__ != 'SyncDoneControl': + continue + self.syncrepl_present(None,refreshDeletes=c.refreshDeletes) + if c.cookie is not None: + self.syncrepl_set_cookie(c.cookie) + + return False + + elif type == 100: + # search entry with associated SyncState control + for m in msg: + dn, attrs, ctrls = m + for c in ctrls: + if c.__class__.__name__ != 'SyncStateControl': + continue + if c.state == 'present': + self.syncrepl_present([c.entryUUID]) + elif c.state == 'delete': + self.syncrepl_delete([c.entryUUID]) + else: + self.syncrepl_entry(dn, attrs, c.entryUUID) + if self.__refreshDone is False: + self.syncrepl_present([c.entryUUID]) + if c.cookie is not None: + self.syncrepl_set_cookie(c.cookie) + break + + elif type == 121: + # Intermediate message. If it is a SyncInfoMessage, parse it + for m in msg: + rname, resp, ctrls = m + if rname != SyncInfoMessage.responseName: + continue + sim = SyncInfoMessage(resp) + if sim.newcookie is not None: + self.syncrepl_set_cookie(sim.newcookie) + elif sim.refreshPresent is not None: + self.syncrepl_present(None, refreshDeletes=False) + if 'cookie' in sim.refreshPresent: + self.syncrepl_set_cookie(sim.refreshPresent['cookie']) + self.__refreshDone=sim.refreshPresent['refreshDone'] + elif sim.refreshDelete is not None: + self.syncrepl_present(None, refreshDeletes=True) + if 'cookie' in sim.refreshDelete: + self.syncrepl_set_cookie(sim.refreshDelete['cookie']) + self.__refreshDone=sim.refreshDelete['refreshDone'] + elif sim.syncIdSet is not None: + if sim.syncIdSet['refreshDeletes'] is True: + self.syncrepl_delete(sim.syncIdSet['syncUUIDs']) + else: + self.syncrepl_present(sim.syncIdSet['syncUUIDs']) + if 'cookie' in sim.syncIdSet: + self.syncrepl_set_cookie(sim.syncIdSet['cookie']) + pass + + if all == 0: + return True + + + # virtual methods -- subclass must override these to do useful work + + def syncrepl_set_cookie(self, cookie): + """ + Called by syncrepl_poll() to store a new cookie provided by the server. + """ + pass + + def syncrepl_get_cookie(self): + """ + Called by syncrepl_search() to retreive the cookie stored by syncrepl_set_cookie() + """ + pass + + def syncrepl_present(self, uuids, refreshDeletes=False): + """ + Called by syncrepl_poll() whenever entry UUIDs are presented to the client. + syncrepl_present() is given a list of entry UUIDs (uuids) and a flag + (refreshDeletes) which indicates whether the server explicitly deleted + non-present entries during the refresh operation. + + If called with a list of uuids, the syncrepl_present() implementation + should record those uuids as present in the directory. + + If called with uuids set to None and refreshDeletes set to False, + syncrepl_present() should delete all non-present entries from the local + mirror, and reset the list of recorded uuids. + + If called with uuids set to None and refreshDeletes set to True, + syncrepl_present() should reset the list of recorded uuids, without + deleting any entries. + + """ + pass + + def syncrepl_delete(self, uuids): + """ + Called by syncrepl_poll() to delete entries. A list + of UUIDs of the entries to be deleted is given in the + uuids parameter. + + """ + pass + + def syncrepl_entry(self, dn, attrs, uuid): + """ + Called by syncrepl_poll() for any added or modified entries. + + The provided uuid is used to identify the provided entry in + any future modification (including dn modification), deletion, + and presentation operations. + + """ + pass From 2e6a9164ddc4e4d20862d9f09a20783fbfae4121 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 9 Aug 2012 07:19:12 +0000 Subject: [PATCH 090/868] release = '2.4.10.0 --- Doc/conf.py | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 Doc/conf.py diff --git a/Doc/conf.py b/Doc/conf.py new file mode 100644 index 0000000..e46e992 --- /dev/null +++ b/Doc/conf.py @@ -0,0 +1,135 @@ +# -*- coding: utf-8 -*- +# +# python-ldap documentation build configuration file, created by +# sphinx-quickstart on Sat Mar 29 15:08:17 2008. +# +# This file is execfile()d with the current directory set to its containing dir. +# +# The contents of this file are pickled, so don't put values in the namespace +# that aren't pickleable (module imports are okay, they're removed automatically). +# +# All configuration values have a default value; values that are commented out +# serve to show the default value. +# +# $Id: conf.py,v 1.18 2012/08/09 07:19:12 stroeder Exp $ + +import sys + +# If your extensions are in another directory, add it here. +#sys.path.append('some/directory') + +# General configuration +# --------------------- + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = ['sphinx.ext.autodoc'] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['.templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# General substitutions. +project = 'python-ldap' +copyright = '2008-2011, python-ldap project team' + +# The default replacements for |version| and |release|, also used in various +# other places throughout the built documents. +# +# The short X.Y version. +version = '2.4' +# The full version, including alpha/beta/rc tags. +release = '2.4.10.0' + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +today_fmt = '%B %d, %Y' + +# List of documents that shouldn't be included in the build. +#unused_docs = [] + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + + +# Options for HTML output +# ----------------------- + +# The style sheet to use for HTML and HTML Help pages. A file of that name +# must exist either in Sphinx' static/ path, or in one of the custom paths +# given in html_static_path. +html_style = 'default.css' + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['.static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Content template for the index page. +#html_index = '' + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +html_use_modindex = True + +# If true, the reST sources are included in the HTML build as _sources/. +#html_copy_source = True + +# Output file base name for HTML help builder. +htmlhelp_basename = 'python-ldap-doc' + + +# Options for LaTeX output +# ------------------------ + +# The paper size ('letter' or 'a4'). +#latex_paper_size = 'letter' + +# The font size ('10pt', '11pt' or '12pt'). +#latex_font_size = '10pt' + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, document class [howto/manual]). +latex_documents = [('index', 'python-ldap.tex', 'python-ldap Documentation', + 'python-ldap project', 'manual')] + +# Additional stuff for the LaTeX preamble. +#latex_preamble = '' + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +latex_use_modindex = True From b4be8404755924e3b88594c7f47bc86ca6185319 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 9 Aug 2012 07:19:30 +0000 Subject: [PATCH 091/868] Fixed class names --- Doc/ldap-controls.rst | 211 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 211 insertions(+) create mode 100644 Doc/ldap-controls.rst diff --git a/Doc/ldap-controls.rst b/Doc/ldap-controls.rst new file mode 100644 index 0000000..00266e6 --- /dev/null +++ b/Doc/ldap-controls.rst @@ -0,0 +1,211 @@ +.. % $Id: ldap-controls.rst,v 1.11 2012/08/09 07:19:30 stroeder Exp $ + + +********************************************************************* +:py:mod:`ldap.controls` High-level access to LDAPv3 extended controls +********************************************************************* + +.. py:module:: ldap.controls + :synopsis: High-level access to LDAPv3 extended controls. +.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) + + +Variables +========= + +.. py:data:: KNOWN_RESPONSE_CONTROLS + + Dictionary mapping the OIDs of known response controls to the accompanying + :py:class:`ResponseControl` classes. This is used + by :py:func:`DecodeControlTuples` to automatically decode control values. + Calling application can also register their custom :py:class:`ResponseControl` + classes in this dictionary possibly overriding pre-registered classes. + + +Classes +======= + +This module defines the following classes: + + +.. autoclass:: ldap.controls.RequestControl + :members: + +.. autoclass:: ldap.controls.ResponseControl + :members: + +.. autoclass:: ldap.controls.LDAPControl + :members: + + +Functions +========= + +This module defines the following functions: + + +.. autofunction:: ldap.controls.RequestControlTuples + +.. autofunction:: ldap.controls.DecodeControlTuples + + +Sub-modules +=========== + +Various sub-modules implement specific LDAPv3 extended controls. The classes +therein are derived from the base-classes :py:class:`ldap.controls.RequestControl`, +:py:class:`ldap.controls.ResponseControl` or :py:class:`ldap.controls.LDAPControl`. + +Some of them require :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed: + +Usually the names of the method arguments and the class attributes match +the ASN.1 identifiers used in the specification. So looking at the referenced +RFC or Internet-Draft is very helpful to understand the API. + + +:py:mod:`ldap.controls.simple` Very simple controls +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.controls.simple + :synopsis: simple request and response controls implemented in pure Python + + +.. autoclass:: ldap.controls.simple.ValueLessRequestControl + :members: + +.. autoclass:: ldap.controls.simple.OctetStringInteger + :members: + +.. autoclass:: ldap.controls.simple.BooleanControl + :members: + +.. autoclass:: ldap.controls.simple.ManageDSAITControl + :members: + + .. seealso:: + + :rfc:`3296` - Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories + +.. autoclass:: ldap.controls.simple.RelaxRulesControl + :members: + + .. seealso:: + + http://tools.ietf.org/draft/draft-zeilenga-ldap-relax/ + +.. autoclass:: ldap.controls.simple.ProxyAuthzControl + :members: + + .. seealso:: + + :rfc:`4370` - Lightweight Directory Access Protocol (LDAP): Proxied Authorization Control + +.. autoclass:: ldap.controls.simple.AuthorizationIdentityRequestControl + :members: + + .. seealso:: + + :rfc:`3829` - Lightweight Directory Access Protocol (LDAP): Authorization Identity Request and Response Controls + +.. autoclass:: ldap.controls.simple.AuthorizationIdentityResponseControl + :members: + + .. seealso:: + + :rfc:`3829` - Lightweight Directory Access Protocol (LDAP): Authorization Identity Request and Response Controls + +.. autoclass:: ldap.controls.simple.GetEffectiveRightsControl + :members: + + + +:py:mod:`ldap.controls.libldap` Various controls implemented in OpenLDAP libs +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + +.. py:module:: ldap.controls.libldap + :synopsis: request and response controls implemented by OpenLDAP libs + +This module wraps C functions in OpenLDAP client libs which implement various +request and response controls into Python classes. + + +.. autoclass:: ldap.controls.libldap.AssertionControl + :members: + + .. seealso:: + + :rfc:`4528` - Lightweight Directory Access Protocol (LDAP) Assertion Control + + +.. autoclass:: ldap.controls.libldap.MatchedValuesControl + :members: + + .. seealso:: + + :rfc:`3876` - Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3) + + +.. autoclass:: ldap.controls.libldap.SimplePagedResultsControl + :members: + + .. seealso:: + + :rfc:`2696` - LDAP Control Extension for Simple Paged Results Manipulation + + +:py:mod:`ldap.controls.psearch` LDAP Persistent Search +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.controls.psearch + :synopsis: request and response controls for LDAP persistent search + +This module implements request and response controls for LDAP persistent +search. + +.. seealso:: + + http://tools.ietf.org/html/draft-ietf-ldapext-psearch + + +.. autoclass:: ldap.controls.psearch.PersistentSearchControl + :members: + +.. autoclass:: ldap.controls.psearch.EntryChangeNotificationControl + :members: + + +:py:mod:`ldap.controls.sessiontrack` Session tracking control +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.controls.sessiontrack + :synopsis: request control for session tracking + +.. seealso:: + + http://tools.ietf.org/html/draft-wahl-ldap-session + + +.. autoclass:: ldap.controls.sessiontrack.SessionTrackingControl + :members: + + +:py:mod:`ldap.controls.readentry` Read entry control +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.controls.readentry + :synopsis: read entryrequest and response controls + +.. seealso:: + + :rfc:`4527` - Lightweight Directory Access Protocol (LDAP): Read Entry Controls + + +.. autoclass:: ldap.controls.readentry.ReadEntryControl + :members: + +.. autoclass:: ldap.controls.readentry.PreReadControl + :members: + +.. autoclass:: ldap.controls.readentry.PostReadControl + :members: From 9f23f3e06c36f1109b7371d0a65f47730ea3fbcb Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 13 Dec 2012 08:22:48 +0000 Subject: [PATCH 092/868] Corrected description for class attribute 'kind' in ldap.schema.models.ObjectClass.__doc__ --- Lib/ldap/schema/models.py | 742 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 742 insertions(+) create mode 100644 Lib/ldap/schema/models.py diff --git a/Lib/ldap/schema/models.py b/Lib/ldap/schema/models.py new file mode 100644 index 0000000..0d52e39 --- /dev/null +++ b/Lib/ldap/schema/models.py @@ -0,0 +1,742 @@ +""" +schema.py - support for subSchemaSubEntry information + +See http://www.python-ldap.org/ for details. + +\$Id: models.py,v 1.46 2012/12/13 08:22:48 stroeder Exp $ +""" + +import UserDict,ldap.cidict + +from ldap.schema.tokenizer import split_tokens,extract_tokens + +if __debug__: + from types import TupleType,StringType,IntType + try: + from types import BooleanType + except ImportError: + BooleanType = IntType + + +NOT_HUMAN_READABLE_LDAP_SYNTAXES = { + '1.3.6.1.4.1.1466.115.121.1.4':None, # Audio + '1.3.6.1.4.1.1466.115.121.1.5':None, # Binary + '1.3.6.1.4.1.1466.115.121.1.8':None, # Certificate + '1.3.6.1.4.1.1466.115.121.1.9':None, # Certificate List + '1.3.6.1.4.1.1466.115.121.1.10':None, # Certificate Pair + '1.3.6.1.4.1.1466.115.121.1.23':None, # G3 FAX + '1.3.6.1.4.1.1466.115.121.1.28':None, # JPEG + '1.3.6.1.4.1.1466.115.121.1.40':None, # Octet String + '1.3.6.1.4.1.1466.115.121.1.49':None, # Supported Algorithm +} + + +class SchemaElement: + """ + Base class for all schema element classes. Not used directly! + + Arguments: + + schema_element_str + String which contains the schema element description to be parsed. + + Class attributes: + + schema_attribute + LDAP attribute type containing a certain schema element description + token_defaults + Dictionary internally used by the schema element parser + containing the defaults for certain schema description key-words + """ + token_defaults = { + 'DESC':(None,), + } + + def __init__(self,schema_element_str=None): + if schema_element_str: + l = split_tokens(schema_element_str,self.token_defaults) + self.set_id(l[1]) + d = extract_tokens(l,self.token_defaults) + self._set_attrs(l,d) + + def _set_attrs(self,l,d): + self.desc = d['DESC'][0] + return + + def set_id(self,element_id): + self.oid = element_id + + def get_id(self): + return self.oid + + def key_attr(self,key,value,quoted=0): + assert value is None or type(value)==StringType,TypeError("value has to be of StringType, was %s" % repr(value)) + if value: + if quoted: + return " %s '%s'" % (key,value.replace("'","\\'")) + else: + return " %s %s" % (key,value) + else: + return "" + + def key_list(self,key,values,sep=' ',quoted=0): + assert type(values)==TupleType,TypeError("values has to be of ListType") + if not values: + return '' + if quoted: + quoted_values = [ "'%s'" % value.replace("'","\\'") for value in values ] + else: + quoted_values = values + if len(values)==1: + return ' %s %s' % (key,quoted_values[0]) + else: + return ' %s ( %s )' % (key,sep.join(quoted_values)) + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_attr('DESC',self.desc,quoted=1)) + return '( %s )' % ''.join(result) + + +class ObjectClass(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an ObjectClassDescription + + Class attributes: + + oid + OID assigned to the object class + names + This list of strings contains all NAMEs of the object class + desc + This string contains description text (DESC) of the object class + obsolete + Integer flag (0 or 1) indicating whether the object class is marked + as OBSOLETE in the schema + must + This list of strings contains NAMEs or OIDs of all attributes + an entry of the object class must have + may + This list of strings contains NAMEs or OIDs of additional attributes + an entry of the object class may have + kind + Kind of an object class: + 0 = STRUCTURAL, + 1 = ABSTRACT, + 2 = AUXILIARY + sup + This list of strings contains NAMEs or OIDs of object classes + this object class is derived from + """ + schema_attribute = 'objectClasses' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'SUP':(()), + 'STRUCTURAL':None, + 'AUXILIARY':None, + 'ABSTRACT':None, + 'MUST':(()), + 'MAY':() + } + + def _set_attrs(self,l,d): + self.obsolete = d['OBSOLETE']!=None + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.must = d['MUST'] + self.may = d['MAY'] + # Default is STRUCTURAL, see RFC2552 or draft-ietf-ldapbis-syntaxes + self.kind = 0 + if d['ABSTRACT']!=None: + self.kind = 1 + elif d['AUXILIARY']!=None: + self.kind = 2 + if self.kind==0 and not d['SUP'] and self.oid!='2.5.6.0': + # STRUCTURAL object classes are sub-classes of 'top' by default + self.sup = ('top',) + else: + self.sup = d['SUP'] + assert type(self.names)==TupleType + assert self.desc is None or type(self.desc)==StringType + assert type(self.obsolete)==BooleanType and (self.obsolete==0 or self.obsolete==1) + assert type(self.sup)==TupleType + assert type(self.kind)==IntType + assert type(self.must)==TupleType + assert type(self.may)==TupleType + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append(self.key_list('SUP',self.sup,sep=' $ ')) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append({0:' STRUCTURAL',1:' ABSTRACT',2:' AUXILIARY'}[self.kind]) + result.append(self.key_list('MUST',self.must,sep=' $ ')) + result.append(self.key_list('MAY',self.may,sep=' $ ')) + return '( %s )' % ''.join(result) + + +AttributeUsage = ldap.cidict.cidict({ + 'userApplication':0, # work-around for non-compliant schema + 'userApplications':0, + 'directoryOperation':1, + 'distributedOperation':2, + 'dSAOperation':3, +}) + + +class AttributeType(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an AttributeTypeDescription + + Class attributes: + + oid + OID assigned to the attribute type + names + This list of strings contains all NAMEs of the attribute type + desc + This string contains description text (DESC) of the attribute type + obsolete + Integer flag (0 or 1) indicating whether the attribute type is marked + as OBSOLETE in the schema + single_value + Integer flag (0 or 1) indicating whether the attribute must + have only one value + syntax + String contains OID of the LDAP syntax assigned to the attribute type + no_user_mod + Integer flag (0 or 1) indicating whether the attribute is modifiable + by a client application + equality + String contains NAME or OID of the matching rule used for + checking whether attribute values are equal + substr + String contains NAME or OID of the matching rule used for + checking whether an attribute value contains another value + ordering + String contains NAME or OID of the matching rule used for + checking whether attribute values are lesser-equal than + usage + USAGE of an attribute type: + 0 = userApplications + 1 = directoryOperation, + 2 = distributedOperation, + 3 = dSAOperation + sup + This list of strings contains NAMEs or OIDs of attribute types + this attribute type is derived from + """ + schema_attribute = 'attributeTypes' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'SUP':(()), + 'EQUALITY':(None,), + 'ORDERING':(None,), + 'SUBSTR':(None,), + 'SYNTAX':(None,), + 'SINGLE-VALUE':None, + 'COLLECTIVE':None, + 'NO-USER-MODIFICATION':None, + 'USAGE':('userApplications',) + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.sup = d['SUP'] + self.equality = d['EQUALITY'][0] + self.ordering = d['ORDERING'][0] + self.substr = d['SUBSTR'][0] + try: + syntax = d['SYNTAX'][0] + except IndexError: + self.syntax = None + self.syntax_len = None + else: + if syntax is None: + self.syntax = None + self.syntax_len = None + else: + try: + self.syntax,syntax_len = d['SYNTAX'][0].split("{") + except ValueError: + self.syntax = d['SYNTAX'][0] + self.syntax_len = None + for i in l: + if i.startswith("{") and i.endswith("}"): + self.syntax_len=long(i[1:-1]) + else: + self.syntax_len = long(syntax_len[:-1]) + self.single_value = d['SINGLE-VALUE']!=None + self.collective = d['COLLECTIVE']!=None + self.no_user_mod = d['NO-USER-MODIFICATION']!=None + self.usage = AttributeUsage.get(d['USAGE'][0],0) + assert type(self.names)==TupleType + assert self.desc is None or type(self.desc)==StringType + assert type(self.sup)==TupleType,'attribute sup has type %s' % (type(self.sup)) + assert type(self.obsolete)==BooleanType and (self.obsolete==0 or self.obsolete==1) + assert type(self.single_value)==BooleanType and (self.single_value==0 or self.single_value==1) + assert type(self.no_user_mod)==BooleanType and (self.no_user_mod==0 or self.no_user_mod==1) + assert self.syntax is None or type(self.syntax)==StringType + assert self.syntax_len is None or type(self.syntax_len)==type(0L) + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append(self.key_list('SUP',self.sup,sep=' $ ')) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_attr('EQUALITY',self.equality)) + result.append(self.key_attr('ORDERING',self.ordering)) + result.append(self.key_attr('SUBSTR',self.substr)) + result.append(self.key_attr('SYNTAX',self.syntax)) + if self.syntax_len!=None: + result.append(('{%d}' % (self.syntax_len))*(self.syntax_len>0)) + result.append({0:'',1:' SINGLE-VALUE'}[self.single_value]) + result.append({0:'',1:' COLLECTIVE'}[self.collective]) + result.append({0:'',1:' NO-USER-MODIFICATION'}[self.no_user_mod]) + result.append( + { + 0:"", + 1:" USAGE directoryOperation", + 2:" USAGE distributedOperation", + 3:" USAGE dSAOperation", + }[self.usage] + ) + return '( %s )' % ''.join(result) + + +class LDAPSyntax(SchemaElement): + """ + SyntaxDescription + + oid + OID assigned to the LDAP syntax + desc + This string contains description text (DESC) of the LDAP syntax + not_human_readable + Integer flag (0 or 1) indicating whether the attribute type is marked + as not human-readable (X-NOT-HUMAN-READABLE) + """ + schema_attribute = 'ldapSyntaxes' + token_defaults = { + 'DESC':(None,), + 'X-NOT-HUMAN-READABLE':(None,), + } + + def _set_attrs(self,l,d): + self.desc = d['DESC'][0] + self.not_human_readable = \ + NOT_HUMAN_READABLE_LDAP_SYNTAXES.has_key(self.oid) or \ + d['X-NOT-HUMAN-READABLE'][0]=='TRUE' + assert self.desc is None or type(self.desc)==StringType + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append( + {0:'',1:" X-NOT-HUMAN-READABLE 'TRUE'"}[self.not_human_readable] + ) + return '( %s )' % ''.join(result) + + +class MatchingRule(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an MatchingRuleDescription + + Class attributes: + + oid + OID assigned to the matching rule + names + This list of strings contains all NAMEs of the matching rule + desc + This string contains description text (DESC) of the matching rule + obsolete + Integer flag (0 or 1) indicating whether the matching rule is marked + as OBSOLETE in the schema + syntax + String contains OID of the LDAP syntax this matching rule is usable with + """ + schema_attribute = 'matchingRules' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'SYNTAX':(None,), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.syntax = d['SYNTAX'][0] + assert type(self.names)==TupleType + assert self.desc is None or type(self.desc)==StringType + assert type(self.obsolete)==BooleanType and (self.obsolete==0 or self.obsolete==1) + assert self.syntax is None or type(self.syntax)==StringType + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_attr('SYNTAX',self.syntax)) + return '( %s )' % ''.join(result) + + +class MatchingRuleUse(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an MatchingRuleUseDescription + + Class attributes: + + oid + OID of the accompanying matching rule + names + This list of strings contains all NAMEs of the matching rule + desc + This string contains description text (DESC) of the matching rule + obsolete + Integer flag (0 or 1) indicating whether the matching rule is marked + as OBSOLETE in the schema + applies + This list of strings contains NAMEs or OIDs of attribute types + for which this matching rule is used + """ + schema_attribute = 'matchingRuleUse' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'APPLIES':(()), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.applies = d['APPLIES'] + assert type(self.names)==TupleType + assert self.desc is None or type(self.desc)==StringType + assert type(self.obsolete)==BooleanType and (self.obsolete==0 or self.obsolete==1) + assert type(self.applies)==TupleType + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_list('APPLIES',self.applies,sep=' $ ')) + return '( %s )' % ''.join(result) + + +class DITContentRule(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an DITContentRuleDescription + + Class attributes: + + oid + OID of the accompanying structural object class + names + This list of strings contains all NAMEs of the DIT content rule + desc + This string contains description text (DESC) of the DIT content rule + obsolete + Integer flag (0 or 1) indicating whether the DIT content rule is marked + as OBSOLETE in the schema + aux + This list of strings contains NAMEs or OIDs of all auxiliary + object classes usable in an entry of the object class + must + This list of strings contains NAMEs or OIDs of all attributes + an entry of the object class must have which may extend the + list of required attributes of the object classes of an entry + may + This list of strings contains NAMEs or OIDs of additional attributes + an entry of the object class may have which may extend the + list of optional attributes of the object classes of an entry + nots + This list of strings contains NAMEs or OIDs of attributes which + may not be present in an entry of the object class + """ + schema_attribute = 'dITContentRules' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'AUX':(()), + 'MUST':(()), + 'MAY':(()), + 'NOT':(()), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.aux = d['AUX'] + self.must = d['MUST'] + self.may = d['MAY'] + self.nots = d['NOT'] + assert type(self.names)==TupleType + assert self.desc is None or type(self.desc)==StringType + assert type(self.obsolete)==BooleanType and (self.obsolete==0 or self.obsolete==1) + assert type(self.aux)==TupleType + assert type(self.must)==TupleType + assert type(self.may)==TupleType + assert type(self.nots)==TupleType + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_list('AUX',self.aux,sep=' $ ')) + result.append(self.key_list('MUST',self.must,sep=' $ ')) + result.append(self.key_list('MAY',self.may,sep=' $ ')) + result.append(self.key_list('NOT',self.nots,sep=' $ ')) + return '( %s )' % ''.join(result) + + +class DITStructureRule(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an DITStructureRuleDescription + + Class attributes: + + ruleid + rule ID of the DIT structure rule (only locally unique) + names + This list of strings contains all NAMEs of the DIT structure rule + desc + This string contains description text (DESC) of the DIT structure rule + obsolete + Integer flag (0 or 1) indicating whether the DIT content rule is marked + as OBSOLETE in the schema + form + List of strings with NAMEs or OIDs of associated name forms + sup + List of strings with NAMEs or OIDs of allowed structural object classes + of superior entries in the DIT + """ + schema_attribute = 'dITStructureRules' + + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'FORM':(None,), + 'SUP':(()), + } + + def set_id(self,element_id): + self.ruleid = element_id + + def get_id(self): + return self.ruleid + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.form = d['FORM'][0] + self.sup = d['SUP'] + assert type(self.names)==TupleType + assert self.desc is None or type(self.desc)==StringType + assert type(self.obsolete)==BooleanType and (self.obsolete==0 or self.obsolete==1) + assert type(self.form)==StringType + assert type(self.sup)==TupleType + return + + def __str__(self): + result = [str(self.ruleid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_attr('FORM',self.form,quoted=0)) + result.append(self.key_list('SUP',self.sup,sep=' $ ')) + return '( %s )' % ''.join(result) + + +class NameForm(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an NameFormDescription + + Class attributes: + + oid + OID of the name form + names + This list of strings contains all NAMEs of the name form + desc + This string contains description text (DESC) of the name form + obsolete + Integer flag (0 or 1) indicating whether the name form is marked + as OBSOLETE in the schema + form + List of strings with NAMEs or OIDs of associated name forms + oc + String with NAME or OID of structural object classes this name form + is usable with + must + This list of strings contains NAMEs or OIDs of all attributes + an RDN must contain + may + This list of strings contains NAMEs or OIDs of additional attributes + an RDN may contain + """ + schema_attribute = 'nameForms' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'OC':(None,), + 'MUST':(()), + 'MAY':(()), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.oc = d['OC'][0] + self.must = d['MUST'] + self.may = d['MAY'] + assert type(self.names)==TupleType + assert self.desc is None or type(self.desc)==StringType + assert type(self.obsolete)==BooleanType and (self.obsolete==0 or self.obsolete==1) + assert type(self.oc)==StringType + assert type(self.must)==TupleType + assert type(self.may)==TupleType + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_attr('OC',self.oc)) + result.append(self.key_list('MUST',self.must,sep=' $ ')) + result.append(self.key_list('MAY',self.may,sep=' $ ')) + return '( %s )' % ''.join(result) + + +class Entry(UserDict.UserDict): + """ + Schema-aware implementation of an LDAP entry class. + + Mainly it holds the attributes in a string-keyed dictionary with + the OID as key. + """ + + def __init__(self,schema,dn,entry): + self._keytuple2attrtype = {} + self._attrtype2keytuple = {} + self._s = schema + self.dn = dn + UserDict.UserDict.__init__(self,{}) + self.update(entry) + + def _at2key(self,nameoroid): + """ + Return tuple of OID and all sub-types of attribute type specified + in nameoroid. + """ + try: + # Mapping already in cache + return self._attrtype2keytuple[nameoroid] + except KeyError: + # Mapping has to be constructed + oid = self._s.getoid(ldap.schema.AttributeType,nameoroid) + l = nameoroid.lower().split(';') + l[0] = oid + t = tuple(l) + self._attrtype2keytuple[nameoroid] = t + return t + + def update(self,dict): + for key in dict.keys(): + self[key] = dict[key] + + def __contains__(self,key): + return self.has_key(key) + + def __getitem__(self,nameoroid): + return self.data[self._at2key(nameoroid)] + + def __setitem__(self,nameoroid,attr_values): + k = self._at2key(nameoroid) + self._keytuple2attrtype[k] = nameoroid + self.data[k] = attr_values + + def __delitem__(self,nameoroid): + k = self._at2key(nameoroid) + del self.data[k] + del self._attrtype2keytuple[nameoroid] + del self._keytuple2attrtype[k] + + def has_key(self,nameoroid): + k = self._at2key(nameoroid) + return self.data.has_key(k) + + def get(self,nameoroid,failobj): + try: + return self[nameoroid] + except KeyError: + return failobj + + def keys(self): + return self._keytuple2attrtype.values() + + def items(self): + return [ + (k,self[k]) + for k in self.keys() + ] + + def attribute_types( + self,attr_type_filter=None,raise_keyerror=1 + ): + """ + Convenience wrapper around SubSchema.attribute_types() which + passes object classes of this particular entry as argument to + SubSchema.attribute_types() + """ + return self._s.attribute_types( + self.get('objectClass',[]),attr_type_filter,raise_keyerror + ) From d8c7ae1f48acb788d273e961cb38115d235c591f Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 27 May 2013 08:05:46 +0000 Subject: [PATCH 093/868] White-space cleaning --- Demo/paged_search_ext_s.py | 107 +++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 Demo/paged_search_ext_s.py diff --git a/Demo/paged_search_ext_s.py b/Demo/paged_search_ext_s.py new file mode 100644 index 0000000..d0e0982 --- /dev/null +++ b/Demo/paged_search_ext_s.py @@ -0,0 +1,107 @@ +url = "ldap://localhost:1390/" +base = "dc=stroeder,dc=de" +search_flt = r'(objectClass=*)' + +searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] + +from ldap.ldapobject import ReconnectLDAPObject + +import ldap,pprint +from ldap.controls import SimplePagedResultsControl + + +class PagedResultsSearchObject: + page_size = 50 + + def paged_search_ext_s(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): + """ + Behaves exactly like LDAPObject.search_ext_s() but internally uses the + simple paged results control to retrieve search results in chunks. + + This is non-sense for really large results sets which you would like + to process one-by-one + """ + + while True: # loop for reconnecting if necessary + + req_ctrl = SimplePagedResultsControl(True,size=self.page_size,cookie='') + + try: + + # Send first search request + msgid = self.search_ext( + base, + scope, + filterstr=filterstr, + attrlist=attrlist, + attrsonly=attrsonly, + serverctrls=(serverctrls or [])+[req_ctrl], + clientctrls=clientctrls, + timeout=timeout, + sizelimit=sizelimit + ) + + result_pages = 0 + all_results = [] + + while True: + rtype, rdata, rmsgid, rctrls = self.result3(msgid) + all_results.extend(rdata) + result_pages += 1 + # Extract the simple paged results response control + pctrls = [ + c + for c in rctrls + if c.controlType == SimplePagedResultsControl.controlType + ] + if pctrls: + if pctrls[0].cookie: + # Copy cookie from response control to request control + req_ctrl.cookie = pctrls[0].cookie + msgid = self.search_ext( + base, + scope, + filterstr=filterstr, + attrlist=attrlist, + attrsonly=attrsonly, + serverctrls=(serverctrls or [])+[req_ctrl], + clientctrls=clientctrls, + timeout=timeout, + sizelimit=sizelimit + ) + else: + break # no more pages available + + except ldap.SERVER_DOWN,e: + try: + self.reconnect(self._uri) + except AttributeError: + raise e + + else: + return result_pages,all_results + + +class MyLDAPObject(ReconnectLDAPObject,PagedResultsSearchObject): + pass + + +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldap.set_option(ldap.OPT_REFERRALS, 0) +l = MyLDAPObject(url,trace_level=2,retry_max=100,retry_delay=2) +l.protocol_version = 3 +l.simple_bind_s("", "") +l.page_size=10 + +# Send search request +result_pages,all_results = l.paged_search_ext_s( + base, + ldap.SCOPE_SUBTREE, + search_flt, + attrlist=searchreq_attrlist, + serverctrls=None +) + +l.unbind_s() + +print 'Received %d results in %d pages.' % (len(all_results),result_pages) From 42486839342f9c3612ae90e43739cb90adf41b7c Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 29 May 2013 20:27:32 +0000 Subject: [PATCH 094/868] ldap.controls: Truly optional import of PyAsn1Error exception --- Lib/ldap/controls/__init__.py | 158 ++++++++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 Lib/ldap/controls/__init__.py diff --git a/Lib/ldap/controls/__init__.py b/Lib/ldap/controls/__init__.py new file mode 100644 index 0000000..e7c400d --- /dev/null +++ b/Lib/ldap/controls/__init__.py @@ -0,0 +1,158 @@ +# -*- coding: utf-8 -*- +""" +controls.py - support classes for LDAP controls + +See http://www.python-ldap.org/ for details. + +$Id: __init__.py,v 1.9 2013/05/29 20:27:32 stroeder Exp $ + +Description: +The ldap.controls module provides LDAPControl classes. +Each class provides support for a certain control. +""" + +from ldap import __version__ + +__all__ = [ + 'KNOWN_RESPONSE_CONTROLS', + # Classes + 'AssertionControl', + 'BooleanControl', + 'LDAPControl', + 'ManageDSAITControl', + 'MatchedValuesControl', + 'RelaxRulesControl', + 'RequestControl', + 'ResponseControl', + 'SimplePagedResultsControl', + 'ValueLessRequestControl', + # Functions + 'RequestControlTuples', + 'DecodeControlTuples', +] + +# response control OID to class registry +KNOWN_RESPONSE_CONTROLS = {} + +import _ldap,ldap + +try: + from pyasn1.error import PyAsn1Error +except ImportError: + PyAsn1Error = None + + +class RequestControl: + """ + Base class for all request controls + + controlType + OID as string of the LDAPv3 extended request control + criticality + sets the criticality of the control (boolean) + encodedControlValue + control value of the LDAPv3 extended request control + (here it is the BER-encoded ASN.1 control value) + """ + + def __init__(self,controlType=None,criticality=False,encodedControlValue=None): + self.controlType = controlType + self.criticality = criticality + self.encodedControlValue = encodedControlValue + + def encodeControlValue(self): + """ + sets class attribute encodedControlValue to the BER-encoded ASN.1 + control value composed by class attributes set before + """ + return self.encodedControlValue + + +class ResponseControl: + """ + Base class for all response controls + + controlType + OID as string of the LDAPv3 extended response control + criticality + sets the criticality of the received control (boolean) + """ + + def __init__(self,controlType=None,criticality=False): + self.controlType = controlType + self.criticality = criticality + + def decodeControlValue(self,encodedControlValue): + """ + decodes the BER-encoded ASN.1 control value and sets the appropriate + class attributes + """ + self.encodedControlValue = encodedControlValue + + +class LDAPControl(RequestControl,ResponseControl): + """ + Base class for combined request/response controls mainly + for backward-compability to python-ldap 2.3.x + """ + + def __init__(self,controlType=None,criticality=False,controlValue=None,encodedControlValue=None): + self.controlType = controlType + self.criticality = criticality + self.controlValue = controlValue + self.encodedControlValue = encodedControlValue + + +def RequestControlTuples(ldapControls): + """ + Return list of readily encoded 3-tuples which can be directly + passed to C module _ldap + + ldapControls + sequence-type of RequestControl objects + """ + if ldapControls is None: + return None + else: + result = [ + (c.controlType,c.criticality,c.encodeControlValue()) + for c in ldapControls + ] + return result + + +def DecodeControlTuples(ldapControlTuples,knownLDAPControls=None): + """ + Returns list of readily decoded ResponseControl objects + + ldapControlTuples + Sequence-type of 3-tuples returned by _ldap.result4() containing + the encoded ASN.1 control values of response controls. + knownLDAPControls + Dictionary mapping extended control's OID to ResponseControl class + of response controls known by the application. If None + ldap.controls.KNOWN_RESPONSE_CONTROLS is used here. + """ + knownLDAPControls = knownLDAPControls or KNOWN_RESPONSE_CONTROLS + result = [] + for controlType,criticality,encodedControlValue in ldapControlTuples or []: + try: + control = knownLDAPControls[controlType]() + except KeyError: + if criticality: + raise ldap.UNAVAILABLE_CRITICAL_EXTENSION('Received unexpected critical response control with controlType %s' % (repr(controlType))) + else: + control.controlType,control.criticality = controlType,criticality + try: + control.decodeControlValue(encodedControlValue) + except PyAsn1Error,e: + if criticality: + raise e + else: + result.append(control) + return result + + +# Import the standard sub-modules +from ldap.controls.simple import * +from ldap.controls.libldap import * From 63505a63b822e74c3dd3c10b84f86a0579dcdd6b Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 25 Jun 2013 17:36:03 +0000 Subject: [PATCH 095/868] Several other fixes for ldapobject.ReconnectLDAPObject --- Lib/ldap/ldapobject.py | 881 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 881 insertions(+) create mode 100644 Lib/ldap/ldapobject.py diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py new file mode 100644 index 0000000..74ee238 --- /dev/null +++ b/Lib/ldap/ldapobject.py @@ -0,0 +1,881 @@ +""" +ldapobject.py - wraps class _ldap.LDAPObject + +See http://www.python-ldap.org/ for details. + +\$Id: ldapobject.py,v 1.135 2013/06/25 17:36:03 stroeder Exp $ + +Compability: +- Tested with Python 2.0+ but should work with Python 1.5.x +- LDAPObject class should be exactly the same like _ldap.LDAPObject + +Usage: +Directly imported by ldap/__init__.py. The symbols of _ldap are +overridden. + +Thread-lock: +Basically calls into the LDAP lib are serialized by the module-wide +lock self._ldap_object_lock. +""" + +from ldap import __version__ + +__all__ = [ + 'LDAPObject', + 'SimpleLDAPObject', + 'NonblockingLDAPObject', + 'ReconnectLDAPObject', +] + + +if __debug__: + # Tracing is only supported in debugging mode + import traceback + +import sys,time,pprint,_ldap,ldap,ldap.functions + +from ldap.schema import SCHEMA_ATTRS +from ldap.controls import LDAPControl,DecodeControlTuples,RequestControlTuples +from ldap.extop import ExtendedRequest,ExtendedResponse + +from ldap import LDAPError + + +class SimpleLDAPObject: + """ + Drop-in wrapper class around _ldap.LDAPObject + """ + + CLASSATTR_OPTION_MAPPING = { + "protocol_version": ldap.OPT_PROTOCOL_VERSION, + "deref": ldap.OPT_DEREF, + "referrals": ldap.OPT_REFERRALS, + "timelimit": ldap.OPT_TIMELIMIT, + "sizelimit": ldap.OPT_SIZELIMIT, + "network_timeout": ldap.OPT_NETWORK_TIMEOUT, + "error_number":ldap.OPT_ERROR_NUMBER, + "error_string":ldap.OPT_ERROR_STRING, + "matched_dn":ldap.OPT_MATCHED_DN, + } + + def __init__( + self,uri, + trace_level=0,trace_file=None,trace_stack_limit=5 + ): + self._trace_level = trace_level + self._trace_file = trace_file or sys.stdout + self._trace_stack_limit = trace_stack_limit + self._uri = uri + self._ldap_object_lock = self._ldap_lock() + self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) + self.timeout = -1 + self.protocol_version = ldap.VERSION3 + + def _ldap_lock(self): + if ldap.LIBLDAP_R: + return ldap.LDAPLock(desc=self._uri) + else: + return ldap._ldap_module_lock + + def _ldap_call(self,func,*args,**kwargs): + """ + Wrapper method mainly for serializing calls into OpenLDAP libs + and trace logs + """ + self._ldap_object_lock.acquire() + if __debug__: + if self._trace_level>=1: + self._trace_file.write('*** %s %s - %s\n%s\n' % ( + repr(self), + self._uri, + '.'.join((self.__class__.__name__,func.__name__)), + pprint.pformat((args,kwargs)) + )) + if self._trace_level>=9: + traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file) + diagnostic_message_success = None + try: + try: + result = func(*args,**kwargs) + if __debug__ and self._trace_level>=2: + if func.__name__!="unbind_ext": + diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE) + finally: + self._ldap_object_lock.release() + except LDAPError,e: + if __debug__ and self._trace_level>=2: + self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e))) + raise + else: + if __debug__ and self._trace_level>=2: + if not diagnostic_message_success is None: + self._trace_file.write('=> diagnosticMessage: %s\n' % (repr(diagnostic_message_success))) + self._trace_file.write('=> result:\n%s\n' % (pprint.pformat(result))) + return result + + def __setattr__(self,name,value): + if self.CLASSATTR_OPTION_MAPPING.has_key(name): + self.set_option(self.CLASSATTR_OPTION_MAPPING[name],value) + else: + self.__dict__[name] = value + + def __getattr__(self,name): + if self.CLASSATTR_OPTION_MAPPING.has_key(name): + return self.get_option(self.CLASSATTR_OPTION_MAPPING[name]) + elif self.__dict__.has_key(name): + return self.__dict__[name] + else: + raise AttributeError,'%s has no attribute %s' % ( + self.__class__.__name__,repr(name) + ) + + def abandon_ext(self,msgid,serverctrls=None,clientctrls=None): + """ + abandon_ext(msgid[,serverctrls=None[,clientctrls=None]]) -> None + abandon(msgid) -> None + Abandons or cancels an LDAP operation in progress. The msgid should + be the message id of an outstanding LDAP operation as returned + by the asynchronous methods search(), modify() etc. The caller + can expect that the result of an abandoned operation will not be + returned from a future call to result(). + """ + return self._ldap_call(self._l.abandon_ext,msgid,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def abandon(self,msgid): + return self.abandon_ext(msgid,None,None) + + def cancel(self,cancelid,serverctrls=None,clientctrls=None): + """ + cancel(cancelid[,serverctrls=None[,clientctrls=None]]) -> int + Send cancels extended operation for an LDAP operation specified by cancelid. + The cancelid should be the message id of an outstanding LDAP operation as returned + by the asynchronous methods search(), modify() etc. The caller + can expect that the result of an abandoned operation will not be + returned from a future call to result(). + In opposite to abandon() this extended operation gets an result from + the server and thus should be preferred if the server supports it. + """ + return self._ldap_call(self._l.cancel,cancelid,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def cancel_s(self,cancelid,serverctrls=None,clientctrls=None): + msgid = self.cancel(cancelid,serverctrls,clientctrls) + try: + res = self.result(msgid,all=1,timeout=self.timeout) + except (ldap.CANCELLED,ldap.SUCCESS): + res = None + return res + + def add_ext(self,dn,modlist,serverctrls=None,clientctrls=None): + """ + add_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int + This function adds a new entry with a distinguished name + specified by dn which means it must not already exist. + The parameter modlist is similar to the one passed to modify(), + except that no operation integer need be included in the tuples. + """ + return self._ldap_call(self._l.add_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def add_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None): + msgid = self.add_ext(dn,modlist,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def add(self,dn,modlist): + """ + add(dn, modlist) -> int + This function adds a new entry with a distinguished name + specified by dn which means it must not already exist. + The parameter modlist is similar to the one passed to modify(), + except that no operation integer need be included in the tuples. + """ + return self.add_ext(dn,modlist,None,None) + + def add_s(self,dn,modlist): + msgid = self.add(dn,modlist) + return self.result(msgid,all=1,timeout=self.timeout) + + def simple_bind(self,who='',cred='',serverctrls=None,clientctrls=None): + """ + simple_bind([who='' [,cred='']]) -> int + """ + return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def simple_bind_s(self,who='',cred='',serverctrls=None,clientctrls=None): + """ + simple_bind_s([who='' [,cred='']]) -> 4-tuple + """ + msgid = self.simple_bind(who,cred,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def bind(self,who,cred,method=ldap.AUTH_SIMPLE): + """ + bind(who, cred, method) -> int + """ + assert method==ldap.AUTH_SIMPLE,'Only simple bind supported in LDAPObject.bind()' + return self.simple_bind(who,cred) + + def bind_s(self,who,cred,method=ldap.AUTH_SIMPLE): + """ + bind_s(who, cred, method) -> None + """ + msgid = self.bind(who,cred,method) + return self.result(msgid,all=1,timeout=self.timeout) + + def sasl_interactive_bind_s(self,who,auth,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): + """ + sasl_interactive_bind_s(who, auth [,serverctrls=None[,clientctrls=None[,sasl_flags=ldap.SASL_QUIET]]]) -> None + """ + return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) + + def compare_ext(self,dn,attr,value,serverctrls=None,clientctrls=None): + """ + compare_ext(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> int + compare_ext_s(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> int + compare(dn, attr, value) -> int + compare_s(dn, attr, value) -> int + Perform an LDAP comparison between the attribute named attr of + entry dn, and the value value. The synchronous form returns 0 + for false, or 1 for true. The asynchronous form returns the + message id of the initiates request, and the result of the + asynchronous compare can be obtained using result(). + + Note that this latter technique yields the answer by raising + the exception objects COMPARE_TRUE or COMPARE_FALSE. + + A design bug in the library prevents value from containing + nul characters. + """ + return self._ldap_call(self._l.compare_ext,dn,attr,value,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def compare_ext_s(self,dn,attr,value,serverctrls=None,clientctrls=None): + msgid = self.compare_ext(dn,attr,value,serverctrls,clientctrls) + try: + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + except ldap.COMPARE_TRUE: + return 1 + except ldap.COMPARE_FALSE: + return 0 + return None + + def compare(self,dn,attr,value): + return self.compare_ext(dn,attr,value,None,None) + + def compare_s(self,dn,attr,value): + return self.compare_ext_s(dn,attr,value,None,None) + + def delete_ext(self,dn,serverctrls=None,clientctrls=None): + """ + delete(dn) -> int + delete_s(dn) -> None + delete_ext(dn[,serverctrls=None[,clientctrls=None]]) -> int + delete_ext_s(dn[,serverctrls=None[,clientctrls=None]]) -> None + Performs an LDAP delete operation on dn. The asynchronous + form returns the message id of the initiated request, and the + result can be obtained from a subsequent call to result(). + """ + return self._ldap_call(self._l.delete_ext,dn,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def delete_ext_s(self,dn,serverctrls=None,clientctrls=None): + msgid = self.delete_ext(dn,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def delete(self,dn): + return self.delete_ext(dn,None,None) + + def delete_s(self,dn): + return self.delete_ext_s(dn,None,None) + + def extop(self,extreq,serverctrls=None,clientctrls=None): + """ + extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int + extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) -> + (respoid,respvalue) + Performs an LDAP extended operation. The asynchronous + form returns the message id of the initiated request, and the + result can be obtained from a subsequent call to extop_result(). + The extreq is an instance of class ldap.extop.ExtendedRequest. + + If argument extop_resp_class is set to a sub-class of + ldap.extop.ExtendedResponse this class is used to return an + object of this class instead of a raw BER value in respvalue. + """ + return self._ldap_call(self._l.extop,extreq.requestName,extreq.encodedRequestValue(),RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None): + resulttype,msg,msgid,respctrls,respoid,respvalue = self.result4(msgid,all=1,timeout=self.timeout,add_ctrls=1,add_intermediates=1,add_extop=1) + return (respoid,respvalue) + + def extop_s(self,extreq,serverctrls=None,clientctrls=None,extop_resp_class=None): + msgid = self.extop(extreq,serverctrls,clientctrls) + res = self.extop_result(msgid,all=1,timeout=self.timeout) + if extop_resp_class: + respoid,respvalue = res + if extop_resp_class.responseName!=respoid: + raise ldap.PROTOCOL_ERROR("Wrong OID in extended response! Expected %s, got %s" % (extop_resp_class.responseName,respoid)) + return extop_resp_class(extop_resp_class.responseName,respvalue) + else: + return res + + def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None): + """ + modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int + """ + return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None): + msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def modify(self,dn,modlist): + """ + modify(dn, modlist) -> int + modify_s(dn, modlist) -> None + modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int + modify_ext_s(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> None + Performs an LDAP modify operation on an entry's attributes. + dn is the DN of the entry to modify, and modlist is the list + of modifications to make to the entry. + + Each element of the list modlist should be a tuple of the form + (mod_op,mod_type,mod_vals), where mod_op is the operation (one of + MOD_ADD, MOD_DELETE, MOD_INCREMENT or MOD_REPLACE), mod_type is a + string indicating the attribute type name, and mod_vals is either a + string value or a list of string values to add, delete, increment by or + replace respectively. For the delete operation, mod_vals may be None + indicating that all attributes are to be deleted. + + The asynchronous modify() returns the message id of the + initiated request. + """ + return self.modify_ext(dn,modlist,None,None) + + def modify_s(self,dn,modlist): + msgid = self.modify(dn,modlist) + return self.result(msgid,all=1,timeout=self.timeout) + + def modrdn(self,dn,newrdn,delold=1): + """ + modrdn(dn, newrdn [,delold=1]) -> int + modrdn_s(dn, newrdn [,delold=1]) -> None + Perform a modify RDN operation. These routines take dn, the + DN of the entry whose RDN is to be changed, and newrdn, the + new RDN to give to the entry. The optional parameter delold + is used to specify whether the old RDN should be kept as + an attribute of the entry or not. The asynchronous version + returns the initiated message id. + + This operation is emulated by rename() and rename_s() methods + since the modrdn2* routines in the C library are deprecated. + """ + return self.rename(dn,newrdn,None,delold) + + def modrdn_s(self,dn,newrdn,delold=1): + return self.rename_s(dn,newrdn,None,delold) + + def passwd(self,user,oldpw,newpw,serverctrls=None,clientctrls=None): + return self._ldap_call(self._l.passwd,user,oldpw,newpw,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def passwd_s(self,user,oldpw,newpw,serverctrls=None,clientctrls=None): + msgid = self.passwd(user,oldpw,newpw,serverctrls,clientctrls) + return self.extop_result(msgid,all=1,timeout=self.timeout) + + def rename(self,dn,newrdn,newsuperior=None,delold=1,serverctrls=None,clientctrls=None): + """ + rename(dn, newrdn [, newsuperior=None [,delold=1][,serverctrls=None[,clientctrls=None]]]) -> int + rename_s(dn, newrdn [, newsuperior=None] [,delold=1][,serverctrls=None[,clientctrls=None]]) -> None + Perform a rename entry operation. These routines take dn, the + DN of the entry whose RDN is to be changed, newrdn, the + new RDN, and newsuperior, the new parent DN, to give to the entry. + If newsuperior is None then only the RDN is modified. + The optional parameter delold is used to specify whether the + old RDN should be kept as an attribute of the entry or not. + The asynchronous version returns the initiated message id. + + This actually corresponds to the rename* routines in the + LDAP-EXT C API library. + """ + return self._ldap_call(self._l.rename,dn,newrdn,newsuperior,delold,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def rename_s(self,dn,newrdn,newsuperior=None,delold=1,serverctrls=None,clientctrls=None): + msgid = self.rename(dn,newrdn,newsuperior,delold,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def result(self,msgid=ldap.RES_ANY,all=1,timeout=None): + """ + result([msgid=RES_ANY [,all=1 [,timeout=None]]]) -> (result_type, result_data) + + This method is used to wait for and return the result of an + operation previously initiated by one of the LDAP asynchronous + operation routines (eg search(), modify(), etc.) They all + returned an invocation identifier (a message id) upon successful + initiation of their operation. This id is guaranteed to be + unique across an LDAP session, and can be used to request the + result of a specific operation via the msgid parameter of the + result() method. + + If the result of a specific operation is required, msgid should + be set to the invocation message id returned when the operation + was initiated; otherwise RES_ANY should be supplied. + + The all parameter only has meaning for search() responses + and is used to select whether a single entry of the search + response should be returned, or to wait for all the results + of the search before returning. + + A search response is made up of zero or more search entries + followed by a search result. If all is 0, search entries will + be returned one at a time as they come in, via separate calls + to result(). If all is 1, the search response will be returned + in its entirety, i.e. after all entries and the final search + result have been received. + + For all set to 0, result tuples + trickle in (with the same message id), and with the result type + RES_SEARCH_ENTRY, until the final result which has a result + type of RES_SEARCH_RESULT and a (usually) empty data field. + When all is set to 1, only one result is returned, with a + result type of RES_SEARCH_RESULT, and all the result tuples + listed in the data field. + + The method returns a tuple of the form (result_type, + result_data). The result_type is one of the constants RES_*. + + See search() for a description of the search result's + result_data, otherwise the result_data is normally meaningless. + + The result() method will block for timeout seconds, or + indefinitely if timeout is negative. A timeout of 0 will effect + a poll. The timeout can be expressed as a floating-point value. + If timeout is None the default in self.timeout is used. + + If a timeout occurs, a TIMEOUT exception is raised, unless + polling (timeout = 0), in which case (None, None) is returned. + """ + resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) + return resp_type, resp_data + + def result2(self,msgid=ldap.RES_ANY,all=1,timeout=None): + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) + return resp_type, resp_data, resp_msgid + + def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None): + resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4( + msgid,all,timeout, + add_ctrls=0,add_intermediates=0,add_extop=0, + resp_ctrl_classes=resp_ctrl_classes + ) + return resp_type, resp_data, resp_msgid, decoded_resp_ctrls + + def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None): + if timeout is None: + timeout = self.timeout + ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) + if ldap_result is None: + resp_type, resp_data, resp_msgid, resp_ctrls, resp_name, resp_value = (None,None,None,None,None,None) + else: + if len(ldap_result)==4: + resp_type, resp_data, resp_msgid, resp_ctrls = ldap_result + resp_name, resp_value = None,None + else: + resp_type, resp_data, resp_msgid, resp_ctrls, resp_name, resp_value = ldap_result + if add_ctrls: + resp_data = [ (t,r,DecodeControlTuples(c,resp_ctrl_classes)) for t,r,c in resp_data ] + decoded_resp_ctrls = DecodeControlTuples(resp_ctrls,resp_ctrl_classes) + return resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value + + def search_ext(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): + """ + search(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) -> int + search_s(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) + search_st(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,timeout=-1]]]]) + search_ext(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]]) + search_ext_s(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]]) + + Perform an LDAP search operation, with base as the DN of + the entry at which to start the search, scope being one of + SCOPE_BASE (to search the object itself), SCOPE_ONELEVEL + (to search the object's immediate children), or SCOPE_SUBTREE + (to search the object and all its descendants). + + filter is a string representation of the filter to + apply in the search (see RFC 4515). + + Each result tuple is of the form (dn,entry), where dn is a + string containing the DN (distinguished name) of the entry, and + entry is a dictionary containing the attributes. + Attributes types are used as string dictionary keys and attribute + values are stored in a list as dictionary value. + + The DN in dn is extracted using the underlying ldap_get_dn(), + which may raise an exception of the DN is malformed. + + If attrsonly is non-zero, the values of attrs will be + meaningless (they are not transmitted in the result). + + The retrieved attributes can be limited with the attrlist + parameter. If attrlist is None, all the attributes of each + entry are returned. + + serverctrls=None + + clientctrls=None + + The synchronous form with timeout, search_st() or search_ext_s(), + will block for at most timeout seconds (or indefinitely if + timeout is negative). A TIMEOUT exception is raised if no result is + received within the time. + + The amount of search results retrieved can be limited with the + sizelimit parameter if non-zero. + """ + return self._ldap_call( + self._l.search_ext, + base,scope,filterstr, + attrlist,attrsonly, + RequestControlTuples(serverctrls), + RequestControlTuples(clientctrls), + timeout,sizelimit, + ) + + def search_ext_s(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): + msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) + return self.result(msgid,all=1,timeout=timeout)[1] + + def search(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0): + return self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None) + + def search_s(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0): + return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) + + def search_st(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,timeout=-1): + return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout) + + def start_tls_s(self): + """ + start_tls_s() -> None + Negotiate TLS with server. The `version' attribute must have been + set to VERSION3 before calling start_tls_s. + If TLS could not be started an exception will be raised. + """ + return self._ldap_call(self._l.start_tls_s) + + def unbind_ext(self,serverctrls=None,clientctrls=None): + """ + unbind() -> int + unbind_s() -> None + unbind_ext() -> int + unbind_ext_s() -> None + This call is used to unbind from the directory, terminate + the current association, and free resources. Once called, the + connection to the LDAP server is closed and the LDAP object + is invalid. Further invocation of methods on the object will + yield an exception. + + The unbind and unbind_s methods are identical, and are + synchronous in nature + """ + return self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def unbind_ext_s(self,serverctrls=None,clientctrls=None): + msgid = self.unbind_ext(serverctrls,clientctrls) + if msgid!=None: + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def unbind(self): + return self.unbind_ext(None,None) + + def unbind_s(self): + return self.unbind_ext_s(None,None) + + def whoami_s(self,serverctrls=None,clientctrls=None): + return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls) + + def get_option(self,option): + result = self._ldap_call(self._l.get_option,option) + if option==ldap.OPT_SERVER_CONTROLS or option==ldap.OPT_CLIENT_CONTROLS: + result = DecodeControlTuples(result) + return result + + def set_option(self,option,invalue): + if option==ldap.OPT_SERVER_CONTROLS or option==ldap.OPT_CLIENT_CONTROLS: + invalue = RequestControlTuples(invalue) + return self._ldap_call(self._l.set_option,option,invalue) + + def search_subschemasubentry_s(self,dn=''): + """ + Returns the distinguished name of the sub schema sub entry + for a part of a DIT specified by dn. + + None as result indicates that the DN of the sub schema sub entry could + not be determined. + """ + try: + r = self.search_s( + dn,ldap.SCOPE_BASE,'(objectClass=*)',['subschemaSubentry'] + ) + except (ldap.NO_SUCH_OBJECT,ldap.NO_SUCH_ATTRIBUTE,ldap.INSUFFICIENT_ACCESS): + r = [] + except ldap.UNDEFINED_TYPE: + return None + try: + if r: + e = ldap.cidict.cidict(r[0][1]) + search_subschemasubentry_dn = e.get('subschemaSubentry',[None])[0] + if search_subschemasubentry_dn is None: + if dn: + # Try to find sub schema sub entry in root DSE + return self.search_subschemasubentry_s(dn='') + else: + # If dn was already root DSE we can return here + return None + else: + return search_subschemasubentry_dn + except IndexError: + return None + + def read_subschemasubentry_s(self,subschemasubentry_dn,attrs=None): + """ + Returns the sub schema sub entry's data + """ + attrs = attrs or SCHEMA_ATTRS + try: + r = self.search_s( + subschemasubentry_dn,ldap.SCOPE_BASE, + '(objectClass=subschema)', + attrs + ) + except ldap.NO_SUCH_OBJECT: + return None + else: + if r: + return r[0][1] + else: + return None + + +class NonblockingLDAPObject(SimpleLDAPObject): + + def __init__(self,uri,trace_level=0,trace_file=None,result_timeout=-1): + self._result_timeout = result_timeout + SimpleLDAPObject.__init__(self,uri,trace_level,trace_file) + + def result(self,msgid=ldap.RES_ANY,all=1,timeout=-1): + """ + """ + ldap_result = self._ldap_call(self._l.result,msgid,0,self._result_timeout) + if not all: + return ldap_result + start_time = time.time() + all_results = [] + while all: + while ldap_result[0] is None: + if (timeout>=0) and (time.time()-start_time>timeout): + self._ldap_call(self._l.abandon,msgid) + raise ldap.TIMEOUT( + "LDAP time limit (%d secs) exceeded." % (timeout) + ) + time.sleep(0.00001) + ldap_result = self._ldap_call(self._l.result,msgid,0,self._result_timeout) + if ldap_result[1] is None: + break + all_results.extend(ldap_result[1]) + ldap_result = None,None + return all_results + + def search_st(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,timeout=-1): + msgid = self.search(base,scope,filterstr,attrlist,attrsonly) + return self.result(msgid,all=1,timeout=timeout) + + +class ReconnectLDAPObject(SimpleLDAPObject): + """ + In case of server failure (ldap.SERVER_DOWN) the implementations + of all synchronous operation methods (search_s() etc.) are doing + an automatic reconnect and rebind and will retry the very same + operation. + + This is very handy for broken LDAP server implementations + (e.g. in Lotus Domino) which drop connections very often making + it impossible to have a long-lasting control flow in the + application. + """ + + __transient_attrs__ = { + '_l':None, + '_ldap_object_lock':None, + '_trace_file':None, + } + + def __init__( + self,uri, + trace_level=0,trace_file=None,trace_stack_limit=5, + retry_max=1,retry_delay=60.0 + ): + """ + Parameters like SimpleLDAPObject.__init__() with these + additional arguments: + + retry_max + Maximum count of reconnect trials + retry_delay + Time span to wait between two reconnect trials + """ + self._uri = uri + self._options = [] + self._last_bind = None + self._pending_reconnect = 0 + SimpleLDAPObject.__init__(self,uri,trace_level,trace_file,trace_stack_limit) + self._retry_max = retry_max + self._retry_delay = retry_delay + self._start_tls = 0 + self._reconnects_done = 0L + + def __getstate__(self): + """return data representation for pickled object""" + d = {} + for k,v in self.__dict__.items(): + if not self.__transient_attrs__.has_key(k): + d[k] = v + return d + + def __setstate__(self,d): + """set up the object from pickled data""" + self.__dict__.update(d) + self._ldap_object_lock = self._ldap_lock() + self._trace_file = sys.stdout + self.reconnect(self._uri) + + def _apply_last_bind(self): + if self._last_bind!=None: + func,args,kwargs = self._last_bind + func(self,*args,**kwargs) + else: + # Send explicit anon simple bind request to provoke ldap.SERVER_DOWN in method reconnect() + SimpleLDAPObject.simple_bind_s(self,'','') + + def _restore_options(self): + """Restore all recorded options""" + for k,v in self._options: + SimpleLDAPObject.set_option(self,k,v) + + def reconnect(self,uri): + # Drop and clean up old connection completely + # Reconnect + while self._pending_reconnect: + time.sleep(0.01) + else: + self._pending_reconnect = 1 + reconnect_counter = self._retry_max + while reconnect_counter: + if __debug__ and self._trace_level>=1: + self._trace_file.write('*** Try %d. reconnect to %s...\n' % ( + self._retry_max-reconnect_counter+1,uri + )) + try: + # Do the connect + self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) + self._restore_options() + # StartTLS extended operation in case this was called before + if self._start_tls: + self.start_tls_s() + # Repeat last simple or SASL bind + self._apply_last_bind() + except (ldap.SERVER_DOWN,ldap.TIMEOUT),e: + if __debug__ and self._trace_level>=1: + self._trace_file.write('*** %d. reconnect to %s failed\n' % ( + self._retry_max-reconnect_counter+1,uri + )) + reconnect_counter = reconnect_counter-1 + if not reconnect_counter: + raise + if __debug__ and self._trace_level>=1: + self._trace_file.write('=> delay %s...\n' % (self._retry_delay)) + time.sleep(self._retry_delay) + SimpleLDAPObject.unbind_s(self) + del self._l + else: + if __debug__ and self._trace_level>=1: + self._trace_file.write('*** %d. reconnect to %s successful, last operation will be repeated\n' % ( + self._retry_max-reconnect_counter+1,uri + )) + self._reconnects_done = self._reconnects_done + 1L + break + self._pending_reconnect = 0 + return # reconnect() + + def _apply_method_s(self,func,*args,**kwargs): + if not self.__dict__.has_key('_l'): + self.reconnect(self._uri) + try: + return func(self,*args,**kwargs) + except ldap.SERVER_DOWN: + SimpleLDAPObject.unbind_s(self) + del self._l + # Try to reconnect + self.reconnect(self._uri) + # Re-try last operation + return func(self,*args,**kwargs) + + def set_option(self,option,invalue): + self._options.append((option,invalue)) + return SimpleLDAPObject.set_option(self,option,invalue) + + def bind_s(self,*args,**kwargs): + res = self._apply_method_s(SimpleLDAPObject.bind_s,*args,**kwargs) + self._last_bind = (self.bind_s,args,kwargs) + return res + + def simple_bind_s(self,*args,**kwargs): + res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs) + self._last_bind = (SimpleLDAPObject.simple_bind_s,args,kwargs) + return res + + def start_tls_s(self,*args,**kwargs): + res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) + self._start_tls = 1 + return res + + def sasl_interactive_bind_s(self,*args,**kwargs): + """ + sasl_interactive_bind_s(who, auth) -> None + """ + res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) + self._last_bind = (SimpleLDAPObject.sasl_interactive_bind_s,args,kwargs) + return res + + def add_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.add_ext_s,*args,**kwargs) + + def cancel_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.cancel_s,*args,**kwargs) + + def compare_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.compare_s,*args,**kwargs) + + def delete_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.delete_ext_s,*args,**kwargs) + + def extop_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.extop_s,*args,**kwargs) + + def modify_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) + + def rename_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.rename_s,*args,**kwargs) + + def search_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) + + def whoami_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.whoami_s,*args,**kwargs) + + +# The class called LDAPObject will be used as default for +# ldap.open() and ldap.initialize() +LDAPObject = SimpleLDAPObject From ade32bcc8aa8c3cb1d4b942b8f04775de243b337 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 4 Jul 2013 16:06:53 +0000 Subject: [PATCH 096/868] Started 2.4.14 --- Lib/dsml.py | 297 ++++++++++++++++++++++++++++ Lib/ldap/__init__.py | 94 +++++++++ Lib/ldif.py | 453 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 844 insertions(+) create mode 100644 Lib/dsml.py create mode 100644 Lib/ldap/__init__.py create mode 100644 Lib/ldif.py diff --git a/Lib/dsml.py b/Lib/dsml.py new file mode 100644 index 0000000..260da63 --- /dev/null +++ b/Lib/dsml.py @@ -0,0 +1,297 @@ +""" +dsml - generate and parse DSMLv1 data +(see http://www.oasis-open.org/committees/dsml/) + +See http://www.python-ldap.org/ for details. + +$Id: dsml.py,v 1.31 2013/07/04 16:06:53 stroeder Exp $ + +Python compability note: +Tested with Python 2.0+. +""" + +__version__ = '2.4.14' + +import string,base64 + + +special_entities = ( + ('&','&'), + ('<','<'), + ('"','"'), + ("'",'''), +) + + +def replace_char(s): + for char,entity in special_entities: + s = string.replace(s,char,entity) + return s + + +class DSMLWriter: + """ + Class for writing LDAP entry records to a DSMLv1 file. + + Arguments: + + f + File object for output. + base64_attrs + Attribute types to be base64-encoded. + dsml_comment + Text placed in comment lines behind . + indent + String used for indentiation of next nested level. + """ + + def __init__( + self,f,base64_attrs=[],dsml_comment='',indent=' ' + ): + self._output_file = f + self._base64_attrs = {}.fromkeys(map(string.lower,base64_attrs)) + self._dsml_comment = dsml_comment + self._indent = indent + + def _needs_base64_encoding(self,attr_type,attr_value): + if self._base64_attrs: + return self._base64_attrs.has_key(string.lower(attr_type)) + else: + try: + unicode(attr_value,'utf-8') + except UnicodeError: + return 1 + else: + return 0 + + def writeHeader(self): + """ + Write the header + """ + self._output_file.write('\n'.join([ + '', + '', + '', + '%s\n' % (self._indent), + ]) + ) + if self._dsml_comment: + self._output_file.write('%s\n' % (self._indent)) + + def writeFooter(self): + """ + Write the footer + """ + self._output_file.write('%s\n' % (self._indent)) + self._output_file.write('\n') + + def unparse(self,dn,entry): + return self.writeRecord(dn,entry) + + def writeRecord(self,dn,entry): + """ + dn + string-representation of distinguished name + entry + dictionary holding the LDAP entry {attr:data} + """ + + # Write line dn: first + self._output_file.write( + '%s\n' % ( + self._indent*2,replace_char(dn) + ) + ) + + objectclasses = entry.get('objectclass',entry.get('objectClass',[])) + + self._output_file.write('%s\n' % (self._indent*3)) + for oc in objectclasses: + self._output_file.write('%s%s\n' % (self._indent*4,oc)) + self._output_file.write('%s\n' % (self._indent*3)) + + attr_types = entry.keys()[:] + try: + attr_types.remove('objectclass') + attr_types.remove('objectClass') + except ValueError: + pass + attr_types.sort() + for attr_type in attr_types: + self._output_file.write('%s\n' % (self._indent*3,attr_type)) + for attr_value_item in entry[attr_type]: + needs_base64_encoding = self._needs_base64_encoding( + attr_type,attr_value_item + ) + if needs_base64_encoding: + attr_value_item = base64.encodestring(attr_value_item) + else: + attr_value_item = replace_char(attr_value_item) + self._output_file.write('%s\n' % ( + self._indent*4, + ' encoding="base64"'*needs_base64_encoding + ) + ) + self._output_file.write('%s%s\n' % ( + self._indent*5, + attr_value_item + ) + ) + self._output_file.write('%s\n' % ( + self._indent*4, + ) + ) + self._output_file.write('%s\n' % (self._indent*3)) + self._output_file.write('%s\n' % (self._indent*2)) + return + + +try: + + import xml.sax,xml.sax.handler + +except ImportError: + pass + +else: + + class DSMLv1Handler(xml.sax.handler.ContentHandler): + """ + Content handler class for DSMLv1 + """ + + def __init__(self,parser_instance): + self._parser_instance = parser_instance + xml.sax.handler.ContentHandler.__init__(self) + + def startDocument(self): + pass + + def endDocument(self): + pass + + def startElement(self,raw_name,attrs): + assert raw_name.startswith(''),'Illegal name' + name = raw_name[5:] + if name=='dsml': + pass + elif name=='directory-entries': + self._parsing_entries = 1 + elif name=='entry': + self._dn = attrs['dn'] + self._entry = {} + elif name=='attr': + self._attr_type = attrs['name'].encode('utf-8') + self._attr_values = [] + elif name=='value': + self._attr_value = '' + self._base64_encoding = attrs.get('encoding','').lower()=='base64' + # Handle object class tags + elif name=='objectclass': + self._object_classes = [] + elif name=='oc-value': + self._oc_value = '' + # Unhandled tags + else: + raise ValueError,'Unknown tag %s' % (raw_name) + + def endElement(self,raw_name): + assert raw_name.startswith('dsml:'),'Illegal name' + name = raw_name[5:] + if name=='dsml': + pass + elif name=='directory-entries': + self._parsing_entries = 0 + elif name=='entry': + self._parser_instance.handle(self._dn,self._entry) + del self._dn + del self._entry + elif name=='attr': + self._entry[self._attr_type] = self._attr_values + del self._attr_type + del self._attr_values + elif name=='value': + if self._base64_encoding: + attr_value = base64.decodestring(self._attr_value.strip()) + else: + attr_value = self._attr_value.strip().encode('utf-8') + self._attr_values.append(attr_value) + del attr_value + del self._attr_value + del self._base64_encoding + # Handle object class tags + elif name=='objectclass': + self._entry['objectClass'] = self._object_classes + del self._object_classes + elif name=='oc-value': + self._object_classes.append(self._oc_value.strip().encode('utf-8')) + del self._oc_value + # Unhandled tags + else: + raise ValueError,'Unknown tag %s' % (raw_name) + + def characters(self,ch): + if self.__dict__.has_key('_oc_value'): + self._oc_value = self._oc_value + ch + elif self.__dict__.has_key('_attr_value'): + self._attr_value = self._attr_value + ch + else: + pass + + + class DSMLParser: + """ + Base class for a DSMLv1 parser. Applications should sub-class this + class and override method handle() to implement something meaningful. + + Public class attributes: + + records_read + Counter for records processed so far + + Arguments: + + input_file + File-object to read the DSMLv1 input from + ignored_attr_types + Attributes with these attribute type names will be ignored. + max_entries + If non-zero specifies the maximum number of entries to be + read from f. + line_sep + String used as line separator + """ + + def __init__( + self, + input_file, + ContentHandlerClass, + ignored_attr_types=None, + max_entries=0, + ): + self._input_file = input_file + self._max_entries = max_entries + self._ignored_attr_types = {}.fromkeys(map(string.lower,(ignored_attr_types or []))) + self._current_record = None,None + self.records_read = 0 + self._parser = xml.sax.make_parser() + self._parser.setFeature(xml.sax.handler.feature_namespaces,0) + content_handler = ContentHandlerClass(self) + self._parser.setContentHandler(content_handler) + + def handle(self,*args,**kwargs): + """ + Process a single DSMLv1 entry record. This method should be + implemented by applications using DSMLParser. + """ + import pprint + pprint.pprint(args) + pprint.pprint(kwargs) + + def parse(self): + """ + Continously read and parse DSML records + """ + self._parser.parse(self._input_file) diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py new file mode 100644 index 0000000..d641a44 --- /dev/null +++ b/Lib/ldap/__init__.py @@ -0,0 +1,94 @@ +""" +ldap - base module + +See http://www.python-ldap.org/ for details. + +$Id: __init__.py,v 1.87 2013/07/04 16:06:53 stroeder Exp $ +""" + +# This is also the overall release version number + +__version__ = '2.4.14' + +import sys + +if __debug__: + # Tracing is only supported in debugging mode + import traceback + _trace_level = 0 + _trace_file = sys.stderr + _trace_stack_limit = None + +import _ldap +from _ldap import * + +OPT_NAMES_DICT = {} +for k,v in vars(_ldap).items(): + if k.startswith('OPT_'): + OPT_NAMES_DICT[v]=k + +class DummyLock: + """Define dummy class with methods compatible to threading.Lock""" + def __init__(self): + pass + def acquire(self): + pass + def release(self): + pass + +try: + # Check if Python installation was build with thread support + import thread +except ImportError: + LDAPLockBaseClass = DummyLock +else: + import threading + LDAPLockBaseClass = threading.Lock + + +class LDAPLock: + """ + Mainly a wrapper class to log all locking events. + Note that this cumbersome approach with _lock attribute was taken + since threading.Lock is not suitable for sub-classing. + """ + _min_trace_level = 3 + + def __init__(self,lock_class=None,desc=''): + """ + lock_class + Class compatible to threading.Lock + desc + Description shown in debug log messages + """ + self._desc = desc + self._lock = (lock_class or LDAPLockBaseClass)() + + def acquire(self): + if __debug__: + global _trace_level + if _trace_level>=self._min_trace_level: + _trace_file.write('***%s %s.acquire()\n' % (self._desc,self.__class__.__name__)) + return self._lock.acquire() + + def release(self): + if __debug__: + global _trace_level + if _trace_level>=self._min_trace_level: + _trace_file.write('***%s %s.release()\n' % (self._desc,self.__class__.__name__)) + return self._lock.release() + + +# Create module-wide lock for serializing all calls into underlying LDAP lib +_ldap_module_lock = LDAPLock(desc='Module wide') + +from functions import open,initialize,init,get_option,set_option + +from ldap.dn import explode_dn,explode_rdn,str2dn,dn2str +del str2dn +del dn2str + +# More constants + +# For compability of 2.3 and 2.4 OpenLDAP API +OPT_DIAGNOSTIC_MESSAGE = OPT_ERROR_STRING diff --git a/Lib/ldif.py b/Lib/ldif.py new file mode 100644 index 0000000..19cbf11 --- /dev/null +++ b/Lib/ldif.py @@ -0,0 +1,453 @@ +""" +ldif - generate and parse LDIF data (see RFC 2849) + +See http://www.python-ldap.org/ for details. + +$Id: ldif.py,v 1.73 2013/07/04 16:06:53 stroeder Exp $ + +Python compability note: +Tested with Python 2.0+, but should work with Python 1.5.2+. +""" + +__version__ = '2.4.14' + +__all__ = [ + # constants + 'ldif_pattern', + # functions + 'AttrTypeandValueLDIF','CreateLDIF','ParseLDIF', + # classes + 'LDIFWriter', + 'LDIFParser', + 'LDIFRecordList', + 'LDIFCopy', +] + +import urlparse,urllib,base64,re,types + +try: + from cStringIO import StringIO +except ImportError: + from StringIO import StringIO + +attrtype_pattern = r'[\w;.-]+(;[\w_-]+)*' +attrvalue_pattern = r'(([^,]|\\,)+|".*?")' +attrtypeandvalue_pattern = attrtype_pattern + r'[ ]*=[ ]*' + attrvalue_pattern +rdn_pattern = attrtypeandvalue_pattern + r'([ ]*\+[ ]*' + attrtypeandvalue_pattern + r')*[ ]*' +dn_pattern = rdn_pattern + r'([ ]*,[ ]*' + rdn_pattern + r')*[ ]*' +dn_regex = re.compile('^%s$' % dn_pattern) + +ldif_pattern = '^((dn(:|::) %(dn_pattern)s)|(%(attrtype_pattern)s(:|::) .*)$)+' % vars() + +MOD_OP_INTEGER = { + 'add':0,'delete':1,'replace':2 +} + +MOD_OP_STR = { + 0:'add',1:'delete',2:'replace' +} + +CHANGE_TYPES = ['add','delete','modify','modrdn'] +valid_changetype_dict = {} +for c in CHANGE_TYPES: + valid_changetype_dict[c]=None + + +def is_dn(s): + """ + returns 1 if s is a LDAP DN + """ + if s=='': + return 1 + rm = dn_regex.match(s) + return rm!=None and rm.group(0)==s + + +SAFE_STRING_PATTERN = '(^(\000|\n|\r| |:|<)|[\000\n\r\200-\377]+|[ ]+$)' +safe_string_re = re.compile(SAFE_STRING_PATTERN) + +def list_dict(l): + """ + return a dictionary with all items of l being the keys of the dictionary + """ + return dict([(i,None) for i in l]) + + +class LDIFWriter: + """ + Write LDIF entry or change records to file object + Copy LDIF input to a file output object containing all data retrieved + via URLs + """ + + def __init__(self,output_file,base64_attrs=None,cols=76,line_sep='\n'): + """ + output_file + file object for output + base64_attrs + list of attribute types to be base64-encoded in any case + cols + Specifies how many columns a line may have before it's + folded into many lines. + line_sep + String used as line separator + """ + self._output_file = output_file + self._base64_attrs = list_dict([a.lower() for a in (base64_attrs or [])]) + self._cols = cols + self._line_sep = line_sep + self.records_written = 0 + + def _unfoldLDIFLine(self,line): + """ + Write string line as one or more folded lines + """ + # Check maximum line length + line_len = len(line) + if line_len<=self._cols: + self._output_file.write(line) + self._output_file.write(self._line_sep) + else: + # Fold line + pos = self._cols + self._output_file.write(line[0:min(line_len,self._cols)]) + self._output_file.write(self._line_sep) + while pos Date: Thu, 4 Jul 2013 16:20:06 +0000 Subject: [PATCH 097/868] Removed obsolete shee-bang --- Lib/ldap/controls/sessiontrack.py | 63 +++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 Lib/ldap/controls/sessiontrack.py diff --git a/Lib/ldap/controls/sessiontrack.py b/Lib/ldap/controls/sessiontrack.py new file mode 100644 index 0000000..285c637 --- /dev/null +++ b/Lib/ldap/controls/sessiontrack.py @@ -0,0 +1,63 @@ +""" +ldap.controls.sessiontrack - class for session tracking control +(see draft-wahl-ldap-session) + +See http://www.python-ldap.org/ for project details. + +$Id: sessiontrack.py,v 1.4 2013/07/04 16:20:06 stroeder Exp $ +""" + +from ldap.controls import RequestControl + +from pyasn1.type import namedtype,univ +from pyasn1.codec.ber import encoder +from pyasn1_modules.rfc2251 import LDAPString,LDAPOID + + +# OID constants +SESSION_TRACKING_CONTROL_OID = "1.3.6.1.4.1.21008.108.63.1" +SESSION_TRACKING_FORMAT_OID_RADIUS_ACCT_SESSION_ID = SESSION_TRACKING_CONTROL_OID+".1" +SESSION_TRACKING_FORMAT_OID_RADIUS_ACCT_MULTI_SESSION_ID = SESSION_TRACKING_CONTROL_OID+".2" +SESSION_TRACKING_FORMAT_OID_USERNAME = SESSION_TRACKING_CONTROL_OID+".3" + + +class SessionTrackingControl(RequestControl): + """ + Class for Session Tracking Control + + Because criticality MUST be false for this control it cannot be set + from the application. + + sessionSourceIp + IP address of the request source as string + sessionSourceName + Name of the request source as string + formatOID + OID as string specifying the format + sessionTrackingIdentifier + String containing a specific tracking ID + """ + + class SessionIdentifierControlValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('sessionSourceIp',LDAPString()), + namedtype.NamedType('sessionSourceName',LDAPString()), + namedtype.NamedType('formatOID',LDAPOID()), + namedtype.NamedType('sessionTrackingIdentifier',LDAPString()), + ) + + controlType = SESSION_TRACKING_CONTROL_OID + + def __init__(self,sessionSourceIp,sessionSourceName,formatOID,sessionTrackingIdentifier): + # criticality MUST be false for this control + self.criticality = False + self.sessionSourceIp,self.sessionSourceName,self.formatOID,self.sessionTrackingIdentifier = \ + sessionSourceIp,sessionSourceName,formatOID,sessionTrackingIdentifier + + def encodeControlValue(self): + s = self.SessionIdentifierControlValue() + s.setComponentByName('sessionSourceIp',LDAPString(self.sessionSourceIp)) + s.setComponentByName('sessionSourceName',LDAPString(self.sessionSourceName)) + s.setComponentByName('formatOID',LDAPOID(self.formatOID)) + s.setComponentByName('sessionTrackingIdentifier',LDAPString(self.sessionTrackingIdentifier)) + return encoder.encode(s) From b2495dc0df74d123b1f7776badd381e734591dbd Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Jul 2013 16:57:25 +0000 Subject: [PATCH 098/868] Added ldap.controls.openldap.SearchNoOpControl --- Demo/pyasn1/noopsearch.py | 71 +++++++++++++++++++++++++++++++++++ Lib/ldap/controls/openldap.py | 44 ++++++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 Demo/pyasn1/noopsearch.py create mode 100644 Lib/ldap/controls/openldap.py diff --git a/Demo/pyasn1/noopsearch.py b/Demo/pyasn1/noopsearch.py new file mode 100644 index 0000000..a22f394 --- /dev/null +++ b/Demo/pyasn1/noopsearch.py @@ -0,0 +1,71 @@ +# -*- coding: utf-8 -*- +""" +Demo script for counting searching with OpenLDAP's no-op control + +See http://www.python-ldap.org/ for project details. +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +import sys,ldap,ldapurl,getpass + +from ldap.controls.openldap import SearchNoOpControl + +LDAPLimitErrors = (ldap.TIMEOUT,ldap.TIMELIMIT_EXCEEDED,ldap.SIZELIMIT_EXCEEDED,ldap.ADMINLIMIT_EXCEEDED) + +SEARCH_TIMEOUT=30.0 + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +except IndexError: + print 'Usage: noopsearch.py ' + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.who and ldap_url.cred is None: + print 'Password for %s:' % (repr(ldap_url.who)) + ldap_url.cred = getpass.getpass() + +try: + ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') + +except ldap.INVALID_CREDENTIALS,e: + print 'Simple bind failed:',str(e) + sys.exit(1) + +try: + msg_id = ldap_conn.search_ext( + ldap_url.dn, + ldap_url.scope, + filterstr=ldap_url.filterstr or '(objectClass=*)', + attrlist=['1.1'], + timeout=SEARCH_TIMEOUT, + serverctrls=[SearchNoOpControl(criticality=True)], + ) + _,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT) +except LDAPLimitErrors,e: + ldap_conn.abandon(msg_id) + sys.exit(1) + + +noop_srch_ctrl = [ + c + for c in search_response_ctrls + if c.controlType==SearchNoOpControl.controlType +][0] + +print 'Number of search results: %d' % noop_srch_ctrl.numSearchResults +print 'Number of search continuations: %d' % noop_srch_ctrl.numSearchContinuations diff --git a/Lib/ldap/controls/openldap.py b/Lib/ldap/controls/openldap.py new file mode 100644 index 0000000..a8ed001 --- /dev/null +++ b/Lib/ldap/controls/openldap.py @@ -0,0 +1,44 @@ +""" +ldap.controls.openldap - classes for OpenLDAP-specific controls + +See http://www.python-ldap.org/ for project details. + +$Id: openldap.py,v 1.1 2013/07/05 16:57:25 stroeder Exp $ +""" + +import ldap.controls +from ldap.controls import ValueLessRequestControl,ResponseControl + +from pyasn1.type import univ +from pyasn1.codec.ber import decoder + + +__all__ = [ + 'SearchNoOpControl' +] + + +class SearchNoOpControl(ValueLessRequestControl,ResponseControl): + """ + No-op control attached to search operations implementing sort of a + count operation + + see http://www.openldap.org/its/index.cgi?findid=6598 + """ + controlType = '1.3.6.1.4.1.4203.666.5.18' + + def __init__(self,criticality=False): + self.criticality = criticality + + class SearchNoOpControlValue(univ.Sequence): + pass + + def decodeControlValue(self,encodedControlValue): + decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=self.SearchNoOpControlValue()) + self.resultCode = int(decodedValue[0]) + self.numSearchResults = int(decodedValue[1]) + self.numSearchContinuations = int(decodedValue[2]) + + +ldap.controls.KNOWN_RESPONSE_CONTROLS[SearchNoOpControl.controlType] = SearchNoOpControl + From 30622a4a3e59fa7c5fba6bd4f5939c0a91550ad5 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 13 Aug 2013 12:33:08 +0000 Subject: [PATCH 099/868] updated reference to RFC 4516 in comment --- Lib/ldapurl.py | 433 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 433 insertions(+) create mode 100644 Lib/ldapurl.py diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py new file mode 100644 index 0000000..af501a4 --- /dev/null +++ b/Lib/ldapurl.py @@ -0,0 +1,433 @@ +""" +ldapurl - handling of LDAP URLs as described in RFC 4516 + +See http://www.python-ldap.org/ for details. + +\$Id: ldapurl.py,v 1.63 2013/08/13 12:33:08 stroeder Exp $ + +Python compability note: +This module only works with Python 2.0+ since +1. string methods are used instead of module string and +2. list comprehensions are used. +""" + +__version__ = '2.4.14' + +__all__ = [ + # constants + 'SEARCH_SCOPE','SEARCH_SCOPE_STR', + 'LDAP_SCOPE_BASE','LDAP_SCOPE_ONELEVEL','LDAP_SCOPE_SUBTREE', + # functions + 'isLDAPUrl', + # classes + 'LDAPUrlExtension','LDAPUrlExtensions','LDAPUrl' +] + +import UserDict + +from urllib import quote,unquote + +LDAP_SCOPE_BASE = 0 +LDAP_SCOPE_ONELEVEL = 1 +LDAP_SCOPE_SUBTREE = 2 + +SEARCH_SCOPE_STR = {None:'',0:'base',1:'one',2:'sub'} + +SEARCH_SCOPE = { + '':None, + # the search scope strings defined in RFC 4516 + 'base':LDAP_SCOPE_BASE, + 'one':LDAP_SCOPE_ONELEVEL, + 'sub':LDAP_SCOPE_SUBTREE, +} + +# Some widely used types +StringType = type('') +TupleType=type(()) + + +def isLDAPUrl(s): + """ + Returns 1 if s is a LDAP URL, 0 else + """ + s_lower = s.lower() + return \ + s_lower.startswith('ldap://') or \ + s_lower.startswith('ldaps://') or \ + s_lower.startswith('ldapi://') + + +def ldapUrlEscape(s): + """Returns URL encoding of string s""" + return quote(s).replace(',','%2C').replace('/','%2F') + + +class LDAPUrlExtension: + """ + Class for parsing and unparsing LDAP URL extensions + as described in RFC 4516. + + Usable class attributes: + critical + Boolean integer marking the extension as critical + extype + Type of extension + exvalue + Value of extension + """ + + def __init__(self,extensionStr=None,critical=0,extype=None,exvalue=None): + self.critical = critical + self.extype = extype + self.exvalue = exvalue + if extensionStr: + self._parse(extensionStr) + + def _parse(self,extension): + extension = extension.strip() + if not extension: + # Don't parse empty strings + self.extype,self.exvalue = None,None + return + self.critical = extension[0]=='!' + if extension[0]=='!': + extension = extension[1:].strip() + try: + self.extype,self.exvalue = extension.split('=',1) + except ValueError: + # No value, just the extype + self.extype,self.exvalue = extension,None + else: + self.exvalue = unquote(self.exvalue.strip()) + self.extype = self.extype.strip() + + def unparse(self): + if self.exvalue is None: + return '%s%s' % ('!'*(self.critical>0),self.extype) + else: + return '%s%s=%s' % ( + '!'*(self.critical>0), + self.extype,quote(self.exvalue or '') + ) + + def __str__(self): + return self.unparse() + + def __repr__(self): + return '<%s.%s instance at %s: %s>' % ( + self.__class__.__module__, + self.__class__.__name__, + hex(id(self)), + self.__dict__ + ) + + def __eq__(self,other): + return \ + (self.critical==other.critical) and \ + (self.extype==other.extype) and \ + (self.exvalue==other.exvalue) + + def __ne__(self,other): + return not self.__eq__(other) + + +class LDAPUrlExtensions(UserDict.UserDict): + """ + Models a collection of LDAP URL extensions as + dictionary type + """ + + def __init__(self,default=None): + UserDict.UserDict.__init__(self) + for k,v in (default or {}).items(): + self[k]=v + + def __setitem__(self,name,value): + """ + value + Either LDAPUrlExtension instance, (critical,exvalue) + or string'ed exvalue + """ + assert isinstance(value,LDAPUrlExtension) + assert name==value.extype + self.data[name] = value + + def values(self): + return [ + self[k] + for k in self.keys() + ] + + def __str__(self): + return ','.join(map(str,self.values())) + + def __repr__(self): + return '<%s.%s instance at %s: %s>' % ( + self.__class__.__module__, + self.__class__.__name__, + hex(id(self)), + self.data + ) + + def __eq__(self,other): + assert isinstance(other,self.__class__),TypeError( + "other has to be instance of %s" % (self.__class__) + ) + return self.data==other.data + + def parse(self,extListStr): + for extension_str in extListStr.strip().split(','): + if extension_str: + e = LDAPUrlExtension(extension_str) + self[e.extype] = e + + def unparse(self): + return ','.join([ v.unparse() for v in self.values() ]) + + +class LDAPUrl: + """ + Class for parsing and unparsing LDAP URLs + as described in RFC 4516. + + Usable class attributes: + urlscheme + URL scheme (either ldap, ldaps or ldapi) + hostport + LDAP host (default '') + dn + String holding distinguished name (default '') + attrs + list of attribute types (default None) + scope + integer search scope for ldap-module + filterstr + String representation of LDAP Search Filters + (see RFC 4515) + extensions + Dictionary used as extensions store + who + Maps automagically to bindname LDAP URL extension + cred + Maps automagically to X-BINDPW LDAP URL extension + """ + + attr2extype = {'who':'bindname','cred':'X-BINDPW'} + + def __init__( + self, + ldapUrl=None, + urlscheme='ldap', + hostport='',dn='',attrs=None,scope=None,filterstr=None, + extensions=None, + who=None,cred=None + ): + self.urlscheme=urlscheme + self.hostport=hostport + self.dn=dn + self.attrs=attrs + self.scope=scope + self.filterstr=filterstr + self.extensions=(extensions or LDAPUrlExtensions({})) + if ldapUrl!=None: + self._parse(ldapUrl) + if who!=None: + self.who = who + if cred!=None: + self.cred = cred + + def __eq__(self,other): + return \ + self.urlscheme==other.urlscheme and \ + self.hostport==other.hostport and \ + self.dn==other.dn and \ + self.attrs==other.attrs and \ + self.scope==other.scope and \ + self.filterstr==other.filterstr and \ + self.extensions==other.extensions + + def __ne__(self,other): + return not self.__eq__(other) + + def _parse(self,ldap_url): + """ + parse a LDAP URL and set the class attributes + urlscheme,host,dn,attrs,scope,filterstr,extensions + """ + if not isLDAPUrl(ldap_url): + raise ValueError,'Parameter ldap_url does not seem to be a LDAP URL.' + scheme,rest = ldap_url.split('://',1) + self.urlscheme = scheme.strip() + if not self.urlscheme in ['ldap','ldaps','ldapi']: + raise ValueError,'LDAP URL contains unsupported URL scheme %s.' % (self.urlscheme) + slash_pos = rest.find('/') + qemark_pos = rest.find('?') + if (slash_pos==-1) and (qemark_pos==-1): + # No / and ? found at all + self.hostport = unquote(rest) + self.dn = '' + return + else: + if slash_pos!=-1 and (qemark_pos==-1 or (slash_posqemark_pos)): + # Question mark separates hostport from rest, DN is assumed to be empty + self.hostport = unquote(rest[:qemark_pos]) + # Do not eat question mark + rest = rest[qemark_pos:] + else: + raise ValueError,'Something completely weird happened!' + paramlist=rest.split('?',4) + paramlist_len = len(paramlist) + if paramlist_len>=1: + self.dn = unquote(paramlist[0]).strip() + if (paramlist_len>=2) and (paramlist[1]): + self.attrs = unquote(paramlist[1].strip()).split(',') + if paramlist_len>=3: + scope = paramlist[2].strip() + try: + self.scope = SEARCH_SCOPE[scope] + except KeyError: + raise ValueError,"Search scope must be either one of base, one or sub. LDAP URL contained %s" % (repr(scope)) + if paramlist_len>=4: + filterstr = paramlist[3].strip() + if not filterstr: + self.filterstr = None + else: + self.filterstr = unquote(filterstr) + if paramlist_len>=5: + if paramlist[4]: + self.extensions = LDAPUrlExtensions() + self.extensions.parse(paramlist[4]) + else: + self.extensions = None + return + + def applyDefaults(self,defaults): + """ + Apply defaults to all class attributes which are None. + + defaults + Dictionary containing a mapping from class attributes + to default values + """ + for k in defaults.keys(): + if getattr(self,k) is None: + setattr(self,k,defaults[k]) + + def initializeUrl(self): + """ + Returns LDAP URL suitable to be passed to ldap.initialize() + """ + if self.urlscheme=='ldapi': + # hostport part might contain slashes when ldapi:// is used + hostport = ldapUrlEscape(self.hostport) + else: + hostport = self.hostport + return '%s://%s' % (self.urlscheme,hostport) + + def unparse(self): + """ + Returns LDAP URL depending on class attributes set. + """ + if self.attrs is None: + attrs_str = '' + else: + attrs_str = ','.join(self.attrs) + scope_str = SEARCH_SCOPE_STR[self.scope] + if self.filterstr is None: + filterstr = '' + else: + filterstr = ldapUrlEscape(self.filterstr) + dn = ldapUrlEscape(self.dn) + if self.urlscheme=='ldapi': + # hostport part might contain slashes when ldapi:// is used + hostport = ldapUrlEscape(self.hostport) + else: + hostport = self.hostport + ldap_url = '%s://%s/%s?%s?%s?%s' % ( + self.urlscheme, + hostport,dn,attrs_str,scope_str,filterstr + ) + if self.extensions: + ldap_url = ldap_url+'?'+self.extensions.unparse() + return ldap_url + + def htmlHREF(self,urlPrefix='',hrefText=None,hrefTarget=None): + """ + Returns a string with HTML link for this LDAP URL. + + urlPrefix + Prefix before LDAP URL (e.g. for addressing another web-based client) + hrefText + link text/description + hrefTarget + string added as link target attribute + """ + assert type(urlPrefix)==StringType, "urlPrefix must be StringType" + if hrefText is None: + hrefText = self.unparse() + assert type(hrefText)==StringType, "hrefText must be StringType" + if hrefTarget is None: + target = '' + else: + assert type(hrefTarget)==StringType, "hrefTarget must be StringType" + target = ' target="%s"' % hrefTarget + return '%s' % ( + target,urlPrefix,self.unparse(),hrefText + ) + + def __str__(self): + return self.unparse() + + def __repr__(self): + return '<%s.%s instance at %s: %s>' % ( + self.__class__.__module__, + self.__class__.__name__, + hex(id(self)), + self.__dict__ + ) + + def __getattr__(self,name): + if self.attr2extype.has_key(name): + extype = self.attr2extype[name] + if self.extensions and \ + self.extensions.has_key(extype) and \ + not self.extensions[extype].exvalue is None: + result = unquote(self.extensions[extype].exvalue) + else: + return None + else: + raise AttributeError,"%s has no attribute %s" % ( + self.__class__.__name__,name + ) + return result # __getattr__() + + def __setattr__(self,name,value): + if self.attr2extype.has_key(name): + extype = self.attr2extype[name] + if value is None: + # A value of None means that extension is deleted + delattr(self,name) + elif value!=None: + # Add appropriate extension + self.extensions[extype] = LDAPUrlExtension( + extype=extype,exvalue=unquote(value) + ) + else: + self.__dict__[name] = value + + def __delattr__(self,name): + if self.attr2extype.has_key(name): + extype = self.attr2extype[name] + if self.extensions: + try: + del self.extensions[extype] + except KeyError: + pass + else: + del self.__dict__[name] + From 71024518dbc9c539a5bab834080e3792ac4dbfe9 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 11 Sep 2013 08:16:27 +0000 Subject: [PATCH 100/868] Added support for LDAPObject.get_option(ldap.OPT_X_TLS_VERSION) --- Demo/initialize.py | 95 +++++++++++ Modules/constants.c | 378 +++++++++++++++++++++++++++++++++++++++++++ Modules/options.c | 382 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 855 insertions(+) create mode 100644 Demo/initialize.py create mode 100644 Modules/constants.c create mode 100644 Modules/options.c diff --git a/Demo/initialize.py b/Demo/initialize.py new file mode 100644 index 0000000..ab2647e --- /dev/null +++ b/Demo/initialize.py @@ -0,0 +1,95 @@ +""" +Various examples how to connect to a LDAP host with the new +factory function ldap.initialize() introduced in OpenLDAP 2 API. + +Assuming you have LDAP servers running on +ldap://localhost:1390 (LDAP with StartTLS) +ldaps://localhost:1391 (LDAP over SSL) +ldapi://%2ftmp%2fopenldap2 (domain socket /tmp/openldap2) +""" + +import sys,os,ldap + +# Switch off processing .ldaprc or ldap.conf +os.environ['LDAPNOINIT']='1' + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 1 +ldapmodule_trace_file = sys.stderr + +ldap._trace_level = ldapmodule_trace_level + +# Complete path name of the file containing all trusted CA certs +CACERTFILE='/etc/ssl/ca-bundle.pem' + +print """################################################################## +# LDAPv3 connection with StartTLS ext. op. +################################################################## +""" + +# Create LDAPObject instance +l = ldap.initialize('ldap://localhost:1390',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) + +# Set LDAP protocol version used +l.protocol_version=ldap.VERSION3 + +# Force cert validation +l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) +# Set path name of file containing all trusted CA certificates +l.set_option(ldap.OPT_X_TLS_CACERTFILE,CACERTFILE) +# Force libldap to create a new SSL context (must be last TLS option!) +l.set_option(ldap.OPT_X_TLS_NEWCTX,0) + +# Now try StartTLS extended operation +l.start_tls_s() + +print '***ldap.OPT_X_TLS_VERSION',l.get_option(ldap.OPT_X_TLS_VERSION) +print '***ldap.OPT_X_TLS_CIPHER',l.get_option(ldap.OPT_X_TLS_CIPHER) + +# Try an explicit anon bind to provoke failure +l.simple_bind_s('','') + +# Close connection +l.unbind_s() + +print """################################################################## +# LDAPv3 connection over SSL +################################################################## +""" + +# Create LDAPObject instance +l = ldap.initialize('ldaps://localhost:1391',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) + +# Set LDAP protocol version used +l.protocol_version=ldap.VERSION3 + +# Force cert validation +l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) +# Set path name of file containing all trusted CA certificates +l.set_option(ldap.OPT_X_TLS_CACERTFILE,CACERTFILE) +# Force libldap to create a new SSL context (must be last TLS option!) +l.set_option(ldap.OPT_X_TLS_NEWCTX,0) + +# Try an explicit anon bind to provoke failure +l.simple_bind_s('','') + +print '***ldap.OPT_X_TLS_VERSION',l.get_option(ldap.OPT_X_TLS_VERSION) +print '***ldap.OPT_X_TLS_CIPHER',l.get_option(ldap.OPT_X_TLS_CIPHER) + +# Close connection +l.unbind_s() + +print """################################################################## +# LDAPv3 connection over Unix domain socket +################################################################## +""" + +# Create LDAPObject instance +l = ldap.initialize('ldapi://%2ftmp%2fopenldap-socket',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) +# Set LDAP protocol version used +l.protocol_version=ldap.VERSION3 +# Try an explicit anon bind to provoke failure +l.simple_bind_s('','') +# Close connection +l.unbind_s() diff --git a/Modules/constants.c b/Modules/constants.c new file mode 100644 index 0000000..d815edd --- /dev/null +++ b/Modules/constants.c @@ -0,0 +1,378 @@ +/* constants defined for LDAP + * See http://www.python-ldap.org/ for details. + * $Id: constants.c,v 1.57 2013/09/11 08:16:27 stroeder Exp $ */ + +#include "common.h" +#include "constants.h" +#include "lber.h" +#include "ldap.h" + +static PyObject* reverse; +static PyObject* forward; + +/* convert an result integer into a Python string */ + +PyObject* +LDAPconstant( int val ) { + PyObject *i = PyInt_FromLong( val ); + PyObject *s = PyObject_GetItem( reverse, i ); + if (s == NULL) { + PyErr_Clear(); + return i; + } + Py_DECREF(i); + return s; +} + +/* initialise the module constants */ + +void +LDAPinit_constants( PyObject* d ) +{ + PyObject *zero, *author,*obj; + + reverse = PyDict_New(); + forward = PyDict_New(); + + PyDict_SetItemString( d, "_reverse", reverse ); + PyDict_SetItemString( d, "_forward", forward ); + +#define add_int(d, name) \ + { \ + PyObject *i = PyInt_FromLong(LDAP_##name); \ + PyDict_SetItemString( d, #name, i ); \ + Py_DECREF(i); \ + } + + /* simple constants */ + + add_int(d,API_VERSION); + add_int(d,VENDOR_VERSION); + + add_int(d,PORT); + add_int(d,VERSION1); + add_int(d,VERSION2); + add_int(d,VERSION3); + add_int(d,VERSION_MIN); + add_int(d,VERSION); + add_int(d,VERSION_MAX); + add_int(d,TAG_MESSAGE); + add_int(d,TAG_MSGID); + + add_int(d,REQ_BIND); + add_int(d,REQ_UNBIND); + add_int(d,REQ_SEARCH); + add_int(d,REQ_MODIFY); + add_int(d,REQ_ADD); + add_int(d,REQ_DELETE); + add_int(d,REQ_MODRDN); + add_int(d,REQ_COMPARE); + add_int(d,REQ_ABANDON); + + add_int(d,TAG_LDAPDN); + add_int(d,TAG_LDAPCRED); + add_int(d,TAG_CONTROLS); + add_int(d,TAG_REFERRAL); + + add_int(d,REQ_EXTENDED); +#if LDAP_API_VERSION >= 2004 + add_int(d,TAG_NEWSUPERIOR); + add_int(d,TAG_EXOP_REQ_OID); + add_int(d,TAG_EXOP_REQ_VALUE); + add_int(d,TAG_EXOP_RES_OID); + add_int(d,TAG_EXOP_RES_VALUE); +#ifdef HAVE_SASL + add_int(d,TAG_SASL_RES_CREDS); +#endif +#endif + + add_int(d,SASL_AUTOMATIC); + add_int(d,SASL_INTERACTIVE); + add_int(d,SASL_QUIET); + + /* reversibles */ + + zero = PyInt_FromLong( 0 ); + PyDict_SetItem( reverse, zero, Py_None ); + Py_DECREF( zero ); + + add_int(d,RES_BIND); + add_int(d,RES_SEARCH_ENTRY); + add_int(d,RES_SEARCH_RESULT); + add_int(d,RES_MODIFY); + add_int(d,RES_ADD); + add_int(d,RES_DELETE); + add_int(d,RES_MODRDN); + add_int(d,RES_COMPARE); + add_int(d,RES_ANY); + + add_int(d,RES_SEARCH_REFERENCE); + add_int(d,RES_EXTENDED); + add_int(d,RES_UNSOLICITED); + + add_int(d,RES_INTERMEDIATE); + + /* non-reversibles */ + + add_int(d,AUTH_NONE); + add_int(d,AUTH_SIMPLE); + add_int(d,SCOPE_BASE); + add_int(d,SCOPE_ONELEVEL); + add_int(d,SCOPE_SUBTREE); + add_int(d,MOD_ADD); + add_int(d,MOD_DELETE); + add_int(d,MOD_REPLACE); + add_int(d,MOD_INCREMENT); + add_int(d,MOD_BVALUES); + + add_int(d,MSG_ONE); + add_int(d,MSG_ALL); + add_int(d,MSG_RECEIVED); + + /* (errors.c contains the error constants) */ + + add_int(d,DEREF_NEVER); + add_int(d,DEREF_SEARCHING); + add_int(d,DEREF_FINDING); + add_int(d,DEREF_ALWAYS); + add_int(d,NO_LIMIT); + + add_int(d,OPT_API_INFO); + add_int(d,OPT_DEREF); + add_int(d,OPT_SIZELIMIT); + add_int(d,OPT_TIMELIMIT); +#ifdef LDAP_OPT_REFERRALS + add_int(d,OPT_REFERRALS); +#endif + add_int(d,OPT_ERROR_NUMBER); + add_int(d,OPT_RESTART); + add_int(d,OPT_PROTOCOL_VERSION); + add_int(d,OPT_SERVER_CONTROLS); + add_int(d,OPT_CLIENT_CONTROLS); + add_int(d,OPT_API_FEATURE_INFO); + add_int(d,OPT_HOST_NAME); + + add_int(d,OPT_DIAGNOSTIC_MESSAGE); + + add_int(d,OPT_ERROR_STRING); + add_int(d,OPT_MATCHED_DN); + add_int(d,OPT_DEBUG_LEVEL); + add_int(d,OPT_TIMEOUT); + add_int(d,OPT_REFHOPLIMIT); + add_int(d,OPT_NETWORK_TIMEOUT); + add_int(d,OPT_URI); +#ifdef LDAP_OPT_DEFBASE + add_int(d,OPT_DEFBASE); +#endif +#ifdef HAVE_TLS + add_int(d,OPT_X_TLS); +#ifdef LDAP_OPT_X_TLS_NEWCTX + add_int(d,OPT_X_TLS_CTX); +#endif + add_int(d,OPT_X_TLS_CACERTFILE); + add_int(d,OPT_X_TLS_CACERTDIR); + add_int(d,OPT_X_TLS_CERTFILE); + add_int(d,OPT_X_TLS_KEYFILE); + add_int(d,OPT_X_TLS_REQUIRE_CERT); + add_int(d,OPT_X_TLS_CIPHER_SUITE); + add_int(d,OPT_X_TLS_RANDOM_FILE); + add_int(d,OPT_X_TLS_DHFILE); + add_int(d,OPT_X_TLS_NEVER); + add_int(d,OPT_X_TLS_HARD); + add_int(d,OPT_X_TLS_DEMAND); + add_int(d,OPT_X_TLS_ALLOW); + add_int(d,OPT_X_TLS_TRY); +#ifdef LDAP_OPT_X_TLS_PEERCERT + add_int(d,OPT_X_TLS_PEERCERT); +#endif +#ifdef LDAP_OPT_X_TLS_VERSION + add_int(d,OPT_X_TLS_VERSION); +#endif +#ifdef LDAP_OPT_X_TLS_CIPHER + add_int(d,OPT_X_TLS_CIPHER); +#endif +#ifdef LDAP_OPT_X_TLS_CRLCHECK + /* only available if OpenSSL supports it => might cause backward compability problems */ + add_int(d,OPT_X_TLS_CRLCHECK); +#ifdef LDAP_OPT_X_TLS_CRLFILE + add_int(d,OPT_X_TLS_CRLFILE); +#endif + add_int(d,OPT_X_TLS_CRL_NONE); + add_int(d,OPT_X_TLS_CRL_PEER); + add_int(d,OPT_X_TLS_CRL_ALL); +#endif +#ifdef LDAP_OPT_X_TLS_NEWCTX + add_int(d,OPT_X_TLS_NEWCTX); +#endif +#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN + add_int(d,OPT_X_TLS_PROTOCOL_MIN); +#endif +#ifdef LDAP_OPT_X_TLS_PACKAGE + add_int(d,OPT_X_TLS_PACKAGE); +#endif +#endif + add_int(d,OPT_X_SASL_MECH); + add_int(d,OPT_X_SASL_REALM); + add_int(d,OPT_X_SASL_AUTHCID); + add_int(d,OPT_X_SASL_AUTHZID); + add_int(d,OPT_X_SASL_SSF); + add_int(d,OPT_X_SASL_SSF_EXTERNAL); + add_int(d,OPT_X_SASL_SECPROPS); + add_int(d,OPT_X_SASL_SSF_MIN); + add_int(d,OPT_X_SASL_SSF_MAX); +#ifdef LDAP_OPT_X_SASL_NOCANON + add_int(d,OPT_X_SASL_NOCANON); +#endif +#ifdef LDAP_OPT_X_SASL_USERNAME + add_int(d,OPT_X_SASL_USERNAME); +#endif +#ifdef LDAP_OPT_CONNECT_ASYNC + add_int(d,OPT_CONNECT_ASYNC); +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_IDLE + add_int(d,OPT_X_KEEPALIVE_IDLE); +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_PROBES + add_int(d,OPT_X_KEEPALIVE_PROBES); +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL + add_int(d,OPT_X_KEEPALIVE_INTERVAL); +#endif + + add_int(d,DN_FORMAT_LDAP); + add_int(d,DN_FORMAT_LDAPV3); + add_int(d,DN_FORMAT_LDAPV2); + add_int(d,DN_FORMAT_DCE); + add_int(d,DN_FORMAT_UFN); + add_int(d,DN_FORMAT_AD_CANONICAL); + /* add_int(d,DN_FORMAT_LBER); */ /* "for testing only" */ + add_int(d,DN_FORMAT_MASK); + add_int(d,DN_PRETTY); + add_int(d,DN_SKIP); + add_int(d,DN_P_NOLEADTRAILSPACES); + add_int(d,DN_P_NOSPACEAFTERRDN); + add_int(d,DN_PEDANTIC); + + add_int(d,AVA_NULL); + add_int(d,AVA_STRING); + add_int(d,AVA_BINARY); + add_int(d,AVA_NONPRINTABLE); + + /*add_int(d,OPT_ON);*/ + obj = PyInt_FromLong(1); + PyDict_SetItemString( d, "OPT_ON", obj ); + Py_DECREF(obj); + /*add_int(d,OPT_OFF);*/ + obj = PyInt_FromLong(0); + PyDict_SetItemString( d, "OPT_OFF", obj ); + Py_DECREF(obj); + + add_int(d,OPT_SUCCESS); + + /* XXX - these belong in errors.c */ + + add_int(d,URL_ERR_BADSCOPE); + add_int(d,URL_ERR_MEM); + + /* author */ + + author = PyString_FromString("python-ldap Project"); + PyDict_SetItemString(d, "__author__", author); + Py_DECREF(author); + + /* add_int(d,LIBLDAP_R); */ +#ifdef HAVE_LIBLDAP_R + obj = PyInt_FromLong(1); +#else + obj = PyInt_FromLong(0); +#endif + PyDict_SetItemString( d, "LIBLDAP_R", obj ); + Py_DECREF(obj); + + /* add_int(d,SASL); */ +#ifdef HAVE_SASL + obj = PyInt_FromLong(1); +#else + obj = PyInt_FromLong(0); +#endif + PyDict_SetItemString( d, "SASL_AVAIL", obj ); + Py_DECREF(obj); + + /* add_int(d,TLS); */ +#ifdef HAVE_TLS + obj = PyInt_FromLong(1); +#else + obj = PyInt_FromLong(0); +#endif + PyDict_SetItemString( d, "TLS_AVAIL", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_MANAGEDSAIT); + PyDict_SetItemString( d, "CONTROL_MANAGEDSAIT", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_PROXY_AUTHZ); + PyDict_SetItemString( d, "CONTROL_PROXY_AUTHZ", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_SUBENTRIES); + PyDict_SetItemString( d, "CONTROL_SUBENTRIES", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_VALUESRETURNFILTER); + PyDict_SetItemString( d, "CONTROL_VALUESRETURNFILTER", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_ASSERT); + PyDict_SetItemString( d, "CONTROL_ASSERT", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_PRE_READ); + PyDict_SetItemString( d, "CONTROL_PRE_READ", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_POST_READ); + PyDict_SetItemString( d, "CONTROL_POST_READ", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_SORTREQUEST); + PyDict_SetItemString( d, "CONTROL_SORTREQUEST", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_SORTRESPONSE); + PyDict_SetItemString( d, "CONTROL_SORTRESPONSE", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_PAGEDRESULTS); + PyDict_SetItemString( d, "CONTROL_PAGEDRESULTS", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_SYNC); + PyDict_SetItemString( d, "CONTROL_SYNC", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_SYNC_STATE); + PyDict_SetItemString( d, "CONTROL_SYNC_STATE", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_SYNC_DONE); + PyDict_SetItemString( d, "CONTROL_SYNC_DONE", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_SYNC_INFO); + PyDict_SetItemString( d, "SYNC_INFO", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_PASSWORDPOLICYREQUEST); + PyDict_SetItemString( d, "CONTROL_PASSWORDPOLICYREQUEST", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_PASSWORDPOLICYRESPONSE); + PyDict_SetItemString( d, "CONTROL_PASSWORDPOLICYRESPONSE", obj ); + Py_DECREF(obj); + + obj = PyString_FromString(LDAP_CONTROL_RELAX); + PyDict_SetItemString( d, "CONTROL_RELAX", obj ); + Py_DECREF(obj); + +} diff --git a/Modules/options.c b/Modules/options.c new file mode 100644 index 0000000..9cad581 --- /dev/null +++ b/Modules/options.c @@ -0,0 +1,382 @@ +/* See http://www.python-ldap.org/ for details. + * $Id: options.c,v 1.41 2013/09/11 08:16:27 stroeder Exp $ */ + +#include "common.h" +#include "errors.h" +#include "LDAPObject.h" +#include "ldapcontrol.h" +#include "options.h" + +void +set_timeval_from_double( struct timeval *tv, double d ) { + tv->tv_usec = (long) ( fmod(d, 1.0) * 1000000.0 ); + tv->tv_sec = (long) floor(d); +} + +/** + * Converts a return code from ldap_set_option() or ldap_get_option() + * into a python error, and returns NULL. + */ +static PyObject * +option_error(int res, const char *fn) +{ + if (res == LDAP_OPT_ERROR) + PyErr_SetString(PyExc_ValueError, "option error"); + else if (res == LDAP_PARAM_ERROR) + PyErr_SetString(PyExc_ValueError, "parameter error"); + else if (res == LDAP_NO_MEMORY) + PyErr_NoMemory(); + else + PyErr_Format(PyExc_SystemError, "error %d from %s", res, fn); + return NULL; +} + +/** + * Sets an LDAP option. + * Returns 0 on failure, 1 on success + */ +int +LDAP_set_option(LDAPObject *self, int option, PyObject *value) +{ + int res; + int intval; + double doubleval; + char *strval; + struct timeval tv; + void *ptr; + LDAP *ld; + LDAPControl **controls = NULL; + + ld = self ? self->ldap : NULL; + + switch(option) { + case LDAP_OPT_API_INFO: + case LDAP_OPT_API_FEATURE_INFO: +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SSF: +#endif + /* Read-only options */ + PyErr_SetString(PyExc_ValueError, "read-only option"); + return 0; + case LDAP_OPT_REFERRALS: + case LDAP_OPT_RESTART: +#ifdef LDAP_OPT_X_SASL_NOCANON + case LDAP_OPT_X_SASL_NOCANON: +#endif +#ifdef LDAP_OPT_CONNECT_ASYNC + case LDAP_OPT_CONNECT_ASYNC: +#endif + /* Truth-value options */ + ptr = PyObject_IsTrue(value) ? LDAP_OPT_ON : LDAP_OPT_OFF; + break; + + case LDAP_OPT_DEREF: + case LDAP_OPT_SIZELIMIT: + case LDAP_OPT_TIMELIMIT: + case LDAP_OPT_PROTOCOL_VERSION: + case LDAP_OPT_ERROR_NUMBER: + case LDAP_OPT_DEBUG_LEVEL: +#ifdef HAVE_TLS + case LDAP_OPT_X_TLS: + case LDAP_OPT_X_TLS_REQUIRE_CERT: +#ifdef LDAP_OPT_X_TLS_CRLCHECK + case LDAP_OPT_X_TLS_CRLCHECK: +#endif +#ifdef LDAP_OPT_X_TLS_NEWCTX + case LDAP_OPT_X_TLS_NEWCTX: +#endif +#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN + case LDAP_OPT_X_TLS_PROTOCOL_MIN: +#endif +#endif +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SSF_MIN: + case LDAP_OPT_X_SASL_SSF_MAX: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_IDLE + case LDAP_OPT_X_KEEPALIVE_IDLE: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_PROBES + case LDAP_OPT_X_KEEPALIVE_PROBES: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL + case LDAP_OPT_X_KEEPALIVE_INTERVAL: +#endif + + /* integer value options */ + if (!PyArg_Parse(value, "i:set_option", &intval)) + return 0; + ptr = &intval; + break; + case LDAP_OPT_HOST_NAME: + case LDAP_OPT_URI: +#ifdef LDAP_OPT_DEFBASE + case LDAP_OPT_DEFBASE: +#endif + case LDAP_OPT_ERROR_STRING: + case LDAP_OPT_MATCHED_DN: +#ifdef HAVE_TLS + case LDAP_OPT_X_TLS_CACERTFILE: + case LDAP_OPT_X_TLS_CACERTDIR: + case LDAP_OPT_X_TLS_CERTFILE: + case LDAP_OPT_X_TLS_KEYFILE: + case LDAP_OPT_X_TLS_CIPHER_SUITE: + case LDAP_OPT_X_TLS_RANDOM_FILE: + case LDAP_OPT_X_TLS_DHFILE: +#ifdef LDAP_OPT_X_TLS_CRLFILE + case LDAP_OPT_X_TLS_CRLFILE: +#endif +#endif +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SECPROPS: +#endif + /* String valued options */ + if (!PyArg_Parse(value, "s:set_option", &strval)) + return 0; + ptr = strval; + break; + case LDAP_OPT_TIMEOUT: + case LDAP_OPT_NETWORK_TIMEOUT: + /* Float valued timeval options */ + if (!PyArg_Parse(value, "d:set_option", &doubleval)) + return 0; + if (doubleval >= 0) { + set_timeval_from_double( &tv, doubleval ); + ptr = &tv; + } else { + ptr = NULL; + } + break; + case LDAP_OPT_SERVER_CONTROLS: + case LDAP_OPT_CLIENT_CONTROLS: + if (!LDAPControls_from_object(value, &controls)) + return 0; + ptr = controls; + break; + default: + PyErr_Format(PyExc_ValueError, "unknown option %d", option); + return 0; + } + + if (self) LDAP_BEGIN_ALLOW_THREADS(self); + res = ldap_set_option(ld, option, ptr); + if (self) LDAP_END_ALLOW_THREADS(self); + + if ((option == LDAP_OPT_SERVER_CONTROLS) || (option == LDAP_OPT_CLIENT_CONTROLS)) + LDAPControl_List_DEL(controls); + + if (res != LDAP_OPT_SUCCESS) { + option_error(res, "ldap_set_option"); + return 0; + } + + return 1; +} + +PyObject * +LDAP_get_option(LDAPObject *self, int option) +{ + int res; + int intval; + struct timeval *tv; + LDAPAPIInfo apiinfo; + LDAPControl **lcs; + LDAPControl *lc; + char *strval; + PyObject *extensions, *v, *tup; + Py_ssize_t i, num_extensions, num_controls; + LDAP *ld; + + ld = self ? self->ldap : NULL; + + switch(option) { + case LDAP_OPT_API_INFO: + apiinfo.ldapai_info_version = LDAP_API_INFO_VERSION; + if (self) LDAP_BEGIN_ALLOW_THREADS(self); + res = ldap_get_option( ld, option, &apiinfo ); + if (self) LDAP_END_ALLOW_THREADS(self); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + + /* put the extensions into tuple form */ + num_extensions = 0; + while (apiinfo.ldapai_extensions[num_extensions]) + num_extensions++; + extensions = PyTuple_New(num_extensions); + for (i = 0; i < num_extensions; i++) + PyTuple_SET_ITEM(extensions, i, + PyString_FromString(apiinfo.ldapai_extensions[i])); + + /* return api info as a dictionary */ + v = Py_BuildValue("{s:i, s:i, s:i, s:s, s:i, s:O}", + "info_version", apiinfo.ldapai_info_version, + "api_version", apiinfo.ldapai_api_version, + "protocol_version", apiinfo.ldapai_protocol_version, + "vendor_name", apiinfo.ldapai_vendor_name, + "vendor_version", apiinfo.ldapai_vendor_version, + "extensions", extensions); + + if (apiinfo.ldapai_vendor_name) + ldap_memfree(apiinfo.ldapai_vendor_name); + for (i = 0; i < num_extensions; i++) + ldap_memfree(apiinfo.ldapai_extensions[i]); + ldap_memfree(apiinfo.ldapai_extensions); + Py_DECREF(extensions); + + return v; + +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SSF: +#endif + case LDAP_OPT_REFERRALS: + case LDAP_OPT_RESTART: + case LDAP_OPT_DEREF: + case LDAP_OPT_SIZELIMIT: + case LDAP_OPT_TIMELIMIT: + case LDAP_OPT_PROTOCOL_VERSION: + case LDAP_OPT_ERROR_NUMBER: + case LDAP_OPT_DEBUG_LEVEL: +#ifdef HAVE_TLS + case LDAP_OPT_X_TLS: + case LDAP_OPT_X_TLS_REQUIRE_CERT: +#ifdef LDAP_OPT_X_TLS_CRLCHECK + case LDAP_OPT_X_TLS_CRLCHECK: +#endif +#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN + case LDAP_OPT_X_TLS_PROTOCOL_MIN: +#endif +#endif +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SSF_MIN: + case LDAP_OPT_X_SASL_SSF_MAX: +#endif +#ifdef LDAP_OPT_X_SASL_NOCANON + case LDAP_OPT_X_SASL_NOCANON: +#endif +#ifdef LDAP_OPT_CONNECT_ASYNC + case LDAP_OPT_CONNECT_ASYNC: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_IDLE + case LDAP_OPT_X_KEEPALIVE_IDLE: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_PROBES + case LDAP_OPT_X_KEEPALIVE_PROBES: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL + case LDAP_OPT_X_KEEPALIVE_INTERVAL: +#endif + /* Integer-valued options */ + if (self) LDAP_BEGIN_ALLOW_THREADS(self); + res = ldap_get_option(ld, option, &intval); + if (self) LDAP_END_ALLOW_THREADS(self); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + return PyInt_FromLong(intval); + + case LDAP_OPT_HOST_NAME: + case LDAP_OPT_URI: +#ifdef LDAP_OPT_DEFBASE + case LDAP_OPT_DEFBASE: +#endif + case LDAP_OPT_ERROR_STRING: + case LDAP_OPT_MATCHED_DN: +#ifdef HAVE_TLS + case LDAP_OPT_X_TLS_CACERTFILE: + case LDAP_OPT_X_TLS_CACERTDIR: + case LDAP_OPT_X_TLS_CERTFILE: + case LDAP_OPT_X_TLS_KEYFILE: + case LDAP_OPT_X_TLS_CIPHER_SUITE: + case LDAP_OPT_X_TLS_RANDOM_FILE: + case LDAP_OPT_X_TLS_DHFILE: +#ifdef LDAP_OPT_X_TLS_CRLFILE + case LDAP_OPT_X_TLS_CRLFILE: +#endif +#ifdef LDAP_OPT_X_TLS_VERSION + case LDAP_OPT_X_TLS_VERSION: +#endif +#ifdef LDAP_OPT_X_TLS_CIPHER + case LDAP_OPT_X_TLS_CIPHER: +#endif +#ifdef LDAP_OPT_X_TLS_PACKAGE + case LDAP_OPT_X_TLS_PACKAGE: +#endif +#endif +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SECPROPS: + case LDAP_OPT_X_SASL_MECH: + case LDAP_OPT_X_SASL_REALM: + case LDAP_OPT_X_SASL_AUTHCID: + case LDAP_OPT_X_SASL_AUTHZID: +#ifdef LDAP_OPT_X_SASL_USERNAME + case LDAP_OPT_X_SASL_USERNAME: +#endif +#endif + /* String-valued options */ + if (self) LDAP_BEGIN_ALLOW_THREADS(self); + res = ldap_get_option(ld, option, &strval); + if (self) LDAP_END_ALLOW_THREADS(self); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + if (strval == NULL) { + Py_INCREF(Py_None); + return Py_None; + } + v = PyString_FromString(strval); + ldap_memfree(strval); + return v; + + case LDAP_OPT_TIMEOUT: + case LDAP_OPT_NETWORK_TIMEOUT: + /* Double-valued timeval options */ + if (self) LDAP_BEGIN_ALLOW_THREADS(self); + res = ldap_get_option(ld, option, &tv); + if (self) LDAP_END_ALLOW_THREADS(self); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + if (tv == NULL) { + Py_INCREF(Py_None); + return Py_None; + } + v = PyFloat_FromDouble( + (double) tv->tv_sec + ( (double) tv->tv_usec / 1000000.0 ) + ); + ldap_memfree(tv); + return v; + + case LDAP_OPT_SERVER_CONTROLS: + case LDAP_OPT_CLIENT_CONTROLS: + if (self) LDAP_BEGIN_ALLOW_THREADS(self); + res = ldap_get_option(ld, option, &lcs); + if (self) LDAP_END_ALLOW_THREADS(self); + + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + + if (lcs == NULL) + return PyList_New(0); + + /* Get the number of controls */ + num_controls = 0; + while (lcs[num_controls]) + num_controls++; + + /* We'll build a list of controls, with each control a tuple */ + v = PyList_New(num_controls); + for (i = 0; i < num_controls; i++) { + lc = lcs[i]; + tup = Py_BuildValue("(sbs)", + lc->ldctl_oid, + lc->ldctl_iscritical, + lc->ldctl_value.bv_val); + PyList_SET_ITEM(v, i, tup); + } + + ldap_controls_free(lcs); + + return v; + + default: + PyErr_Format(PyExc_ValueError, "unknown option %d", option); + return NULL; + } +} From 8c3d0bc13fa3fe7175c0b4954d41053c5117a4f5 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 13 Sep 2013 18:02:47 +0000 Subject: [PATCH 101/868] urlfetch(): Work-around for mix-cased attribute type namesy --- Lib/ldap/schema/subentry.py | 497 ++++++++++++++++++++++++++++++++++++ 1 file changed, 497 insertions(+) create mode 100644 Lib/ldap/schema/subentry.py diff --git a/Lib/ldap/schema/subentry.py b/Lib/ldap/schema/subentry.py new file mode 100644 index 0000000..4674d3d --- /dev/null +++ b/Lib/ldap/schema/subentry.py @@ -0,0 +1,497 @@ +""" +ldap.schema.subentry - subschema subentry handling + +See http://www.python-ldap.org/ for details. + +\$Id: subentry.py,v 1.34 2013/09/13 18:02:47 stroeder Exp $ +""" + +import ldap.cidict,ldap.schema + +from ldap.schema.models import * + +from UserDict import UserDict + +SCHEMA_CLASS_MAPPING = ldap.cidict.cidict() +SCHEMA_ATTR_MAPPING = {} + +for _name in dir(): + o = eval(_name) + if hasattr(o,'schema_attribute'): + SCHEMA_CLASS_MAPPING[o.schema_attribute] = o + SCHEMA_ATTR_MAPPING[o] = o.schema_attribute + +SCHEMA_ATTRS = SCHEMA_CLASS_MAPPING.keys() + + +class SubschemaError(ValueError): + pass + + +class OIDNotUnique(SubschemaError): + + def __init__(self,desc): + self.desc = desc + + def __str__(self): + return 'OID not unique for %s' % (self.desc) + + +class NameNotUnique(SubschemaError): + + def __init__(self,desc): + self.desc = desc + + def __str__(self): + return 'NAME not unique for %s' % (self.desc) + + +class SubSchema: + """ + Arguments: + + sub_schema_sub_entry + Dictionary usually returned by LDAP search or the LDIF parser + containing the sub schema sub entry + + check_uniqueness + Defines whether uniqueness of OIDs and NAME is checked. + + 0 + no check + 1 + check but add schema description with work-around + 2 + check and raise exception if non-unique OID or NAME is found + + Class attributes: + + sed + Dictionary holding the subschema information as pre-parsed + SchemaElement objects (do not access directly!) + name2oid + Dictionary holding the mapping from NAMEs to OIDs + (do not access directly!) + non_unique_oids + List of OIDs used at least twice in the subschema + non_unique_names + List of NAMEs used at least twice in the subschema for the same schema element + """ + + def __init__(self,sub_schema_sub_entry,check_uniqueness=1): + + # Initialize all dictionaries + self.name2oid = {} + self.sed = {} + self.non_unique_oids = {} + self.non_unique_names = {} + for c in SCHEMA_CLASS_MAPPING.values(): + self.name2oid[c] = ldap.cidict.cidict() + self.sed[c] = {} + self.non_unique_names[c] = ldap.cidict.cidict() + + # Transform entry dict to case-insensitive dict + e = ldap.cidict.cidict(sub_schema_sub_entry) + + # Build the schema registry in dictionaries + for attr_type in SCHEMA_ATTRS: + + for attr_value in filter(None,e.get(attr_type,[])): + + se_class = SCHEMA_CLASS_MAPPING[attr_type] + se_instance = se_class(attr_value) + se_id = se_instance.get_id() + + if check_uniqueness and se_id in self.sed[se_class]: + self.non_unique_oids[se_id] = None + if check_uniqueness==1: + # Add to subschema by adding suffix to ID + suffix_counter = 1 + new_se_id = se_id + while new_se_id in self.sed[se_class]: + new_se_id = ';'.join((se_id,str(suffix_counter))) + suffix_counter += 1 + else: + se_id = new_se_id + elif check_uniqueness>=2: + raise OIDNotUnique(attr_value) + + # Store the schema element instance in the central registry + self.sed[se_class][se_id] = se_instance + + if hasattr(se_instance,'names'): + for name in ldap.cidict.cidict({}.fromkeys(se_instance.names)).keys(): + if check_uniqueness and name in self.name2oid[se_class]: + self.non_unique_names[se_class][se_id] = None + raise NameNotUnique(attr_value) + else: + self.name2oid[se_class][name] = se_id + + # Turn dict into list maybe more handy for applications + self.non_unique_oids = self.non_unique_oids.keys() + + return # subSchema.__init__() + + + def ldap_entry(self): + """ + Returns a dictionary containing the sub schema sub entry + """ + # Initialize the dictionary with empty lists + entry = {} + # Collect the schema elements and store them in + # entry's attributes + for se_class in self.sed.keys(): + for se in self.sed[se_class].values(): + se_str = str(se) + try: + entry[SCHEMA_ATTR_MAPPING[se_class]].append(se_str) + except KeyError: + entry[SCHEMA_ATTR_MAPPING[se_class]] = [ se_str ] + return entry + + def listall(self,schema_element_class,schema_element_filters=None): + """ + Returns a list of OIDs of all available schema + elements of a given schema element class. + """ + avail_se = self.sed[schema_element_class] + if schema_element_filters: + result = [] + for se_key in avail_se.keys(): + se = avail_se[se_key] + for fk,fv in schema_element_filters: + try: + if getattr(se,fk) in fv: + result.append(se_key) + except AttributeError: + pass + else: + result = avail_se.keys() + return result + + + def tree(self,schema_element_class,schema_element_filters=None): + """ + Returns a ldap.cidict.cidict dictionary representing the + tree structure of the schema elements. + """ + assert schema_element_class in [ObjectClass,AttributeType] + avail_se = self.listall(schema_element_class,schema_element_filters) + top_node = '_' + tree = ldap.cidict.cidict({top_node:[]}) + # 1. Pass: Register all nodes + for se in avail_se: + tree[se] = [] + # 2. Pass: Register all sup references + for se_oid in avail_se: + se_obj = self.get_obj(schema_element_class,se_oid,None) + if se_obj.__class__!=schema_element_class: + # Ignore schema elements not matching schema_element_class. + # This helps with falsely assigned OIDs. + continue + assert se_obj.__class__==schema_element_class, \ + "Schema element referenced by %s must be of class %s but was %s" % ( + se_oid,schema_element_class.__name__,se_obj.__class__ + ) + for s in se_obj.sup or ('_',): + sup_oid = self.getoid(schema_element_class,s) + try: + tree[sup_oid].append(se_oid) + except: + pass + return tree + + + def getoid(self,se_class,nameoroid,raise_keyerror=0): + """ + Get an OID by name or OID + """ + nameoroid_stripped = nameoroid.split(';')[0].strip() + if nameoroid_stripped in self.sed[se_class]: + # name_or_oid is already a registered OID + return nameoroid_stripped + else: + try: + result_oid = self.name2oid[se_class][nameoroid_stripped] + except KeyError: + if raise_keyerror: + raise KeyError('No registered %s-OID for nameoroid %s' % (se_class.__name__,repr(nameoroid_stripped))) + else: + result_oid = nameoroid_stripped + return result_oid + + + def get_inheritedattr(self,se_class,nameoroid,name): + """ + Get a possibly inherited attribute specified by name + of a schema element specified by nameoroid. + Returns None if class attribute is not set at all. + + Raises KeyError if no schema element is found by nameoroid. + """ + se = self.sed[se_class][self.getoid(se_class,nameoroid)] + try: + result = getattr(se,name) + except AttributeError: + result = None + if result is None and se.sup: + result = self.get_inheritedattr(se_class,se.sup[0],name) + return result + + + def get_obj(self,se_class,nameoroid,default=None,raise_keyerror=0): + """ + Get a schema element by name or OID + """ + se_oid = self.getoid(se_class,nameoroid) + try: + se_obj = self.sed[se_class][se_oid] + except KeyError: + if raise_keyerror: + raise KeyError('No ldap.schema.%s instance with nameoroid %s and se_oid %s' % ( + se_class.__name__,repr(nameoroid),repr(se_oid)) + ) + else: + se_obj = default + return se_obj + + + def get_inheritedobj(self,se_class,nameoroid,inherited=None): + """ + Get a schema element by name or OID with all class attributes + set including inherited class attributes + """ + import copy + inherited = inherited or [] + se = copy.copy(self.sed[se_class].get(self.getoid(se_class,nameoroid))) + if se and hasattr(se,'sup'): + for class_attr_name in inherited: + setattr(se,class_attr_name,self.get_inheritedattr(se_class,nameoroid,class_attr_name)) + return se + + + def get_syntax(self,nameoroid): + """ + Get the syntax of an attribute type specified by name or OID + """ + at_oid = self.getoid(AttributeType,nameoroid) + try: + at_obj = self.get_inheritedobj(AttributeType,at_oid) + except KeyError: + return None + else: + return at_obj.syntax + + + def get_structural_oc(self,oc_list): + """ + Returns OID of structural object class in oc_list + if any is present. Returns None else. + """ + # Get tree of all STRUCTURAL object classes + oc_tree = self.tree(ObjectClass,[('kind',[0])]) + # Filter all STRUCTURAL object classes + struct_ocs = {} + for oc_nameoroid in oc_list: + oc_se = self.get_obj(ObjectClass,oc_nameoroid,None) + if oc_se and oc_se.kind==0: + struct_ocs[oc_se.oid] = None + result = None + struct_oc_list = struct_ocs.keys() + while struct_oc_list: + oid = struct_oc_list.pop() + for child_oid in oc_tree[oid]: + if struct_ocs.has_key(self.getoid(ObjectClass,child_oid)): + break + else: + result = oid + return result + + + def get_applicable_aux_classes(self,nameoroid): + """ + Return a list of the applicable AUXILIARY object classes + for a STRUCTURAL object class specified by 'nameoroid' + if the object class is governed by a DIT content rule. + If there's no DIT content rule all available AUXILIARY + object classes are returned. + """ + content_rule = self.get_obj(DITContentRule,nameoroid) + if content_rule: + # Return AUXILIARY object classes from DITContentRule instance + return content_rule.aux + else: + # list all AUXILIARY object classes + return self.listall(ObjectClass,[('kind',[2])]) + + def attribute_types( + self,object_class_list,attr_type_filter=None,raise_keyerror=1,ignore_dit_content_rule=0 + ): + """ + Returns a 2-tuple of all must and may attributes including + all inherited attributes of superior object classes + by walking up classes along the SUP attribute. + + The attributes are stored in a ldap.cidict.cidict dictionary. + + object_class_list + list of strings specifying object class names or OIDs + attr_type_filter + list of 2-tuples containing lists of class attributes + which has to be matched + raise_keyerror + All KeyError exceptions for non-existent schema elements + are ignored + ignore_dit_content_rule + A DIT content rule governing the structural object class + is ignored + """ + AttributeType = ldap.schema.AttributeType + ObjectClass = ldap.schema.ObjectClass + + # Map object_class_list to object_class_oids (list of OIDs) + object_class_oids = [ + self.getoid(ObjectClass,o) + for o in object_class_list + ] + # Initialize + oid_cache = {} + + r_must,r_may = ldap.cidict.cidict(),ldap.cidict.cidict() + if '1.3.6.1.4.1.1466.101.120.111' in object_class_oids: + # Object class 'extensibleObject' MAY carry every attribute type + for at_obj in self.sed[AttributeType].values(): + r_may[at_obj.oid] = at_obj + + # Loop over OIDs of all given object classes + while object_class_oids: + object_class_oid = object_class_oids.pop(0) + # Check whether the objectClass with this OID + # has already been processed + if oid_cache.has_key(object_class_oid): + continue + # Cache this OID as already being processed + oid_cache[object_class_oid] = None + try: + object_class = self.sed[ObjectClass][object_class_oid] + except KeyError: + if raise_keyerror: + raise + # Ignore this object class + continue + assert isinstance(object_class,ObjectClass) + assert hasattr(object_class,'must'),ValueError(object_class_oid) + assert hasattr(object_class,'may'),ValueError(object_class_oid) + for a in object_class.must: + se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + r_must[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) + for a in object_class.may: + se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + r_may[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) + + object_class_oids.extend([ + self.getoid(ObjectClass,o) + for o in object_class.sup + ]) + + # Process DIT content rules + if not ignore_dit_content_rule: + structural_oc = self.get_structural_oc(object_class_list) + if structural_oc: + # Process applicable DIT content rule + try: + dit_content_rule = self.get_obj(DITContentRule,structural_oc,raise_keyerror=1) + except KeyError: + # Not DIT content rule found for structural objectclass + pass + else: + for a in dit_content_rule.must: + se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + r_must[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) + for a in dit_content_rule.may: + se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + r_may[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) + for a in dit_content_rule.nots: + a_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + try: + del r_may[a_oid] + except KeyError: + pass + + # Remove all mandantory attribute types from + # optional attribute type list + for a in r_may.keys(): + if r_must.has_key(a): + del r_may[a] + + # Apply attr_type_filter to results + if attr_type_filter: + for l in [r_must,r_may]: + for a in l.keys(): + for afk,afv in attr_type_filter: + try: + schema_attr_type = self.sed[AttributeType][a] + except KeyError: + if raise_keyerror: + raise KeyError,'No attribute type found in sub schema by name %s' % (a) + # If there's no schema element for this attribute type + # but still KeyError is to be ignored we filter it away + del l[a] + break + else: + if not getattr(schema_attr_type,afk) in afv: + del l[a] + break + + return r_must,r_may # attribute_types() + + +def urlfetch(uri,trace_level=0): + """ + Fetches a parsed schema entry by uri. + + If uri is a LDAP URL the LDAP server is queried directly. + Otherwise uri is assumed to point to a LDIF file which + is loaded with urllib. + """ + uri = uri.strip() + if uri.startswith('ldap:') or uri.startswith('ldaps:') or uri.startswith('ldapi:'): + import ldapurl + ldap_url = ldapurl.LDAPUrl(uri) + l=ldap.initialize(ldap_url.initializeUrl(),trace_level) + l.protocol_version = ldap.VERSION3 + l.simple_bind_s(ldap_url.who or '', ldap_url.cred or '') + subschemasubentry_dn = l.search_subschemasubentry_s(ldap_url.dn) + if subschemasubentry_dn is None: + s_temp = None + else: + if ldap_url.attrs is None: + schema_attrs = SCHEMA_ATTRS + else: + schema_attrs = ldap_url.attrs + s_temp = l.read_subschemasubentry_s( + subschemasubentry_dn,attrs=schema_attrs + ) + l.unbind_s() + del l + else: + import urllib,ldif + ldif_file = urllib.urlopen(uri) + ldif_parser = ldif.LDIFRecordList(ldif_file,max_entries=1) + ldif_parser.parse() + subschemasubentry_dn,s_temp = ldif_parser.all_records[0] + # Work-around for mixed-cased attribute names + subschemasubentry_entry = ldap.cidict.cidict() + for at,av in s_temp.items(): + if at in SCHEMA_CLASS_MAPPING: + try: + subschemasubentry_entry[at].extend(av) + except KeyError: + subschemasubentry_entry[at] = av + # Finally parse the schema + if subschemasubentry_dn!=None: + parsed_sub_schema = ldap.schema.SubSchema(subschemasubentry_entry) + else: + parsed_sub_schema = None + return subschemasubentry_dn, parsed_sub_schema From 58672dcf8031e321dc1911d6f6bdbeaf98d7085c Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 21 Sep 2013 03:55:37 +0000 Subject: [PATCH 102/868] New method ldap.async.AsyncSearchHandler.afterFirstResult() --- CHANGES | 1071 +++++++++++++++++++++++++++++++++++++++++++++ Lib/ldap/async.py | 317 ++++++++++++++ 2 files changed, 1388 insertions(+) create mode 100644 CHANGES create mode 100644 Lib/ldap/async.py diff --git a/CHANGES b/CHANGES new file mode 100644 index 0000000..54a6f4b --- /dev/null +++ b/CHANGES @@ -0,0 +1,1071 @@ +---------------------------------------------------------------- +Released 2.4.14 2013-xx-xx + +Changes since 2.4.13: + +Lib/ +* Added ldap.controls.openldap.SearchNoOpControl +* New method ldap.async.AsyncSearchHandler.afterFirstResult() + for doing something right after successfully receiving but before + processing first result + +Modules/ +* Added support for retrieving negotiated TLS version/cipher + with LDAPObject.get_option() with the help of upcoming OpenLDAP libs + +---------------------------------------------------------------- +Released 2.4.13 2013-06-27 + +Changes since 2.4.12: + +Lib/ +* ldapobject.ReconnectLDAPObject._apply_last_bind() now sends + anonymous simple bind request even if the calling application + did not to provoke ldap.SERVER_DOWN in method reconnect() +* ldapobject.ReconnectLDAPObject.reconnect() now also catches + ldap.TIMEOUT exception after reconnection attempt +* Several other fixes for ldapobject.ReconnectLDAPObject + (thanks to Jonathan Giannuzzi) + +---------------------------------------------------------------- +Released 2.4.12 2013-06-01 + +Changes since 2.4.11: + +Lib/ +* Truly optional import of PyAsn1Error exception which should + not fail anymore if pyasn1 is not installed + +---------------------------------------------------------------- +Released 2.4.11 2013-05-27 + +Changes since 2.4.10: + +Lib/ +* ldap.controls.DecodeControlTuples() now simply ignores + PyAsn1Error exception raised during decoding malformed + response control values in case of non-critical controls. +* ldif.LDIFWriter.unparse() does not simply skip empty + records anymore. + +---------------------------------------------------------------- +Released 2.4.10 2012-06-07 + +Changes since 2.4.9: + +Lib/ +* ldapobject.ReconnectLDAPObject.reconnect() now preserves + order of options set with LDAPObject.set_option before. + This is needed e.g. for setting connection-specific TLS options. + +Demo/ +* Better version of Demo/pyasn1/syncrepl.py + (thanks to Ben Cooksley) + +---------------------------------------------------------------- +Released 2.4.9 2012-03-14 + +Changes since 2.4.8: + +Lib/ +* ldapobject.ReconnectLDAPObject.reconnect() now does kind of + an internal locking to pause other threads while reconnecting + is pending. +* Changes to bind- and startTLS-related operation methods of + class ReconnectLDAPObject for more robustness +* New constant ldap.OPT_NAMES_DICT contains mapping from + integer to variable name for all option-related constants. + +---------------------------------------------------------------- +Released 2.4.8 2012-02-21 + +Changes since 2.4.7: + +Lib/ +* Fixed overzealous check for non-unique NAMEs in + ldap.schema.subentry.SubSchema.__init__() +* Fixed typos in control decoding method + ldap.controls.simple.OctetStringInteger.decodeControlValue() +* Added experimental support for draft-vchu-ldap-pwd-policy + +---------------------------------------------------------------- +Released 2.4.7 2012-12-19 + +Changes since 2.4.6: + +Lib/ +* Separate classes for request/response controls for RFC 3829 +* Fixed ldap.schema.subentry.SubSchema.attribute_types() to + also eliminate double attribute types in MAY clause of + DIT content rule + +Modules/ +* Fixed memory leak (thanks to David Malcolm) + +---------------------------------------------------------------- +Released 2.4.6 2011-11-27 + +Changes since 2.4.5: + +Lib/ +* ldap.controls.ppolicy: + Another fix for decoding the password policy response control + +---------------------------------------------------------------- +Released 2.4.5 2011-11-25 + +Changes since 2.4.4: + +Installation: +* defines for SASL and SSL in setup.cfg to be more friendly to + Python setup tools (easy_install) + +Lib/ +* Fixed typo in ldap.functions._ldap_function_call() which + always released ldap._ldap_module_lock instead of local lock +* ldap.controls.ppolicy: + Fixed decoding the password policy response control + +Demo/ +* Demo script for ldap.controls.ppolicy + +---------------------------------------------------------------- +Released 2.4.4 2011-10-26 + +Changes since 2.4.3: + +Modules/ +* Format intermediate messages as 3-tuples instead of + 4-tuples to match the format of other response messages. + (thanks to Chris Mikkelson) +* Fixes for memory leaks (thanks to Chris Mikkelson) + +Lib/ +* New experimental(!) sub-module ldap.syncrepl implementing syncrepl + consumer (see RFC 4533, thanks to Chris Mikkelson) + +Doc/ +* Cleaned up rst files +* Added missing classes + +---------------------------------------------------------------- +Released 2.4.3 2011-07-23 + +Changes since 2.4.2: + +Lib/ +* Mostly corrected/updated __doc__ strings + +Doc/ +* Corrected rst files +* Added missing modules, functions, classes, methods, parameters etc. + at least as auto-generated doc + +---------------------------------------------------------------- +Released 2.4.2 2011-07-21 + +Changes since 2.4.1: + +Lib/ + +Logging: +* pprint.pformat() is now used when writing method/function + arguments to the trace log + +ldap.schema.subentry: +* SubSchema.__init__() now has new key-word argument check_uniqueness + which enables checking whether OIDs are unique in the subschema subentry +* Code-cleaning: consequent use of method SubSchema.getoid() instead of + accessing SubSchema.name2oid directly. +* SubSchema.getoid() and SubSchema.getoid() now have key-word argument + raise_keyerror=0 and raise KeyError with appropriate description. + +---------------------------------------------------------------- +Released 2.4.1 2011-07-05 + +Changes since 2.4.0: + +Modules: +* New LDAP option OPT_X_TLS_PACKAGE available in OpenLDAP 2.4.26+ + to determine the name of the SSL/TLS package OpenLDAP was + built with + +Lib/ +* ldap.modlist.modifyModlist(): New key-word argument + case_ignore_attr_types used to define attribute types for which + comparison of old and new values should be case-insensitive +* Minor changes to which data is sent to debug output for various + trace levels +* Now tag [1] is used in ldap.extop.dds.RefreshResponse in + compliance with RFC 2589 (fix available for OpenLDAP ITS#6886) +* New sub-module ldap.controls.sessiontrack implements request control + as described in draft-wahl-ldap-session (needs pyasn1_modules) + +---------------------------------------------------------------- +Released 2.4.0 2011-06-02 + +Changes since 2.3.13: + +* OpenLDAP 2.4.11+ required to build +* Support for extracting LDAPv3 extended controls in + LDAP_RES_SEARCH_ENTRY responses + (see SF#2829057, thanks to Rich) +* Generic support for LDAPv3 extended operations (thanks to Rich) + +Lib/ +* new class API in ldap.controls, not backwards-compatible! +* new sub-modules for ldap.controls, some require pyasn1 and pyasn1_modules +* New methods LDAPObject.result4() and LDAPObject.extop_result() +* New (optional) class ldap.controls.AssertionControl +* New helper module ldap.logger contains file-like object which + sends trace messages to logging.log() +* Removed non-functional method LDAPObject.set_cache_options() +* Removed unused dictionary ldap.controls.knownLDAPControls + +Modules/ +* ldapcontrol.c: Fixed encode_assertion_control() and function is no longer + hidden behind ifdef-statement + +---------------------------------------------------------------- +Released 2.3.13 2011-02-19 + +Changes since 2.3.12: + +Modules/ +* Correct #ifdef-statement for LDAP_OPT_X_TLS_CRLFILE in + constants.c fixes build with older OpenLDAP libs +* Support for LDAP_OPT_DEFBASE (see SF#3072016, thanks to Johannes) + +---------------------------------------------------------------- +Released 2.3.12 2010-08-05 + +Changes since 2.3.11: + +Lib/ +* Removed tabs from various modules to make things work with python -tt. +* Quick fix to ldif.is_dn() to let multi-valued RDNs pass as valid. + Is too liberal in some corner-cases though... +* Fix to ldif.is_dn() to allow dashes in attribute type (see SF#3020292) +* ldap.open() now outputs a deprecation warning +* module-wide locking is now limited to calling _ldap.initialize(). + Still ldap.functions._ldap_function_call() is used to wrap all + calls for writing debug log. + +Modules/ +* New LDAP options available in OpenLDAP 2.4.18+ supported in + LDAPObject.get/set_option(): + ldap.OPT_X_KEEPALIVE_IDLE, ldap.OPT_X_KEEPALIVE_PROBES, + ldap.OPT_X_KEEPALIVE_INTERVAL, + ldap.OPT_X_TLS_CRLCHECK, ldap.OPT_X_TLS_CRLFILE + +Doc/ +* Various small updates/improvements + +---------------------------------------------------------------- +Released 2.3.11 2010-02-26 + +Changes since 2.3.10: + +Lib/ +* Fixed LDAP URL parsing with four ? but no real extensions +* ldap.ldapobject.LDAPObject.rename_s() now also accepts arguments + serverctrls and clientctrls +* Removed untested and undocumented class ldap.ldapobject.SmartLDAPObject +* Removed broken method ldap.ldapobject.LDAPObject.manage_dsa_it() + +Modules/ +* Make use of LDAP_OPT_X_TLS_NEWCTX only if available in + OpenLDAP libs used for the build +* Fixed #ifdef-statements for OPT_X_TLS_PROTOCOL_MIN + +Doc/ +* Some updates and corrections regarding description of use of + LDAPv3 controls +* Some more descriptions for constants +* Removed comments related to old LaTeX-based documentation system + +---------------------------------------------------------------- +Released 2.3.10 2009-10-30 + +Changes since 2.3.9: + +Lib/ +* The diagnosticMessage returned by a server is written to the trace + output also for successful operations. +* Fixed handling of LDAP URL extensions with implicit value None which are + mapped to class attributes of LDAPUrl. +* Fixed handling of LDAP URLs with ? being part of extensions. +* Fixed exceptions raised by get_option/set_option (SF#1964993) +* ldap.functions: Fixed import trace-related variables from base-module ldap +* Fixed ldap.resiter missing in RPMs built with python setup.py bdist_rpm +* Fix in class ldap.schema.models.SchemaElement: + repr() was liberally used in methods key_attr() and key_list() to enclose + values in quotes. + +Modules/ +* Changed internal API List_to_LDAPControls() to LDAPControls_from_object() +* Supported was added for retrieving the SASL username during SASL bind with + ldap_get_option(LDAP_OPT_X_SASL_USERNAME) if available in libldap. +* New LDAP option constant ldap.OPT_X_TLS_NEWCTX supported + in LDAPObject.set_option() +* New LDAP option constants supported in LDAPObject.get/set_option(): + ldap.OPT_X_TLS_PROTOCOL_MIN, ldap.OPT_CONNECT_ASYNC, ldap.OPT_X_TLS_DHFILE +* Fixed setting _ldap.OPT_ON and _ldap.OPT_OFF +* l_ldap_result3(): controls are now parsed for all response types (SF#2829057) + +Doc/ +* Added example for ldap.resiter + +---------------------------------------------------------------- +Released 2.3.9 2009-07-26 + +Changes since 2.3.8: + +Lib/ +* All modules (ldap, ldif, dsml and ldapurl) have common version number now +* Non-exported function ldif.needs_base64() was abandoned and is now + implemented as method LDIFWriter._needs_base64_encoding(). + This allows sub-classes of LDIFWriter to implement determining whether + attribute values have to be base64-encoded in a different manner and is + the same approach like in class dsml.DSMLWriter. +* LDAPUrlExtension._parse() now gracefully handles LDAP URL extensions + without explicit exvalue as being set with implicit value None. + +Modules/ +* New LDAP option constant ldap.OPT_X_SASL_NOCANON supported + in LDAPObject.get/set_option() + +---------------------------------------------------------------- +Released 2.3.8 2009-04-30 + +Changes since 2.3.7: + +Lib/ +* ldap.schema.models: More fault-tolerant parsing of SYNTAX in + AttributeTypeDescription +* ldap.schema.tokenizer.split_tokens(): + More tolerant parsing of items separated only with a DOLLAR without + surrounding white-spaces (because WSP is declared as zero or more spaces + in RFC 4512) + +---------------------------------------------------------------- +Released 2.3.7 2009-04-09 + +Changes since 2.3.6: + +Lib/ +* urllib.quote() is now used in LDAPUrlExtension.unparse() to quote + all special URL characters in extension values + +Modules/ +* Fixed ldapcontrol.c not to raise ldap.ENCODING_ERROR in + function encode_rfc2696() on 64-bit systems +* Fixed seg fault if error code in a LDAP response was outside + the known error codes and could not be mapped to a specific + exception class (thanks to Sean) +* errors.c: LDAP_ERROR_MAX set to LDAP_PROXIED_AUTHORIZATION_DENIED + if available in OpenLDAP header +* new exception class ldap.PROXIED_AUTHORIZATION_DENIED + if available in OpenLDAP header +* Fixed functions.c not to raise ldap.ENCODING_ERROR in + function l_ldap_str2dn() on 64-bit systems (see SF#2725356) + +---------------------------------------------------------------- +Released 2.3.6 2009-02-22 + +Changes since 2.3.5: + +Lib/ +* Importing ldap.str2dn() which directly imported _ldap.str2dn() + is prohibited now (see SF#2181141) + +Modules/ +* get_option(): Added support for reading more SASL options. + (OPT_X_SASL_MECH, OPT_X_SASL_REALM, OPT_X_SASL_AUTHCID and + OPT_X_SASL_AUTHZID) +* Added some explicit type casts to fix issues while building + with SunStudio +* Fixed compiling issue with GCC 4.4 + (see SF#2555793, thanks to Matej and Martin) + +Doc/ +* Clarified not to use ldap_get_dn() directly +* Fixed description of ldap.SASL_AVAIL and ldap.TLS_AVAIL + (see SF#2555804, thanks to Matej and Martin) + +---------------------------------------------------------------- +Released 2.3.5 2008-07-06 + +Changes since 2.3.4: + +Lib/ +* Fixed methods ldap.cidict.__contains__() and + ldap.schema.models.Entry.__contains__() +* FWIW method LDAPObject.cancel_s() returns a result now +* Fixed ldap.schema.models.NameForm: Class attribute oc is now + of type string, not tuple to be compliant with RFC 4512 +---------------------------------------------------------------- +Released 2.3.4 2008-03-29 + +Changes since 2.3.3: + +Modules/ +* Fixed seg fault when calling LDAPObject.get_option() + (see SF#1926507, thanks to Matej) + +---------------------------------------------------------------- +Released 2.3.3 2008-03-26 + +Changes since 2.3.2: + +Fixed backward-compability when building with OpenLDAP 2.3.x libs. + +---------------------------------------------------------------- +Released 2.3.2 2008-03-26 + +Changes since 2.3.1: + +Lib/ +* ldap.dn.escape_dn_chars() now really adheres to + RFC 4514 section 2.4 by escaping null characters and a + space occurring at the beginning of the string +* New method ldap.cidict.cidict.__contains__() +* ldap.dn.explode_dn() and ldap.dn.explode_rdn() + have a new optional key-word argument flags which is + passed to ldap.dn.str2dn(). + +Modules/ +* Removed unused OPT_PRIVATE_EXTENSION_BASE from constants.c + +Doc/ +* Various additions, updates, polishing (thanks to James). + +---------------------------------------------------------------- +Released 2.3.1 2007-07-25 + +Changes since 2.3.0: + +* Support for setuptools (building .egg, thanks to Torsten) +* Support for matched values control (RFC 3876, thanks to Andreas) + +Lib/ +* Fixed ldif (see SF#1709111, thanks to Dmitry) +* ldap.schema.models: + SUP now separated by $ (method __str__() of classes + AttributeType, ObjectClass and DITStructureRule, thanks to Stefan) + +Modules/ +* Added constant MOD_INCREMENT to support + modify+increment extension (see RFC 4525, thanks to Andreas) +---------------------------------------------------------------- +Released 2.3.0 2007-03-27 + +Changes since 2.2.1: + +* OpenLDAP 2.3+ required now to build. +* Added support for Cancel operation ext. op. if supported +in OpenLDAP API of the libs used for the build. + +Modules/ +* Removed deprecated code for setting options by name +* Added l_ldap_cancel() +* Some modifications related to PEP 353 for + Python 2.5 on 64-bit platforms (see SF#1467529, thanks to Matej) +* Added new function l_ldap_str2dn(), removed functions + l_ldap_explode_dn() and l_ldap_explode_rdn() + (see SF#1657848, thanks to David) + +Lib/ +* Added method ldapobject.LDAPObject.cancel() +* ldap.schema.subentry.urlfetch() now can do non-anonymous + simple bind if the LDAP URL provided contains extensions + 'bindname' and 'X-BINDPW'. (see SF#1589206) +* ldap.filter.escape_filter_chars() has new a key-word argument + escape_mode now which defines which chars to be escaped + (see SF#1193271). +* Various important fixes to ldapobject.ReconnectLDAPObject +* Moved all DN-related functions to sub-module ldap.dn, + import them in ldap.functions for backward compability +* ldap.dn.explode_dn() and ldap.dn.explode_rdn() use the new + wrapper function ldap.dn.str2dn() (related to SF#1657848) +* changetype issue partially fixed (see SF#1683746) + +---------------------------------------------------------------- +Released 2.2.1 2006-11-15 + +Changes since 2.2.0: + +Modules/ +* Fix for Python 2.5 free(): invalid pointer (see SF#1575329) +* passwd() accepts None for arguments user, oldpw, newpw + (see SF#1440151) + +Lib/ +* ldif.LDIFWriter.unparse() now accepts instances of + derived dict and list classes (see SF#1489898) + +---------------------------------------------------------------- +Released 2.2.0 2006-04-10 + +Changes since 2.0.11: + +* OpenLDAP 2.2+ required now to build. + +Modules/ +* Dropped all occurences of '#ifdef #LDAP_VENDOR_VERSION'. +* Fixed wrong tuple size in l_ldap_result3() (see SF#1368108) +* Fixed get_option(ldap.OPT_API_INFO) (see SF#1440165) +* Fixed memory leak in l_ldap_result3() when all=0 + (see SF#1457325) +* Fixed memory leak in l_ldap_result3() in error cases + (see SF#1464085) + +Lib/ +* Fixed ldap.schema.models.DITStructureRule.__str__() to + separate SUP rule-ids with a single space instead of ' $ ' +* Fixed ldap.async.Dict +* Added ldap.async.IndexedDict +* ldap.schema.subentry.SubSchema.attribute_types() has new + key-word argument ignore_dit_content_rule +---------------------------------------------------------------- +Released 2.0.11 2005-11-07 + +Changes since 2.0.10: + +Lib/ +* Class ldap.ldapobject.LDAPObject: + Each method returns a result now +* Class ldap.ldapobject.ReconnectLDAPObject: + Some methods called the wrong methods of LDAPObject. Fixed. +* Added new class ldap.async.Dict +* Slightly cleaned up ldap.schema.subentry.attribute_types() +* New sub-module ldap.resiter which simply provides a mix-in + class for ldap.ldapobject.LDAPObject with a generator method + allresults(). + Obviously this only works with Python 2.3+. And + it's still experimental. + +---------------------------------------------------------------- +Released 2.0.10 2005-09-23 + +Changes since 2.0.9: + +Lib/ +* Switched back to old implementation of + ldap.schema.tokenizer.split_tokens() since the new one + had a bug which deletes the spaces from DESC +* ldap.INSUFFICIENT_ACCESS is now ignored in + ldap.ldapobject.LDAPObject.search_subschemasubentry_s() + +---------------------------------------------------------------- +Released 2.0.9 2005-07-28 + +Changes since 2.0.8: + +Modules/ +* Removed __doc__ strings from ldapcontrol.c to "fix" + build problems with Python versions 2.2 and earlier. + +---------------------------------------------------------------- +Released 2.0.8 2005-06-22 at Linuxtag 2005, Karlsruhe, Germany + +Changes since 2.0.7: + +* Preliminary support for receiving LDAP controls added. + Contributor: + - Andreas Ames + +Lib/ +- Added classes in module ldif to ldif.__all__ to fix + from ldif import * +- Removed BitString syntax from + ldap.schema.models.NOT_HUMAN_READABLE_LDAP_SYNTAXES + since the LDAP encoding is in fact human-readable +- ldapurl.LDAPUrlExtension.unparse() outputs empty string + if LDAPUrlExtension.exvalue is None +- Added ldap.controls.SimplePagedResultsControl + +---------------------------------------------------------------- +Released 2.0.7 2005-04-29 + +Changes since 2.0.6: + +* Added preliminary support for sending LDAP controls + with a request. + Contributors: + - Deepak Giridharagopal + - Ingo Steuwer + (Receiving controls in LDAP results still not supported.) + +Modules: +* LDAPObject.c: removed l_ldap_manage_dsa_it() +* LDAPObject.c: Added missing #ifdef around l_ldap_passwd() + for compability with older OpenLDAP libs. + +Lib/ +* New algorithm in ldap.schema.tokenizer.split_tokens() + contributed by Wido Depping which is more robust + when parsing very broken schema elements + (e.g. Oracle's OID). +* Fixed argument list (position of timeout) when calling + LDAPObject.search_ext_s() from search_st() and search_s(). +* LDAPObject.search_ext_s() correctly calls search_ext_s() now. +* Re-implemented LDAPObject.manage_dsa_it() without calling _ldap. + +---------------------------------------------------------------- +Released 2.0.6 2004-12-03 + +Changes since 2.0.5: + +Lib/ +* Added sub-module ldap.dn +* Added function ldap.dn.escape_dn_chars() +* Special check when implicitly setting SUP 'top' to + structural object classes without SUP defined to avoid + a loop in the super class chain. + +---------------------------------------------------------------- +Released 2.0.5 2004-11-11 + +Changes since 2.0.4: + +Some small improvements for SASL: +The noisy output during SASL bind is avoided now. Interaction +with output on stderr can be enabled by the calling application +by explicitly defining SASL flags. + +Removed obsolete directory Win32/. + +Lib/ +* Make sure that ldap.sasl.sasl.cb_value_dict is a dictionary + even when the caller passes in None to argument cb_value_dict +* Added new key-word arg sasl_flags to method + LDAPObject.sasl_interactive_bind_s() + +Modules/ +* l_ldap_sasl_interactive_bind_s(): + New key-word arg sasl_flags passed to + ldap_sasl_interactive_bind_s() + +---------------------------------------------------------------- +Released 2.0.4 2004-10-27 + +Changes since 2.0.3: + +Modules/ +* Applied some fixes for 64-bit platforms to LDAPObject.c +* Constants ldap.TLS_AVAIL and ldap.SASL_AVAIL will indicate + whether python-ldap was built with support for SSL/TLS + and/or SASL + +setup.py and Modules/ +* Applied some fixes for building under Win32 + +---------------------------------------------------------------- +Released 2.0.3 2004-10-06 + +Changes since 2.0.2: + +* Added support for LDAP Password Modify Extended Operation + (see RFC 3062) + +Demo/: +* Added passwd_ext_op.py + +Modules/ +* Added l_ldap_passwd() in LDAPObject.c + +Lib/ +* Added methods passwd() and passwd_s() to + ldap.ldapobject.LDAPObject + +---------------------------------------------------------------- +Released 2.0.2 2004-07-29 + +Changes since 2.0.1: + +Modules/ +* Fixed detecting appropriate OpenLDAP libs version for + determining whether ldap_whoami_s() is available or not. + This fixes build problems with OpenLDAP libs 2.1.0 up + to 2.1.12. + +---------------------------------------------------------------- +Released 2.0.1 2004-06-29 + +Changes since 2.0.0: + +dsml: +* Fixed wrong exception message format string + +ldap.schema.models: +* Fixed Entry.__delitem__() to delete really everything + when deleting an attribute dictionary item. + +---------------------------------------------------------------- +Released 2.0.0 2004-05-18 + +Changes since 2.0.0pre21: + +ldif: +* Empty records are simply ignored in ldif.LDIFWriter.unparse() + +Modules/ +* New method result2() returns 3-tuple containing the msgid + of the outstanding operation. + +ldap.ldapobject: +* New _ldap wrapper method LDAPObject.result2() (see above) + which is now used by LDAPObject.result(). + +---------------------------------------------------------------- +Released 2.0.0pre21 2004-03-29 + +Changes since 2.0.0pre20: + +setup.py: +* runtime_library_dirs is set + +Modules/ +* (Hopefully) fixed building with OpenLDAP 2.2 libs in errors.c +* Removed meaningless repr() function from LDAPObject.c +* Removed setting LDAP_OPT_PROTOCOL_VERSION in l_ldap_sasl_bind_s() +* Modified string handling via berval instead of *char + in l_ldap_compare_ext() makes it possible to compare attribute + values with null chars. +* Wrapped ldap_sasl_bind() for simple binds instead of ldap_bind() + since 1. the latter is marked deprecated and 2. ldap_sasl_bind() + allows password credentials with null chars. +* Removed unused sources linkedlist.c and linkedlist.h +* Function l_ldap_whoami_s() only added if built against + OpenLDAP 2.1.x+ libs (should preserve compability with 2.0 libs) + +ldap.ldapobject: +* LDAPObject.bind() only allows simple binds since Kerberos V4 + binds of LDAPv2 are not supported anymore. An assert statement + was added to make the coder aware of that. +* Renamed former LDAPObject.sasl_bind_s() to + LDAPObject.sasl_interactive_bind_s() since it wraps OpenLDAP's + ldap_sasl_interactive_bind_s() + +---------------------------------------------------------------- +Released 2.0.0pre20 2004-03-19 + +Changes since 2.0.0pre19: + +Modules/ +* Removed doc strings from functions.c +* Removed probably unused wrapper function l_ldap_dn2ufn() since + ldap_dn2ufn() is deprecated in OpenLDAP 2.1+ +* Removed wrapper function l_ldap_is_ldap_url(). +* Removed macro add_int_r() from constants.c since it caused + incompability issues with OpenLDAP 2.2 libs + (Warning: all result types are Integers now! Use the constants!) +* New wrapper function l_ldap_whoami_s() + +ldap.ldapobject: +* New wrapper method LDAPObject.whoami_s() + +ldap.functions: +* Removed is_ldap_url(). The more general function + ldapurl.isLDAPUrl() should be used instead. + +ldap.sasl: +* Added class cram_md5 (for SASL mech CRAM-MD5) + +ldap.async: +* Use constants for search result types (see note about + add_int_r() above). + +---------------------------------------------------------------- +Released 2.0.0pre19 2004-01-22 + +Changes since 2.0.0pre18: + +Modules/ +* LDAPObject.c: + Most deprecated functions of OpenLDAP C API are not used anymore. +* functions.c: + Removed unused default_ldap_port(). +* constants.c: + Removed unused or silly constants + AUTH_KRBV4, AUTH_KRBV41, AUTH_KRBV42, URL_ERR_BADSCOPE, URL_ERR_MEM +* errors.c: + Fixed building with OpenLDAP 2.2.x + (errors caused by negative error constants in ldap.h) + +ldap.ldapobject.LDAPObject: +* Removed unused wrapper methods uncache_entry(), uncache_request(), + url_search(), url_search_st() and url_search_s() +* New wrapper methods for all the _ext() methods in _ldap.LDAPObject. + +ldap.modlist: +* Some performance optimizations and simplifications + in function modifyModlist() + +---------------------------------------------------------------- +Released 2.0.0pre18 2003-12-09 + +Changes since 2.0.0pre17: + +ldap.ldapobject: +* Fixed missing ldap._ldap_function_call() in + ReconnectLDAPObject.reconnect() + +---------------------------------------------------------------- +Released 2.0.0pre17 2003-12-03 + +Changes since 2.0.0pre16: + +ldap.functions: +* Fixed ImportError when running python -O + +---------------------------------------------------------------- +Released 2.0.0pre16 2003-12-02 + +Changes since 2.0.0pre15: + +Modules/ +* Removed definition of unused constant RES_EXTENDED_PARTIAL since + the corresponding symbol LDAP_RES_EXTENDED_PARTIAL seems to not + be available in OpenLDAP-HEAD (pre 2.2) anymore. + +All in Lib/ +* Fixed some subtle bugs/oddities mentioned by pychecker. + +dsml: +* Renamed DSMLWriter._f to DSMLWriter._output_file +* Added wrapper method DSMLWriter.unparse() which simply + calls DSMLWriter.writeRecord() + +ldap.ldapobject: +* Simplified LDAPObject.search_subschemasubentry_s() + +ldap.functions: +* Moved ldap._ldap_function_call() into ldap.functions. +* apply() is not used anymore since it seems deprecated + +ldap.async: +* Added class DSMLWriter + +ldap.schema: +* Removed unused key-word argument strict from + ldap.schema.subentry.SubSchema.attribute_types() +* Fixed backward compability issue (for Python prior to 2.2) in + ldap.schema.subentry.SubSchema.listall() +---------------------------------------------------------------- +Released 2.0.0pre15 2003-11-11 + +Changes since 2.0.0pre14: + +Modules/ +Follow rule "Always include Python.h first" + +ldap.schema.subentry: +* Added new method SubSchema.get_structural_oc() +* Added new method SubSchema.get_applicable_aux_classes() +* Methods SubSchema.listall() and SubSchema.tree() have + new key-word argument schema_element_filters +* Support for DIT content rules in SubSchema.attribute_types() + +---------------------------------------------------------------- +Released 2.0.0pre14 2003-10-03 + +Changes since 2.0.0pre13: + +setup.py: +* Some modifications to ease building for Win32 +* Added directory Build/ mainly intended for platform-specific + examples of setup.cfg +* Fixed installing ldap.filter + +ldap.ldapobject: +* Added class attribute LDAPObject.network_timeout mapped to + set_option(ldap.OPT_NETWORK_TIMEOUT,..) +* LDAPObject.search_ext(): Pass arguments serverctrls,clientctrls + to _ldap.search_ext() + +ldap.sasl: +* Added class ldap.sasl.external for handling + the SASL mechanism EXTERNAL +* Dictionary ldap.sasl.saslmech_handler_class built during import + for all the known SASL mechanisms derived from class definitions + +ldap.schema: +* More graceful handling of KeyError in SubSchema.attribute_types() +* New method SubSchema.get_inheritedattr() for retrieving inherited + class attributes +* New method SubSchema.get_inheritedobj() for retrieving a + schema element instance including all inherited class attributes + +---------------------------------------------------------------- +Released 2.0.0pre13 2003-06-02 + +Changes since 2.0.0pre12: + +ldap.async: +* Checking type of argument writer_obj relaxed in + LDIFWriter.__init__() since file-like objects are + not necessarily an instance of file. + +ldap.schema: +* ldap.schema.subentry.SubSchema.attribute_types() now correctly + handles attribute types without NAME set +* If SUP is not defined for a structural object class 'top' is + assumed to be the only super-class by default +* '_' is now the abstract top node in SubSchema.tree() for all + schema element classes since ABSTRACT and AUXILIARY object + classes are not derived from 'top' by default + +---------------------------------------------------------------- +Released 2.0.0pre12 2003-05-27 + +Changes since 2.0.0pre11: + +New sub-module ldap.filter: +* Added functions escape_filter_chars() and filter_format() + +ldap.ldapobject: +* Trace log writes LDAP URI of connection instead of module name +* search_s() passes self.timeout as argument timeout when + calling search_ext_s() +* Key-word arguments for simple_bind() and simple_bind_s() + with defaults for anonymous bind. +* LDAPObject.protocol_version is set to LDAPv3 as default + (this might make code changes necessary in a real LDAPv2 + environment) +* Default for key-word argument trace_stack_limit passed to + __init__() is 5 +* Updated __doc__ strings +* Aligned and tested ReconnectLDAPObject and SmartLDAPObject + +ldap.async: +* LDIFWriter uses ldif.LDIFWriter instead of calling + function ldif.CreateLDIF +* LDIFWriter accepts either file-like object or ldif.LDIFWriter + instance as argument for specifying the output + +ldif: +* Abandoned argument all_records of LDIFRecordList.__init__() + +ldapurl: +* urllib.unquote() used instead of urllib.unquote_plus() + +---------------------------------------------------------------- +Released 2.0.0pre11 2003-05-02 + +Changes since 2.0.0pre10: + +ldap.ldapobject: +* Cosmetic change: Named argument list for LDAPObject.compare() + instead of *args,**kwargs. +* Fixed bug in ReconnectLDAPObject._apply_method_s() affecting + compability with Python 2.0. The bug was introduced with + 2.0.0pre09 by dropping use of apply(). + +ldap.modlist: +* modifyModlist(): Only None is filtered from attribute value lists, + '' is preserved as valid attribute value. But filtering applies + to old_value and new_value now. + +ldap.schema: +* Zero-length attribute values for schema elements are ignored + (needed on e.g. Active Directory) + +dsml: +Added support for parsing and generating DSMLv1. +Still experimental though. + + +---------------------------------------------------------------- +Released 2.0.0pre10 2003-04-19 + +Changes since 2.0.0pre09: + +ldap.schema: +* Emulate BooleanType for compability with Python2.3 in assert + statements + +---------------------------------------------------------------- +Released 2.0.0pre09 2003-04-19 + +Changes since 2.0.0pre08: + +Modified setup.py to support Cyrus-SASL 2.x. + +ldap.ldapobject: +* apply() is not used anymore since it seems deprecated +* Fixed __setstate__() and __getstate__() of ReconnectLDAPObject + +ldap.schema: +* Completed classes for nameForms, dITStructureRules and + dITContentRules + +---------------------------------------------------------------- +Released 2.0.0pre08 2003-04-11 + +Changes since 2.0.0pre07: + +ldap.schema: +* For backward compability with Python versions prior to 2.2 + Lib/ldap/schema/tokenizer.py and Lib/ldap/schema/models.py use + (()) instead of tuple() for creating empty tuples. + +---------------------------------------------------------------- +Released 2.0.0pre07 2003-04-03 + +Changes since 2.0.0pre06: + +LDAPObject.c: + * Wrapped OpenLDAP's ldap_search_ext() + * Removed empty __doc__ strings + * Removed fileno + * Removed all stuff related to caching in OpenLDAP libs + +ldap.ldapobject: + * Fixed SASL rebind in ldap.ldapobject.ReconnectLDAPObject + * use search_ext() instead ldap_search() + * new class attribute timeout for setting a global time-out + value for all synchronous operations + +ldap.schema: +* Fixed two typos in ldap.schema.models +* Some attempts to improve performance of parser/tokenizer +* Completely reworked to have separate OID dictionaries for + the different schema element classes +* Fixed the Demo/schema*.py to reflect changes to ldap.schema + +Documentation updates and various __doc__ string modifications. + +ldapurl: + * Removed all Unicode stuff from module ldapurl + * Consistent URL encoding in module ldapurl + +ldif: + * Removed ldif.FileWriter + * Proper handling of FILL (see RFC 2849) + +---------------------------------------------------------------- +Released 2.0.0pre06 2002-09-23 + +Changes since 2.0.0pre05: +- Fine-grained locking when linking against libldap_r +- New wrapper class ldap.ReconnectLDAPObject +- Security fix to module ldapurl +- Other fixes and improvements to whole package +- LDAPv3 schema support + (still somewhat premature and undocumented) + +---------------------------------------------------------------- +Released 2.0.0pre05 2002-07-20 + +---------------------------------------------------------------- +Released 2.0.0pre04 2002-02-09 + +---------------------------------------------------------------- +Released 2.0.0pre02 2002-02-01 + +---------------------------------------------------------------- +Released 1.10alpha3 2000-09-19 + +$Id: CHANGES,v 1.306 2013/09/21 03:55:37 stroeder Exp $ diff --git a/Lib/ldap/async.py b/Lib/ldap/async.py new file mode 100644 index 0000000..97ec14b --- /dev/null +++ b/Lib/ldap/async.py @@ -0,0 +1,317 @@ +""" +ldap.async - handle async LDAP operations + +See http://www.python-ldap.org/ for details. + +\$Id: async.py,v 1.33 2013/09/21 03:55:38 stroeder Exp $ + +Python compability note: +Tested on Python 2.0+ but should run on Python 1.5.x. +""" + +import ldap + +from ldap import __version__ + + +_searchResultTypes={ + ldap.RES_SEARCH_ENTRY:None, + ldap.RES_SEARCH_RESULT:None, + ldap.RES_SEARCH_REFERENCE:None, +} + +_entryResultTypes={ + ldap.RES_SEARCH_ENTRY:None, + ldap.RES_SEARCH_RESULT:None, +} + + +class WrongResultType(Exception): + + def __init__(self,receivedResultType,expectedResultTypes): + self.receivedResultType = receivedResultType + self.expectedResultTypes = expectedResultTypes + Exception.__init__(self) + + def __str__(self): + return 'Received wrong result type %s (expected one of %s).' % ( + self.receivedResultType, + ', '.join(self.expectedResultTypes), + ) + + +class AsyncSearchHandler: + """ + Class for stream-processsing LDAP search results + + Arguments: + + l + LDAPObject instance + """ + + def __init__(self,l): + self._l = l + self._msgId = None + self._afterFirstResult = 1 + + def startSearch( + self, + searchRoot, + searchScope, + filterStr, + attrList=None, + attrsOnly=0, + timeout=-1, + sizelimit=0, + serverctrls=None, + clientctrls=None + ): + """ + searchRoot + See parameter base of method LDAPObject.search() + searchScope + See parameter scope of method LDAPObject.search() + filterStr + See parameter filter of method LDAPObject.search() + attrList=None + See parameter attrlist of method LDAPObject.search() + attrsOnly + See parameter attrsonly of method LDAPObject.search() + timeout + Maximum time the server shall use for search operation + sizelimit + Maximum number of entries a server should return + (request client-side limit) + serverctrls + list of server-side LDAP controls + clientctrls + list of client-side LDAP controls + """ + self._msgId = self._l.search_ext( + searchRoot,searchScope,filterStr, + attrList,attrsOnly,serverctrls,clientctrls,timeout,sizelimit + ) + self._afterFirstResult = 1 + return # startSearch() + + def preProcessing(self): + """ + Do anything you want after starting search but + before receiving and processing results + """ + + def afterFirstResult(self): + """ + Do anything you want right after successfully receiving but before + processing first result + """ + + def postProcessing(self): + """ + Do anything you want after receiving and processing all results + """ + + def processResults(self,ignoreResultsNumber=0,processResultsCount=0,timeout=-1): + """ + ignoreResultsNumber + Don't process the first ignoreResultsNumber results. + processResultsCount + If non-zero this parameters indicates the number of results + processed is limited to processResultsCount. + timeout + See parameter timeout of ldap.LDAPObject.result() + """ + self.preProcessing() + result_counter = 0 + end_result_counter = ignoreResultsNumber+processResultsCount + go_ahead = 1 + partial = 0 + self.beginResultsDropped = 0 + self.endResultBreak = result_counter + try: + result_type,result_list = None,None + while go_ahead: + while result_type is None and not result_list: + result_type,result_list,result_msgid,result_serverctrls = self._l.result3(self._msgId,0,timeout) + if self._afterFirstResult: + self.afterFirstResult() + self._afterFirstResult = 0 + if not result_list: + break + if not _searchResultTypes.has_key(result_type): + raise WrongResultType(result_type,_searchResultTypes.keys()) + # Loop over list of search results + for result_item in result_list: + if result_counter Date: Sat, 23 Nov 2013 14:09:59 +0000 Subject: [PATCH 103/868] More log data in LDAPLock.acquire() and LDAPLock.release() --- CHANGES | 4 +++- Lib/ldap/__init__.py | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 54a6f4b..feb6ff0 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,8 @@ Lib/ * New method ldap.async.AsyncSearchHandler.afterFirstResult() for doing something right after successfully receiving but before processing first result +* Better log data written when invoking ldap.LDAPLock.acquire() and + ldap.LDAPLock.release() Modules/ * Added support for retrieving negotiated TLS version/cipher @@ -1068,4 +1070,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.306 2013/09/21 03:55:37 stroeder Exp $ +$Id: CHANGES,v 1.307 2013/11/23 14:11:18 stroeder Exp $ diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index d641a44..84431bf 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.87 2013/07/04 16:06:53 stroeder Exp $ +$Id: __init__.py,v 1.88 2013/11/23 14:09:59 stroeder Exp $ """ # This is also the overall release version number @@ -68,14 +68,14 @@ def acquire(self): if __debug__: global _trace_level if _trace_level>=self._min_trace_level: - _trace_file.write('***%s %s.acquire()\n' % (self._desc,self.__class__.__name__)) + _trace_file.write('***%s.acquire() %s %s\n' % (self.__class__.__name__,repr(self),self._desc)) return self._lock.acquire() def release(self): if __debug__: global _trace_level if _trace_level>=self._min_trace_level: - _trace_file.write('***%s %s.release()\n' % (self._desc,self.__class__.__name__)) + _trace_file.write('***%s.release() %s %s\n' % (self.__class__.__name__,repr(self),self._desc)) return self._lock.release() From 68a06d0f1f60f00ea3b4f9ae3e24e245196ac644 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 23 Nov 2013 14:15:33 +0000 Subject: [PATCH 104/868] * LDAPObject and friends now pass `desc' to ldap.LDAPLock() which results in better logging * ldapobject.ReconnectLDAPObject now uses internal class-wide lock for serializing reconnects --- CHANGES | 6 ++- Lib/ldap/ldapobject.py | 92 +++++++++++++++++++++--------------------- 2 files changed, 52 insertions(+), 46 deletions(-) diff --git a/CHANGES b/CHANGES index feb6ff0..5e878a0 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,10 @@ Lib/ processing first result * Better log data written when invoking ldap.LDAPLock.acquire() and ldap.LDAPLock.release() +* LDAPObject and friends now pass `desc' to ldap.LDAPLock() which + results in better logging +* ldapobject.ReconnectLDAPObject now uses internal class-wide + lock for serializing reconnects Modules/ * Added support for retrieving negotiated TLS version/cipher @@ -1070,4 +1074,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.307 2013/11/23 14:11:18 stroeder Exp $ +$Id: CHANGES,v 1.308 2013/11/23 14:15:33 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 74ee238..5b09117 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.135 2013/06/25 17:36:03 stroeder Exp $ +\$Id: ldapobject.py,v 1.136 2013/11/23 14:15:33 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -66,14 +66,14 @@ def __init__( self._trace_file = trace_file or sys.stdout self._trace_stack_limit = trace_stack_limit self._uri = uri - self._ldap_object_lock = self._ldap_lock() + self._ldap_object_lock = self._ldap_lock('opcall') self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) self.timeout = -1 self.protocol_version = ldap.VERSION3 - def _ldap_lock(self): + def _ldap_lock(self,desc=''): if ldap.LIBLDAP_R: - return ldap.LDAPLock(desc=self._uri) + return ldap.LDAPLock(desc='%s within %s' %(desc,repr(self))) else: return ldap._ldap_module_lock @@ -728,8 +728,8 @@ def __init__( self._uri = uri self._options = [] self._last_bind = None - self._pending_reconnect = 0 SimpleLDAPObject.__init__(self,uri,trace_level,trace_file,trace_stack_limit) + self._reconnect_lock = self._ldap_lock(desc='reconnect') self._retry_max = retry_max self._retry_delay = retry_delay self._start_tls = 0 @@ -750,6 +750,9 @@ def __setstate__(self,d): self._trace_file = sys.stdout self.reconnect(self._uri) + def _store_last_bind(self,method,*args,**kwargs): + self._last_bind = (method,args,kwargs) + def _apply_last_bind(self): if self._last_bind!=None: func,args,kwargs = self._last_bind @@ -766,46 +769,45 @@ def _restore_options(self): def reconnect(self,uri): # Drop and clean up old connection completely # Reconnect - while self._pending_reconnect: - time.sleep(0.01) - else: - self._pending_reconnect = 1 - reconnect_counter = self._retry_max - while reconnect_counter: - if __debug__ and self._trace_level>=1: - self._trace_file.write('*** Try %d. reconnect to %s...\n' % ( - self._retry_max-reconnect_counter+1,uri - )) - try: - # Do the connect - self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) - self._restore_options() - # StartTLS extended operation in case this was called before - if self._start_tls: - self.start_tls_s() - # Repeat last simple or SASL bind - self._apply_last_bind() - except (ldap.SERVER_DOWN,ldap.TIMEOUT),e: - if __debug__ and self._trace_level>=1: - self._trace_file.write('*** %d. reconnect to %s failed\n' % ( - self._retry_max-reconnect_counter+1,uri - )) - reconnect_counter = reconnect_counter-1 - if not reconnect_counter: - raise - if __debug__ and self._trace_level>=1: - self._trace_file.write('=> delay %s...\n' % (self._retry_delay)) - time.sleep(self._retry_delay) - SimpleLDAPObject.unbind_s(self) - del self._l - else: + self._reconnect_lock.acquire() + try: + reconnect_counter = self._retry_max + while reconnect_counter: if __debug__ and self._trace_level>=1: - self._trace_file.write('*** %d. reconnect to %s successful, last operation will be repeated\n' % ( + self._trace_file.write('*** Try %d. reconnect to %s...\n' % ( self._retry_max-reconnect_counter+1,uri )) - self._reconnects_done = self._reconnects_done + 1L - break - self._pending_reconnect = 0 + try: + # Do the connect + self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) + self._restore_options() + # StartTLS extended operation in case this was called before + if self._start_tls: + self.start_tls_s() + # Repeat last simple or SASL bind + self._apply_last_bind() + except (ldap.SERVER_DOWN,ldap.TIMEOUT),e: + if __debug__ and self._trace_level>=1: + self._trace_file.write('*** %d. reconnect to %s failed\n' % ( + self._retry_max-reconnect_counter+1,uri + )) + reconnect_counter = reconnect_counter-1 + if not reconnect_counter: + raise + if __debug__ and self._trace_level>=1: + self._trace_file.write('=> delay %s...\n' % (self._retry_delay)) + time.sleep(self._retry_delay) + SimpleLDAPObject.unbind_s(self) + del self._l + else: + if __debug__ and self._trace_level>=1: + self._trace_file.write('*** %d. reconnect to %s successful, last operation will be repeated\n' % ( + self._retry_max-reconnect_counter+1,uri + )) + self._reconnects_done = self._reconnects_done + 1L + break + finally: + self._reconnect_lock.release() return # reconnect() def _apply_method_s(self,func,*args,**kwargs): @@ -827,12 +829,12 @@ def set_option(self,option,invalue): def bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.bind_s,*args,**kwargs) - self._last_bind = (self.bind_s,args,kwargs) + self._store_last_bind(SimpleLDAPObject.bind_s,*args,**kwargs) return res def simple_bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs) - self._last_bind = (SimpleLDAPObject.simple_bind_s,args,kwargs) + self._store_last_bind(SimpleLDAPObject.simple_bind_s,*args,**kwargs) return res def start_tls_s(self,*args,**kwargs): @@ -845,7 +847,7 @@ def sasl_interactive_bind_s(self,*args,**kwargs): sasl_interactive_bind_s(who, auth) -> None """ res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) - self._last_bind = (SimpleLDAPObject.sasl_interactive_bind_s,args,kwargs) + self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) return res def add_ext_s(self,*args,**kwargs): From 998400bf665ef467867ff59195fb441eab4fa8b2 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 23 Nov 2013 15:44:32 +0000 Subject: [PATCH 105/868] * Method signature of ReconnectLDAPObject.reconnect() changed to be able to call it with separate retry_max and retry_delay values --- CHANGES | 4 +++- Lib/ldap/ldapobject.py | 26 +++++++++++++------------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 5e878a0..f836324 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,8 @@ Lib/ results in better logging * ldapobject.ReconnectLDAPObject now uses internal class-wide lock for serializing reconnects +* Method signature of ReconnectLDAPObject.reconnect() changed to be able + to call it with separate retry_max and retry_delay values Modules/ * Added support for retrieving negotiated TLS version/cipher @@ -1074,4 +1076,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.308 2013/11/23 14:15:33 stroeder Exp $ +$Id: CHANGES,v 1.309 2013/11/23 15:44:32 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 5b09117..41007dd 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.136 2013/11/23 14:15:33 stroeder Exp $ +\$Id: ldapobject.py,v 1.137 2013/11/23 15:44:32 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -766,16 +766,16 @@ def _restore_options(self): for k,v in self._options: SimpleLDAPObject.set_option(self,k,v) - def reconnect(self,uri): + def reconnect(self,uri,retry_max=1,retry_delay=60.0): # Drop and clean up old connection completely # Reconnect self._reconnect_lock.acquire() try: - reconnect_counter = self._retry_max + reconnect_counter = retry_max while reconnect_counter: if __debug__ and self._trace_level>=1: - self._trace_file.write('*** Try %d. reconnect to %s...\n' % ( - self._retry_max-reconnect_counter+1,uri + self._trace_file.write('*** Trying %d. (of %d) reconnect to %s...\n' % ( + retry_max-reconnect_counter+1,retry_max,uri )) try: # Do the connect @@ -788,21 +788,21 @@ def reconnect(self,uri): self._apply_last_bind() except (ldap.SERVER_DOWN,ldap.TIMEOUT),e: if __debug__ and self._trace_level>=1: - self._trace_file.write('*** %d. reconnect to %s failed\n' % ( - self._retry_max-reconnect_counter+1,uri + self._trace_file.write('*** %d. (of %d) reconnect to %s failed\n' % ( + self._retry_max-reconnect_counter+1,retry_max,uri )) reconnect_counter = reconnect_counter-1 if not reconnect_counter: raise if __debug__ and self._trace_level>=1: - self._trace_file.write('=> delay %s...\n' % (self._retry_delay)) - time.sleep(self._retry_delay) + self._trace_file.write('=> delay %s...\n' % (retry_delay)) + time.sleep(retry_delay) SimpleLDAPObject.unbind_s(self) del self._l else: if __debug__ and self._trace_level>=1: - self._trace_file.write('*** %d. reconnect to %s successful, last operation will be repeated\n' % ( - self._retry_max-reconnect_counter+1,uri + self._trace_file.write('*** %d. (of %d) reconnect to %s successful, last operation will be repeated\n' % ( + self._retry_max-reconnect_counter+1,retry_max,uri )) self._reconnects_done = self._reconnects_done + 1L break @@ -812,14 +812,14 @@ def reconnect(self,uri): def _apply_method_s(self,func,*args,**kwargs): if not self.__dict__.has_key('_l'): - self.reconnect(self._uri) + self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) try: return func(self,*args,**kwargs) except ldap.SERVER_DOWN: SimpleLDAPObject.unbind_s(self) del self._l # Try to reconnect - self.reconnect(self._uri) + self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) # Re-try last operation return func(self,*args,**kwargs) From 7395e6711fed08e386d6753eeaa13230bc4ba0ac Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 31 Jan 2014 17:21:15 +0000 Subject: [PATCH 106/868] Release 2.4.14 now --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index f836324..4769cff 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.14 2013-xx-xx +Released 2.4.14 2014-01-31 Changes since 2.4.13: @@ -1076,4 +1076,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.309 2013/11/23 15:44:32 stroeder Exp $ +$Id: CHANGES,v 1.310 2014/01/31 17:21:15 stroeder Exp $ From 6622ce384c6431a7a071826843a535555ae51d6c Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 19 Feb 2014 20:05:57 +0000 Subject: [PATCH 107/868] Cleaned up reconnect logging a bit --- Lib/ldap/ldapobject.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 41007dd..3293ff0 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.137 2013/11/23 15:44:32 stroeder Exp $ +\$Id: ldapobject.py,v 1.138 2014/02/19 20:05:57 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -729,7 +729,7 @@ def __init__( self._options = [] self._last_bind = None SimpleLDAPObject.__init__(self,uri,trace_level,trace_file,trace_stack_limit) - self._reconnect_lock = self._ldap_lock(desc='reconnect') + self._reconnect_lock = ldap.LDAPLock(desc='reconnect lock within %s' % (repr(self))) self._retry_max = retry_max self._retry_delay = retry_delay self._start_tls = 0 @@ -773,9 +773,10 @@ def reconnect(self,uri,retry_max=1,retry_delay=60.0): try: reconnect_counter = retry_max while reconnect_counter: + counter_text = '%d. (of %d)' % (retry_max-reconnect_counter+1,retry_max) if __debug__ and self._trace_level>=1: - self._trace_file.write('*** Trying %d. (of %d) reconnect to %s...\n' % ( - retry_max-reconnect_counter+1,retry_max,uri + self._trace_file.write('*** Trying %s reconnect to %s...\n' % ( + counter_text,uri )) try: # Do the connect @@ -788,12 +789,12 @@ def reconnect(self,uri,retry_max=1,retry_delay=60.0): self._apply_last_bind() except (ldap.SERVER_DOWN,ldap.TIMEOUT),e: if __debug__ and self._trace_level>=1: - self._trace_file.write('*** %d. (of %d) reconnect to %s failed\n' % ( - self._retry_max-reconnect_counter+1,retry_max,uri + self._trace_file.write('*** %s reconnect to %s failed\n' % ( + counter_text,uri )) reconnect_counter = reconnect_counter-1 if not reconnect_counter: - raise + raise e if __debug__ and self._trace_level>=1: self._trace_file.write('=> delay %s...\n' % (retry_delay)) time.sleep(retry_delay) @@ -801,8 +802,8 @@ def reconnect(self,uri,retry_max=1,retry_delay=60.0): del self._l else: if __debug__ and self._trace_level>=1: - self._trace_file.write('*** %d. (of %d) reconnect to %s successful, last operation will be repeated\n' % ( - self._retry_max-reconnect_counter+1,retry_max,uri + self._trace_file.write('*** %s reconnect to %s successful => repeat last operation\n' % ( + counter_text,uri )) self._reconnects_done = self._reconnects_done + 1L break From 35ba85657e51795862b7460b08d83371a7d4db2b Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Mar 2014 20:27:33 +0000 Subject: [PATCH 108/868] Started 2.4.15 --- CHANGES | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 4769cff..55182ab 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,12 @@ +---------------------------------------------------------------- +Released 2.4.15 2014-03-13 + +Changes since 2.4.14: + +Lib/ + +Modules/ + ---------------------------------------------------------------- Released 2.4.14 2014-01-31 @@ -1076,4 +1085,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.310 2014/01/31 17:21:15 stroeder Exp $ +$Id: CHANGES,v 1.311 2014/03/12 20:27:33 stroeder Exp $ From 84d5d2b28368a7b077dabb4b9f5f9f95a2836d95 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Mar 2014 20:29:23 +0000 Subject: [PATCH 109/868] Added missing modules ldap.controls.openldap and ldap.controls.pwdpolicy to setup.py --- CHANGES | 4 +++- setup.py | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 55182ab..ca9b7a1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ Released 2.4.15 2014-03-13 Changes since 2.4.14: Lib/ +* Added missing modules ldap.controls.openldap and + ldap.controls.pwdpolicy to setup.py Modules/ @@ -1085,4 +1087,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.311 2014/03/12 20:27:33 stroeder Exp $ +$Id: CHANGES,v 1.312 2014/03/12 20:29:23 stroeder Exp $ diff --git a/setup.py b/setup.py index a9a6219..b2fe367 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: setup.py,v 1.71 2011/10/26 19:42:25 stroeder Exp $ +$Id: setup.py,v 1.72 2014/03/12 20:29:23 stroeder Exp $ """ has_setuptools = False @@ -151,8 +151,10 @@ class OpenLDAP2: 'ldap.async', 'ldap.controls', 'ldap.controls.libldap', + 'ldap.controls.openldap', 'ldap.controls.ppolicy', 'ldap.controls.psearch', + 'ldap.controls.pwdpolicy', 'ldap.controls.readentry', 'ldap.controls.sessiontrack', 'ldap.controls.simple', From d7db8e332c090baa3e8d43893246f7064511cd4d Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Mar 2014 20:30:50 +0000 Subject: [PATCH 110/868] Added missing imports to ldap.controls.pwdpolicy --- CHANGES | 3 ++- Lib/ldap/controls/pwdpolicy.py | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index ca9b7a1..aa418ae 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ Changes since 2.4.14: Lib/ * Added missing modules ldap.controls.openldap and ldap.controls.pwdpolicy to setup.py +* Added missing imports to ldap.controls.pwdpolicy Modules/ @@ -1087,4 +1088,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.312 2014/03/12 20:29:23 stroeder Exp $ +$Id: CHANGES,v 1.313 2014/03/12 20:30:50 stroeder Exp $ diff --git a/Lib/ldap/controls/pwdpolicy.py b/Lib/ldap/controls/pwdpolicy.py index 81e4330..85a99d8 100644 --- a/Lib/ldap/controls/pwdpolicy.py +++ b/Lib/ldap/controls/pwdpolicy.py @@ -5,16 +5,19 @@ See http://www.python-ldap.org/ for project details. -$Id: pwdpolicy.py,v 1.1 2012/02/21 16:51:55 stroeder Exp $ +$Id: pwdpolicy.py,v 1.2 2014/03/12 20:30:50 stroeder Exp $ """ __all__ = [ 'ExpirationWarningControl' ] +import struct + # Imports from python-ldap 2.4+ import ldap.controls from ldap.controls import RequestControl,ResponseControl,ValueLessRequestControl,KNOWN_RESPONSE_CONTROLS +from ldap.controls.simple import OctetStringInteger class PasswordExpiringControl(OctetStringInteger): From 7e45d77a5fe2b9fa8436f85a3000ac889282c2a7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Mar 2014 21:16:05 +0000 Subject: [PATCH 111/868] Fixed ldap.controls.pwdpolicy.decodeControlValue() to decode string of digits --- CHANGES | 4 +++- Lib/ldap/controls/pwdpolicy.py | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index aa418ae..4d08239 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,8 @@ Lib/ * Added missing modules ldap.controls.openldap and ldap.controls.pwdpolicy to setup.py * Added missing imports to ldap.controls.pwdpolicy +* Fixed ldap.controls.pwdpolicy.decodeControlValue() to decode + string of digits Modules/ @@ -1088,4 +1090,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.313 2014/03/12 20:30:50 stroeder Exp $ +$Id: CHANGES,v 1.314 2014/03/12 21:16:05 stroeder Exp $ diff --git a/Lib/ldap/controls/pwdpolicy.py b/Lib/ldap/controls/pwdpolicy.py index 85a99d8..52027bd 100644 --- a/Lib/ldap/controls/pwdpolicy.py +++ b/Lib/ldap/controls/pwdpolicy.py @@ -5,7 +5,7 @@ See http://www.python-ldap.org/ for project details. -$Id: pwdpolicy.py,v 1.2 2014/03/12 20:30:50 stroeder Exp $ +$Id: pwdpolicy.py,v 1.3 2014/03/12 21:16:05 stroeder Exp $ """ __all__ = [ @@ -27,7 +27,7 @@ class PasswordExpiringControl(OctetStringInteger): controlType = '2.16.840.1.113730.3.4.5' def decodeControlValue(self,encodedControlValue): - self.gracePeriod = struct.unpack('!Q',encodedControlValue)[0] + self.gracePeriod = int(encodedControlValue) KNOWN_RESPONSE_CONTROLS[PasswordExpiringControl.controlType] = PasswordExpiringControl From be4bb3c7b9b297b9381e4f68625327b7dd8bb185 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Mar 2014 21:34:07 +0000 Subject: [PATCH 112/868] Removed unneeded imports --- Lib/ldap/controls/pwdpolicy.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Lib/ldap/controls/pwdpolicy.py b/Lib/ldap/controls/pwdpolicy.py index 52027bd..0cb4260 100644 --- a/Lib/ldap/controls/pwdpolicy.py +++ b/Lib/ldap/controls/pwdpolicy.py @@ -5,22 +5,19 @@ See http://www.python-ldap.org/ for project details. -$Id: pwdpolicy.py,v 1.3 2014/03/12 21:16:05 stroeder Exp $ +$Id: pwdpolicy.py,v 1.4 2014/03/12 21:34:07 stroeder Exp $ """ __all__ = [ 'ExpirationWarningControl' ] -import struct - # Imports from python-ldap 2.4+ import ldap.controls from ldap.controls import RequestControl,ResponseControl,ValueLessRequestControl,KNOWN_RESPONSE_CONTROLS -from ldap.controls.simple import OctetStringInteger -class PasswordExpiringControl(OctetStringInteger): +class PasswordExpiringControl(ResponseControl): """ Indicates time in seconds when password will expire """ From 543582fcf0dd06d8c5bb153e2bfa8679c1f3d5da Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Mar 2014 21:44:10 +0000 Subject: [PATCH 113/868] Support for X-SUBST in schema element class LDAPSyntax; Support for X-ORDERED and X-ORIGIN in schema element class AttributeType --- CHANGES | 8 +++++--- Lib/ldap/schema/models.py | 15 +++++++++++++-- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 4d08239..1abeaac 100644 --- a/CHANGES +++ b/CHANGES @@ -4,11 +4,13 @@ Released 2.4.15 2014-03-13 Changes since 2.4.14: Lib/ -* Added missing modules ldap.controls.openldap and +* Added missing modules ldap.controls.openldap and ldap.controls.pwdpolicy to setup.py * Added missing imports to ldap.controls.pwdpolicy * Fixed ldap.controls.pwdpolicy.decodeControlValue() to decode string of digits +* Support for X-SUBST in schema element class LDAPSyntax +* Support for X-ORDERED and X-ORIGIN in schema element class AttributeType Modules/ @@ -20,7 +22,7 @@ Changes since 2.4.13: Lib/ * Added ldap.controls.openldap.SearchNoOpControl * New method ldap.async.AsyncSearchHandler.afterFirstResult() - for doing something right after successfully receiving but before + for doing something right after successfully receiving but before processing first result * Better log data written when invoking ldap.LDAPLock.acquire() and ldap.LDAPLock.release() @@ -1090,4 +1092,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.314 2014/03/12 21:16:05 stroeder Exp $ +$Id: CHANGES,v 1.315 2014/03/12 21:44:10 stroeder Exp $ diff --git a/Lib/ldap/schema/models.py b/Lib/ldap/schema/models.py index 0d52e39..a3e0041 100644 --- a/Lib/ldap/schema/models.py +++ b/Lib/ldap/schema/models.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: models.py,v 1.46 2012/12/13 08:22:48 stroeder Exp $ +\$Id: models.py,v 1.47 2014/03/12 21:44:10 stroeder Exp $ """ import UserDict,ldap.cidict @@ -249,7 +249,9 @@ class AttributeType(SchemaElement): 'SINGLE-VALUE':None, 'COLLECTIVE':None, 'NO-USER-MODIFICATION':None, - 'USAGE':('userApplications',) + 'USAGE':('userApplications',), + 'X-ORIGIN':(None,), + 'X-ORDERED':(None,), } def _set_attrs(self,l,d): @@ -260,6 +262,8 @@ def _set_attrs(self,l,d): self.equality = d['EQUALITY'][0] self.ordering = d['ORDERING'][0] self.substr = d['SUBSTR'][0] + self.x_origin = d['X-ORIGIN'][0] + self.x_ordered = d['X-ORDERED'][0] try: syntax = d['SYNTAX'][0] except IndexError: @@ -317,6 +321,8 @@ def __str__(self): 3:" USAGE dSAOperation", }[self.usage] ) + result.append(self.key_attr('X-ORIGIN',self.x_origin,quoted=1)) + result.append(self.key_attr('X-ORDERED',self.x_ordered,quoted=1)) return '( %s )' % ''.join(result) @@ -336,19 +342,24 @@ class LDAPSyntax(SchemaElement): token_defaults = { 'DESC':(None,), 'X-NOT-HUMAN-READABLE':(None,), + 'X-BINARY-TRANSFER-REQUIRED':(None,), + 'X-SUBST':(None,), } def _set_attrs(self,l,d): self.desc = d['DESC'][0] + self.x_subst = d['X-SUBST'][0] self.not_human_readable = \ NOT_HUMAN_READABLE_LDAP_SYNTAXES.has_key(self.oid) or \ d['X-NOT-HUMAN-READABLE'][0]=='TRUE' + self.x_binary_transfer_required = d['X-BINARY-TRANSFER-REQUIRED'][0]=='TRUE' assert self.desc is None or type(self.desc)==StringType return def __str__(self): result = [str(self.oid)] result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append(self.key_attr('X-SUBST',self.x_subst,quoted=1)) result.append( {0:'',1:" X-NOT-HUMAN-READABLE 'TRUE'"}[self.not_human_readable] ) From 3ac949760c073c14ea5f921c714f79f9c75c04dc Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Mar 2014 23:02:42 +0000 Subject: [PATCH 114/868] Support new scope value for draft-sermersheim-ldap-subordinate-scope --- CHANGES | 6 +++++- Lib/ldapurl.py | 7 +++++-- Modules/constants.c | 8 +++++++- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 1abeaac..18e2632 100644 --- a/CHANGES +++ b/CHANGES @@ -11,8 +11,12 @@ Lib/ string of digits * Support for X-SUBST in schema element class LDAPSyntax * Support for X-ORDERED and X-ORIGIN in schema element class AttributeType +* ldapurl: New scope 'subordinates' defined in + draft-sermersheim-ldap-subordinate-scope Modules/ +* New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for + draft-sermersheim-ldap-subordinate-scope ---------------------------------------------------------------- Released 2.4.14 2014-01-31 @@ -1092,4 +1096,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.315 2014/03/12 21:44:10 stroeder Exp $ +$Id: CHANGES,v 1.316 2014/03/12 23:02:42 stroeder Exp $ diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index af501a4..01a7703 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.63 2013/08/13 12:33:08 stroeder Exp $ +\$Id: ldapurl.py,v 1.64 2014/03/12 23:02:42 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -30,8 +30,9 @@ LDAP_SCOPE_BASE = 0 LDAP_SCOPE_ONELEVEL = 1 LDAP_SCOPE_SUBTREE = 2 +LDAP_SCOPE_SUBORDINATES = 3 -SEARCH_SCOPE_STR = {None:'',0:'base',1:'one',2:'sub'} +SEARCH_SCOPE_STR = {None:'',0:'base',1:'one',2:'sub',3:'subordinates'} SEARCH_SCOPE = { '':None, @@ -39,6 +40,8 @@ 'base':LDAP_SCOPE_BASE, 'one':LDAP_SCOPE_ONELEVEL, 'sub':LDAP_SCOPE_SUBTREE, + # from draft-sermersheim-ldap-subordinate-scope + 'subordinates':LDAP_SCOPE_SUBORDINATES, } # Some widely used types diff --git a/Modules/constants.c b/Modules/constants.c index d815edd..458ae09 100644 --- a/Modules/constants.c +++ b/Modules/constants.c @@ -1,6 +1,6 @@ /* constants defined for LDAP * See http://www.python-ldap.org/ for details. - * $Id: constants.c,v 1.57 2013/09/11 08:16:27 stroeder Exp $ */ + * $Id: constants.c,v 1.58 2014/03/12 23:02:42 stroeder Exp $ */ #include "common.h" #include "constants.h" @@ -119,6 +119,9 @@ LDAPinit_constants( PyObject* d ) add_int(d,SCOPE_BASE); add_int(d,SCOPE_ONELEVEL); add_int(d,SCOPE_SUBTREE); +#ifdef LDAP_SCOPE_SUBORDINATE + add_int(d,SCOPE_SUBORDINATE); +#endif add_int(d,MOD_ADD); add_int(d,MOD_DELETE); add_int(d,MOD_REPLACE); @@ -191,6 +194,9 @@ LDAPinit_constants( PyObject* d ) #ifdef LDAP_OPT_X_TLS_CIPHER add_int(d,OPT_X_TLS_CIPHER); #endif +#ifdef LDAP_OPT_X_TLS_PEERCERT + add_int(d,OPT_X_TLS_PEERCERT); +#endif #ifdef LDAP_OPT_X_TLS_CRLCHECK /* only available if OpenSSL supports it => might cause backward compability problems */ add_int(d,OPT_X_TLS_CRLCHECK); From df5f0eb43e52861faa35964de546bf476471271d Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 12 Mar 2014 23:11:26 +0000 Subject: [PATCH 115/868] __version__ = '2.4.15' --- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Lib/dsml.py b/Lib/dsml.py index 260da63..7220cd3 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.31 2013/07/04 16:06:53 stroeder Exp $ +$Id: dsml.py,v 1.32 2014/03/12 23:11:26 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.14' +__version__ = '2.4.15' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 84431bf..1fb9886 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.88 2013/11/23 14:09:59 stroeder Exp $ +$Id: __init__.py,v 1.89 2014/03/12 23:11:26 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.14' +__version__ = '2.4.15' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 01a7703..7a4c347 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.64 2014/03/12 23:02:42 stroeder Exp $ +\$Id: ldapurl.py,v 1.65 2014/03/12 23:11:26 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.14' +__version__ = '2.4.15' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 19cbf11..07dbcf1 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.73 2013/07/04 16:06:53 stroeder Exp $ +$Id: ldif.py,v 1.74 2014/03/12 23:11:26 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.14' +__version__ = '2.4.15' __all__ = [ # constants From 53f0cb4584277e867bd965dcc6355cf89bda5062 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 23 Mar 2014 19:06:47 +0000 Subject: [PATCH 116/868] Fixed constant ldap.sasl.CB_GETREALM --- CHANGES | 3 ++- Lib/ldap/sasl.py | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 18e2632..557aaf7 100644 --- a/CHANGES +++ b/CHANGES @@ -17,6 +17,7 @@ Lib/ Modules/ * New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for draft-sermersheim-ldap-subordinate-scope +* Fixed constant ldap.sasl.CB_GETREALM (thanks to Martin Pfeifer) ---------------------------------------------------------------- Released 2.4.14 2014-01-31 @@ -1096,4 +1097,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.316 2014/03/12 23:02:42 stroeder Exp $ +$Id: CHANGES,v 1.317 2014/03/23 19:06:48 stroeder Exp $ diff --git a/Lib/ldap/sasl.py b/Lib/ldap/sasl.py index 4e2d23c..39d6eb1 100644 --- a/Lib/ldap/sasl.py +++ b/Lib/ldap/sasl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: sasl.py,v 1.15 2009/07/26 11:09:58 stroeder Exp $ +\$Id: sasl.py,v 1.16 2014/03/23 19:06:47 stroeder Exp $ Description: The ldap.sasl module provides SASL authentication classes. @@ -31,7 +31,7 @@ CB_PASS = 0x4004 CB_ECHOPROMPT = 0x4005 CB_NOECHOPROMPT= 0x4006 -CB_GETREALM = 0x4007 +CB_GETREALM = 0x4008 class sasl: """This class handles SASL interactions for authentication. From e927f2a4dacb1a50586910ffaea298083fdac169 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 24 Mar 2014 10:22:47 +0000 Subject: [PATCH 117/868] Release 2.4.15 today --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 557aaf7..2dbc707 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.15 2014-03-13 +Released 2.4.15 2014-03-24 Changes since 2.4.14: @@ -1097,4 +1097,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.317 2014/03/23 19:06:48 stroeder Exp $ +$Id: CHANGES,v 1.318 2014/03/24 10:22:47 stroeder Exp $ From 98c55a12b5c1cfb8f1b1457945a4cadea007995f Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 2 May 2014 18:44:31 +0000 Subject: [PATCH 118/868] add command line example --- Demo/pyasn1/syncrepl.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Demo/pyasn1/syncrepl.py b/Demo/pyasn1/syncrepl.py index 04fdc66..dbe9c4c 100644 --- a/Demo/pyasn1/syncrepl.py +++ b/Demo/pyasn1/syncrepl.py @@ -124,7 +124,14 @@ def commenceShutdown(signum, stack): ldap_url = ldapurl.LDAPUrl(sys.argv[1]) database_path = sys.argv[2] except IndexError,e: - print 'Usage: syncrepl-client.py ' + print 'Usage:' + print sys.argv[0], ' ' + print sys.argv[0], '\'ldap://127.0.0.1/cn=users,dc=test'\ + '?*'\ + '?sub'\ + '?(objectClass=*)'\ + '?bindname=uid=admin%2ccn=users%2cdc=test,'\ + 'X-BINDPW=password\' db.shelve' sys.exit(1) except ValueError,e: print 'Error parsing command-line arguments:',str(e) From dddeaa7d87f9df2657f60afc3dd2eddf59fbcccf Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 2 May 2014 18:47:46 +0000 Subject: [PATCH 119/868] __del__() is not called always which sometimes breaks database => use separate method SyncReplConsumer.close_db() --- Demo/pyasn1/syncrepl.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Demo/pyasn1/syncrepl.py b/Demo/pyasn1/syncrepl.py index dbe9c4c..0bf6a31 100644 --- a/Demo/pyasn1/syncrepl.py +++ b/Demo/pyasn1/syncrepl.py @@ -43,7 +43,7 @@ def __init__(self,db_path,*args,**kwargs): # We need this for later internal use self.__presentUUIDs = dict() - def __del__(self): + def close_db(self): # Close the data store properly to avoid corruption self.__data.close() @@ -109,6 +109,7 @@ def commenceShutdown(signum, stack): # Tear down the server connection if( ldap_connection ): + ldap_connection.close_db() del ldap_connection # Shutdown From 4f713542ab59eeac2b9f6bc575cd1db48bc2d002 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 2 May 2014 18:52:17 +0000 Subject: [PATCH 120/868] respect attribute list in LDAP URI --- Demo/pyasn1/syncrepl.py | 1 + 1 file changed, 1 insertion(+) diff --git a/Demo/pyasn1/syncrepl.py b/Demo/pyasn1/syncrepl.py index 0bf6a31..6481bed 100644 --- a/Demo/pyasn1/syncrepl.py +++ b/Demo/pyasn1/syncrepl.py @@ -160,6 +160,7 @@ def commenceShutdown(signum, stack): ldap_url.dn or '', ldap_url.scope or ldap.SCOPE_SUBTREE, mode = 'refreshAndPersist', + attrlist=ldap_url.attrs, filterstr = ldap_url.filterstr or '(objectClass=*)' ) From e317ba0d302953fc0678cd728c1883293bc98c54 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 20 May 2014 20:09:03 +0000 Subject: [PATCH 121/868] Started 2.4.16 --- CHANGES | 11 ++++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 2dbc707..83ae5c7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,12 @@ +---------------------------------------------------------------- +Released 2.4.16 2014-xx-xx + +Changes since 2.4.16: + +Lib/ + +Modules/ + ---------------------------------------------------------------- Released 2.4.15 2014-03-24 @@ -1097,4 +1106,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.318 2014/03/24 10:22:47 stroeder Exp $ +$Id: CHANGES,v 1.319 2014/05/20 20:09:03 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 7220cd3..b5c3e04 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.32 2014/03/12 23:11:26 stroeder Exp $ +$Id: dsml.py,v 1.33 2014/05/20 20:09:03 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.15' +__version__ = '2.4.16' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 1fb9886..fc81a89 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.89 2014/03/12 23:11:26 stroeder Exp $ +$Id: __init__.py,v 1.90 2014/05/20 20:09:03 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.15' +__version__ = '2.4.16' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 7a4c347..d8e2e5c 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.65 2014/03/12 23:11:26 stroeder Exp $ +\$Id: ldapurl.py,v 1.66 2014/05/20 20:09:03 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.15' +__version__ = '2.4.16' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 07dbcf1..d8c9ddc 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.74 2014/03/12 23:11:26 stroeder Exp $ +$Id: ldif.py,v 1.75 2014/05/20 20:09:03 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.15' +__version__ = '2.4.16' __all__ = [ # constants From 05388fbfec4c1262ccdf276ee5fb1e1868087744 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 20 May 2014 20:15:15 +0000 Subject: [PATCH 122/868] New convenience function ldap.dn.is_dn() --- CHANGES | 3 ++- Lib/ldap/dn.py | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 83ae5c7..a8c5148 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,7 @@ Released 2.4.16 2014-xx-xx Changes since 2.4.16: Lib/ +* New convenience function ldap.dn.is_dn() Modules/ @@ -1106,4 +1107,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.319 2014/05/20 20:09:03 stroeder Exp $ +$Id: CHANGES,v 1.320 2014/05/20 20:15:15 stroeder Exp $ diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py index b75a03f..0c5e5ab 100644 --- a/Lib/ldap/dn.py +++ b/Lib/ldap/dn.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: dn.py,v 1.11 2010/06/03 12:26:39 stroeder Exp $ +\$Id: dn.py,v 1.12 2014/05/20 20:15:15 stroeder Exp $ Compability: - Tested with Python 2.0+ @@ -108,3 +108,16 @@ def explode_rdn(rdn,notypes=0,flags=0): return [avalue or '' for atype,avalue,dummy in rdn_decomp] else: return ['='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn_decomp] + + +def is_dn(s): + """ + Returns True is `s' can be parsed by ldap.dn.dn2str() like as a + distinguished host_name (DN), otherwise False is returned. + """ + try: + dn2str(s) + except Exception: + return False + else: + return True From 2f1f4b8cee85b3a3be9825ff780fcf16943d762f Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 20 May 2014 20:27:55 +0000 Subject: [PATCH 123/868] New convenience function ldap.escape_str() --- CHANGES | 3 ++- Lib/ldap/__init__.py | 4 ++-- Lib/ldap/functions.py | 12 +++++++++++- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index a8c5148..e1ec92d 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,7 @@ Changes since 2.4.16: Lib/ * New convenience function ldap.dn.is_dn() +* New convenience function ldap.escape_str() Modules/ @@ -1107,4 +1108,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.320 2014/05/20 20:15:15 stroeder Exp $ +$Id: CHANGES,v 1.321 2014/05/20 20:27:55 stroeder Exp $ diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index fc81a89..b8c9e32 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.90 2014/05/20 20:09:03 stroeder Exp $ +$Id: __init__.py,v 1.91 2014/05/20 20:27:55 stroeder Exp $ """ # This is also the overall release version number @@ -82,7 +82,7 @@ def release(self): # Create module-wide lock for serializing all calls into underlying LDAP lib _ldap_module_lock = LDAPLock(desc='Module wide') -from functions import open,initialize,init,get_option,set_option +from functions import open,initialize,init,get_option,set_option,escape_string from ldap.dn import explode_dn,explode_rdn,str2dn,dn2str del str2dn diff --git a/Lib/ldap/functions.py b/Lib/ldap/functions.py index 03157fe..7599e12 100644 --- a/Lib/ldap/functions.py +++ b/Lib/ldap/functions.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: functions.py,v 1.28 2011/11/23 17:27:46 stroeder Exp $ +\$Id: functions.py,v 1.29 2014/05/20 20:27:55 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -24,6 +24,7 @@ 'open','initialize','init', 'explode_dn','explode_rdn', 'get_option','set_option', + 'escape_string', ] import sys,pprint,_ldap,ldap @@ -130,3 +131,12 @@ def set_option(option,invalue): Set the value of an LDAP global option. """ return _ldap_function_call(None,_ldap.set_option,option,invalue) + + +def escape_str(escape_func,s,*args): + """ + Applies escape_func() to all items of `args' and returns a string based + on format string `s'. + """ + escape_args = map(escape_func,args) + return s % tuple(escape_args) From 78f49c0d548a663a4d0edd29c40d45907185b6a3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 20 May 2014 20:44:28 +0000 Subject: [PATCH 124/868] New convenience function ldap.escape_str() --- Lib/ldap/__init__.py | 4 ++-- Lib/ldap/functions.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index b8c9e32..5a69d0d 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.91 2014/05/20 20:27:55 stroeder Exp $ +$Id: __init__.py,v 1.92 2014/05/20 20:44:28 stroeder Exp $ """ # This is also the overall release version number @@ -82,7 +82,7 @@ def release(self): # Create module-wide lock for serializing all calls into underlying LDAP lib _ldap_module_lock = LDAPLock(desc='Module wide') -from functions import open,initialize,init,get_option,set_option,escape_string +from functions import open,initialize,init,get_option,set_option,escape_str from ldap.dn import explode_dn,explode_rdn,str2dn,dn2str del str2dn diff --git a/Lib/ldap/functions.py b/Lib/ldap/functions.py index 7599e12..1a92fbb 100644 --- a/Lib/ldap/functions.py +++ b/Lib/ldap/functions.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: functions.py,v 1.29 2014/05/20 20:27:55 stroeder Exp $ +\$Id: functions.py,v 1.30 2014/05/20 20:44:28 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -24,7 +24,7 @@ 'open','initialize','init', 'explode_dn','explode_rdn', 'get_option','set_option', - 'escape_string', + 'escape_str', ] import sys,pprint,_ldap,ldap From 51480c856a20cc03fa547be320671f6da283a4e0 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 25 Jul 2014 16:53:47 +0000 Subject: [PATCH 125/868] Fixed indentation --- Demo/pyasn1/syncrepl.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Demo/pyasn1/syncrepl.py b/Demo/pyasn1/syncrepl.py index 6481bed..cc9bdea 100644 --- a/Demo/pyasn1/syncrepl.py +++ b/Demo/pyasn1/syncrepl.py @@ -133,10 +133,10 @@ def commenceShutdown(signum, stack): '?(objectClass=*)'\ '?bindname=uid=admin%2ccn=users%2cdc=test,'\ 'X-BINDPW=password\' db.shelve' - sys.exit(1) + sys.exit(1) except ValueError,e: - print 'Error parsing command-line arguments:',str(e) - sys.exit(1) + print 'Error parsing command-line arguments:',str(e) + sys.exit(1) while watcher_running: print 'Connecting to LDAP server now...' From c4e7647c8b76da18f29f3068ba8fa166bf05ab6f Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 25 Jul 2014 17:08:56 +0000 Subject: [PATCH 126/868] New convenience methods LDAPObject.read_s() and LDAPObject.find_unique_entry() --- CHANGES | 4 ++- Lib/ldap/__init__.py | 4 ++- Lib/ldap/ldapobject.py | 62 +++++++++++++++++++++++++++++++++++------- 3 files changed, 58 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index e1ec92d..82881ae 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,8 @@ Changes since 2.4.16: Lib/ * New convenience function ldap.dn.is_dn() * New convenience function ldap.escape_str() +* New convenience methods LDAPObject.read_s() and + LDAPObject.find_unique_entry() Modules/ @@ -1108,4 +1110,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.321 2014/05/20 20:27:55 stroeder Exp $ +$Id: CHANGES,v 1.322 2014/07/25 17:08:56 stroeder Exp $ diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 5a69d0d..e425b1f 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.92 2014/05/20 20:44:28 stroeder Exp $ +$Id: __init__.py,v 1.93 2014/07/25 17:08:56 stroeder Exp $ """ # This is also the overall release version number @@ -84,6 +84,8 @@ def release(self): from functions import open,initialize,init,get_option,set_option,escape_str +from ldapobject import NO_UNIQUE_ENTRY + from ldap.dn import explode_dn,explode_rdn,str2dn,dn2str del str2dn del dn2str diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 3293ff0..7328006 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.138 2014/02/19 20:05:57 stroeder Exp $ +\$Id: ldapobject.py,v 1.139 2014/07/25 17:08:56 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -41,6 +41,13 @@ from ldap import LDAPError +class NO_UNIQUE_ENTRY(ldap.NO_SUCH_OBJECT): + """ + Exception raised if a LDAP search returned more than entry entry + although assumed to return a unique single search result. + """ + + class SimpleLDAPObject: """ Drop-in wrapper class around _ldap.LDAPObject @@ -638,24 +645,59 @@ def search_subschemasubentry_s(self,dn=''): except IndexError: return None + def read_s(self,dn,filterstr=None,attrlist=None,serverctrls=None,clientctrls=None,timeout=-1): + """ + Reads and returns a single entry specified by `dn'. + + Other attributes just like those passed to `search_ext_s()' + """ + r = self.search_ext_s( + dn, + ldap.SCOPE_BASE, + filterstr or '(objectClass=*)', + attrlist=attrlist, + serverctrls=serverctrls, + clientctrls=clientctrls, + timeout=timeout, + ) + if r: + return r[0][1] + else: + return ldap.NO_SUCH_OBJECT('Empty search result reading %s' % (repr(dn))) + def read_subschemasubentry_s(self,subschemasubentry_dn,attrs=None): """ Returns the sub schema sub entry's data """ - attrs = attrs or SCHEMA_ATTRS try: - r = self.search_s( - subschemasubentry_dn,ldap.SCOPE_BASE, - '(objectClass=subschema)', - attrs + subschemasubentry = self.read_s( + subschemasubentry_dn, + filterstr='(objectClass=subschema)', + attrlist=attrs or SCHEMA_ATTRS ) except ldap.NO_SUCH_OBJECT: return None else: - if r: - return r[0][1] - else: - return None + return subschemasubentry + + def find_unique_entry(self,base,scope=ldap.SCOPE_SUBTREE,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1): + """ + Returns a unique entry, raises exception if not unique + """ + r = self.search_ext_s( + base, + scope, + filterstr, + attrlist=attrlist or ['*'], + attrsonly=attrsonly, + serverctrls=serverctrls, + clientctrls=clientctrls, + timeout=timeout, + sizelimit=2, + ) + if len(r)!=1: + raise NO_UNIQUE_ENTRY('No or non-unique search result for %s' % (repr(filterstr))) + return r[0] class NonblockingLDAPObject(SimpleLDAPObject): From 7a318bf2b50fa8440d234c31e31aaeb922111379 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 8 Sep 2014 19:48:11 +0000 Subject: [PATCH 127/868] ReconnectLDAPObject.reconnect(): Fixed invoking start_tls_s() --- CHANGES | 4 +++- Lib/ldap/ldapobject.py | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 82881ae..1ffa6e1 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,8 @@ Lib/ * New convenience function ldap.escape_str() * New convenience methods LDAPObject.read_s() and LDAPObject.find_unique_entry() +* Fixed invoking start_tls_s() in ReconnectLDAPObject.reconnect() + (thanks to Philipp Hahn) Modules/ @@ -1110,4 +1112,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.322 2014/07/25 17:08:56 stroeder Exp $ +$Id: CHANGES,v 1.323 2014/09/08 19:48:11 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 7328006..c2d4dde 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.139 2014/07/25 17:08:56 stroeder Exp $ +\$Id: ldapobject.py,v 1.140 2014/09/08 19:48:11 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -826,7 +826,7 @@ def reconnect(self,uri,retry_max=1,retry_delay=60.0): self._restore_options() # StartTLS extended operation in case this was called before if self._start_tls: - self.start_tls_s() + SimpleLDAPObject.start_tls_s() # Repeat last simple or SASL bind self._apply_last_bind() except (ldap.SERVER_DOWN,ldap.TIMEOUT),e: From 1de68de7e0a8c40f9429f6a4f4ca54b962e6fe4f Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 9 Sep 2014 10:14:47 +0000 Subject: [PATCH 128/868] self --- Lib/ldap/ldapobject.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index c2d4dde..8c6a9a0 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.140 2014/09/08 19:48:11 stroeder Exp $ +\$Id: ldapobject.py,v 1.141 2014/09/09 10:14:47 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -826,7 +826,7 @@ def reconnect(self,uri,retry_max=1,retry_delay=60.0): self._restore_options() # StartTLS extended operation in case this was called before if self._start_tls: - SimpleLDAPObject.start_tls_s() + SimpleLDAPObject.start_tls_s(self) # Repeat last simple or SASL bind self._apply_last_bind() except (ldap.SERVER_DOWN,ldap.TIMEOUT),e: From 0d539658a3f162dd0206599adad860f7fc802df0 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 10 Sep 2014 12:16:32 +0000 Subject: [PATCH 129/868] Release 2.4.16 now --- CHANGES | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 1ffa6e1..99b16f6 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ ---------------------------------------------------------------- -Released 2.4.16 2014-xx-xx +Released 2.4.16 2014-09-10 -Changes since 2.4.16: +Changes since 2.4.15: Lib/ * New convenience function ldap.dn.is_dn() @@ -11,8 +11,6 @@ Lib/ * Fixed invoking start_tls_s() in ReconnectLDAPObject.reconnect() (thanks to Philipp Hahn) -Modules/ - ---------------------------------------------------------------- Released 2.4.15 2014-03-24 @@ -1112,4 +1110,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.323 2014/09/08 19:48:11 stroeder Exp $ +$Id: CHANGES,v 1.324 2014/09/10 12:16:32 stroeder Exp $ From 315ca29c612afc072f8e28023b279bda5c775b49 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 12 Sep 2014 12:00:08 +0000 Subject: [PATCH 130/868] Started 2.4.17 --- CHANGES | 13 ++++++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 20 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 99b16f6..436b789 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,14 @@ +---------------------------------------------------------------- +Released 2.4.17 2014-xx-xx + +Changes since 2.4.16: + +Lib/ +* + +Modules/ +* + ---------------------------------------------------------------- Released 2.4.16 2014-09-10 @@ -1110,4 +1121,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.324 2014/09/10 12:16:32 stroeder Exp $ +$Id: CHANGES,v 1.325 2014/09/12 12:00:08 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index b5c3e04..d0f82d3 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.33 2014/05/20 20:09:03 stroeder Exp $ +$Id: dsml.py,v 1.34 2014/09/12 12:00:09 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.16' +__version__ = '2.4.17' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index e425b1f..fe4d2ed 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.93 2014/07/25 17:08:56 stroeder Exp $ +$Id: __init__.py,v 1.94 2014/09/12 12:00:09 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.16' +__version__ = '2.4.17' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index d8e2e5c..1ca288c 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.66 2014/05/20 20:09:03 stroeder Exp $ +\$Id: ldapurl.py,v 1.67 2014/09/12 12:00:09 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.16' +__version__ = '2.4.17' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index d8c9ddc..78fdb52 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.75 2014/05/20 20:09:03 stroeder Exp $ +$Id: ldif.py,v 1.76 2014/09/12 12:00:09 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.16' +__version__ = '2.4.17' __all__ = [ # constants From 805824b94e172c41839191b6e27a991fd7885d49 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 12 Sep 2014 12:02:21 +0000 Subject: [PATCH 131/868] Added support for getting file descriptor of connection with ldap.OPT_DESC --- CHANGES | 5 +++-- Modules/constants.c | 3 ++- Modules/options.c | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 436b789..442d431 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,8 @@ Lib/ * Modules/ -* +* Added support for getting file descriptor of connection + with ldap.OPT_DESC ---------------------------------------------------------------- Released 2.4.16 2014-09-10 @@ -1121,4 +1122,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.325 2014/09/12 12:00:08 stroeder Exp $ +$Id: CHANGES,v 1.326 2014/09/12 12:02:21 stroeder Exp $ diff --git a/Modules/constants.c b/Modules/constants.c index 458ae09..58a8db5 100644 --- a/Modules/constants.c +++ b/Modules/constants.c @@ -1,6 +1,6 @@ /* constants defined for LDAP * See http://www.python-ldap.org/ for details. - * $Id: constants.c,v 1.58 2014/03/12 23:02:42 stroeder Exp $ */ + * $Id: constants.c,v 1.59 2014/09/12 12:02:21 stroeder Exp $ */ #include "common.h" #include "constants.h" @@ -155,6 +155,7 @@ LDAPinit_constants( PyObject* d ) add_int(d,OPT_API_FEATURE_INFO); add_int(d,OPT_HOST_NAME); + add_int(d,OPT_DESC); add_int(d,OPT_DIAGNOSTIC_MESSAGE); add_int(d,OPT_ERROR_STRING); diff --git a/Modules/options.c b/Modules/options.c index 9cad581..f7c97b1 100644 --- a/Modules/options.c +++ b/Modules/options.c @@ -1,5 +1,5 @@ /* See http://www.python-ldap.org/ for details. - * $Id: options.c,v 1.41 2013/09/11 08:16:27 stroeder Exp $ */ + * $Id: options.c,v 1.42 2014/09/12 12:02:21 stroeder Exp $ */ #include "common.h" #include "errors.h" @@ -236,6 +236,7 @@ LDAP_get_option(LDAPObject *self, int option) case LDAP_OPT_PROTOCOL_VERSION: case LDAP_OPT_ERROR_NUMBER: case LDAP_OPT_DEBUG_LEVEL: + case LDAP_OPT_DESC: #ifdef HAVE_TLS case LDAP_OPT_X_TLS: case LDAP_OPT_X_TLS_REQUIRE_CERT: From 8cc2bc08fdceb57d7ad592767c5bcd1bb005d9dd Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 25 Sep 2014 16:31:00 +0000 Subject: [PATCH 132/868] New hook syncrepl_refreshdone() in ldap.syncrepl.SyncReplConsumer (thanks to Petr Spacek) --- CHANGES | 5 +++-- Demo/pyasn1/syncrepl.py | 7 +++++-- Lib/ldap/syncrepl.py | 20 +++++++++++++++++--- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 442d431..494bad5 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Released 2.4.17 2014-xx-xx Changes since 2.4.16: Lib/ -* +* New hook syncrepl_refreshdone() in ldap.syncrepl.SyncReplConsumer + (thanks to Petr Spacek) Modules/ * Added support for getting file descriptor of connection @@ -1122,4 +1123,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.326 2014/09/12 12:02:21 stroeder Exp $ +$Id: CHANGES,v 1.327 2014/09/25 16:31:00 stroeder Exp $ diff --git a/Demo/pyasn1/syncrepl.py b/Demo/pyasn1/syncrepl.py index cc9bdea..c1185e6 100644 --- a/Demo/pyasn1/syncrepl.py +++ b/Demo/pyasn1/syncrepl.py @@ -93,6 +93,9 @@ def syncrepl_present(self,uuids,refreshDeletes=False): for uuid in uuids: self.__presentUUIDs[uuid] = True + def syncrepl_refreshdone(self): + print 'Initial synchronization is now done, persist phase begins' + def perform_application_sync(self,dn,attributes,previous_attributes): print 'Performing application sync for:', dn return True @@ -135,8 +138,8 @@ def commenceShutdown(signum, stack): 'X-BINDPW=password\' db.shelve' sys.exit(1) except ValueError,e: - print 'Error parsing command-line arguments:',str(e) - sys.exit(1) + print 'Error parsing command-line arguments:',str(e) + sys.exit(1) while watcher_running: print 'Connecting to LDAP server now...' diff --git a/Lib/ldap/syncrepl.py b/Lib/ldap/syncrepl.py index 1d79bef..928aef5 100644 --- a/Lib/ldap/syncrepl.py +++ b/Lib/ldap/syncrepl.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for project details. -$Id: syncrepl.py,v 1.3 2012/08/09 07:18:31 stroeder Exp $ +$Id: syncrepl.py,v 1.4 2014/09/25 16:31:00 stroeder Exp $ """ #__all__ = [ @@ -330,6 +330,11 @@ def syncrepl_search(self, base, scope, mode='refreshOnly', cookie=None, **search self.__refreshDone = False return self.search_ext(base, scope, **search_args) + def _syncrepl_update_refreshdone(self, newvalue): + callback = newvalue and not self.__refreshDone + self.__refreshDone = newvalue + if callback: + self.syncrepl_refreshdone() def syncrepl_poll(self, msgid=-1, timeout=None, all=0): """ @@ -394,12 +399,12 @@ def syncrepl_poll(self, msgid=-1, timeout=None, all=0): self.syncrepl_present(None, refreshDeletes=False) if 'cookie' in sim.refreshPresent: self.syncrepl_set_cookie(sim.refreshPresent['cookie']) - self.__refreshDone=sim.refreshPresent['refreshDone'] + self._syncrepl_update_refreshdone(sim.refreshPresent['refreshDone']) elif sim.refreshDelete is not None: self.syncrepl_present(None, refreshDeletes=True) if 'cookie' in sim.refreshDelete: self.syncrepl_set_cookie(sim.refreshDelete['cookie']) - self.__refreshDone=sim.refreshDelete['refreshDone'] + self._syncrepl_update_refreshdone(sim.refreshDelete['refreshDone']) elif sim.syncIdSet is not None: if sim.syncIdSet['refreshDeletes'] is True: self.syncrepl_delete(sim.syncIdSet['syncUUIDs']) @@ -467,3 +472,12 @@ def syncrepl_entry(self, dn, attrs, uuid): """ pass + + def syncrepl_refreshdone(self): + """ + Called by syncrepl_poll() between refresh and persist phase. + + It indicates that initial synchronization is done and persist phase + follows. + """ + pass From 2fb024d0d8516ab235c8aea5983a372e64f47bfb Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 26 Sep 2014 12:18:05 +0000 Subject: [PATCH 133/868] Different approach for syncrepl refresh done --- CHANGES | 4 ++-- Lib/ldap/syncrepl.py | 16 +++++++--------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 494bad5..cedcd07 100644 --- a/CHANGES +++ b/CHANGES @@ -5,7 +5,7 @@ Changes since 2.4.16: Lib/ * New hook syncrepl_refreshdone() in ldap.syncrepl.SyncReplConsumer - (thanks to Petr Spacek) + (thanks to Petr Spacek and Chris Mikkelson) Modules/ * Added support for getting file descriptor of connection @@ -1123,4 +1123,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.327 2014/09/25 16:31:00 stroeder Exp $ +$Id: CHANGES,v 1.328 2014/09/26 12:18:05 stroeder Exp $ diff --git a/Lib/ldap/syncrepl.py b/Lib/ldap/syncrepl.py index 928aef5..7067770 100644 --- a/Lib/ldap/syncrepl.py +++ b/Lib/ldap/syncrepl.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for project details. -$Id: syncrepl.py,v 1.4 2014/09/25 16:31:00 stroeder Exp $ +$Id: syncrepl.py,v 1.5 2014/09/26 12:18:05 stroeder Exp $ """ #__all__ = [ @@ -330,12 +330,6 @@ def syncrepl_search(self, base, scope, mode='refreshOnly', cookie=None, **search self.__refreshDone = False return self.search_ext(base, scope, **search_args) - def _syncrepl_update_refreshdone(self, newvalue): - callback = newvalue and not self.__refreshDone - self.__refreshDone = newvalue - if callback: - self.syncrepl_refreshdone() - def syncrepl_poll(self, msgid=-1, timeout=None, all=0): """ polls for and processes responses to the syncrepl_search() operation. @@ -399,12 +393,16 @@ def syncrepl_poll(self, msgid=-1, timeout=None, all=0): self.syncrepl_present(None, refreshDeletes=False) if 'cookie' in sim.refreshPresent: self.syncrepl_set_cookie(sim.refreshPresent['cookie']) - self._syncrepl_update_refreshdone(sim.refreshPresent['refreshDone']) + if sim.refreshPresent['refreshDone']: + self.__refreshDone = True + self.syncrepl_refreshdone() elif sim.refreshDelete is not None: self.syncrepl_present(None, refreshDeletes=True) if 'cookie' in sim.refreshDelete: self.syncrepl_set_cookie(sim.refreshDelete['cookie']) - self._syncrepl_update_refreshdone(sim.refreshDelete['refreshDone']) + if sim.refreshDelete['refreshDone']: + self.__refreshDone = True + self.syncrepl_refreshdone() elif sim.syncIdSet is not None: if sim.syncIdSet['refreshDeletes'] is True: self.syncrepl_delete(sim.syncIdSet['syncUUIDs']) From bc7e8f4b27a7a8d0f9e4b7170964fe3106160b3a Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 26 Sep 2014 16:11:43 +0000 Subject: [PATCH 134/868] Note about single syncrepl limitation --- Lib/ldap/syncrepl.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Lib/ldap/syncrepl.py b/Lib/ldap/syncrepl.py index 7067770..8426d73 100644 --- a/Lib/ldap/syncrepl.py +++ b/Lib/ldap/syncrepl.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for project details. -$Id: syncrepl.py,v 1.5 2014/09/26 12:18:05 stroeder Exp $ +$Id: syncrepl.py,v 1.6 2014/09/26 16:11:43 stroeder Exp $ """ #__all__ = [ @@ -316,6 +316,10 @@ def syncrepl_search(self, base, scope, mode='refreshOnly', cookie=None, **search methods to store the cookie appropriately, rather than passing it. + Only a single syncrepl search may be active on a SyncreplConsumer + object. Multiple concurrent syncrepl searches require multiple + separate SyncreplConsumer objects and thus multiple connections + (LDAPObject instances). """ if cookie is None: cookie = self.syncrepl_get_cookie() From a6b71d03dacc96a61359ce5f093c6275e1757565 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 27 Sep 2014 09:39:58 +0000 Subject: [PATCH 135/868] Prepare release 2.4.17 --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index cedcd07..6b01e7d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.17 2014-xx-xx +Released 2.4.17 2014-09-27 Changes since 2.4.16: @@ -1123,4 +1123,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.328 2014/09/26 12:18:05 stroeder Exp $ +$Id: CHANGES,v 1.329 2014/09/27 09:39:58 stroeder Exp $ From 70c8d73d46d017a6ff3ac309e791add9bc8a4976 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 27 Sep 2014 10:18:04 +0000 Subject: [PATCH 136/868] Updated copyright and release --- Doc/conf.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Doc/conf.py b/Doc/conf.py index e46e992..cbcf361 100644 --- a/Doc/conf.py +++ b/Doc/conf.py @@ -11,7 +11,7 @@ # All configuration values have a default value; values that are commented out # serve to show the default value. # -# $Id: conf.py,v 1.18 2012/08/09 07:19:12 stroeder Exp $ +# $Id: conf.py,v 1.19 2014/09/27 10:18:04 stroeder Exp $ import sys @@ -36,7 +36,7 @@ # General substitutions. project = 'python-ldap' -copyright = '2008-2011, python-ldap project team' +copyright = '2008-2014, python-ldap project team' # The default replacements for |version| and |release|, also used in various # other places throughout the built documents. @@ -44,7 +44,7 @@ # The short X.Y version. version = '2.4' # The full version, including alpha/beta/rc tags. -release = '2.4.10.0' +release = '2.4.17.0' # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: From 64cca81525e5a2215084c26f2bb38adf93371f28 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 8 Oct 2014 17:16:04 +0000 Subject: [PATCH 137/868] Started 2.4.18 --- CHANGES | 13 ++++++++++++- Doc/conf.py | 4 ++-- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 6 files changed, 22 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 6b01e7d..c5586f3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,14 @@ +---------------------------------------------------------------- +Released 2.4.18 2014-xx-xx + +Changes since 2.4.17: + +Lib/ +* + +Modules/ +* + ---------------------------------------------------------------- Released 2.4.17 2014-09-27 @@ -1123,4 +1134,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.329 2014/09/27 09:39:58 stroeder Exp $ +$Id: CHANGES,v 1.330 2014/10/08 17:16:04 stroeder Exp $ diff --git a/Doc/conf.py b/Doc/conf.py index cbcf361..542324e 100644 --- a/Doc/conf.py +++ b/Doc/conf.py @@ -11,7 +11,7 @@ # All configuration values have a default value; values that are commented out # serve to show the default value. # -# $Id: conf.py,v 1.19 2014/09/27 10:18:04 stroeder Exp $ +# $Id: conf.py,v 1.20 2014/10/08 17:16:05 stroeder Exp $ import sys @@ -44,7 +44,7 @@ # The short X.Y version. version = '2.4' # The full version, including alpha/beta/rc tags. -release = '2.4.17.0' +release = '2.4.18.0' # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: diff --git a/Lib/dsml.py b/Lib/dsml.py index d0f82d3..8814315 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.34 2014/09/12 12:00:09 stroeder Exp $ +$Id: dsml.py,v 1.35 2014/10/08 17:16:05 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.17' +__version__ = '2.4.18' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index fe4d2ed..3dc356d 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.94 2014/09/12 12:00:09 stroeder Exp $ +$Id: __init__.py,v 1.95 2014/10/08 17:16:05 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.17' +__version__ = '2.4.18' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 1ca288c..8b8a917 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.67 2014/09/12 12:00:09 stroeder Exp $ +\$Id: ldapurl.py,v 1.68 2014/10/08 17:16:05 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.17' +__version__ = '2.4.18' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 78fdb52..92323dd 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.76 2014/09/12 12:00:09 stroeder Exp $ +$Id: ldif.py,v 1.77 2014/10/08 17:16:05 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.17' +__version__ = '2.4.18' __all__ = [ # constants From 2983bffa7e8651b0e88a8b469666c147688319a8 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 8 Oct 2014 17:27:06 +0000 Subject: [PATCH 138/868] Fixed raising exception in LDAPObject.read_s() when reading an entry returns empty search result --- CHANGES | 5 +++-- Lib/ldap/ldapobject.py | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index c5586f3..b2ded09 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Released 2.4.18 2014-xx-xx Changes since 2.4.17: Lib/ -* +* Fixed raising exception in LDAPObject.read_s() when reading + an entry returns empty search result Modules/ * @@ -1134,4 +1135,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.330 2014/10/08 17:16:04 stroeder Exp $ +$Id: CHANGES,v 1.331 2014/10/08 17:27:06 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 8c6a9a0..492a90f 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.141 2014/09/09 10:14:47 stroeder Exp $ +\$Id: ldapobject.py,v 1.142 2014/10/08 17:27:06 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -663,7 +663,7 @@ def read_s(self,dn,filterstr=None,attrlist=None,serverctrls=None,clientctrls=Non if r: return r[0][1] else: - return ldap.NO_SUCH_OBJECT('Empty search result reading %s' % (repr(dn))) + raise ldap.NO_SUCH_OBJECT('Empty search result reading entry %s' % (repr(dn))) def read_subschemasubentry_s(self,subschemasubentry_dn,attrs=None): """ From 731f0d7e559e5b6143647dc6fe0f3e8a364a109f Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 9 Oct 2014 08:22:13 +0000 Subject: [PATCH 139/868] Release 2.4.18 now --- CHANGES | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index b2ded09..71e1322 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.18 2014-xx-xx +Released 2.4.18 2014-10-09 Changes since 2.4.17: @@ -7,9 +7,6 @@ Lib/ * Fixed raising exception in LDAPObject.read_s() when reading an entry returns empty search result -Modules/ -* - ---------------------------------------------------------------- Released 2.4.17 2014-09-27 @@ -1135,4 +1132,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.331 2014/10/08 17:27:06 stroeder Exp $ +$Id: CHANGES,v 1.332 2014/10/09 08:22:13 stroeder Exp $ From 66683502dc7c3f9c947b47fcb9f5fd8c20f449e5 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 18 Nov 2014 08:27:22 +0000 Subject: [PATCH 140/868] Updated python-ldap homepage URL --- Build/build-openbsd/Makefile | 4 ++-- Demo/resiter.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Build/build-openbsd/Makefile b/Build/build-openbsd/Makefile index fac650f..3636b95 100644 --- a/Build/build-openbsd/Makefile +++ b/Build/build-openbsd/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.3 2000/08/20 15:04:23 leonard Exp $ +# $Id: Makefile,v 1.4 2014/11/18 08:27:23 stroeder Exp $ WRKDIST= ${.CURDIR}/../.. VERSION!= sh ${WRKDIST}/Build/version.sh @@ -7,7 +7,7 @@ PKGNAME= python-ldap-${VERSION} RUN_DEPENDS= python:lang/python CATEGORIES= misc MAINATINER= leonard@users.sourceforge.net -HOMEPAGE= http://python-ldap.sourceforge.net/ +HOMEPAGE= http://www.python-ldap.org/ FAKE= Yes CONFIGURE_STYLE= gnu diff --git a/Demo/resiter.py b/Demo/resiter.py index 4b49fae..9577d2c 100644 --- a/Demo/resiter.py +++ b/Demo/resiter.py @@ -2,9 +2,9 @@ Demo for using ldap.resiter.ResultProcessor written by Michael Stroeder -See http://python-ldap.sourceforge.net for details. +See http://www.python-ldap.org for details. -\$Id: resiter.py,v 1.1 2005/11/07 11:24:25 stroeder Exp $ +\$Id: resiter.py,v 1.2 2014/11/18 08:27:22 stroeder Exp $ Python compability note: Requires Python 2.3+ From dddd890954b3feb25aa29a579690f427fd67c79d Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 18 Nov 2014 08:28:48 +0000 Subject: [PATCH 141/868] FWIW corrected typo in MAINTAINER=leonard@users.sourceforge.net --- Build/build-openbsd/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Build/build-openbsd/Makefile b/Build/build-openbsd/Makefile index 3636b95..6808edc 100644 --- a/Build/build-openbsd/Makefile +++ b/Build/build-openbsd/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.4 2014/11/18 08:27:23 stroeder Exp $ +# $Id: Makefile,v 1.5 2014/11/18 08:28:48 stroeder Exp $ WRKDIST= ${.CURDIR}/../.. VERSION!= sh ${WRKDIST}/Build/version.sh @@ -6,7 +6,7 @@ VERSION!= sh ${WRKDIST}/Build/version.sh PKGNAME= python-ldap-${VERSION} RUN_DEPENDS= python:lang/python CATEGORIES= misc -MAINATINER= leonard@users.sourceforge.net +MAINTAINER= leonard@users.sourceforge.net HOMEPAGE= http://www.python-ldap.org/ FAKE= Yes From 5a68a893a0cf9f9e330e0f06f9b08a4b8dc071cf Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 23 Nov 2014 18:49:13 +0000 Subject: [PATCH 142/868] Started 2.4.19 --- CHANGES | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 71e1322..7a0b10b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,11 @@ +---------------------------------------------------------------- +Released 2.4.19 2014-xx-xx + +Changes since 2.4.18: + +Lib/ +* + ---------------------------------------------------------------- Released 2.4.18 2014-10-09 @@ -1132,4 +1140,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.332 2014/10/09 08:22:13 stroeder Exp $ +$Id: CHANGES,v 1.333 2014/11/23 18:49:13 stroeder Exp $ From 172da4def4e1fe9aa64a818375280f45f246a71f Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 23 Nov 2014 18:51:53 +0000 Subject: [PATCH 143/868] SF#64: Fixed missing ReconnectLDAPObject._reconnect_lock when pickling --- CHANGES | 5 +++-- Lib/ldap/ldapobject.py | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 7a0b10b..0046ea0 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Released 2.4.19 2014-xx-xx Changes since 2.4.18: Lib/ -* +* Fixed missing ReconnectLDAPObject._reconnect_lock when pickling + (see SF#64, thanks to Dan O'Reilly) ---------------------------------------------------------------- Released 2.4.18 2014-10-09 @@ -1140,4 +1141,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.333 2014/11/23 18:49:13 stroeder Exp $ +$Id: CHANGES,v 1.334 2014/11/23 18:51:53 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 492a90f..97deccf 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.142 2014/10/08 17:27:06 stroeder Exp $ +\$Id: ldapobject.py,v 1.143 2014/11/23 18:51:53 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -751,6 +751,7 @@ class ReconnectLDAPObject(SimpleLDAPObject): '_l':None, '_ldap_object_lock':None, '_trace_file':None, + '_reconnect_lock':None, } def __init__( @@ -789,6 +790,7 @@ def __setstate__(self,d): """set up the object from pickled data""" self.__dict__.update(d) self._ldap_object_lock = self._ldap_lock() + self._reconnect_lock = ldap.LDAPLock(desc='reconnect lock within %s' % (repr(self))) self._trace_file = sys.stdout self.reconnect(self._uri) From 684e3cbdf14774a7c7fae3f35fd0e3fc2302dea3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 12 Dec 2014 09:59:40 +0000 Subject: [PATCH 144/868] Added sub-module ldap.controls.pagedresults --- CHANGES | 4 ++- Lib/ldap/controls/pagedresults.py | 53 +++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 Lib/ldap/controls/pagedresults.py diff --git a/CHANGES b/CHANGES index 0046ea0..0678ecb 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,8 @@ Changes since 2.4.18: Lib/ * Fixed missing ReconnectLDAPObject._reconnect_lock when pickling (see SF#64, thanks to Dan O'Reilly) +* Added ldap.controls.pagedresults which as pure Python implementation of + Simple Paged Results Control (see RFC 2696) ---------------------------------------------------------------- Released 2.4.18 2014-10-09 @@ -1141,4 +1143,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.334 2014/11/23 18:51:53 stroeder Exp $ +$Id: CHANGES,v 1.335 2014/12/12 09:59:40 stroeder Exp $ diff --git a/Lib/ldap/controls/pagedresults.py b/Lib/ldap/controls/pagedresults.py new file mode 100644 index 0000000..f5848d0 --- /dev/null +++ b/Lib/ldap/controls/pagedresults.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +""" +ldap.controls.paged - classes for Simple Paged control +(see RFC 2696) + +See http://www.python-ldap.org/ for project details. + +$Id: pagedresults.py,v 1.1 2014/12/12 09:59:40 stroeder Exp $ +""" + +__all__ = [ + 'SimplePagedResultsControl' +] + +# Imports from python-ldap 2.4+ +import ldap.controls +from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS + +# Imports from pyasn1 +from pyasn1.type import tag,namedtype,univ,constraint +from pyasn1.codec.ber import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPString + + +class PagedResultsControlValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('size',univ.Integer()), + namedtype.NamedType('cookie',LDAPString()), + ) + + +class SimplePagedResultsControl(RequestControl,ResponseControl): + controlType = '1.2.840.113556.1.4.319' + + def __init__(self,criticality=False,size=10,cookie=''): + self.criticality = criticality + self.size = size + self.cookie = cookie or '' + + def encodeControlValue(self): + pc = PagedResultsControlValue() + pc.setComponentByName('size',univ.Integer(self.size)) + pc.setComponentByName('cookie',LDAPString(self.cookie)) + return encoder.encode(pc) + + def decodeControlValue(self,encodedControlValue): + print '***',self.__class__.__module__,self.__class__.__name__ + decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=PagedResultsControlValue()) + self.size = int(decodedValue.getComponentByName('size')) + self.cookie = str(decodedValue.getComponentByName('cookie')) + + +KNOWN_RESPONSE_CONTROLS[SimplePagedResultsControl.controlType] = SimplePagedResultsControl From 76c05ccc561716ccec0ec1e4c96d1ba275461138 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 12 Dec 2014 10:10:23 +0000 Subject: [PATCH 145/868] Removed debug print statement --- Lib/ldap/controls/pagedresults.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Lib/ldap/controls/pagedresults.py b/Lib/ldap/controls/pagedresults.py index f5848d0..54c0ddf 100644 --- a/Lib/ldap/controls/pagedresults.py +++ b/Lib/ldap/controls/pagedresults.py @@ -5,7 +5,7 @@ See http://www.python-ldap.org/ for project details. -$Id: pagedresults.py,v 1.1 2014/12/12 09:59:40 stroeder Exp $ +$Id: pagedresults.py,v 1.2 2014/12/12 10:10:23 stroeder Exp $ """ __all__ = [ @@ -44,7 +44,6 @@ def encodeControlValue(self): return encoder.encode(pc) def decodeControlValue(self,encodedControlValue): - print '***',self.__class__.__module__,self.__class__.__name__ decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=PagedResultsControlValue()) self.size = int(decodedValue.getComponentByName('size')) self.cookie = str(decodedValue.getComponentByName('cookie')) From 8014f4c02f424122de01acda1b9c7baa4cb44cb7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 12 Dec 2014 10:32:47 +0000 Subject: [PATCH 146/868] More flexible vars --- Demo/page_control.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/Demo/page_control.py b/Demo/page_control.py index 9d1a0e2..7cc6253 100644 --- a/Demo/page_control.py +++ b/Demo/page_control.py @@ -1,18 +1,24 @@ -url = "ldap://localhost:1390/" +# -*- coding: utf-8 -*- + +url = "ldap://localhost:1390" base = "dc=stroeder,dc=de" search_flt = r'(objectClass=*)' page_size = 10 +binddn = '' +bindpw = '' +trace_level = 0 import ldap,pprint -from ldap.controls import SimplePagedResultsControl +#from ldap.controls.libldap import SimplePagedResultsControl +from ldap.controls.pagedresults import SimplePagedResultsControl searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldap.set_option(ldap.OPT_REFERRALS, 0) -l = ldap.initialize(url,trace_level=1) +l = ldap.initialize(url,trace_level=trace_level) l.protocol_version = 3 -l.simple_bind_s("", "") +l.simple_bind_s(binddn,bindpw) req_ctrl = SimplePagedResultsControl(True,size=page_size,cookie='') @@ -32,11 +38,12 @@ pages = 0 while True: pages += 1 + print '-'*60 print "Getting page %d" % (pages) rtype, rdata, rmsgid, serverctrls = l.result3(msgid,resp_ctrl_classes=known_ldap_resp_ctrls) print '%d results' % len(rdata) print 'serverctrls=',pprint.pprint(serverctrls) -# pprint.pprint(rdata) + print 'rdata=',pprint.pprint(rdata) pctrls = [ c for c in serverctrls From d1b868809a6a626e0301cbf577a056801db2ff1e Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 12 Dec 2014 10:34:20 +0000 Subject: [PATCH 147/868] Preferrably import from ldap.controls.pagedresults --- Demo/page_control.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Demo/page_control.py b/Demo/page_control.py index 7cc6253..0fc904b 100644 --- a/Demo/page_control.py +++ b/Demo/page_control.py @@ -9,8 +9,11 @@ trace_level = 0 import ldap,pprint -#from ldap.controls.libldap import SimplePagedResultsControl -from ldap.controls.pagedresults import SimplePagedResultsControl + +try: + from ldap.controls.pagedresults import SimplePagedResultsControl +except ImportError: + from ldap.controls.libldap import SimplePagedResultsControl searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] From 4f227d9ab229950476a361ff0a9ec8508aa53e44 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 9 Jan 2015 23:27:39 +0000 Subject: [PATCH 148/868] typo --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0678ecb..2830b75 100644 --- a/CHANGES +++ b/CHANGES @@ -6,7 +6,7 @@ Changes since 2.4.18: Lib/ * Fixed missing ReconnectLDAPObject._reconnect_lock when pickling (see SF#64, thanks to Dan O'Reilly) -* Added ldap.controls.pagedresults which as pure Python implementation of +* Added ldap.controls.pagedresults which is pure Python implementation of Simple Paged Results Control (see RFC 2696) ---------------------------------------------------------------- @@ -1143,4 +1143,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.335 2014/12/12 09:59:40 stroeder Exp $ +$Id: CHANGES,v 1.336 2015/01/09 23:27:39 stroeder Exp $ From 0b441ce2bc314ae907257abe87de17c325e283a6 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 10 Jan 2015 10:27:32 +0000 Subject: [PATCH 149/868] Mention reason for ldap.controls.pagedresults --- CHANGES | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 2830b75..3d7473a 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,8 @@ Lib/ * Fixed missing ReconnectLDAPObject._reconnect_lock when pickling (see SF#64, thanks to Dan O'Reilly) * Added ldap.controls.pagedresults which is pure Python implementation of - Simple Paged Results Control (see RFC 2696) + Simple Paged Results Control (see RFC 2696) and delivers the correct + result size ---------------------------------------------------------------- Released 2.4.18 2014-10-09 @@ -1143,4 +1144,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.336 2015/01/09 23:27:39 stroeder Exp $ +$Id: CHANGES,v 1.337 2015/01/10 10:27:32 stroeder Exp $ From ce6c7b9b821b3ca89eccb748725112b26d59279c Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 10 Jan 2015 16:58:52 +0000 Subject: [PATCH 150/868] Extract response controls in SASL bind responses --- TODO | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/TODO b/TODO index d205eb7..fdee89e 100644 --- a/TODO +++ b/TODO @@ -9,6 +9,7 @@ Modules/ - VLV control - server-side sorting control - Wrap libldif as faster drop-in replacement for module ldif? +- Extract response controls in SASL bind responses - Attach response controls to LDAPError instances to deliver the controls to the calling application in case of an error - Attach more useful information to LDAPError instances, e.g. the filter used @@ -27,4 +28,4 @@ Tests/ holding the BLITS test data set ------------------------------------------------------------------ -$Id: TODO,v 1.38 2012/01/25 19:24:40 stroeder Exp $ +$Id: TODO,v 1.39 2015/01/10 16:58:52 stroeder Exp $ From 992d62cb6003da8d9663a697a8345ee34d398633 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 10 Jan 2015 17:08:52 +0000 Subject: [PATCH 151/868] prepare release 2.4.19 --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 3d7473a..beb007b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.19 2014-xx-xx +Released 2.4.19 2015-01-10 Changes since 2.4.18: @@ -1144,4 +1144,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.337 2015/01/10 10:27:32 stroeder Exp $ +$Id: CHANGES,v 1.338 2015/01/10 17:08:52 stroeder Exp $ From a774319c3a5fa444b3e67b30b4efb79f012647a0 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 10 Jan 2015 17:18:13 +0000 Subject: [PATCH 152/868] Bump up version to 2.4.19 --- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Lib/dsml.py b/Lib/dsml.py index 8814315..d539d34 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.35 2014/10/08 17:16:05 stroeder Exp $ +$Id: dsml.py,v 1.36 2015/01/10 17:18:13 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.18' +__version__ = '2.4.19' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 3dc356d..a5e1287 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.95 2014/10/08 17:16:05 stroeder Exp $ +$Id: __init__.py,v 1.96 2015/01/10 17:18:13 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.18' +__version__ = '2.4.19' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 8b8a917..4b858ed 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.68 2014/10/08 17:16:05 stroeder Exp $ +\$Id: ldapurl.py,v 1.69 2015/01/10 17:18:13 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.18' +__version__ = '2.4.19' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 92323dd..012e908 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.77 2014/10/08 17:16:05 stroeder Exp $ +$Id: ldif.py,v 1.78 2015/01/10 17:18:13 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.18' +__version__ = '2.4.19' __all__ = [ # constants From 136ddaf102dcb5a61bc81fcc944f0bbb7aa88256 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 2 May 2015 16:19:23 +0000 Subject: [PATCH 153/868] New wrapping of OpenLDAP's function ldap_sasl_bind_s() --- CHANGES | 10 +++++++- Lib/ldap/ldapobject.py | 21 +++++++++++++++- Modules/LDAPObject.c | 56 +++++++++++++++++++++++++++++++++++++++++- 3 files changed, 84 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index beb007b..f9366df 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,11 @@ +---------------------------------------------------------------- +Released 2.4.20 2015-05-xx + +Changes since 2.4.19: + +* New wrapping of OpenLDAP's function ldap_sasl_bind_s() allows + to intercept the SASL handshake (thanks to René Kijewski) + ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1144,4 +1152,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.338 2015/01/10 17:08:52 stroeder Exp $ +$Id: CHANGES,v 1.339 2015/05/02 16:19:23 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 97deccf..7e2878f 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.143 2014/11/23 18:51:53 stroeder Exp $ +\$Id: ldapobject.py,v 1.144 2015/05/02 16:19:23 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -136,6 +136,14 @@ def __getattr__(self,name): self.__class__.__name__,repr(name) ) + def fileno(): + """ + Returns file description of LDAP connection. + + Just a convenience wrapper for LDAPObject.get_option(ldap.OPT_DESC) + """ + return self.get_option(ldap.OPT_DESC) + def abandon_ext(self,msgid,serverctrls=None,clientctrls=None): """ abandon_ext(msgid[,serverctrls=None[,clientctrls=None]]) -> None @@ -235,6 +243,12 @@ def sasl_interactive_bind_s(self,who,auth,serverctrls=None,clientctrls=None,sasl """ return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) + def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None): + """ + sasl_bind_s(dn, mechanism, cred [,serverctrls=None[,clientctrls=None]]) -> int|str + """ + return self._ldap_call(self._l.sasl_bind_s,dn,mechanism,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + def compare_ext(self,dn,attr,value,serverctrls=None,clientctrls=None): """ compare_ext(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> int @@ -895,6 +909,11 @@ def sasl_interactive_bind_s(self,*args,**kwargs): self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) return res + def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None): + res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) + self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) + return res + def add_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.add_ext_s,*args,**kwargs) diff --git a/Modules/LDAPObject.c b/Modules/LDAPObject.c index 1b2326a..eddd7e1 100644 --- a/Modules/LDAPObject.c +++ b/Modules/LDAPObject.c @@ -1,5 +1,5 @@ /* See http://www.python-ldap.org/ for details. - * $Id: LDAPObject.c,v 1.90 2011/04/11 11:29:59 stroeder Exp $ */ + * $Id: LDAPObject.c,v 1.91 2015/05/02 16:19:23 stroeder Exp $ */ #include "common.h" #include "patchlevel.h" @@ -616,6 +616,59 @@ int py_ldap_sasl_interaction( LDAP *ld, return LDAP_SUCCESS; } +static PyObject* +l_ldap_sasl_bind_s( LDAPObject* self, PyObject* args ) +{ + const char *dn; + const char *mechanism; + struct berval cred; + Py_ssize_t cred_len; + + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl** server_ldcs = NULL; + LDAPControl** client_ldcs = NULL; + + struct berval *servercred; + int ldaperror; + + if (!PyArg_ParseTuple(args, "zzz#OO", &dn, &mechanism, &cred.bv_val, &cred_len, &serverctrls, &clientctrls )) + return NULL; + + if (not_valid(self)) return NULL; + + cred.bv_len = cred_len; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) + return NULL; + } + + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_sasl_bind_s(self->ldap, + dn, + mechanism, + cred.bv_val ? &cred : NULL, + (LDAPControl**) server_ldcs, + (LDAPControl**) client_ldcs, + &servercred); + LDAP_END_ALLOW_THREADS( self ); + + LDAPControl_List_DEL( server_ldcs ); + LDAPControl_List_DEL( client_ldcs ); + + if (ldaperror == LDAP_SASL_BIND_IN_PROGRESS) { + if (servercred && servercred->bv_val && *servercred->bv_val) + return PyString_FromStringAndSize( servercred->bv_val, servercred->bv_len ); + } else if (ldaperror != LDAP_SUCCESS) + return LDAPerror( self->ldap, "l_ldap_sasl_bind_s" ); + return PyInt_FromLong( ldaperror ); +} + static PyObject* l_ldap_sasl_interactive_bind_s( LDAPObject* self, PyObject* args ) { @@ -1317,6 +1370,7 @@ static PyMethodDef methods[] = { {"simple_bind", (PyCFunction)l_ldap_simple_bind, METH_VARARGS }, #ifdef HAVE_SASL {"sasl_interactive_bind_s", (PyCFunction)l_ldap_sasl_interactive_bind_s, METH_VARARGS }, + {"sasl_bind_s", (PyCFunction)l_ldap_sasl_bind_s, METH_VARARGS }, #endif {"compare_ext", (PyCFunction)l_ldap_compare_ext, METH_VARARGS }, {"delete_ext", (PyCFunction)l_ldap_delete_ext, METH_VARARGS }, From d071d81f364b8df2e1c65119958d88a30b156b21 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Jun 2015 20:49:04 +0000 Subject: [PATCH 154/868] Added serverctrls and clientctrls arguments to LDAPObject.simple_bind() etc. --- Doc/ldap.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Doc/ldap.rst b/Doc/ldap.rst index 5226c32..ef870bd 100644 --- a/Doc/ldap.rst +++ b/Doc/ldap.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap.rst,v 1.27 2012/01/10 23:28:08 stroeder Exp $ +.. % $Id: ldap.rst,v 1.28 2015/06/05 20:49:04 stroeder Exp $ ******************************************** :py:mod:`ldap` LDAP library interface module @@ -649,9 +649,9 @@ and wait for and return with the server's result, or with .. py:method:: LDAPObject.bind_s(who, cred, method) -> None -.. py:method:: LDAPObject.simple_bind([who='' [, cred='']]) -> int +.. py:method:: LDAPObject.simple_bind([who='' [, cred='' [, serverctrls=None [, clientctrls=None]]]]) -> int -.. py:method:: LDAPObject.simple_bind_s([who='' [, cred='']]) -> None +.. py:method:: LDAPObject.simple_bind_s([who='' [, cred='' [, serverctrls=None [, clientctrls=None]]]]) -> None After an LDAP object is created, and before any other operations can be attempted over the connection, a bind operation must be performed. From a4c34000a83a0cccd6d74a1fd719777b8ee445cb Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Jun 2015 20:55:05 +0000 Subject: [PATCH 155/868] Abandoned old syntax when raising ValueError in module ldif and more information in some exceptions. --- CHANGES | 6 +++++- Lib/ldif.py | 18 +++++++++--------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index f9366df..0a004b5 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,10 @@ Changes since 2.4.19: * New wrapping of OpenLDAP's function ldap_sasl_bind_s() allows to intercept the SASL handshake (thanks to René Kijewski) +Lib/ +* Abandoned old syntax when raising ValueError in module ldif and + some more information in exceptions. + ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1152,4 +1156,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.339 2015/05/02 16:19:23 stroeder Exp $ +$Id: CHANGES,v 1.340 2015/06/05 20:55:05 stroeder Exp $ diff --git a/Lib/ldif.py b/Lib/ldif.py index 012e908..9ea1139 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.78 2015/01/10 17:18:13 stroeder Exp $ +$Id: ldif.py,v 1.79 2015/06/05 20:55:06 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -165,7 +165,7 @@ def _unparseChangeRecord(self,modlist): elif mod_len==3: changetype = 'modify' else: - raise ValueError,"modlist item of wrong length" + raise ValueError("modlist item of wrong length: %d" % (mod_len)) self._unparseAttrTypeandValue('changetype',changetype) for mod in modlist: if mod_len==2: @@ -174,7 +174,7 @@ def _unparseChangeRecord(self,modlist): mod_op,mod_type,mod_vals = mod self._unparseAttrTypeandValue(MOD_OP_STR[mod_op],mod_type) else: - raise ValueError,"Subsequent modlist item of wrong length" + raise ValueError("Subsequent modlist item of wrong length") if mod_vals: for mod_val in mod_vals: self._unparseAttrTypeandValue(mod_type,mod_val) @@ -197,7 +197,7 @@ def unparse(self,dn,record): elif isinstance(record,types.ListType): self._unparseChangeRecord(record) else: - raise ValueError, "Argument record must be dictionary or list" + raise ValueError('Argument record must be dictionary or list instead of %s' % (repr(record))) # Write empty line separating the records self._output_file.write(self._line_sep) # Count records written @@ -354,20 +354,20 @@ def parse(self): if attr_type=='dn': # attr type and value pair was DN of LDIF record if dn!=None: - raise ValueError, 'Two lines starting with dn: in one record.' + raise ValueError('Two lines starting with dn: in one record.') if not is_dn(attr_value): - raise ValueError, 'No valid string-representation of distinguished name %s.' % (repr(attr_value)) + raise ValueError('No valid string-representation of distinguished name %s.' % (repr(attr_value))) dn = attr_value elif attr_type=='version' and dn is None: version = 1 elif attr_type=='changetype': # attr type and value pair was DN of LDIF record if dn is None: - raise ValueError, 'Read changetype: before getting valid dn: line.' + raise ValueError('Read changetype: before getting valid dn: line.') if changetype!=None: - raise ValueError, 'Two lines starting with changetype: in one record.' + raise ValueError('Two lines starting with changetype: in one record.') if not valid_changetype_dict.has_key(attr_value): - raise ValueError, 'changetype value %s is invalid.' % (repr(attr_value)) + raise ValueError('changetype value %s is invalid.' % (repr(attr_value))) changetype = attr_value elif attr_value!=None and \ not self._ignored_attr_types.has_key(attr_type.lower()): From 92ca8873580c538e5e271e5bef64d72eb1e36384 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Jun 2015 20:56:00 +0000 Subject: [PATCH 156/868] Wording --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0a004b5..5d51572 100644 --- a/CHANGES +++ b/CHANGES @@ -8,7 +8,7 @@ Changes since 2.4.19: Lib/ * Abandoned old syntax when raising ValueError in module ldif and - some more information in exceptions. + more information in some exceptions. ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1156,4 +1156,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.340 2015/06/05 20:55:05 stroeder Exp $ +$Id: CHANGES,v 1.341 2015/06/05 20:56:00 stroeder Exp $ From 62219a2d37f54d754003f857b457246d581d59b1 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Jun 2015 21:03:06 +0000 Subject: [PATCH 157/868] Abandoned old syntax when raising exceptions in module ldapurl and more information in some exceptions. --- CHANGES | 6 +++--- Lib/ldapurl.py | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 5d51572..4b8b91d 100644 --- a/CHANGES +++ b/CHANGES @@ -7,8 +7,8 @@ Changes since 2.4.19: to intercept the SASL handshake (thanks to René Kijewski) Lib/ -* Abandoned old syntax when raising ValueError in module ldif and - more information in some exceptions. +* Abandoned old syntax when raising ValueError in modules ldif and + ldapurl, more information in some exceptions. ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1156,4 +1156,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.341 2015/06/05 20:56:00 stroeder Exp $ +$Id: CHANGES,v 1.342 2015/06/05 21:03:06 stroeder Exp $ diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 4b858ed..7ebd4ba 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.69 2015/01/10 17:18:13 stroeder Exp $ +\$Id: ldapurl.py,v 1.70 2015/06/05 21:03:06 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -258,11 +258,11 @@ def _parse(self,ldap_url): urlscheme,host,dn,attrs,scope,filterstr,extensions """ if not isLDAPUrl(ldap_url): - raise ValueError,'Parameter ldap_url does not seem to be a LDAP URL.' + raise ValueError('Value %s for ldap_url does not seem to be a LDAP URL.' % (repr(ldap_url))) scheme,rest = ldap_url.split('://',1) self.urlscheme = scheme.strip() if not self.urlscheme in ['ldap','ldaps','ldapi']: - raise ValueError,'LDAP URL contains unsupported URL scheme %s.' % (self.urlscheme) + raise ValueError('LDAP URL contains unsupported URL scheme %s.' % (self.urlscheme)) slash_pos = rest.find('/') qemark_pos = rest.find('?') if (slash_pos==-1) and (qemark_pos==-1): @@ -282,7 +282,7 @@ def _parse(self,ldap_url): # Do not eat question mark rest = rest[qemark_pos:] else: - raise ValueError,'Something completely weird happened!' + raise ValueError('Something completely weird happened!') paramlist=rest.split('?',4) paramlist_len = len(paramlist) if paramlist_len>=1: @@ -294,7 +294,7 @@ def _parse(self,ldap_url): try: self.scope = SEARCH_SCOPE[scope] except KeyError: - raise ValueError,"Search scope must be either one of base, one or sub. LDAP URL contained %s" % (repr(scope)) + raise ValueError('Invalid search scope %s' % (repr(scope))) if paramlist_len>=4: filterstr = paramlist[3].strip() if not filterstr: @@ -404,9 +404,9 @@ def __getattr__(self,name): else: return None else: - raise AttributeError,"%s has no attribute %s" % ( + raise AttributeError('%s has no attribute %s' % ( self.__class__.__name__,name - ) + )) return result # __getattr__() def __setattr__(self,name,value): From 036700dadeac91bfb58af3e8f8430d86172ba84c Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Jun 2015 21:04:58 +0000 Subject: [PATCH 158/868] Bump up version to 2.4.20 --- Doc/conf.py | 4 ++-- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Doc/conf.py b/Doc/conf.py index 542324e..32babb6 100644 --- a/Doc/conf.py +++ b/Doc/conf.py @@ -11,7 +11,7 @@ # All configuration values have a default value; values that are commented out # serve to show the default value. # -# $Id: conf.py,v 1.20 2014/10/08 17:16:05 stroeder Exp $ +# $Id: conf.py,v 1.21 2015/06/05 21:05:37 stroeder Exp $ import sys @@ -44,7 +44,7 @@ # The short X.Y version. version = '2.4' # The full version, including alpha/beta/rc tags. -release = '2.4.18.0' +release = '2.4.20.0' # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: diff --git a/Lib/dsml.py b/Lib/dsml.py index d539d34..1cc3b2f 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.36 2015/01/10 17:18:13 stroeder Exp $ +$Id: dsml.py,v 1.37 2015/06/05 21:04:58 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.19' +__version__ = '2.4.20' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index a5e1287..466ec0d 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.96 2015/01/10 17:18:13 stroeder Exp $ +$Id: __init__.py,v 1.97 2015/06/05 21:04:58 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.19' +__version__ = '2.4.20' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 7ebd4ba..0345221 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.70 2015/06/05 21:03:06 stroeder Exp $ +\$Id: ldapurl.py,v 1.71 2015/06/05 21:04:58 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.19' +__version__ = '2.4.20' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 9ea1139..bc47040 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.79 2015/06/05 20:55:06 stroeder Exp $ +$Id: ldif.py,v 1.80 2015/06/05 21:04:58 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.19' +__version__ = '2.4.20' __all__ = [ # constants From 7248568cb3a89eb4f9e701df9e48244c33026def Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 6 Jun 2015 09:21:37 +0000 Subject: [PATCH 159/868] Stripped trailing white-spaces --- Lib/ldap/async.py | 4 ++-- Lib/ldap/controls/__init__.py | 4 ++-- Lib/ldap/controls/libldap.py | 10 +++++----- Lib/ldap/controls/ppolicy.py | 4 ++-- Lib/ldap/controls/simple.py | 12 ++++++------ Lib/ldap/dn.py | 10 +++++----- Lib/ldap/filter.py | 6 +++--- Lib/ldap/functions.py | 4 ++-- Lib/ldap/ldapobject.py | 6 +++--- Lib/ldap/logger.py | 2 +- Lib/ldap/sasl.py | 6 +++--- Lib/ldap/schema/models.py | 28 ++++++++++++++-------------- Lib/ldap/schema/subentry.py | 4 ++-- Lib/ldap/syncrepl.py | 8 ++++---- Lib/ldapurl.py | 12 ++++++------ 15 files changed, 60 insertions(+), 60 deletions(-) diff --git a/Lib/ldap/async.py b/Lib/ldap/async.py index 97ec14b..680cdc9 100644 --- a/Lib/ldap/async.py +++ b/Lib/ldap/async.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: async.py,v 1.33 2013/09/21 03:55:38 stroeder Exp $ +\$Id: async.py,v 1.34 2015/06/06 09:21:37 stroeder Exp $ Python compability note: Tested on Python 2.0+ but should run on Python 1.5.x. @@ -103,7 +103,7 @@ def preProcessing(self): def afterFirstResult(self): """ - Do anything you want right after successfully receiving but before + Do anything you want right after successfully receiving but before processing first result """ diff --git a/Lib/ldap/controls/__init__.py b/Lib/ldap/controls/__init__.py index e7c400d..214d92c 100644 --- a/Lib/ldap/controls/__init__.py +++ b/Lib/ldap/controls/__init__.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.9 2013/05/29 20:27:32 stroeder Exp $ +$Id: __init__.py,v 1.10 2015/06/06 09:21:38 stroeder Exp $ Description: The ldap.controls module provides LDAPControl classes. @@ -45,7 +45,7 @@ class RequestControl: """ Base class for all request controls - + controlType OID as string of the LDAPv3 extended request control criticality diff --git a/Lib/ldap/controls/libldap.py b/Lib/ldap/controls/libldap.py index 0615d52..142840e 100644 --- a/Lib/ldap/controls/libldap.py +++ b/Lib/ldap/controls/libldap.py @@ -5,7 +5,7 @@ See http://www.python-ldap.org/ for details. -$Id: libldap.py,v 1.2 2011/07/23 07:42:04 stroeder Exp $ +$Id: libldap.py,v 1.3 2015/06/06 09:21:38 stroeder Exp $ """ import _ldap,ldap @@ -20,8 +20,8 @@ class AssertionControl(RequestControl): LDAP filter string specifying which assertions have to match so that the server processes the operation """ - - controlType = ldap.CONTROL_ASSERT + + controlType = ldap.CONTROL_ASSERT def __init__(self,criticality=True,filterstr='(objectClass=*)'): self.criticality = criticality self.filterstr = filterstr @@ -40,9 +40,9 @@ class MatchedValuesControl(RequestControl): LDAP filter string specifying which attribute values should be returned """ - + controlType = ldap.CONTROL_VALUESRETURNFILTER - + def __init__(self,criticality=False,filterstr='(objectClass=*)'): self.criticality = criticality self.filterstr = filterstr diff --git a/Lib/ldap/controls/ppolicy.py b/Lib/ldap/controls/ppolicy.py index 7f8cc7f..fa7df78 100644 --- a/Lib/ldap/controls/ppolicy.py +++ b/Lib/ldap/controls/ppolicy.py @@ -5,7 +5,7 @@ See http://www.python-ldap.org/ for project details. -$Id: ppolicy.py,v 1.3 2011/11/27 15:26:06 stroeder Exp $ +$Id: ppolicy.py,v 1.4 2015/06/06 09:21:38 stroeder Exp $ """ __all__ = [ @@ -91,6 +91,6 @@ def decodeControlValue(self,encodedControlValue): self.error = None else: self.error = int(error) - + KNOWN_RESPONSE_CONTROLS[PasswordPolicyControl.controlType] = PasswordPolicyControl diff --git a/Lib/ldap/controls/simple.py b/Lib/ldap/controls/simple.py index 30e7dd3..a84d906 100644 --- a/Lib/ldap/controls/simple.py +++ b/Lib/ldap/controls/simple.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: simple.py,v 1.9 2012/08/09 07:01:20 stroeder Exp $ +$Id: simple.py,v 1.10 2015/06/06 09:21:38 stroeder Exp $ """ import struct,ldap @@ -34,7 +34,7 @@ def encodeControlValue(self): class OctetStringInteger(LDAPControl): """ Base class with controlValue being unsigend integer values - + integerValue Integer to be sent as OctetString """ @@ -49,7 +49,7 @@ def encodeControlValue(self): def decodeControlValue(self,encodedControlValue): self.integerValue = struct.unpack('!Q',encodedControlValue)[0] - + class BooleanControl(LDAPControl): """ @@ -100,7 +100,7 @@ def __init__(self,criticality=False): class ProxyAuthzControl(RequestControl): """ Proxy Authorization Control - + authzId string containing the authorization ID indicating the identity on behalf which the server should process the request @@ -123,9 +123,9 @@ def __init__(self,criticality): class AuthorizationIdentityResponseControl(ResponseControl): """ Authorization Identity Request and Response Controls - + Class attributes: - + authzId decoded authorization identity """ diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py index 0c5e5ab..e3dbca6 100644 --- a/Lib/ldap/dn.py +++ b/Lib/ldap/dn.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: dn.py,v 1.12 2014/05/20 20:15:15 stroeder Exp $ +\$Id: dn.py,v 1.13 2015/06/06 09:21:37 stroeder Exp $ Compability: - Tested with Python 2.0+ @@ -31,7 +31,7 @@ def escape_dn_chars(s): s = s.replace('>' ,'\\>') s = s.replace(';' ,'\\;') s = s.replace('=' ,'\\=') - s = s.replace('\000' ,'\\\000') + s = s.replace('\000' ,'\\\000') if s[0]=='#' or s[0]==' ': s = ''.join(('\\',s)) if s[-1]==' ': @@ -43,7 +43,7 @@ def str2dn(dn,flags=0): """ This function takes a DN as string as parameter and returns a decomposed DN. It's the inverse to dn2str(). - + flags describes the format of the dn See also the OpenLDAP man-page ldap_str2dn(3) @@ -69,7 +69,7 @@ def dn2str(dn): def explode_dn(dn,notypes=0,flags=0): """ explode_dn(dn [, notypes=0]) -> list - + This function takes a DN and breaks it up into its component parts. The notypes parameter is used to specify that only the component's attribute values be returned and not the attribute types. @@ -95,7 +95,7 @@ def explode_dn(dn,notypes=0,flags=0): def explode_rdn(rdn,notypes=0,flags=0): """ explode_rdn(rdn [, notypes=0]) -> list - + This function takes a RDN and breaks it up into its component parts if it is a multi-valued RDN. The notypes parameter is used to specify that only the component's diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py index 23f34c6..46f957e 100644 --- a/Lib/ldap/filter.py +++ b/Lib/ldap/filter.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: filter.py,v 1.9 2011/07/22 07:20:53 stroeder Exp $ +\$Id: filter.py,v 1.10 2015/06/06 09:21:37 stroeder Exp $ Compability: - Tested with Python 2.0+ @@ -16,7 +16,7 @@ def escape_filter_chars(assertion_value,escape_mode=0): """ Replace all special characters found in assertion_value by quoted notation. - + escape_mode If 0 only special chars mentioned in RFC 4515 are escaped. If 1 all NON-ASCII chars are escaped. @@ -41,7 +41,7 @@ def escape_filter_chars(assertion_value,escape_mode=0): s = s.replace(r'(', r'\28') s = s.replace(r')', r'\29') s = s.replace('\x00', r'\00') - return s + return s def filter_format(filter_template,assertion_values): diff --git a/Lib/ldap/functions.py b/Lib/ldap/functions.py index 1a92fbb..8ba0130 100644 --- a/Lib/ldap/functions.py +++ b/Lib/ldap/functions.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: functions.py,v 1.30 2014/05/20 20:44:28 stroeder Exp $ +\$Id: functions.py,v 1.31 2015/06/06 09:21:37 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -135,7 +135,7 @@ def set_option(option,invalue): def escape_str(escape_func,s,*args): """ - Applies escape_func() to all items of `args' and returns a string based + Applies escape_func() to all items of `args' and returns a string based on format string `s'. """ escape_args = map(escape_func,args) diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 7e2878f..a02130b 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.144 2015/05/02 16:19:23 stroeder Exp $ +\$Id: ldapobject.py,v 1.145 2015/06/06 09:21:38 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -139,7 +139,7 @@ def __getattr__(self,name): def fileno(): """ Returns file description of LDAP connection. - + Just a convenience wrapper for LDAPObject.get_option(ldap.OPT_DESC) """ return self.get_option(ldap.OPT_DESC) @@ -662,7 +662,7 @@ def search_subschemasubentry_s(self,dn=''): def read_s(self,dn,filterstr=None,attrlist=None,serverctrls=None,clientctrls=None,timeout=-1): """ Reads and returns a single entry specified by `dn'. - + Other attributes just like those passed to `search_ext_s()' """ r = self.search_ext_s( diff --git a/Lib/ldap/logger.py b/Lib/ldap/logger.py index a6083dc..16c4d63 100644 --- a/Lib/ldap/logger.py +++ b/Lib/ldap/logger.py @@ -9,7 +9,7 @@ class logging_file_class: def __init__(self,logging_level): self._logging_level = logging_level - + def write(self,msg): logging.log(self._logging_level,msg[:-1]) diff --git a/Lib/ldap/sasl.py b/Lib/ldap/sasl.py index 39d6eb1..1158671 100644 --- a/Lib/ldap/sasl.py +++ b/Lib/ldap/sasl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: sasl.py,v 1.16 2014/03/23 19:06:47 stroeder Exp $ +\$Id: sasl.py,v 1.17 2015/06/06 09:21:38 stroeder Exp $ Description: The ldap.sasl module provides SASL authentication classes. @@ -63,7 +63,7 @@ def callback(self,cb_id,challenge,prompt,defresult): useful for writing generic sasl GUIs, which would need to know all the questions to ask, before the answers are returned to the sasl lib (in contrast to one question at a time).""" - + # The following print command might be useful for debugging # new sasl mechanisms. So it is left here cb_result = self.cb_value_dict.get(cb_id,defresult) or '' @@ -73,7 +73,7 @@ def callback(self,cb_id,challenge,prompt,defresult): cb_id, challenge, prompt, repr(defresult), repr(self.cb_value_dict.get(cb_result)) )) return cb_result - + class cram_md5(sasl): """This class handles SASL CRAM-MD5 authentication.""" diff --git a/Lib/ldap/schema/models.py b/Lib/ldap/schema/models.py index a3e0041..f7a7bd5 100644 --- a/Lib/ldap/schema/models.py +++ b/Lib/ldap/schema/models.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: models.py,v 1.47 2014/03/12 21:44:10 stroeder Exp $ +\$Id: models.py,v 1.48 2015/06/06 09:21:38 stroeder Exp $ """ import UserDict,ldap.cidict @@ -36,7 +36,7 @@ class SchemaElement: Base class for all schema element classes. Not used directly! Arguments: - + schema_element_str String which contains the schema element description to be parsed. @@ -51,7 +51,7 @@ class SchemaElement: token_defaults = { 'DESC':(None,), } - + def __init__(self,schema_element_str=None): if schema_element_str: l = split_tokens(schema_element_str,self.token_defaults) @@ -72,7 +72,7 @@ def get_id(self): def key_attr(self,key,value,quoted=0): assert value is None or type(value)==StringType,TypeError("value has to be of StringType, was %s" % repr(value)) if value: - if quoted: + if quoted: return " %s '%s'" % (key,value.replace("'","\\'")) else: return " %s %s" % (key,value) @@ -101,7 +101,7 @@ def __str__(self): class ObjectClass(SchemaElement): """ Arguments: - + schema_element_str String containing an ObjectClassDescription @@ -194,7 +194,7 @@ def __str__(self): class AttributeType(SchemaElement): """ Arguments: - + schema_element_str String containing an AttributeTypeDescription @@ -336,7 +336,7 @@ class LDAPSyntax(SchemaElement): This string contains description text (DESC) of the LDAP syntax not_human_readable Integer flag (0 or 1) indicating whether the attribute type is marked - as not human-readable (X-NOT-HUMAN-READABLE) + as not human-readable (X-NOT-HUMAN-READABLE) """ schema_attribute = 'ldapSyntaxes' token_defaults = { @@ -355,7 +355,7 @@ def _set_attrs(self,l,d): self.x_binary_transfer_required = d['X-BINARY-TRANSFER-REQUIRED'][0]=='TRUE' assert self.desc is None or type(self.desc)==StringType return - + def __str__(self): result = [str(self.oid)] result.append(self.key_attr('DESC',self.desc,quoted=1)) @@ -369,7 +369,7 @@ def __str__(self): class MatchingRule(SchemaElement): """ Arguments: - + schema_element_str String containing an MatchingRuleDescription @@ -418,7 +418,7 @@ def __str__(self): class MatchingRuleUse(SchemaElement): """ Arguments: - + schema_element_str String containing an MatchingRuleUseDescription @@ -468,7 +468,7 @@ def __str__(self): class DITContentRule(SchemaElement): """ Arguments: - + schema_element_str String containing an DITContentRuleDescription @@ -541,7 +541,7 @@ def __str__(self): class DITStructureRule(SchemaElement): """ Arguments: - + schema_element_str String containing an DITStructureRuleDescription @@ -604,7 +604,7 @@ def __str__(self): class NameForm(SchemaElement): """ Arguments: - + schema_element_str String containing an NameFormDescription @@ -670,7 +670,7 @@ def __str__(self): class Entry(UserDict.UserDict): """ Schema-aware implementation of an LDAP entry class. - + Mainly it holds the attributes in a string-keyed dictionary with the OID as key. """ diff --git a/Lib/ldap/schema/subentry.py b/Lib/ldap/schema/subentry.py index 4674d3d..60fca93 100644 --- a/Lib/ldap/schema/subentry.py +++ b/Lib/ldap/schema/subentry.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: subentry.py,v 1.34 2013/09/13 18:02:47 stroeder Exp $ +\$Id: subentry.py,v 1.35 2015/06/06 09:21:38 stroeder Exp $ """ import ldap.cidict,ldap.schema @@ -75,7 +75,7 @@ class SubSchema: non_unique_oids List of OIDs used at least twice in the subschema non_unique_names - List of NAMEs used at least twice in the subschema for the same schema element + List of NAMEs used at least twice in the subschema for the same schema element """ def __init__(self,sub_schema_sub_entry,check_uniqueness=1): diff --git a/Lib/ldap/syncrepl.py b/Lib/ldap/syncrepl.py index 8426d73..a6e0258 100644 --- a/Lib/ldap/syncrepl.py +++ b/Lib/ldap/syncrepl.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for project details. -$Id: syncrepl.py,v 1.6 2014/09/26 16:11:43 stroeder Exp $ +$Id: syncrepl.py,v 1.7 2015/06/06 09:21:38 stroeder Exp $ """ #__all__ = [ @@ -316,9 +316,9 @@ def syncrepl_search(self, base, scope, mode='refreshOnly', cookie=None, **search methods to store the cookie appropriately, rather than passing it. - Only a single syncrepl search may be active on a SyncreplConsumer - object. Multiple concurrent syncrepl searches require multiple - separate SyncreplConsumer objects and thus multiple connections + Only a single syncrepl search may be active on a SyncreplConsumer + object. Multiple concurrent syncrepl searches require multiple + separate SyncreplConsumer objects and thus multiple connections (LDAPObject instances). """ if cookie is None: diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 0345221..a43c59b 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.71 2015/06/05 21:04:58 stroeder Exp $ +\$Id: ldapurl.py,v 1.72 2015/06/06 09:21:37 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -73,7 +73,7 @@ class LDAPUrlExtension: Usable class attributes: critical Boolean integer marking the extension as critical - extype + extype Type of extension exvalue Value of extension @@ -112,7 +112,7 @@ def unparse(self): '!'*(self.critical>0), self.extype,quote(self.exvalue or '') ) - + def __str__(self): return self.unparse() @@ -177,7 +177,7 @@ def __eq__(self,other): "other has to be instance of %s" % (self.__class__) ) return self.data==other.data - + def parse(self,extListStr): for extension_str in extListStr.strip().split(','): if extension_str: @@ -358,11 +358,11 @@ def unparse(self): if self.extensions: ldap_url = ldap_url+'?'+self.extensions.unparse() return ldap_url - + def htmlHREF(self,urlPrefix='',hrefText=None,hrefTarget=None): """ Returns a string with HTML link for this LDAP URL. - + urlPrefix Prefix before LDAP URL (e.g. for addressing another web-based client) hrefText From 0b665e2b9bedaaddccce6450d70898b7b6d9a141 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 11 Jun 2015 15:13:43 +0000 Subject: [PATCH 160/868] ldap.ldapobject.LDAPObject: New convenience methods for SASL GSSAPI or EXTERNAL binds --- CHANGES | 4 +++- Lib/ldap/ldapobject.py | 22 ++++++++++++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 4b8b91d..86614c8 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,8 @@ Changes since 2.4.19: Lib/ * Abandoned old syntax when raising ValueError in modules ldif and ldapurl, more information in some exceptions. +* ldap.ldapobject.LDAPObject: + New convenience methods for SASL GSSAPI or EXTERNAL binds ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1156,4 +1158,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.342 2015/06/05 21:03:06 stroeder Exp $ +$Id: CHANGES,v 1.343 2015/06/11 15:13:44 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index a02130b..f29d316 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.145 2015/06/06 09:21:38 stroeder Exp $ +\$Id: ldapobject.py,v 1.146 2015/06/11 15:13:43 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -32,7 +32,7 @@ # Tracing is only supported in debugging mode import traceback -import sys,time,pprint,_ldap,ldap,ldap.functions +import sys,time,pprint,_ldap,ldap,ldap.sasl,ldap.functions from ldap.schema import SCHEMA_ATTRS from ldap.controls import LDAPControl,DecodeControlTuples,RequestControlTuples @@ -243,6 +243,24 @@ def sasl_interactive_bind_s(self,who,auth,serverctrls=None,clientctrls=None,sasl """ return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) + def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): + """ + Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL) + """ + self.sasl_interactive_bind_s('',ldap.sasl.sasl({},sasl_mech)) + + def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): + """ + Send SASL bind request using SASL mech EXTERNAL + """ + self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags) + + def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): + """ + Send SASL bind request using SASL mech GSSAPI + """ + self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags) + def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None): """ sasl_bind_s(dn, mechanism, cred [,serverctrls=None[,clientctrls=None]]) -> int|str From 65cc6fdb4d8caa83e70ae2b393615236697542ed Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 20 Jun 2015 14:09:45 +0000 Subject: [PATCH 161/868] Refactoring LDIFParser, especially added parsing of change records --- CHANGES | 12 ++- Lib/ldif.py | 274 +++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 208 insertions(+), 78 deletions(-) diff --git a/CHANGES b/CHANGES index 86614c8..d1eddd5 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,16 @@ Lib/ ldapurl, more information in some exceptions. * ldap.ldapobject.LDAPObject: New convenience methods for SASL GSSAPI or EXTERNAL binds +* Refactored parts in ldif.LDIFParser: + - New class attributes line_counter and byte_counter contain + amount of LDIF data read so far + - Renamed some internally used methods + - Added support for parsing change records currently limited to + changetype: modify + - New separate methods parse_entry_records() (also called by parse()) + and parse_change_records() + - Stricter order checking of dn:, changetype:, etc. + - Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__ ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1158,4 +1168,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.343 2015/06/11 15:13:44 stroeder Exp $ +$Id: CHANGES,v 1.344 2015/06/20 14:09:45 stroeder Exp $ diff --git a/Lib/ldif.py b/Lib/ldif.py index bc47040..cbe741e 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.80 2015/06/05 21:04:58 stroeder Exp $ +$Id: ldif.py,v 1.81 2015/06/20 14:09:45 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -15,7 +15,7 @@ # constants 'ldif_pattern', # functions - 'AttrTypeandValueLDIF','CreateLDIF','ParseLDIF', + 'CreateLDIF','ParseLDIF', # classes 'LDIFWriter', 'LDIFParser', @@ -40,7 +40,9 @@ ldif_pattern = '^((dn(:|::) %(dn_pattern)s)|(%(attrtype_pattern)s(:|::) .*)$)+' % vars() MOD_OP_INTEGER = { - 'add':0,'delete':1,'replace':2 + 'add' :0, # ldap.MOD_REPLACE + 'delete' :1, # ldap.MOD_DELETE + 'replace':2, # ldap.MOD_REPLACE } MOD_OP_STR = { @@ -98,7 +100,7 @@ def __init__(self,output_file,base64_attrs=None,cols=76,line_sep='\n'): self._line_sep = line_sep self.records_written = 0 - def _unfoldLDIFLine(self,line): + def _unfold_lines(self,line): """ Write string line as one or more folded lines """ @@ -117,7 +119,7 @@ def _unfoldLDIFLine(self,line): self._output_file.write(line[pos:min(line_len,pos+self._cols-1)]) self._output_file.write(self._line_sep) pos = pos+self._cols-1 - return # _unfoldLDIFLine() + return # _unfold_lines() def _needs_base64_encoding(self,attr_type,attr_value): """ @@ -138,9 +140,9 @@ def _unparseAttrTypeandValue(self,attr_type,attr_value): """ if self._needs_base64_encoding(attr_type,attr_value): # Encode with base64 - self._unfoldLDIFLine(':: '.join([attr_type,base64.encodestring(attr_value).replace('\n','')])) + self._unfold_lines(':: '.join([attr_type,base64.encodestring(attr_value).replace('\n','')])) else: - self._unfoldLDIFLine(': '.join([attr_type,attr_value])) + self._unfold_lines(': '.join([attr_type,attr_value])) return # _unparseAttrTypeandValue() def _unparseEntryRecord(self,entry): @@ -240,17 +242,6 @@ class and override method handle() to implement something meaningful. Counter for records processed so far """ - def _stripLineSep(self,s): - """ - Strip trailing line separators from s, but no other whitespaces - """ - if s[-2:]=='\r\n': - return s[:-2] - elif s[-1:]=='\n': - return s[:-1] - else: - return s - def __init__( self, input_file, @@ -280,46 +271,61 @@ def __init__( self._process_url_schemes = list_dict([s.lower() for s in (process_url_schemes or [])]) self._ignored_attr_types = list_dict([a.lower() for a in (ignored_attr_types or [])]) self._line_sep = line_sep + self.line_counter = 0 + self.byte_counter = 0 self.records_read = 0 + self._line = self._readline() def handle(self,dn,entry): """ Process a single content LDIF record. This method should be implemented by applications using LDIFParser. """ + pass + + def _readline(self): + s = self._input_file.readline() + self.line_counter = self.line_counter + 1 + self.byte_counter = self.byte_counter + len(s) + if s[-2:]=='\r\n': + return s[:-2] + elif s[-1:]=='\n': + return s[:-1] + else: + return s - def _unfoldLDIFLine(self): + def _unfold_lines(self): """ Unfold several folded lines with trailing space into one line """ - unfolded_lines = [ self._stripLineSep(self._line) ] - self._line = self._input_file.readline() + unfolded_lines = [ self._line ] + self._line = self._readline() while self._line and self._line[0]==' ': - unfolded_lines.append(self._stripLineSep(self._line[1:])) - self._line = self._input_file.readline() + unfolded_lines.append(self._line[1:]) + self._line = self._readline() return ''.join(unfolded_lines) - def _parseAttrTypeandValue(self): + def _next_key_and_value(self): """ Parse a single attribute type and value pair from one or more lines of LDIF data """ # Reading new attribute line - unfolded_line = self._unfoldLDIFLine() + unfolded_line = self._unfold_lines() # Ignore comments which can also be folded while unfolded_line and unfolded_line[0]=='#': - unfolded_line = self._unfoldLDIFLine() - if not unfolded_line or unfolded_line=='\n' or unfolded_line=='\r\n': - return None,None - try: - colon_pos = unfolded_line.index(':') - except ValueError: - # Treat malformed lines without colon as non-existent + unfolded_line = self._unfold_lines() + if not unfolded_line: return None,None + if unfolded_line=='-': + return '-',None + colon_pos = unfolded_line.index(':') attr_type = unfolded_line[0:colon_pos] # if needed attribute value is BASE64 decoded value_spec = unfolded_line[colon_pos:colon_pos+2] - if value_spec=='::': + if value_spec==': ': + attr_value = unfolded_line[colon_pos+2:] + elif value_spec=='::': # attribute value needs base64-decoding attr_value = base64.decodestring(unfolded_line[colon_pos+2:]) elif value_spec==':<': @@ -332,60 +338,154 @@ def _parseAttrTypeandValue(self): attr_value = urllib.urlopen(url).read() elif value_spec==':\r\n' or value_spec=='\n': attr_value = '' - else: - attr_value = unfolded_line[colon_pos+2:].lstrip() return attr_type,attr_value - def parse(self): + def parse_entry_records(self): """ - Continously read and parse LDIF records + Continously read and parse LDIF entry records """ - self._line = self._input_file.readline() + k,v = self._next_key_and_value() + if k=='version': + self.version = v + k,v = self._next_key_and_value() + if k==v==None: + k,v = self._next_key_and_value() + else: + self.version = None - while self._line and \ + # Loop for processing whole records + while k!=None and \ (not self._max_entries or self.records_read Date: Sun, 21 Jun 2015 11:37:11 +0000 Subject: [PATCH 162/868] New values for library_dirs and include_dirs should work on most platforms --- setup.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup.cfg b/setup.cfg index 9ab58af..1ea653a 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,15 +1,15 @@ # Example for setup.cfg # You have to edit this file to reflect your system configuation # -# $Id: setup.cfg,v 1.30 2012/02/21 17:17:16 stroeder Exp $ +# $Id: setup.cfg,v 1.31 2015/06/21 11:37:11 stroeder Exp $ # Section for compiling the C extension module # for wrapping OpenLDAP 2 libs [_ldap] # Define extra include and library dirs if needed -library_dirs = /opt/openldap-RE24/lib /usr/lib -include_dirs = /opt/openldap-RE24/include /usr/include/sasl /usr/include +library_dirs = /usr/lib /usr/lib64 /usr/local/lib /usr/local/lib64 +include_dirs = /usr/include /usr/include/sasl /usr/local/include /usr/include/local/sasl # These defines needs OpenLDAP built with # ./configure --with-cyrus-sasl --with-tls From 533736d296646412d28b472e8bb130925d52468e Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 21 Jun 2015 11:38:32 +0000 Subject: [PATCH 163/868] Added LDIFRecordList.handle_modify() --- Lib/ldif.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Lib/ldif.py b/Lib/ldif.py index cbe741e..447b1c7 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.81 2015/06/20 14:09:45 stroeder Exp $ +$Id: ldif.py,v 1.82 2015/06/21 11:38:32 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -508,6 +508,7 @@ def __init__( """ LDIFParser.__init__(self,input_file,ignored_attr_types,max_entries,process_url_schemes) self.all_records = [] + self.all_modify_changes = [] def handle(self,dn,entry): """ @@ -515,6 +516,14 @@ def handle(self,dn,entry): """ self.all_records.append((dn,entry)) + def handle_modify(self,dn,modops,controls=None): + """ + Process a single LDIF record representing a single modify operation. + This method should be implemented by applications using LDIFParser. + """ + controls = [] or None + self.all_modify_changes.append((dn,modops,controls)) + class LDIFCopy(LDIFParser): """ From d4b2cfa22b7316305c15d6f50acd7754ecb59e00 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 21 Jun 2015 17:50:43 +0000 Subject: [PATCH 164/868] Correct typo in include_dirs --- setup.cfg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.cfg b/setup.cfg index 1ea653a..aa23527 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,7 +1,7 @@ # Example for setup.cfg # You have to edit this file to reflect your system configuation # -# $Id: setup.cfg,v 1.31 2015/06/21 11:37:11 stroeder Exp $ +# $Id: setup.cfg,v 1.32 2015/06/21 17:50:43 stroeder Exp $ # Section for compiling the C extension module # for wrapping OpenLDAP 2 libs @@ -9,7 +9,7 @@ # Define extra include and library dirs if needed library_dirs = /usr/lib /usr/lib64 /usr/local/lib /usr/local/lib64 -include_dirs = /usr/include /usr/include/sasl /usr/local/include /usr/include/local/sasl +include_dirs = /usr/include /usr/include/sasl /usr/local/include /usr/local/include/sasl # These defines needs OpenLDAP built with # ./configure --with-cyrus-sasl --with-tls From e5f5fb76e621002f990dcdd077b0039c3190e91c Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 21 Jun 2015 19:08:16 +0000 Subject: [PATCH 165/868] Stripped trailing spaces --- CHANGES | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index d1eddd5..f258e7e 100644 --- a/CHANGES +++ b/CHANGES @@ -30,8 +30,8 @@ Changes since 2.4.18: Lib/ * Fixed missing ReconnectLDAPObject._reconnect_lock when pickling (see SF#64, thanks to Dan O'Reilly) -* Added ldap.controls.pagedresults which is pure Python implementation of - Simple Paged Results Control (see RFC 2696) and delivers the correct +* Added ldap.controls.pagedresults which is pure Python implementation of + Simple Paged Results Control (see RFC 2696) and delivers the correct result size ---------------------------------------------------------------- @@ -82,11 +82,11 @@ Lib/ string of digits * Support for X-SUBST in schema element class LDAPSyntax * Support for X-ORDERED and X-ORIGIN in schema element class AttributeType -* ldapurl: New scope 'subordinates' defined in +* ldapurl: New scope 'subordinates' defined in draft-sermersheim-ldap-subordinate-scope Modules/ -* New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for +* New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for draft-sermersheim-ldap-subordinate-scope * Fixed constant ldap.sasl.CB_GETREALM (thanks to Martin Pfeifer) @@ -1168,4 +1168,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.344 2015/06/20 14:09:45 stroeder Exp $ +$Id: CHANGES,v 1.345 2015/06/21 19:08:16 stroeder Exp $ From 086e68976bf420b9e93a63c5c1986543b219844f Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 22 Jun 2015 11:51:07 +0000 Subject: [PATCH 166/868] New mix-in class ldap.controls.openldap.SearchNoOpMixIn adds convience method noop_search_st() to LDAPObject class --- CHANGES | 4 +++- Lib/ldap/controls/openldap.py | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index f258e7e..7d2886c 100644 --- a/CHANGES +++ b/CHANGES @@ -21,6 +21,8 @@ Lib/ and parse_change_records() - Stricter order checking of dn:, changetype:, etc. - Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__ +* New mix-in class ldap.controls.openldap.SearchNoOpMixIn + adds convience method noop_search_st() to LDAPObject class ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1168,4 +1170,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.345 2015/06/21 19:08:16 stroeder Exp $ +$Id: CHANGES,v 1.346 2015/06/22 11:51:07 stroeder Exp $ diff --git a/Lib/ldap/controls/openldap.py b/Lib/ldap/controls/openldap.py index a8ed001..62b6a5d 100644 --- a/Lib/ldap/controls/openldap.py +++ b/Lib/ldap/controls/openldap.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for project details. -$Id: openldap.py,v 1.1 2013/07/05 16:57:25 stroeder Exp $ +$Id: openldap.py,v 1.2 2015/06/22 11:51:07 stroeder Exp $ """ import ldap.controls @@ -42,3 +42,36 @@ def decodeControlValue(self,encodedControlValue): ldap.controls.KNOWN_RESPONSE_CONTROLS[SearchNoOpControl.controlType] = SearchNoOpControl + +class SearchNoOpMixIn: + """ + Mix-in class to be used with class LDAPObject and friends. + + It adds a convenience method noop_search_st() to LDAPObject + for easily using the no-op search control. + """ + + def noop_search_st(self,base,scope=ldap.SCOPE_SUBTREE,filterstr='(objectClass=*)',timeout=-1): + try: + msg_id = self.search_ext( + base, + scope, + filterstr=filterstr, + attrlist=['1.1'], + timeout=timeout, + serverctrls=[SearchNoOpControl(criticality=True)], + ) + _,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout) + except LDAPLimitErrors,e: + self.abandon(msg_id) + raise e + else: + noop_srch_ctrl = [ + c + for c in search_response_ctrls + if c.controlType==SearchNoOpControl.controlType + ] + if noop_srch_ctrl: + return noop_srch_ctrl[0].numSearchResults,noop_srch_ctrl[0].numSearchContinuations + else: + return (None,None) From a4169eb36ed3240e54a52b9900ed14a46c70c802 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 22 Jun 2015 16:47:08 +0000 Subject: [PATCH 167/868] Added modules ldap.controls.vlv and ldap.controls.sss for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) and Server-side Sorting (see RFC 2891) --- CHANGES | 5 +- Lib/ldap/controls/sss.py | 131 +++++++++++++++++++++++++++++++++++++ Lib/ldap/controls/vlv.py | 136 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 271 insertions(+), 1 deletion(-) create mode 100644 Lib/ldap/controls/sss.py create mode 100644 Lib/ldap/controls/vlv.py diff --git a/CHANGES b/CHANGES index 7d2886c..fe4f23f 100644 --- a/CHANGES +++ b/CHANGES @@ -23,6 +23,9 @@ Lib/ - Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__ * New mix-in class ldap.controls.openldap.SearchNoOpMixIn adds convience method noop_search_st() to LDAPObject class +* Added new experimental modules which implement the control classes + for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) and + Server-side Sorting (see RFC 2891) (thanks to Benjamin Dauvergne) ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1170,4 +1173,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.346 2015/06/22 11:51:07 stroeder Exp $ +$Id: CHANGES,v 1.347 2015/06/22 16:47:08 stroeder Exp $ diff --git a/Lib/ldap/controls/sss.py b/Lib/ldap/controls/sss.py new file mode 100644 index 0000000..406fb0b --- /dev/null +++ b/Lib/ldap/controls/sss.py @@ -0,0 +1,131 @@ +# -*- coding: utf-8 -*- +""" +ldap.controls.sss - classes for Server Side Sorting +(see RFC 2891) + +See http://www.python-ldap.org/ for project details. + +$Id: sss.py,v 1.1 2015/06/22 16:47:08 stroeder Exp $ +""" + +__all__ = [ + 'SSSRequestControl', + 'SSSResponseControl', + 'SSSVLVPagedLDAPObject' +] + + +import ldap +from ldap.ldapobject import LDAPObject +from ldap.controls import (RequestControl, ResponseControl, + KNOWN_RESPONSE_CONTROLS, DecodeControlTuples) + +from pyasn1.type import univ, namedtype, tag, namedval, constraint +from pyasn1.codec.ber import encoder, decoder + + +# SortKeyList ::= SEQUENCE OF SEQUENCE { +# attributeType AttributeDescription, +# orderingRule [0] MatchingRuleId OPTIONAL, +# reverseOrder [1] BOOLEAN DEFAULT FALSE } + + +class SortKeyType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('attributeType', univ.OctetString()), + namedtype.OptionalNamedType('orderingRule', + univ.OctetString().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) + ) + ), + namedtype.DefaultedNamedType('reverseOrder', univ.Boolean(False).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))) + + +class SortKeyListType(univ.SequenceOf): + componentType = SortKeyType() + + +class SSSRequestControl(RequestControl): + '''Order result server side + + >>> s = SSSRequestControl('-cn') + ''' + controlType = '1.2.840.113556.1.4.473' + + def __init__( + self, + criticality=False, + ordering_rules=None, + ): + RequestControl.__init__(self,self.controlType,criticality) + self.ordering_rules = ordering_rules + if isinstance(ordering_rules, basestring): + ordering_rules = [ordering_rules] + for rule in ordering_rules: + rule = rule.split(':') + assert len(rule) < 3, 'syntax for ordering rule: [-][:ordering-rule]' + + def asn1(self): + p = SortKeyListType() + for i, rule in enumerate(self.ordering_rules): + q = SortKeyType() + reverse_order = rule.startswith('-') + if reverse_order: + rule = rule[1:] + if ':' in rule: + attribute_type, ordering_rule = rule.split(':') + else: + attribute_type, ordering_rule = rule, None + q.setComponentByName('attributeType', attribute_type) + if ordering_rule: + q.setComponentByName('orderingRule', ordering_rule) + if reverse_order: + q.setComponentByName('reverseOrder', 1) + p.setComponentByPosition(i, q) + return p + + def encodeControlValue(self): + return encoder.encode(self.asn1()) + + +class SortResultType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('sortResult', univ.Enumerated().subtype( + namedValues=namedval.NamedValues( + ('success', 0), + ('operationsError', 1), + ('timeLimitExceeded', 3), + ('strongAuthRequired', 8), + ('adminLimitExceeded', 11), + ('noSuchAttribute', 16), + ('inappropriateMatching', 18), + ('insufficientAccessRights', 50), + ('busy', 51), + ('unwillingToPerform', 53), + ('other', 80)), + subtypeSpec=univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint( + 0, 1, 3, 8, 11, 16, 18, 50, 51, 53, 80))), + namedtype.OptionalNamedType('attributeType', + univ.OctetString().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) + ) + )) + + +class SSSResponseControl(ResponseControl): + controlType = '1.2.840.113556.1.4.474' + + def __init__(self,criticality=False): + ResponseControl.__init__(self,self.controlType,criticality) + + def decodeControlValue(self, encoded): + p, rest = decoder.decode(encoded, asn1Spec=SortResultType()) + assert not rest, 'all data could not be decoded' + self.result = int(p.getComponentByName('sortResult')) + self.result_code = p.getComponentByName('sortResult').prettyOut(self.result) + self.attribute_type_error = p.getComponentByName('attributeType') + + +KNOWN_RESPONSE_CONTROLS[SSSRequestControl.controlType] = SSSRequestControl +KNOWN_RESPONSE_CONTROLS[SSSResponseControl.controlType] = SSSResponseControl diff --git a/Lib/ldap/controls/vlv.py b/Lib/ldap/controls/vlv.py new file mode 100644 index 0000000..b439cdd --- /dev/null +++ b/Lib/ldap/controls/vlv.py @@ -0,0 +1,136 @@ +# -*- coding: utf-8 -*- +""" +ldap.controls.vlv - classes for Simple Paged control +(see draft-ietf-ldapext-ldapv3-vlv) + +See http://www.python-ldap.org/ for project details. + +$Id: vlv.py,v 1.1 2015/06/22 16:47:08 stroeder Exp $ +""" + +__all__ = [ + 'VLVRequestControl', + 'VLVResponseControl', +] + +import ldap +from ldap.ldapobject import LDAPObject +from ldap.controls import (RequestControl, ResponseControl, + KNOWN_RESPONSE_CONTROLS, DecodeControlTuples) + +from pyasn1.type import univ, namedtype, tag, namedval, constraint +from pyasn1.codec.ber import encoder, decoder + + +class ByOffsetType(univ.Sequence): + tagSet = univ.Sequence.tagSet.tagImplicitly( + tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) + componentType = namedtype.NamedTypes( + namedtype.NamedType('offset', univ.Integer()), + namedtype.NamedType('contentCount', univ.Integer())) + + +class TargetType(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('byOffset', ByOffsetType()), + namedtype.NamedType('greaterThanOrEqual', univ.OctetString().subtype( + implicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 1)))) + + +class VirtualListViewRequestType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('beforeCount', univ.Integer()), + namedtype.NamedType('afterCount', univ.Integer()), + namedtype.NamedType('target', TargetType()), + namedtype.OptionalNamedType('contextID', univ.OctetString())) + +class VLVRequestControl(RequestControl): + controlType = '2.16.840.1.113730.3.4.9' + + def __init__( + self, + criticality=False, + before_count=0, + after_count=0, + offset=None, + content_count=None, + greater_than_or_equal=None, + context_id=None, + ): + RequestControl.__init__(self,self.controlType,criticality) + assert (offset is not None and content_count is not None) or greater_than_or_equal, 'offset and ' \ + 'content_count must be set together or greater_than_or_equal must be ' \ + 'used' + self.before_count = before_count + self.after_count = after_count + self.offset = offset + self.content_count = content_count + self.greater_than_or_equal = greater_than_or_equal + self.context_id = context_id + + def encodeControlValue(self): + p = VirtualListViewRequestType() + p.setComponentByName('beforeCount', self.before_count) + p.setComponentByName('afterCount', self.after_count) + if self.offset is not None and self.content_count is not None: + by_offset = ByOffsetType() + by_offset.setComponentByName('offset', self.offset) + by_offset.setComponentByName('contentCount', self.content_count) + target = TargetType() + target.setComponentByName('byOffset', by_offset) + elif self.greater_than_or_equal: + target = TargetType() + target.setComponentByName('greaterThanOrEqual', + self.greater_than_or_equal) + else: + raise NotImplementedError + p.setComponentByName('target', target) + return encoder.encode(p) + +KNOWN_RESPONSE_CONTROLS[VLVRequestControl.controlType] = VLVRequestControl + + +class VirtualListViewResultType(univ.Enumerated): + namedValues = namedval.NamedValues( + ('success', 0), + ('operationsError', 1), + ('protocolError', 3), + ('unwillingToPerform', 53), + ('insufficientAccessRights', 50), + ('adminLimitExceeded', 11), + ('innapropriateMatching', 18), + ('sortControlMissing', 60), + ('offsetRangeError', 61), + ('other', 80), + ) + + +class VirtualListViewResponseType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('targetPosition', univ.Integer()), + namedtype.NamedType('contentCount', univ.Integer()), + namedtype.NamedType('virtualListViewResult', + VirtualListViewResultType()), + namedtype.OptionalNamedType('contextID', univ.OctetString())) + + +class VLVResponseControl(ResponseControl): + controlType = '2.16.840.1.113730.3.4.10' + + def __init__(self,criticality=False): + ResponseControl.__init__(self,self.controlType,criticality) + + def decodeControlValue(self,encoded): + p, rest = decoder.decode(encoded, asn1Spec=VirtualListViewResponseType()) + assert not rest, 'all data could not be decoded' + self.target_position = int(p.getComponentByName('targetPosition')) + self.content_count = int(p.getComponentByName('contentCount')) + self.result = int(p.getComponentByName('virtualListViewResult')) + self.result_code = p.getComponentByName('virtualListViewResult') \ + .prettyOut(self.result) + self.context_id = p.getComponentByName('contextID') + if self.context_id: + self.context_id = str(self.context_id) + +KNOWN_RESPONSE_CONTROLS[VLVResponseControl.controlType] = VLVResponseControl From caf2cc6e4a87f9b1253aed0da41807f3ef6d2fa8 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 22 Jun 2015 17:55:01 +0000 Subject: [PATCH 168/868] Corrected comment --- Lib/ldap/controls/vlv.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/ldap/controls/vlv.py b/Lib/ldap/controls/vlv.py index b439cdd..8a2c7f9 100644 --- a/Lib/ldap/controls/vlv.py +++ b/Lib/ldap/controls/vlv.py @@ -1,11 +1,11 @@ # -*- coding: utf-8 -*- """ -ldap.controls.vlv - classes for Simple Paged control +ldap.controls.vlv - classes for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) See http://www.python-ldap.org/ for project details. -$Id: vlv.py,v 1.1 2015/06/22 16:47:08 stroeder Exp $ +$Id: vlv.py,v 1.2 2015/06/22 17:55:01 stroeder Exp $ """ __all__ = [ From 52dfc3e2e49d2248eaacb040801904262e8b95cd Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 22 Jun 2015 17:56:50 +0000 Subject: [PATCH 169/868] Stripped trailing white-spaces --- Lib/ldap/controls/openldap.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Lib/ldap/controls/openldap.py b/Lib/ldap/controls/openldap.py index 62b6a5d..55f3d0c 100644 --- a/Lib/ldap/controls/openldap.py +++ b/Lib/ldap/controls/openldap.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for project details. -$Id: openldap.py,v 1.2 2015/06/22 11:51:07 stroeder Exp $ +$Id: openldap.py,v 1.3 2015/06/22 17:56:50 stroeder Exp $ """ import ldap.controls @@ -46,11 +46,11 @@ def decodeControlValue(self,encodedControlValue): class SearchNoOpMixIn: """ Mix-in class to be used with class LDAPObject and friends. - + It adds a convenience method noop_search_st() to LDAPObject for easily using the no-op search control. """ - + def noop_search_st(self,base,scope=ldap.SCOPE_SUBTREE,filterstr='(objectClass=*)',timeout=-1): try: msg_id = self.search_ext( From d1c42920b8a48dd2b225a735743dfb66b0c0dc1b Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 23 Jun 2015 09:44:04 +0000 Subject: [PATCH 170/868] Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and ldap.AUTH_METHOD_NOT_SUPPORTED --- CHANGES | 6 +++++- Modules/errors.c | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index fe4f23f..9ff9e9a 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,10 @@ Changes since 2.4.19: * New wrapping of OpenLDAP's function ldap_sasl_bind_s() allows to intercept the SASL handshake (thanks to René Kijewski) +Modules/ +* Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and + ldap.AUTH_METHOD_NOT_SUPPORTED + Lib/ * Abandoned old syntax when raising ValueError in modules ldif and ldapurl, more information in some exceptions. @@ -1173,4 +1177,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.347 2015/06/22 16:47:08 stroeder Exp $ +$Id: CHANGES,v 1.348 2015/06/23 09:44:04 stroeder Exp $ diff --git a/Modules/errors.c b/Modules/errors.c index 35e3dec..64793db 100644 --- a/Modules/errors.c +++ b/Modules/errors.c @@ -2,7 +2,7 @@ * errors that arise from ldap use * Most errors become their own exception * See http://www.python-ldap.org/ for details. - * $Id: errors.c,v 1.23 2012/01/11 10:04:48 stroeder Exp $ */ + * $Id: errors.c,v 1.24 2015/06/23 09:44:04 stroeder Exp $ */ #include "common.h" #include "errors.h" @@ -141,8 +141,10 @@ LDAPinit_errors( PyObject*d ) { } seterrobj(ADMINLIMIT_EXCEEDED); + seterrobj(VLV_ERROR); seterrobj(AFFECTS_MULTIPLE_DSAS); seterrobj(ALIAS_DEREF_PROBLEM); + seterrobj(X_PROXY_AUTHZ_FAILURE); seterrobj(ALIAS_PROBLEM); seterrobj(ALREADY_EXISTS); seterrobj(AUTH_UNKNOWN); @@ -150,6 +152,7 @@ LDAPinit_errors( PyObject*d ) { seterrobj(CLIENT_LOOP); seterrobj(COMPARE_FALSE); seterrobj(COMPARE_TRUE); + seterrobj(AUTH_METHOD_NOT_SUPPORTED); seterrobj(CONFIDENTIALITY_REQUIRED); seterrobj(CONNECT_ERROR); seterrobj(CONSTRAINT_VIOLATION); From 44439cc639fca6211181449a1323b7a236dd998a Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 23 Jun 2015 09:45:09 +0000 Subject: [PATCH 171/868] Sorted seterrobj() lines --- Modules/errors.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Modules/errors.c b/Modules/errors.c index 64793db..ece438d 100644 --- a/Modules/errors.c +++ b/Modules/errors.c @@ -2,7 +2,7 @@ * errors that arise from ldap use * Most errors become their own exception * See http://www.python-ldap.org/ for details. - * $Id: errors.c,v 1.24 2015/06/23 09:44:04 stroeder Exp $ */ + * $Id: errors.c,v 1.25 2015/06/23 09:45:09 stroeder Exp $ */ #include "common.h" #include "errors.h" @@ -141,18 +141,16 @@ LDAPinit_errors( PyObject*d ) { } seterrobj(ADMINLIMIT_EXCEEDED); - seterrobj(VLV_ERROR); seterrobj(AFFECTS_MULTIPLE_DSAS); seterrobj(ALIAS_DEREF_PROBLEM); - seterrobj(X_PROXY_AUTHZ_FAILURE); seterrobj(ALIAS_PROBLEM); seterrobj(ALREADY_EXISTS); + seterrobj(AUTH_METHOD_NOT_SUPPORTED); seterrobj(AUTH_UNKNOWN); seterrobj(BUSY); seterrobj(CLIENT_LOOP); seterrobj(COMPARE_FALSE); seterrobj(COMPARE_TRUE); - seterrobj(AUTH_METHOD_NOT_SUPPORTED); seterrobj(CONFIDENTIALITY_REQUIRED); seterrobj(CONNECT_ERROR); seterrobj(CONSTRAINT_VIOLATION); @@ -171,15 +169,15 @@ LDAPinit_errors( PyObject*d ) { seterrobj(LOOP_DETECT); seterrobj(MORE_RESULTS_TO_RETURN); seterrobj(NAMING_VIOLATION); - seterrobj(NO_OBJECT_CLASS_MODS); - seterrobj(NOT_ALLOWED_ON_NONLEAF); - seterrobj(NOT_ALLOWED_ON_RDN); - seterrobj(NOT_SUPPORTED); seterrobj(NO_MEMORY); seterrobj(NO_OBJECT_CLASS_MODS); + seterrobj(NO_OBJECT_CLASS_MODS); seterrobj(NO_RESULTS_RETURNED); seterrobj(NO_SUCH_ATTRIBUTE); seterrobj(NO_SUCH_OBJECT); + seterrobj(NOT_ALLOWED_ON_NONLEAF); + seterrobj(NOT_ALLOWED_ON_RDN); + seterrobj(NOT_SUPPORTED); seterrobj(OBJECT_CLASS_VIOLATION); seterrobj(OPERATIONS_ERROR); seterrobj(OTHER); @@ -203,6 +201,8 @@ LDAPinit_errors( PyObject*d ) { seterrobj(UNDEFINED_TYPE); seterrobj(UNWILLING_TO_PERFORM); seterrobj(USER_CANCELLED); + seterrobj(VLV_ERROR); + seterrobj(X_PROXY_AUTHZ_FAILURE); #ifdef LDAP_API_FEATURE_CANCEL seterrobj(CANCELLED); From 14506e91c1808fecd6178973705ce51311391672 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 7 Jul 2015 12:46:31 +0000 Subject: [PATCH 172/868] cosmetic line wrapping --- Lib/ldap/controls/vlv.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Lib/ldap/controls/vlv.py b/Lib/ldap/controls/vlv.py index 8a2c7f9..afe0613 100644 --- a/Lib/ldap/controls/vlv.py +++ b/Lib/ldap/controls/vlv.py @@ -5,7 +5,7 @@ See http://www.python-ldap.org/ for project details. -$Id: vlv.py,v 1.2 2015/06/22 17:55:01 stroeder Exp $ +$Id: vlv.py,v 1.3 2015/07/07 12:46:31 stroeder Exp $ """ __all__ = [ @@ -45,6 +45,7 @@ class VirtualListViewRequestType(univ.Sequence): namedtype.NamedType('target', TargetType()), namedtype.OptionalNamedType('contextID', univ.OctetString())) + class VLVRequestControl(RequestControl): controlType = '2.16.840.1.113730.3.4.9' @@ -59,9 +60,11 @@ def __init__( context_id=None, ): RequestControl.__init__(self,self.controlType,criticality) - assert (offset is not None and content_count is not None) or greater_than_or_equal, 'offset and ' \ - 'content_count must be set together or greater_than_or_equal must be ' \ - 'used' + assert (offset is not None and content_count is not None) or \ + greater_than_or_equal, \ + ValueError( + 'offset and content_count must be set together or greater_than_or_equal must be used' + ) self.before_count = before_count self.after_count = after_count self.offset = offset From 7833bb707250b4e84f8983afbc88192da4996ef3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 7 Jul 2015 12:50:15 +0000 Subject: [PATCH 173/868] Stronger wording regarding experimental status of VLV/SSS support --- CHANGES | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 9ff9e9a..a7dd38b 100644 --- a/CHANGES +++ b/CHANGES @@ -27,9 +27,10 @@ Lib/ - Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__ * New mix-in class ldap.controls.openldap.SearchNoOpMixIn adds convience method noop_search_st() to LDAPObject class -* Added new experimental modules which implement the control classes +* Added new modules which implement the control classes for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) and Server-side Sorting (see RFC 2891) (thanks to Benjamin Dauvergne) + Note: This is still experimental! Even the API can change later. ---------------------------------------------------------------- Released 2.4.19 2015-01-10 @@ -1177,4 +1178,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.348 2015/06/23 09:44:04 stroeder Exp $ +$Id: CHANGES,v 1.349 2015/07/07 12:50:15 stroeder Exp $ From 69335a5af193290d1522f4dde19b6e71fb383949 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 7 Jul 2015 13:21:42 +0000 Subject: [PATCH 174/868] Prepare release 2.4.20 --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index a7dd38b..17ec6c7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.20 2015-05-xx +Released 2.4.20 2015-07-07 Changes since 2.4.19: @@ -1178,4 +1178,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.349 2015/07/07 12:50:15 stroeder Exp $ +$Id: CHANGES,v 1.350 2015/07/07 13:21:42 stroeder Exp $ From b4410cec3db48cd429f8fae78cf3b3f34f7fc827 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 8 Aug 2015 13:36:30 +0000 Subject: [PATCH 175/868] Started 2.4.21 --- CHANGES | 9 ++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 17ec6c7..76830ab 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,10 @@ +---------------------------------------------------------------- +Released 2.4.21 2015-07-xx + +Changes since 2.4.20: + +Lib/ + ---------------------------------------------------------------- Released 2.4.20 2015-07-07 @@ -1178,4 +1185,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.350 2015/07/07 13:21:42 stroeder Exp $ +$Id: CHANGES,v 1.351 2015/08/08 13:36:30 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 1cc3b2f..65e3b9f 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.37 2015/06/05 21:04:58 stroeder Exp $ +$Id: dsml.py,v 1.38 2015/08/08 13:36:30 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.20' +__version__ = '2.4.21' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 466ec0d..c7d59e2 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.97 2015/06/05 21:04:58 stroeder Exp $ +$Id: __init__.py,v 1.98 2015/08/08 13:36:30 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.20' +__version__ = '2.4.21' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index a43c59b..c6a7ef0 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.72 2015/06/06 09:21:37 stroeder Exp $ +\$Id: ldapurl.py,v 1.73 2015/08/08 13:36:30 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.20' +__version__ = '2.4.21' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 447b1c7..d099f42 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.82 2015/06/21 11:38:32 stroeder Exp $ +$Id: ldif.py,v 1.83 2015/08/08 13:36:30 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.20' +__version__ = '2.4.21' __all__ = [ # constants From 983bf24d350f511069825844ec5584b50ce07a3e Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 8 Aug 2015 13:37:41 +0000 Subject: [PATCH 176/868] LDAPObject.read_s() now returns None instead of raising ldap.NO_SUCH_OBJECT in case the search operation returned emtpy result. --- CHANGES | 4 +++- Lib/ldap/ldapobject.py | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 76830ab..9d03e6c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ Released 2.4.21 2015-07-xx Changes since 2.4.20: Lib/ +* LDAPObject.read_s() now returns None instead of raising + ldap.NO_SUCH_OBJECT in case the search operation returned emtpy result. ---------------------------------------------------------------- Released 2.4.20 2015-07-07 @@ -1185,4 +1187,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.351 2015/08/08 13:36:30 stroeder Exp $ +$Id: CHANGES,v 1.352 2015/08/08 13:37:41 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index f29d316..c807973 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.146 2015/06/11 15:13:43 stroeder Exp $ +\$Id: ldapobject.py,v 1.147 2015/08/08 13:37:41 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -695,7 +695,7 @@ def read_s(self,dn,filterstr=None,attrlist=None,serverctrls=None,clientctrls=Non if r: return r[0][1] else: - raise ldap.NO_SUCH_OBJECT('Empty search result reading entry %s' % (repr(dn))) + return None def read_subschemasubentry_s(self,subschemasubentry_dn,attrs=None): """ From b1ee70bf7e8e59d7b30dd5439d0b19d3d67436b8 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 8 Aug 2015 14:13:30 +0000 Subject: [PATCH 177/868] Handle s_temp==None --- Lib/ldap/schema/subentry.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Lib/ldap/schema/subentry.py b/Lib/ldap/schema/subentry.py index 60fca93..042e128 100644 --- a/Lib/ldap/schema/subentry.py +++ b/Lib/ldap/schema/subentry.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: subentry.py,v 1.35 2015/06/06 09:21:38 stroeder Exp $ +\$Id: subentry.py,v 1.36 2015/08/08 14:13:30 stroeder Exp $ """ import ldap.cidict,ldap.schema @@ -483,6 +483,7 @@ def urlfetch(uri,trace_level=0): subschemasubentry_dn,s_temp = ldif_parser.all_records[0] # Work-around for mixed-cased attribute names subschemasubentry_entry = ldap.cidict.cidict() + s_temp = s_temp or {} for at,av in s_temp.items(): if at in SCHEMA_CLASS_MAPPING: try: From 4fb8c92e47cdc7aeb80945744c38f5bea2e4c23b Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 18 Sep 2015 14:51:44 +0000 Subject: [PATCH 178/868] Unit tests for module ldif --- CHANGES | 5 +- Tests/t_ldif.py | 132 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 Tests/t_ldif.py diff --git a/CHANGES b/CHANGES index 9d03e6c..8869884 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,9 @@ Lib/ * LDAPObject.read_s() now returns None instead of raising ldap.NO_SUCH_OBJECT in case the search operation returned emtpy result. +Tests/ +* Unit tests for module ldif (thanks to Petr Viktorin) + ---------------------------------------------------------------- Released 2.4.20 2015-07-07 @@ -1187,4 +1190,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.352 2015/08/08 13:37:41 stroeder Exp $ +$Id: CHANGES,v 1.353 2015/09/18 14:51:44 stroeder Exp $ diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py new file mode 100644 index 0000000..8620b05 --- /dev/null +++ b/Tests/t_ldif.py @@ -0,0 +1,132 @@ +# -*- coding: utf-8 -*- + +import unittest +import textwrap + +import ldif + + +try: + from StringIO import StringIO +except ImportError: + from io import StringIO + + +class TestParse(unittest.TestCase): + maxDiff = None + + def check_ldif_to_records(self, ldif_string, expected): + #import pdb; pdb.set_trace() + got = ldif.ParseLDIF(StringIO(ldif_string)) + self.assertEqual(got, expected) + + def check_records_to_ldif(self, records, expected): + f = StringIO() + ldif_writer = ldif.LDIFWriter(f) + for dn, attrs in records: + ldif_writer.unparse(dn, attrs) + got = f.getvalue() + self.assertEqual(got, expected) + + def check_roundtrip(self, ldif_source, records, ldif_expected=None): + ldif_source = textwrap.dedent(ldif_source).lstrip() + '\n' + if ldif_expected is None: + ldif_expected = ldif_source + else: + ldif_expected = textwrap.dedent(ldif_expected).lstrip() + '\n' + + self.check_ldif_to_records(ldif_source, records) + self.check_records_to_ldif(records, ldif_expected) + self.check_ldif_to_records(ldif_expected, records) + + def test_simple(self): + self.check_roundtrip(""" + dn: cn=x,cn=y,cn=z + attrib: value + attrib: value2 + """, [ + ('cn=x,cn=y,cn=z', {'attrib': [b'value', b'value2']}), + ]) + + def test_multiple(self): + self.check_roundtrip(""" + dn: cn=x,cn=y,cn=z + a: v + attrib: value + attrib: value2 + + dn: cn=a,cn=b,cn=c + attrib: value2 + attrib: value3 + b: v + """, [ + ('cn=x,cn=y,cn=z', {'attrib': [b'value', b'value2'], 'a': [b'v']}), + ('cn=a,cn=b,cn=c', {'attrib': [b'value2', b'value3'], 'b': [b'v']}), + ]) + + def test_folded(self): + self.check_roundtrip(""" + dn: cn=x,cn=y,cn=z + attrib: very + long + value + attrib2: %s + """ % ('asdf.' * 20), [ + ('cn=x,cn=y,cn=z', {'attrib': [b'verylong value'], + 'attrib2': [b'asdf.' * 20]}), + ], """ + dn: cn=x,cn=y,cn=z + attrib: verylong value + attrib2: asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.as + df.asdf.asdf.asdf.asdf.asdf.asdf. + """) + + def test_empty(self): + self.check_roundtrip(""" + dn: cn=x,cn=y,cn=z + attrib: + attrib: foo + """, [ + ('cn=x,cn=y,cn=z', {'attrib': [b'', b'foo']}), + ]) + + def test_binary(self): + self.check_roundtrip(""" + dn: cn=x,cn=y,cn=z + attrib:: CQAKOiVA + """, [ + ('cn=x,cn=y,cn=z', {'attrib': [b'\t\0\n:%@']}), + ]) + + def test_unicode(self): + self.check_roundtrip(""" + dn: cn=Michael Stroeder,dc=stroeder,dc=com + lastname: Ströder + """, [ + ('cn=Michael Stroeder,dc=stroeder,dc=com', + {'lastname': [b'Str\303\266der']}), + ], """ + dn: cn=Michael Stroeder,dc=stroeder,dc=com + lastname:: U3Ryw7ZkZXI= + """) + + def test_sorted(self): + self.check_roundtrip(""" + dn: cn=x,cn=y,cn=z + b: value_b + c: value_c + a: value_a + """, [ + ('cn=x,cn=y,cn=z', {'a': [b'value_a'], + 'b': [b'value_b'], + 'c': [b'value_c']}), + ], """ + dn: cn=x,cn=y,cn=z + a: value_a + b: value_b + c: value_c + """) + + +if __name__ == '__main__': + unittest.main() From dc620855f6c3e678847572033956b6276c09a15d Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 18 Sep 2015 17:24:39 +0000 Subject: [PATCH 179/868] Added encoding header --- Lib/ldap/controls/openldap.py | 3 ++- Lib/ldap/controls/sessiontrack.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Lib/ldap/controls/openldap.py b/Lib/ldap/controls/openldap.py index 55f3d0c..53425e0 100644 --- a/Lib/ldap/controls/openldap.py +++ b/Lib/ldap/controls/openldap.py @@ -1,9 +1,10 @@ +# -*- coding: utf-8 -*- """ ldap.controls.openldap - classes for OpenLDAP-specific controls See http://www.python-ldap.org/ for project details. -$Id: openldap.py,v 1.3 2015/06/22 17:56:50 stroeder Exp $ +$Id: openldap.py,v 1.4 2015/09/18 17:24:39 stroeder Exp $ """ import ldap.controls diff --git a/Lib/ldap/controls/sessiontrack.py b/Lib/ldap/controls/sessiontrack.py index 285c637..e3b7042 100644 --- a/Lib/ldap/controls/sessiontrack.py +++ b/Lib/ldap/controls/sessiontrack.py @@ -1,10 +1,11 @@ +# -*- coding: utf-8 -*- """ ldap.controls.sessiontrack - class for session tracking control (see draft-wahl-ldap-session) See http://www.python-ldap.org/ for project details. -$Id: sessiontrack.py,v 1.4 2013/07/04 16:20:06 stroeder Exp $ +$Id: sessiontrack.py,v 1.5 2015/09/18 17:25:07 stroeder Exp $ """ from ldap.controls import RequestControl From f79033ba4aef955315842119f3f1fbc9b5fb2fbb Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 18 Sep 2015 17:24:55 +0000 Subject: [PATCH 180/868] Added encoding header; removed shee-bang --- Lib/ldap/controls/readentry.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/ldap/controls/readentry.py b/Lib/ldap/controls/readentry.py index 19ba9d5..5ff8dca 100644 --- a/Lib/ldap/controls/readentry.py +++ b/Lib/ldap/controls/readentry.py @@ -1,11 +1,11 @@ -#!/usr/bin/env python +# -*- coding: utf-8 -*- """ ldap.controls.readentry - classes for the Read Entry controls (see RFC 4527) See http://www.python-ldap.org/ for project details. -$Id: readentry.py,v 1.4 2011/07/28 08:57:12 stroeder Exp $ +$Id: readentry.py,v 1.5 2015/09/18 17:24:55 stroeder Exp $ """ import ldap From 620990614ec3d4ed7e31681f0e111e9a9fc11aa9 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 18 Sep 2015 20:20:32 +0000 Subject: [PATCH 181/868] ldap.resiter.ResultProcessor.allresults() now takes new key-word argument add_ctrls which is internally passed to LDAPObject.result4() and lets the method also return response control along with the search results. --- CHANGES | 6 +++++- Lib/ldap/resiter.py | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 8869884..3e88321 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,10 @@ Changes since 2.4.20: Lib/ * LDAPObject.read_s() now returns None instead of raising ldap.NO_SUCH_OBJECT in case the search operation returned emtpy result. +* ldap.resiter.ResultProcessor.allresults() now takes new key-word + argument add_ctrls which is internally passed to LDAPObject.result4() + and lets the method also return response control along with the search + results. Tests/ * Unit tests for module ldif (thanks to Petr Viktorin) @@ -1190,4 +1194,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.353 2015/09/18 14:51:44 stroeder Exp $ +$Id: CHANGES,v 1.354 2015/09/18 20:20:32 stroeder Exp $ diff --git a/Lib/ldap/resiter.py b/Lib/ldap/resiter.py index e34fad6..fdbbc3e 100644 --- a/Lib/ldap/resiter.py +++ b/Lib/ldap/resiter.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: resiter.py,v 1.6 2011/07/28 08:23:32 stroeder Exp $ +\$Id: resiter.py,v 1.7 2015/09/18 20:20:32 stroeder Exp $ Python compability note: Requires Python 2.3+ @@ -15,15 +15,15 @@ class ResultProcessor: Mix-in class used with ldap.ldapopbject.LDAPObject or derived classes. """ - def allresults(self,msgid,timeout=-1): + def allresults(self,msgid,timeout=-1,add_ctrls=0): """ Generator function which returns an iterator for processing all LDAP operation results of the given msgid retrieved with LDAPObject.result3() -> 4-tuple """ - result_type,result_list,result_msgid,result_serverctrls = self.result3(msgid,0,timeout) + result_type,result_list,result_msgid,result_serverctrls,_,_ = self.result4(msgid,0,timeout,add_ctrls=add_ctrls) while result_type and result_list: # Loop over list of search results for result_item in result_list: yield (result_type,result_list,result_msgid,result_serverctrls) - result_type,result_list,result_msgid,result_serverctrls = self.result3(msgid,0,timeout) + result_type,result_list,result_msgid,result_serverctrls,_,_ = self.result4(msgid,0,timeout,add_ctrls=add_ctrls) return # allresults() From 96525a0b614663ae6272c4d2d8135df0df65825c Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 19 Sep 2015 13:38:30 +0000 Subject: [PATCH 182/868] Added ldap.controls.deref implementing support for dereference control --- CHANGES | 3 +- Demo/pyasn1/derefcontrol.py | 47 ++++++++++++++ Lib/ldap/controls/deref.py | 125 ++++++++++++++++++++++++++++++++++++ setup.py | 3 +- 4 files changed, 176 insertions(+), 2 deletions(-) create mode 100644 Demo/pyasn1/derefcontrol.py create mode 100644 Lib/ldap/controls/deref.py diff --git a/CHANGES b/CHANGES index 3e88321..2e10005 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,7 @@ Lib/ argument add_ctrls which is internally passed to LDAPObject.result4() and lets the method also return response control along with the search results. +* Added ldap.controls.deref implementing support for dereference control Tests/ * Unit tests for module ldif (thanks to Petr Viktorin) @@ -1194,4 +1195,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.354 2015/09/18 20:20:32 stroeder Exp $ +$Id: CHANGES,v 1.355 2015/09/19 13:38:30 stroeder Exp $ diff --git a/Demo/pyasn1/derefcontrol.py b/Demo/pyasn1/derefcontrol.py new file mode 100644 index 0000000..885b66e --- /dev/null +++ b/Demo/pyasn1/derefcontrol.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python +""" +This sample script demonstrates the use of the dereference control +(see https://tools.ietf.org/html/draft-masarati-ldap-deref) + +Requires module pyasn1 (see http://pyasn1.sourceforge.net/) +""" + +import pprint,ldap,ldap.modlist,ldap.resiter + +from ldap.controls.deref import DereferenceControl + +uri = "ldap://localhost:2071/" + +class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): + pass + + +l = MyLDAPObject(uri,trace_level=2) +l.simple_bind_s('uid=diradm,dc=example,dc=com','testsecret') + +dc = DereferenceControl( + True, + { + 'member':[ + 'uid', + 'description', +# 'cn', +# 'mail', + ], + } +) +print dc._derefSpecs().prettyPrint() +dc.encodeControlValue() + +msg_id = l.search_ext( + 'dc=example,dc=com', + ldap.SCOPE_SUBTREE, + '(objectClass=groupOfNames)', + attrlist=['cn','objectClass','member','description'], + serverctrls = [dc] +) + +for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id,add_ctrls=1): + for dn,entry,deref_control in res_data: + # process dn and entry + print dn,entry['objectClass'] diff --git a/Lib/ldap/controls/deref.py b/Lib/ldap/controls/deref.py new file mode 100644 index 0000000..c8cef79 --- /dev/null +++ b/Lib/ldap/controls/deref.py @@ -0,0 +1,125 @@ +# -*- coding: utf-8 -*- +""" +ldap.controls.deref - classes for +(see https://tools.ietf.org/html/draft-masarati-ldap-deref) + +See http://www.python-ldap.org/ for project details. + +$Id: deref.py,v 1.1 2015/09/19 13:38:30 stroeder Exp $ +""" + +__all__ = [ + 'DEREF_CONTROL_OID', + 'DereferenceControl', +] + +import ldap.controls +from ldap.controls import LDAPControl,KNOWN_RESPONSE_CONTROLS + +import pyasn1_modules.rfc2251 +from pyasn1.type import namedtype,univ,tag +from pyasn1.codec.ber import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPDN,AttributeDescription,AttributeDescriptionList,AttributeValue + + +DEREF_CONTROL_OID = '1.3.6.1.4.1.4203.666.5.16' + + +# Request types +#--------------------------------------------------------------------------- + +# For compability with ASN.1 declaration in I-D +AttributeList = AttributeDescriptionList + +class DerefSpec(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'derefAttr', + AttributeDescription() + ), + namedtype.NamedType( + 'attributes', + AttributeList() + ), + ) + +class DerefSpecs(univ.SequenceOf): + componentType = DerefSpec() + +# Response types +#--------------------------------------------------------------------------- + + +class AttributeValues(univ.SetOf): + componentType = AttributeValue() + + +class PartialAttribute(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('type', AttributeDescription()), + namedtype.NamedType('vals', AttributeValues()), + ) + + +class PartialAttributeList(univ.SequenceOf): + componentType = PartialAttribute() + tagSet = univ.Sequence.tagSet.tagImplicitly( + tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0) + ) + + +class DerefRes(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('derefAttr', AttributeDescription()), + namedtype.NamedType('derefVal', LDAPDN()), + namedtype.OptionalNamedType('attrVals', PartialAttributeList()), + ) + + +class DerefResultControlValue(univ.SequenceOf): + componentType = DerefRes() + + +class DereferenceControl(LDAPControl): + controlType = DEREF_CONTROL_OID + + def __init__(self,criticality=False,derefSpecs=None): + LDAPControl.__init__(self,self.controlType,criticality) + self.derefSpecs = derefSpecs or {} + + def _derefSpecs(self): + deref_specs = DerefSpecs() + i = 0 + for deref_attr,deref_attribute_names in self.derefSpecs.items(): + deref_spec = DerefSpec() + deref_attributes = AttributeList() + for j in range(len(deref_attribute_names)): + deref_attributes.setComponentByPosition(j,deref_attribute_names[j]) + deref_spec.setComponentByName('derefAttr',AttributeDescription(deref_attr)) + deref_spec.setComponentByName('attributes',deref_attributes) + deref_specs.setComponentByPosition(i,deref_spec) + i += 1 + return deref_specs + + def encodeControlValue(self): + return encoder.encode(self._derefSpecs()) + + def decodeControlValue(self,encodedControlValue): + decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=DerefResultControlValue()) + print decodedValue.prettyPrint() + self.derefRes = {} + for deref_res in decodedValue: + deref_attr,deref_val,deref_vals = deref_res + partial_attrs_dict = dict([ + (str(t),map(str,v)) + for t,v in deref_vals or [] + ]) + try: + self.derefRes[str(deref_attr)].append((str(deref_val),partial_attrs_dict)) + except KeyError: + self.derefRes[str(deref_attr)] = [(str(deref_val),partial_attrs_dict)] + import pprint + pprint.pprint(self.derefRes) + + +KNOWN_RESPONSE_CONTROLS[DereferenceControl.controlType] = DereferenceControl diff --git a/setup.py b/setup.py index b2fe367..868d2f0 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: setup.py,v 1.72 2014/03/12 20:29:23 stroeder Exp $ +$Id: setup.py,v 1.73 2015/09/19 13:38:30 stroeder Exp $ """ has_setuptools = False @@ -150,6 +150,7 @@ class OpenLDAP2: 'ldap', 'ldap.async', 'ldap.controls', + 'ldap.controls.deref', 'ldap.controls.libldap', 'ldap.controls.openldap', 'ldap.controls.ppolicy', From 4d2fdec00cbab889dc9c2f79fcf0da114c167caa Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 19 Sep 2015 13:41:01 +0000 Subject: [PATCH 183/868] Removed debug print statements --- Lib/ldap/controls/deref.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Lib/ldap/controls/deref.py b/Lib/ldap/controls/deref.py index c8cef79..02c68b7 100644 --- a/Lib/ldap/controls/deref.py +++ b/Lib/ldap/controls/deref.py @@ -5,7 +5,7 @@ See http://www.python-ldap.org/ for project details. -$Id: deref.py,v 1.1 2015/09/19 13:38:30 stroeder Exp $ +$Id: deref.py,v 1.2 2015/09/19 13:41:01 stroeder Exp $ """ __all__ = [ @@ -106,7 +106,6 @@ def encodeControlValue(self): def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=DerefResultControlValue()) - print decodedValue.prettyPrint() self.derefRes = {} for deref_res in decodedValue: deref_attr,deref_val,deref_vals = deref_res @@ -118,8 +117,6 @@ def decodeControlValue(self,encodedControlValue): self.derefRes[str(deref_attr)].append((str(deref_val),partial_attrs_dict)) except KeyError: self.derefRes[str(deref_attr)] = [(str(deref_val),partial_attrs_dict)] - import pprint - pprint.pprint(self.derefRes) KNOWN_RESPONSE_CONTROLS[DereferenceControl.controlType] = DereferenceControl From 3a84c23bec0d4db25865dac4463dc4a27d628ddc Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 19 Sep 2015 13:45:47 +0000 Subject: [PATCH 184/868] Less but better output --- Demo/pyasn1/derefcontrol.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Demo/pyasn1/derefcontrol.py b/Demo/pyasn1/derefcontrol.py index 885b66e..03b3bde 100644 --- a/Demo/pyasn1/derefcontrol.py +++ b/Demo/pyasn1/derefcontrol.py @@ -16,7 +16,7 @@ class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass -l = MyLDAPObject(uri,trace_level=2) +l = MyLDAPObject(uri,trace_level=0) l.simple_bind_s('uid=diradm,dc=example,dc=com','testsecret') dc = DereferenceControl( @@ -30,8 +30,9 @@ class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): ], } ) + +print 'pyasn1 output of request control:' print dc._derefSpecs().prettyPrint() -dc.encodeControlValue() msg_id = l.search_ext( 'dc=example,dc=com', @@ -45,3 +46,5 @@ class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): for dn,entry,deref_control in res_data: # process dn and entry print dn,entry['objectClass'] + if deref_control: + pprint.pprint(deref_control[0].derefRes) From 60a67e990501dcf007364097e16d07d827537945 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 19 Sep 2015 16:00:39 +0000 Subject: [PATCH 185/868] Use public FreeIPA demo server running 389-ds --- Demo/pyasn1/derefcontrol.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Demo/pyasn1/derefcontrol.py b/Demo/pyasn1/derefcontrol.py index 03b3bde..4ac5155 100644 --- a/Demo/pyasn1/derefcontrol.py +++ b/Demo/pyasn1/derefcontrol.py @@ -10,14 +10,14 @@ from ldap.controls.deref import DereferenceControl -uri = "ldap://localhost:2071/" +uri = "ldap://ipa.demo1.freeipa.org" class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass l = MyLDAPObject(uri,trace_level=0) -l.simple_bind_s('uid=diradm,dc=example,dc=com','testsecret') +l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') dc = DereferenceControl( True, @@ -25,8 +25,8 @@ class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): 'member':[ 'uid', 'description', -# 'cn', -# 'mail', + 'cn', + 'mail', ], } ) @@ -35,7 +35,7 @@ class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): print dc._derefSpecs().prettyPrint() msg_id = l.search_ext( - 'dc=example,dc=com', + 'dc=demo1,dc=freeipa,dc=org', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)', attrlist=['cn','objectClass','member','description'], From d977e94b088fd0bd53623a80fda5e506d68d0d96 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 25 Sep 2015 16:21:47 +0000 Subject: [PATCH 186/868] Prepare release 2.4.21 --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 2e10005..df17338 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.21 2015-07-xx +Released 2.4.21 2015-09-25 Changes since 2.4.20: @@ -1195,4 +1195,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.355 2015/09/19 13:38:30 stroeder Exp $ +$Id: CHANGES,v 1.356 2015/09/25 16:21:47 stroeder Exp $ From b994312f31550a3f57106d76336befed0bb901d7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 30 Sep 2015 17:15:53 +0000 Subject: [PATCH 187/868] Started 2.4.22 --- CHANGES | 9 ++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index df17338..586e687 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,10 @@ +---------------------------------------------------------------- +Released 2.4.22 2015-10-xx + +Changes since 2.4.21: + +Lib/ + ---------------------------------------------------------------- Released 2.4.21 2015-09-25 @@ -1195,4 +1202,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.356 2015/09/25 16:21:47 stroeder Exp $ +$Id: CHANGES,v 1.357 2015/09/30 17:15:53 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 65e3b9f..6db30c8 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.38 2015/08/08 13:36:30 stroeder Exp $ +$Id: dsml.py,v 1.39 2015/09/30 17:15:53 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.21' +__version__ = '2.4.22' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index c7d59e2..cecec33 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.98 2015/08/08 13:36:30 stroeder Exp $ +$Id: __init__.py,v 1.99 2015/09/30 17:15:53 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.21' +__version__ = '2.4.22' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index c6a7ef0..e5bf13d 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.73 2015/08/08 13:36:30 stroeder Exp $ +\$Id: ldapurl.py,v 1.74 2015/09/30 17:15:53 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.21' +__version__ = '2.4.22' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index d099f42..36f302d 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.83 2015/08/08 13:36:30 stroeder Exp $ +$Id: ldif.py,v 1.84 2015/09/30 17:15:53 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.21' +__version__ = '2.4.22' __all__ = [ # constants From c74ad898458332c5e2325e5167d635434be490be Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 30 Sep 2015 17:17:28 +0000 Subject: [PATCH 188/868] LDIFParser now also accepts value-spec without a space after the colon --- CHANGES | 4 +++- Lib/ldif.py | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 586e687..a5540e5 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ Released 2.4.22 2015-10-xx Changes since 2.4.21: Lib/ +* LDIFParser now also accepts value-spec without a space + after the colon. ---------------------------------------------------------------- Released 2.4.21 2015-09-25 @@ -1202,4 +1204,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.357 2015/09/30 17:15:53 stroeder Exp $ +$Id: CHANGES,v 1.358 2015/09/30 17:17:28 stroeder Exp $ diff --git a/Lib/ldif.py b/Lib/ldif.py index 36f302d..47df877 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.84 2015/09/30 17:15:53 stroeder Exp $ +$Id: ldif.py,v 1.85 2015/09/30 17:17:28 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -324,7 +324,7 @@ def _next_key_and_value(self): # if needed attribute value is BASE64 decoded value_spec = unfolded_line[colon_pos:colon_pos+2] if value_spec==': ': - attr_value = unfolded_line[colon_pos+2:] + attr_value = unfolded_line[colon_pos+2:].lstrip() elif value_spec=='::': # attribute value needs base64-decoding attr_value = base64.decodestring(unfolded_line[colon_pos+2:]) @@ -336,8 +336,8 @@ def _next_key_and_value(self): u = urlparse.urlparse(url) if self._process_url_schemes.has_key(u[0]): attr_value = urllib.urlopen(url).read() - elif value_spec==':\r\n' or value_spec=='\n': - attr_value = '' + else: + attr_value = unfolded_line[colon_pos+1:] return attr_type,attr_value def parse_entry_records(self): From 4d09415f224f495bdce6215c81564f0be8fb23ae Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 30 Sep 2015 17:19:00 +0000 Subject: [PATCH 189/868] Always compare parsed lists and not LDIF strings --- Tests/t_ldif.py | 55 +++++++++++++++++++++---------------------------- 1 file changed, 23 insertions(+), 32 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 8620b05..d841dae 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -15,29 +15,24 @@ class TestParse(unittest.TestCase): maxDiff = None - def check_ldif_to_records(self, ldif_string, expected): - #import pdb; pdb.set_trace() - got = ldif.ParseLDIF(StringIO(ldif_string)) - self.assertEqual(got, expected) + def _parse_entry_records(self, ldif_string): + return ldif.ParseLDIF(StringIO(ldif_string)) - def check_records_to_ldif(self, records, expected): + def _unparse_entry_records(self, records): f = StringIO() ldif_writer = ldif.LDIFWriter(f) for dn, attrs in records: ldif_writer.unparse(dn, attrs) - got = f.getvalue() - self.assertEqual(got, expected) + return f.getvalue() - def check_roundtrip(self, ldif_source, records, ldif_expected=None): + def check_roundtrip(self, ldif_source, entry_records): ldif_source = textwrap.dedent(ldif_source).lstrip() + '\n' - if ldif_expected is None: - ldif_expected = ldif_source - else: - ldif_expected = textwrap.dedent(ldif_expected).lstrip() + '\n' - - self.check_ldif_to_records(ldif_source, records) - self.check_records_to_ldif(records, ldif_expected) - self.check_ldif_to_records(ldif_expected, records) + parsed_entry_records = self._parse_entry_records(ldif_source) + parsed_entry_records2 = self._parse_entry_records( + self._unparse_entry_records(entry_records) + ) + self.assertEqual(parsed_entry_records, entry_records) + self.assertEqual(parsed_entry_records2, entry_records) def test_simple(self): self.check_roundtrip(""" @@ -48,6 +43,15 @@ def test_simple(self): ('cn=x,cn=y,cn=z', {'attrib': [b'value', b'value2']}), ]) + def test_simple2(self): + self.check_roundtrip(""" + dn:cn=x,cn=y,cn=z + attrib:value + attrib:value2 + """, [ + ('cn=x,cn=y,cn=z', {'attrib': [b'value', b'value2']}), + ]) + def test_multiple(self): self.check_roundtrip(""" dn: cn=x,cn=y,cn=z @@ -74,12 +78,7 @@ def test_folded(self): """ % ('asdf.' * 20), [ ('cn=x,cn=y,cn=z', {'attrib': [b'verylong value'], 'attrib2': [b'asdf.' * 20]}), - ], """ - dn: cn=x,cn=y,cn=z - attrib: verylong value - attrib2: asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.asdf.as - df.asdf.asdf.asdf.asdf.asdf.asdf. - """) + ]) def test_empty(self): self.check_roundtrip(""" @@ -105,10 +104,7 @@ def test_unicode(self): """, [ ('cn=Michael Stroeder,dc=stroeder,dc=com', {'lastname': [b'Str\303\266der']}), - ], """ - dn: cn=Michael Stroeder,dc=stroeder,dc=com - lastname:: U3Ryw7ZkZXI= - """) + ]) def test_sorted(self): self.check_roundtrip(""" @@ -120,12 +116,7 @@ def test_sorted(self): ('cn=x,cn=y,cn=z', {'a': [b'value_a'], 'b': [b'value_b'], 'c': [b'value_c']}), - ], """ - dn: cn=x,cn=y,cn=z - a: value_a - b: value_b - c: value_c - """) + ]) if __name__ == '__main__': From a4ed5141bba0fc87b0d422cdeec837328d359e81 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 30 Sep 2015 17:41:46 +0000 Subject: [PATCH 190/868] Added test case for :: without trailing space --- Tests/t_ldif.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index d841dae..efd69ec 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -97,6 +97,14 @@ def test_binary(self): ('cn=x,cn=y,cn=z', {'attrib': [b'\t\0\n:%@']}), ]) + def test_binary2(self): + self.check_roundtrip(""" + dn: cn=x,cn=y,cn=z + attrib::CQAKOiVA + """, [ + ('cn=x,cn=y,cn=z', {'attrib': [b'\t\0\n:%@']}), + ]) + def test_unicode(self): self.check_roundtrip(""" dn: cn=Michael Stroeder,dc=stroeder,dc=com From 71e9d46ae495ed7e7132007b94e67690a8e65759 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 12:37:39 +0000 Subject: [PATCH 191/868] Updated release and copyright --- Doc/conf.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Doc/conf.py b/Doc/conf.py index 32babb6..51fb9d5 100644 --- a/Doc/conf.py +++ b/Doc/conf.py @@ -11,7 +11,7 @@ # All configuration values have a default value; values that are commented out # serve to show the default value. # -# $Id: conf.py,v 1.21 2015/06/05 21:05:37 stroeder Exp $ +# $Id: conf.py,v 1.22 2015/10/24 12:37:39 stroeder Exp $ import sys @@ -36,7 +36,7 @@ # General substitutions. project = 'python-ldap' -copyright = '2008-2014, python-ldap project team' +copyright = '2008-2015, python-ldap project team' # The default replacements for |version| and |release|, also used in various # other places throughout the built documents. @@ -44,7 +44,7 @@ # The short X.Y version. version = '2.4' # The full version, including alpha/beta/rc tags. -release = '2.4.20.0' +release = '2.4.21.0' # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: From abef0bb5f3f4cbade4a0f64102c85018110a15f9 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 12:49:41 +0000 Subject: [PATCH 192/868] Added stub for ldap.sasl --- Doc/index.rst | 3 ++- Doc/ldap-sasl.rst | 69 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 Doc/ldap-sasl.rst diff --git a/Doc/index.rst b/Doc/index.rst index ad86059..2338eb2 100644 --- a/Doc/index.rst +++ b/Doc/index.rst @@ -2,7 +2,7 @@ python-ldap Documentation ########################## -.. % $Id: index.rst,v 1.8 2011/10/26 19:42:45 stroeder Exp $ +.. % $Id: index.rst,v 1.9 2015/10/24 12:49:41 stroeder Exp $ .. topic:: Abstract @@ -30,6 +30,7 @@ Contents ldap-resiter.rst ldap-schema.rst ldap-syncrepl.rst + ldap-sasl.rst ldif.rst ldapurl.rst dsml.rst diff --git a/Doc/ldap-sasl.rst b/Doc/ldap-sasl.rst new file mode 100644 index 0000000..dd5fce3 --- /dev/null +++ b/Doc/ldap-sasl.rst @@ -0,0 +1,69 @@ +.. % $Id: ldap-sasl.rst,v 1.1 2015/10/24 12:49:41 stroeder Exp $ + + +******************************************** +:py:mod:`ldap.sasl` Handling LDAPv3 schema +******************************************** + +.. py:module:: ldap.sasl + +This module implements various authentication methods for SASL bind. + +.. seealso:: + + :rfc:`4422` - Simple Authentication and Security Layer (SASL) + + +:py:mod:`ldap.sasl` SASL bind requests +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.sasl + + +.. py:data:: CB_USER + +.. py:data:: CB_AUTHNAME + +.. py:data:: CB_LANGUAGE + +.. py:data:: CB_PASS + +.. py:data:: CB_ECHOPROMPT + +.. py:data:: CB_NOECHOPROMPT + +.. py:data:: CB_GETREALM + + +Functions +========= + +.. autofunction:: ldap.sasl.subentry.urlfetch + +Classes +======= + +.. autoclass:: ldap.sasl.sasl + :members: + +.. autoclass:: ldap.sasl.cram_md5 + :members: + +.. autoclass:: ldap.sasl.digest_md5 + :members: + +.. autoclass:: ldap.sasl.gssapi + :members: + +.. autoclass:: ldap.sasl.external + :members: + + +.. _ldap.sasl-example: + +Examples for ldap.sasl +^^^^^^^^^^^^^^^^^^^^^^^^ + +:: + + import ldap.sasl From c50d6942470340c46fb08684a948b07f4ac919f6 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 13:07:33 +0000 Subject: [PATCH 193/868] Added example and link to RFC 4513 --- Doc/ldap-sasl.rst | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Doc/ldap-sasl.rst b/Doc/ldap-sasl.rst index dd5fce3..2cd5fc6 100644 --- a/Doc/ldap-sasl.rst +++ b/Doc/ldap-sasl.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-sasl.rst,v 1.1 2015/10/24 12:49:41 stroeder Exp $ +.. % $Id: ldap-sasl.rst,v 1.2 2015/10/24 13:07:33 stroeder Exp $ ******************************************** @@ -12,6 +12,7 @@ This module implements various authentication methods for SASL bind. .. seealso:: :rfc:`4422` - Simple Authentication and Security Layer (SASL) + :rfc:`4513` - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms :py:mod:`ldap.sasl` SASL bind requests @@ -64,6 +65,21 @@ Classes Examples for ldap.sasl ^^^^^^^^^^^^^^^^^^^^^^^^ +This example connects to a OpenLDAP server via LDAP over IPC and +sends a SASL external bind request. + :: - import ldap.sasl + import ldap, ldap.sasl, urllib + + ldapi_path = '/tmp/openldap-socket' + ldap_conn = ldap.initialize( + 'ldapi://%s' % ( + urllib.quote_plus(ldapi_path) + ) + ) + # Send SASL bind request for mechanism EXTERNAL + ldap_conn.sasl_non_interactive_bind_s('EXTERNAL') + # Find out the SASL Authorization Identity + print ldap_conn.whoami_s() + From 5abe88935f51c6404ec694b27ad5ffbbdb6d09dd Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 13:41:02 +0000 Subject: [PATCH 194/868] Removed functions section and link to draft-chu-ldap-ldapi --- Doc/ldap-sasl.rst | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/Doc/ldap-sasl.rst b/Doc/ldap-sasl.rst index 2cd5fc6..c91b49a 100644 --- a/Doc/ldap-sasl.rst +++ b/Doc/ldap-sasl.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-sasl.rst,v 1.2 2015/10/24 13:07:33 stroeder Exp $ +.. % $Id: ldap-sasl.rst,v 1.3 2015/10/24 13:41:02 stroeder Exp $ ******************************************** @@ -15,11 +15,8 @@ This module implements various authentication methods for SASL bind. :rfc:`4513` - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms -:py:mod:`ldap.sasl` SASL bind requests -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. py:module:: ldap.sasl - +Constants +========= .. py:data:: CB_USER @@ -36,11 +33,6 @@ This module implements various authentication methods for SASL bind. .. py:data:: CB_GETREALM -Functions -========= - -.. autofunction:: ldap.sasl.subentry.urlfetch - Classes ======= @@ -65,8 +57,9 @@ Classes Examples for ldap.sasl ^^^^^^^^^^^^^^^^^^^^^^^^ -This example connects to a OpenLDAP server via LDAP over IPC and -sends a SASL external bind request. +This example connects to an OpenLDAP server via LDAP over IPC +(see `draft-chu-ldap-ldapi `_) +and sends a SASL external bind request. :: From 51ed53505d6f6e92ce0fd422d6024ba2ea34683e Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 15:27:03 +0000 Subject: [PATCH 195/868] Started missing docs for sub-module ldap.sasl. --- CHANGES | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index a5540e5..e763ef1 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,9 @@ Lib/ * LDIFParser now also accepts value-spec without a space after the colon. +Doc/ +* Started missing docs for sub-module ldap.sasl. + ---------------------------------------------------------------- Released 2.4.21 2015-09-25 @@ -1204,4 +1207,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.358 2015/09/30 17:17:28 stroeder Exp $ +$Id: CHANGES,v 1.359 2015/10/24 15:27:03 stroeder Exp $ From 2cc6d1102bf91420640477d50f65b8526453752e Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 15:42:41 +0000 Subject: [PATCH 196/868] Added key-word argument authz_id to LDAPObject methods sasl_non_interactive_bind_s(), sasl_external_bind_s() and sasl_gssapi_bind_s(). --- CHANGES | 5 ++++- Lib/ldap/ldapobject.py | 20 +++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index e763ef1..f8cffaf 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,9 @@ Changes since 2.4.21: Lib/ * LDIFParser now also accepts value-spec without a space after the colon. +* Added key-word argument authz_id to LDAPObject methods + sasl_non_interactive_bind_s(), sasl_external_bind_s() and + sasl_gssapi_bind_s() Doc/ * Started missing docs for sub-module ldap.sasl. @@ -1207,4 +1210,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.359 2015/10/24 15:27:03 stroeder Exp $ +$Id: CHANGES,v 1.360 2015/10/24 15:42:41 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index c807973..39f0f75 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.147 2015/08/08 13:37:41 stroeder Exp $ +\$Id: ldapobject.py,v 1.148 2015/10/24 15:42:41 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -243,23 +243,29 @@ def sasl_interactive_bind_s(self,who,auth,serverctrls=None,clientctrls=None,sasl """ return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) - def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): + def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL) """ - self.sasl_interactive_bind_s('',ldap.sasl.sasl({},sasl_mech)) + self.sasl_interactive_bind_s( + '', + ldap.sasl.sasl( + {ldap.sasl.CB_USER:authz_id}, + sasl_mech + ) + ) - def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): + def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send SASL bind request using SASL mech EXTERNAL """ - self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags) + self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags,authz_id) - def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): + def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send SASL bind request using SASL mech GSSAPI """ - self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags) + self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id) def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None): """ From 12cf5911e0ce6d42567587ae4176694ae6813453 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 15:46:12 +0000 Subject: [PATCH 197/868] ReconnectLDAPObject.sasl_bind_s() now correctly uses generic wrapper arguments *args,**kwargs --- CHANGES | 5 ++++- Lib/ldap/ldapobject.py | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index f8cffaf..575252a 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,9 @@ Lib/ * Added key-word argument authz_id to LDAPObject methods sasl_non_interactive_bind_s(), sasl_external_bind_s() and sasl_gssapi_bind_s() +* Hmmpf! Added missing self to LDAPObject.fileno(). +* ReconnectLDAPObject.sasl_bind_s() now correctly uses + generic wrapper arguments *args,**kwargs Doc/ * Started missing docs for sub-module ldap.sasl. @@ -1210,4 +1213,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.360 2015/10/24 15:42:41 stroeder Exp $ +$Id: CHANGES,v 1.361 2015/10/24 15:46:12 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 39f0f75..8205bd4 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.148 2015/10/24 15:42:41 stroeder Exp $ +\$Id: ldapobject.py,v 1.149 2015/10/24 15:46:12 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -136,7 +136,7 @@ def __getattr__(self,name): self.__class__.__name__,repr(name) ) - def fileno(): + def fileno(self): """ Returns file description of LDAP connection. @@ -933,7 +933,7 @@ def sasl_interactive_bind_s(self,*args,**kwargs): self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) return res - def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None): + def sasl_bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) return res From 0fa88d045e2406ac505db39fd2f655f52e1be404 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 15:50:00 +0000 Subject: [PATCH 198/868] LDIFParser.parse_change_records() now correctly calls handle_change_modify() --- CHANGES | 6 ++++-- Lib/ldif.py | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 575252a..6f2301f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.22 2015-10-xx +Released 2.4.22 2015-10-25 Changes since 2.4.21: @@ -12,6 +12,8 @@ Lib/ * Hmmpf! Added missing self to LDAPObject.fileno(). * ReconnectLDAPObject.sasl_bind_s() now correctly uses generic wrapper arguments *args,**kwargs +* LDIFParser.parse_change_records() now correctly calls + LDIFParser.handle_change_modify() Doc/ * Started missing docs for sub-module ldap.sasl. @@ -1213,4 +1215,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.361 2015/10/24 15:46:12 stroeder Exp $ +$Id: CHANGES,v 1.362 2015/10/24 15:50:00 stroeder Exp $ diff --git a/Lib/ldif.py b/Lib/ldif.py index 47df877..7466020 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.85 2015/09/30 17:17:28 stroeder Exp $ +$Id: ldif.py,v 1.86 2015/10/24 15:50:00 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -467,7 +467,7 @@ def parse_change_records(self): if modops: # append entry to result list - self.handle_modify(dn,modops,controls) + self.handle_change_modify(dn,modops,controls) else: From c9f34d54556d82a49805be1e4e24e2f8e881cdfc Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 15:52:23 +0000 Subject: [PATCH 199/868] Undefined variable name 'SSSVLVPagedLDAPObject' in __all__ (undefined-all-variable) --- Lib/ldap/controls/sss.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Lib/ldap/controls/sss.py b/Lib/ldap/controls/sss.py index 406fb0b..95f751e 100644 --- a/Lib/ldap/controls/sss.py +++ b/Lib/ldap/controls/sss.py @@ -5,13 +5,12 @@ See http://www.python-ldap.org/ for project details. -$Id: sss.py,v 1.1 2015/06/22 16:47:08 stroeder Exp $ +$Id: sss.py,v 1.2 2015/10/24 15:52:23 stroeder Exp $ """ __all__ = [ 'SSSRequestControl', 'SSSResponseControl', - 'SSSVLVPagedLDAPObject' ] From c6b18c750bfd03b46f7a00be098dc327b1704117 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 15:55:07 +0000 Subject: [PATCH 200/868] Corrected ldap.controls.pwdpolicy.__all__ --- CHANGES | 3 ++- Lib/ldap/controls/pwdpolicy.py | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 6f2301f..cf8757a 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,7 @@ Lib/ generic wrapper arguments *args,**kwargs * LDIFParser.parse_change_records() now correctly calls LDIFParser.handle_change_modify() +* Corrected ldap.controls.pwdpolicy.__all__ Doc/ * Started missing docs for sub-module ldap.sasl. @@ -1215,4 +1216,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.362 2015/10/24 15:50:00 stroeder Exp $ +$Id: CHANGES,v 1.363 2015/10/24 15:55:07 stroeder Exp $ diff --git a/Lib/ldap/controls/pwdpolicy.py b/Lib/ldap/controls/pwdpolicy.py index 0cb4260..dc013d4 100644 --- a/Lib/ldap/controls/pwdpolicy.py +++ b/Lib/ldap/controls/pwdpolicy.py @@ -5,11 +5,12 @@ See http://www.python-ldap.org/ for project details. -$Id: pwdpolicy.py,v 1.4 2014/03/12 21:34:07 stroeder Exp $ +$Id: pwdpolicy.py,v 1.5 2015/10/24 15:55:07 stroeder Exp $ """ __all__ = [ - 'ExpirationWarningControl' + 'PasswordExpiringControl', + 'PasswordExpiredControl', ] # Imports from python-ldap 2.4+ From b8844cb5264febf18371a63947b1becbaa1ea67d Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 16:12:31 +0000 Subject: [PATCH 201/868] Prefer method name handle_modify() --- Lib/ldif.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Lib/ldif.py b/Lib/ldif.py index 7466020..5145190 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.86 2015/10/24 15:50:00 stroeder Exp $ +$Id: ldif.py,v 1.87 2015/10/24 16:12:31 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -391,7 +391,7 @@ def parse(self): """ return self.parse_entry_records() # parse() - def handle_change_modify(self,dn,modops,controls=None): + def handle_modify(self,dn,modops,controls=None): """ Process a single LDIF record representing a single modify operation. This method should be implemented by applications using LDIFParser. @@ -467,7 +467,7 @@ def parse_change_records(self): if modops: # append entry to result list - self.handle_change_modify(dn,modops,controls) + self.handle_modify(dn,modops,controls) else: From 5d85c44b836313b4b6969e47e5dbf903e09cfa79 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 16:21:14 +0000 Subject: [PATCH 202/868] Explicitly list limit exception types --- Demo/pyasn1/noopsearch.py | 8 +++++--- Lib/ldap/controls/openldap.py | 9 +++++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Demo/pyasn1/noopsearch.py b/Demo/pyasn1/noopsearch.py index a22f394..e2846ce 100644 --- a/Demo/pyasn1/noopsearch.py +++ b/Demo/pyasn1/noopsearch.py @@ -14,8 +14,6 @@ from ldap.controls.openldap import SearchNoOpControl -LDAPLimitErrors = (ldap.TIMEOUT,ldap.TIMELIMIT_EXCEEDED,ldap.SIZELIMIT_EXCEEDED,ldap.ADMINLIMIT_EXCEEDED) - SEARCH_TIMEOUT=30.0 try: @@ -56,7 +54,11 @@ serverctrls=[SearchNoOpControl(criticality=True)], ) _,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT) -except LDAPLimitErrors,e: +except ( + ldap.TIMEOUT, + ldap.TIMELIMIT_EXCEEDED, + ldap.SIZELIMIT_EXCEEDED, + ldap.ADMINLIMIT_EXCEEDED),e: ldap_conn.abandon(msg_id) sys.exit(1) diff --git a/Lib/ldap/controls/openldap.py b/Lib/ldap/controls/openldap.py index 53425e0..8480e7c 100644 --- a/Lib/ldap/controls/openldap.py +++ b/Lib/ldap/controls/openldap.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for project details. -$Id: openldap.py,v 1.4 2015/09/18 17:24:39 stroeder Exp $ +$Id: openldap.py,v 1.5 2015/10/24 16:21:14 stroeder Exp $ """ import ldap.controls @@ -63,7 +63,12 @@ def noop_search_st(self,base,scope=ldap.SCOPE_SUBTREE,filterstr='(objectClass=*) serverctrls=[SearchNoOpControl(criticality=True)], ) _,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout) - except LDAPLimitErrors,e: + except ( + ldap.TIMEOUT, + ldap.TIMELIMIT_EXCEEDED, + ldap.SIZELIMIT_EXCEEDED, + ldap.ADMINLIMIT_EXCEEDED + ),e: self.abandon(msg_id) raise e else: From 4df497cca5ab155f631eaeaddcf65db2912eaa75 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 24 Oct 2015 16:21:56 +0000 Subject: [PATCH 203/868] Added SearchNoOpMixIn to __all__ --- Lib/ldap/controls/openldap.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Lib/ldap/controls/openldap.py b/Lib/ldap/controls/openldap.py index 8480e7c..99c2baa 100644 --- a/Lib/ldap/controls/openldap.py +++ b/Lib/ldap/controls/openldap.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for project details. -$Id: openldap.py,v 1.5 2015/10/24 16:21:14 stroeder Exp $ +$Id: openldap.py,v 1.6 2015/10/24 16:21:56 stroeder Exp $ """ import ldap.controls @@ -15,7 +15,8 @@ __all__ = [ - 'SearchNoOpControl' + 'SearchNoOpControl', + 'SearchNoOpMixIn', ] From 277a6f2add838667b76f24110ee9adc8256906b6 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 19 Nov 2015 05:16:46 +0000 Subject: [PATCH 204/868] Fixed typos --- Doc/ldap.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/ldap.rst b/Doc/ldap.rst index ef870bd..ccb661a 100644 --- a/Doc/ldap.rst +++ b/Doc/ldap.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap.rst,v 1.28 2015/06/05 20:49:04 stroeder Exp $ +.. % $Id: ldap.rst,v 1.29 2015/11/19 05:16:46 stroeder Exp $ ******************************************** :py:mod:`ldap` LDAP library interface module @@ -107,7 +107,7 @@ Options .. seealso:: - :manpage:`ldap.conf{5}` and :manpage:`ldap_get_options{3}` + :manpage:`ldap.conf(5)` and :manpage:`ldap_get_option(3)` For use with functions :py:func:set_option() and :py:func:get_option() From 7d16ba245c295ca7c2947620e77a9b1d7f82d66f Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 9 Dec 2015 17:12:02 +0000 Subject: [PATCH 205/868] correct use of :c:func --- Doc/ldap.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/ldap.rst b/Doc/ldap.rst index ccb661a..4d6068e 100644 --- a/Doc/ldap.rst +++ b/Doc/ldap.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap.rst,v 1.29 2015/11/19 05:16:46 stroeder Exp $ +.. % $Id: ldap.rst,v 1.30 2015/12/09 17:12:02 stroeder Exp $ ******************************************** :py:mod:`ldap` LDAP library interface module @@ -961,7 +961,7 @@ and wait for and return with the server's result, or with values are lists of strings. The DN in *dn* is automatically extracted using the underlying libldap - function :cfunc:`ldap_get_dn()`, which may raise an exception if the + function :c:func:`ldap_get_dn()`, which may raise an exception if the DN is malformed. If *attrsonly* is non-zero, the values of *attrs* will be meaningless From 7c569e3687d965d1ea0fb2719019195a876b071c Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 9 Dec 2015 17:33:14 +0000 Subject: [PATCH 206/868] release 2.4.22: Use Sphinx' pyramid theme and set html_static_path --- Doc/conf.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Doc/conf.py b/Doc/conf.py index 51fb9d5..e9e4833 100644 --- a/Doc/conf.py +++ b/Doc/conf.py @@ -11,7 +11,7 @@ # All configuration values have a default value; values that are commented out # serve to show the default value. # -# $Id: conf.py,v 1.22 2015/10/24 12:37:39 stroeder Exp $ +# $Id: conf.py,v 1.23 2015/12/09 17:33:14 stroeder Exp $ import sys @@ -44,7 +44,7 @@ # The short X.Y version. version = '2.4' # The full version, including alpha/beta/rc tags. -release = '2.4.21.0' +release = '2.4.22.0' # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: @@ -76,12 +76,12 @@ # The style sheet to use for HTML and HTML Help pages. A file of that name # must exist either in Sphinx' static/ path, or in one of the custom paths # given in html_static_path. -html_style = 'default.css' +html_style = 'pyramid.css' # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['.static'] +html_static_path = ['/usr/lib/python2.7/site-packages/sphinx/themes/pyramid/static'] # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, # using the given strftime format. From 634079e79bc128c07752de36393f584eedc828ca Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 9 Dec 2015 17:56:38 +0000 Subject: [PATCH 207/868] Replaced OpenLDAP version number 2.3 with 2.4 --- Doc/installing.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Doc/installing.rst b/Doc/installing.rst index 475adcf..ace20b4 100644 --- a/Doc/installing.rst +++ b/Doc/installing.rst @@ -1,4 +1,4 @@ -.. % $Id: installing.rst,v 1.15 2011/07/24 19:00:53 stroeder Exp $ +.. % $Id: installing.rst,v 1.16 2015/12/09 17:56:38 stroeder Exp $ *********************** Building and installing @@ -95,14 +95,14 @@ Example The following example is for a full-featured build (including SSL and SASL support) of python-ldap with OpenLDAP installed in a different prefix directory -(here /opt/openldap-2.3) and SASL header files found in /usr/include/sasl. +(here /opt/openldap-2.4) and SASL header files found in /usr/include/sasl. Debugging symbols are preserved with compile option -g. :: [_ldap] - library_dirs = /opt/openldap-2.3/lib - include_dirs = /opt/openldap-2.3/include /usr/include/sasl + library_dirs = /opt/openldap-2.4/lib + include_dirs = /opt/openldap-2.4/include /usr/include/sasl extra_compile_args = -g extra_objects = From 507dcd6b7dbb93b7a9b150514a6fc1bd22ad32bb Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 9 Dec 2015 17:57:18 +0000 Subject: [PATCH 208/868] Removed OpenLDAP version number, better links for I-Ds --- Doc/ldap-controls.rst | 8 ++++---- Doc/ldap.rst | 23 +++++++++++++++-------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/Doc/ldap-controls.rst b/Doc/ldap-controls.rst index 00266e6..f006bae 100644 --- a/Doc/ldap-controls.rst +++ b/Doc/ldap-controls.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-controls.rst,v 1.11 2012/08/09 07:19:30 stroeder Exp $ +.. % $Id: ldap-controls.rst,v 1.12 2015/12/09 17:57:18 stroeder Exp $ ********************************************************************* @@ -91,7 +91,7 @@ RFC or Internet-Draft is very helpful to understand the API. .. seealso:: - http://tools.ietf.org/draft/draft-zeilenga-ldap-relax/ + `draft-zeilenga-ldap-relax `_ .. autoclass:: ldap.controls.simple.ProxyAuthzControl :members: @@ -165,7 +165,7 @@ search. .. seealso:: - http://tools.ietf.org/html/draft-ietf-ldapext-psearch + `draft-ietf-ldapext-psearch `_ .. autoclass:: ldap.controls.psearch.PersistentSearchControl @@ -183,7 +183,7 @@ search. .. seealso:: - http://tools.ietf.org/html/draft-wahl-ldap-session + `draft-wahl-ldap-session `_ .. autoclass:: ldap.controls.sessiontrack.SessionTrackingControl diff --git a/Doc/ldap.rst b/Doc/ldap.rst index 4d6068e..70f15d3 100644 --- a/Doc/ldap.rst +++ b/Doc/ldap.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap.rst,v 1.30 2015/12/09 17:12:02 stroeder Exp $ +.. % $Id: ldap.rst,v 1.31 2015/12/09 17:57:18 stroeder Exp $ ******************************************** :py:mod:`ldap` LDAP library interface module @@ -10,13 +10,20 @@ .. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) -This module provides access to the LDAP (Lightweight Directory Access Protocol) -C API implemented in OpenLDAP 2.3 or newer. It is similar to the C API, with -the notable differences that lists are manipulated via Python list operations -and errors appear as exceptions. For far more detailed information on the C -interface, please see the (expired) draft-ietf-ldapext-ldap-c-api-04. This -documentation is current for the Python LDAP module, version |release|. Source -and binaries are available from http://www.python-ldap.org/. +This module provides access to the LDAP (Lightweight Directory Access Protocol) +C API implemented in OpenLDAP. It is similar to the C API, with +the notable differences that lists are manipulated via Python list operations +and errors appear as exceptions. + + .. seealso:: + + For more detailed information on the C interface, please see the (expired) + `draft-ietf-ldapext-ldap-c-api `_ + + +This documentation is current for the Python LDAP module, version +|release|. Source and binaries are available from +http://www.python-ldap.org/. Functions From be777af099c2f40aaa8fda5fe59c80b552837097 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 16 Jan 2016 19:00:08 +0000 Subject: [PATCH 209/868] Missing items for 2.4.22 --- CHANGES | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index cf8757a..667ca07 100644 --- a/CHANGES +++ b/CHANGES @@ -12,9 +12,9 @@ Lib/ * Hmmpf! Added missing self to LDAPObject.fileno(). * ReconnectLDAPObject.sasl_bind_s() now correctly uses generic wrapper arguments *args,**kwargs -* LDIFParser.parse_change_records() now correctly calls - LDIFParser.handle_change_modify() -* Corrected ldap.controls.pwdpolicy.__all__ +* Correct method name LDIFParser.handle_modify() +* Corrected __all__ in modules ldap.controls.pwdpolicy and + ldap.controls.openldap Doc/ * Started missing docs for sub-module ldap.sasl. @@ -1216,4 +1216,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.363 2015/10/24 15:55:07 stroeder Exp $ +$Id: CHANGES,v 1.364 2016/01/16 19:00:08 stroeder Exp $ From a2cf4c134b519930dd3f07854dce48f9eb321eaa Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 16 Jan 2016 19:00:47 +0000 Subject: [PATCH 210/868] Started 2.4.23 --- CHANGES | 10 +++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 667ca07..c52b403 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,11 @@ +---------------------------------------------------------------- +Released 2.4.23 2016-01-xx + +Changes since 2.4.22: + +Modules/ +* + ---------------------------------------------------------------- Released 2.4.22 2015-10-25 @@ -1216,4 +1224,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.364 2016/01/16 19:00:08 stroeder Exp $ +$Id: CHANGES,v 1.365 2016/01/16 19:00:47 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 6db30c8..007ca48 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.39 2015/09/30 17:15:53 stroeder Exp $ +$Id: dsml.py,v 1.40 2016/01/16 19:00:47 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.22' +__version__ = '2.4.23' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index cecec33..b453dfd 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.99 2015/09/30 17:15:53 stroeder Exp $ +$Id: __init__.py,v 1.100 2016/01/16 19:00:47 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.22' +__version__ = '2.4.23' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index e5bf13d..36a26f8 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.74 2015/09/30 17:15:53 stroeder Exp $ +\$Id: ldapurl.py,v 1.75 2016/01/16 19:00:47 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.22' +__version__ = '2.4.23' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 5145190..1739394 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.87 2015/10/24 16:12:31 stroeder Exp $ +$Id: ldif.py,v 1.88 2016/01/16 19:00:47 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.22' +__version__ = '2.4.23' __all__ = [ # constants From 1cf5326eb1211075684a0d900cfe2fd27c76f755 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 16 Jan 2016 19:08:34 +0000 Subject: [PATCH 211/868] Ref count issue in attrs_from_List() was fixed (thanks to Elmir Jagudin) --- CHANGES | 5 ++-- Modules/LDAPObject.c | 64 +++++++++++++++++++++++--------------------- 2 files changed, 37 insertions(+), 32 deletions(-) diff --git a/CHANGES b/CHANGES index c52b403..1137836 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Released 2.4.23 2016-01-xx Changes since 2.4.22: Modules/ -* +* Ref count issue in attrs_from_List() was fixed + (thanks to Elmir Jagudin) ---------------------------------------------------------------- Released 2.4.22 2015-10-25 @@ -1224,4 +1225,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.365 2016/01/16 19:00:47 stroeder Exp $ +$Id: CHANGES,v 1.366 2016/01/16 19:08:34 stroeder Exp $ diff --git a/Modules/LDAPObject.c b/Modules/LDAPObject.c index eddd7e1..b8c4795 100644 --- a/Modules/LDAPObject.c +++ b/Modules/LDAPObject.c @@ -1,5 +1,5 @@ /* See http://www.python-ldap.org/ for details. - * $Id: LDAPObject.c,v 1.91 2015/05/02 16:19:23 stroeder Exp $ */ + * $Id: LDAPObject.c,v 1.92 2016/01/16 19:08:34 stroeder Exp $ */ #include "common.h" #include "patchlevel.h" @@ -18,7 +18,7 @@ #include #endif -static void free_attrs(char***); +static void free_attrs(char***, PyObject*); /* constructor */ @@ -252,16 +252,17 @@ List_to_LDAPMods( PyObject *list, int no_op ) { /* * convert a python list of strings into an attr list (char*[]). * returns 1 if successful, 0 if not (with exception set) - * XXX the strings should live longer than the resulting attrs pointer. */ int -attrs_from_List( PyObject *attrlist, char***attrsp ) { +attrs_from_List( PyObject *attrlist, char***attrsp, PyObject** seq) { char **attrs = NULL; Py_ssize_t i, len; PyObject *item; + *seq = NULL; + if (attrlist == Py_None) { /* None means a NULL attrlist */ } else if (PyString_Check(attrlist)) { @@ -269,32 +270,32 @@ attrs_from_List( PyObject *attrlist, char***attrsp ) { PyErr_SetObject( PyExc_TypeError, Py_BuildValue("sO", "expected *list* of strings, not a string", attrlist )); goto error; - } else if (PySequence_Check(attrlist)) { - len = PySequence_Length(attrlist); - attrs = PyMem_NEW(char *, len + 1); - if (attrs == NULL) + } + + *seq = PySequence_Fast(attrlist, "expected list of strings or None"); + + if (*seq == NULL) + goto error; + len = PySequence_Length(attrlist); + + attrs = PyMem_NEW(char *, len + 1); + if (attrs == NULL) goto nomem; - for (i = 0; i < len; i++) { - attrs[i] = NULL; - item = PySequence_GetItem(attrlist, i); - if (item == NULL) - goto error; - if (!PyString_Check(item)) { - PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", - "expected string in list", item)); - Py_DECREF(item); - goto error; - } - attrs[i] = PyString_AsString(item); - Py_DECREF(item); + + for (i = 0; i < len; i++) { + attrs[i] = NULL; + item = PySequence_Fast_GET_ITEM(*seq, i); + if (item == NULL) + goto error; + if (!PyString_Check(item)) { + PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", + "expected string in list", item)); + goto error; } - attrs[len] = NULL; - } else { - PyErr_SetObject( PyExc_TypeError, Py_BuildValue("sO", - "expected list of strings or None", attrlist )); - goto error; + attrs[i] = PyString_AsString(item); } + attrs[len] = NULL; *attrsp = attrs; return 1; @@ -302,20 +303,22 @@ attrs_from_List( PyObject *attrlist, char***attrsp ) { nomem: PyErr_NoMemory(); error: - free_attrs(&attrs); + free_attrs(&attrs, *seq); return 0; } /* free memory allocated from above routine */ static void -free_attrs( char*** attrsp ) { +free_attrs( char*** attrsp, PyObject* seq ) { char **attrs = *attrsp; if (attrs != NULL) { PyMem_DEL(attrs); *attrsp = NULL; } + + Py_XDECREF(seq); } /*------------------------------------------------------------ @@ -1107,6 +1110,7 @@ l_ldap_search_ext( LDAPObject* self, PyObject* args ) PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; + PyObject *attrs_seq = NULL; LDAPControl** server_ldcs = NULL; LDAPControl** client_ldcs = NULL; @@ -1124,7 +1128,7 @@ l_ldap_search_ext( LDAPObject* self, PyObject* args ) &serverctrls, &clientctrls, &timeout, &sizelimit )) return NULL; if (not_valid(self)) return NULL; - if (!attrs_from_List( attrlist, &attrs )) + if (!attrs_from_List( attrlist, &attrs, &attrs_seq )) return NULL; if (timeout >= 0) { @@ -1149,7 +1153,7 @@ l_ldap_search_ext( LDAPObject* self, PyObject* args ) server_ldcs, client_ldcs, tvp, sizelimit, &msgid ); LDAP_END_ALLOW_THREADS( self ); - free_attrs( &attrs ); + free_attrs( &attrs, attrs_seq); LDAPControl_List_DEL( server_ldcs ); LDAPControl_List_DEL( client_ldcs ); From 861529790c2ca69cf282c29f84e0e43ce501073e Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jan 2016 20:29:41 +0000 Subject: [PATCH 212/868] Started 2.4.24 --- CHANGES | 9 +++++++-- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 1137836..8bc3f96 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,10 @@ ---------------------------------------------------------------- -Released 2.4.23 2016-01-xx +Released 2.4.24 2016-01-18 + +Changes since 2.4.23: + +---------------------------------------------------------------- +Released 2.4.23 2016-01-17 Changes since 2.4.22: @@ -1225,4 +1230,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.366 2016/01/16 19:08:34 stroeder Exp $ +$Id: CHANGES,v 1.367 2016/01/17 20:30:43 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 007ca48..e056016 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.40 2016/01/16 19:00:47 stroeder Exp $ +$Id: dsml.py,v 1.41 2016/01/17 20:29:41 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.23' +__version__ = '2.4.24' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index b453dfd..5b0ddaf 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.100 2016/01/16 19:00:47 stroeder Exp $ +$Id: __init__.py,v 1.101 2016/01/17 20:29:41 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.23' +__version__ = '2.4.24' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 36a26f8..2485867 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.75 2016/01/16 19:00:47 stroeder Exp $ +\$Id: ldapurl.py,v 1.76 2016/01/17 20:29:41 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.23' +__version__ = '2.4.24' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 1739394..183394a 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.88 2016/01/16 19:00:47 stroeder Exp $ +$Id: ldif.py,v 1.89 2016/01/17 20:29:41 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.23' +__version__ = '2.4.24' __all__ = [ # constants From 1d4bdc5b88581567f7d0961fd7906861a8637fed Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jan 2016 20:31:54 +0000 Subject: [PATCH 213/868] Work-around for attrlist=None regression introduced in 2.4.23 by ref count patch --- CHANGES | 6 +++++- Lib/ldap/ldapobject.py | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 8bc3f96..198578a 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,10 @@ Released 2.4.24 2016-01-18 Changes since 2.4.23: +Lib/ +* Work-around for attrlist=None regression introduced in 2.4.23 + by ref count patch + ---------------------------------------------------------------- Released 2.4.23 2016-01-17 @@ -1230,4 +1234,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.367 2016/01/17 20:30:43 stroeder Exp $ +$Id: CHANGES,v 1.368 2016/01/17 20:31:54 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 8205bd4..e8e0b5d 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.149 2015/10/24 15:46:12 stroeder Exp $ +\$Id: ldapobject.py,v 1.150 2016/01/17 20:31:54 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -580,7 +580,7 @@ def search_ext(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrson return self._ldap_call( self._l.search_ext, base,scope,filterstr, - attrlist,attrsonly, + attrlist or [],attrsonly, RequestControlTuples(serverctrls), RequestControlTuples(clientctrls), timeout,sizelimit, From 6bc49775e8e7adfcc72f003a47353f89dd941a20 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 18 Jan 2016 10:38:26 +0000 Subject: [PATCH 214/868] Real fix for attrlist=None regression introduced in 2.4.23 by ref count patch --- CHANGES | 4 ++-- Lib/ldap/ldapobject.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 198578a..b712599 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,7 @@ Released 2.4.24 2016-01-18 Changes since 2.4.23: Lib/ -* Work-around for attrlist=None regression introduced in 2.4.23 +* Fix for attrlist=None regression introduced in 2.4.23 by ref count patch ---------------------------------------------------------------- @@ -1234,4 +1234,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.368 2016/01/17 20:31:54 stroeder Exp $ +$Id: CHANGES,v 1.369 2016/01/18 10:38:26 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index e8e0b5d..76b5c70 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.150 2016/01/17 20:31:54 stroeder Exp $ +\$Id: ldapobject.py,v 1.151 2016/01/18 10:38:26 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -580,7 +580,7 @@ def search_ext(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrson return self._ldap_call( self._l.search_ext, base,scope,filterstr, - attrlist or [],attrsonly, + attrlist,attrsonly, RequestControlTuples(serverctrls), RequestControlTuples(clientctrls), timeout,sizelimit, From ad35a27f6192e67449b8bbd3f0d2cc67beddca73 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 18 Jan 2016 12:33:07 +0000 Subject: [PATCH 215/868] Real fix for attrlist=None regression introduced in 2.4.23 by ref count patch --- Modules/LDAPObject.c | 47 ++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/Modules/LDAPObject.c b/Modules/LDAPObject.c index b8c4795..725ab37 100644 --- a/Modules/LDAPObject.c +++ b/Modules/LDAPObject.c @@ -1,5 +1,5 @@ /* See http://www.python-ldap.org/ for details. - * $Id: LDAPObject.c,v 1.92 2016/01/16 19:08:34 stroeder Exp $ */ + * $Id: LDAPObject.c,v 1.93 2016/01/18 12:33:07 stroeder Exp $ */ #include "common.h" #include "patchlevel.h" @@ -270,32 +270,31 @@ attrs_from_List( PyObject *attrlist, char***attrsp, PyObject** seq) { PyErr_SetObject( PyExc_TypeError, Py_BuildValue("sO", "expected *list* of strings, not a string", attrlist )); goto error; - } - - *seq = PySequence_Fast(attrlist, "expected list of strings or None"); - - if (*seq == NULL) - goto error; - len = PySequence_Length(attrlist); - - attrs = PyMem_NEW(char *, len + 1); - if (attrs == NULL) - goto nomem; - - - for (i = 0; i < len; i++) { - attrs[i] = NULL; - item = PySequence_Fast_GET_ITEM(*seq, i); - if (item == NULL) - goto error; - if (!PyString_Check(item)) { - PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", - "expected string in list", item)); + } else { + *seq = PySequence_Fast(attrlist, "expected list of strings or None"); + if (*seq == NULL) goto error; + + len = PySequence_Length(attrlist); + + attrs = PyMem_NEW(char *, len + 1); + if (attrs == NULL) + goto nomem; + + for (i = 0; i < len; i++) { + attrs[i] = NULL; + item = PySequence_Fast_GET_ITEM(*seq, i); + if (item == NULL) + goto error; + if (!PyString_Check(item)) { + PyErr_SetObject(PyExc_TypeError, Py_BuildValue("sO", + "expected string in list", item)); + goto error; + } + attrs[i] = PyString_AsString(item); } - attrs[i] = PyString_AsString(item); + attrs[len] = NULL; } - attrs[len] = NULL; *attrsp = attrs; return 1; From e1c8ad032094cff9f357c792119af3a63843d3c5 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 18 Jan 2016 15:16:29 +0000 Subject: [PATCH 216/868] Prepare release 2.4.25 --- CHANGES | 5 +++-- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index b712599..53df95a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,8 @@ ---------------------------------------------------------------- -Released 2.4.24 2016-01-18 +Released 2.4.25 2016-01-18 Changes since 2.4.23: +(2.4.24 is missing because of foolish pypi version madness) Lib/ * Fix for attrlist=None regression introduced in 2.4.23 @@ -1234,4 +1235,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.369 2016/01/18 10:38:26 stroeder Exp $ +$Id: CHANGES,v 1.370 2016/01/18 15:16:29 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index e056016..5961931 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.41 2016/01/17 20:29:41 stroeder Exp $ +$Id: dsml.py,v 1.42 2016/01/18 15:16:29 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.24' +__version__ = '2.4.25' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 5b0ddaf..2b5f438 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.101 2016/01/17 20:29:41 stroeder Exp $ +$Id: __init__.py,v 1.102 2016/01/18 15:17:30 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.24' +__version__ = '2.4.25' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 2485867..b41173f 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.76 2016/01/17 20:29:41 stroeder Exp $ +\$Id: ldapurl.py,v 1.77 2016/01/18 15:16:29 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.24' +__version__ = '2.4.25' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 183394a..6ef97cd 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.89 2016/01/17 20:29:41 stroeder Exp $ +$Id: ldif.py,v 1.90 2016/01/18 15:16:29 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.24' +__version__ = '2.4.25' __all__ = [ # constants From 56d80b661321f6d3da2e2d59517c36c08fde362a Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 26 Jan 2016 10:43:24 +0000 Subject: [PATCH 217/868] Started 2.4.26 --- CHANGES | 11 ++++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 53df95a..fedd42f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,12 @@ +---------------------------------------------------------------- +Released 2.4.26 2016-xx-xx + +Changes since 2.4.25: + +Modules/ +* + (thanks to ) + ---------------------------------------------------------------- Released 2.4.25 2016-01-18 @@ -1235,4 +1244,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.370 2016/01/18 15:16:29 stroeder Exp $ +$Id: CHANGES,v 1.371 2016/01/26 10:43:24 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 5961931..845d784 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.42 2016/01/18 15:16:29 stroeder Exp $ +$Id: dsml.py,v 1.43 2016/01/26 10:43:24 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.25' +__version__ = '2.4.26' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 2b5f438..ef106be 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.102 2016/01/18 15:17:30 stroeder Exp $ +$Id: __init__.py,v 1.103 2016/01/26 10:43:24 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.25' +__version__ = '2.4.26' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index b41173f..49792e4 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.77 2016/01/18 15:16:29 stroeder Exp $ +\$Id: ldapurl.py,v 1.78 2016/01/26 10:43:24 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.25' +__version__ = '2.4.26' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 6ef97cd..2d9f4c3 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.90 2016/01/18 15:16:29 stroeder Exp $ +$Id: ldif.py,v 1.91 2016/01/26 10:43:24 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.25' +__version__ = '2.4.26' __all__ = [ # constants From 0d45e6d758dce092ca1f965802696899799ca464 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 26 Jan 2016 11:01:08 +0000 Subject: [PATCH 218/868] Fixed #69 Segmentation fault on whoami_s after unbind --- CHANGES | 6 +++--- Modules/LDAPObject.c | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index fedd42f..163116d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,8 +4,8 @@ Released 2.4.26 2016-xx-xx Changes since 2.4.25: Modules/ -* - (thanks to ) +* Fixed #69 Segmentation fault on whoami_s after unbind + (thanks to Christian Heimes and Petr Viktorin) ---------------------------------------------------------------- Released 2.4.25 2016-01-18 @@ -1244,4 +1244,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.371 2016/01/26 10:43:24 stroeder Exp $ +$Id: CHANGES,v 1.372 2016/01/26 11:01:08 stroeder Exp $ diff --git a/Modules/LDAPObject.c b/Modules/LDAPObject.c index 725ab37..10f166a 100644 --- a/Modules/LDAPObject.c +++ b/Modules/LDAPObject.c @@ -1,5 +1,5 @@ /* See http://www.python-ldap.org/ for details. - * $Id: LDAPObject.c,v 1.93 2016/01/18 12:33:07 stroeder Exp $ */ + * $Id: LDAPObject.c,v 1.94 2016/01/26 11:01:08 stroeder Exp $ */ #include "common.h" #include "patchlevel.h" @@ -1180,6 +1180,7 @@ l_ldap_whoami_s( LDAPObject* self, PyObject* args ) int ldaperror; if (!PyArg_ParseTuple( args, "|OO", &serverctrls, &clientctrls)) return NULL; + if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) From 3784f889d90cb5308b8e9b08f6493db61ae2e5bb Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 26 Jan 2016 11:12:54 +0000 Subject: [PATCH 219/868] LDAPObject.unbind_ext() now removed class attribute LDAPObject._l to completely invalidate C wrapper object --- CHANGES | 6 +++++- Lib/ldap/ldapobject.py | 6 ++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 163116d..062dcbd 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,10 @@ Released 2.4.26 2016-xx-xx Changes since 2.4.25: +Lib/ +* LDAPObject.unbind_ext() now removed class attribute + LDAPObject._l to completely invalidate C wrapper object + Modules/ * Fixed #69 Segmentation fault on whoami_s after unbind (thanks to Christian Heimes and Petr Viktorin) @@ -1244,4 +1248,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.372 2016/01/26 11:01:08 stroeder Exp $ +$Id: CHANGES,v 1.373 2016/01/26 11:12:54 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 76b5c70..0fe2fbb 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.151 2016/01/18 10:38:26 stroeder Exp $ +\$Id: ldapobject.py,v 1.152 2016/01/26 11:12:54 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -623,7 +623,9 @@ def unbind_ext(self,serverctrls=None,clientctrls=None): The unbind and unbind_s methods are identical, and are synchronous in nature """ - return self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + res = self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + del self._l + return res def unbind_ext_s(self,serverctrls=None,clientctrls=None): msgid = self.unbind_ext(serverctrls,clientctrls) From d5015742de6681bb932101ca960cb5b191869cae Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 28 Jan 2016 09:43:08 +0000 Subject: [PATCH 220/868] Handle removing LDAPObject._l solely in SimpleLDAPObject.unbind_ext() --- Lib/ldap/ldapobject.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 0fe2fbb..d6fe4c4 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.152 2016/01/26 11:12:54 stroeder Exp $ +\$Id: ldapobject.py,v 1.153 2016/01/28 09:43:08 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -624,7 +624,10 @@ def unbind_ext(self,serverctrls=None,clientctrls=None): synchronous in nature """ res = self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) - del self._l + try: + del self._l + except AttributeError: + pass return res def unbind_ext_s(self,serverctrls=None,clientctrls=None): @@ -902,7 +905,6 @@ def _apply_method_s(self,func,*args,**kwargs): return func(self,*args,**kwargs) except ldap.SERVER_DOWN: SimpleLDAPObject.unbind_s(self) - del self._l # Try to reconnect self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) # Re-try last operation From 46268ed3deaf7c8aee671268846786585ab37c37 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 28 Jan 2016 09:43:57 +0000 Subject: [PATCH 221/868] typo --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 062dcbd..f51f126 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,7 @@ Released 2.4.26 2016-xx-xx Changes since 2.4.25: Lib/ -* LDAPObject.unbind_ext() now removed class attribute +* LDAPObject.unbind_ext() now removes class attribute LDAPObject._l to completely invalidate C wrapper object Modules/ @@ -1248,4 +1248,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.373 2016/01/26 11:12:54 stroeder Exp $ +$Id: CHANGES,v 1.374 2016/01/28 09:43:57 stroeder Exp $ From 6febaf2c340480b24acb3963fa396c3a5b3c2c4e Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Feb 2016 08:38:49 +0000 Subject: [PATCH 222/868] 1. Make test independent of module ldap 2. removed unused function sort() 3. added test-cases for subordinate scope 4. use r"" in case of % signs in string 5. cosmetic changes --- Tests/t_ldapurl.py | 60 ++++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/Tests/t_ldapurl.py b/Tests/t_ldapurl.py index 5ccd442..46f9a8a 100644 --- a/Tests/t_ldapurl.py +++ b/Tests/t_ldapurl.py @@ -1,21 +1,18 @@ -import ldap, unittest +import unittest import urllib +import ldapurl from ldapurl import LDAPUrl + class MyLDAPUrl(LDAPUrl): - attr2extype = { - 'who':'bindname', - 'cred':'X-BINDPW', - 'start_tls':'startTLS', - 'trace_level':'trace', - } - -def sort(l): - "Returns a sorted copy of a list" - l2 = [e for e in l] - l2.sort() - return l2 + attr2extype = { + 'who':'bindname', + 'cred':'X-BINDPW', + 'start_tls':'startTLS', + 'trace_level':'trace', + } + class TestLDAPUrl(unittest.TestCase): @@ -23,7 +20,8 @@ def assertNone(self, expr, msg=None): self.failIf(expr is not None, msg or ("%r" % expr)) def test_combo(self): - u = MyLDAPUrl("ldap://127.0.0.1:1234/dc=example,dc=com" + u = MyLDAPUrl( + "ldap://127.0.0.1:1234/dc=example,dc=com" + "?attr1,attr2,attr3" + "?sub" + "?" + urllib.quote("(objectClass=*)") @@ -35,7 +33,7 @@ def test_combo(self): self.assertEquals(u.hostport, "127.0.0.1:1234") self.assertEquals(u.dn, "dc=example,dc=com") self.assertEquals(u.attrs, ["attr1","attr2","attr3"]) - self.assertEquals(u.scope, ldap.SCOPE_SUBTREE) + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_SUBTREE) self.assertEquals(u.filterstr, "(objectClass=*)") self.assertEquals(len(u.extensions), 3) self.assertEquals(u.who, "cn=d,c=au") @@ -143,17 +141,21 @@ def test_parse_scope_default(self): def test_parse_scope(self): u = LDAPUrl("ldap:///??sub") - self.assertEquals(u.scope, ldap.SCOPE_SUBTREE) + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_SUBTREE) u = LDAPUrl("ldap:///??sub?") - self.assertEquals(u.scope, ldap.SCOPE_SUBTREE) + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_SUBTREE) u = LDAPUrl("ldap:///??base") - self.assertEquals(u.scope, ldap.SCOPE_BASE) + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_BASE) u = LDAPUrl("ldap:///??base?") - self.assertEquals(u.scope, ldap.SCOPE_BASE) + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_BASE) u = LDAPUrl("ldap:///??one") - self.assertEquals(u.scope, ldap.SCOPE_ONELEVEL) + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_ONELEVEL) u = LDAPUrl("ldap:///??one?") - self.assertEquals(u.scope, ldap.SCOPE_ONELEVEL) + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_ONELEVEL) + u = LDAPUrl("ldap:///??subordinates") + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_SUBORDINATES) + u = LDAPUrl("ldap:///??subordinates?") + self.assertEquals(u.scope, ldapurl.LDAP_SCOPE_SUBORDINATES) def test_parse_filter(self): u = LDAPUrl("ldap:///???(cn=Bob)") @@ -219,24 +221,26 @@ def test_bad_urls(self): #XXX-- the following should raise exceptions! "ldap://:389/", # [host [COLON port]] "ldap://a:/", # [host [COLON port]] - "ldap://%%%/", # invalid URL encoding + r"ldap://%%%/", # invalid URL encoding "ldap:///?,", # attrdesc *(COMMA attrdesc) "ldap:///?a,", # attrdesc *(COMMA attrdesc) "ldap:///?,a", # attrdesc *(COMMA attrdesc) "ldap:///?a,,b", # attrdesc *(COMMA attrdesc) - "ldap://%00/", # RFC4516 2.1 - "ldap:///%00", # RFC4516 2.1 - "ldap:///?%00", # RFC4516 2.1 - "ldap:///??%00", # RFC4516 2.1 + r"ldap://%00/", # RFC4516 2.1 + r"ldap:///%00", # RFC4516 2.1 + r"ldap:///?%00", # RFC4516 2.1 + r"ldap:///??%00", # RFC4516 2.1 "ldap:///????0=0", # extype must start with Alpha "ldap:///????a_b=0", # extype contains only [-a-zA-Z0-9] "ldap:///????!!a=0", # only one exclamation allowed ): - try: + assertRaises(ValueError, LDAPUrl, [bad]) + try: LDAPUrl(bad) - self.fail("should have raised ValueError: %r" % bad) except ValueError: pass + else: + self.fail("should have raised ValueError: %r" % bad) if __name__ == '__main__': unittest.main() From 00e0773293b5cb90c9c265dade93148f052f6e02 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Feb 2016 08:39:26 +0000 Subject: [PATCH 223/868] removed wrong line --- Tests/t_ldapurl.py | 1 - 1 file changed, 1 deletion(-) diff --git a/Tests/t_ldapurl.py b/Tests/t_ldapurl.py index 46f9a8a..aef53aa 100644 --- a/Tests/t_ldapurl.py +++ b/Tests/t_ldapurl.py @@ -234,7 +234,6 @@ def test_bad_urls(self): "ldap:///????a_b=0", # extype contains only [-a-zA-Z0-9] "ldap:///????!!a=0", # only one exclamation allowed ): - assertRaises(ValueError, LDAPUrl, [bad]) try: LDAPUrl(bad) except ValueError: From 747adca77a5ca4e0239f41c1701f054579a28b08 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Feb 2016 09:07:33 +0000 Subject: [PATCH 224/868] SF#66 and fixed constant names --- Tests/t_cext.py | 78 ++++++++++++++++++++++++------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/Tests/t_cext.py b/Tests/t_cext.py index 7a44c92..fd17ee9 100644 --- a/Tests/t_cext.py +++ b/Tests/t_cext.py @@ -39,7 +39,7 @@ def _init(self, reuse_existing=True, bind=True): # Perform a simple bind l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) m = l.simple_bind(server.get_root_dn(), server.get_root_password()) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ONE, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ONE, self.timeout) self.assertTrue(result, _ldap.RES_BIND) return l @@ -56,7 +56,7 @@ def test_constants(self): self.assertEquals(_ldap.VERSION2, 2) self.assertEquals(_ldap.VERSION3, 3) - # constants for result3() + # constants for result4() self.assertEquals(_ldap.RES_BIND, 0x61) self.assertEquals(_ldap.RES_SEARCH_ENTRY, 0x64) self.assertEquals(_ldap.RES_SEARCH_RESULT, 0x65) @@ -84,7 +84,7 @@ def test_constants(self): self.assertNotNone(_ldap.MOD_INCREMENT) self.assertNotNone(_ldap.MOD_BVALUES) - # for result3() + # for result4() self.assertNotNone(_ldap.MSG_ONE) self.assertNotNone(_ldap.MSG_ALL) self.assertNotNone(_ldap.MSG_RECEIVED) @@ -144,8 +144,8 @@ def test_constants(self): self.assertNotNone(_ldap.AVA_NONPRINTABLE) # these two constants are pointless? XXX - self.assertEquals(_ldap.LDAP_OPT_ON, 1) - self.assertEquals(_ldap.LDAP_OPT_OFF, 0) + self.assertEquals(_ldap.OPT_ON, 1) + self.assertEquals(_ldap.OPT_OFF, 0) # these constants useless after ldap_url_parse() was dropped XXX self.assertNotNone(_ldap.URL_ERR_BADSCOPE) @@ -157,7 +157,7 @@ def test_simple_bind(self): def test_simple_anonymous_bind(self): l = self._init(bind=False) m = l.simple_bind("", "") - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertTrue(result, _ldap.RES_BIND) self.assertEquals(msgid, m) self.assertEquals(pmsg, []) @@ -165,7 +165,7 @@ def test_simple_anonymous_bind(self): # see if we can get the rootdse while we're here m = l.search_ext("", _ldap.SCOPE_BASE, '(objectClass=*)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_SEARCH_RESULT) self.assertEquals(pmsg[0][0], "") # rootDSE has no dn self.assertEquals(msgid, m) @@ -185,7 +185,7 @@ def test_search_ext_individual(self): m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(objectClass=dcObject)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ONE, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ONE, self.timeout) # Expect to get just one object self.assertEquals(result, _ldap.RES_SEARCH_ENTRY) @@ -198,7 +198,7 @@ def test_search_ext_individual(self): self.assertEquals(msgid, m) self.assertEquals(ctrls, []) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ONE, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ONE, self.timeout) self.assertEquals(result, _ldap.RES_SEARCH_RESULT) self.assertEquals(pmsg, []) self.assertEquals(msgid, m) @@ -214,7 +214,7 @@ def test_abandon(self): got_timeout = False try: - r = l.result3(m, _ldap.MSG_ALL, 0.3) # (timeout /could/ be longer) + r = l.result4(m, _ldap.MSG_ALL, 0.3) # (timeout /could/ be longer) except _ldap.TIMEOUT, e: got_timeout = True self.assertTrue(got_timeout) @@ -223,7 +223,7 @@ def test_search_ext_all(self): l = self._init() m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(objectClass=*)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) # Expect to get some objects self.assertEquals(result, _ldap.RES_SEARCH_RESULT) @@ -240,7 +240,7 @@ def test_add(self): ('description', 'testing'), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_ADD) self.assertEquals(pmsg, []) self.assertEquals(msgid, m) @@ -248,7 +248,7 @@ def test_add(self): # search for it back m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=Foo)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) # Expect to get the objects self.assertEquals(result, _ldap.RES_SEARCH_RESULT) @@ -272,14 +272,14 @@ def test_compare(self): ('cn', 'CompareTest'), ('userPassword', 'the_password'), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_ADD) # try a false compare m = l.compare_ext(dn, "userPassword", "bad_string") compared_false = False try: - r = l.result3(m, _ldap.MSG_ALL, self.timeout) + r = l.result4(m, _ldap.MSG_ALL, self.timeout) self.fail(repr(r)) except _ldap.COMPARE_FALSE: compared_false = True @@ -289,7 +289,7 @@ def test_compare(self): m = l.compare_ext(dn, "userPassword", "the_password") compared_true = False try: - r = l.result3(m, _ldap.MSG_ALL, self.timeout) + r = l.result4(m, _ldap.MSG_ALL, self.timeout) self.fail(repr(r)) except _ldap.COMPARE_TRUE: compared_true = True @@ -298,7 +298,7 @@ def test_compare(self): m = l.compare_ext(dn, "badAttribute", "ignoreme") raised_error = False try: - r = l.result3(m, _ldap.MSG_ALL, self.timeout) + r = l.result4(m, _ldap.MSG_ALL, self.timeout) self.fail(repr(r)) except _ldap.error: raised_error = True @@ -311,7 +311,7 @@ def test_delete_no_such_object(self): not_found = False m = l.delete_ext("cn=DoesNotExist,"+self.base) try: - r = l.result3(m, _ldap.MSG_ALL, self.timeout) + r = l.result4(m, _ldap.MSG_ALL, self.timeout) self.fail(r) except _ldap.NO_SUCH_OBJECT: not_found = True @@ -325,11 +325,11 @@ def test_delete(self): ('objectClass','organizationalRole'), ('cn', 'Deleteme'), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_ADD) m = l.delete_ext(dn) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_DELETE) self.assertEquals(msgid, m) self.assertEquals(pmsg, []) @@ -344,7 +344,7 @@ def test_modify_no_such_object(self): (_ldap.MOD_ADD, 'description', ['blah']), ]) try: - r = l.result3(m, _ldap.MSG_ALL, self.timeout) + r = l.result4(m, _ldap.MSG_ALL, self.timeout) self.fail(r) except _ldap.NO_SUCH_OBJECT: not_found = True @@ -360,7 +360,7 @@ def DISABLED_test_modify_no_such_object_empty_attrs(self): (_ldap.MOD_ADD, 'description', []), ]) self.assertTrue(isinstance(m, int)) - r = l.result3(m, _ldap.MSG_ALL, self.timeout) # what should happen?? + r = l.result4(m, _ldap.MSG_ALL, self.timeout) # what should happen?? self.fail(r) def test_modify(self): @@ -373,13 +373,13 @@ def test_modify(self): ('sn', 'Modify'), ('description', 'a description'), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_ADD) m = l.modify_ext(dn, [ (_ldap.MOD_ADD, 'description', ['b desc', 'c desc']), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_MODIFY) self.assertEquals(pmsg, []) self.assertEquals(msgid, m) @@ -387,7 +387,7 @@ def test_modify(self): # search for it back m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=AddToMe)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) # Expect to get the objects self.assertEquals(result, _ldap.RES_SEARCH_RESULT) @@ -407,12 +407,12 @@ def test_rename(self): ('objectClass','organizationalRole'), ('cn', 'RenameMe'), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_ADD) # do the rename with same parent m = l.rename(dn, "cn=IAmRenamed") - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_MODRDN) self.assertEquals(msgid, m) self.assertEquals(pmsg, []) @@ -420,7 +420,7 @@ def test_rename(self): # make sure the old one is gone m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=RenameMe)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_SEARCH_RESULT) self.assertEquals(len(pmsg), 0) # expect no results self.assertEquals(msgid, m) @@ -429,7 +429,7 @@ def test_rename(self): # check that the new one looks right dn2 = "cn=IAmRenamed,"+self.base m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamed)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_SEARCH_RESULT) self.assertEquals(msgid, m) self.assertEquals(ctrls, []) @@ -443,7 +443,7 @@ def test_rename(self): ('objectClass','organizationalUnit'), ('ou', 'RenameContainer'), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_ADD) # WORKAROUND bug in slapd. (Without an existing child, @@ -454,7 +454,7 @@ def test_rename(self): ('objectClass','organizationalRole'), ('cn', 'Bogus'), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_ADD) # now rename from dn2 to the conater @@ -462,7 +462,7 @@ def test_rename(self): # Now try renaming dn2 across container (simultaneous name change) m = l.rename(dn2, "cn=IAmRenamedAgain", containerDn) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_MODRDN) self.assertEquals(msgid, m) self.assertEquals(pmsg, []) @@ -470,18 +470,18 @@ def test_rename(self): # make sure dn2 is gone m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamed)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_SEARCH_RESULT) self.assertEquals(len(pmsg), 0) # expect no results self.assertEquals(msgid, m) self.assertEquals(ctrls, []) m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(objectClass=*)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) # make sure dn3 is there m = l.search_ext(self.base, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamedAgain)') - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_SEARCH_RESULT) self.assertEquals(msgid, m) self.assertEquals(ctrls, []) @@ -507,7 +507,7 @@ def test_whoami_anonymous(self): # Anonymous bind m = l.simple_bind("", "") - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertTrue(result, _ldap.RES_BIND) r = l.whoami_s() @@ -524,20 +524,20 @@ def test_passwd(self): ('cn', 'PasswordTest'), ('userPassword', 'initial'), ]) - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(result, _ldap.RES_ADD) # try changing password with a wrong old-pw m = l.passwd(dn, "bogus", "ignored") try: - r = l.result3(m, _ldap.MSG_ALL, self.timeout) + r = l.result4(m, _ldap.MSG_ALL, self.timeout) self.fail("expected UNWILLING_TO_PERFORM") except _ldap.UNWILLING_TO_PERFORM: pass # try changing password with a correct old-pw m = l.passwd(dn, "initial", "changed") - result,pmsg,msgid,ctrls = l.result3(m, _ldap.MSG_ALL, self.timeout) + result,pmsg,msgid,ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEquals(msgid, m) self.assertEquals(pmsg, []) self.assertEquals(result, _ldap.RES_EXTENDED) From d61959cfa64f0f1f38a8e1ecb5b800485c49d217 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Feb 2016 09:08:39 +0000 Subject: [PATCH 225/868] Stripped trailing spaces, honor TMP env var, changed PATH_SCHEMA_CORE --- Tests/slapd.py | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/Tests/slapd.py b/Tests/slapd.py index 48747fa..0c5d925 100644 --- a/Tests/slapd.py +++ b/Tests/slapd.py @@ -1,6 +1,6 @@ """ -Utilities for starting up a test slapd server +Utilities for starting up a test slapd server and talking to it with ldapsearch/ldapadd. """ @@ -21,10 +21,10 @@ def mkdirs(path): def delete_directory_content(path): for dirpath,dirnames,filenames in os.walk(path, topdown=False): - for n in filenames: + for n in filenames: _log.info("remove %s", os.path.join(dirpath, n)) os.remove(os.path.join(dirpath, n)) - for n in dirnames: + for n in dirnames: _log.info("rmdir %s", os.path.join(dirpath, n)) os.rmdir(os.path.join(dirpath, n)) @@ -53,10 +53,10 @@ class Slapd: _log = logging.getLogger("Slapd") # Use /var/tmp to placate apparmour on Ubuntu: - PATH_TMPDIR = "/var/tmp/python-ldap-test" + PATH_TMPDIR = "/var/tmp/python-ldap-test" PATH_SBINDIR = "/usr/sbin" PATH_BINDIR = "/usr/bin" - PATH_SCHEMA_CORE = "/etc/ldap/schema/core.schema" + PATH_SCHEMA_CORE = "/etc/openldap/schema/core.schema" PATH_LDAPADD = os.path.join(PATH_BINDIR, "ldapadd") PATH_LDAPSEARCH = os.path.join(PATH_BINDIR, "ldapsearch") PATH_SLAPD = os.path.join(PATH_SBINDIR, "slapd") @@ -89,7 +89,7 @@ def __init__(self): self._root_password = "password" self._slapd_debug_level = 0 - # Setters + # Setters def set_port(self, port): self._port = port def set_dn_suffix(self, dn): @@ -120,7 +120,7 @@ def get_root_dn(self): def get_root_password(self): return self._root_password def get_tmpdir(self): - return self._tmpdir + return os.environ.get('TMP',self._tmpdir) def __del__(self): self.stop() @@ -159,7 +159,7 @@ def _write_config(self): def start(self): """ - Starts the slapd server process running, and waits for it to come up. + Starts the slapd server process running, and waits for it to come up. """ if self._proc is None: ok = False @@ -184,9 +184,9 @@ def _start_slapd(self): # Spawns/forks the slapd process config_path = self._write_config() self._log.info("starting slapd") - self._proc = subprocess.Popen([self.PATH_SLAPD, - "-f", config_path, - "-h", self.get_url(), + self._proc = subprocess.Popen([self.PATH_SLAPD, + "-f", config_path, + "-h", self.get_url(), "-d", str(self._slapd_debug_level), ]) self._proc_config = config_path @@ -239,9 +239,9 @@ def _stopped(self): if self._proc is not None: self._log.info("slapd terminated") self._proc = None - try: + try: os.remove(self._proc_config) - except os.error: + except os.error: self._log.debug("could not remove %s", self._proc_config) def _test_configuration(self): @@ -252,8 +252,8 @@ def _test_configuration(self): if self._log.isEnabledFor(logging.DEBUG): verboseflag = "-v" p = subprocess.Popen([ - self.PATH_SLAPTEST, - verboseflag, + self.PATH_SLAPTEST, + verboseflag, "-f", config_path ]) if p.wait() != 0: @@ -265,7 +265,7 @@ def _test_configuration(self): def ldapadd(self, ldif, extra_args=[]): """Runs ldapadd on this slapd instance, passing it the ldif content""" self._log.debug("adding %s", repr(ldif)) - p = subprocess.Popen([self.PATH_LDAPADD, + p = subprocess.Popen([self.PATH_LDAPADD, "-x", "-D", self.get_root_dn(), "-w", self.get_root_password(), @@ -279,7 +279,7 @@ def ldapsearch(self, base=None, filter='(objectClass=*)', attrs=[], scope='sub', extra_args=[]): if base is None: base = self.get_dn_suffix() self._log.debug("ldapsearch filter=%s", repr(filter)) - p = subprocess.Popen([self.PATH_LDAPSEARCH, + p = subprocess.Popen([self.PATH_LDAPSEARCH, "-x", "-D", self.get_root_dn(), "-w", self.get_root_password(), From a8c791d0514d6927e2b69e898f0ad0bb1b0daf79 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Feb 2016 09:17:20 +0000 Subject: [PATCH 226/868] comments about Tests/ in 2.4.26 --- CHANGES | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index f51f126..df9fcc9 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,13 @@ Modules/ * Fixed #69 Segmentation fault on whoami_s after unbind (thanks to Christian Heimes and Petr Viktorin) +Tests/ +* Fixed result3() being used instead of correct result4() + (see #66, thanks to David D. Riddle) +* Tests/slapd.py honors env var $TMP instead of just using + hard-coded /var/tmp +* Tests/slapd.py now expects schema to be in /etc/openldap/ + ---------------------------------------------------------------- Released 2.4.25 2016-01-18 @@ -1248,4 +1255,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.374 2016/01/28 09:43:57 stroeder Exp $ +$Id: CHANGES,v 1.375 2016/02/05 09:17:20 stroeder Exp $ From 9b789fc317839cd23378c6cd7ca6c703db48db8f Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 5 Feb 2016 09:17:47 +0000 Subject: [PATCH 227/868] comments about Tests/ in 2.4.26 --- CHANGES | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index df9fcc9..2002d03 100644 --- a/CHANGES +++ b/CHANGES @@ -17,6 +17,7 @@ Tests/ * Tests/slapd.py honors env var $TMP instead of just using hard-coded /var/tmp * Tests/slapd.py now expects schema to be in /etc/openldap/ +* Tests/t_ldapurl.py now independent of module ldap ---------------------------------------------------------------- Released 2.4.25 2016-01-18 @@ -1255,4 +1256,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.375 2016/02/05 09:17:20 stroeder Exp $ +$Id: CHANGES,v 1.376 2016/02/05 09:17:47 stroeder Exp $ From d74cac9fe53a19404269a9ae73db9a425f57bff3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 6 Feb 2016 11:07:17 +0000 Subject: [PATCH 228/868] Added TestParse.test_comments() --- Tests/t_ldif.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index efd69ec..316221e 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -126,6 +126,29 @@ def test_sorted(self): 'c': [b'value_c']}), ]) + def test_comments(self): + self.check_roundtrip(""" + # comment #1 + dn: cn=x1,cn=y1,cn=z1 + b1: value_b1 + c1: value_c1 + a1: value_a1 + + # comment #2 + dn: cn=x2,cn=y2,cn=z2 + b2: value_b2 + c2: value_c2 + a2: value_a2 + + """, [ + ('cn=x1,cn=y1,cn=z1', {'a1': [b'value_a1'], + 'b1': [b'value_b1'], + 'c1': [b'value_c1']}), + ('cn=x2,cn=y2,cn=z2', {'a2': [b'value_a2'], + 'b2': [b'value_b2'], + 'c2': [b'value_c2']}), + ]) + if __name__ == '__main__': unittest.main() From e3be4cf755148614791529781bb4243e330459e8 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 6 Feb 2016 11:08:21 +0000 Subject: [PATCH 229/868] TestParse.test_comments() with multi-line comment --- Tests/t_ldif.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 316221e..bfa31af 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -134,7 +134,8 @@ def test_comments(self): c1: value_c1 a1: value_a1 - # comment #2 + # comment #2.1 + # comment #2.2 dn: cn=x2,cn=y2,cn=z2 b2: value_b2 c2: value_c2 From 8332c5e1f176abfc1eaa342192ab092ff1eae72b Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 6 Feb 2016 11:11:54 +0000 Subject: [PATCH 230/868] TestParse.test_comments() with line-folding --- Tests/t_ldif.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index bfa31af..1ea1c30 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -128,7 +128,8 @@ def test_sorted(self): def test_comments(self): self.check_roundtrip(""" - # comment #1 + # comment #1 + with line-folding dn: cn=x1,cn=y1,cn=z1 b1: value_b1 c1: value_c1 From 56bc060861f1c724d2e32108fd6909bb0b1473c4 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 9 Feb 2016 11:58:30 +0000 Subject: [PATCH 231/868] Note about stderr when setting OPT_DEBUG_LEVEL --- Doc/ldap.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Doc/ldap.rst b/Doc/ldap.rst index 70f15d3..2eb971e 100644 --- a/Doc/ldap.rst +++ b/Doc/ldap.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap.rst,v 1.31 2015/12/09 17:57:18 stroeder Exp $ +.. % $Id: ldap.rst,v 1.32 2016/02/09 11:58:30 stroeder Exp $ ******************************************** :py:mod:`ldap` LDAP library interface module @@ -129,7 +129,8 @@ following option identifiers are defined as constants: .. py:data:: OPT_DEBUG_LEVEL - Sets the debug level within the underlying LDAP C lib. + Sets the debug level within the underlying OpenLDAP C lib (libldap). + libldap sends the log messages to stderr. .. py:data:: OPT_DEFBASE From 1f08ca640de86b0496a99cb75e05316a01a0a931 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 9 Feb 2016 17:12:28 +0000 Subject: [PATCH 232/868] Added TestParse.test_maxentries() --- Tests/t_ldif.py | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 1ea1c30..36b1e1e 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -15,8 +15,8 @@ class TestParse(unittest.TestCase): maxDiff = None - def _parse_entry_records(self, ldif_string): - return ldif.ParseLDIF(StringIO(ldif_string)) + def _parse_entry_records(self, ldif_string, maxentries): + return ldif.ParseLDIF(StringIO(ldif_string), maxentries=maxentries) def _unparse_entry_records(self, records): f = StringIO() @@ -25,11 +25,11 @@ def _unparse_entry_records(self, records): ldif_writer.unparse(dn, attrs) return f.getvalue() - def check_roundtrip(self, ldif_source, entry_records): + def check_roundtrip(self, ldif_source, entry_records, maxentries=0): ldif_source = textwrap.dedent(ldif_source).lstrip() + '\n' - parsed_entry_records = self._parse_entry_records(ldif_source) + parsed_entry_records = self._parse_entry_records(ldif_source, maxentries) parsed_entry_records2 = self._parse_entry_records( - self._unparse_entry_records(entry_records) + self._unparse_entry_records(entry_records), maxentries ) self.assertEqual(parsed_entry_records, entry_records) self.assertEqual(parsed_entry_records2, entry_records) @@ -151,6 +151,31 @@ def test_comments(self): 'c2': [b'value_c2']}), ]) + def test_maxentries(self): + self.check_roundtrip(""" + dn: cn=x1,cn=y1,cn=z1 + b1: value_b1 + a1: value_a1 + + dn: cn=x2,cn=y2,cn=z2 + b2: value_b2 + a2: value_a2 + + dn: cn=x3,cn=y3,cn=z3 + b3: value_b3 + a3: value_a3 + + dn: cn=x4,cn=y4,cn=z4 + b2: value_b4 + a2: value_a4 + + """, [ + ('cn=x1,cn=y1,cn=z1', {'a1': [b'value_a1'], + 'b1': [b'value_b1']}), + ('cn=x2,cn=y2,cn=z2', {'a2': [b'value_a2'], + 'b2': [b'value_b2']}), + ], maxentries=2) + if __name__ == '__main__': unittest.main() From c3daabf18de8c4faad166859104bce37452c62bb Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 9 Feb 2016 19:42:24 +0000 Subject: [PATCH 233/868] Removed TestParse.maxDiff; Renamed TestParse to TestEntryRecords --- Tests/t_ldif.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 36b1e1e..92d7f8c 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -12,8 +12,7 @@ from io import StringIO -class TestParse(unittest.TestCase): - maxDiff = None +class TestEntryRecords(unittest.TestCase): def _parse_entry_records(self, ldif_string, maxentries): return ldif.ParseLDIF(StringIO(ldif_string), maxentries=maxentries) From 1c15c41ce926bfed7fc02ac8bb086752a6fff3ac Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 9 Feb 2016 19:43:35 +0000 Subject: [PATCH 234/868] Added TestEntryRecords.test_multiple_empty_lines() but disabled the actual check for now --- Tests/t_ldif.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 92d7f8c..5c1072b 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -175,6 +175,25 @@ def test_maxentries(self): 'b2': [b'value_b2']}), ], maxentries=2) + def test_multiple_empty_lines(self): + """ + see http://sourceforge.net/p/python-ldap/feature-requests/18/ + """ + return + self.check_roundtrip(""" + # silly example + dn: uid=one,dc=tld + uid: one + + + # another silly example + dn: uid=two,dc=tld + uid: two + """, [ + ('uid=one,dc=tld', {'uid': [b'one']}), + ('uid=two,dc=tld', {'uid': [b'two']}), + ]) + if __name__ == '__main__': unittest.main() From 18e3968bfcca63b4895d79b9ed2a37bf386f6afe Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 9 Feb 2016 19:44:00 +0000 Subject: [PATCH 235/868] Added TestEntryRecords.test_multiple_empty_lines() but disabled the actual check for now --- Tests/t_ldif.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 5c1072b..1b15179 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -179,7 +179,7 @@ def test_multiple_empty_lines(self): """ see http://sourceforge.net/p/python-ldap/feature-requests/18/ """ - return + return # disabled self.check_roundtrip(""" # silly example dn: uid=one,dc=tld From 309059668dc283144edbc9340437b4f8194f6ca3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 10 Feb 2016 12:05:50 +0000 Subject: [PATCH 236/868] Use class LDIFRecordList directly instead of deprecated function ParseLDIF(), support ignored_attr_types --- Tests/t_ldif.py | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 1b15179..2b050a0 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -14,8 +14,15 @@ class TestEntryRecords(unittest.TestCase): - def _parse_entry_records(self, ldif_string, maxentries): - return ldif.ParseLDIF(StringIO(ldif_string), maxentries=maxentries) + def _parse_entry_records(self, ldif_string, ignored_attr_types=None, max_entries=0): + f = StringIO(ldif_string) + ldif_parser = ldif.LDIFRecordList( + f, + ignored_attr_types=ignored_attr_types, + max_entries=max_entries, + ) + ldif_parser.parse_entry_records() + return ldif_parser.all_records def _unparse_entry_records(self, records): f = StringIO() @@ -24,17 +31,25 @@ def _unparse_entry_records(self, records): ldif_writer.unparse(dn, attrs) return f.getvalue() - def check_roundtrip(self, ldif_source, entry_records, maxentries=0): + def check_roundtrip(self, ldif_source, entry_records, ignored_attr_types=None, max_entries=0): ldif_source = textwrap.dedent(ldif_source).lstrip() + '\n' - parsed_entry_records = self._parse_entry_records(ldif_source, maxentries) + parsed_entry_records = self._parse_entry_records( + ldif_source, + ignored_attr_types=None, + max_entries=max_entries, + ) parsed_entry_records2 = self._parse_entry_records( - self._unparse_entry_records(entry_records), maxentries + self._unparse_entry_records(entry_records), + ignored_attr_types=None, + max_entries=max_entries, ) self.assertEqual(parsed_entry_records, entry_records) self.assertEqual(parsed_entry_records2, entry_records) def test_simple(self): self.check_roundtrip(""" + version: 1 + dn: cn=x,cn=y,cn=z attrib: value attrib: value2 @@ -150,7 +165,7 @@ def test_comments(self): 'c2': [b'value_c2']}), ]) - def test_maxentries(self): + def test_max_entries(self): self.check_roundtrip(""" dn: cn=x1,cn=y1,cn=z1 b1: value_b1 @@ -173,7 +188,7 @@ def test_maxentries(self): 'b1': [b'value_b1']}), ('cn=x2,cn=y2,cn=z2', {'a2': [b'value_a2'], 'b2': [b'value_b2']}), - ], maxentries=2) + ], max_entries=2) def test_multiple_empty_lines(self): """ From ac734a17c7509cd27bd85afa49dcb6ea3459a835 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 10 Feb 2016 13:57:20 +0000 Subject: [PATCH 237/868] source code formatting more suitable for easy copy&paste --- Tests/t_ldif.py | 419 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 281 insertions(+), 138 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 2b050a0..68d006f 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -14,7 +14,12 @@ class TestEntryRecords(unittest.TestCase): - def _parse_entry_records(self, ldif_string, ignored_attr_types=None, max_entries=0): + def _parse_entry_records( + self, + ldif_string, + ignored_attr_types=None, + max_entries=0, + ): f = StringIO(ldif_string) ldif_parser = ldif.LDIFRecordList( f, @@ -31,183 +36,321 @@ def _unparse_entry_records(self, records): ldif_writer.unparse(dn, attrs) return f.getvalue() - def check_roundtrip(self, ldif_source, entry_records, ignored_attr_types=None, max_entries=0): + def check_roundtrip( + self, + ldif_source, + entry_records, + ignored_attr_types=None, + max_entries=0 + ): ldif_source = textwrap.dedent(ldif_source).lstrip() + '\n' parsed_entry_records = self._parse_entry_records( ldif_source, - ignored_attr_types=None, + ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) parsed_entry_records2 = self._parse_entry_records( self._unparse_entry_records(entry_records), - ignored_attr_types=None, + ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) self.assertEqual(parsed_entry_records, entry_records) self.assertEqual(parsed_entry_records2, entry_records) def test_simple(self): - self.check_roundtrip(""" - version: 1 - - dn: cn=x,cn=y,cn=z - attrib: value - attrib: value2 - """, [ - ('cn=x,cn=y,cn=z', {'attrib': [b'value', b'value2']}), - ]) + self.check_roundtrip( + """ + version: 1 + + dn: cn=x,cn=y,cn=z + attrib: value + attrib: value2 + """, + [ + ( + 'cn=x,cn=y,cn=z', + { + 'attrib': [b'value', b'value2'], + }, + ), + ] + ) def test_simple2(self): - self.check_roundtrip(""" - dn:cn=x,cn=y,cn=z - attrib:value - attrib:value2 - """, [ - ('cn=x,cn=y,cn=z', {'attrib': [b'value', b'value2']}), - ]) + self.check_roundtrip( + """ + dn:cn=x,cn=y,cn=z + attrib:value + attrib:value2 + """, + [ + ( + 'cn=x,cn=y,cn=z', + { + 'attrib': [b'value', b'value2'], + }, + ), + ] + ) def test_multiple(self): - self.check_roundtrip(""" - dn: cn=x,cn=y,cn=z - a: v - attrib: value - attrib: value2 - - dn: cn=a,cn=b,cn=c - attrib: value2 - attrib: value3 - b: v - """, [ - ('cn=x,cn=y,cn=z', {'attrib': [b'value', b'value2'], 'a': [b'v']}), - ('cn=a,cn=b,cn=c', {'attrib': [b'value2', b'value3'], 'b': [b'v']}), - ]) + self.check_roundtrip( + """ + dn: cn=x,cn=y,cn=z + a: v + attrib: value + attrib: value2 + + dn: cn=a,cn=b,cn=c + attrib: value2 + attrib: value3 + b: v + """, + [ + ( + 'cn=x,cn=y,cn=z', + { + 'attrib': [b'value', b'value2'], + 'a': [b'v'], + }, + ), + ( + 'cn=a,cn=b,cn=c', + { + 'attrib': [b'value2', b'value3'], + 'b': [b'v'], + }, + ), + ] + ) def test_folded(self): - self.check_roundtrip(""" - dn: cn=x,cn=y,cn=z - attrib: very - long - value - attrib2: %s + self.check_roundtrip( + """ + dn: cn=x,cn=y,cn=z + attrib: very + long + value + attrib2: %s """ % ('asdf.' * 20), [ - ('cn=x,cn=y,cn=z', {'attrib': [b'verylong value'], - 'attrib2': [b'asdf.' * 20]}), - ]) + ( + 'cn=x,cn=y,cn=z', + { + 'attrib': [b'verylong value'], + 'attrib2': [b'asdf.' * 20], + } + ), + ] + ) def test_empty(self): - self.check_roundtrip(""" - dn: cn=x,cn=y,cn=z - attrib: - attrib: foo - """, [ - ('cn=x,cn=y,cn=z', {'attrib': [b'', b'foo']}), - ]) + self.check_roundtrip( + """ + dn: cn=x,cn=y,cn=z + attrib1: + attrib1: foo + attrib2: + attrib2: foo + """, + [ + ( + 'cn=x,cn=y,cn=z', + { + 'attrib1': [b'', b'foo'], + 'attrib2': [b'', b'foo'], + }, + ), + ] + ) def test_binary(self): - self.check_roundtrip(""" - dn: cn=x,cn=y,cn=z - attrib:: CQAKOiVA - """, [ - ('cn=x,cn=y,cn=z', {'attrib': [b'\t\0\n:%@']}), - ]) + self.check_roundtrip( + """ + dn: cn=x,cn=y,cn=z + attrib:: CQAKOiVA + """, + [ + ( + 'cn=x,cn=y,cn=z', + { + 'attrib': [b'\t\0\n:%@'], + }, + ), + ] + ) def test_binary2(self): - self.check_roundtrip(""" - dn: cn=x,cn=y,cn=z - attrib::CQAKOiVA - """, [ - ('cn=x,cn=y,cn=z', {'attrib': [b'\t\0\n:%@']}), - ]) + self.check_roundtrip( + """ + dn: cn=x,cn=y,cn=z + attrib::CQAKOiVA + """, + [ + ( + 'cn=x,cn=y,cn=z', + {'attrib': [b'\t\0\n:%@']}, + ), + ] + ) def test_unicode(self): - self.check_roundtrip(""" - dn: cn=Michael Stroeder,dc=stroeder,dc=com - lastname: Ströder - """, [ - ('cn=Michael Stroeder,dc=stroeder,dc=com', - {'lastname': [b'Str\303\266der']}), - ]) + self.check_roundtrip( + """ + dn: cn=Michael Stroeder,dc=stroeder,dc=com + lastname: Ströder + """, + [ + ( + 'cn=Michael Stroeder,dc=stroeder,dc=com', + {'lastname': [b'Str\303\266der']}, + ), + ] + ) def test_sorted(self): - self.check_roundtrip(""" - dn: cn=x,cn=y,cn=z - b: value_b - c: value_c - a: value_a - """, [ - ('cn=x,cn=y,cn=z', {'a': [b'value_a'], - 'b': [b'value_b'], - 'c': [b'value_c']}), - ]) + self.check_roundtrip( + """ + dn: cn=x,cn=y,cn=z + b: value_b + c: value_c + a: value_a + """, + [ + ( + 'cn=x,cn=y,cn=z', + { + 'a': [b'value_a'], + 'b': [b'value_b'], + 'c': [b'value_c'], + } + ), + ] + ) + + def test_ignored_attr_types(self): + self.check_roundtrip( + """ + dn: cn=x,cn=y,cn=z + a: value_a + b: value_b + c: value_c + """, + [ + ( + 'cn=x,cn=y,cn=z', + { + 'a': [b'value_a'], + 'c': [b'value_c'], + } + ), + ], + ignored_attr_types=['b'], + ) def test_comments(self): - self.check_roundtrip(""" - # comment #1 - with line-folding - dn: cn=x1,cn=y1,cn=z1 - b1: value_b1 - c1: value_c1 - a1: value_a1 - - # comment #2.1 - # comment #2.2 - dn: cn=x2,cn=y2,cn=z2 - b2: value_b2 - c2: value_c2 - a2: value_a2 - - """, [ - ('cn=x1,cn=y1,cn=z1', {'a1': [b'value_a1'], - 'b1': [b'value_b1'], - 'c1': [b'value_c1']}), - ('cn=x2,cn=y2,cn=z2', {'a2': [b'value_a2'], - 'b2': [b'value_b2'], - 'c2': [b'value_c2']}), - ]) + self.check_roundtrip( + """ + # comment #1 + with line-folding + dn: cn=x1,cn=y1,cn=z1 + b1: value_b1 + c1: value_c1 + a1: value_a1 + + # comment #2.1 + # comment #2.2 + dn: cn=x2,cn=y2,cn=z2 + b2: value_b2 + c2: value_c2 + a2: value_a2 + + """, + [ + ( + 'cn=x1,cn=y1,cn=z1', + { + 'a1': [b'value_a1'], + 'b1': [b'value_b1'], + 'c1': [b'value_c1'], + } + ), + ( + 'cn=x2,cn=y2,cn=z2', + { + 'a2': [b'value_a2'], + 'b2': [b'value_b2'], + 'c2': [b'value_c2'], + } + ), + ] + ) def test_max_entries(self): - self.check_roundtrip(""" - dn: cn=x1,cn=y1,cn=z1 - b1: value_b1 - a1: value_a1 - - dn: cn=x2,cn=y2,cn=z2 - b2: value_b2 - a2: value_a2 - - dn: cn=x3,cn=y3,cn=z3 - b3: value_b3 - a3: value_a3 - - dn: cn=x4,cn=y4,cn=z4 - b2: value_b4 - a2: value_a4 - - """, [ - ('cn=x1,cn=y1,cn=z1', {'a1': [b'value_a1'], - 'b1': [b'value_b1']}), - ('cn=x2,cn=y2,cn=z2', {'a2': [b'value_a2'], - 'b2': [b'value_b2']}), - ], max_entries=2) + self.check_roundtrip( + """ + dn: cn=x1,cn=y1,cn=z1 + b1: value_b1 + a1: value_a1 + + dn: cn=x2,cn=y2,cn=z2 + b2: value_b2 + a2: value_a2 + + dn: cn=x3,cn=y3,cn=z3 + b3: value_b3 + a3: value_a3 + + dn: cn=x4,cn=y4,cn=z4 + b2: value_b4 + a2: value_a4 + + """, + [ + ( + 'cn=x1,cn=y1,cn=z1', + { + 'a1': [b'value_a1'], + 'b1': [b'value_b1'], + } + ), + ( + 'cn=x2,cn=y2,cn=z2', + { + 'a2': [b'value_a2'], + 'b2': [b'value_b2'], + } + ), + ], + max_entries=2 + ) def test_multiple_empty_lines(self): """ see http://sourceforge.net/p/python-ldap/feature-requests/18/ """ return # disabled - self.check_roundtrip(""" - # silly example - dn: uid=one,dc=tld - uid: one - - - # another silly example - dn: uid=two,dc=tld - uid: two - """, [ - ('uid=one,dc=tld', {'uid': [b'one']}), - ('uid=two,dc=tld', {'uid': [b'two']}), - ]) + self.check_roundtrip( + """ + # normal + dn: uid=one,dc=tld + uid: one + + + # after extra empty line + dn: uid=two,dc=tld + uid: two + """, + [ + ( + 'uid=one,dc=tld', + {'uid': [b'one']} + ), + ( + 'uid=two,dc=tld', + {'uid': [b'two']} + ), + ], + ) if __name__ == '__main__': From ec45d3edefffa8b6ea17c78282d257aa8d096fb7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 10 Feb 2016 22:11:04 +0000 Subject: [PATCH 238/868] More clean-ups, also make pylint more happy --- Tests/t_ldif.py | 87 +++++++++++++++++++++++++++++-------------------- 1 file changed, 52 insertions(+), 35 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 68d006f..62e12e1 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -1,51 +1,69 @@ # -*- coding: utf-8 -*- +""" +Automatic tests for python-ldap's module ldif -import unittest -import textwrap +See http://www.python-ldap.org/ for details. -import ldif +$Id: t_ldif.py,v 1.13 2016/02/10 22:11:04 stroeder Exp $ +""" +# from Python's standard lib +import unittest +import textwrap try: from StringIO import StringIO except ImportError: from io import StringIO +# from python-ldap +import ldif + class TestEntryRecords(unittest.TestCase): def _parse_entry_records( - self, - ldif_string, - ignored_attr_types=None, - max_entries=0, + self, + ldif_string, + ignored_attr_types=None, + max_entries=0, ): - f = StringIO(ldif_string) + """ + Parse LDIF data in `ldif_string' into list of entry records + """ + ldif_file = StringIO(ldif_string) ldif_parser = ldif.LDIFRecordList( - f, + ldif_file, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) ldif_parser.parse_entry_records() return ldif_parser.all_records - def _unparse_entry_records(self, records): - f = StringIO() - ldif_writer = ldif.LDIFWriter(f) - for dn, attrs in records: - ldif_writer.unparse(dn, attrs) - return f.getvalue() + def _unparse_entry_records(self, entry_records): + """ + Returns LDIF string with entry records from list `entry_records' + """ + ldif_file = StringIO() + ldif_writer = ldif.LDIFWriter(ldif_file) + for dn, entry in entry_records: + ldif_writer.unparse(dn, entry) + return ldif_file.getvalue() - def check_roundtrip( + def check_entry_records( self, - ldif_source, + ldif_string, entry_records, ignored_attr_types=None, max_entries=0 ): - ldif_source = textwrap.dedent(ldif_source).lstrip() + '\n' + """ + Checks whether entry records in `ldif_string' gets correctly parsed + and matches list of unparsed `entry_records'. + """ + ldif_string = textwrap.dedent(ldif_string).lstrip() + '\n' parsed_entry_records = self._parse_entry_records( - ldif_source, + ldif_string, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) @@ -58,7 +76,7 @@ def check_roundtrip( self.assertEqual(parsed_entry_records2, entry_records) def test_simple(self): - self.check_roundtrip( + self.check_entry_records( """ version: 1 @@ -77,7 +95,7 @@ def test_simple(self): ) def test_simple2(self): - self.check_roundtrip( + self.check_entry_records( """ dn:cn=x,cn=y,cn=z attrib:value @@ -94,7 +112,7 @@ def test_simple2(self): ) def test_multiple(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=x,cn=y,cn=z a: v @@ -125,7 +143,7 @@ def test_multiple(self): ) def test_folded(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=x,cn=y,cn=z attrib: very @@ -144,12 +162,12 @@ def test_folded(self): ) def test_empty(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=x,cn=y,cn=z attrib1: attrib1: foo - attrib2: + attrib2: attrib2: foo """, [ @@ -164,7 +182,7 @@ def test_empty(self): ) def test_binary(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=x,cn=y,cn=z attrib:: CQAKOiVA @@ -173,14 +191,14 @@ def test_binary(self): ( 'cn=x,cn=y,cn=z', { - 'attrib': [b'\t\0\n:%@'], + 'attrib': [b'\t\0\n:%@'], }, ), ] ) def test_binary2(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=x,cn=y,cn=z attrib::CQAKOiVA @@ -194,7 +212,7 @@ def test_binary2(self): ) def test_unicode(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=Michael Stroeder,dc=stroeder,dc=com lastname: Ströder @@ -208,7 +226,7 @@ def test_unicode(self): ) def test_sorted(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=x,cn=y,cn=z b: value_b @@ -228,7 +246,7 @@ def test_sorted(self): ) def test_ignored_attr_types(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=x,cn=y,cn=z a: value_a @@ -248,7 +266,7 @@ def test_ignored_attr_types(self): ) def test_comments(self): - self.check_roundtrip( + self.check_entry_records( """ # comment #1 with line-folding @@ -286,7 +304,7 @@ def test_comments(self): ) def test_max_entries(self): - self.check_roundtrip( + self.check_entry_records( """ dn: cn=x1,cn=y1,cn=z1 b1: value_b1 @@ -328,8 +346,7 @@ def test_multiple_empty_lines(self): """ see http://sourceforge.net/p/python-ldap/feature-requests/18/ """ - return # disabled - self.check_roundtrip( + self.check_entry_records( """ # normal dn: uid=one,dc=tld From 978cbf71ea7a5ff4544a0b1ed213f7cd4a75d541 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 11 Feb 2016 01:08:29 +0000 Subject: [PATCH 239/868] Tests/t_ldif.py with more test-cases --- CHANGES | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 2002d03..dab0142 100644 --- a/CHANGES +++ b/CHANGES @@ -18,6 +18,7 @@ Tests/ hard-coded /var/tmp * Tests/slapd.py now expects schema to be in /etc/openldap/ * Tests/t_ldapurl.py now independent of module ldap +* Tests/t_ldif.py reworked and with more test-cases ---------------------------------------------------------------- Released 2.4.25 2016-01-18 @@ -1256,4 +1257,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.376 2016/02/05 09:17:47 stroeder Exp $ +$Id: CHANGES,v 1.377 2016/02/11 01:08:29 stroeder Exp $ From 1dd979ffae22ea3b3c20827108b1ed966f80311e Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 11 Feb 2016 01:08:43 +0000 Subject: [PATCH 240/868] Tests/t_ldif.py with more test-cases --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index dab0142..bd05fe5 100644 --- a/CHANGES +++ b/CHANGES @@ -18,7 +18,7 @@ Tests/ hard-coded /var/tmp * Tests/slapd.py now expects schema to be in /etc/openldap/ * Tests/t_ldapurl.py now independent of module ldap -* Tests/t_ldif.py reworked and with more test-cases +* Tests/t_ldif.py with more test-cases ---------------------------------------------------------------- Released 2.4.25 2016-01-18 @@ -1257,4 +1257,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.377 2016/02/11 01:08:29 stroeder Exp $ +$Id: CHANGES,v 1.378 2016/02/11 01:08:43 stroeder Exp $ From 8fd0a22b2265a9136aac032fd7c6ca1d3dd8a4fe Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 16 Feb 2016 18:01:35 +0000 Subject: [PATCH 241/868] Consequently use HTTPS links --- setup.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py index 868d2f0..4d435f1 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: setup.py,v 1.73 2015/09/19 13:38:30 stroeder Exp $ +$Id: setup.py,v 1.74 2016/02/16 18:01:35 stroeder Exp $ """ has_setuptools = False @@ -91,8 +91,8 @@ class OpenLDAP2: """, author = 'python-ldap project', author_email = 'python-ldap@python.org', - url = 'http://www.python-ldap.org/', - download_url = 'http://pypi.python.org/pypi/python-ldap/', + url = 'https://www.python-ldap.org/', + download_url = 'https://pypi.python.org/pypi/python-ldap/', classifiers = [ 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', From 1dff225e46ccb39d4929556123a811d7b0ba192f Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 29 Feb 2016 17:05:43 +0000 Subject: [PATCH 242/868] release = '2.4.26.0' --- Doc/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/conf.py b/Doc/conf.py index e9e4833..72fc8bb 100644 --- a/Doc/conf.py +++ b/Doc/conf.py @@ -11,7 +11,7 @@ # All configuration values have a default value; values that are commented out # serve to show the default value. # -# $Id: conf.py,v 1.23 2015/12/09 17:33:14 stroeder Exp $ +# $Id: conf.py,v 1.24 2016/02/29 17:05:43 stroeder Exp $ import sys @@ -44,7 +44,7 @@ # The short X.Y version. version = '2.4' # The full version, including alpha/beta/rc tags. -release = '2.4.22.0' +release = '2.4.26.0' # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: From 2d57f9db3711fa9f53e868bea94839b27da4e71f Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 29 Feb 2016 18:55:59 +0000 Subject: [PATCH 243/868] style --- Tests/t_ldif.py | 82 +++++++++++++++++++++++++++---------------------- 1 file changed, 46 insertions(+), 36 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 62e12e1..f7ff843 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.13 2016/02/10 22:11:04 stroeder Exp $ +$Id: t_ldif.py,v 1.14 2016/02/29 18:55:59 stroeder Exp $ """ # from Python's standard lib @@ -20,35 +20,44 @@ import ldif -class TestEntryRecords(unittest.TestCase): +def parse_records( + ldif_string, + record_type='entry', + ignored_attr_types=None, + max_entries=0, +): + """ + Parse LDIF data in `ldif_string' into list of records + """ + ldif_file = StringIO(ldif_string) + ldif_parser = ldif.LDIFRecordList( + ldif_file, + ignored_attr_types=ignored_attr_types, + max_entries=max_entries, + ) + parser_method = getattr( + ldif_parser, + 'parse_%s_records' % record_type + ) + parser_method() + return ldif_parser.all_records + + +def unparse_records(records): + """ + Returns LDIF string with entry records from list `entry_records' + """ + ldif_file = StringIO() + ldif_writer = ldif.LDIFWriter(ldif_file) + for dn, entry in records: + ldif_writer.unparse(dn, entry) + return ldif_file.getvalue() - def _parse_entry_records( - self, - ldif_string, - ignored_attr_types=None, - max_entries=0, - ): - """ - Parse LDIF data in `ldif_string' into list of entry records - """ - ldif_file = StringIO(ldif_string) - ldif_parser = ldif.LDIFRecordList( - ldif_file, - ignored_attr_types=ignored_attr_types, - max_entries=max_entries, - ) - ldif_parser.parse_entry_records() - return ldif_parser.all_records - def _unparse_entry_records(self, entry_records): - """ - Returns LDIF string with entry records from list `entry_records' - """ - ldif_file = StringIO() - ldif_writer = ldif.LDIFWriter(ldif_file) - for dn, entry in entry_records: - ldif_writer.unparse(dn, entry) - return ldif_file.getvalue() +class TestEntryRecords(unittest.TestCase): + """ + Various LDIF test cases + """ def check_entry_records( self, @@ -62,13 +71,13 @@ def check_entry_records( and matches list of unparsed `entry_records'. """ ldif_string = textwrap.dedent(ldif_string).lstrip() + '\n' - parsed_entry_records = self._parse_entry_records( + parsed_entry_records = parse_records( ldif_string, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) - parsed_entry_records2 = self._parse_entry_records( - self._unparse_entry_records(entry_records), + parsed_entry_records2 = parse_records( + unparse_records(entry_records), ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) @@ -146,16 +155,17 @@ def test_folded(self): self.check_entry_records( """ dn: cn=x,cn=y,cn=z - attrib: very + attrib: very\x20 long - value + line-folded\x20 + value attrib2: %s - """ % ('asdf.' * 20), [ + """ % (b'asdf.'*20), [ ( 'cn=x,cn=y,cn=z', { - 'attrib': [b'verylong value'], - 'attrib2': [b'asdf.' * 20], + 'attrib': [b'very long line-folded value'], + 'attrib2': [b'asdf.'*20], } ), ] From d48b8225906be665317a615a3ad90ed21f2fe75d Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 29 Feb 2016 18:56:43 +0000 Subject: [PATCH 244/868] be explicit --- Tests/t_ldif.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index f7ff843..42bcae0 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.14 2016/02/29 18:55:59 stroeder Exp $ +$Id: t_ldif.py,v 1.15 2016/02/29 18:56:43 stroeder Exp $ """ # from Python's standard lib @@ -73,11 +73,13 @@ def check_entry_records( ldif_string = textwrap.dedent(ldif_string).lstrip() + '\n' parsed_entry_records = parse_records( ldif_string, + record_type='entry', ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) parsed_entry_records2 = parse_records( unparse_records(entry_records), + record_type='entry', ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) From e8a55d278c9b3c01c7a1d8e0f100996876803bb2 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 29 Feb 2016 22:44:42 +0000 Subject: [PATCH 245/868] More preparation to also check change records --- Tests/t_ldif.py | 59 ++++++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 42bcae0..a76f098 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.15 2016/02/29 18:56:43 stroeder Exp $ +$Id: t_ldif.py,v 1.16 2016/02/29 22:44:42 stroeder Exp $ """ # from Python's standard lib @@ -45,7 +45,7 @@ def parse_records( def unparse_records(records): """ - Returns LDIF string with entry records from list `entry_records' + Returns LDIF string with entry records from list `records' """ ldif_file = StringIO() ldif_writer = ldif.LDIFWriter(ldif_file) @@ -59,35 +59,44 @@ class TestEntryRecords(unittest.TestCase): Various LDIF test cases """ - def check_entry_records( + def check_records( self, ldif_string, - entry_records, + records, + record_type='entry', ignored_attr_types=None, max_entries=0 ): """ Checks whether entry records in `ldif_string' gets correctly parsed - and matches list of unparsed `entry_records'. + and matches list of unparsed `records'. """ ldif_string = textwrap.dedent(ldif_string).lstrip() + '\n' - parsed_entry_records = parse_records( + parsed_records = parse_records( ldif_string, - record_type='entry', + record_type=record_type, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) - parsed_entry_records2 = parse_records( - unparse_records(entry_records), - record_type='entry', + parsed_records2 = parse_records( + unparse_records(records), + record_type=record_type, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) - self.assertEqual(parsed_entry_records, entry_records) - self.assertEqual(parsed_entry_records2, entry_records) + self.assertEqual(parsed_records, records) + self.assertEqual(parsed_records2, records) + + def test_empty(self): + self.check_records( + """ + version: 1 + """, + [] + ) def test_simple(self): - self.check_entry_records( + self.check_records( """ version: 1 @@ -106,7 +115,7 @@ def test_simple(self): ) def test_simple2(self): - self.check_entry_records( + self.check_records( """ dn:cn=x,cn=y,cn=z attrib:value @@ -123,7 +132,7 @@ def test_simple2(self): ) def test_multiple(self): - self.check_entry_records( + self.check_records( """ dn: cn=x,cn=y,cn=z a: v @@ -154,7 +163,7 @@ def test_multiple(self): ) def test_folded(self): - self.check_entry_records( + self.check_records( """ dn: cn=x,cn=y,cn=z attrib: very\x20 @@ -174,7 +183,7 @@ def test_folded(self): ) def test_empty(self): - self.check_entry_records( + self.check_records( """ dn: cn=x,cn=y,cn=z attrib1: @@ -194,7 +203,7 @@ def test_empty(self): ) def test_binary(self): - self.check_entry_records( + self.check_records( """ dn: cn=x,cn=y,cn=z attrib:: CQAKOiVA @@ -210,7 +219,7 @@ def test_binary(self): ) def test_binary2(self): - self.check_entry_records( + self.check_records( """ dn: cn=x,cn=y,cn=z attrib::CQAKOiVA @@ -224,7 +233,7 @@ def test_binary2(self): ) def test_unicode(self): - self.check_entry_records( + self.check_records( """ dn: cn=Michael Stroeder,dc=stroeder,dc=com lastname: Ströder @@ -238,7 +247,7 @@ def test_unicode(self): ) def test_sorted(self): - self.check_entry_records( + self.check_records( """ dn: cn=x,cn=y,cn=z b: value_b @@ -258,7 +267,7 @@ def test_sorted(self): ) def test_ignored_attr_types(self): - self.check_entry_records( + self.check_records( """ dn: cn=x,cn=y,cn=z a: value_a @@ -278,7 +287,7 @@ def test_ignored_attr_types(self): ) def test_comments(self): - self.check_entry_records( + self.check_records( """ # comment #1 with line-folding @@ -316,7 +325,7 @@ def test_comments(self): ) def test_max_entries(self): - self.check_entry_records( + self.check_records( """ dn: cn=x1,cn=y1,cn=z1 b1: value_b1 @@ -358,7 +367,7 @@ def test_multiple_empty_lines(self): """ see http://sourceforge.net/p/python-ldap/feature-requests/18/ """ - self.check_entry_records( + self.check_records( """ # normal dn: uid=one,dc=tld From 30e4b3142af0180a52ad996650bad833375ee6f3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 29 Feb 2016 22:51:36 +0000 Subject: [PATCH 246/868] some refactoring, tested with t_ldif.py --- Lib/ldif.py | 163 +++++++++++++++++++++++++++++----------------------- 1 file changed, 90 insertions(+), 73 deletions(-) diff --git a/Lib/ldif.py b/Lib/ldif.py index 2d9f4c3..20fd61a 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.91 2016/01/26 10:43:24 stroeder Exp $ +$Id: ldif.py,v 1.92 2016/02/29 22:51:36 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -97,7 +97,7 @@ def __init__(self,output_file,base64_attrs=None,cols=76,line_sep='\n'): self._output_file = output_file self._base64_attrs = list_dict([a.lower() for a in (base64_attrs or [])]) self._cols = cols - self._line_sep = line_sep + self._last_line_sep = line_sep self.records_written = 0 def _unfold_lines(self,line): @@ -108,16 +108,16 @@ def _unfold_lines(self,line): line_len = len(line) if line_len<=self._cols: self._output_file.write(line) - self._output_file.write(self._line_sep) + self._output_file.write(self._last_line_sep) else: # Fold line pos = self._cols self._output_file.write(line[0:min(line_len,self._cols)]) - self._output_file.write(self._line_sep) + self._output_file.write(self._last_line_sep) while pos Date: Thu, 3 Mar 2016 17:06:10 +0000 Subject: [PATCH 247/868] Added interop note for ldap.modlist.modifyModlist() --- Doc/ldap-modlist.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Doc/ldap-modlist.rst b/Doc/ldap-modlist.rst index 5fd6351..0eb41c5 100644 --- a/Doc/ldap-modlist.rst +++ b/Doc/ldap-modlist.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-modlist.rst,v 1.4 2011/07/22 17:39:44 stroeder Exp $ +.. % $Id: ldap-modlist.rst,v 1.5 2016/03/03 17:06:10 stroeder Exp $ :py:mod:`ldap.modlist` Generate modify lists @@ -51,3 +51,12 @@ The :mod:`ldap.modlist` module defines the following functions: the comparison will be conducted case-insensitive. It is useful in situations where a LDAP server normalizes values and one wants to avoid unnecessary changes (e.g. case of attribute type names in DNs). + + .. note:: + Replacing attribute values is always done with a + :py:const:`ldap.MOD_DELETE`/:py:const:`ldap.MOD_ADD` pair instead of + :py:const:`ldap.MOD_REPLACE` to work-around potential issues with + attributes for which no EQUALITY matching rule are defined in the + server's subschema. This works correctly in most situations but + rarely fails with some LDAP servers implementing (schema) checks on + transient state entry during processing the modify operation. From b8fb5514c6b0ba162ba90378f389fdb7465bbfb4 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 11 Mar 2016 12:46:09 +0000 Subject: [PATCH 248/868] SimpleLDAPObject.unbind_ext() already removes class attribute _l => no need to do it in ReconnectLDAPObject.reconnect() --- Lib/ldap/ldapobject.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index d6fe4c4..9e9c217 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.153 2016/01/28 09:43:08 stroeder Exp $ +\$Id: ldapobject.py,v 1.154 2016/03/11 12:46:09 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -886,7 +886,6 @@ def reconnect(self,uri,retry_max=1,retry_delay=60.0): self._trace_file.write('=> delay %s...\n' % (retry_delay)) time.sleep(retry_delay) SimpleLDAPObject.unbind_s(self) - del self._l else: if __debug__ and self._trace_level>=1: self._trace_file.write('*** %s reconnect to %s successful => repeat last operation\n' % ( From 325db8e34fb2352a3506cc792bea7f56cfb52fa7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 7 Apr 2016 20:17:16 +0000 Subject: [PATCH 249/868] added ldap.controls.sss to py_modules --- setup.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 4d435f1..2cc776b 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: setup.py,v 1.74 2016/02/16 18:01:35 stroeder Exp $ +$Id: setup.py,v 1.75 2016/04/07 20:17:16 stroeder Exp $ """ has_setuptools = False @@ -159,6 +159,7 @@ class OpenLDAP2: 'ldap.controls.readentry', 'ldap.controls.sessiontrack', 'ldap.controls.simple', + 'ldap.controls.sss', 'ldap.cidict', 'ldap.dn', 'ldap.extop', From a729264c866b23ee7378c8e674cd5d3aeb3ab7cf Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 7 Apr 2016 20:22:17 +0000 Subject: [PATCH 250/868] added ldap.controls.sss to py_modules --- CHANGES | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index bd05fe5..137f684 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,9 @@ Released 2.4.26 2016-xx-xx Changes since 2.4.25: +Installation: +* added ldap.controls.sss to py_modules in setup.py + Lib/ * LDAPObject.unbind_ext() now removes class attribute LDAPObject._l to completely invalidate C wrapper object @@ -1257,4 +1260,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.378 2016/02/11 01:08:43 stroeder Exp $ +$Id: CHANGES,v 1.379 2016/04/07 20:22:17 stroeder Exp $ From 6ef1fb227f6dab717c7be96e1a0cecbd1d395946 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Wed, 18 May 2016 10:27:07 +0200 Subject: [PATCH 251/868] Readd LICENCE the original python-ldap project this fork is based on used this LICENSE, which is inherited by this project. This file was left out of the pyldap CVS mirror, because it was not touched since 2000. All other files from CVS are already present in the repository. --- LICENCE | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 LICENCE diff --git a/LICENCE b/LICENCE new file mode 100644 index 0000000..a98c010 --- /dev/null +++ b/LICENCE @@ -0,0 +1,10 @@ +The pyldap package is distributed under Python-style license. + +Standard disclaimer: + This software is made available by the author(s) to the public for free + and "as is". All users of this free software are solely and entirely + responsible for their own choice and use of this software for their + own purposes. By using this software, each user agrees that the + author(s) shall not be liable for damages of any kind in relation to + its use or performance. The author(s) do not warrant that this software + is fit for any purpose. From 02d3119f8a471b8e40e1c4f97beaef9c586acc90 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 13:59:20 +0000 Subject: [PATCH 252/868] call commenceShutdown(None, None) and some formatting cosmetics --- Demo/pyasn1/syncrepl.py | 42 ++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/Demo/pyasn1/syncrepl.py b/Demo/pyasn1/syncrepl.py index c1185e6..1177d18 100644 --- a/Demo/pyasn1/syncrepl.py +++ b/Demo/pyasn1/syncrepl.py @@ -15,27 +15,28 @@ python-ldap 2.4.10+ """ +# Import modules from Python standard lib +import shelve,signal,time,sys,logging + # Import the python-ldap modules -import ldap,ldapurl +import ldap +import ldapurl # Import specific classes from python-ldap from ldap.ldapobject import ReconnectLDAPObject from ldap.syncrepl import SyncreplConsumer -# Import modules from Python standard lib -import shelve,signal,time,sys,logging - # Global state watcher_running = True ldap_connection = False -class SyncReplConsumer(ReconnectLDAPObject,SyncreplConsumer): +class SyncReplConsumer(ReconnectLDAPObject, SyncreplConsumer): """ Syncrepl Consumer interface """ - def __init__(self,db_path,*args,**kwargs): + def __init__(self, db_path, *args, **kwargs): # Initialise the LDAP Connection first ldap.ldapobject.ReconnectLDAPObject.__init__(self, *args, **kwargs) # Now prepare the data store @@ -55,19 +56,22 @@ def syncrepl_set_cookie(self,cookie): self.__data['cookie'] = cookie def syncrepl_entry(self,dn,attributes,uuid): - # First we determine the type of change we have here (and store away the previous data for later if needed) + # First we determine the type of change we have here + # (and store away the previous data for later if needed) previous_attributes = dict() if uuid in self.__data: change_type = 'modify' previous_attributes = self.__data[uuid] else: change_type = 'add' - # Now we store our knowledge of the existence of this entry (including the DN as an attribute for convenience) + # Now we store our knowledge of the existence of this entry + # (including the DN as an attribute for convenience) attributes['dn'] = dn self.__data[uuid] = attributes # Debugging print 'Detected', change_type, 'of entry:', dn - # If we have a cookie then this is not our first time being run, so it must be a change + # If we have a cookie then this is not our first time being run, + # so it must be a change if 'ldap_cookie' in self.__data: self.perform_application_sync(dn, attributes, previous_attributes) @@ -80,11 +84,18 @@ def syncrepl_delete(self,uuids): del self.__data[uuid] def syncrepl_present(self,uuids,refreshDeletes=False): - # If we have not been given any UUID values, then we have recieved all the present controls... + # If we have not been given any UUID values, + # then we have recieved all the present controls... if uuids is None: - # We only do things if refreshDeletes is false as the syncrepl extension will call syncrepl_delete instead when it detects a delete notice + # We only do things if refreshDeletes is false as the syncrepl + # extension will call syncrepl_delete instead when it detects a + # delete notice if refreshDeletes is False: - deletedEntries = [uuid for uuid in self.__data.keys() if uuid not in self.__presentUUIDs and uuid != 'ldap_cookie'] + deletedEntries = [ + uuid + for uuid in self.__data.keys() + if uuid not in self.__presentUUIDs and uuid != 'ldap_cookie' + ] self.syncrepl_delete( deletedEntries ) # Phase is now completed, reset the list self.__presentUUIDs = {} @@ -113,6 +124,7 @@ def commenceShutdown(signum, stack): # Tear down the server connection if( ldap_connection ): ldap_connection.close_db() + ldap_connection.unbind_s() del ldap_connection # Shutdown @@ -144,11 +156,11 @@ def commenceShutdown(signum, stack): while watcher_running: print 'Connecting to LDAP server now...' # Prepare the LDAP server connection (triggers the connection as well) - ldap_connection = SyncReplConsumer(database_path,ldap_url.initializeUrl()) + ldap_connection = SyncReplConsumer(database_path, ldap_url.initializeUrl()) # Now we login to the LDAP server try: - ldap_connection.simple_bind_s(ldap_url.who,ldap_url.cred) + ldap_connection.simple_bind_s(ldap_url.who, ldap_url.cred) except ldap.INVALID_CREDENTIALS, e: print 'Login to LDAP server failed: ', str(e) sys.exit(1) @@ -172,7 +184,7 @@ def commenceShutdown(signum, stack): pass except KeyboardInterrupt: # User asked to exit - commenceShutdown() + commenceShutdown(None, None) pass except Exception, e: # Handle any exception From 0def217fba5098990c4e9d778c9ad072318ec743 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 14:49:22 +0000 Subject: [PATCH 253/868] SimpleLDAPObject.unbind_ext_s(): simplified and flush trace file --- Lib/ldap/ldapobject.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 9e9c217..94b7a90 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.154 2016/03/11 12:46:09 stroeder Exp $ +\$Id: ldapobject.py,v 1.155 2016/07/17 14:49:22 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -633,8 +633,11 @@ def unbind_ext(self,serverctrls=None,clientctrls=None): def unbind_ext_s(self,serverctrls=None,clientctrls=None): msgid = self.unbind_ext(serverctrls,clientctrls) if msgid!=None: - resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) - return resp_type, resp_data, resp_msgid, resp_ctrls + result = self.result3(msgid,all=1,timeout=self.timeout) + else: + result = None + self._trace_file.flush() + return result def unbind(self): return self.unbind_ext(None,None) From ad88a804bf071e3a31ea2eeb02b9fc6139a43ef4 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 15:12:58 +0000 Subject: [PATCH 254/868] added functions ldap.strf_secs() and ldap.strp_secs() --- CHANGES | 3 ++- Lib/ldap/__init__.py | 4 ++-- Lib/ldap/functions.py | 19 +++++++++++++++++-- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 137f684..888eb55 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,7 @@ Installation: Lib/ * LDAPObject.unbind_ext() now removes class attribute LDAPObject._l to completely invalidate C wrapper object +* added functions ldap.strf_secs() and ldap.strp_secs() Modules/ * Fixed #69 Segmentation fault on whoami_s after unbind @@ -1260,4 +1261,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.379 2016/04/07 20:22:17 stroeder Exp $ +$Id: CHANGES,v 1.380 2016/07/17 15:12:58 stroeder Exp $ diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index ef106be..0cb29f1 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.103 2016/01/26 10:43:24 stroeder Exp $ +$Id: __init__.py,v 1.104 2016/07/17 15:12:58 stroeder Exp $ """ # This is also the overall release version number @@ -82,7 +82,7 @@ def release(self): # Create module-wide lock for serializing all calls into underlying LDAP lib _ldap_module_lock = LDAPLock(desc='Module wide') -from functions import open,initialize,init,get_option,set_option,escape_str +from functions import open,initialize,init,get_option,set_option,escape_str,strf_secs,strp_secs from ldapobject import NO_UNIQUE_ENTRY diff --git a/Lib/ldap/functions.py b/Lib/ldap/functions.py index 8ba0130..3e04744 100644 --- a/Lib/ldap/functions.py +++ b/Lib/ldap/functions.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: functions.py,v 1.31 2015/06/06 09:21:37 stroeder Exp $ +\$Id: functions.py,v 1.32 2016/07/17 15:12:58 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -27,7 +27,8 @@ 'escape_str', ] -import sys,pprint,_ldap,ldap +import sys,pprint,time,_ldap,ldap +from calendar import timegm from ldap import LDAPError @@ -140,3 +141,17 @@ def escape_str(escape_func,s,*args): """ escape_args = map(escape_func,args) return s % tuple(escape_args) + + +def strf_secs(secs): + """ + Convert seconds since epoch to a string compliant to LDAP syntax GeneralizedTime + """ + return time.strftime('%Y%m%d%H%M%SZ', time.gmtime(secs)) + + +def strp_secs(dt_str): + """ + Convert LDAP syntax GeneralizedTime to seconds since epoch + """ + return timegm(time.strptime(dt_str, '%Y%m%d%H%M%SZ')) From 854c5d8cfb7372e97f88608adf73328faa511ae3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 16:06:19 +0000 Subject: [PATCH 255/868] call self._consume_empty_lines() --- Lib/ldif.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Lib/ldif.py b/Lib/ldif.py index 20fd61a..205d81e 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.92 2016/02/29 22:51:36 stroeder Exp $ +$Id: ldif.py,v 1.93 2016/07/17 16:06:19 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -510,10 +510,8 @@ def parse_change_records(self): while k!=None: k,v = next_key_and_value() - # Consume empty separation line - k,v = next_key_and_value() - while k is None and v is None: - k,v = next_key_and_value() + # Consume empty separator line(s) + k,v = self._consume_empty_lines() # Increment record counters try: From 9ab29199821679cef3e545762170456c2c4b78c7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 16:11:25 +0000 Subject: [PATCH 256/868] parse_change_records(): version is Integer --- Lib/ldif.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/ldif.py b/Lib/ldif.py index 205d81e..ac0a9bf 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.93 2016/07/17 16:06:19 stroeder Exp $ +$Id: ldif.py,v 1.94 2016/07/17 16:11:25 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -438,7 +438,7 @@ def parse_change_records(self): self.changetype_counter = {} k,v = next_key_and_value() if k=='version': - self.version = v + self.version = int(v) k,v = next_key_and_value() if k==v==None: k,v = next_key_and_value() From 06017131e8a78384685a79b1debd4a499ecceef1 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 16:25:46 +0000 Subject: [PATCH 257/868] class TestChangeRecords --- Tests/t_ldif.py | 54 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index a76f098..9a3e103 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.16 2016/02/29 22:44:42 stroeder Exp $ +$Id: t_ldif.py,v 1.17 2016/07/17 16:25:46 stroeder Exp $ """ # from Python's standard lib @@ -54,7 +54,7 @@ def unparse_records(records): return ldif_file.getvalue() -class TestEntryRecords(unittest.TestCase): +class TestLDIFParser(unittest.TestCase): """ Various LDIF test cases """ @@ -87,6 +87,12 @@ def check_records( self.assertEqual(parsed_records, records) self.assertEqual(parsed_records2, records) + +class TestEntryRecords(TestLDIFParser): + """ + Various LDIF test cases + """ + def test_empty(self): self.check_records( """ @@ -391,5 +397,49 @@ def test_multiple_empty_lines(self): ) +class TestChangeRecords(TestLDIFParser): + """ + Various LDIF test cases + """ + + def test_empty(self): + self.check_records( + """ + version: 1 + """, + [], + record_type='change', + ) + + def test_simple(self): + self.check_records( + """ + version: 1 + + dn: cn=x,cn=y,cn=z + changetype: modify + replace: attrib + attrib: value + attrib: value2 + - + add: attrib2 + attrib2: value + attrib2: value2 + - + delete: attrib3 + attrib3: value + - + delete: attrib4 + - + """, + [ + (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), + (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), + ], + record_type='change', + ) + if __name__ == '__main__': unittest.main() From d70170ceda317056483274f0723513996955d663 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 17:43:04 +0000 Subject: [PATCH 258/868] fixed LDIFParser.parse_change_records() --- Lib/ldif.py | 78 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 44 insertions(+), 34 deletions(-) diff --git a/Lib/ldif.py b/Lib/ldif.py index ac0a9bf..69ebcbf 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.94 2016/07/17 16:11:25 stroeder Exp $ +$Id: ldif.py,v 1.95 2016/07/17 17:43:04 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -276,10 +276,14 @@ def __init__( self.line_counter = 0 self.byte_counter = 0 self.records_read = 0 + self.changetype_counter = {}.fromkeys(CHANGE_TYPES,0) # Store some symbols for better performance self._base64_decodestring = base64.decodestring # Read very first line - self._last_line = self._readline() + try: + self._last_line = self._readline() + except EOFError: + self._last_line = '' def handle(self,dn,entry): """ @@ -378,12 +382,16 @@ def parse_entry_records(self): """ # Local symbol for better performance next_key_and_value = self._next_key_and_value - # Consume empty lines - k,v = self._consume_empty_lines() - # Consume 'version' line - if k=='version': - self.version = int(v) + + try: + # Consume empty lines k,v = self._consume_empty_lines() + # Consume 'version' line + if k=='version': + self.version = int(v) + k,v = self._consume_empty_lines() + except EOFError: + return # Loop for processing whole records while k!=None and \ @@ -398,19 +406,19 @@ def parse_entry_records(self): # Consume second line of record k,v = next_key_and_value() - try: - # Loop for reading the attributes - while k!=None: - # Add the attribute to the entry if not ignored attribute - if not k.lower() in self._ignored_attr_types: - try: - entry[k].append(v) - except KeyError: - entry[k]=[v] - # Read the next line within the record + # Loop for reading the attributes + while k!=None: + # Add the attribute to the entry if not ignored attribute + if not k.lower() in self._ignored_attr_types: + try: + entry[k].append(v) + except KeyError: + entry[k]=[v] + # Read the next line within the record + try: k,v = next_key_and_value() - except EOFError: - pass + except EOFError: + k,v = None,None # handle record self.handle(dn,entry) @@ -434,31 +442,29 @@ def handle_modify(self,dn,modops,controls=None): pass def parse_change_records(self): + # Local symbol for better performance next_key_and_value = self._next_key_and_value - self.changetype_counter = {} - k,v = next_key_and_value() + # Consume empty lines + k,v = self._consume_empty_lines() + # Consume 'version' line if k=='version': self.version = int(v) - k,v = next_key_and_value() - if k==v==None: - k,v = next_key_and_value() - else: - self.version = None + k,v = self._consume_empty_lines() # Loop for processing whole records while k!=None and \ (not self._max_entries or self.records_read Date: Sun, 17 Jul 2016 17:43:39 +0000 Subject: [PATCH 259/868] TestChangeRecords.test_simple() almost works --- Tests/t_ldif.py | 105 ++++++++++++++++++++++++++---------------------- 1 file changed, 57 insertions(+), 48 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 9a3e103..3c80a02 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.17 2016/07/17 16:25:46 stroeder Exp $ +$Id: t_ldif.py,v 1.18 2016/07/17 17:43:39 stroeder Exp $ """ # from Python's standard lib @@ -20,50 +20,54 @@ import ldif -def parse_records( - ldif_string, - record_type='entry', - ignored_attr_types=None, - max_entries=0, -): - """ - Parse LDIF data in `ldif_string' into list of records - """ - ldif_file = StringIO(ldif_string) - ldif_parser = ldif.LDIFRecordList( - ldif_file, - ignored_attr_types=ignored_attr_types, - max_entries=max_entries, - ) - parser_method = getattr( - ldif_parser, - 'parse_%s_records' % record_type - ) - parser_method() - return ldif_parser.all_records - - -def unparse_records(records): - """ - Returns LDIF string with entry records from list `records' - """ - ldif_file = StringIO() - ldif_writer = ldif.LDIFWriter(ldif_file) - for dn, entry in records: - ldif_writer.unparse(dn, entry) - return ldif_file.getvalue() - - class TestLDIFParser(unittest.TestCase): """ Various LDIF test cases """ + def _parse_records( + self, + ldif_string, + ignored_attr_types=None, + max_entries=0, + ): + """ + Parse LDIF data in `ldif_string' into list of records + """ + ldif_file = StringIO(ldif_string) + ldif_parser = ldif.LDIFRecordList( + ldif_file, + ignored_attr_types=ignored_attr_types, + max_entries=max_entries, + ) + parser_method = getattr( + ldif_parser, + 'parse_%s_records' % self.record_type + ) + parser_method() + if self.record_type == 'entry': + return ldif_parser.all_records + elif self.record_type == 'change': + return ldif_parser.all_modify_changes + + def _unparse_records(self, records): + """ + Returns LDIF string with entry records from list `records' + """ + ldif_file = StringIO() + ldif_writer = ldif.LDIFWriter(ldif_file) + if self.record_type == 'entry': + for dn, entry in records: + ldif_writer.unparse(dn, entry) + elif self.record_type == 'change': + for dn, modops, controls in records: + ldif_writer.unparse(dn, modops) + return ldif_file.getvalue() + def check_records( self, ldif_string, records, - record_type='entry', ignored_attr_types=None, max_entries=0 ): @@ -72,15 +76,13 @@ def check_records( and matches list of unparsed `records'. """ ldif_string = textwrap.dedent(ldif_string).lstrip() + '\n' - parsed_records = parse_records( + parsed_records = self._parse_records( ldif_string, - record_type=record_type, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) - parsed_records2 = parse_records( - unparse_records(records), - record_type=record_type, + parsed_records2 = self._parse_records( + self._unparse_records(records), ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) @@ -92,11 +94,13 @@ class TestEntryRecords(TestLDIFParser): """ Various LDIF test cases """ + record_type='entry' def test_empty(self): self.check_records( """ version: 1 + """, [] ) @@ -188,7 +192,7 @@ def test_folded(self): ] ) - def test_empty(self): + def test_empty_attr_values(self): self.check_records( """ dn: cn=x,cn=y,cn=z @@ -401,6 +405,7 @@ class TestChangeRecords(TestLDIFParser): """ Various LDIF test cases """ + record_type='change' def test_empty(self): self.check_records( @@ -408,7 +413,6 @@ def test_empty(self): version: 1 """, [], - record_type='change', ) def test_simple(self): @@ -433,12 +437,17 @@ def test_simple(self): - """, [ - (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), - (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), - (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), - (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), + ( + 'cn=x,cn=y,cn=z', + [ + (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), + (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), + ], + [], + ), ], - record_type='change', ) if __name__ == '__main__': From fa991f9790137264343a41ca7cab84d3273d2952 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 19:30:44 +0000 Subject: [PATCH 260/868] tolerate missing dash --- Lib/ldif.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Lib/ldif.py b/Lib/ldif.py index 69ebcbf..238f097 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.95 2016/07/17 17:43:04 stroeder Exp $ +$Id: ldif.py,v 1.96 2016/07/17 19:30:44 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -497,7 +497,10 @@ def parse_change_records(self): # we now have the attribute name to be modified modattr = v modvalues = [] - k,v = next_key_and_value() + try: + k,v = next_key_and_value() + except EOFError: + k,v = None,None while k==modattr: modvalues.append(v) k,v = next_key_and_value() From c97fe7f4871fe605f443909b428ffd54ed26ec30 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 19:37:37 +0000 Subject: [PATCH 261/868] fixed TestChangeRecords.test_simple() and added TestChangeRecords.test_simple_missing_dash() --- Tests/t_ldif.py | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 3c80a02..89ad045 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.18 2016/07/17 17:43:39 stroeder Exp $ +$Id: t_ldif.py,v 1.19 2016/07/17 19:37:37 stroeder Exp $ """ # from Python's standard lib @@ -81,8 +81,9 @@ def check_records( ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) + generated_ldif = self._unparse_records(records) parsed_records2 = self._parse_records( - self._unparse_records(records), + generated_ldif, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) @@ -435,6 +436,7 @@ def test_simple(self): - delete: attrib4 - + """, [ ( @@ -445,10 +447,38 @@ def test_simple(self): (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), ], - [], + None, ), ], ) + def test_missing_trailing_separator(self): + self.check_records( + """ + version: 1 + + dn: cn=x,cn=y,cn=z + changetype: modify + replace: attrib + attrib: value + attrib: value2 + - + add: attrib2 + attrib2: value + attrib2: value2 + """, + [ + ( + 'cn=x,cn=y,cn=z', + [ + (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), + ], + None, + ), + ], + ) + + if __name__ == '__main__': unittest.main() From cb07289ab142aa7b96be80aba22acf775bfd8d02 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 19:38:32 +0000 Subject: [PATCH 262/868] LDIFParser.parse_change_records(): more liberal parsing --- Lib/ldif.py | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/Lib/ldif.py b/Lib/ldif.py index 238f097..bae4b76 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.96 2016/07/17 19:30:44 stroeder Exp $ +$Id: ldif.py,v 1.97 2016/07/17 19:38:32 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -487,31 +487,31 @@ def parse_change_records(self): # From here we assume a change record is read with changetype: modify modops = [] - # Loop for reading the list of modifications - while k!=None: - # Extract attribute mod-operation (add, delete, replace) - try: - modop = MOD_OP_INTEGER[k] - except KeyError: - raise ValueError('Line %d: Invalid mod-op string: %s' % (self.line_counter,repr(k))) - # we now have the attribute name to be modified - modattr = v - modvalues = [] - try: - k,v = next_key_and_value() - except EOFError: - k,v = None,None - while k==modattr: - modvalues.append(v) - k,v = next_key_and_value() - modops.append((modop,modattr,modvalues or None)) - try: + try: + # Loop for reading the list of modifications + while k!=None: + # Extract attribute mod-operation (add, delete, replace) + try: + modop = MOD_OP_INTEGER[k] + except KeyError: + raise ValueError('Line %d: Invalid mod-op string: %s' % (self.line_counter,repr(k))) + # we now have the attribute name to be modified + modattr = v + modvalues = [] k,v = next_key_and_value() - except EOFError: - k,v = None,None - if k=='-': - # Consume next line + while k==modattr: + modvalues.append(v) + try: + k,v = next_key_and_value() + except EOFError: + k,v = None,None + modops.append((modop,modattr,modvalues or None)) k,v = next_key_and_value() + if k=='-': + # Consume next line + k,v = next_key_and_value() + except EOFError: + k,v = None,None if modops: # append entry to result list From 04fee781b6fddb95093e805efa2d2685b3e09510 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 19:42:32 +0000 Subject: [PATCH 263/868] LDAPObject.unbind_ext() now flushes trace file --- CHANGES | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 888eb55..773a719 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,11 @@ Installation: Lib/ * LDAPObject.unbind_ext() now removes class attribute LDAPObject._l to completely invalidate C wrapper object +* LDAPObject.unbind_ext() now flushes trace file * added functions ldap.strf_secs() and ldap.strp_secs() +* Refactored ldif.LDIFParser + * ldif.LDIFParser.version ís now Integer + * ignore multiple empty lines between records Modules/ * Fixed #69 Segmentation fault on whoami_s after unbind @@ -1261,4 +1265,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.380 2016/07/17 15:12:58 stroeder Exp $ +$Id: CHANGES,v 1.381 2016/07/17 19:42:32 stroeder Exp $ From 4de6216d731d65b9a971dd634a43115052700c15 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 19:44:19 +0000 Subject: [PATCH 264/868] cosmetic change: use constants in SEARCH_SCOPE_STR dict --- Lib/ldapurl.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 49792e4..b9e78a8 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.78 2016/01/26 10:43:24 stroeder Exp $ +\$Id: ldapurl.py,v 1.79 2016/07/17 19:44:19 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -32,7 +32,13 @@ LDAP_SCOPE_SUBTREE = 2 LDAP_SCOPE_SUBORDINATES = 3 -SEARCH_SCOPE_STR = {None:'',0:'base',1:'one',2:'sub',3:'subordinates'} +SEARCH_SCOPE_STR = { + None:'', + LDAP_SCOPE_BASE:'base', + LDAP_SCOPE_ONELEVEL:'one', + LDAP_SCOPE_SUBTREE:'sub', + LDAP_SCOPE_SUBORDINATES:'subordinates', +} SEARCH_SCOPE = { '':None, From 6b82a8212af3baff032a4abe0741c50d37ea819c Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 17 Jul 2016 19:46:49 +0000 Subject: [PATCH 265/868] mention test-cases for LDIF change records --- CHANGES | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 773a719..0febf32 100644 --- a/CHANGES +++ b/CHANGES @@ -26,7 +26,8 @@ Tests/ hard-coded /var/tmp * Tests/slapd.py now expects schema to be in /etc/openldap/ * Tests/t_ldapurl.py now independent of module ldap -* Tests/t_ldif.py with more test-cases +* Tests/t_ldif.py now has more test-cases also + for change records ---------------------------------------------------------------- Released 2.4.25 2016-01-18 @@ -1265,4 +1266,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.381 2016/07/17 19:42:32 stroeder Exp $ +$Id: CHANGES,v 1.382 2016/07/17 19:46:49 stroeder Exp $ From 9f889bb99237d1af7c6a6361b51a692f83d845e1 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 14:57:46 +0000 Subject: [PATCH 266/868] started to implement TestChangeRecords.test_bad_change_records() --- Tests/t_ldif.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 89ad045..7fdc680 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.19 2016/07/17 19:37:37 stroeder Exp $ +$Id: t_ldif.py,v 1.20 2016/07/24 14:57:46 stroeder Exp $ """ # from Python's standard lib @@ -479,6 +479,23 @@ def test_missing_trailing_separator(self): ], ) + def test_bad_change_records(self): + for bad_ldif_string in ( + """ + changetype: modify + replace: attrib + attrib: value + attrib: value2 + """, + ): + ldif_string = textwrap.dedent(bad_ldif_string).lstrip() + '\n' + try: + res = self._parse_records(ldif_string) + except ValueError, value_error: + pass + else: + self.fail("should have raised ValueError: %r" % ldif_str) + if __name__ == '__main__': unittest.main() From ab1ba33d066e83228ac4071065e994b76c2b6b67 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:14:56 +0000 Subject: [PATCH 267/868] added function ldap.filter.time_span_filter() --- CHANGES | 3 ++- Lib/ldap/filter.py | 38 +++++++++++++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0febf32..74f02de 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,7 @@ Lib/ LDAPObject._l to completely invalidate C wrapper object * LDAPObject.unbind_ext() now flushes trace file * added functions ldap.strf_secs() and ldap.strp_secs() +* added function ldap.filter.time_span_filter() * Refactored ldif.LDIFParser * ldif.LDIFParser.version ís now Integer * ignore multiple empty lines between records @@ -1266,4 +1267,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.382 2016/07/17 19:46:49 stroeder Exp $ +$Id: CHANGES,v 1.383 2016/07/24 15:14:56 stroeder Exp $ diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py index 46f957e..727c1f8 100644 --- a/Lib/ldap/filter.py +++ b/Lib/ldap/filter.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: filter.py,v 1.10 2015/06/06 09:21:37 stroeder Exp $ +\$Id: filter.py,v 1.11 2016/07/24 15:14:56 stroeder Exp $ Compability: - Tested with Python 2.0+ @@ -11,6 +11,10 @@ from ldap import __version__ +from ldap.functions import strf_secs + +import time + def escape_filter_chars(assertion_value,escape_mode=0): """ @@ -53,3 +57,35 @@ def filter_format(filter_template,assertion_values): count of %s in filter_template. """ return filter_template % (tuple(map(escape_filter_chars,assertion_values))) + + +def time_span_filter( + filterstr='', + from_timestamp=0, + until_timestamp=None, + delta_attr='modifyTimestamp', + ): + """ + If last_run_timestr is non-zero filterstr will be extended + """ + if until_timestamp is None: + until_timestamp = time.time() + if from_timestamp < 0: + from_timestamp = until_timestamp + from_timestamp + if from_timestamp > until_timestamp: + raise ValueError('from_timestamp %r must not be greater than until_timestamp %r' % ( + from_timestamp, until_timestamp + )) + return ( + '(&' + '{filterstr}' + '({delta_attr}>={from_timestr})' + '(!({delta_attr}>={until_timestr}))' + ')' + ).format( + filterstr=filterstr, + delta_attr=delta_attr, + from_timestr=strf_secs(from_timestamp), + until_timestr=strf_secs(until_timestamp), + ) + # end of time_span_filter() From 7fec6bb16fa74f1e4e394196777729e482c5cce9 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:37:25 +0000 Subject: [PATCH 268/868] tests for ldap.strf_secs(), ldap.strp_secs() and ldap.escape_str() --- Tests/t_ldap_functions.py | 75 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 Tests/t_ldap_functions.py diff --git a/Tests/t_ldap_functions.py b/Tests/t_ldap_functions.py new file mode 100644 index 0000000..6947352 --- /dev/null +++ b/Tests/t_ldap_functions.py @@ -0,0 +1,75 @@ +# -*- coding: utf-8 -*- +""" +Automatic tests for module ldap.functions +""" + +# from Python's standard lib +import unittest + +# from python-ldap +import ldap +from ldap.dn import escape_dn_chars +from ldap.filter import escape_filter_chars + + +class TestFunction(unittest.TestCase): + """ + test ldap.functions + """ + + def test_ldap_strf_secs(self): + """ + test function ldap_strf_secs() + """ + self.assertEquals(ldap.strf_secs(0), '19700101000000Z') + self.assertEquals(ldap.strf_secs(1466947067), '20160626131747Z') + + def test_ldap_strp_secs(self): + """ + test function ldap_strp_secs() + """ + self.assertEquals(ldap.strp_secs('19700101000000Z'), 0) + self.assertEquals(ldap.strp_secs('20160626131747Z'), 1466947067) + + def test_escape_str(self): + """ + test function escape_string_tmpl() + """ + self.assertEquals( + ldap.escape_str( + escape_filter_chars, + '(&(objectClass=aeUser)(uid=%s))', + 'foo' + ), + '(&(objectClass=aeUser)(uid=foo))' + ) + self.assertEquals( + ldap.escape_str( + escape_filter_chars, + '(&(objectClass=aeUser)(uid=%s))', + 'foo)bar' + ), + '(&(objectClass=aeUser)(uid=foo\\29bar))' + ) + self.assertEquals( + ldap.escape_str( + escape_dn_chars, + 'uid=%s', + 'foo=bar' + ), + 'uid=foo\\=bar' + ) + self.assertEquals( + ldap.escape_str( + escape_dn_chars, + 'uid=%s,cn=%s,cn=%s,dc=example,dc=com', + 'foo=bar', + 'foo+', + '+bar', + ), + 'uid=foo\\=bar,cn=foo\\+,cn=\\+bar,dc=example,dc=com' + ) + + +if __name__ == '__main__': + unittest.main() From 3fb192f92740a7cf60a28d823291760688a9ed69 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:40:17 +0000 Subject: [PATCH 269/868] tests for ldap.dn.is_dn() --- Tests/t_ldap_dn.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 Tests/t_ldap_dn.py diff --git a/Tests/t_ldap_dn.py b/Tests/t_ldap_dn.py new file mode 100644 index 0000000..553e2e5 --- /dev/null +++ b/Tests/t_ldap_dn.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +""" +Automatic tests for module ldap.functions +""" + +# from Python's standard lib +import unittest + +# from python-ldap +import ldap.dn + + +class TestDN(unittest.TestCase): + """ + test ldap.functions + """ + + def test_is_dn(self): + """ + test function is_dn() + """ + self.assertEquals(ldap.dn.is_dn('foobar,ou=ae-dir'), False) + self.assertEquals(ldap.dn.is_dn('uid=xkcd,cn=foobar,ou=ae-dir'), True) + + +if __name__ == '__main__': + unittest.main() From a2e29cfb419fc82ee443f129d2cb57a903b676e3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:42:17 +0000 Subject: [PATCH 270/868] fixed ldap.dn.is_dn() --- Lib/ldap/dn.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py index e3dbca6..0abd6a5 100644 --- a/Lib/ldap/dn.py +++ b/Lib/ldap/dn.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: dn.py,v 1.13 2015/06/06 09:21:37 stroeder Exp $ +\$Id: dn.py,v 1.14 2016/07/24 15:42:17 stroeder Exp $ Compability: - Tested with Python 2.0+ @@ -116,8 +116,8 @@ def is_dn(s): distinguished host_name (DN), otherwise False is returned. """ try: - dn2str(s) - except Exception: + str2dn(s) + except Exception, err: return False else: return True From f74f85807b2f3286bab78f272487c4959fda4633 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:43:03 +0000 Subject: [PATCH 271/868] fixed ldap.dn.is_dn.__doc__ --- Lib/ldap/dn.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py index 0abd6a5..45950e5 100644 --- a/Lib/ldap/dn.py +++ b/Lib/ldap/dn.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: dn.py,v 1.14 2016/07/24 15:42:17 stroeder Exp $ +\$Id: dn.py,v 1.15 2016/07/24 15:43:03 stroeder Exp $ Compability: - Tested with Python 2.0+ @@ -112,7 +112,7 @@ def explode_rdn(rdn,notypes=0,flags=0): def is_dn(s): """ - Returns True is `s' can be parsed by ldap.dn.dn2str() like as a + Returns True is `s' can be parsed by ldap.dn.str2dn() like as a distinguished host_name (DN), otherwise False is returned. """ try: From 42fbf211d4764eaf8404ba84402db22f3e3f729e Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:47:46 +0000 Subject: [PATCH 272/868] HTTPS URL to www.python-ldap.org --- Doc/dsml.rst | 4 ++-- Doc/ldap-controls.rst | 4 ++-- Doc/ldap-dn.rst | 4 ++-- Doc/ldap-filter.rst | 4 ++-- Doc/ldap-resiter.rst | 4 ++-- Doc/ldap.rst | 4 ++-- Doc/ldapurl.rst | 4 ++-- Doc/ldif.rst | 4 ++-- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Doc/dsml.rst b/Doc/dsml.rst index 3e9bcbf..a3225c8 100644 --- a/Doc/dsml.rst +++ b/Doc/dsml.rst @@ -1,4 +1,4 @@ -.. % $Id: dsml.rst,v 1.5 2011/07/28 09:05:10 stroeder Exp $ +.. % $Id: dsml.rst,v 1.6 2016/07/24 15:47:46 stroeder Exp $ *************************************** :mod:`dsml` DSMLv1 parser and generator @@ -6,7 +6,7 @@ .. :py:module:: dsml :synopsis: Parses and generates DSMLv1 files -.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module parses and generates LDAP data in the format DSMLv1. It is diff --git a/Doc/ldap-controls.rst b/Doc/ldap-controls.rst index f006bae..fb9cbce 100644 --- a/Doc/ldap-controls.rst +++ b/Doc/ldap-controls.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-controls.rst,v 1.12 2015/12/09 17:57:18 stroeder Exp $ +.. % $Id: ldap-controls.rst,v 1.13 2016/07/24 15:47:46 stroeder Exp $ ********************************************************************* @@ -7,7 +7,7 @@ .. py:module:: ldap.controls :synopsis: High-level access to LDAPv3 extended controls. -.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) Variables diff --git a/Doc/ldap-dn.rst b/Doc/ldap-dn.rst index 81b6ba7..80c5b81 100644 --- a/Doc/ldap-dn.rst +++ b/Doc/ldap-dn.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-dn.rst,v 1.6 2011/07/22 07:43:45 stroeder Exp $ +.. % $Id: ldap-dn.rst,v 1.7 2016/07/24 15:47:46 stroeder Exp $ :py:mod:`ldap.dn` LDAP Distinguished Name handling @@ -6,7 +6,7 @@ .. py:module:: ldap.dn :synopsis: LDAP Distinguished Name handling. -.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. % Author of the module code; diff --git a/Doc/ldap-filter.rst b/Doc/ldap-filter.rst index 8295792..bb484a8 100644 --- a/Doc/ldap-filter.rst +++ b/Doc/ldap-filter.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-filter.rst,v 1.4 2011/07/21 20:33:26 stroeder Exp $ +.. % $Id: ldap-filter.rst,v 1.5 2016/07/24 15:47:46 stroeder Exp $ :py:mod:`ldap.filter` LDAP filter handling @@ -6,7 +6,7 @@ .. py:module:: ldap.filter :synopsis: LDAP filter handling. -.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. % Author of the module code; diff --git a/Doc/ldap-resiter.rst b/Doc/ldap-resiter.rst index 443ded5..4c854fa 100644 --- a/Doc/ldap-resiter.rst +++ b/Doc/ldap-resiter.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-resiter.rst,v 1.5 2011/08/27 15:43:06 stroeder Exp $ +.. % $Id: ldap-resiter.rst,v 1.6 2016/07/24 15:47:46 stroeder Exp $ :py:mod:`ldap.resiter` Generator for stream-processing of large search results @@ -6,7 +6,7 @@ .. py:module:: ldap.resiter :synopsis: Generator for stream-processing of large search results. -.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. _ldap.resiter-classes: diff --git a/Doc/ldap.rst b/Doc/ldap.rst index 2eb971e..8016b23 100644 --- a/Doc/ldap.rst +++ b/Doc/ldap.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap.rst,v 1.32 2016/02/09 11:58:30 stroeder Exp $ +.. % $Id: ldap.rst,v 1.33 2016/07/24 15:47:46 stroeder Exp $ ******************************************** :py:mod:`ldap` LDAP library interface module @@ -7,7 +7,7 @@ .. py:module:: ldap :platform: Posix, Windows :synopsis: Access to an underlying LDAP C library. -.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module provides access to the LDAP (Lightweight Directory Access Protocol) diff --git a/Doc/ldapurl.rst b/Doc/ldapurl.rst index b5bea92..d1f8ede 100644 --- a/Doc/ldapurl.rst +++ b/Doc/ldapurl.rst @@ -1,4 +1,4 @@ -.. % $Id: ldapurl.rst,v 1.9 2011/07/22 13:27:01 stroeder Exp $ +.. % $Id: ldapurl.rst,v 1.10 2016/07/24 15:47:46 stroeder Exp $ ################################### :py:mod:`ldapurl` LDAP URL handling @@ -6,7 +6,7 @@ .. py:module:: ldapurl :synopsis: Parses and generates LDAP URLs -.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module parses and generates LDAP URLs. It is implemented in pure Python diff --git a/Doc/ldif.rst b/Doc/ldif.rst index 19edf58..0bf28e1 100644 --- a/Doc/ldif.rst +++ b/Doc/ldif.rst @@ -1,4 +1,4 @@ -.. % $Id: ldif.rst,v 1.8 2011/09/14 18:29:18 stroeder Exp $ +.. % $Id: ldif.rst,v 1.9 2016/07/24 15:47:46 stroeder Exp $ ##################################### :mod:`ldif` LDIF parser and generator @@ -6,7 +6,7 @@ .. py:module:: ldif :synopsis: Parses and generates LDIF files -.. moduleauthor:: python-ldap project (see http://www.python-ldap.org/) +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module parses and generates LDAP data in the format LDIF. It is From 25c5b66937346ff733b03549092fb7fa3eaa9467 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:52:26 +0000 Subject: [PATCH 273/868] added ldap.dn.is_dn() --- Doc/ldap-dn.rst | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Doc/ldap-dn.rst b/Doc/ldap-dn.rst index 80c5b81..c6456e8 100644 --- a/Doc/ldap-dn.rst +++ b/Doc/ldap-dn.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap-dn.rst,v 1.7 2016/07/24 15:47:46 stroeder Exp $ +.. % $Id: ldap-dn.rst,v 1.8 2016/07/24 15:52:26 stroeder Exp $ :py:mod:`ldap.dn` LDAP Distinguished Name handling @@ -79,6 +79,12 @@ The :mod:`ldap.dn` module defines the following functions: .. % -> list +.. function:: is_dn(dn[, flags=0]) + + This function checks whether *dn* is a valid LDAP distinguished name by + passing it to function :func:`str2dn`. + + .. % -> boolean .. _ldap-dn-example: From e9fca605a7933810741236aeec655f0e902bf2a5 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:53:56 +0000 Subject: [PATCH 274/868] Fixed ldap.dn.is_dn() --- CHANGES | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 74f02de..2c1ff6b 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,7 @@ Lib/ * Refactored ldif.LDIFParser * ldif.LDIFParser.version ís now Integer * ignore multiple empty lines between records +* Fixed ldap.dn.is_dn() Modules/ * Fixed #69 Segmentation fault on whoami_s after unbind @@ -1267,4 +1268,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.383 2016/07/24 15:14:56 stroeder Exp $ +$Id: CHANGES,v 1.384 2016/07/24 15:53:56 stroeder Exp $ From b7b599907902d0a71fac643c7ab604d5a4c8dc1e Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:58:26 +0000 Subject: [PATCH 275/868] is_dn() now also accepts flags and passes it to str2dn() --- Lib/ldap/dn.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py index 45950e5..569b296 100644 --- a/Lib/ldap/dn.py +++ b/Lib/ldap/dn.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: dn.py,v 1.15 2016/07/24 15:43:03 stroeder Exp $ +\$Id: dn.py,v 1.16 2016/07/24 15:58:26 stroeder Exp $ Compability: - Tested with Python 2.0+ @@ -110,14 +110,14 @@ def explode_rdn(rdn,notypes=0,flags=0): return ['='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn_decomp] -def is_dn(s): +def is_dn(s,flags=0): """ Returns True is `s' can be parsed by ldap.dn.str2dn() like as a distinguished host_name (DN), otherwise False is returned. """ try: - str2dn(s) - except Exception, err: + str2dn(s,flags) + except Exception: return False else: return True From 33f0ab370c0723ee88abd69576de38699a8a0ea1 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 15:59:45 +0000 Subject: [PATCH 276/868] fixed __doc__ --- Tests/t_ldap_dn.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/t_ldap_dn.py b/Tests/t_ldap_dn.py index 553e2e5..2183d3a 100644 --- a/Tests/t_ldap_dn.py +++ b/Tests/t_ldap_dn.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- """ -Automatic tests for module ldap.functions +Automatic tests for module ldap.dn """ # from Python's standard lib From 926ee07eb372ff9250cbd66d4e9c5153323a521b Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 16:03:46 +0000 Subject: [PATCH 277/868] tests for ldap.filter --- Tests/t_ldap_filter.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 Tests/t_ldap_filter.py diff --git a/Tests/t_ldap_filter.py b/Tests/t_ldap_filter.py new file mode 100644 index 0000000..9ba3f5a --- /dev/null +++ b/Tests/t_ldap_filter.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +""" +Automatic tests for module ldap.filter +""" + +# from Python's standard lib +import unittest + +# from python-ldap +from ldap.filter import escape_filter_chars + + +class TestDN(unittest.TestCase): + """ + test ldap.functions + """ + + def test_escape_filter_chars(self): + """ + test function is_dn() + """ + self.assertEquals(escape_filter_chars(r'foobar'), 'foobar') + self.assertEquals(escape_filter_chars(r'foo\bar'), r'foo\5cbar') + + +if __name__ == '__main__': + unittest.main() From 82e1985ac92cc66a1761defc711b3a3bee93efbe Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 16:05:28 +0000 Subject: [PATCH 278/868] added some more test scripts for ldap.dn, ldap.filter and ldap.functions --- CHANGES | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 2c1ff6b..9084485 100644 --- a/CHANGES +++ b/CHANGES @@ -18,7 +18,7 @@ Lib/ * Fixed ldap.dn.is_dn() Modules/ -* Fixed #69 Segmentation fault on whoami_s after unbind +* Fixed #69 Segmentation fault on whoami_s after unbind (thanks to Christian Heimes and Petr Viktorin) Tests/ @@ -30,6 +30,8 @@ Tests/ * Tests/t_ldapurl.py now independent of module ldap * Tests/t_ldif.py now has more test-cases also for change records +* added some more test scripts for sub-modules ldap.dn, ldap.filter and + ldap.functions (not complete yet) ---------------------------------------------------------------- Released 2.4.25 2016-01-18 @@ -59,13 +61,13 @@ Lib/ * LDIFParser now also accepts value-spec without a space after the colon. * Added key-word argument authz_id to LDAPObject methods - sasl_non_interactive_bind_s(), sasl_external_bind_s() and + sasl_non_interactive_bind_s(), sasl_external_bind_s() and sasl_gssapi_bind_s() * Hmmpf! Added missing self to LDAPObject.fileno(). * ReconnectLDAPObject.sasl_bind_s() now correctly uses generic wrapper arguments *args,**kwargs * Correct method name LDIFParser.handle_modify() -* Corrected __all__ in modules ldap.controls.pwdpolicy and +* Corrected __all__ in modules ldap.controls.pwdpolicy and ldap.controls.openldap Doc/ @@ -77,11 +79,11 @@ Released 2.4.21 2015-09-25 Changes since 2.4.20: Lib/ -* LDAPObject.read_s() now returns None instead of raising +* LDAPObject.read_s() now returns None instead of raising ldap.NO_SUCH_OBJECT in case the search operation returned emtpy result. * ldap.resiter.ResultProcessor.allresults() now takes new key-word argument add_ctrls which is internally passed to LDAPObject.result4() - and lets the method also return response control along with the search + and lets the method also return response control along with the search results. * Added ldap.controls.deref implementing support for dereference control @@ -97,7 +99,7 @@ Changes since 2.4.19: to intercept the SASL handshake (thanks to René Kijewski) Modules/ -* Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and +* Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and ldap.AUTH_METHOD_NOT_SUPPORTED Lib/ @@ -1268,4 +1270,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.384 2016/07/24 15:53:56 stroeder Exp $ +$Id: CHANGES,v 1.385 2016/07/24 16:05:28 stroeder Exp $ From d4ae0269fbc7cbf026ab3b59d661fb3b2b733660 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 16:10:51 +0000 Subject: [PATCH 279/868] test escape_filter_chars() with all possible escape_mode values --- Tests/t_ldap_filter.py | 45 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 4 deletions(-) diff --git a/Tests/t_ldap_filter.py b/Tests/t_ldap_filter.py index 9ba3f5a..2fe1f2f 100644 --- a/Tests/t_ldap_filter.py +++ b/Tests/t_ldap_filter.py @@ -15,12 +15,49 @@ class TestDN(unittest.TestCase): test ldap.functions """ - def test_escape_filter_chars(self): + def test_escape_filter_chars_mode0(self): """ - test function is_dn() + test function escape_filter_chars() with escape_mode=0 """ - self.assertEquals(escape_filter_chars(r'foobar'), 'foobar') - self.assertEquals(escape_filter_chars(r'foo\bar'), r'foo\5cbar') + self.assertEquals( + escape_filter_chars(r'foobar'), + 'foobar' + ) + self.assertEquals( + escape_filter_chars(r'foo\bar'), + r'foo\5cbar' + ) + self.assertEquals( + escape_filter_chars( + r'foo\bar', + escape_mode=0 + ), + r'foo\5cbar' + ) + + def test_escape_filter_chars_mode1(self): + """ + test function escape_filter_chars() with escape_mode=1 + """ + self.assertEquals( + escape_filter_chars( + '\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f', + escape_mode=1 + ), + r'\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f' + ) + + def test_escape_filter_chars_mode2(self): + """ + test function escape_filter_chars() with escape_mode=2 + """ + self.assertEquals( + escape_filter_chars( + 'foobar', + escape_mode=2 + ), + r'\66\6f\6f\62\61\72' + ) if __name__ == '__main__': From 7d1a375c8fb56194b19d6060fcb17629a3ba315e Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 16:12:55 +0000 Subject: [PATCH 280/868] HTTPS URL to www.python-ldap.org --- Doc/ldap.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/ldap.rst b/Doc/ldap.rst index 8016b23..7f7380e 100644 --- a/Doc/ldap.rst +++ b/Doc/ldap.rst @@ -1,4 +1,4 @@ -.. % $Id: ldap.rst,v 1.33 2016/07/24 15:47:46 stroeder Exp $ +.. % $Id: ldap.rst,v 1.34 2016/07/24 16:12:55 stroeder Exp $ ******************************************** :py:mod:`ldap` LDAP library interface module @@ -23,7 +23,7 @@ and errors appear as exceptions. This documentation is current for the Python LDAP module, version |release|. Source and binaries are available from -http://www.python-ldap.org/. +https://www.python-ldap.org/. Functions From 01693164af9a601660af610bff1d02037756375a Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 16:22:32 +0000 Subject: [PATCH 281/868] added methods read_rootdse_s() and get_naming_contexts() --- CHANGES | 4 +++- Lib/ldap/ldapobject.py | 22 +++++++++++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 9084485..4ebc8ce 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,8 @@ Lib/ * LDAPObject.unbind_ext() now removes class attribute LDAPObject._l to completely invalidate C wrapper object * LDAPObject.unbind_ext() now flushes trace file +* ldap.ldapobject.SimpleLDAPObject: + added convenience methods read_rootdse_s() and get_naming_contexts() * added functions ldap.strf_secs() and ldap.strp_secs() * added function ldap.filter.time_span_filter() * Refactored ldif.LDIFParser @@ -1270,4 +1272,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.385 2016/07/24 16:05:28 stroeder Exp $ +$Id: CHANGES,v 1.386 2016/07/24 16:24:44 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 94b7a90..13ea9e5 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.155 2016/07/17 14:49:22 stroeder Exp $ +\$Id: ldapobject.py,v 1.156 2016/07/24 16:22:32 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -745,6 +745,26 @@ def find_unique_entry(self,base,scope=ldap.SCOPE_SUBTREE,filterstr='(objectClass raise NO_UNIQUE_ENTRY('No or non-unique search result for %s' % (repr(filterstr))) return r[0] + def read_rootdse_s(self, filterstr='(objectClass=*)', attrlist=None): + """ + convenience wrapper around read_s() for reading rootDSE + """ + ldap_rootdse = self.read_s( + '', + filterstr=filterstr, + attrlist=attrlist or ['*', '+'], + ) + return ldap_rootdse # read_rootdse_s() + + def get_naming_contexts(self): + """ + returns all attribute values of namingContexts in rootDSE + if namingContexts is not present (not readable) then empty list is returned + """ + return self.read_rootdse_s( + attrlist=['namingContexts'] + ).get('namingContexts', []) + class NonblockingLDAPObject(SimpleLDAPObject): From 704cd3c21220df13d0a96b8454002cb7e89df49c Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 16:27:50 +0000 Subject: [PATCH 282/868] wording --- CHANGES | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 4ebc8ce..82135e8 100644 --- a/CHANGES +++ b/CHANGES @@ -11,7 +11,7 @@ Lib/ LDAPObject._l to completely invalidate C wrapper object * LDAPObject.unbind_ext() now flushes trace file * ldap.ldapobject.SimpleLDAPObject: - added convenience methods read_rootdse_s() and get_naming_contexts() + added convenience methods read_rootdse_s() and get_naming_contexts() * added functions ldap.strf_secs() and ldap.strp_secs() * added function ldap.filter.time_span_filter() * Refactored ldif.LDIFParser @@ -30,8 +30,7 @@ Tests/ hard-coded /var/tmp * Tests/slapd.py now expects schema to be in /etc/openldap/ * Tests/t_ldapurl.py now independent of module ldap -* Tests/t_ldif.py now has more test-cases also - for change records +* Tests/t_ldif.py now has more test-cases including change records * added some more test scripts for sub-modules ldap.dn, ldap.filter and ldap.functions (not complete yet) @@ -1272,4 +1271,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.386 2016/07/24 16:24:44 stroeder Exp $ +$Id: CHANGES,v 1.387 2016/07/24 16:27:50 stroeder Exp $ From e50de299ad48ca811eaea5365b8adfa76e160c32 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 24 Jul 2016 16:35:22 +0000 Subject: [PATCH 283/868] set release date --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 82135e8..4f6b182 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.26 2016-xx-xx +Released 2.4.26 2016-07-24 Changes since 2.4.25: @@ -1271,4 +1271,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.387 2016/07/24 16:27:50 stroeder Exp $ +$Id: CHANGES,v 1.388 2016/07/24 16:35:22 stroeder Exp $ From 69e7aa9db55220f4ed85ee8f328abf939c82ee77 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 25 Jul 2016 08:11:49 +0000 Subject: [PATCH 284/868] started 2.4.27 --- CHANGES | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 4f6b182..b54e904 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,11 @@ +---------------------------------------------------------------- +Released 2.4.27 2016-07-xx + +Changes since 2.4.26: + +Lib/ +* + ---------------------------------------------------------------- Released 2.4.26 2016-07-24 @@ -1271,4 +1279,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.388 2016/07/24 16:35:22 stroeder Exp $ +$Id: CHANGES,v 1.389 2016/07/25 08:11:49 stroeder Exp $ From 850add0c4805465ec65e73c85af05347cf494a97 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 25 Jul 2016 08:15:14 +0000 Subject: [PATCH 285/868] added 'strf_secs' and 'strp_secs' to ldap.functions.__all__ --- CHANGES | 4 ++-- Lib/ldap/functions.py | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index b54e904..32a0114 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,7 @@ Released 2.4.27 2016-07-xx Changes since 2.4.26: Lib/ -* +* added 'strf_secs' and 'strp_secs' to ldap.functions.__all__ ---------------------------------------------------------------- Released 2.4.26 2016-07-24 @@ -1279,4 +1279,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.389 2016/07/25 08:11:49 stroeder Exp $ +$Id: CHANGES,v 1.390 2016/07/25 08:15:14 stroeder Exp $ diff --git a/Lib/ldap/functions.py b/Lib/ldap/functions.py index 3e04744..b0af7ee 100644 --- a/Lib/ldap/functions.py +++ b/Lib/ldap/functions.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: functions.py,v 1.32 2016/07/17 15:12:58 stroeder Exp $ +\$Id: functions.py,v 1.33 2016/07/25 08:15:14 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -25,6 +25,7 @@ 'explode_dn','explode_rdn', 'get_option','set_option', 'escape_str', + 'strf_secs','strp_secs', ] import sys,pprint,time,_ldap,ldap From 810f3aa76f927d5c56a0f38417c5775d0cf4e1ea Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 27 Jul 2016 09:31:30 +0000 Subject: [PATCH 286/868] 1. Added TestEntryRecords.test_missing_trailing_line_separator() 2. avoid adding trailing new-line in TestLDIFParser.check_records() which masks some corner-cases 3. TestChangeRecords: renamed method test_missing_trailing_separator() to test_missing_trailing_dash_separator() --- Tests/t_ldif.py | 57 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 52 insertions(+), 5 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 7fdc680..900af7b 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.20 2016/07/24 14:57:46 stroeder Exp $ +$Id: t_ldif.py,v 1.21 2016/07/27 09:31:30 stroeder Exp $ """ # from Python's standard lib @@ -75,7 +75,7 @@ def check_records( Checks whether entry records in `ldif_string' gets correctly parsed and matches list of unparsed `records'. """ - ldif_string = textwrap.dedent(ldif_string).lstrip() + '\n' + ldif_string = textwrap.dedent(ldif_string).lstrip() parsed_records = self._parse_records( ldif_string, ignored_attr_types=ignored_attr_types, @@ -87,8 +87,8 @@ def check_records( ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) - self.assertEqual(parsed_records, records) - self.assertEqual(parsed_records2, records) + self.assertEqual(records, parsed_records) + self.assertEqual(records, parsed_records2) class TestEntryRecords(TestLDIFParser): @@ -114,6 +114,7 @@ def test_simple(self): dn: cn=x,cn=y,cn=z attrib: value attrib: value2 + """, [ ( @@ -131,6 +132,7 @@ def test_simple2(self): dn:cn=x,cn=y,cn=z attrib:value attrib:value2 + """, [ ( @@ -154,6 +156,7 @@ def test_multiple(self): attrib: value2 attrib: value3 b: v + """, [ ( @@ -182,6 +185,7 @@ def test_folded(self): line-folded\x20 value attrib2: %s + """ % (b'asdf.'*20), [ ( 'cn=x,cn=y,cn=z', @@ -201,6 +205,7 @@ def test_empty_attr_values(self): attrib1: foo attrib2: attrib2: foo + """, [ ( @@ -218,6 +223,7 @@ def test_binary(self): """ dn: cn=x,cn=y,cn=z attrib:: CQAKOiVA + """, [ ( @@ -234,6 +240,7 @@ def test_binary2(self): """ dn: cn=x,cn=y,cn=z attrib::CQAKOiVA + """, [ ( @@ -248,6 +255,7 @@ def test_unicode(self): """ dn: cn=Michael Stroeder,dc=stroeder,dc=com lastname: Ströder + """, [ ( @@ -264,6 +272,7 @@ def test_sorted(self): b: value_b c: value_c a: value_a + """, [ ( @@ -284,6 +293,7 @@ def test_ignored_attr_types(self): a: value_a b: value_b c: value_c + """, [ ( @@ -374,6 +384,39 @@ def test_max_entries(self): max_entries=2 ) + def test_missing_trailing_line_separator(self): + self.check_records( + """ + dn: cn=x1,cn=y1,cn=z1 + first: value_a1 + middle: value_b1 + last: value_c1 + + dn: cn=x2,cn=y2,cn=z2 + first: value_a2 + middle: value_b2 + last: value_c2 + """, + [ + ( + 'cn=x1,cn=y1,cn=z1', + { + 'first': [b'value_a1'], + 'middle': [b'value_b1'], + 'last': [b'value_c1'], + } + ), + ( + 'cn=x2,cn=y2,cn=z2', + { + 'first': [b'value_a2'], + 'middle': [b'value_b2'], + 'last': [b'value_c2'], + } + ), + ], + ) + def test_multiple_empty_lines(self): """ see http://sourceforge.net/p/python-ldap/feature-requests/18/ @@ -385,9 +428,11 @@ def test_multiple_empty_lines(self): uid: one + # after extra empty line dn: uid=two,dc=tld uid: two + """, [ ( @@ -452,7 +497,7 @@ def test_simple(self): ], ) - def test_missing_trailing_separator(self): + def test_missing_trailing_dash_separator(self): self.check_records( """ version: 1 @@ -466,6 +511,7 @@ def test_missing_trailing_separator(self): add: attrib2 attrib2: value attrib2: value2 + """, [ ( @@ -486,6 +532,7 @@ def test_bad_change_records(self): replace: attrib attrib: value attrib: value2 + """, ): ldif_string = textwrap.dedent(bad_ldif_string).lstrip() + '\n' From 8145792b39a48439603e2e78b8e439dc7c17ddda Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 30 Jul 2016 16:18:47 +0000 Subject: [PATCH 287/868] bump __version__ to 2.4.27 --- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Lib/dsml.py b/Lib/dsml.py index 845d784..1796620 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.43 2016/01/26 10:43:24 stroeder Exp $ +$Id: dsml.py,v 1.44 2016/07/30 16:18:47 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.26' +__version__ = '2.4.27' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 0cb29f1..5e40bad 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.104 2016/07/17 15:12:58 stroeder Exp $ +$Id: __init__.py,v 1.105 2016/07/30 16:18:47 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.26' +__version__ = '2.4.27' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index b9e78a8..0eea425 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.79 2016/07/17 19:44:19 stroeder Exp $ +\$Id: ldapurl.py,v 1.80 2016/07/30 16:18:47 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.26' +__version__ = '2.4.27' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index bae4b76..8afea75 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.97 2016/07/17 19:38:32 stroeder Exp $ +$Id: ldif.py,v 1.98 2016/07/30 16:18:47 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.26' +__version__ = '2.4.27' __all__ = [ # constants From 7b521f85c0a2bdd39fd808ca32192c8a4fa0d8af Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 30 Jul 2016 17:15:22 +0000 Subject: [PATCH 288/868] added method test_weird_empty_lines() in classes TestEntryRecords and TestChangeRecords --- Tests/t_ldif.py | 108 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 105 insertions(+), 3 deletions(-) diff --git a/Tests/t_ldif.py b/Tests/t_ldif.py index 900af7b..e8a8399 100644 --- a/Tests/t_ldif.py +++ b/Tests/t_ldif.py @@ -4,7 +4,7 @@ See http://www.python-ldap.org/ for details. -$Id: t_ldif.py,v 1.21 2016/07/27 09:31:30 stroeder Exp $ +$Id: t_ldif.py,v 1.22 2016/07/30 17:15:22 stroeder Exp $ """ # from Python's standard lib @@ -395,8 +395,46 @@ def test_missing_trailing_line_separator(self): dn: cn=x2,cn=y2,cn=z2 first: value_a2 middle: value_b2 - last: value_c2 - """, + last: value_c2""", + [ + ( + 'cn=x1,cn=y1,cn=z1', + { + 'first': [b'value_a1'], + 'middle': [b'value_b1'], + 'last': [b'value_c1'], + } + ), + ( + 'cn=x2,cn=y2,cn=z2', + { + 'first': [b'value_a2'], + 'middle': [b'value_b2'], + 'last': [b'value_c2'], + } + ), + ], + ) + + def test_weird_empty_lines(self): + self.check_records( + """ + + # comment before version + + version: 1 + + + dn: cn=x1,cn=y1,cn=z1 + first: value_a1 + middle: value_b1 + last: value_c1 + + + dn: cn=x2,cn=y2,cn=z2 + first: value_a2 + middle: value_b2 + last: value_c2""", [ ( 'cn=x1,cn=y1,cn=z1', @@ -497,6 +535,70 @@ def test_simple(self): ], ) + def test_weird_empty_lines(self): + self.check_records( + """ + + # comment before version + + version: 1 + + + dn: cn=x,cn=y,cn=z + changetype: modify + replace: attrib + attrib: value + attrib: value2 + - + add: attrib2 + attrib2: value + attrib2: value2 + - + delete: attrib3 + attrib3: value + - + delete: attrib4 + - + + + dn: cn=foo,cn=bar + changetype: modify + replace: attrib + attrib: value + attrib: value2 + - + add: attrib2 + attrib2: value + attrib2: value2 + - + delete: attrib3 + attrib3: value + - + delete: attrib4""", + [ + ( + 'cn=x,cn=y,cn=z', + [ + (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), + (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), + ], + None, + ), + ( + 'cn=foo,cn=bar', + [ + (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), + (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), + (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), + ], + None, + ), + ], + ) + def test_missing_trailing_dash_separator(self): self.check_records( """ From 57be6e8fb82e8c7cf02dc3df3315c529bb077ede Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 30 Jul 2016 19:01:59 +0000 Subject: [PATCH 289/868] fixed regression introduced with 2.4.26: ldif.LDIFParser did not accept LDIF entry records without trailing empty separator line --- CHANGES | 5 ++++- Lib/ldif.py | 12 +++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 32a0114..fe8f627 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,9 @@ Changes since 2.4.26: Lib/ * added 'strf_secs' and 'strp_secs' to ldap.functions.__all__ +* fixed regression introduced with 2.4.26: + ldif.LDIFParser did not accept LDIF entry records + without trailing empty separator line ---------------------------------------------------------------- Released 2.4.26 2016-07-24 @@ -1279,4 +1282,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.390 2016/07/25 08:15:14 stroeder Exp $ +$Id: CHANGES,v 1.391 2016/07/30 19:01:59 stroeder Exp $ diff --git a/Lib/ldif.py b/Lib/ldif.py index 8afea75..172d0c3 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.98 2016/07/30 16:18:47 stroeder Exp $ +$Id: ldif.py,v 1.99 2016/07/30 19:01:59 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -297,10 +297,7 @@ def _readline(self): self.line_counter = self.line_counter + 1 self.byte_counter = self.byte_counter + len(s) if not s: - raise EOFError('EOF reached after %d lines (%d bytes)' % ( - self.line_counter, - self.byte_counter, - )) + return None elif s[-2:]=='\r\n': return s[:-2] elif s[-1:]=='\n': @@ -312,6 +309,11 @@ def _unfold_lines(self): """ Unfold several folded lines with trailing space into one line """ + if self._last_line is None: + raise EOFError('EOF reached after %d lines (%d bytes)' % ( + self.line_counter, + self.byte_counter, + )) unfolded_lines = [ self._last_line ] next_line = self._readline() while next_line and next_line[0]==' ': From c1c3f805dd41e8d0f6fa2f70d14765db1b3ca431 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 30 Jul 2016 19:38:05 +0000 Subject: [PATCH 290/868] fixed regression introduced with 2.4.26: ldif.LDIFParser did not fully parse LDIF records without trailing empty separator line --- CHANGES | 6 +++--- Lib/ldif.py | 7 +++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index fe8f627..224bbac 100644 --- a/CHANGES +++ b/CHANGES @@ -6,8 +6,8 @@ Changes since 2.4.26: Lib/ * added 'strf_secs' and 'strp_secs' to ldap.functions.__all__ * fixed regression introduced with 2.4.26: - ldif.LDIFParser did not accept LDIF entry records - without trailing empty separator line + ldif.LDIFParser did not fully parse LDIF records without trailing empty + separator line ---------------------------------------------------------------- Released 2.4.26 2016-07-24 @@ -1282,4 +1282,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.391 2016/07/30 19:01:59 stroeder Exp $ +$Id: CHANGES,v 1.392 2016/07/30 19:38:05 stroeder Exp $ diff --git a/Lib/ldif.py b/Lib/ldif.py index 172d0c3..2b3158c 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.99 2016/07/30 19:01:59 stroeder Exp $ +$Id: ldif.py,v 1.100 2016/07/30 19:38:05 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. @@ -500,7 +500,10 @@ def parse_change_records(self): # we now have the attribute name to be modified modattr = v modvalues = [] - k,v = next_key_and_value() + try: + k,v = next_key_and_value() + except EOFError: + k,v = None,None while k==modattr: modvalues.append(v) try: From 11bb0a4a19948c5cf77489cdd7c1527fe0f30030 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 1 Aug 2016 10:13:01 +0000 Subject: [PATCH 291/868] bump __version__ to 2.4.27 --- Doc/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/conf.py b/Doc/conf.py index 72fc8bb..7fa6e6a 100644 --- a/Doc/conf.py +++ b/Doc/conf.py @@ -11,7 +11,7 @@ # All configuration values have a default value; values that are commented out # serve to show the default value. # -# $Id: conf.py,v 1.24 2016/02/29 17:05:43 stroeder Exp $ +# $Id: conf.py,v 1.25 2016/08/01 10:13:01 stroeder Exp $ import sys @@ -44,7 +44,7 @@ # The short X.Y version. version = '2.4' # The full version, including alpha/beta/rc tags. -release = '2.4.26.0' +release = '2.4.27.0' # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: From 05d51d3c9bd682718dbb642168fad1ca400476a1 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 1 Aug 2016 10:15:39 +0000 Subject: [PATCH 292/868] prepare release 2.4.27 --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 224bbac..c9aab1c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.27 2016-07-xx +Released 2.4.27 2016-08-01 Changes since 2.4.26: @@ -1282,4 +1282,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.392 2016/07/30 19:38:05 stroeder Exp $ +$Id: CHANGES,v 1.393 2016/08/01 10:15:39 stroeder Exp $ From eefffebd19e2e64119f715f0b00c394900a9ad0d Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 13 Aug 2016 09:44:08 +0000 Subject: [PATCH 293/868] added classifier 'Programming Language :: Python :: 2' --- setup.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 2cc776b..d738632 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: setup.py,v 1.75 2016/04/07 20:17:16 stroeder Exp $ +$Id: setup.py,v 1.76 2016/08/13 09:44:08 stroeder Exp $ """ has_setuptools = False @@ -103,6 +103,7 @@ class OpenLDAP2: 'Operating System :: POSIX', 'Programming Language :: C', 'Programming Language :: Python', + 'Programming Language :: Python :: 2', 'Topic :: Database', 'Topic :: Internet', 'Topic :: Software Development :: Libraries :: Python Modules', From 79b99224a4796ad9d5f966bb123027a15c66e49d Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 26 Sep 2016 22:05:44 +0000 Subject: [PATCH 294/868] added example script which finds highest uidNumber/gidNumber values --- Demo/pyasn1/sss_highest_number.py | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 Demo/pyasn1/sss_highest_number.py diff --git a/Demo/pyasn1/sss_highest_number.py b/Demo/pyasn1/sss_highest_number.py new file mode 100644 index 0000000..9b1003a --- /dev/null +++ b/Demo/pyasn1/sss_highest_number.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python +""" +This sample script demonstrates the use of the server-side-sorting control +(see RFC 2891) + +Requires module pyasn1 (see http://pyasn1.sourceforge.net/) +""" + +import pprint,ldap + +from ldap.controls.sss import SSSRequestControl + +uri = "ldap://ipa.demo1.freeipa.org" + +l = ldap.initialize(uri,trace_level=0) +l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') + +for id_attr in ('uidNumber','gidNumber'): + sss_control = SSSRequestControl(ordering_rules=['-%s' % (id_attr)]) + ldap_result = l.search_ext_s( + 'dc=demo1,dc=freeipa,dc=org', + ldap.SCOPE_SUBTREE, + '(%s=*)' % (id_attr), + attrlist=[id_attr], + serverctrls = [sss_control], + ) + print 'Highest value of %s' % (id_attr) + if ldap_result: + dn,entry = ldap_result[0] + print '->',entry[id_attr] + else: + print 'not found' From b5a5acf5d5a1fa01515e2314a56daf6b0e063481 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 26 Sep 2016 22:06:54 +0000 Subject: [PATCH 295/868] Fixed example in SSSRequestControl.__doc__ --- Lib/ldap/controls/sss.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/ldap/controls/sss.py b/Lib/ldap/controls/sss.py index 95f751e..71bef3d 100644 --- a/Lib/ldap/controls/sss.py +++ b/Lib/ldap/controls/sss.py @@ -5,7 +5,7 @@ See http://www.python-ldap.org/ for project details. -$Id: sss.py,v 1.2 2015/10/24 15:52:23 stroeder Exp $ +$Id: sss.py,v 1.3 2016/09/26 22:06:54 stroeder Exp $ """ __all__ = [ @@ -48,7 +48,7 @@ class SortKeyListType(univ.SequenceOf): class SSSRequestControl(RequestControl): '''Order result server side - >>> s = SSSRequestControl('-cn') + >>> s = SSSRequestControl(ordering_rules=['-cn']) ''' controlType = '1.2.840.113556.1.4.473' From dbc6eec3145a53c85f2a28d8088ce65652709a55 Mon Sep 17 00:00:00 2001 From: stroeder Date: Mon, 26 Sep 2016 22:32:14 +0000 Subject: [PATCH 296/868] async search to deal with ldap.SIZELIMIT_EXCEEDED, added comments --- Demo/pyasn1/sss_highest_number.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Demo/pyasn1/sss_highest_number.py b/Demo/pyasn1/sss_highest_number.py index 9b1003a..fb19fdd 100644 --- a/Demo/pyasn1/sss_highest_number.py +++ b/Demo/pyasn1/sss_highest_number.py @@ -8,22 +8,38 @@ import pprint,ldap +from ldap.ldapobject import LDAPObject from ldap.controls.sss import SSSRequestControl +from ldap.resiter import ResultProcessor + +class MyLDAPObject(LDAPObject,ResultProcessor): + pass uri = "ldap://ipa.demo1.freeipa.org" -l = ldap.initialize(uri,trace_level=0) +l = MyLDAPObject(uri,trace_level=0) l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') for id_attr in ('uidNumber','gidNumber'): + # reverse sorting request control sss_control = SSSRequestControl(ordering_rules=['-%s' % (id_attr)]) - ldap_result = l.search_ext_s( + # send search request + msg_id = l.search_ext( 'dc=demo1,dc=freeipa,dc=org', ldap.SCOPE_SUBTREE, '(%s=*)' % (id_attr), attrlist=[id_attr], + sizelimit=1, serverctrls = [sss_control], ) + # collect result + ldap_result = [] + try: + for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id,add_ctrls=0): + ldap_result.extend(res_data) + except ldap.SIZELIMIT_EXCEEDED: + pass + # print result print 'Highest value of %s' % (id_attr) if ldap_result: dn,entry = ldap_result[0] From 49755d0a0d7625170243552ab9c043db57d1b5d6 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 11 Nov 2016 14:41:07 +0000 Subject: [PATCH 297/868] started 2.4.28 --- CHANGES | 10 +++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index c9aab1c..d205de9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,11 @@ +---------------------------------------------------------------- +Released 2.4.28 2016-11-xx + +Changes since 2.4.27: + +Lib/ +* + ---------------------------------------------------------------- Released 2.4.27 2016-08-01 @@ -1282,4 +1290,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.393 2016/08/01 10:15:39 stroeder Exp $ +$Id: CHANGES,v 1.394 2016/11/11 14:41:07 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 1796620..6527f86 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.44 2016/07/30 16:18:47 stroeder Exp $ +$Id: dsml.py,v 1.45 2016/11/11 14:41:07 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.27' +__version__ = '2.4.28' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 5e40bad..2ff9193 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.105 2016/07/30 16:18:47 stroeder Exp $ +$Id: __init__.py,v 1.106 2016/11/11 14:41:07 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.27' +__version__ = '2.4.28' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 0eea425..179ed48 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.80 2016/07/30 16:18:47 stroeder Exp $ +\$Id: ldapurl.py,v 1.81 2016/11/11 14:41:07 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.27' +__version__ = '2.4.28' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 2b3158c..a96b5a0 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.100 2016/07/30 19:38:05 stroeder Exp $ +$Id: ldif.py,v 1.101 2016/11/11 14:41:07 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.27' +__version__ = '2.4.28' __all__ = [ # constants From d8ada28247b6924f8a4a961c46f59951cf937715 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 11 Nov 2016 14:42:18 +0000 Subject: [PATCH 298/868] added dummy method logging_file_class.flush() because LDAPObject.unbind_ext_s() invokes it --- CHANGES | 5 +++-- Lib/ldap/logger.py | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index d205de9..a758fad 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Released 2.4.28 2016-11-xx Changes since 2.4.27: Lib/ -* +* added dummy method logging_file_class.flush() because + LDAPObject.unbind_ext_s() invokes it ---------------------------------------------------------------- Released 2.4.27 2016-08-01 @@ -1290,4 +1291,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.394 2016/11/11 14:41:07 stroeder Exp $ +$Id: CHANGES,v 1.395 2016/11/11 14:42:18 stroeder Exp $ diff --git a/Lib/ldap/logger.py b/Lib/ldap/logger.py index 16c4d63..d955c2e 100644 --- a/Lib/ldap/logger.py +++ b/Lib/ldap/logger.py @@ -13,4 +13,7 @@ def __init__(self,logging_level): def write(self,msg): logging.log(self._logging_level,msg[:-1]) + def flush(self): + return + logging_file_obj = logging_file_class(logging.DEBUG) From 5c7740a41650d887cc206cedb6a1b9411ab7a28e Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 17 Nov 2016 12:08:30 +0000 Subject: [PATCH 299/868] LDAPObject.unbind_ext_s() now ignores AttributeError in case _trace_file has no flush() method --- CHANGES | 4 +++- Lib/ldap/ldapobject.py | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index a758fad..7300d01 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ Released 2.4.28 2016-11-xx Changes since 2.4.27: Lib/ +* LDAPObject.unbind_ext_s() now ignores AttributeError + in case _trace_file has no flush() method * added dummy method logging_file_class.flush() because LDAPObject.unbind_ext_s() invokes it @@ -1291,4 +1293,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.395 2016/11/11 14:42:18 stroeder Exp $ +$Id: CHANGES,v 1.396 2016/11/17 12:08:30 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 13ea9e5..9b87787 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.156 2016/07/24 16:22:32 stroeder Exp $ +\$Id: ldapobject.py,v 1.157 2016/11/17 12:08:30 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -636,7 +636,10 @@ def unbind_ext_s(self,serverctrls=None,clientctrls=None): result = self.result3(msgid,all=1,timeout=self.timeout) else: result = None - self._trace_file.flush() + try: + self._trace_file.flush() + except AttributeError: + pass return result def unbind(self): From 84ca4ebbbf183b41bb346c70f0d31669618b60c9 Mon Sep 17 00:00:00 2001 From: stroeder Date: Thu, 17 Nov 2016 12:08:59 +0000 Subject: [PATCH 300/868] prepare release 2.4.28 --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 7300d01..51dc96d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ ---------------------------------------------------------------- -Released 2.4.28 2016-11-xx +Released 2.4.28 2016-11-17 Changes since 2.4.27: @@ -1293,4 +1293,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.396 2016/11/17 12:08:30 stroeder Exp $ +$Id: CHANGES,v 1.397 2016/11/17 12:08:59 stroeder Exp $ From 946fe3f414a837521ff80f57d16d48f70ba7e015 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 18 Nov 2016 07:01:45 +0000 Subject: [PATCH 301/868] LDAPObject.unbind_ext_s() invokes LDAPObject._trace_file.flush() only if LDAPObject._trace_level is non-zero and Python is running in debug mode --- CHANGES | 9 ++++++--- Lib/ldap/ldapobject.py | 11 ++++++----- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 51dc96d..2be9953 100644 --- a/CHANGES +++ b/CHANGES @@ -4,9 +4,12 @@ Released 2.4.28 2016-11-17 Changes since 2.4.27: Lib/ +* LDAPObject.unbind_ext_s() invokes LDAPObject._trace_file.flush() + only if LDAPObject._trace_level is non-zero and Python is running + in debug mode * LDAPObject.unbind_ext_s() now ignores AttributeError - in case _trace_file has no flush() method -* added dummy method logging_file_class.flush() because + in case LDAPObject._trace_file has no flush() method +* added dummy method ldap.logger.logging_file_class.flush() because LDAPObject.unbind_ext_s() invokes it ---------------------------------------------------------------- @@ -1293,4 +1296,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.397 2016/11/17 12:08:59 stroeder Exp $ +$Id: CHANGES,v 1.398 2016/11/18 07:01:45 stroeder Exp $ diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py index 9b87787..188405c 100644 --- a/Lib/ldap/ldapobject.py +++ b/Lib/ldap/ldapobject.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapobject.py,v 1.157 2016/11/17 12:08:30 stroeder Exp $ +\$Id: ldapobject.py,v 1.158 2016/11/18 07:01:45 stroeder Exp $ Compability: - Tested with Python 2.0+ but should work with Python 1.5.x @@ -636,10 +636,11 @@ def unbind_ext_s(self,serverctrls=None,clientctrls=None): result = self.result3(msgid,all=1,timeout=self.timeout) else: result = None - try: - self._trace_file.flush() - except AttributeError: - pass + if __debug__ and self._trace_level>=1: + try: + self._trace_file.flush() + except AttributeError: + pass return result def unbind(self): From 29e740fbe93a5fd5c3ca76faa394ae4681eb9e65 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 11 Dec 2016 17:11:27 +0000 Subject: [PATCH 302/868] TestLDAPUrl.test_bad_urls(): One bad URL per line, put every failed URL into a list to be displayed with self.fail() --- Tests/t_ldapurl.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/Tests/t_ldapurl.py b/Tests/t_ldapurl.py index aef53aa..d1b09c8 100644 --- a/Tests/t_ldapurl.py +++ b/Tests/t_ldapurl.py @@ -215,9 +215,20 @@ def test_parse_extensions_novalue(self): self.assertNone(u.who) def test_bad_urls(self): - for bad in ("", "ldap:", "ldap:/", ":///", "://", "///", "//", "/", + failed_urls = [] + for bad in ( + "", + "ldap:", + "ldap:/", + ":///", + "://", + "///", + "//", + "/", "ldap:///?????", # extension can't start with '?' - "LDAP://", "invalid://", "ldap:///??invalid", + "LDAP://", + "invalid://", + "ldap:///??invalid", #XXX-- the following should raise exceptions! "ldap://:389/", # [host [COLON port]] "ldap://a:/", # [host [COLON port]] @@ -239,7 +250,9 @@ def test_bad_urls(self): except ValueError: pass else: - self.fail("should have raised ValueError: %r" % bad) + failed_urls.append(bad) + if failed_urls: + self.fail("These LDAP URLs should have raised ValueError: %r" % failed_urls) if __name__ == '__main__': unittest.main() From 9306a8eda79e09ef2c48406a6b49c898d93d6ce0 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sun, 11 Dec 2016 17:14:29 +0000 Subject: [PATCH 303/868] added decorator @unittest.expectedFailure to TestLDAPUrl.test_bad_urls() for now --- Tests/t_ldapurl.py | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/t_ldapurl.py b/Tests/t_ldapurl.py index d1b09c8..96af4f9 100644 --- a/Tests/t_ldapurl.py +++ b/Tests/t_ldapurl.py @@ -214,6 +214,7 @@ def test_parse_extensions_novalue(self): self.assertEquals(len(u.extensions), 1) self.assertNone(u.who) + @unittest.expectedFailure def test_bad_urls(self): failed_urls = [] for bad in ( From fc26f82f10923bd030b3c6f427924af10ce15765 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 6 Jan 2017 15:06:24 +0000 Subject: [PATCH 304/868] we have 2017 now --- Doc/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/conf.py b/Doc/conf.py index 7fa6e6a..0970e0b 100644 --- a/Doc/conf.py +++ b/Doc/conf.py @@ -11,7 +11,7 @@ # All configuration values have a default value; values that are commented out # serve to show the default value. # -# $Id: conf.py,v 1.25 2016/08/01 10:13:01 stroeder Exp $ +# $Id: conf.py,v 1.26 2017/01/06 15:06:24 stroeder Exp $ import sys @@ -36,7 +36,7 @@ # General substitutions. project = 'python-ldap' -copyright = '2008-2015, python-ldap project team' +copyright = '2008-2017, python-ldap project team' # The default replacements for |version| and |release|, also used in various # other places throughout the built documents. From bd7cdd0cd92d2cd03f308e50bd7a35a69a180330 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 6 Jan 2017 15:07:57 +0000 Subject: [PATCH 305/868] Started 2.4.29 --- CHANGES | 13 ++++++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 20 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 2be9953..5f3c725 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,14 @@ +---------------------------------------------------------------- +Released 2.4.29 2017-xx-xx + +Changes since 2.4.28: + +Lib/ +* + +Modules/ +* + ---------------------------------------------------------------- Released 2.4.28 2016-11-17 @@ -1296,4 +1307,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.398 2016/11/18 07:01:45 stroeder Exp $ +$Id: CHANGES,v 1.399 2017/01/06 15:07:57 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 6527f86..3273bff 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.45 2016/11/11 14:41:07 stroeder Exp $ +$Id: dsml.py,v 1.46 2017/01/06 15:07:57 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.28' +__version__ = '2.4.29' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 2ff9193..03ec9fb 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.106 2016/11/11 14:41:07 stroeder Exp $ +$Id: __init__.py,v 1.107 2017/01/06 15:07:57 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.28' +__version__ = '2.4.29' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 179ed48..df70510 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.81 2016/11/11 14:41:07 stroeder Exp $ +\$Id: ldapurl.py,v 1.82 2017/01/06 15:07:57 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.28' +__version__ = '2.4.29' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index a96b5a0..8ef39bd 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.101 2016/11/11 14:41:07 stroeder Exp $ +$Id: ldif.py,v 1.102 2017/01/06 15:07:57 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.28' +__version__ = '2.4.29' __all__ = [ # constants From 2db5c4c5f828b1e15e050931123a9fc3f222f290 Mon Sep 17 00:00:00 2001 From: stroeder Date: Fri, 6 Jan 2017 15:11:14 +0000 Subject: [PATCH 306/868] Fixed checking for empty server error message --- CHANGES | 5 +++-- Modules/errors.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 5f3c725..3b0bbe0 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,8 @@ Lib/ * Modules/ -* +* Fixed checking for empty server error message + (thanks to Bradley Baetz) ---------------------------------------------------------------- Released 2.4.28 2016-11-17 @@ -1307,4 +1308,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.399 2017/01/06 15:07:57 stroeder Exp $ +$Id: CHANGES,v 1.400 2017/01/06 15:11:14 stroeder Exp $ diff --git a/Modules/errors.c b/Modules/errors.c index ece438d..e3abeb5 100644 --- a/Modules/errors.c +++ b/Modules/errors.c @@ -2,7 +2,7 @@ * errors that arise from ldap use * Most errors become their own exception * See http://www.python-ldap.org/ for details. - * $Id: errors.c,v 1.25 2015/06/23 09:45:09 stroeder Exp $ */ + * $Id: errors.c,v 1.26 2017/01/06 15:11:14 stroeder Exp $ */ #include "common.h" #include "errors.h" @@ -98,7 +98,7 @@ LDAPerror( LDAP *l, char *msg ) Py_XDECREF(str); } else if (ldap_get_option(l, LDAP_OPT_ERROR_STRING, &error) >= 0 && error != NULL) { - if (error != '\0') { + if (*error != '\0') { str = PyString_FromString(error); if (str) PyDict_SetItemString( info, "info", str ); From e832b5776ab4075cbdd6e2d8df6e53b306c50403 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 25 Jan 2017 19:41:31 +0000 Subject: [PATCH 307/868] Fixed releasing GIL when calling ldap_start_tls_s() --- CHANGES | 4 +++- Modules/LDAPObject.c | 12 +++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 3b0bbe0..d5b66df 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,8 @@ Lib/ Modules/ * Fixed checking for empty server error message (thanks to Bradley Baetz) +* Fixed releasing GIL when calling ldap_start_tls_s() + (thanks to Lars Munch) ---------------------------------------------------------------- Released 2.4.28 2016-11-17 @@ -1308,4 +1310,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.400 2017/01/06 15:11:14 stroeder Exp $ +$Id: CHANGES,v 1.401 2017/01/25 19:41:31 stroeder Exp $ diff --git a/Modules/LDAPObject.c b/Modules/LDAPObject.c index 10f166a..a0ab8c6 100644 --- a/Modules/LDAPObject.c +++ b/Modules/LDAPObject.c @@ -1,5 +1,5 @@ /* See http://www.python-ldap.org/ for details. - * $Id: LDAPObject.c,v 1.94 2016/01/26 11:01:08 stroeder Exp $ */ + * $Id: LDAPObject.c,v 1.95 2017/01/25 19:41:31 stroeder Exp $ */ #include "common.h" #include "patchlevel.h" @@ -1213,14 +1213,16 @@ l_ldap_whoami_s( LDAPObject* self, PyObject* args ) static PyObject* l_ldap_start_tls_s( LDAPObject* self, PyObject* args ) { - int result; + int ldaperror; if (!PyArg_ParseTuple( args, "" )) return NULL; if (not_valid(self)) return NULL; - result = ldap_start_tls_s( self->ldap, NULL, NULL ); - if ( result != LDAP_SUCCESS ){ - ldap_set_option(self->ldap, LDAP_OPT_ERROR_NUMBER, &result); + LDAP_BEGIN_ALLOW_THREADS( self ); + ldaperror = ldap_start_tls_s( self->ldap, NULL, NULL ); + LDAP_END_ALLOW_THREADS( self ); + if ( ldaperror != LDAP_SUCCESS ){ + ldap_set_option(self->ldap, LDAP_OPT_ERROR_NUMBER, &ldaperror); return LDAPerror( self->ldap, "ldap_start_tls_s" ); } From 67e31578d3ce61eef9119df2149d6c8aa52ec679 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 25 Jan 2017 19:43:39 +0000 Subject: [PATCH 308/868] prepare release 2.4.29 --- CHANGES | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index d5b66df..29baf03 100644 --- a/CHANGES +++ b/CHANGES @@ -1,11 +1,8 @@ ---------------------------------------------------------------- -Released 2.4.29 2017-xx-xx +Released 2.4.29 2017-01-25 Changes since 2.4.28: -Lib/ -* - Modules/ * Fixed checking for empty server error message (thanks to Bradley Baetz) @@ -1310,4 +1307,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.401 2017/01/25 19:41:31 stroeder Exp $ +$Id: CHANGES,v 1.402 2017/01/25 19:43:39 stroeder Exp $ From ba46652bf79d3b29f113e9bd8fc8268cc77f2f62 Mon Sep 17 00:00:00 2001 From: stroeder Date: Wed, 8 Feb 2017 09:44:18 +0000 Subject: [PATCH 309/868] release 2.4.30 with compability fix for pyasn1 0.2.x --- CHANGES | 11 ++++++++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldap/controls/deref.py | 9 ++++----- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 6 files changed, 22 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 29baf03..5bdf7d1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,12 @@ +---------------------------------------------------------------- +Released 2.4.30 2017-02-08 + +Changes since 2.4.29: + +Lib/ +* compability fix in ldap.controls.deref to be compatible to + recent pyasn1 0.2.x (thanks to Ilya Etingof) + ---------------------------------------------------------------- Released 2.4.29 2017-01-25 @@ -1307,4 +1316,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.402 2017/01/25 19:43:39 stroeder Exp $ +$Id: CHANGES,v 1.403 2017/02/08 09:44:18 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 3273bff..c9ac2ca 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.46 2017/01/06 15:07:57 stroeder Exp $ +$Id: dsml.py,v 1.47 2017/02/08 09:44:18 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.29' +__version__ = '2.4.30' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 03ec9fb..a0f76da 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.107 2017/01/06 15:07:57 stroeder Exp $ +$Id: __init__.py,v 1.108 2017/02/08 09:44:18 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.29' +__version__ = '2.4.30' import sys diff --git a/Lib/ldap/controls/deref.py b/Lib/ldap/controls/deref.py index 02c68b7..504647e 100644 --- a/Lib/ldap/controls/deref.py +++ b/Lib/ldap/controls/deref.py @@ -5,7 +5,7 @@ See http://www.python-ldap.org/ for project details. -$Id: deref.py,v 1.2 2015/09/19 13:41:01 stroeder Exp $ +$Id: deref.py,v 1.3 2017/02/08 09:44:18 stroeder Exp $ """ __all__ = [ @@ -108,15 +108,14 @@ def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=DerefResultControlValue()) self.derefRes = {} for deref_res in decodedValue: - deref_attr,deref_val,deref_vals = deref_res + deref_attr,deref_val,deref_vals = deref_res[0],deref_res[1],deref_res[2] partial_attrs_dict = dict([ - (str(t),map(str,v)) - for t,v in deref_vals or [] + (str(tv[0]),map(str,tv[1])) + for tv in deref_vals or [] ]) try: self.derefRes[str(deref_attr)].append((str(deref_val),partial_attrs_dict)) except KeyError: self.derefRes[str(deref_attr)] = [(str(deref_val),partial_attrs_dict)] - KNOWN_RESPONSE_CONTROLS[DereferenceControl.controlType] = DereferenceControl diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index df70510..d5ed4cf 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.82 2017/01/06 15:07:57 stroeder Exp $ +\$Id: ldapurl.py,v 1.83 2017/02/08 09:44:18 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.29' +__version__ = '2.4.30' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 8ef39bd..621ad79 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.102 2017/01/06 15:07:57 stroeder Exp $ +$Id: ldif.py,v 1.103 2017/02/08 09:44:18 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.29' +__version__ = '2.4.30' __all__ = [ # constants From 8e184352c8086fd6609a36747d2c9ba4b5e1a749 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 11:07:35 +0000 Subject: [PATCH 310/868] Lib/ldap/schema/test_tokenizer.py is now Tests/t_ldap_schema_tokenizer.py based on module unittest --- Tests/Lib/ldap/schema/test_tokenizer.py | 30 --------------------- Tests/t_ldap_schema_tokenizer.py | 36 +++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 30 deletions(-) delete mode 100644 Tests/Lib/ldap/schema/test_tokenizer.py create mode 100644 Tests/t_ldap_schema_tokenizer.py diff --git a/Tests/Lib/ldap/schema/test_tokenizer.py b/Tests/Lib/ldap/schema/test_tokenizer.py deleted file mode 100644 index 8f66f8a..0000000 --- a/Tests/Lib/ldap/schema/test_tokenizer.py +++ /dev/null @@ -1,30 +0,0 @@ -import ldap.schema -from ldap.schema.tokenizer import split_tokens,extract_tokens - -testcases_split_tokens = ( - (" BLUBBER DI BLUBB ", ["BLUBBER", "DI", "BLUBB"]), - ("BLUBBER DI BLUBB",["BLUBBER","DI","BLUBB"]), - ("BLUBBER DI BLUBB ",["BLUBBER","DI","BLUBB"]), - ("BLUBBER DI 'BLUBB' ",["BLUBBER","DI","BLUBB"]), - ("BLUBBER ( DI ) 'BLUBB' ",["BLUBBER","(","DI",")","BLUBB"]), - ("BLUBBER(DI)",["BLUBBER","(","DI",")"]), - ("BLUBBER ( DI)",["BLUBBER","(","DI",")"]), - ("BLUBBER ''",["BLUBBER",""]), - ("( BLUBBER (DI 'BLUBB'))",["(","BLUBBER","(","DI","BLUBB",")",")"]), - ("BLUBB (DA$BLAH)",['BLUBB',"(","DA","BLAH",")"]), - ("BLUBB ( DA $ BLAH )",['BLUBB',"(","DA","BLAH",")"]), - ("BLUBB (DA$ BLAH)",['BLUBB',"(","DA","BLAH",")"]), - ("BLUBB (DA $BLAH)",['BLUBB',"(","DA","BLAH",")"]), - ("BLUBB 'DA$BLAH'",['BLUBB',"DA$BLAH"]), - ("BLUBB DI 'BLU B B ER' DA 'BLAH' ",['BLUBB','DI','BLU B B ER','DA','BLAH']), - ("BLUBB DI 'BLU B B ER' DA 'BLAH' LABER",['BLUBB','DI','BLU B B ER','DA','BLAH','LABER']), - ("BLUBBER DI 'BLU'BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU'BB ER", "DA", "BLAH"]), # for Oracle - ("BLUBB DI 'BLU B B ER'MUST 'BLAH' ",['BLUBB','DI','BLU B B ER','MUST','BLAH']) # for Oracle -) - -for t,r in testcases_split_tokens: - l = ldap.schema.tokenizer.split_tokens(t,{'MUST':None}) - if l!=r: - print 'String:',repr(t) - print '=>',l - print 'differs from',r diff --git a/Tests/t_ldap_schema_tokenizer.py b/Tests/t_ldap_schema_tokenizer.py new file mode 100644 index 0000000..c77b20d --- /dev/null +++ b/Tests/t_ldap_schema_tokenizer.py @@ -0,0 +1,36 @@ +import unittest + +import ldap.schema +from ldap.schema.tokenizer import split_tokens,extract_tokens + +class TestTokenize(unittest.TestCase): + testcases_split_tokens = ( + (" BLUBBER DI BLUBB ", ["BLUBBER", "DI", "BLUBB"]), + ("BLUBBER DI BLUBB",["BLUBBER","DI","BLUBB"]), + ("BLUBBER DI BLUBB ",["BLUBBER","DI","BLUBB"]), + ("BLUBBER DI 'BLUBB' ",["BLUBBER","DI","BLUBB"]), + ("BLUBBER ( DI ) 'BLUBB' ",["BLUBBER","(","DI",")","BLUBB"]), + ("BLUBBER(DI)",["BLUBBER","(","DI",")"]), + ("BLUBBER ( DI)",["BLUBBER","(","DI",")"]), + ("BLUBBER ''",["BLUBBER",""]), + ("( BLUBBER (DI 'BLUBB'))",["(","BLUBBER","(","DI","BLUBB",")",")"]), + ("BLUBB (DA$BLAH)",['BLUBB',"(","DA","BLAH",")"]), + ("BLUBB ( DA $ BLAH )",['BLUBB',"(","DA","BLAH",")"]), + ("BLUBB (DA$ BLAH)",['BLUBB',"(","DA","BLAH",")"]), + ("BLUBB (DA $BLAH)",['BLUBB',"(","DA","BLAH",")"]), + ("BLUBB 'DA$BLAH'",['BLUBB',"DA$BLAH"]), + ("BLUBB DI 'BLU B B ER' DA 'BLAH' ",['BLUBB','DI','BLU B B ER','DA','BLAH']), + ("BLUBB DI 'BLU B B ER' DA 'BLAH' LABER",['BLUBB','DI','BLU B B ER','DA','BLAH','LABER']), + + #("BLUBBER DI 'BLU'BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU'BB ER", "DA", "BLAH"]), # for Oracle + #("BLUBB DI 'BLU B B ER'MUST 'BLAH' ",['BLUBB','DI','BLU B B ER','MUST','BLAH']) # for Oracle + ) + + def test_split_tokens(self): + for t, r in self.testcases_split_tokens: + l = ldap.schema.tokenizer.split_tokens(t, {'MUST':None}) + self.assertEqual(l, r) + + +if __name__ == '__main__': + unittest.main() From 60ae0ef3e3e0da146fdd4cd6a786afc99251f95d Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 11:12:03 +0000 Subject: [PATCH 311/868] Tests/Lib/ldap/test_modlist.py is now Tests/t_ldap_modlist.py based on module unittest --- Tests/Lib/ldap/test_modlist.py | 137 ------------------------------ Tests/t_ldap_modlist.py | 151 +++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+), 137 deletions(-) delete mode 100644 Tests/Lib/ldap/test_modlist.py create mode 100644 Tests/t_ldap_modlist.py diff --git a/Tests/Lib/ldap/test_modlist.py b/Tests/Lib/ldap/test_modlist.py deleted file mode 100644 index fef0f65..0000000 --- a/Tests/Lib/ldap/test_modlist.py +++ /dev/null @@ -1,137 +0,0 @@ -""" -Tests for module ldap.modlist -""" - -import ldap - -from ldap.modlist import addModlist,modifyModlist - -print '\nTesting function addModlist():' -addModlist_tests = [ - ( - { - 'objectClass':['person','pilotPerson'], - 'cn':['Michael Str\303\266der','Michael Stroeder'], - 'sn':['Str\303\266der'], - 'dummy1':[], - 'dummy2':['2'], - 'dummy3':[''], - }, - [ - ('objectClass',['person','pilotPerson']), - ('cn',['Michael Str\303\266der','Michael Stroeder']), - ('sn',['Str\303\266der']), - ('dummy2',['2']), - ('dummy3',['']), - ] - ), -] -for entry,test_modlist in addModlist_tests: - test_modlist.sort() - result_modlist = addModlist(entry) - result_modlist.sort() - if test_modlist!=result_modlist: - print 'addModlist(%s) returns\n%s\ninstead of\n%s.' % ( - repr(entry),repr(result_modlist),repr(test_modlist) - ) - -print '\nTesting function modifyModlist():' -modifyModlist_tests = [ - - ( - { - 'objectClass':['person','pilotPerson'], - 'cn':['Michael Str\303\266der','Michael Stroeder'], - 'sn':['Str\303\266der'], - 'enum':['a','b','c'], - 'c':['DE'], - }, - { - 'objectClass':['person','inetOrgPerson'], - 'cn':['Michael Str\303\266der','Michael Stroeder'], - 'sn':[], - 'enum':['a','b','d'], - 'mail':['michael@stroeder.com'], - }, - [], - [ - (ldap.MOD_DELETE,'objectClass',None), - (ldap.MOD_ADD,'objectClass',['person','inetOrgPerson']), - (ldap.MOD_DELETE,'c',None), - (ldap.MOD_DELETE,'sn',None), - (ldap.MOD_ADD,'mail',['michael@stroeder.com']), - (ldap.MOD_DELETE,'enum',None), - (ldap.MOD_ADD,'enum',['a','b','d']), - ] - ), - - ( - { - 'c':['DE'], - }, - { - 'c':['FR'], - }, - [], - [ - (ldap.MOD_DELETE,'c',None), - (ldap.MOD_ADD,'c',['FR']), - ] - ), - - # Now a weird test-case for catching all possibilities - # of removing an attribute with MOD_DELETE,attr_type,None - ( - { - 'objectClass':['person'], - 'cn':[None], - 'sn':[''], - 'c':['DE'], - }, - { - 'objectClass':[], - 'cn':[], - 'sn':[None], - }, - [], - [ - (ldap.MOD_DELETE,'c',None), - (ldap.MOD_DELETE,'objectClass',None), - (ldap.MOD_DELETE,'sn',None), - ] - ), - - ( - { - 'objectClass':['person'], - 'cn':['Michael Str\303\266der','Michael Stroeder'], - 'sn':['Str\303\266der'], - 'enum':['a','b','C'], - }, - { - 'objectClass':['Person'], - 'cn':['Michael Str\303\266der','Michael Stroeder'], - 'sn':[], - 'enum':['a','b','c'], - }, - ['objectClass'], - [ - (ldap.MOD_DELETE,'sn',None), - (ldap.MOD_DELETE,'enum',None), - (ldap.MOD_ADD,'enum',['a','b','c']), - ] - ), - -] -for old_entry,new_entry,case_ignore_attr_types,test_modlist in modifyModlist_tests: - test_modlist.sort() - result_modlist = modifyModlist(old_entry,new_entry,case_ignore_attr_types=case_ignore_attr_types) - result_modlist.sort() - - if test_modlist!=result_modlist: - print 'modifyModlist(%s,%s) returns\n%s\ninstead of\n%s.' % ( - repr(old_entry), - repr(new_entry), - repr(result_modlist), - repr(test_modlist) - ) diff --git a/Tests/t_ldap_modlist.py b/Tests/t_ldap_modlist.py new file mode 100644 index 0000000..3d24a70 --- /dev/null +++ b/Tests/t_ldap_modlist.py @@ -0,0 +1,151 @@ +""" +Tests for module ldap.modlist +""" +import unittest + +import ldap + +from ldap.modlist import addModlist,modifyModlist + +class TestModlist(unittest.TestCase): + + addModlist_tests = [ + ( + { + 'objectClass':['person','pilotPerson'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':['Str\303\266der'], + 'dummy1':[], + 'dummy2':['2'], + 'dummy3':[''], + }, + [ + ('objectClass',['person','pilotPerson']), + ('cn',['Michael Str\303\266der','Michael Stroeder']), + ('sn',['Str\303\266der']), + ('dummy2',['2']), + ('dummy3',['']), + ] + ), + ] + + def test_addModlist(self): + for entry,test_modlist in self.addModlist_tests: + test_modlist.sort() + result_modlist = addModlist(entry) + result_modlist.sort() + self.assertEqual( + test_modlist, result_modlist, + 'addModlist(%s) returns\n%s\ninstead of\n%s.' % ( + repr(entry),repr(result_modlist),repr(test_modlist) + ) + ) + + modifyModlist_tests = [ + ( + { + 'objectClass':['person','pilotPerson'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':['Str\303\266der'], + 'enum':['a','b','c'], + 'c':['DE'], + }, + { + 'objectClass':['person','inetOrgPerson'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':[], + 'enum':['a','b','d'], + 'mail':['michael@stroeder.com'], + }, + [], + [ + (ldap.MOD_DELETE,'objectClass',None), + (ldap.MOD_ADD,'objectClass',['person','inetOrgPerson']), + (ldap.MOD_DELETE,'c',None), + (ldap.MOD_DELETE,'sn',None), + (ldap.MOD_ADD,'mail',['michael@stroeder.com']), + (ldap.MOD_DELETE,'enum',None), + (ldap.MOD_ADD,'enum',['a','b','d']), + ] + ), + + ( + { + 'c':['DE'], + }, + { + 'c':['FR'], + }, + [], + [ + (ldap.MOD_DELETE,'c',None), + (ldap.MOD_ADD,'c',['FR']), + ] + ), + + # Now a weird test-case for catching all possibilities + # of removing an attribute with MOD_DELETE,attr_type,None + ( + { + 'objectClass':['person'], + 'cn':[None], + 'sn':[''], + 'c':['DE'], + }, + { + 'objectClass':[], + 'cn':[], + 'sn':[None], + }, + [], + [ + (ldap.MOD_DELETE,'c',None), + (ldap.MOD_DELETE,'objectClass',None), + (ldap.MOD_DELETE,'sn',None), + ] + ), + + ( + { + 'objectClass':['person'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':['Str\303\266der'], + 'enum':['a','b','C'], + }, + { + 'objectClass':['Person'], + 'cn':['Michael Str\303\266der','Michael Stroeder'], + 'sn':[], + 'enum':['a','b','c'], + }, + ['objectClass'], + [ + (ldap.MOD_DELETE,'sn',None), + (ldap.MOD_DELETE,'enum',None), + (ldap.MOD_ADD,'enum',['a','b','c']), + ] + ), + + ] + + def test_modifyModlist(self): + for old_entry, new_entry, case_ignore_attr_types, test_modlist in self.modifyModlist_tests: + test_modlist.sort() + result_modlist = modifyModlist( + old_entry, new_entry, + case_ignore_attr_types=case_ignore_attr_types) + result_modlist.sort() + + self.assertEqual( + test_modlist, result_modlist, + 'modifyModlist(%s,%s) returns\n%s\ninstead of\n%s.' % ( + repr(old_entry), + repr(new_entry), + repr(result_modlist), + repr(test_modlist), + ) + ) + + +if __name__ == '__main__': + unittest.main() From be189542e103012a139ce8bccf030f73079cc973 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 13:25:18 +0000 Subject: [PATCH 312/868] added test class TestIsLDAPUrl for ldapurl.isLDAPUrl() --- Tests/t_ldapurl.py | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/Tests/t_ldapurl.py b/Tests/t_ldapurl.py index 96af4f9..f854bf5 100644 --- a/Tests/t_ldapurl.py +++ b/Tests/t_ldapurl.py @@ -14,6 +14,41 @@ class MyLDAPUrl(LDAPUrl): } +class TestIsLDAPUrl(unittest.TestCase): + + is_ldap_url_tests = { + # Examples from RFC2255 + 'ldap:///o=University%20of%20Michigan,c=US':1, + 'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US':1, + 'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,':1, + 'ldap://host.com:6666/o=University%20of%20Michigan,':1, + 'ldap://ldap.itd.umich.edu/c=GB?objectClass?one':1, + 'ldap://ldap.question.com/o=Question%3f,c=US?mail':1, + 'ldap://ldap.netscape.com/o=Babsco,c=US??(int=%5c00%5c00%5c00%5c04)':1, + 'ldap:///??sub??bindname=cn=Manager%2co=Foo':1, + 'ldap:///??sub??!bindname=cn=Manager%2co=Foo':1, + # More examples from various sources + 'ldap://ldap.nameflow.net:1389/c%3dDE':1, + 'ldap://root.openldap.org/dc=openldap,dc=org':1, + 'ldap://root.openldap.org/dc=openldap,dc=org':1, + 'ldap://x500.mh.se/o=Mitthogskolan,c=se????1.2.752.58.10.2=T.61':1, + 'ldp://root.openldap.org/dc=openldap,dc=org':0, + 'ldap://localhost:1389/ou%3DUnstructured%20testing%20tree%2Cdc%3Dstroeder%2Cdc%3Dcom??one':1, + 'ldaps://ldap.example.com/c%3dDE':1, + 'ldapi:///dc=stroeder,dc=de????x-saslmech=EXTERNAL':1, + } + + def test_isLDAPUrl(self): + for ldap_url, expected in self.is_ldap_url_tests.items(): + result = ldapurl.isLDAPUrl(ldap_url) + self.assertEqual( + result, expected, + 'isLDAPUrl("%s") returns %d instead of %d.' % ( + ldap_url, result, expected, + ) + ) + + class TestLDAPUrl(unittest.TestCase): def assertNone(self, expr, msg=None): From 121fc11f0b56ea9d55203e146a1be162462499ed Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 13:28:06 +0000 Subject: [PATCH 313/868] added new test class TestParseLDAPUrl --- Tests/t_ldapurl.py | 119 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/Tests/t_ldapurl.py b/Tests/t_ldapurl.py index f854bf5..9d78f6f 100644 --- a/Tests/t_ldapurl.py +++ b/Tests/t_ldapurl.py @@ -49,6 +49,125 @@ def test_isLDAPUrl(self): ) +class TestParseLDAPUrl(unittest.TestCase): + + parse_ldap_url_tests = [ + ( + 'ldap://root.openldap.org/dc=openldap,dc=org', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=openldap,dc=org' + ) + ), + ( + 'ldap://root.openldap.org/dc%3dboolean%2cdc%3dnet???%28objectClass%3d%2a%29', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=boolean,dc=net', + filterstr='(objectClass=*)' + ) + ), + ( + 'ldap://root.openldap.org/dc=openldap,dc=org??sub?', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=openldap,dc=org', + scope=ldapurl.LDAP_SCOPE_SUBTREE + ) + ), + ( + 'ldap://root.openldap.org/dc=openldap,dc=org??one?', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=openldap,dc=org', + scope=ldapurl.LDAP_SCOPE_ONELEVEL + ) + ), + ( + 'ldap://root.openldap.org/dc=openldap,dc=org??base?', + LDAPUrl( + hostport='root.openldap.org', + dn='dc=openldap,dc=org', + scope=ldapurl.LDAP_SCOPE_BASE + ) + ), + ( + 'ldap://x500.mh.se/o=Mitthogskolan,c=se????1.2.752.58.10.2=T.61', + LDAPUrl( + hostport='x500.mh.se', + dn='o=Mitthogskolan,c=se', + extensions=ldapurl.LDAPUrlExtensions({ + '1.2.752.58.10.2':ldapurl.LDAPUrlExtension( + critical=0,extype='1.2.752.58.10.2',exvalue='T.61' + ) + }) + ) + ), + ( + 'ldap://localhost:12345/dc=stroeder,dc=com????!bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,!X-BINDPW=secretpassword', + LDAPUrl( + hostport='localhost:12345', + dn='dc=stroeder,dc=com', + extensions=ldapurl.LDAPUrlExtensions({ + 'bindname':ldapurl.LDAPUrlExtension( + critical=1,extype='bindname',exvalue='cn=Michael,dc=stroeder,dc=com' + ), + 'X-BINDPW':ldapurl.LDAPUrlExtension( + critical=1,extype='X-BINDPW',exvalue='secretpassword' + ), + }), + ) + ), + ( + 'ldap://localhost:54321/dc=stroeder,dc=com????bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secretpassword', + LDAPUrl( + hostport='localhost:54321', + dn='dc=stroeder,dc=com', + who='cn=Michael,dc=stroeder,dc=com', + cred='secretpassword' + ) + ), + ( + 'ldaps://localhost:12345/dc=stroeder,dc=com', + LDAPUrl( + urlscheme='ldaps', + hostport='localhost:12345', + dn='dc=stroeder,dc=com', + ), + ), + ( + 'ldapi://%2ftmp%2fopenldap2-1389/dc=stroeder,dc=com', + LDAPUrl( + urlscheme='ldapi', + hostport='/tmp/openldap2-1389', + dn='dc=stroeder,dc=com', + ), + ), + ] + + def test_ldapurl(self): + for ldap_url_str,test_ldap_url_obj in self.parse_ldap_url_tests: + ldap_url_obj = LDAPUrl(ldapUrl=ldap_url_str) + self.assertEqual( + ldap_url_obj, test_ldap_url_obj, + 'Attributes of LDAPUrl(%s) are:\n%s\ninstead of:\n%s' % ( + repr(ldap_url_str), + repr(ldap_url_obj), + repr(test_ldap_url_obj), + ) + ) + unparsed_ldap_url_str = test_ldap_url_obj.unparse() + unparsed_ldap_url_obj = LDAPUrl(ldapUrl=unparsed_ldap_url_str) + self.assertEqual( + unparsed_ldap_url_obj, test_ldap_url_obj, + 'Attributes of LDAPUrl(%s) are:\n%s\ninstead of:\n%s' % ( + repr(unparsed_ldap_url_str), + repr(unparsed_ldap_url_obj), + repr(test_ldap_url_obj), + ) + ) + + class TestLDAPUrl(unittest.TestCase): def assertNone(self, expr, msg=None): From 39f980356387bd3b114b731bf0620db2dcfbbaa7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 13:36:20 +0000 Subject: [PATCH 314/868] started 2.4.3.1 --- CHANGES | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 5bdf7d1..682452d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +---------------------------------------------------------------- +Released 2.4.31 2017-02-xx + +Changes since 2.4.30: + ---------------------------------------------------------------- Released 2.4.30 2017-02-08 @@ -1316,4 +1321,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.403 2017/02/08 09:44:18 stroeder Exp $ +$Id: CHANGES,v 1.404 2017/02/14 13:36:20 stroeder Exp $ From 47eb5461a924f3c629e7d6186c702abf19d1d6e0 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 13:36:33 +0000 Subject: [PATCH 315/868] started 2.4.31 --- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Lib/dsml.py b/Lib/dsml.py index c9ac2ca..a92d6f6 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.47 2017/02/08 09:44:18 stroeder Exp $ +$Id: dsml.py,v 1.48 2017/02/14 13:36:33 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.30' +__version__ = '2.4.31' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index a0f76da..b57c5d4 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.108 2017/02/08 09:44:18 stroeder Exp $ +$Id: __init__.py,v 1.109 2017/02/14 13:36:34 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.30' +__version__ = '2.4.31' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index d5ed4cf..43c1f25 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.83 2017/02/08 09:44:18 stroeder Exp $ +\$Id: ldapurl.py,v 1.84 2017/02/14 13:36:34 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.30' +__version__ = '2.4.31' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 621ad79..deede81 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.103 2017/02/08 09:44:18 stroeder Exp $ +$Id: ldif.py,v 1.104 2017/02/14 13:36:34 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.30' +__version__ = '2.4.31' __all__ = [ # constants From 0d9faae31a3aaa37ff46501b9e2b4e07498b912f Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 13:37:51 +0000 Subject: [PATCH 316/868] new/updates scripts Tests/t_*.py --- CHANGES | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 682452d..e4a3857 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,12 @@ Released 2.4.31 2017-02-xx Changes since 2.4.30: +Tests/ +(thanks to Petr Viktorin) +* new test scripts t_ldap_schema_tokenizer.py and t_ldap_modlist.py + on former raw scripts +* new test-cases in t_ldapurl.py based on former raw scripts + ---------------------------------------------------------------- Released 2.4.30 2017-02-08 @@ -1321,4 +1327,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.404 2017/02/14 13:36:20 stroeder Exp $ +$Id: CHANGES,v 1.405 2017/02/14 13:37:51 stroeder Exp $ From bec33ba407fbfd5c2d943f7abc71bc80496fe8c4 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 18:02:20 +0000 Subject: [PATCH 317/868] new test-cases in t_ldap_dn.py --- CHANGES | 3 ++- Tests/t_ldap_dn.py | 11 ++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index e4a3857..e4a15e3 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,7 @@ Tests/ * new test scripts t_ldap_schema_tokenizer.py and t_ldap_modlist.py on former raw scripts * new test-cases in t_ldapurl.py based on former raw scripts +* new test-cases in t_ldap_dn.py ---------------------------------------------------------------- Released 2.4.30 2017-02-08 @@ -1327,4 +1328,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.405 2017/02/14 13:37:51 stroeder Exp $ +$Id: CHANGES,v 1.406 2017/02/14 18:02:20 stroeder Exp $ diff --git a/Tests/t_ldap_dn.py b/Tests/t_ldap_dn.py index 2183d3a..ee47e07 100644 --- a/Tests/t_ldap_dn.py +++ b/Tests/t_ldap_dn.py @@ -20,8 +20,17 @@ def test_is_dn(self): test function is_dn() """ self.assertEquals(ldap.dn.is_dn('foobar,ou=ae-dir'), False) + self.assertEquals(ldap.dn.is_dn('-cn=foobar,ou=ae-dir'), False) + self.assertEquals(ldap.dn.is_dn(';cn=foobar,ou=ae-dir'), False) + self.assertEquals(ldap.dn.is_dn(',cn=foobar,ou=ae-dir'), False) + self.assertEquals(ldap.dn.is_dn('cn=foobar,ou=ae-dir,'), False) self.assertEquals(ldap.dn.is_dn('uid=xkcd,cn=foobar,ou=ae-dir'), True) - + self.assertEquals( + ldap.dn.is_dn( + 'cn=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c.o=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f' + ), + True + ) if __name__ == '__main__': unittest.main() From 2c09762faaf596b4a041dc7b4cf7a939e2829393 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 18:04:07 +0000 Subject: [PATCH 318/868] Tests must match glob pattern t_*.py --- Tests/runtests.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tests/runtests.sh b/Tests/runtests.sh index f857025..7230c6e 100755 --- a/Tests/runtests.sh +++ b/Tests/runtests.sh @@ -11,7 +11,8 @@ set -e plat_specifier=`$PYTHON -c 'import sys,distutils.util; \ print(distutils.util.get_platform()+"-"+sys.version[0:3])'` failed= -for test in t_*.py; do +for test in t_*.py +do echo "$test:" PYTHONPATH="../build/lib.$plat_specifier" $PYTHON "$test" "$@" || failed="$failed $test" From 1e7a1ea3c1d6f1dd48c3e9381d5ee2c6f48a2b42 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 19:00:47 +0000 Subject: [PATCH 319/868] tests were merged into Tests/t_ldapurl.py --- Tests/Lib/test_ldapurl.py | 154 -------------------------------------- 1 file changed, 154 deletions(-) delete mode 100644 Tests/Lib/test_ldapurl.py diff --git a/Tests/Lib/test_ldapurl.py b/Tests/Lib/test_ldapurl.py deleted file mode 100644 index 0016683..0000000 --- a/Tests/Lib/test_ldapurl.py +++ /dev/null @@ -1,154 +0,0 @@ -""" -Performes various tests for module ldapurl -""" - -import ldapurl -from ldapurl import * - -print '\nTesting function isLDAPUrl():' -is_ldap_url_tests = { - # Examples from RFC2255 - 'ldap:///o=University%20of%20Michigan,c=US':1, - 'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US':1, - 'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,':1, - 'ldap://host.com:6666/o=University%20of%20Michigan,':1, - 'ldap://ldap.itd.umich.edu/c=GB?objectClass?one':1, - 'ldap://ldap.question.com/o=Question%3f,c=US?mail':1, - 'ldap://ldap.netscape.com/o=Babsco,c=US??(int=%5c00%5c00%5c00%5c04)':1, - 'ldap:///??sub??bindname=cn=Manager%2co=Foo':1, - 'ldap:///??sub??!bindname=cn=Manager%2co=Foo':1, - # More examples from various sources - 'ldap://ldap.nameflow.net:1389/c%3dDE':1, - 'ldap://root.openldap.org/dc=openldap,dc=org':1, - 'ldap://root.openldap.org/dc=openldap,dc=org':1, - 'ldap://x500.mh.se/o=Mitthogskolan,c=se????1.2.752.58.10.2=T.61':1, - 'ldp://root.openldap.org/dc=openldap,dc=org':0, - 'ldap://localhost:1389/ou%3DUnstructured%20testing%20tree%2Cdc%3Dstroeder%2Cdc%3Dcom??one':1, -} -for ldap_url in is_ldap_url_tests.keys(): - result_is_ldap_url = isLDAPUrl(ldap_url) - if result_is_ldap_url !=is_ldap_url_tests[ldap_url]: - print 'isLDAPUrl("%s") returns %d instead of %d.' % ( - repr(ldap_url),result_is_ldap_url,is_ldap_url_tests[ldap_url] - ) - -print '\nTesting class LDAPUrl:' -parse_ldap_url_tests = [ - ( - 'ldap://root.openldap.org/dc=openldap,dc=org', - LDAPUrl( - hostport='root.openldap.org', - dn='dc=openldap,dc=org' - ) - ), - ( - 'ldap://root.openldap.org/dc%3dboolean%2cdc%3dnet???%28objectClass%3d%2a%29', - LDAPUrl( - hostport='root.openldap.org', - dn='dc=boolean,dc=net', - filterstr='(objectClass=*)' - ) - ), - ( - 'ldap://root.openldap.org/dc=openldap,dc=org??sub?', - LDAPUrl( - hostport='root.openldap.org', - dn='dc=openldap,dc=org', - scope=ldapurl.LDAP_SCOPE_SUBTREE - ) - ), - ( - 'ldap://root.openldap.org/dc=openldap,dc=org??one?', - LDAPUrl( - hostport='root.openldap.org', - dn='dc=openldap,dc=org', - scope=ldapurl.LDAP_SCOPE_ONELEVEL - ) - ), - ( - 'ldap://root.openldap.org/dc=openldap,dc=org??base?', - LDAPUrl( - hostport='root.openldap.org', - dn='dc=openldap,dc=org', - scope=ldapurl.LDAP_SCOPE_BASE - ) - ), - ( - 'ldap://x500.mh.se/o=Mitthogskolan,c=se????1.2.752.58.10.2=T.61', - LDAPUrl( - hostport='x500.mh.se', - dn='o=Mitthogskolan,c=se', - extensions=LDAPUrlExtensions({ - '1.2.752.58.10.2':ldapurl.LDAPUrlExtension( - critical=0,extype='1.2.752.58.10.2',exvalue='T.61' - ) - }) - ) - ), - ( - 'ldap://localhost:12345/dc=stroeder,dc=com????!bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,!X-BINDPW=secretpassword', - LDAPUrl( - hostport='localhost:12345', - dn='dc=stroeder,dc=com', - extensions=LDAPUrlExtensions({ - 'bindname':LDAPUrlExtension( - critical=1,extype='bindname',exvalue='cn=Michael,dc=stroeder,dc=com' - ), - 'X-BINDPW':LDAPUrlExtension( - critical=1,extype='X-BINDPW',exvalue='secretpassword' - ), - }), - ) - ), - ( - 'ldap://localhost:54321/dc=stroeder,dc=com????bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secretpassword', - LDAPUrl( - hostport='localhost:54321', - dn='dc=stroeder,dc=com', - who='cn=Michael,dc=stroeder,dc=com', - cred='secretpassword' - ) - ), - ( - 'ldaps://localhost:12345/dc=stroeder,dc=com', - LDAPUrl( - urlscheme='ldaps', - hostport='localhost:12345', - dn='dc=stroeder,dc=com', - ), - ), - ( - 'ldapi://%2ftmp%2fopenldap2-1389/dc=stroeder,dc=com', - LDAPUrl( - urlscheme='ldapi', - hostport='/tmp/openldap2-1389', - dn='dc=stroeder,dc=com', - ), - ), -] - -for ldap_url_str,test_ldap_url_obj in parse_ldap_url_tests: -# print '\nTesting LDAP URL:',repr(ldap_url) - ldap_url_obj = LDAPUrl(ldapUrl=ldap_url_str) - print '#'*72 - print test_ldap_url_obj.unparse() - if ldap_url_obj.__ne__(test_ldap_url_obj): - print '-'*72 - print 'Parsing error! Attributes of LDAPUrl(%s) are:\n%s\ninstead of:\n%s' % ( - repr(ldap_url_str), - repr(ldap_url_obj), - repr(test_ldap_url_obj) - ) - else: - print 'Parsing ok' - unparsed_ldap_url_str = test_ldap_url_obj.unparse() - unparsed_ldap_url_obj = LDAPUrl(ldapUrl=unparsed_ldap_url_str) - if unparsed_ldap_url_obj.__ne__(test_ldap_url_obj): - print '-'*72 - print 'Unparsing error! Attributes of LDAPUrl(%s) are:\n%s\ninstead of:\n%s' % ( - repr(unparsed_ldap_url_str), - repr(unparsed_ldap_url_obj), - repr(test_ldap_url_obj) - ) - else: - print 'Unparsing ok' From 1e6082c51187aa6ec6012f4e73c96efb96eacca1 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 19:02:50 +0000 Subject: [PATCH 320/868] Tests/search.py moved to Demo/ldapurl_search.py because it --- Tests/search.py => Demo/ldapurl_search.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Tests/search.py => Demo/ldapurl_search.py (100%) diff --git a/Tests/search.py b/Demo/ldapurl_search.py similarity index 100% rename from Tests/search.py rename to Demo/ldapurl_search.py From 5c1b95859fde4b78d2d2287cdfcb897bde8367e8 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 19:07:15 +0000 Subject: [PATCH 321/868] consistent white-spaces --- setup.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup.py b/setup.py index d738632..0088b8f 100644 --- a/setup.py +++ b/setup.py @@ -3,15 +3,15 @@ See http://www.python-ldap.org/ for details. -$Id: setup.py,v 1.76 2016/08/13 09:44:08 stroeder Exp $ +$Id: setup.py,v 1.77 2017/02/14 19:07:15 stroeder Exp $ """ has_setuptools = False try: - from setuptools import setup, Extension - has_setuptools = True + from setuptools import setup, Extension + has_setuptools = True except ImportError: - from distutils.core import setup, Extension + from distutils.core import setup, Extension from ConfigParser import ConfigParser import sys,os,string,time From 4334b470921e1d246784032483948f316ef30d09 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 19:30:03 +0000 Subject: [PATCH 322/868] prepare release 2.4.31 --- CHANGES | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index e4a15e3..34de108 100644 --- a/CHANGES +++ b/CHANGES @@ -1,14 +1,15 @@ ---------------------------------------------------------------- -Released 2.4.31 2017-02-xx +Released 2.4.31 2017-02-14 Changes since 2.4.30: Tests/ -(thanks to Petr Viktorin) * new test scripts t_ldap_schema_tokenizer.py and t_ldap_modlist.py - on former raw scripts + on former raw scripts (thanks to Petr Viktorin) * new test-cases in t_ldapurl.py based on former raw scripts + (thanks to Petr Viktorin) * new test-cases in t_ldap_dn.py +* moved a script to Demo/ ---------------------------------------------------------------- Released 2.4.30 2017-02-08 @@ -1328,4 +1329,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.406 2017/02/14 18:02:20 stroeder Exp $ +$Id: CHANGES,v 1.407 2017/02/14 19:30:03 stroeder Exp $ From 121b9749037d7a6c92eaea46247c3aa183453bf7 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 21:36:01 +0000 Subject: [PATCH 323/868] prepare release 2.4.32 --- CHANGES | 5 ++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 34de108..60ed0c1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +---------------------------------------------------------------- +Released 2.4.32 2017-02-14 + ---------------------------------------------------------------- Released 2.4.31 2017-02-14 @@ -1329,4 +1332,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.407 2017/02/14 19:30:03 stroeder Exp $ +$Id: CHANGES,v 1.408 2017/02/14 21:36:01 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index a92d6f6..0129313 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.48 2017/02/14 13:36:33 stroeder Exp $ +$Id: dsml.py,v 1.49 2017/02/14 21:36:01 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.31' +__version__ = '2.4.32' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index b57c5d4..09dfa0c 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.109 2017/02/14 13:36:34 stroeder Exp $ +$Id: __init__.py,v 1.110 2017/02/14 21:36:01 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.31' +__version__ = '2.4.32' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 43c1f25..53171e8 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.84 2017/02/14 13:36:34 stroeder Exp $ +\$Id: ldapurl.py,v 1.85 2017/02/14 21:36:01 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.31' +__version__ = '2.4.32' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index deede81..84b3783 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.104 2017/02/14 13:36:34 stroeder Exp $ +$Id: ldif.py,v 1.105 2017/02/14 21:36:01 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.31' +__version__ = '2.4.32' __all__ = [ # constants From 960636d2c42ecb0ba725f2f4e834f13bd1ab6283 Mon Sep 17 00:00:00 2001 From: stroeder Date: Tue, 14 Feb 2017 21:38:13 +0000 Subject: [PATCH 324/868] running tests made easier now --- CHANGES | 6 +++++- MANIFEST.in | 1 + Tests/__init__.py | 15 +++++++++++++++ Tests/runtests.sh | 27 --------------------------- Tests/t_cext.py | 4 +++- setup.py | 3 ++- tox.ini | 13 +++++++++++++ 7 files changed, 39 insertions(+), 30 deletions(-) create mode 100644 Tests/__init__.py delete mode 100755 Tests/runtests.sh create mode 100644 tox.ini diff --git a/CHANGES b/CHANGES index 60ed0c1..1c5ef5c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ ---------------------------------------------------------------- Released 2.4.32 2017-02-14 +Running tests made easier: +- python setup.py test +- added tox.ini + ---------------------------------------------------------------- Released 2.4.31 2017-02-14 @@ -1332,4 +1336,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.408 2017/02/14 21:36:01 stroeder Exp $ +$Id: CHANGES,v 1.409 2017/02/14 21:38:13 stroeder Exp $ diff --git a/MANIFEST.in b/MANIFEST.in index 7ea2fdd..459af43 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -3,4 +3,5 @@ include Modules/*.c Modules/*.h Modules/LICENSE recursive-include Build *.cfg* recursive-include Lib *.py recursive-include Demo *.py +include tox.ini recursive-include Tests *.py diff --git a/Tests/__init__.py b/Tests/__init__.py new file mode 100644 index 0000000..739dd08 --- /dev/null +++ b/Tests/__init__.py @@ -0,0 +1,15 @@ +""" +python-ldap tests module package +""" + +import t_cext +import t_ldap_dn +import t_ldap_filter +import t_ldap_functions +import t_ldap_modlist +import t_ldap_schema_tokenizer +import t_ldapurl +import t_ldif +import t_search + +import slapd \ No newline at end of file diff --git a/Tests/runtests.sh b/Tests/runtests.sh deleted file mode 100755 index 7230c6e..0000000 --- a/Tests/runtests.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# -# This script runs all the t_*.py tests in the current directory, -# preparing PYTHONPATH to use the most recent local build -# -# Run with -v option for verbose -# - -set -e -: ${PYTHON:="python"} -plat_specifier=`$PYTHON -c 'import sys,distutils.util; \ - print(distutils.util.get_platform()+"-"+sys.version[0:3])'` -failed= -for test in t_*.py -do - echo "$test:" - PYTHONPATH="../build/lib.$plat_specifier" $PYTHON "$test" "$@" || - failed="$failed $test" -done - -if test -n "$failed"; then - echo "Tests that failed:$failed" >&2 - exit 1 -else - echo "All tests passed. Yay." - exit 0 -fi diff --git a/Tests/t_cext.py b/Tests/t_cext.py index fd17ee9..159d6fb 100644 --- a/Tests/t_cext.py +++ b/Tests/t_cext.py @@ -1,8 +1,10 @@ -import unittest, slapd +import unittest import _ldap import logging +from Tests import slapd + reusable_server = None def get_reusable_server(): global reusable_server diff --git a/setup.py b/setup.py index 0088b8f..5b1241a 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -$Id: setup.py,v 1.77 2017/02/14 19:07:15 stroeder Exp $ +$Id: setup.py,v 1.78 2017/02/14 21:38:13 stroeder Exp $ """ has_setuptools = False @@ -180,5 +180,6 @@ class OpenLDAP2: ], package_dir = {'': 'Lib',}, data_files = LDAP_CLASS.extra_files, + test_suite = 'Tests', **kwargs ) diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..d11ce1c --- /dev/null +++ b/tox.ini @@ -0,0 +1,13 @@ +# Tox (http://tox.testrun.org/) is a tool for running tests +# in multiple virtualenvs. This configuration file will run the +# test suite on all supported python versions. To use it, "pip install tox" +# and then run "tox" from this directory. + +[tox] +envlist = py27 + +[testenv] +commands = {envpython} setup.py test +deps = + pyasn1 + pyasn1_modules From f9dcc60c662c3914a7725b5fa276ad4fc5aff8ab Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 18 Feb 2017 13:40:49 +0000 Subject: [PATCH 325/868] removed obsolete import statement --- Tests/t_ldap_schema_tokenizer.py | 1 - 1 file changed, 1 deletion(-) diff --git a/Tests/t_ldap_schema_tokenizer.py b/Tests/t_ldap_schema_tokenizer.py index c77b20d..ddff528 100644 --- a/Tests/t_ldap_schema_tokenizer.py +++ b/Tests/t_ldap_schema_tokenizer.py @@ -1,7 +1,6 @@ import unittest import ldap.schema -from ldap.schema.tokenizer import split_tokens,extract_tokens class TestTokenize(unittest.TestCase): testcases_split_tokens = ( From 99604c45c730175459e6b637f9dd76f702614f3d Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 18 Feb 2017 14:16:11 +0000 Subject: [PATCH 326/868] refactored tests, make pylint happy --- Tests/t_ldap_schema_tokenizer.py | 79 +++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 27 deletions(-) diff --git a/Tests/t_ldap_schema_tokenizer.py b/Tests/t_ldap_schema_tokenizer.py index ddff528..f89487c 100644 --- a/Tests/t_ldap_schema_tokenizer.py +++ b/Tests/t_ldap_schema_tokenizer.py @@ -1,34 +1,59 @@ +""" +test module ldap.schema.tokenizer +""" + import unittest import ldap.schema -class TestTokenize(unittest.TestCase): - testcases_split_tokens = ( - (" BLUBBER DI BLUBB ", ["BLUBBER", "DI", "BLUBB"]), - ("BLUBBER DI BLUBB",["BLUBBER","DI","BLUBB"]), - ("BLUBBER DI BLUBB ",["BLUBBER","DI","BLUBB"]), - ("BLUBBER DI 'BLUBB' ",["BLUBBER","DI","BLUBB"]), - ("BLUBBER ( DI ) 'BLUBB' ",["BLUBBER","(","DI",")","BLUBB"]), - ("BLUBBER(DI)",["BLUBBER","(","DI",")"]), - ("BLUBBER ( DI)",["BLUBBER","(","DI",")"]), - ("BLUBBER ''",["BLUBBER",""]), - ("( BLUBBER (DI 'BLUBB'))",["(","BLUBBER","(","DI","BLUBB",")",")"]), - ("BLUBB (DA$BLAH)",['BLUBB',"(","DA","BLAH",")"]), - ("BLUBB ( DA $ BLAH )",['BLUBB',"(","DA","BLAH",")"]), - ("BLUBB (DA$ BLAH)",['BLUBB',"(","DA","BLAH",")"]), - ("BLUBB (DA $BLAH)",['BLUBB',"(","DA","BLAH",")"]), - ("BLUBB 'DA$BLAH'",['BLUBB',"DA$BLAH"]), - ("BLUBB DI 'BLU B B ER' DA 'BLAH' ",['BLUBB','DI','BLU B B ER','DA','BLAH']), - ("BLUBB DI 'BLU B B ER' DA 'BLAH' LABER",['BLUBB','DI','BLU B B ER','DA','BLAH','LABER']), - - #("BLUBBER DI 'BLU'BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU'BB ER", "DA", "BLAH"]), # for Oracle - #("BLUBB DI 'BLU B B ER'MUST 'BLAH' ",['BLUBB','DI','BLU B B ER','MUST','BLAH']) # for Oracle - ) - - def test_split_tokens(self): - for t, r in self.testcases_split_tokens: - l = ldap.schema.tokenizer.split_tokens(t, {'MUST':None}) - self.assertEqual(l, r) +# all basic test cases +TESTCASES_BASIC = ( + (" BLUBBER DI BLUBB ", ["BLUBBER", "DI", "BLUBB"]), + ("BLUBBER DI BLUBB", ["BLUBBER", "DI", "BLUBB"]), + ("BLUBBER DI BLUBB ", ["BLUBBER", "DI", "BLUBB"]), + ("BLUBBER DI 'BLUBB' ", ["BLUBBER", "DI", "BLUBB"]), + ("BLUBBER ( DI ) 'BLUBB' ", ["BLUBBER", "(", "DI", ")", "BLUBB"]), + ("BLUBBER(DI)", ["BLUBBER", "(", "DI", ")"]), + ("BLUBBER ( DI)", ["BLUBBER", "(", "DI", ")"]), + ("BLUBBER ''", ["BLUBBER", ""]), + ("( BLUBBER (DI 'BLUBB'))", ["(", "BLUBBER", "(", "DI", "BLUBB", ")", ")"]), + ("BLUBB (DA$BLAH)", ['BLUBB', "(", "DA", "BLAH", ")"]), + ("BLUBB ( DA $ BLAH )", ['BLUBB', "(", "DA", "BLAH", ")"]), + ("BLUBB (DA$ BLAH)", ['BLUBB', "(", "DA", "BLAH", ")"]), + ("BLUBB (DA $BLAH)", ['BLUBB', "(", "DA", "BLAH", ")"]), + ("BLUBB 'DA$BLAH'", ['BLUBB', "DA$BLAH"]), + ("BLUBB DI 'BLU B B ER' DA 'BLAH' ", ['BLUBB', 'DI', 'BLU B B ER', 'DA', 'BLAH']), + ("BLUBB DI 'BLU B B ER' DA 'BLAH' LABER", ['BLUBB', 'DI', 'BLU B B ER', 'DA', 'BLAH', 'LABER']), +) +# for broken schema of Oracle Internet Directory +TESTCASES_OID = ( + ("BLUBBER DI 'BLU'BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU'BB ER", "DA", "BLAH"]), + ("BLUBB DI 'BLU B B ER'MUST 'BLAH' ", ['BLUBB', 'DI', 'BLU B B ER', 'MUST', 'BLAH']) +) + + +class TestSplitTokens(unittest.TestCase): + """ + test function ldap.schema.tokenizer.split_tokens() + """ + + def _run_split_tokens_tests(self, test_cases): + for test_value, test_result in test_cases: + token_list = ldap.schema.tokenizer.split_tokens(test_value, None) + self.assertEqual(token_list, test_result) + + def test_basic(self): + """ + run test cases specified in constant TESTCASES_BASIC + """ + self._run_split_tokens_tests(TESTCASES_BASIC) + + @unittest.expectedFailure + def test_oid(self): + """ + run test cases specified in constant TESTCASES_OID + """ + self._run_split_tokens_tests(TESTCASES_OID) if __name__ == '__main__': From ff314a98aae67377bdbf50e10a659bddb12e8d5a Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 18 Feb 2017 14:32:23 +0000 Subject: [PATCH 327/868] use imported symbol ldap.schema.split_tokens() (without sub-module name) --- Tests/t_ldap_schema_tokenizer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/t_ldap_schema_tokenizer.py b/Tests/t_ldap_schema_tokenizer.py index f89487c..c0fe950 100644 --- a/Tests/t_ldap_schema_tokenizer.py +++ b/Tests/t_ldap_schema_tokenizer.py @@ -39,7 +39,7 @@ class TestSplitTokens(unittest.TestCase): def _run_split_tokens_tests(self, test_cases): for test_value, test_result in test_cases: - token_list = ldap.schema.tokenizer.split_tokens(test_value, None) + token_list = ldap.schema.split_tokens(test_value, None) self.assertEqual(token_list, test_result) def test_basic(self): From 892833cc900e7545af8c2c698ff79fb77af23844 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 18 Feb 2017 14:50:24 +0000 Subject: [PATCH 328/868] started 2.4.33 --- CHANGES | 5 ++++- Lib/dsml.py | 4 ++-- Lib/ldap/__init__.py | 4 ++-- Lib/ldapurl.py | 4 ++-- Lib/ldif.py | 4 ++-- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 1c5ef5c..463bb00 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +---------------------------------------------------------------- +Released 2.4.33 2017-02-xx + ---------------------------------------------------------------- Released 2.4.32 2017-02-14 @@ -1336,4 +1339,4 @@ Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 -$Id: CHANGES,v 1.409 2017/02/14 21:38:13 stroeder Exp $ +$Id: CHANGES,v 1.410 2017/02/18 14:50:24 stroeder Exp $ diff --git a/Lib/dsml.py b/Lib/dsml.py index 0129313..b8392fe 100644 --- a/Lib/dsml.py +++ b/Lib/dsml.py @@ -4,13 +4,13 @@ See http://www.python-ldap.org/ for details. -$Id: dsml.py,v 1.49 2017/02/14 21:36:01 stroeder Exp $ +$Id: dsml.py,v 1.50 2017/02/18 14:50:25 stroeder Exp $ Python compability note: Tested with Python 2.0+. """ -__version__ = '2.4.32' +__version__ = '2.4.33' import string,base64 diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py index 09dfa0c..0ada853 100644 --- a/Lib/ldap/__init__.py +++ b/Lib/ldap/__init__.py @@ -3,12 +3,12 @@ See http://www.python-ldap.org/ for details. -$Id: __init__.py,v 1.110 2017/02/14 21:36:01 stroeder Exp $ +$Id: __init__.py,v 1.111 2017/02/18 14:50:25 stroeder Exp $ """ # This is also the overall release version number -__version__ = '2.4.32' +__version__ = '2.4.33' import sys diff --git a/Lib/ldapurl.py b/Lib/ldapurl.py index 53171e8..c73b6bf 100644 --- a/Lib/ldapurl.py +++ b/Lib/ldapurl.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: ldapurl.py,v 1.85 2017/02/14 21:36:01 stroeder Exp $ +\$Id: ldapurl.py,v 1.86 2017/02/18 14:50:25 stroeder Exp $ Python compability note: This module only works with Python 2.0+ since @@ -11,7 +11,7 @@ 2. list comprehensions are used. """ -__version__ = '2.4.32' +__version__ = '2.4.33' __all__ = [ # constants diff --git a/Lib/ldif.py b/Lib/ldif.py index 84b3783..f34f52a 100644 --- a/Lib/ldif.py +++ b/Lib/ldif.py @@ -3,13 +3,13 @@ See http://www.python-ldap.org/ for details. -$Id: ldif.py,v 1.105 2017/02/14 21:36:01 stroeder Exp $ +$Id: ldif.py,v 1.106 2017/02/18 14:50:25 stroeder Exp $ Python compability note: Tested with Python 2.0+, but should work with Python 1.5.2+. """ -__version__ = '2.4.32' +__version__ = '2.4.33' __all__ = [ # constants From 22528752893a090adbc8f00a48cb04e2cc97df10 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 18 Feb 2017 15:32:01 +0000 Subject: [PATCH 329/868] split_tokens(): removed unused argument keywordDict --- Lib/ldap/schema/models.py | 4 ++-- Lib/ldap/schema/tokenizer.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Lib/ldap/schema/models.py b/Lib/ldap/schema/models.py index f7a7bd5..a4b4bab 100644 --- a/Lib/ldap/schema/models.py +++ b/Lib/ldap/schema/models.py @@ -3,7 +3,7 @@ See http://www.python-ldap.org/ for details. -\$Id: models.py,v 1.48 2015/06/06 09:21:38 stroeder Exp $ +\$Id: models.py,v 1.49 2017/02/18 15:32:01 stroeder Exp $ """ import UserDict,ldap.cidict @@ -54,7 +54,7 @@ class SchemaElement: def __init__(self,schema_element_str=None): if schema_element_str: - l = split_tokens(schema_element_str,self.token_defaults) + l = split_tokens(schema_element_str) self.set_id(l[1]) d = extract_tokens(l,self.token_defaults) self._set_attrs(l,d) diff --git a/Lib/ldap/schema/tokenizer.py b/Lib/ldap/schema/tokenizer.py index 469c326..b03b043 100644 --- a/Lib/ldap/schema/tokenizer.py +++ b/Lib/ldap/schema/tokenizer.py @@ -3,11 +3,11 @@ See http://www.python-ldap.org/ for details. -\$Id: tokenizer.py,v 1.13 2009/04/29 18:13:55 stroeder Exp $ +\$Id: tokenizer.py,v 1.14 2017/02/18 15:32:01 stroeder Exp $ """ -def split_tokens(s,keywordDict): +def split_tokens(s): """ Returns list of syntax elements with quotes and spaces stripped. From e8081a84a2e398805e0c281a42372933845ffbd5 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 18 Feb 2017 15:32:56 +0000 Subject: [PATCH 330/868] some more re-factoring --- Tests/t_ldap_schema_tokenizer.py | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/Tests/t_ldap_schema_tokenizer.py b/Tests/t_ldap_schema_tokenizer.py index c0fe950..79a12e9 100644 --- a/Tests/t_ldap_schema_tokenizer.py +++ b/Tests/t_ldap_schema_tokenizer.py @@ -6,7 +6,7 @@ import ldap.schema -# all basic test cases +# basic test cases TESTCASES_BASIC = ( (" BLUBBER DI BLUBB ", ["BLUBBER", "DI", "BLUBB"]), ("BLUBBER DI BLUBB", ["BLUBBER", "DI", "BLUBB"]), @@ -25,12 +25,18 @@ ("BLUBB DI 'BLU B B ER' DA 'BLAH' ", ['BLUBB', 'DI', 'BLU B B ER', 'DA', 'BLAH']), ("BLUBB DI 'BLU B B ER' DA 'BLAH' LABER", ['BLUBB', 'DI', 'BLU B B ER', 'DA', 'BLAH', 'LABER']), ) -# for broken schema of Oracle Internet Directory -TESTCASES_OID = ( + +# broken schema of Oracle Internet Directory +TESTCASES_BROKEN_OID = ( ("BLUBBER DI 'BLU'BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU'BB ER", "DA", "BLAH"]), ("BLUBB DI 'BLU B B ER'MUST 'BLAH' ", ['BLUBB', 'DI', 'BLU B B ER', 'MUST', 'BLAH']) ) +# for quoted single quotes inside string values +TESTCASES_ESCAPED_QUOTES = ( + ("BLUBBER DI 'BLU\'BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU'BB ER", "DA", "BLAH"]), +) + class TestSplitTokens(unittest.TestCase): """ @@ -39,7 +45,7 @@ class TestSplitTokens(unittest.TestCase): def _run_split_tokens_tests(self, test_cases): for test_value, test_result in test_cases: - token_list = ldap.schema.split_tokens(test_value, None) + token_list = ldap.schema.split_tokens(test_value) self.assertEqual(token_list, test_result) def test_basic(self): @@ -49,11 +55,18 @@ def test_basic(self): self._run_split_tokens_tests(TESTCASES_BASIC) @unittest.expectedFailure - def test_oid(self): + def test_broken_oid(self): + """ + run test cases specified in constant TESTCASES_BROKEN_OID + """ + self._run_split_tokens_tests(TESTCASES_BROKEN_OID) + + @unittest.expectedFailure + def test_escaped_quotes(self): """ - run test cases specified in constant TESTCASES_OID + run test cases specified in constant TESTCASES_ESCAPED_QUOTES """ - self._run_split_tokens_tests(TESTCASES_OID) + self._run_split_tokens_tests(TESTCASES_ESCAPED_QUOTES) if __name__ == '__main__': From 2145b73c994b909d035e9958de17f26c8ecb73d3 Mon Sep 17 00:00:00 2001 From: stroeder Date: Sat, 18 Feb 2017 17:24:51 +0000 Subject: [PATCH 331/868] new test script t_ldap_schema_subentry.py --- .../ldif/subschema-ipa.demo1.freeipa.org.ldif | 6809 ++++++++++++++ Tests/ldif/subschema-openldap-all.ldif | 8017 +++++++++++++++++ Tests/t_ldap_schema_subentry.py | 32 + 3 files changed, 14858 insertions(+) create mode 100644 Tests/ldif/subschema-ipa.demo1.freeipa.org.ldif create mode 100644 Tests/ldif/subschema-openldap-all.ldif create mode 100644 Tests/t_ldap_schema_subentry.py diff --git a/Tests/ldif/subschema-ipa.demo1.freeipa.org.ldif b/Tests/ldif/subschema-ipa.demo1.freeipa.org.ldif new file mode 100644 index 0000000..a420a1a --- /dev/null +++ b/Tests/ldif/subschema-ipa.demo1.freeipa.org.ldif @@ -0,0 +1,6809 @@ +######################################################################## +# LDIF export by web2ldap 1.2.80, see http://www.web2ldap.de +# Date and time: Saturday, 2017-02-18 17:09:08 GMT +# Bind-DN: u'uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org' +# LDAP-URL of search: +# ldap://ipa.demo1.freeipa.org/cn%3Dschema?matchingRuleUse,ldapSyntaxes,nameForms,dITStructureRules,attributeTypes,matchingRules,dITContentRules,objectClasses,objectClass,cn?base?%28objectClass%3D%2A%29?bindname=uid%3Dadmin%2Ccn%3Dusers%2Ccn%3Daccounts%2Cdc%3Ddemo1%2Cdc%3Dfreeipa%2Cdc%3Dorg +######################################################################## +version: 1 + +dn: cn=schema +attributeTypes: ( 2.16.840.1.113730.3.1.582 NAME 'nsDS5ReplicaCredentials' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who + may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.51 NAME 'ipaAllowedToPerform' DES + C 'DNs allowed to perform an operation' SUP distinguishedName EQUALITY dist + inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4. + 0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2274 NAME 'nsslapd-instancedir' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUAL + ITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Descriptive in + formation about this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'r + fc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.4 NAME 'ipatokenNotAfter' DESC + 'Token expiration date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.532 NAME 'ntUserCountryCode' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'LDAP referrals a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'LDAPv3 referr + als Internet Draft' ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.4 NAME ( 'nsAIMid' 'nscpaimscreenname' + ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.52 NAME 'ipk11Verify' DESC 'Key + supports verification where the signature is an appendix to the data' EQUA + LITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN + ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.204 NAME 'replicaNickName' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( sslVersionMin-oid NAME 'sslVersionMin' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2 + 535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' + DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IP + A v3' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DES + C 'Base at which the samba RID generation algorithm should operate' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2243 NAME 'nsslapd-securelistenhost' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2108 NAME 'nsPagedLookThroughLimit' + DESC 'Binder-based simple paged search operation look through limit' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIG + IN '389' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus' DESC 'Account sta + tus: enabled or disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.7 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2091 NAME 'nsslapd-suffix' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN + 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.24 NAME 'ipaEntitlementId' DESC 'E + ntitlement Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO + rderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Gro + up Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( nsUserRDNComponent-oid NAME 'nsUserRDNComponent' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Administration Services' ) +attributeTypes: ( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DES + C 'Site-specific names of media supported by this printer.' EQUALITY caseIg + noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2301 NAME 'nsslapd-plugin-logging' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822mailbox' ) + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' X-DEPRECATED 'rfc822mailbox' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.607 NAME 'nsDS5Flags' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsTaskLabel-oid NAME 'nsTaskLabel' DESC 'Netscape defined + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC + 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2068 NAME 'pamExcludeSuffix' DESC 'S + uffixes to exclude from PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred' DESC ' + Remote bind credentials' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN '389 Directory Server' ) +attributeTypes: ( nsBindDN-oid NAME 'nsBindDN' DESC 'Netscape defined attrib + ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) +attributeTypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.44 NAME 'ipaPermExcludedAttr' DES + C 'IPA permission explicitly excluded attribute' EQUALITY caseIgnoreMatch O + RDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2261 NAME 'nsslapd-attribute-name-ex + ceptions' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.527 NAME 'ntUserLastLogoff' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 1.3.6.1.4.1.250.1.2 NAME 'multiLineDescription' DESC 'Pilo + t attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Internet W + hite Pages Pilot' ) +attributeTypes: ( 2.16.840.1.113730.3.1.102 NAME ( 'passwordChange' 'pwdAllo + wUserChange' ) DESC 'Netscape defined password policy attribute type' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory S + erver' ) +attributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' + RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.21 NAME 'mailQuota' DESC 'Netscape M + essaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'RFC273 + 9: multi-value URI for snapshots of other calendars' EQUALITY caseIgnoreIA5 + Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26 X-ORIGIN 'rfc2739' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2238 NAME 'nsslapd-security' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNe + tIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X- + ORIGIN ( 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2327 NAME 'nsslapd-auditfaillog' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully + qualified name of distinguished Java class or interface' EQUALITY caseExac + tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713 + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.240 NAME 'replicatedattributelist' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2175 NAME 'nsslapd-accesslog-logrota + tionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsRevisionNumber-oid NAME 'nsRevisionNumber' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multi + value string attribute that allows storing host names.' EQUALITY caseIgnore + Match ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.62 NAME 'ipaAnchorUUID' DESC 'Uni + que Anchor Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrdering + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4' + 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2207 NAME 'nsslapd-rootdn' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsHelpRef-oid NAME 'nsHelpRef' DESC 'Netscape defined attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maxi + mum time an agent or service allows for a search to complete' EQUALITY inte + gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' E + QUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA + v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.43 NAME 'ntUserDeleteAccount' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.217 NAME 'replicaCFUpdated' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.61 NAME 'ipk11Sensitive' DESC ' + Key is sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Inte + rnet Draft' ) +attributeTypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon + Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI + NGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' EQUALITY numericS + tringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.36 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.998 NAME ( 'passwordGraceUserTime' ' + pwdGraceUserTime' ) DESC 'Netscape defined password policy attribute type' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.3 NAME 'cmdCategory' DESC 'Additio + nal classification for commands' EQUALITY caseIgnoreMatch ORDERING caseIgno + reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host inf + ormation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' DESC 'Standard LDA + P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI + N 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2225 NAME 'nsslapd-workingdir' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' EQUA + LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.781 NAME 'mgrpAddHeader' DESC 'Netsc + ape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.65 NAME 'ntUserLogonServer' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2295 NAME 'nsslapd-allowed-sasl-mech + anisms' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2162 NAME 'winSyncDirectoryFilter' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of t + ime interval for which the entry is valid' EQUALITY generalizedTimeMatch OR + DERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X- + ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.59 NAME 'ipaKeyUsage' DESC 'Allow + ed key usage' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Ful + ly qualified name of the domain with which a trust exists' EQUALITY caseIgn + oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user + defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC + 'List of resolutions supported for printing documents by this printer.' EQ + UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.12 NAME 'ipatokenTOTPtimeStep' + DESC 'TOTP time-step' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2139 NAME 'winSyncMoveAction' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.14 NAME 'idnsForwardPolicy' DESC ' + forward policy: only or first' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor + eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORI + GIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( nsExpirationDate-oid NAME 'nsExpirationDate' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC + 'Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middlew + are.internet2.edu/eduperson/' ) +attributeTypes: ( nsVendor-oid NAME 'nsVendor' DESC 'Netscape defined attrib + ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2332 NAME 'allowWeakDHParam' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.87 NAME 'cirUpdateSchedule' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.253 NAME 'nsValueSyntax' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape servers - value item' ) +attributeTypes: ( 2.5.4.32 NAME 'owner' SUP distinguishedName EQUALITY dist + inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' + ) +attributeTypes: ( nsLdapSchemaVersion-oid NAME 'nsLdapSchemaVersion' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUAL + ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2100 NAME 'autoMemberInclusiveRegex' + DESC 'Auto Membership inclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Obje + ct class mappings used, required, or supported by an agent or service' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RF + C4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2089 NAME 'mepMappedAttr' DESC 'Mana + ged Entries mapped attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN + '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2212 NAME 'nsslapd-useroc' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.6 NAME 'ipaReplTopoSegmentGener + ated' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2282 NAME 'nsslapd-rundir' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.3 NAME 'mozillaHomeLocalityName' SUP + name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disc + onnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationname' ) SUP name EQUALIT + Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationname' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2259 NAME 'nsslapd-return-exact-case + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsAdminAccessAddresses-oid NAME 'nsAdminAccessAddresses' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Administration Services' ) +attributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' EQ + UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( nsAdminUsers-oid NAME 'nsAdminUsers' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape A + dministration Services' ) +attributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' + RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.19 NAME 'mailMessageStore' DESC 'Net + scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2126 NAME 'dnaHostname' DESC 'DNA ho + stname of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DES + C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2230 NAME 'nsslapd-ldapiautobind' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2196 NAME 'nsslapd-accesslog-logexpi + rationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.576 NAME 'nsRoleFilter' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU + E X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.70 NAME 'serverRoot' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape Administration Services' ) +attributeTypes: ( 5.3.6.1.1.1.1.0 NAME 'trustModel' DESC 'Access scheme' EQU + ALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'nss_ldap/pam_ldap' ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( + 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.248 NAME 'nsValueDN' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Nets + cape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.41 NAME 'parentOrganization' EQU + ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VA + LUE X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additi + onal classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnore + OrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imp + ersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( nsAdminEnableDSGW-oid NAME 'nsAdminEnableDSGW' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-sup + ported' DESC 'Indicates whether or not this printer supports more than one + document per job.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.21 NAME 'ipatokenHOTPcounter' D + ESC 'HOTP counter' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.1 NAME 'ipaCertProfileStoreIssu + ed' DESC 'Store certificates issued using this profile' EQUALITY booleanMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.2' ' + user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1 NAME ( 'mozillaNickname' 'xmozillani + ckname' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME 'idnsSecAlgorithm' DESC 'D + NSKEY algorithm: string used as mnemonic' EQUALITY caseIgnoreIA5Match SUBST + R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- + VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeM + atch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'R + FC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.92 NAME ( 'passwordExpWarned' 'pwdEx + pirationWarned' ) DESC 'Netscape defined password policy attribute type' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X- + ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash + of user password' EQUALITY octetStringMatch ORDERING octetStringOrderingMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'u + ser defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2246 NAME 'nsslapd-maxdescriptors' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.23 NAME 'ipaNTTrustedDomainSID' D + ESC 'NT Trusted Domain Security ID' EQUALITY caseIgnoreIA5Match SUBSTR case + IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2113 NAME 'internalModifiersName' DE + SC 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MO + DIFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.20 NAME 'ipk11PublicKeyInfo' DE + SC 'DER-encoding of SubjectPublicKeyInfo of associated public key' EQUALITY + octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.1 + ' 'user defined' ) ) +attributeTypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2094 NAME 'nsslapd-parent-suffix' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X + -ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus' DESC '"act + ive", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Nex + t NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DE + SC 'Indicates the number of job priority levels supported by this printer.' + EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2183 NAME 'nsslapd-audit-logrotation + syncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME 'mgrpNoDuplicateChecks' DES + C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2304 NAME 'nsslapd-dynamic-plugins' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.602 NAME 'entrydn' DESC 'internal se + rver defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpe + ration ) +attributeTypes: ( 2.16.840.1.113730.3.1.1098 NAME 'nsds5replicaSessionPauseT + ime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Serve + r' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2073 NAME 'pamSecure' DESC 'Require + secure (TLS/SSL) connection for PAM auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2264 NAME 'nsslapd-max-filter-nest-l + evel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Rang + e type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Ind + icates whether this printer is capable of any type of color printing at all + , including highlight color.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.7 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' EQUALITY objectIdentifier + FirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpe + ration X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' EQUAL + ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.522 NAME 'ntUserComment' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( nsmsgDisallowAccess-oid NAME 'nsmsgDisallowAccess' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.24 NAME 'mailRoutingAddress' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'RFC + 2739: multi-value URI to other request destinations' EQUALITY caseIgnoreIA5 + Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26 X-ORIGIN 'rfc2739' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2131 NAME 'pamFilter' DESC 'Filter t + o match entries that should use PAM authentication' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.42 NAME 'ipk11Derive' DESC 'Key + supports key derivation' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.234 NAME 'nsSNMPLocation' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming A + uthority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA + 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation X-ORIGIN 'RFC 4512' + ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' + DESC 'Scoped Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'h + ttp://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.16 NAME 'ipaNTTrustAuthIncoming' + DESC 'Authentication information for the incoming portion of a trust' EQUAL + ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsHostLocation-oid NAME 'nsHostLocation' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe' ) +attributeTypes: ( 2.16.840.1.113730.3.1.590 NAME 'nsDS5ReplicaName' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2178 NAME 'nsslapd-accesslog-logrota + tionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.15 NAME 'ipk11Destroyable' DESC + 'Can be destroyed by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pw + dMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory S + erver' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access + time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.687 NAME 'nsds5replicaChangesSentSin + ceStartup' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The u + nordered list of XRI (extended resource identifiers) supported by this prin + ter.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.46 NAME 'ntGroupDeleteGroup' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.4 NAME 'ipaSearchRecordsLimit' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.32 NAME 'ipaLocation' DESC 'Refere + nce to IPA location' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.9 NAME 'newRdn' DESC 'Changelog attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Intern + et Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2147 NAME 'rootdn-allow-host' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.34 NAME 'ipaIDRangeSize' DESC 'Si + ze of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2251 NAME 'nsslapd-accesscontrol' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.14 SINGLE-VALUE X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC 'Changelo + g attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog + Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.229 NAME 'nsslapd-pluginVendor' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS + Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnore + IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home di + rectory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2228 NAME 'nsslapd-ldapifilepath' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' + RFC 2307' ) +attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.21 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2317 NAME 'nsslapd-auditfaillog-logr + otationsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.68 NAME 'ntUserPasswordExpired' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SING + LE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.7 NAME 'idnsSOAretry' DESC 'SOA re + try value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2298 NAME 'nsslapd-enable-turbo-mode + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.585 NAME 'nsDS5ReplicatedAttributeLi + st' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2165 NAME 'schemaUpdateObjectclassAc + cept' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.52 NAME 'ipaProtectedOperation' D + ESC 'Operation to be protected' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2277 NAME 'nsslapd-tmpdir' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1002 NAME 'nsds7NewWinUserSyncEnable + d' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.7 NAME 'ipatokenSerial' DESC 'O + TP Token Serial number' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.19 NAME 'ipatokenRadiusRetries' + DESC 'Number of allowed Retries' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' DESC 'o + ld variant of modifyTimestamp' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'RFC 1274' ) +attributeTypes: ( 2.16.840.1.113730.3.1.535 NAME 'ntUserHomeDirDrive' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.110 NAME 'ntGroupId' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X- + ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.33 NAME 'mgrpModerator' DESC 'Netsca + pe Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.207 NAME 'vlvBase' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netsca + pe Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.51 NAME 'ipk11Encrypt' DESC 'Ke + y supports encryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsServerMigrationClassname-oid NAME 'nsServerMigrationClas + sname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( nsSSLPersonalitySSL-oid NAME 'nsSSLPersonalitySSL' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A s + tring option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.1 + 09.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICA + TION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio' DESC 'Rati + o (compared with FTPRatioUp) for downloaded files' EQUALITY integerMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases' DESC ' + Specifies if a service or agent either requires, supports, or uses derefere + ncing of aliases.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.18 NAME 'ipk11StartDate' DESC ' + Validity start date' EQUALITY generalizedTimeMatch ORDERING generalizedTime + OrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN ( + 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.801 NAME 'mgrpRemoveHeader' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.27 NAME 'ipaSELinuxUserMapOrder' D + ESC 'Available SELinux user context ordering' EQUALITY caseIgnoreMatch ORDE + RING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.70 NAME 'ipaPermTargetTo' DESC 'D + estination location to move an entry IPA permission ACI' EQUALITY distingui + shedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( + 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2215 NAME 'nsslapd-allow-unauthentic + ated-binds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'Th + e maximum number of copies of a document that may be printed as a single jo + b on this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.55 NAME 'aci' DESC 'Netscape defined + access control information attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2285 NAME 'nsslapd-hash-filters' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.7 NAME ( 'l' 'locality' 'localityname' ) SUP name E + QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'locality localityname' + ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key + Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBST + R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( nsSSL3SessionTimeout-oid NAME 'nsSSL3SessionTimeout' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2152 NAME 'nsds5ReplicaProtocolTimeo + ut' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC ' + Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.49 NAME 'ipaPermTarget' DESC 'IPA + permission target' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.105 NAME ( 'passwordLockout' 'pwdLoc + kOut' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Standard LDAP + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN + 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2129 NAME 'dnaNextRange' DESC 'DNA r + ange of values to get from replica' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( nsSSL3-oid NAME 'nsSSL3' DESC 'Netscape defined attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windo + ws NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2199 NAME 'nsslapd-accesslog-logexpi + rationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.571 NAME 'nsSizeLimit' DESC 'Binder- + based search operation size limit (entries)' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory S + erver' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisN + etIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2322 NAME 'nsslapd-auditfaillog-logm + infreediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.77 NAME 'changeTime' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.243 NAME 'nsValueCIS' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape servers - value item' ) +attributeTypes: ( 2.16.840.1.113730.3.8.18.2.3 NAME 'ipaVaultPublicKey' DESC + 'IPA vault public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.40 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2170 NAME 'nsslapd-accesslog-level' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of ad + ministrator who performed manual enrollment of the host' SUP distinguishedN + ame EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X- + ORIGIN 'IPA v2' ) +attributeTypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defin + ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.2202 NAME 'nsslapd-accesslog-logging + -enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class + ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC + 'Identifies the types of authentication methods either used, required, or p + rovided by a service or peer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( ' + RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.4 NAME 'ipaCaCategory' DESC 'Ad + ditional classification for CAs' EQUALITY caseIgnoreMatch ORDERING caseIgno + reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automou + nt information' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307bis' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.64 NAME 'ipk11SignRecover' DESC + 'Key supports signatures where data can be recovered from the signature' E + QUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS def + ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'vehicle li + cense or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) +attributeTypes: ( nsCertConfig-oid NAME 'nsCertConfig' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape C + ertificate Management System' ) +attributeTypes: ( 2.16.840.1.113730.3.1.99 NAME ( 'passwordMinLength' 'pwdMi + nLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Serve + r' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC + 'User Home Directory Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrde + ringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2249 NAME 'nsslapd-idletimeout' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberM + atch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.50 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.6 NAME 'ipaSudoRunAs' DESC 'Refere + nce to a user or group that the commands can be run as.' SUP memberUser EQU + ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2116 NAME 'dnaPrefix' DESC 'DNA stri + ng prefix for dna value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2220 NAME 'nsslapd-minssf-exclude-ro + otdse' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2186 NAME 'nsslapd-auditlog-logrotat + iontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.60 NAME 'ntUserAuthFlags' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2290 NAME 'nsslapd-disk-monitoring-t + hreshold' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2076 NAME ( 'passwordMinAlphas' 'pwd + MinAlphas' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.49 NAME 'DHCIDRecord' DESC 'Dynamic + Host Configuration Protocol (DHCP) Information, RFC 4701' EQUALITY caseIgno + reIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyRefere + nce' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE ) +attributeTypes: ( authorityKeyHost-oid NAME 'authorityKeyHost' DESC 'Authori + ty Key Hosts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.406 NAME 'nsSynchUserIDFormat' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS + name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The + standard names/types/sizes (and optional color suffixes) of the media supp + orted by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' EQUALITY objectIdentifierF + irstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOper + ation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.11 NAME 'ipatokenTOTPclockOffse + t' DESC 'TOTP clock offset' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( nsAdminEnableEnduser-oid NAME 'nsAdminEnableEnduser' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Administration Services' ) +attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Standard LDAP att + ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DES + C 'allow persistent searches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2134 NAME 'nsds5ReplicaStripAttrs' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.544 NAME 'nsParentUniqueId' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'O + rganizational Unit DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'http: + //middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.82 NAME 'cirBindDn' DESC 'Netscape d + efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netsc + ape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.13 NAME 'ipaNTTrustDirection' DES + C 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG i + mage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Ful + ly qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2103 NAME 'autoMemberDisabled' DESC + 'Auto Membership disabled attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.809 NAME 'nsds5replicaLastInitStatus + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2084 NAME 'nsSymmetricKey' DESC 'A s + ymmetric key - currently used by attribute encryption' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'attribute encryption' ) +attributeTypes: ( 2.16.840.1.113730.3.1.682 NAME 'nsds5ReplicaPurgeDelay' DE + SC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' EQUAL + ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 1.3.6.1.4.1.1.1.1.12 NAME 'nisDomain' DESC 'NIS domain' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) + ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.1 NAME 'ipaReplTopoConfRoot' DE + SC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsTLS1-oid NAME 'nsTLS1' DESC 'Netscape defined attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2063 NAME 'nsEncryptionAlgorithm' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.4 NAME 'mozillaHomeState' SUP name EQ + UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey' DESC 'SSH + public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2254 NAME 'nsslapd-pwpolicy-local' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.14 NAME 'mailAutoReplyMode' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2121 NAME 'dnaScope' DESC 'DNA base + DN for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X + -ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.224 NAME 'nsslapd-pluginPath' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.2.1.2 NAME 'acctPolicySubentry' DESC 'A + ccount policy pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE US + AGE directoryOperation X-ORIGIN 'Account Policy Plugin' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timest + amp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2233 NAME 'nsslapd-ldapiuidnumbertyp + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2191 NAME 'nsslapd-errorlog-logmaxdi + skspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.579 NAME 'nsDS5ReplicaPort' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.2 NAME 'idnsZoneActive' DESC 'defi + ne if the zone is considered in use' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Opera + tional attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY + caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defin + ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.707 NAME 'vacationstartdate' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.580 NAME 'nsDS5ReplicaTransportInfo' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2168 NAME 'schemaUpdateAttributeReje + ct' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s + ) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' DESC + 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE ) +attributeTypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS def + ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined + ' ) +attributeTypes: ( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language + -supported' DESC 'Natural language(s) supported for this directory entry.' + EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1005 NAME 'nsds7DirsyncCookie' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.530 NAME 'ntUserLogonHours' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.24 NAME 'ipatokenTOTPsyncWindow + ' DESC 'TOTP Sync Window (maximum synchronization variance in seconds)' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIG + IN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' DESC 'old + variant of modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'R + FC 1274' ) +attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'nsLicensedFor' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N + etscape Administration Services' ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.2 NAME ( 'mozillaSecondEmail' 'xmozill + asecondemail' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Mozilla A + ddress Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.22 NAME 'idnsSecKeyInactive' DESC + 'DNSSEC key (planned) inactivation time' EQUALITY generalizedTimeMatch ORDE + RING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SING + LE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.202 NAME 'replicaCredentials' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.3023 NAME 'nsViewFilter' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Directory Server' ) +attributeTypes: ( nsSSL2Ciphers-oid NAME 'nsSSL2Ciphers' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( nsServerAddress-oid NAME 'nsServerAddress' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.91 NAME 'passwordExpirationTime' DES + C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Dire + ctory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2241 NAME 'nsslapd-errorlog' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsProductName-oid NAME 'nsProductName' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'X.509 author + ity revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.40 X-ORIGIN 'RFC 4523' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2027 NAME 'nsruvReplicaLastModified' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2097 NAME 'autoMemberScope' DESC 'Au + to Membership scope criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V + ALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Times + tamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.695 NAME 'inetSubscriberChallenge' D + ESC 'Used to confirm subscriberIdentity. This attribute holds the challeng + e phrase and is used in conjunction with the inetSubscriberResponse' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber i + nteroperability' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' E + QUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VA + LUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2218 NAME 'nsslapd-localssf' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' + DESC 'The possible stacking order of pages as they are printed and ejected + from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'RFC2739: URI + to the users default freebusy data' EQUALITY caseIgnoreIA5Match SUBSTR case + IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc + 2739' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2307 NAME 'nsslapd-allow-hashed-pass + words' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.58 NAME 'replicaBindDn' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'N + etscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.605 NAME 'entryid' DESC 'internal se + rver defined attribute type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation + ) +attributeTypes: ( 2.16.840.1.113730.3.1.2288 NAME 'nsslapd-defaultnamingcont + ext' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( authorityParentID-oid NAME 'authorityParentID' DESC 'Autho + rity Parent ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN + 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.9 NAME 'mozillaWorkUrl' EQUALITY case + IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Moz + illa Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2155 NAME 'nsds5ReplicaBackoffMax' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.42 NAME 'ipaPermDefaultAttr' DESC + 'IPA permission default attribute' EQUALITY caseIgnoreMatch ORDERING caseI + gnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4. + 0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2267 NAME 'nsslapd-certmap-basedn' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.525 NAME 'ntUserWorkstations' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.100 NAME 'passwordKeepHistory' DESC + 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.23 NAME 'mgrpAllowedDomain' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'RFC2739: URI + used to communicate with the users calendar' EQUALITY caseIgnoreIA5Match S + UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-O + RIGIN 'rfc2739' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.41 NAME 'ipk11KeyType' DESC 'Ke + y type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.237 NAME 'nsSNMPMasterHost' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsDefaultAcceptLanguage-oid NAME 'nsDefaultAcceptLanguage' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2325 NAME 'nsslapd-auditfaillog-logg + ing-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.593 NAME 'nsSNMPName' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Polic + y on how to treat host requests for cert operations.' EQUALITY caseIgnoreMa + tch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.60 NAME 'ipaKeyExtUsage' DESC 'Al + lowed extended key usage' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.38 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2205 NAME 'nsslapd-auditlog-logging- + hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'List of sit + e-specific administrative names of this printer in addition to the value sp + ecified for printer-name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY ca + seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.45 NAME 'ntGroupCreateNewGroup' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.7 NAME 'ipaDefaultLoginShell' EQU + ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.63 NAME 'ipk11Sign' DESC 'Key s + upports signatures where the signature is an appendix to the data' EQUALITY + booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( ' + IPA v4.1' 'user defined' ) ) +attributeTypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.215 NAME 'oid' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape D + irectory Server' ) +attributeTypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'type of + employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2142 NAME 'nsSaslMapPriority' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.39 NAME 'ipaNTSIDBlacklistOutgoin + g' DESC 'Extra SIDs filtered out from outgoing MS-PAC' EQUALITY caseIgnoreI + A5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 X-ORIGIN 'IPA v3' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust + Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 ) +attributeTypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2119 NAME 'dnaMagicRegen' DESC 'DNA + value that will trigger regeneration of attribute value' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Refe + rence to a command or group of commands that are allowed by the rule.' SUP + distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' + EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Tim + estamp of when the user is allowed to update the password' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.4.42 NAME 'givenName' SUP name EQUALITY caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'RFC 4519' ) +attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2189 NAME 'nsslapd-auditlog-logrotat + iontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.12 NAME 'hostMask' DESC 'IP mask t + o identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2312 NAME 'dnaExcludeScope' DESC 'DN + of a subtree excluded from DNA plugin scope' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.12 X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.67 NAME 'ntUserProfile' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU + E X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2079 NAME ( 'passwordMinSpecials' 'p + wdMinSpecials' ) DESC 'Netscape defined password policy attribute type' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.588 NAME 'nsDS5ReplicaId' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod' DESC + 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' + ) +attributeTypes: ( 1.3.6.1.4.1.13769.4.3 NAME 'mozillaCustom3' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC ' + Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.57 NAME 'ipaCertIssuerSerial' DES + C 'Issuer name and serial number' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.1' + 'user defined' ) ) +attributeTypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2272 NAME 'nsslapd-plugin-binddn-tra + cking' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.2 NAME 'ipatokenDisabled' DESC + 'Optionally marks token as Disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' EQUALITY objectIdentifier + FirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpe + ration X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME ( 'labeledURI' 'labeledurl' ) E + QUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 X-ORIGIN 'RFC 2079' X-DEPRECATED 'labeledurl' ) +attributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'Standard LDAP + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.54 NAME 'ipk11Wrap' DESC 'Key s + upports wrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS + defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user def + ined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2330 NAME 'nsslapd-logging-backend' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.89 NAME 'cirSyncInterval' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC + 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of + a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.251 NAME 'nsValueFlags' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N + etscape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles' DESC 'Quota ( + in number of files) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DE + SC 'Specifies the type of credentials either used, required, or supported b + y a specific service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2106 NAME 'nsIDListScanLimit' DESC ' + Binder-based search operation ID list scan limit (candidate entries)' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORI + GIN '389' ) +attributeTypes: ( 2.16.840.1.113730.3.1.804 NAME 'nsSchemaCSN' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsServerSecurity-oid NAME 'nsServerSecurity' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.22 NAME 'ipaMigrationEnabled' DESC + 'Enable adding user entries with pre-hashed passwords.' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.75 NAME 'ipaNTAdditionalSuffixes' + DESC 'Suffix for the user principal name associated with the domain' EQUAL + ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4 + .4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2210 NAME 'nsslapd-auditlog' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.50 NAME 'replicaBeginOrc' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.4 NAME 'ipaReplTopoSegmentRight + Node' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' + ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'favouriteDrink' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2280 NAME 'nsslapd-bakdir' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surName' ) SUP name EQUALITY caseIgn + oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'surName' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2066 NAME 'nsSaslMapFilterTemplate' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.1 NAME 'mozillaHomeStreet' EQUALITY c + aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindo + w' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatc + h SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 + X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.108 NAME 'passwordUnlock' DESC 'Nets + cape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Standard L + DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307 + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2124 NAME 'dnaRemainingValues' DESC + 'DNA remaining values left to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( nsSSLClientAuth-oid NAME 'nsSSLClientAuth' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2236 NAME 'nsslapd-anonlimitsdn' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2194 NAME 'nsslapd-errorlog-logminfr + eediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.574 NAME 'nsRole' DESC 'Netscape def + ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICAT + ION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsAdminGroupName-oid NAME 'nsAdminGroupName' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.19.2.2 NAME 'ipaMinDomainLevel' DESC + 'Minimal supported Domain Level value' EQUALITY numericStringMatch ORDERIN + G numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-OR + IGIN ( 'IPA v4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.72 NAME 'serverVersionNumber' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.246 NAME 'nsValueInt' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Net + scape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.43 NAME 'preferredTimeZone' DESC + 'preferred time zone for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI + N 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2173 NAME 'nsslapd-errorlog-maxlogsi + ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.6 NAME 'userCategory' DESC 'Additi + onal classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnore + OrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) + impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' + DESC 'The possible source document formats which may be interpreted and pr + inted by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'An a + gent or service does or should follow referrals' EQUALITY booleanMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user def + ined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.23 NAME 'ipatokenTOTPauthWindow + ' DESC 'TOTP Auth Window (maximum authentication variance in seconds)' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI + N ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.7 NAME 'ipaCaIssuerDN' DESC 'Is + suer DN' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user define + d' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.25 NAME 'idnsSecKeyRevoke' DESC 'D + NSKEY REVOKE flag (equivalent to bit 8): RFC 5011' EQUALITY booleanMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user + defined' ) ) +attributeTypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.552 NAME 'costargettree' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.94 NAME 'retryCountResetTime' DESC ' + Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directo + ry Server' ) +attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.21 NAME 'ipaAllowToImpersonate' D + ESC 'Principals that can be impersonated' SUP distinguishedName EQUALITY di + stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA-v + 3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2244 NAME 'nnslapd-threadnumber' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that th + e entry belongs to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape + Delegated Administrator' ) +attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) SYNTAX + 1.3.6.1.4.1.1466.115.121.1.22 X-ORIGIN 'RFC 4519' X-DEPRECATED 'fax' ) +attributeTypes: ( authorityEnabled-oid NAME 'authorityEnabled' DESC 'Authori + ty Enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user + defined' ) +attributeTypes: ( nsDirectoryURL-oid NAME 'nsDirectoryURL' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netsca + pe' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2111 NAME 'tombstoneNumSubordinates' + DESC 'count of immediate subordinates for tombstone entries' EQUALITY inte + gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 d + irectory server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.9 NAME 'ipaSudoRunAsGroup' DESC 'R + eference to group that the commands can be run as.' SUP memberUser EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA + v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.22 NAME 'ipk11Subject' DESC 'DE + R-encoding of subject name' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.690 NAME 'inetDomainBaseDN' DESC 'Ba + se DN of user subtree for a DNS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 2 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' + EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user define + d' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2223 NAME 'nsslapd-localhost' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ' + RFC 2307' ) +attributeTypes: ( ServerCertExtractFile-oid NAME 'ServerCertExtractFile' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2181 NAME 'nsslapd-accesslog-logrota + tionsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.569 NAME 'cosPriority' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsOsVersion-oid NAME 'nsOsVersion' DESC 'Netscape defined + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( nsJarfilename-oid NAME 'nsJarfilename' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2293 NAME 'nsslapd-ndn-cache-enabled + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2071 NAME 'pamIDAttr' DESC 'Name of + attribute holding PAM ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Re + d Hat Directory Server' ) +attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN' DESC 'Re + mote bind DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '3 + 89 Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPasswo + rd' DESC 'Previous clear text password (used for trusted domain passwords)' + EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'Th + e nominal number of pages per minute which may be output by this printer.' + EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.14 NAME 'ipatokenRadiusUserName + ' DESC 'Corresponding Radius username' EQUALITY caseIgnoreMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' + ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'ditRedirect' DESC 'Standa + rd LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC + 1274' ) +attributeTypes: ( 2.16.840.1.113730.3.1.520 NAME 'nswmExtendedUserPrefs' DES + C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.26 NAME 'mgrpErrorsTo' DESC 'Netscap + e Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2137 NAME 'nsds5ReplicaAbortCleanRUV + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.12 NAME 'idnsAllowTransfer' DESC ' + BIND9 allow-transfer ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' EQUALITY + objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperati + on X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.232 NAME 'nsSNMPEnabled' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certifica + te, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.17 NAME 'ldapSchemas' SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 2927' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC + 'Entitlement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middlew + are.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2328 NAME 'nsslapd-auditfaillog-list + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.81 NAME 'cirPort' DESC 'Netscape def + ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscap + e Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.14 NAME 'ipaNTTrustPartner' DESC + 'Fully qualified name of the domain with which a trust exists' EQUALITY cas + eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' ' + user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid' DESC 'System uid (ov + errides gidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.17 NAME 'ipk11CheckValue' DESC + 'Checksum' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X + -ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2087 NAME 'mepManagedEntry' DESC 'Ma + naged Entries pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 D + irectory Server' ) +attributeTypes: ( nsAdminSIEDN-oid NAME 'nsAdminSIEDN' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.685 NAME 'nsds5replicaLastUpdateStar + t' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORD + ERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SIN + GLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2208 NAME 'nsslapd-rootdnpw' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.48 NAME 'replicaPort' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.2 NAME 'ipaGroupSearchFields' EQU + ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.30 NAME 'idnsSubstitutionVariable' + DESC 'User defined variable for DNS plugin' EQUALITY caseIgnoreIA5Match SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.210 NAME 'vlvSort' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe Directory Server' ) +attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.51 NAME 'nSEC3PARAMRecord' DESC 'RFC + 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user + defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2145 NAME 'rootdn-close-time' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2257 NAME 'nsslapd-accesslog-logbuff + ering' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.32 NAME 'ipaKrbPrincipalAlias' DE + SC 'DEPRECATED - DO NOT USE' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOr + deringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlycountrynam + e' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'friendlycountry + name' ) +attributeTypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'mailAlternateAddress' DESC + 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.227 NAME 'nsslapd-pluginId' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roam + ing profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.5 NAME 'idnsSOAserial' DESC 'SOA s + erial number' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2315 NAME 'nsDS5ReplicaWaitForAsyncR + esults' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.613 NAME 'copiedFrom' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsServerPort-oid NAME 'nsServerPort' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' + ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC ' + Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING + LE-VALUE X-ORIGIN 'RFC 2713' ) +attributeTypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.583 NAME 'nsDS5ReplicaBindMethod' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2275 NAME 'nsslapd-schemadir' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsSSLActivation-oid NAME 'nsSSLActivation' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Make + and model of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc + 3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.5 NAME 'ipatokenVendor' DESC 'O + ptional Vendor identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA + OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1000 NAME 'nsds7WindowsReplicaSubtre + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' EQUALITY dist + inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.533 NAME 'ntUserCodePage' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'changeLog' DESC 'the distin + guished name of the entry which contains the set of entries comprising this + servers changelog' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.53 NAME 'ipk11VerifyRecover' DE + SC 'Key supports verification where data is recovered from the signature' E + QUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.205 NAME 'changeLogMaximumConcurrent + Writes' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, + RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boo + lean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING + LE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat + /Netbios Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( nsDirectoryInfoRef-oid NAME 'nsDirectoryInfoRef' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN + 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth' DESC ' + Bandwidth (in KB/s) to limit download speeds to' EQUALITY integerMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2109 NAME 'nsPagedIDListScanLimit' D + ESC 'Binder-based simple paged search operation ID list scan limit' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGI + N '389' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2092 NAME 'nsslapd-ldapiautodnsuffix + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 12 X-ORIGIN 'Netscape' ) +attributeTypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.25 NAME 'ipaPermissionType' DESC ' + IPA permission flags' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'X.509 supported + algorithms' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN 'RFC 4523' ) +attributeTypes: ( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' + DESC 'The possible output features supported by this printer.' EQUALITY ca + seIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2302 NAME 'nsslapd-listen-backlog-si + ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.57 NAME 'replicaRoot' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.608 NAME 'nsDS5Task' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2069 NAME 'pamMissingSuffix' DESC 'H + ow to handle missing include or exclude suffixes' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetaddress' ) EQUALITY caseIg + noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'streetaddress' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, R + FC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' + EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 2.16.840.1.113730.3.1.2150 NAME 'rootdn-deny-ip' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( nsGroupRDNComponent-oid NAME 'nsGroupRDNComponent' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Administration Services' ) +attributeTypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximu + m password age, in seconds (default: -1 => never expire passwords)' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.47 NAME 'ipaPermRight' DESC 'IPA + permission rights' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2262 NAME 'nsslapd-maxbersize' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseI + gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.528 NAME 'ntUserAcctExpires' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.103 NAME ( 'passwordCheckSyntax' 'pw + dCheckSyntax' ) DESC 'Netscape defined password policy attribute type' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' DESC 'Standard L + DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307 + ' ) +attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'RFC2739 + : multi-value URI for other free/busy data' EQUALITY caseIgnoreIA5Match SUB + STR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORI + GIN 'rfc2739' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.44 NAME 'ipk11AllowedMechanisms + ' DESC 'Space-separated list of mechanisms allowed to be used with this key + ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2239 NAME 'nsslapd-SSL3ciphers' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2320 NAME 'nsslapd-auditfaillog-logr + otationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.79 NAME 'cirReplicaRoot' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ' + Netscape Directory Server' ) +attributeTypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'preferr + ed name of a person to be used when displaying entries' EQUALITY caseIgnore + Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'RFC 2798' ) +attributeTypes: ( nsProductVersion-oid NAME 'nsProductVersion' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.18.2.1 NAME 'ipaVaultType' DESC 'IPA + vault type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN ( 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2176 NAME 'nsslapd-errorlog-logrotat + ionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.1 NAME 'ipaUniqueID' DESC 'Unique + identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC + 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING cas + eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTy + pes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.65 NAME 'ipaWrappingMech' DESC 'P + KCS#11 wrapping mechanism equivalent to CK_MECHANISM_TYPE' EQUALITY caseIgn + oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA + v4.1' 'user defined' ) ) +attributeTypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2200 NAME 'nsslapd-errorlog-logexpir + ationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Li + st of default servers' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'RFC4876 + ' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC + 'signed message used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 + X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount M + ap Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI + NGLE-VALUE X-ORIGIN 'RFC 2307bis' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef' DESC 'PKCS + #11 URI of the key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsSecureServerPort-oid NAME 'nsSecureServerPort' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.218 NAME 'replicaAbandonedChanges' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.66 NAME 'ipk11Extractable' DESC + 'Key is extractable and can be wrapped' EQUALITY booleanMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) + ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, + RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( authorityKeyNickname-oid NAME 'authorityKeyNickname' DESC + 'Authority key nickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN ( 'user-defined' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.7 NAME 'changeType' DESC 'Changelog + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Changelog In + ternet Draft' ) +attributeTypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the + user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC ' + Concatenated MD5 hashes of the salted NT passwords used on this account' EQ + UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( ' + IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress EQUAL + ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.999 NAME ( 'passwordGraceLimit' 'pwd + GraceLoginLimit' ) DESC 'Netscape defined password policy attribute type' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directo + ry Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2114 NAME 'internalCreatorsName' DES + C 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MOD + IFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.4 NAME 'externalUser' DESC 'Multiv + alue string attribute that allows storing user names.' EQUALITY caseIgnoreM + atch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( nsBindPassword-oid NAME 'nsBindPassword' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe' ) +attributeTypes: ( 2.16.840.1.113730.3.1.812 NAME 'netscapeReversiblePassword + ' DESC 'password for HTTP Digest/MD5 authentication' EQUALITY octetStringMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'Netscape Web Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain nam + e pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2226 NAME 'nsslapd-listenhost' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2184 NAME 'nsslapd-accesslog-logrota + tiontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' EQUALITY distin + guishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.62 NAME 'ntUserParms' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2296 NAME 'nsslapd-ignore-virtual-at + trs' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2074 NAME 'pamService' DESC 'Service + name to pass to pam_start' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL + UE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReference + s' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.1 NAME 'ipk11UniqueId' DESC 'Me + aningless unique identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2163 NAME 'winSyncWindowsFilter' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.4.4 NAME 'mozillaCustom4' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'D + irection of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.58 NAME 'ipaKeyTrust' DESC 'Key t + rust (unknown, trusted, distrusted)' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) + ) +attributeTypes: ( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' D + ESC 'List of print qualities supported for printing documents on this print + er.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.13 NAME 'ipatokenOwner' DESC 'U + ser entry that owns this token' SUP distinguishedName EQUALITY distinguishe + dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IP + A OTP' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'lis + t of forwarders' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v2' 'user define + d' ) ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickName' DESC 'Ni + ckName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middleware.in + ternet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.542 NAME 'nsUniqueId' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2333 NAME 'nsds5ReplicaReleaseTimeou + t' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.84 NAME 'cirUseSsl' DESC 'Netscape d + efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsc + ape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.11 NAME 'ipaNTTrustType' DESC 'Ty + pe of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( nsServerID-oid NAME 'nsServerID' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.254 NAME 'nsValueHelpURL' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN + 'Netscape servers - value item' ) +attributeTypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.2 NAME 'dNSdefaultTTL' DESC 'An inte + ger denoting default time to live, RFC 2308' EQUALITY integerMatch ORDERING + integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN ( 'IPA + v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RF + C 4519' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Ide + ntifies type of credentials either used, required, or supported by an agent + or service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2101 NAME 'autoMemberDefaultGroup' D + ESC 'Auto Membership default group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X- + ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.12 NAME 'ipk11Modifiable' DESC + 'Can be modified by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.807 NAME 'nsds5replicaLastInitStart' + DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2213 NAME 'nsslapd-userat' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.7 NAME 'ipaReplTopoManagedAgree + mentState' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' EQUALITY caseI + gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionType + s' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2283 NAME 'nsslapd-SSLclientAuth' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNa + meMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'RFC 451 + 2' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.2 NAME 'mozillaHomeStreet2' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2148 NAME 'rootdn-deny-host' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC + 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name + EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationalUnitNam + e' ) +attributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' EQUALI + TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.16 NAME 'mailDeliveryOption' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2127 NAME 'dnaPortNum' DESC 'DNA por + t number of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.222 NAME ( 'passwordMinAge' 'pwdMinA + ge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' DESC 'La + st login time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE dire + ctoryOperation X-ORIGIN 'Account Policy Plugin' ) +attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2231 NAME 'nsslapd-ldapimaprootdn' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2197 NAME 'nsslapd-errorlog-logexpir + ationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.577 NAME 'cosIndirectSpecifier' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2318 NAME 'nsslapd-auditfaillog-logr + otationsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.71 NAME 'serverProductName' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.0 NAME 'idnsName' DESC 'DNS FQDN' + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE ) +attributeTypes: ( 5.3.6.1.1.1.1.1 NAME 'accessTo' DESC 'Access to which serv + ers user is allowed' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'nss_ldap/pam_ldap' + ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IP + A v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.249 NAME 'nsValueType' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape servers - value item' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.9 NAME 'ipaEnabledFlag' DESC 'The + flag to show if the association is active or should be ignored' EQUALITY bo + oleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v + 2' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) + followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2278 NAME 'nsslapd-certdir' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-speci + fic administrative name of this printer.' EQUALITY caseIgnoreMatch SUBSTR c + aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.26 NAME 'ipatokenHOTPsyncWindow + ' DESC 'HOTP Sync Window (maximum synchronization skip-ahead)' EQUALITY int + egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA + OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.2 NAME 'ipaMemberCa' DESC 'Refe + rence to a CA member' SUP distinguishedName EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.2' 'user defined' + ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.38 NAME 'nsLicenseEndTime' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.20 NAME 'idnsSecKeyPublish' DESC ' + DNSSEC key (planned) publication time' EQUALITY generalizedTimeMatch ORDERI + NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.200 NAME 'changeLogMaximumAge' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( authorityDN-oid NAME 'authorityDN' DESC 'Authority DN' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION + USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.93 NAME 'passwordRetryCount' DESC 'N + etscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Director + y Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'U + ser Logon Script Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrdering + Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC ' + Target principals alowed to get a ticket for' SUP distinguishedName EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'I + PA-v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2247 NAME 'nsslapd-conntablesize' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defin + ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' + ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.21 NAME 'ipk11Distrusted' DESC + 'Must not be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsSuiteSpotUser-oid NAME 'nsSuiteSpotUser' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2095 NAME 'connection' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.693 NAME 'inetUserHttpURL' DESC 'A u + sers Web addresses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape + subscriber interoperability' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 h + ash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The + identity of the current human service person responsible for servicing this + printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2305 NAME 'nsslapd-moddn-aci' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.603 NAME 'dncomp' DESC 'internal ser + ver defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.16.840.1.113730.3.1.1099 NAME 'winSyncInterval' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation + Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsBaseDN-oid NAME 'nsBaseDN' DESC 'Netscape defined attrib + ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.40 NAME 'ipaUserAuthType' DESC 'A + llowed authentication methods' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2265 NAME 'nsslapd-versionstring' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DES + C 'Compression algorithms supported by this printer.' EQUALITY caseIgnoreMa + tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.523 NAME 'ntUserFlags' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE + X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.25 NAME 'mgrpDeliverTo' DESC 'Netsca + pe Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2132 NAME 'nsds5ReplicaEnabled' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsExecRef-oid NAME 'nsExecRef' DESC 'Netscape defined attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.235 NAME 'nsSNMPContact' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.43 NAME 'ipk11KeyGenMechanism' + DESC 'Mechanism used to generate this key' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defi + ned' ) ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY oc + tetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.19 NAME 'ipaNTSupportedEncryption + Types' DESC 'Supported encryption types of a trust' EQUALITY integerMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.591 NAME 'nsDS5ReplicaReferral' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2179 NAME 'nsslapd-errorlog-logrotat + ionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2082 NAME ( 'passwordMinCategories' + 'pwdMinCategories' ) DESC 'Netscape defined password policy attribute type' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Direc + tory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS + domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.688 NAME 'nsds5replicaLastUpdateStat + us' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' EQUALI + TY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.5 NAME 'ipaCustomFields' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME 'ipaServiceWeight' DESC 'W + eight for the server in IPA location' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.213 NAME 'vlvEnabled' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2140 NAME 'passwordTrackUpdateTime' + DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 't + ype of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security + ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2252 NAME 'nsslapd-groupevalnestleve + l' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALI + TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC + 'List of user workstations the user is allowed to logon to' EQUALITY caseIg + noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA + v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' DESC 'Standard LDAP + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN + 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.8.12.33 NAME 'ipaAssignedIDView' DESC + 'DN of view assigned to this particular host' SUP distinguishedName EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + X-ORIGIN ( 'IPA v4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2229 NAME 'nsslapd-ldapilisten' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'X.509 cross cer + tificate pair' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 40 X-ORIGIN 'RFC 4523' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.10 NAME 'ipaSudoRunAsExtGroup' DES + C 'Multivalue string attribute that allows storing group name the command c + an be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2 + ' ) +attributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' EQUALI + TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.8 NAME 'idnsSOAexpire' DESC 'SOA e + xpire value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2310 NAME 'nsds5ReplicaFlowControlWi + ndow' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.69 NAME 'subtreeACI' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets + cape Directory Server 1.0' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2299 NAME 'nsslapd-connection-buffer + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2166 NAME 'schemaUpdateObjectclassRe + ject' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.586 NAME 'nsDS5ReplicaUpdateSchedule + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.4.1 NAME 'mozillaCustom1' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.55 NAME 'ipaSecretKey' DESC 'Encr + ypted secret key data' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2270 NAME 'nsslapd-auditlog-list' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1003 NAME 'nsds7NewWinGroupSyncEnabl + ed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.536 NAME 'ntGroupAttributes' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.111 NAME 'ntUniqueId' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'Standard LDA + P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI + N 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC + 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.18 NAME 'idnsSecInlineSigning' DES + C 'allow inline DNSSEC signing' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.208 NAME 'vlvScope' DESC 'Netscape d + efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netsc + ape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Term + inal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR cas + eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +attributeTypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( nsNickName-oid NAME 'nsNickName' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An + integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'X.509 user certifica + te' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN + 'RFC 4523' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2104 NAME 'nsslapd-pluginConfigArea' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 2 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.146 + 6.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIF + ICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio' DESC 'Ratio + (compared with FTPRatioDown) for uploaded files' EQUALITY integerMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMetho + d' DESC 'Specifies types authentication methods either used, required, or s + upported by a particular service' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'RFC4876' + 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.19 NAME 'ipk11EndDate' DESC 'Va + lidity end date' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrde + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA + v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.802 NAME 'nsds5ReplicaLegacyConsumer + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.20 NAME 'memberService' DESC 'Refe + rence to the pam service of this operation.' SUP distinguishedName EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA + v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2216 NAME 'nsslapd-require-secure-bi + nds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsKeyfile-oid NAME 'nsKeyfile' DESC 'Netscape defined attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.52 NAME 'replicaUpdateSchedule' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.23 X-ORIGIN 'RFC 1274' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.70 NAME 'ipk11UnwrapTemplate' D + ESC 'DN of template to apply to keys unwrapped using this key' EQUALITY dis + tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2286 NAME 'nsslapd-outbound-ldap-io- + timeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.11 SINGLE-VALUE X-ORIGIN 'RFC 4519' X-DEPRECATED 'countryName' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2064 NAME 'nsSaslMapRegexString' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2153 NAME ( 'passwordAdminDN' 'pwdAd + minDN' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimu + m password age, in seconds (default: 0 => allow immediate password change)' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.48 NAME 'ipaPermTargetFilter' DES + C 'IPA permission target filter' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.5.4.14 NAME 'searchGuide' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.25 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.106 NAME ( 'passwordMaxFailure' 'pwd + MaxFailure' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se + rver' ) +attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Standard L + DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307 + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2234 NAME 'nsslapd-ldapigidnumbertyp + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.572 NAME 'nsTimeLimit' DESC 'Binder- + based search operation time limit (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory S + erver' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2323 NAME 'nsslapd-auditfaillog-loge + xpirationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.74 NAME 'administratorContactInfo' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Administration Services' ) +attributeTypes: ( nsClassname-oid NAME 'nsClassname' DESC 'Netscape defined + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.244 NAME 'nsValueCES' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Net + scape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IAN + A GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 X-ORIGIN 'NSS LDAP schema' ) +attributeTypes: ( allowWeakCipher-oid NAME 'allowWeakCipher' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2171 NAME 'nsslapd-accesslog-maxlogs + perdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.4 NAME 'fqdn' DESC 'FQDN' EQUALITY + caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2203 NAME 'nsslapd-errorlog-logging- + enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to l + ive, in seconds, before a profile is considered stale' EQUALITY integerMatc + h ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE + -VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.5 NAME 'ipaCertProfileCategory' + DESC 'Additional classification for certificate profiles' EQUALITY caseIgn + oreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.2' 'user defined' ) + ) +attributeTypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key v + alue' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL + E-VALUE X-ORIGIN 'RFC 2307bis' ) +attributeTypes: ( nsDeleteclassname-oid NAME 'nsDeleteclassname' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( nsmsgNumMsgQuota-oid NAME 'nsmsgNumMsgQuota' DESC 'Netscap + e Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.65 NAME 'ipk11Unwrap' DESC 'Key + supports unwrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsAdminCgiWaitPid-oid NAME 'nsAdminCgiWaitPid' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'iden + tifies a department within an organization' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'R + FC 2798' ) +attributeTypes: ( 2.16.840.1.113730.3.1.550 NAME 'cosAttribute' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N + etscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.96 NAME ( 'passwordHistory' 'pwdHist + ory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.5 USAGE directoryOperation X-ORIGIN 'Netscape Director + y Server' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALIT + Y generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC ' + Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' + DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO + rderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.5.4.21 NAME 'telexNumber' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.52 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS def + ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2117 NAME 'dnaNextValue' DESC 'DNA n + ext available value for assignment' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI + NGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.7 NAME 'ipaSudoRunAsExtUser' DESC + 'Multivalue string attribute that allows storing user name the command can + be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2098 NAME 'autoMemberFilter' DESC 'A + uto Membership filter criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.17 NAME 'RPRecord' DESC 'Responsible + Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user + defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2221 NAME 'nsslapd-validate-cert' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2187 NAME 'nsslapd-accesslog-logrota + tiontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2308 NAME 'nstombstonecsn' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.61 NAME 'ntUserUsrComment' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2291 NAME 'nsslapd-disk-monitoring-g + race-period' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2077 NAME ( 'passwordMinUppers' 'pwd + MinUppers' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.407 NAME 'nsSynchUniqueAttribute' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DES + C 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN + ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2268 NAME 'nsslapd-accesslog-list' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC + 'The possible finishing operations supported by this printer.' EQUALITY ca + seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.8 NAME 'ipatokenOTPkey' DESC 'O + TP Token Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 + 0 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.5.21.6 NAME 'objectClasses' EQUALITY objectIdentifierFi + rstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpera + tion X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.16 NAME 'ipatokenRadiusServer' + DESC 'Server String Configuration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.28 NAME 'mgrpMsgRejectAction' DESC ' + Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( + 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2135 NAME 'nsds5ReplicaCleanRUV' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.10 NAME 'idnsUpdatePolicy' DESC 'D + NS dynamic updates policy' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.230 NAME 'nsslapd-pluginDescription' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsAdminCacheLifetime-oid NAME 'nsAdminCacheLifetime' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.327 NAME 'nsIndexType' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.545 NAME 'nscpEntryDN' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation + ' DESC 'Primary Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.83 NAME 'cirUsePersistentSearch' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.12 NAME 'ipaNTTrustAttributes' DE + SC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully + qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.11 NAME 'ipk11Private' DESC 'Is + private to application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' EQUALITY distinguished + NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFIC + ATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2085 NAME 'isReplicated' DESC 'Chang + elog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Netscape + Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.18 NAME 'managedBy' DESC 'DNs of e + ntries allowed to manage' SUP distinguishedName EQUALITY distinguishedNameM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.683 NAME 'nsds5ReplicaTombstonePurge + Interval' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'Sta + ndard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( + 'RFC 1274' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.2 NAME 'ipaReplTopoSegmentDirec + tion' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1100 NAME 'oneWaySync' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.68 NAME 'ipk11NeverExtractable' + DESC 'Key has never been extractable' EQUALITY booleanMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsConfigRoot-oid NAME 'nsConfigRoot' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' + ) +attributeTypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.7 NAME 'mozillaHomeUrl' EQUALITY case + IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Moz + illa Address Book' ) +attributeTypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.30 NAME 'ipaSELinuxUser' DESC 'An + SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2255 NAME 'passwordIsGlobalPolicy' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephon + eNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED + 'mobileTelephoneNumber' ) +attributeTypes: ( nsAdminDomainName-oid NAME 'nsAdminDomainName' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.15 NAME 'mailAutoReplyText' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2122 NAME 'dnaMaxValue' DESC 'DNA ma + ximum value to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X- + ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.225 NAME 'nsslapd-pluginInitfunc' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsAdminEndUserHTMLIndex-oid NAME 'nsAdminEndUserHTMLIndex' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN 'Netscape Administration Services' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.2.1.3 NAME 'accountInactivityLimit' DES + C 'Account inactivity limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'Account Policy Plugin' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver + letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined + ' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2192 NAME 'nsslapd-auditlog-logmaxdi + skspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsBuildSecurity-oid NAME 'nsBuildSecurity' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.3 NAME 'idnsSOAmName' DESC 'SOA Na + me' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.708 NAME 'vacationenddate' DESC 'Net + scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.581 NAME 'nsDS5ReplicaBindDN' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2169 NAME 'nsslapd-pagedsizelimit' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( mgrpApprovePassword-oid NAME 'mgrpApprovePassword' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' D + ESC 'Forest trust information for a trusted domain object' EQUALITY caseExa + ctMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user + defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'The physic + al location of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rf + c3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.25 NAME 'ipatokenHOTPauthWindow + ' DESC 'HOTP Auth Window (maximum authentication skip-ahead)' EQUALITY inte + gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA + OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.531 NAME 'ntUserBadPwCount' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.37 NAME 'nsLicenseStartTime' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.23 NAME 'idnsSecKeyDelete' DESC 'D + NSSEC key (planned) deletion timestamp' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.203 NAME 'replicaEntryFilter' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( authorityID-oid NAME 'authorityID' DESC 'Authority ID' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share + Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC ' + External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgn + oreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v3' ' + user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2242 NAME 'nsslapd-securePort' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'X.509 cert + ificate revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.40 X-ORIGIN 'RFC 4523' ) +attributeTypes: ( nsAdminAccountInfo-oid NAME 'nsAdminAccountInfo' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.24 NAME 'ipk11Local' DESC 'Was + created locally on token' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2090 NAME 'mepRDNAttr' DESC 'Managed + Entries RDN attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 + Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.696 NAME 'inetSubscriberResponse' DE + SC 'Used to confirm subscriberIdentity. This attribute holds the response + phrase and is used in conjunction with the inetSubscriberChallenge' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber in + teroperability' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Accoun + t Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S + INGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.34 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2219 NAME 'nsslapd-minssf' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-suppo + rted' DESC 'The possible delivery orientations of pages as they are printed + and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 1.3.6.1.4.1.250.1.60 NAME ( 'ttl' 'timeToLive' ) DESC 'tim + e to live in seconds for cached objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'LDAP Caching Internet Draft' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltType + s' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2300 NAME 'nsslapd-connection-nocano + n' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.59 NAME 'ntUserPriv' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X- + ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2289 NAME 'nsslapd-disk-monitoring' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsDefaultObjectClass-oid NAME 'nsDefaultObjectClass' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Administration Services' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.8 NAME 'mozillaWorkStreet2' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2156 NAME 'nsslapd-sasl-max-buffer-s + ize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2260 NAME 'nsslapd-result-tweak' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.45 NAME 'ipaPermBindRuleType' DES + C 'IPA permission bind rule type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.526 NAME 'ntUserLastLogon' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.101 NAME ( 'passwordInHistory' 'pwdI + nHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' DESC 'Standard LDAP att + ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RF + C 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.20 NAME 'mailProgramDeliveryInfo' DE + SC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'RFC2739: + URI for event equests destination' EQUALITY caseIgnoreIA5Match SUBSTR caseI + gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2 + 739' ) +attributeTypes: ( 2.16.840.1.113730.3.1.238 NAME 'nsSNMPMasterPort' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer + to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrder + ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2326 NAME 'nsslapd-auditfaillog-logg + ing-hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) + specifying the location of class definition' EQUALITY caseExactIA5Match SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2713' ) +attributeTypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.594 NAME 'nsDS5ReplicatedAttributeLi + stTotal' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2174 NAME 'nsslapd-auditlog-maxlogsi + ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.10 NAME 'sourceHost' DESC 'Link to + a host or group of hosts' SUP memberHost EQUALITY distinguishedNameMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2206 NAME 'nsslapd-unhashed-pw-switc + h' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.63 NAME 'ipaOriginalUid' DESC 'Or + iginal UID of overriden user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( ' + IPA v4' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC ' + List of preferred servers' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'RFC + 4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.42 NAME 'ntUserCreateNewAccount' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.8 NAME 'ipaDefaultPrimaryGroup' E + QUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'PKCS #12 + PFX PDU for exchange of personal identity information' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC 'Changelo + g attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Changelog + Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2143 NAME 'nsslapd-sasl-mapping-fall + back' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'if TRUE, subordinate + entries may exist' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'num + Subordinates Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.38 NAME 'ipaNTSIDBlacklistIncomin + g' DESC 'Extra SIDs filtered out from incoming MS-PAC' EQUALITY caseIgnoreI + A5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 X-ORIGIN 'IPA v3' ) +attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch S + UBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 X-O + RIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.997 NAME 'pwdpolicysubentry' DESC 'N + etscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Director + y Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Refer + ence to a command or group of commands that are denied by the rule.' SUP di + stinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2224 NAME 'nsslapd-port' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL + UE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'Standard LDAP attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.5.4.43 NAME 'initials' SUP name EQUALITY caseIgnoreMatc + h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.13 NAME 'sudoCmd' DESC 'Command(s) + to be executed by sudo' EQUALITY caseExactMatch ORDERING caseExactMatch SU + BSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2313 NAME 'nsslapd-changelogtrim-int + erval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.64 NAME 'ntUserNumLogons' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2294 NAME 'nsslapd-ndn-cache-max-siz + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2161 NAME 'nsIndexIDListScanLimit' D + ESC 'fine grained idlistscanlimit - per index/type/value' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.589 NAME 'nsDS5ReplicaType' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.4.2 NAME 'mozillaCustom2' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start o + f time interval for which the entry is valid' EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type o + f trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.56 NAME 'ipaCertSubject' DESC 'Su + bject name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2273 NAME 'nsslapd-config' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' EQUALITY objectIden + tifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIF + ICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.3 NAME 'ipatokenNotBefore' DESC + 'Token validity date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( nsDisplayName-oid NAME 'nsDisplayName' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + Administration Services' ) +attributeTypes: ( authorityParentDN-oid NAME 'authorityParentDN' DESC 'Autho + rity Parent DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN + 'user defined' ) +attributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'Standard LDAP att + ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.55 NAME 'ipk11WrapTemplate' DES + C 'DN of template of keys which can be wrapped using this key' EQUALITY dis + tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2331 NAME 'nsslapd-logging-hr-timest + amps-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.86 NAME 'cirLastUpdateApplied' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certi + ficate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN + 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer den + oting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 ) +attributeTypes: ( 2.5.4.31 NAME 'member' SUP distinguishedName EQUALITY dis + tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519 + ' ) +attributeTypes: ( sslVersionMax-oid NAME 'sslVersionMax' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.252 NAME 'nsValueDescription' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'Netscape servers - value item' ) +attributeTypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether t + he user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2107 NAME 'nsPagedSizeLimit' DESC 'B + inder-based simple paged search operation size limit' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC ' + Default scope used when performing a search' EQUALITY caseIgnoreIA5Match SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user + defined' ) ) +attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.805 NAME 'nsds5replicaTimeout' DESC + 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2088 NAME 'mepStaticAttr' DESC 'Mana + ged Entries static attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN + '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.23 NAME 'ipaCertificateSubjectBase + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.74 NAME 'ipaDNSVersion' DESC 'IPA + DNS data version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.3' 'user d + efined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2211 NAME 'nsslapd-dynamicconf' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.51 NAME 'replicaUpdateReplayed' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.5 NAME 'ipaReplTopoSegmentStatu + s' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2281 NAME 'nsslapd-saslpath' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'commonName' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2067 NAME 'pamIncludeSuffix' DESC 'S + uffixes to include for PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.199 NAME 'memberCertificateDescripti + on' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2312.4.3.3.1 NAME 'sabayonProfileURL' DESC 'Th + e URL of a sabayon profile' SUP labeledURI EQUALITY caseExactMatch SUBSTR c + aseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Saba + yon' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' + DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch SUBST + R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2258 NAME 'nsslapd-csnlogging' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsSSL2-oid NAME 'nsSSL2' DESC 'Netscape defined attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.109 NAME ( 'passwordLockoutDuration' + 'pwdLockoutDuration' ) DESC 'Netscape defined password policy attribute ty + pe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Di + rectory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'Netscape Me + ssaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2125 NAME 'dnaThreshold' DESC 'DNA t + hreshold for getting next range of values' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.220 NAME ( 'passwordMustChange' 'pwd + MustChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se + rver' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2237 NAME 'nsslapd-counters' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2195 NAME 'nsslapd-auditlog-logminfr + eediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.575 NAME 'nsRoleDN' DESC 'Netscape d + efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directory + Operation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.19.2.3 NAME 'ipaMaxDomainLevel' DESC + 'Maximal supported Domain Level value' EQUALITY numericStringMatch ORDERIN + G numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-OR + IGIN ( 'IPA v4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.73 NAME 'installationTimeStamp' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.247 NAME 'nsValueBin' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Nets + cape servers - value item' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Referenc + e to a device where the operation takes place (usually host).' SUP distingu + ishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group( + s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DE + SC 'IPP protocol version(s) that this printer supports.' EQUALITY caseIgnor + eMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.20 NAME 'ipatokenUserMapAttribu + te' DESC 'Attribute to map from the user entry for RADIUS server authentica + tion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.26 NAME 'idnsSecKeySep' DESC 'DNSK + EY SEP flag (equivalent to bit 15): RFC 4035' EQUALITY booleanMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defin + ed' ) ) +attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeM + atch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'R + FC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.553 NAME 'costemplatedn' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VAL + UE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.95 NAME 'accountUnlockTime' DESC 'Ne + tscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.20 NAME 'memberPrincipal' DESC 'P + rincipal names member of a groupOfPrincipals group' EQUALITY caseIgnoreMatc + h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN ( 'IPA-v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.4 NAME 'ipaNTFallbackPrimaryGroup + ' DESC 'Fallback Group to set the Primary group Security Identifier for use + rs with UPGs' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2245 NAME 'nsslapd-maxthreadsperconn + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQU + ALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2112 NAME 'ntGroupType' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU + E X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.23 NAME 'ipk11Id' DESC 'Key ass + ociation identifier' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'C + MS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user d + efined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox + or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR case + IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC ' + Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.691 NAME 'inetDomainStatus' DESC '"a + ctive", "inactive", or "deleted" status of a domain' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' + ) +attributeTypes: ( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DE + SC 'The maximum size in kilobytes (1,024 octets actually) incoming print jo + b that this printer will accept.' EQUALITY integerMatch ORDERING integerOrd + eringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3 + 712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2182 NAME 'nsslapd-errorlog-logrotat + ionsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME 'mgrpBroadcasterPolicy' DES + C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.601 NAME 'adminRole' DESC 'Administr + ative role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Delegat + ed Administrator' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2072 NAME 'pamFallback' DESC 'Fallba + ck to regular LDAP BIND if PAM auth fails' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol' DE + SC 'Connection protocol: LDAP, TLS, or SSL' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( nsLogSuppress-oid NAME 'nsLogSuppress' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC + 'Clear text password (used for trusted domain passwords)' EQUALITY octetSt + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstCo + mponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation + X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DE + SC 'The nominal number of color pages per minute which may be output by thi + s printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.521 NAME 'ntUserHomeDir' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.15 NAME 'ipatokenRadiusConfigLi + nk' DESC 'Corresponding Radius Configuration link' SUP distinguishedName EQ + UALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V + ALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'RFC273 + 9: multi-value URI to other calendars' EQUALITY caseIgnoreIA5Match SUBSTR c + aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ' + rfc2739' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.13 NAME 'idnsAllowSyncPTR' DESC 'p + ermit synchronization of PTR records' EQUALITY booleanMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2130 NAME 'dnaRangeRequestTimeout' D + ESC 'DNA timeout for querying replica for next range of values' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.233 NAME 'nsSNMPOrganization' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchang + e Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation X-ORIGIN 'RFC 451 + 2' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' + DESC 'Primary Organizational Unit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-O + RIGIN 'http://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2329 NAME ( 'passwordSendExpiringTim + e' 'pwdSendExpiringTime' ) DESC 'Netscape defined password policy attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape + Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.17 NAME 'ipaNTTrustForestTrustInf + o' DESC 'Forest trust information for a trusted domain object' EQUALITY oct + etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( nsHardwarePlatform-oid NAME 'nsHardwarePlatform' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid' DESC 'System uid (ov + errides uidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.14 NAME 'ipk11Copyable' DESC 'C + an be copied by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2080 NAME ( 'passwordMin8bit' 'pwdMi + n8bit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.686 NAME 'nsds5replicaLastUpdateEnd' + DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2209 NAME 'nsslapd-rootpwstoragesche + me' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.49 NAME 'replicaUpdateFailedAt' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.3 NAME 'ipaSearchTimeLimit' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.31 NAME 'idnsServerId' DESC 'DNS s + erver identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.8 NAME 'changes' DESC 'Changelog att + ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Changelog Intern + et Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2146 NAME 'rootdn-days-allowed' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.35 NAME 'ipaBaseRID' DESC 'First + value of a RID range' EQUALITY integerMatch ORDERING integerOrderingMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user + defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2250 NAME 'nsslapd-ioblocktimeout' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneN + umber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'p + agerTelephoneNumber' ) +attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC 'Changel + og attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog + Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.228 NAME 'nsslapd-pluginVersion' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logo + n script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch ORDE + RING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2316 NAME 'nsslapd-auditfaillog-maxl + ogsize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.6 NAME 'idnsSOArefresh' DESC 'SOA + refresh value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.614 NAME 'copyingFrom' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQU + ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( nsSSLToken-oid NAME 'nsSSLToken' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.584 NAME 'nsDS5ReplicaRoot' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2164 NAME 'winSyncSubtreePair' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.53 NAME 'ipaPublicKey' DESC 'Publ + ic key as DER-encoded SubjectPublicKeyInfo (RFC 5280)' EQUALITY octetString + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.1' 'user defi + ned' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2276 NAME 'nsslapd-lockdir' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.6 NAME 'ipatokenModel' DESC 'Op + tional Model identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA O + TP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1001 NAME 'nsds7DirectoryReplicaSubt + ree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.534 NAME 'ntUserPrimaryGroupId' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SING + LE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.18 NAME 'ipatokenRadiusTimeout' + DESC 'Server Timeout' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelepho + neNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED + 'homeTelephoneNumber' ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.8 NAME 'ipaCaSubjectDN' DESC 'S + ubject DN' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user defi + ned' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME 'mgrpMsgMaxSize' DESC 'Netsc + ape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.206 NAME 'filterInfo' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported + by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2334 NAME 'ntUserNtPassword' DESC 'N + etscape defined attribute type, synced or generated NT Password hash' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchroni + zation' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Optio + n Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName EQUALITY di + stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 451 + 9' ) +attributeTypes: ( nsSSL3Ciphers-oid NAME 'nsSSL3Ciphers' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth' DESC 'Ba + ndwidth (in KB/s) to limit upload speeds to' EQUALITY integerMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2093 NAME 'nsslapd-changelogsuffix' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.26 NAME 'ipaSELinuxUserMapDefault' + DESC 'Default SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMa + tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( nsUniqueAttribute-oid NAME 'nsUniqueAttribute' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.71 NAME 'ipaPermTargetFrom' DESC + 'Source location from where moving an entry IPA permission ACI' EQUALITY di + stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-OR + IGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2214 NAME 'nsslapd-svrtab' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'X.509 delta revo + cation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN 'RFC 4523' ) +attributeTypes: ( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configure + d' DESC 'The configured natural language in which error and status messages + will be generated (by default) by this printer.' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQU + ALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2303 NAME 'nsslapd-ignore-time-skew' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.54 NAME 'replicaUseSSL' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N + etscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) EQUALIT + Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'userid' ) +attributeTypes: ( 2.16.840.1.113730.3.1.609 NAME 'nsds5BeginReplicaRefresh' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2284 NAME 'nsslapd-ssl-check-hostnam + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1097 NAME 'nsds5replicaBusyWaitTime' + DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name EQUA + LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'stateOrProvinceName' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.45 NAME 'IPSECKEYRecord' DESC 'IPSEC + KEY, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defi + ned' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2151 NAME 'nsslapd-plugin-depends-on + -type' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsViewConfiguration-oid NAME 'nsViewConfiguration' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Fo + rce Users to logon for password change (default: 0 => off, 2 => on)' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.46 NAME 'ipaPermLocation' DESC 'L + ocation of IPA permission ACI' EQUALITY distinguishedNameMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' + ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2263 NAME 'nsslapd-maxsasliosize' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.529 NAME 'ntUserMaxStorage' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( CACertExtractFile-oid NAME 'CACertExtractFile' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.104 NAME ( 'passwordWarning' 'pwdExp + ireWarning' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se + rver' ) +attributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' DESC 'Standard LDAP attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( nsAccessLog-oid NAME 'nsAccessLog' DESC 'Netscape defined + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2128 NAME 'dnaSecurePortNum' DESC 'D + NA secure port number of replica to get new range of values' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( ServerKeyExtractFile-oid NAME 'ServerKeyExtractFile' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT + rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( nsPidLog-oid NAME 'nsPidLog' DESC 'Netscape defined attrib + ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2198 NAME 'nsslapd-auditlog-logexpir + ationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.570 NAME 'nsLookThroughLimit' DESC ' + Binder-based search operation look through limit (candidate entries)' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNe + tIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X- + ORIGIN ( 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( nsCertfile-oid NAME 'nsCertfile' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2321 NAME 'nsslapd-auditfaillog-logm + axdiskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.76 NAME 'serverHostName' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.242 NAME 'nsSystemIndex' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.18.2.2 NAME 'ipaVaultSalt' DESC 'IPA + vault salt' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2177 NAME 'nsslapd-auditlog-logrotat + ionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.2 NAME 'ipaClientVersion' DESC 'Te + xt string describing client version of the IPA software installed' EQUALITY + caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The + flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch O + RDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.64 NAME 'ipaSecretKeyRef' DESC 'D + N of the ipa key object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.12 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2201 NAME 'nsslapd-auditlog-logexpir + ationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'De + fault base for searches' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( nsServerCreationClassname-oid NAME 'nsServerCreationClassn + ame' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.41 NAME 'ntUserDomainId' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.29 NAME 'idnsTemplateAttribute' DE + SC 'Template attribute for dynamic attribute generation' EQUALITY caseIgnor + eIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4' 'user + defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.67 NAME 'ipk11AlwaysSensitive' + DESC 'Key has always been sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.219 NAME 'vlvUses' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netsca + pe Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addr + ess, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.973 NAME 'nsds5ReplConflict' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE + directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION + USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.98 NAME 'passwordExp' DESC 'Netscape + defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 + X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2248 NAME 'nsslapd-reservedescriptor + s' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2115 NAME 'dnaType' DESC 'DNA attrib + ute type to maintain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Di + rectory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.5 NAME 'ipaSudoOpt' DESC 'Options( + s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 X-ORIGIN 'IPA v2' ) +attributeTypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2227 NAME 'nsslapd-snmp-index' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2185 NAME 'nsslapd-errorlog-logrotat + iontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' EQUALIT + Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.63 NAME 'ntUserUnitsPerWeek' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2297 NAME 'nsslapd-search-return-ori + ginal-type-switch' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2075 NAME ( 'passwordMinDigits' 'pwd + MinDigits' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC + 'Authentication information for the outgoing portion of a trust' EQUALITY + caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' + 'user defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The + number of impression sides (one or two) and the two-sided impression rotat + ions supported by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.5.21.4 NAME 'matchingRules' EQUALITY objectIdentifierFi + rstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpera + tion X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.10 NAME 'ipatokenOTPdigits' DES + C 'OTP Token Number of digits' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'Standard LDAP at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'R + FC 2307' ) +attributeTypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zo + ne refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service lo + cation, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'Organ + ization DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'htt + p://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.543 NAME 'nsState' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.85 NAME 'cirBindCredentials' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.10 NAME 'ipaNTDomainGUID' DESC 'N + T Domain GUID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v3' ' + user defined' ) ) +attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java d + ocumentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 X-ORIGIN 'RFC 2713' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2102 NAME 'autoMemberGroupingAttr' D + ESC 'Auto Membership grouping attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.13 NAME 'ipk11Label' DESC 'Desc + ription' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.808 NAME 'nsds5replicaLastInitEnd' D + ESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERIN + G generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE- + VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsUserIDFormat-oid NAME 'nsUserIDFormat' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe Administration Services' ) +attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' EQUALITY caseIgnore + Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'RFC 4524' ) +attributeTypes: ( nsAdminOneACLDir-oid NAME 'nsAdminOneACLDir' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape Administration Services' ) +attributeTypes: ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'RFC 4512' ) +attributeTypes: ( nsBuildNumber-oid NAME 'nsBuildNumber' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.5 NAME 'mozillaHomePostalCode' EQUALI + TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2149 NAME 'rootdn-allow-ip' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2312.4.3.3.2 NAME 'sabayonProfileName' DESC 'T + he Name of a sabayon profile' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Sa + bayon' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Min + imal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.12 NAME 'title' SUP name EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'RFC 4519' ) +attributeTypes: ( authoritySerial-oid NAME 'authoritySerial' DESC 'Authority + certificate serial number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL + UE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME 'mailForwardingAddress' DESC + 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2120 NAME 'dnaFilter' DESC 'DNA filt + er for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X + -ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.223 NAME ( 'passwordResetFailureCoun + t' 'pwdFailureCountInterval' ) DESC 'Netscape defined password policy attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Times + tamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY disti + nguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' + X-DEPRECATED 'dn' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2232 NAME 'nsslapd-ldapimaptoentries + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.578 NAME 'nsDS5ReplicaHost' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2190 NAME 'nsslapd-accesslog-logmaxd + iskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.1 NAME 'idnsAllowDynUpdate' DESC ' + permit dynamic updates on this zone' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2319 NAME 'nsslapd-auditfaillog-logr + otationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQ + UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VAL + UE ) +attributeTypes: ( 2.5.21.10 NAME 'governingStructureRule' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION + USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who + may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2279 NAME 'nsslapd-ldifdir' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI for + more information about this specific printer.' EQUALITY caseIgnoreMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribu + te mappings used, required, or supported by an agent or service' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC4876' + 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1004 NAME 'nsds7WindowsDomain' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) + DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR cas + eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN ( 'RFC 2247' 'user defined' ) ) +attributeTypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.3 NAME 'ipaMemberCertProfile' D + ESC 'Reference to a certificate profile member' SUP distinguishedName EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( + 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'pr + eferred written or spoken language for a person' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.3 NAME ( 'mozillaUseHtmlMail' 'xmozill + ausehtmlmail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN + 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.21 NAME 'idnsSecKeyActivate' DESC + 'DNSSEC key (planned) activation time' EQUALITY generalizedTimeMatch ORDERI + NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.201 NAME 'changeLogMaximumSize' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsSerialNumber-oid NAME 'nsSerialNumber' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.90 NAME 'cirBeginORC' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'U + ser Profile Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2240 NAME 'nsslapd-accesslog' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.13 NAME 'ipaDefaultEmailDomain' E + QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'SPFRecord' DESC 'Sender Pol + icy Framework (SPF) for Authorizing Use of Domains in Email, RFC 7208' EQUA + LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2096 NAME 'entryusn' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE N + O-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanMa + nager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.694 NAME 'inetSubscriberAccountId' D + ESC 'A unique attribute linking the subscriber to a billing system' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape subscriber interoperabilit + y' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'Th + e identity of the current human operator responsible for operating this pri + nter.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2306 NAME 'nsslapd-return-default-op + attr' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'RFC2739: URI + of entire default calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI + A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' ) +attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.604 NAME 'parentid' DESC 'internal s + erver defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.42 NAME 'APLRecord' DESC 'Lists of A + ddress Prefixes, RFC 3132' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2 + ' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2154 NAME 'nsds5ReplicaBackoffMin' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.43 NAME 'ipaPermIncludedAttr' DES + C 'IPA permission explicitly included attribute' EQUALITY caseIgnoreMatch O + RDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2266 NAME 'nsslapd-enquote-sup-oc' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.524 NAME 'ntUserScriptPath' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME 'mgrpAllowedBroadcaster' DES + C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2133 NAME 'pwdUpdateTime' DESC 'Last + password update time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE US + AGE directoryOperation X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.236 NAME 'nsSNMPDescription' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2324 NAME 'nsslapd-auditfaillog-loge + xpirationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsPreference-oid NAME 'nsPreference' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape A + dministration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.18 NAME 'ipaNTTrustPosixOffset' D + ESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.592 NAME 'nsDS5ReplicaAutoReferral' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS d + efined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defin + ed' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2083 NAME ( 'passwordMinTokenLength' + 'pwdMinTokenLength' ) DESC 'Netscape defined password policy attribute typ + e' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Dir + ectory Server' ) +attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS + defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user def + ined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.16 NAME 'ipaConfigString' DESC 'Ge + neric configuration stirng' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.689 NAME 'nsds5replicaUpdateInProgre + ss' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.7 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.61 NAME 'ipaWrappingKey' DESC 'PK + CS#11 URI of the wrapping key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2204 NAME 'nsslapd-auditlog-logging- + enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC ' + The configured charset in which error and status messages will be generated + (by default) by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.44 NAME 'ntGroupDomainId' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.8 NAME 'ipaReplTopoManagedSuffi + x' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.6 NAME 'ipaHomesRootDir' EQUALITY + caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.214 NAME 'passwordAllowChangeTime' D + ESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Di + rectory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.62 NAME 'ipk11Decrypt' DESC 'Ke + y supports decryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.55 NAME 'HIPRecord' DESC 'Host Ident + ity Protocol (HIP) Domain Name System (DNS) Extension, RFC 5205' EQUALITY c + aseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2141 NAME 'dsOnlyMemberUid' DESC 'El + ements from a memberuid attribute created to reflect dynamic group membersh + ip' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Red Hat Directory Server + ' ) +attributeTypes: ( nsDirectoryFailoverList-oid NAME 'nsDirectoryFailoverList' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6 X-ORIGIN 'Netscape' ) +attributeTypes: ( nsSSLSessionTimeout-oid NAME 'nsSSLSessionTimeout' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DES + C 'First value of a secondary RID range' EQUALITY integerMatch ORDERING int + egerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI + N ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2253 NAME 'nsslapd-nagle' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2118 NAME 'dnaInterval' DESC 'DNA in + terval between values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X- + ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Ti + mestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 45 + 19' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2188 NAME 'nsslapd-errorlog-logrotat + iontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'DNSSEC + Lookaside Validation, RFC 4431' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno + reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v + 4.4.2' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC + 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.11 NAME 'ipaSudoRunAsGroupCategory + ' DESC 'Additional classification for groups' SUP userCategory EQUALITY cas + eIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPa + use' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.66 NAME 'ntUserUniqueId' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALU + E X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.9 NAME 'idnsSOAminimum' DESC 'SOA + minimum value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2078 NAME ( 'passwordMinLowers' 'pwd + MinLowers' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( 2.16.840.1.113730.3.1.587 NAME 'nsds50ruv' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2167 NAME 'schemaUpdateAttributeAcce + pt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2271 NAME 'nsslapd-rewrite-rfc1274' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.54 NAME 'ipaPrivateKey' DESC 'Pri + vate key as DER-encoded EncryptedPrivateKeyInfo (RFC 5958)' EQUALITY octetS + tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IP + A v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.1 NAME 'ipatokenUniqueID' DESC + 'Token Unique Identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'Standard LDA + P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI + N 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.31 NAME 'mailEnhancedUniqueMember' D + ESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.12 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Bo + olean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.19 NAME 'idnsSecKeyCreated' DESC ' + DNSSEC key creation timestamp' EQUALITY generalizedTimeMatch ORDERING gener + alizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X + -ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.209 NAME 'vlvFilter' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( nsErrorLog-oid NAME 'nsErrorLog' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record T + ype, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.88 NAME 'cirUpdateFailedat' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base6 + 4 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.250 NAME 'nsValueDefault' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape servers - value item' ) +attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'X.509 CA certificate' + EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RF + C 4523' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes' DESC 'Quota + (in megabytes) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' D + ESC 'Specifies search descriptors required, used, or supported by a particu + lar service or agent' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'RFC4876' 'user defined' + ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2105 NAME 'autoMemberTargetGroup' DE + SC 'Auto Membership target group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING + LE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.803 NAME 'nsBackendSuffix' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE di + rectoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2217 NAME 'nsslapd-allow-anonymous-a + ccess' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.53 NAME 'replicaBindMethod' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnore + Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.71 NAME 'ipk11AlwaysAuthenticat + e' DESC 'User has to authenticate for each use with this key' EQUALITY bool + eanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v + 4.1' 'user defined' ) ) +attributeTypes: ( nsSSLSupportedCiphers-oid NAME 'nsSSLSupportedCiphers' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2287 NAME 'nsslapd-force-sasl-extern + al' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2065 NAME 'nsSaslMapBaseDNTemplate' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN + 'RFC 4519' ) +attributeTypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.197 NAME 'replicaHost' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC + 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'RFC 4519' ) +attributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' EQUALITY c + aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.107 NAME 'passwordResetDuration' DES + C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'Standard LD + AP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIG + IN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2235 NAME 'nsslapd-ldapientrysearchb + ase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsInstalledLocation-oid NAME 'nsInstalledLocation' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.573 NAME 'nsIdleTimeout' DESC 'Binde + r-based connection idle timeout (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( 2.16.840.1.113730.3.8.19.2.1 NAME 'ipaDomainLevel' DESC 'D + omain Level value' EQUALITY numericStringMatch ORDERING numericStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-ORIGIN ( 'IPA v4' 'user + defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.4 NAME 'UnknownRecord' DESC 'unknown D + NS record, RFC 3597' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'use + r defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.75 NAME 'adminUrl' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netsca + pe Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.245 NAME 'nsValueTel' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Net + scape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.42 NAME 'preferredLocale' DESC 'p + referred locale for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( nsNYR-oid NAME 'nsNYR' DESC 'Netscape defined attribute ty + pe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration + Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2172 NAME 'nsslapd-accesslog-maxlogs + ize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Referenc + e to a principal that performs an action (usually user).' SUP distinguished + Name EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X + -ORIGIN 'IPA v2' ) +attributeTypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'S + et of charsets supported for the attribute values of syntax DirectoryString + for this directory entry.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.22 NAME 'ipatokenTOTPwatermark' + DESC 'TOTP watermark' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximu + m time an agent or service allows for a bind operation to complete' EQUALIT + Y integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.6 NAME 'ipaCaId' DESC 'Dogtag A + uthority ID' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + ( 'IPA v4.4 Lightweight CAs' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.24 NAME 'idnsSecKeyZone' DESC 'DNS + KEY ZONE flag (equivalent to bit 7): RFC 4035' EQUALITY booleanMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defi + ned' ) ) +attributeTypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'numeri + cally identifies an employee within an organization' EQUALITY caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 2.16.840.1.113730.3.1.551 NAME 'cosspecifier' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU + E X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.97 NAME ( 'passwordMaxAge' 'pwdMaxAg + e' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQU + ALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC + 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.51 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.8 NAME 'ipaSudoRunAsUserCategory' + DESC 'Additional classification for users' SUP userCategory EQUALITY caseIg + noreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2099 NAME 'autoMemberExclusiveRegex' + DESC 'Auto Membership exclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text strin + g, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'Standard LDAP attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2307 + ' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next + NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2222 NAME 'nsslapd-localuser' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2180 NAME 'nsslapd-auditlog-logrotat + ionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2309 NAME 'nsds5ReplicaPreciseTombst + onePurging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2292 NAME 'nsslapd-disk-monitoring-l + ogging-critical' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2070 NAME 'pamIDMapMethod' DESC 'How + to map BIND DN to PAM identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.408 NAME 'replicaLastRelevantChange' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 7 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC + 'Authentication information for the incoming portion of a trust' EQUALITY + caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' + 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2269 NAME 'nsslapd-errorlog-list' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC + 'The possible numbers of print-stream pages to impose upon a single side of + an instance of a selected medium.' EQUALITY integerMatch ORDERING integerO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.9 NAME 'ipatokenOTPalgorithm' D + ESC 'OTP Token Algorithm' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.21.7 NAME 'nameForms' EQUALITY objectIdentifierFirstC + omponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation + X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.17 NAME 'ipatokenRadiusSecret' + DESC 'Server Secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' EQUALITY octetStr + ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 1274' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference + ' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( + 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME 'mgrpMsgRejectText' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2136 NAME 'nsds5ReplicaCleanRUVNotif + ied' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowQuery' DESC 'BIN + D9 allow-query ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.231 NAME 'nsslapd-pluginEnabled' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsWellKnownJarfiles-oid NAME 'nsWellKnownJarfiles' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Administration Services' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-exista + nt, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' EQUALITY + objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 US + AGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( nsAdminAccessHosts-oid NAME 'nsAdminAccessHosts' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.328 NAME 'nsMatchingRule' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DES + C 'Principal Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIG + IN 'http://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.80 NAME 'cirHost' DESC 'Netscape def + ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscap + e Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.15 NAME 'ipaNTTrustAuthOutgoing' + DESC 'Authentication information for the outgoing portion of a trust' EQUAL + ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DES + C 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.16 NAME 'ipk11Trusted' DESC 'Ca + n be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2086 NAME 'mepManagedBy' DESC 'Manag + ed Entries backpointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 + Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.19 NAME 'serviceCategory' DESC 'Ad + ditional classification for services' EQUALITY caseIgnoreMatch ORDERING cas + eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.684 NAME 'nsds5ReplicaChangeCount' D + ESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.1 NAME 'ipaUserSearchFields' EQUA + LITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.3 NAME 'ipaReplTopoSegmentLeftN + ode' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1101 NAME 'nsRoleScopeDN' DESC 'Scop + e of a role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '38 + 9 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.69 NAME 'ipk11WrapWithTrusted' + DESC 'Key can only be wrapped with a trusted wrapping key' EQUALITY boolean + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1 + ' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based + Authentication of Named Entities - Transport Layer Security Protocol, RFC + 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.1.1.4.1.453.16.2.103 NAME 'numSubordinates' DESC 'coun + t of immediate subordinates' EQUALITY integerMatch ORDERING integerOrdering + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATIO + N USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.6 NAME 'mozillaHomeCountryName' SUP n + ame EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2144 NAME 'rootdn-open-time' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.33 NAME 'ipaBaseID' DESC 'First v + alue of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2256 NAME 'passwordLegacyPolicy' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.9999999 NAME 'nsds5debugreplicatimeo + ut' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.12 NAME 'mailAccessDomain' DESC 'Net + scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2123 NAME 'dnaSharedCfgDN' DESC 'DNA + shared configuration entry DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE + -VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.226 NAME 'nsslapd-pluginType' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Time + stamp of when the user will be logged off automatically' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' SUP name EQUALITY cas + eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2193 NAME 'nsslapd-accesslog-logminf + reediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.14 NAME 'ipaSudoRunAsExtUserGroup' + DESC 'Multivalue string attribute that allows storing groups of users that + are not managed by IPA the command can be run as' EQUALITY caseIgnoreMatch + ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2314 NAME 'nsslapd-changelogcompactd + b-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.4 NAME 'idnsSOArName' DESC 'SOA ro + ot Name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.612 NAME 'generation' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Net + scape Directory Server' ) +cn: schema +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Numb + er' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'FAX' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identif + ier' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) +matchingRules: ( 2.5.13.17 NAME 'octetStringMatch' DESC 'The octetStringMatc + h rule compares an assertion value of the Octet String syntax to an attribu + te value of a syntax (e.g., the Octet String or JPEG syntax) whose correspo + nding ASN.1 type is the OCTET STRING ASN.1 type. The rule evaluates to TRU + E if and only if the attribute value and the assertion value are the same l + ength and corresponding octets (by position) are the same.' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.40 ) +matchingRules: ( 2.5.13.18 NAME 'octetStringOrderingMatch' DESC 'The octetSt + ringOrderingMatch rule compares an assertion value of the Octet String synt + ax to an attribute value of a syntax (e.g., the Octet String or JPEG syntax + ) whose corresponding ASN.1 type is the OCTET STRING ASN.1 type. The rule + evaluates to TRUE if and only if the attribute value appears earlier in the + collation order than the assertion value. The rule compares octet strings + from the first octet to the last octet, and from the most significant bit + to the least significant bit within the octet. The first occurrence of a d + ifferent bit determines the ordering of the strings. A zero bit precedes a + one bit. If the strings contain different numbers of octets but the longe + r string is identical to the shorter string up to the length of the shorter + string, then the shorter string precedes the longer string.' SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.40 ) +matchingRules: ( 2.5.13.16 NAME 'bitStringMatch' DESC 'The bitStringMatch ru + le compares an assertion value of the Bit String syntax to an attribute val + ue of a syntax (e.g., the Bit String syntax) whose corresponding ASN.1 type + is BIT STRING. If the corresponding ASN.1 type of the attribute syntax do + es not have a named bit list [ASN.1] (which is the case for the Bit String + syntax), then the rule evaluates to TRUE if and only if the attribute value + has the same number of bits as the assertion value and the bits match on a + bitwise basis. If the corresponding ASN.1 type does have a named bit list + , then bitStringMatch operates as above, except that trailing zero bits in + the attribute and assertion values are treated as absent.' SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.6 ) +matchingRules: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' DESC 'T + he caseExactIA5Match rule compares an assertion value of the IA5 String syn + tax to an attribute value of a syntax (e.g., the IA5 String syntax) whose c + orresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and onl + y if the prepared attribute value character string and the prepared asserti + on value character string have the same number of characters and correspond + ing characters have the same code point. In preparing the attribute value a + nd assertion value for comparison, characters are not case folded in the Ma + p preparation step, and only Insignificant Space Handling is applied in the + Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +matchingRules: ( 2.5.13.5 NAME 'caseExactMatch' DESC 'The caseExactMatch rul + e compares an assertion value of the Directory String syntax to an attribut + e value of a syntax (e.g., the Directory String, Printable String, Country + String, or Telephone Number syntax) whose corresponding ASN.1 type is Direc + toryString or one of the alternative string types of DirectoryString, such + as PrintableString (the other alternatives do not correspond to any syntax + defined in this document). The rule evaluates to TRUE if and only if the pr + epared attribute value character string and the prepared assertion value ch + aracter string have the same number of characters and corresponding charact + ers have the same code point. In preparing the attribute value and assertio + n value for comparison, characters are not case folded in the Map preparati + on step, and only Insignificant Space Handling is applied in the Insignific + ant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.6 NAME 'caseExactOrderingMatch' DESC 'The caseExactO + rderingMatch rule compares an assertion value of the Directory String synta + x to an attribute value of a syntax (e.g., the Directory String, Printable + String, Country String, or Telephone Number syntax) whose corresponding ASN + .1 type is DirectoryString or one of its alternative string types. The rule + evaluates to TRUE if and only if, in the code point collation order, the p + repared attribute value character string appears earlier than the prepared + assertion value character string; i.e., the attribute value is "less than" + the assertion value. In preparing the attribute value and assertion value f + or comparison, characters are not case folded in the Map preparation step, + and only Insignificant Space Handling is applied in the Insignificant Chara + cter Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' DESC 'The caseExac + tSubstringsMatch rule compares an assertion value of the Substring Assertio + n syntax to an attribute value of a syntax (e.g., the Directory String, Pri + ntable String, Country String, or Telephone Number syntax) whose correspond + ing ASN.1 type is DirectoryString or one of its alternative string types. T + he rule evaluates to TRUE if and only if (1) the prepared substrings of the + assertion value match disjoint portions of the prepared attribute value ch + aracter string in the order of the substrings in the assertion value, (2) a + n substring, if present, matches the beginning of the prepared at + tribute value character string, and (3) a substring, if present, ma + tches the end of the prepared attribute value character string. A prepared + substring matches a portion of the prepared attribute value character stri + ng if corresponding characters have the same code point. In preparing the a + ttribute value and assertion value substrings for comparison, characters ar + e not case folded in the Map preparation step, and only Insignificant Space + Handling is applied in the Insignificant Character Handling step.' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.58 ) +matchingRules: ( 2.16.840.1.113730.3.3.1 NAME 'caseExactIA5SubstringsMatch' + DESC 'The caseExactIA5SubstringsMatch rule compares an assertion value of t + he Substring Assertion syntax to an attribute value of a syntax (e.g., the + IA5 syntax) whose corresponding ASN.1 type is IA5 String or one of its alte + rnative string types. The rule evaluates to TRUE if and only if (1) the pre + pared substrings of the assertion value match disjoint portions of the prep + ared attribute value character string in the order of the substrings in the + assertion value, (2) an substring, if present, matches the begin + ning of the prepared attribute value character string, and (3) a su + bstring, if present, matches the end of the prepared attribute value charac + ter string. A prepared substring matches a portion of the prepared attribu + te value character string if corresponding characters have the same code po + int. In preparing the attribute value and assertion value substrings for co + mparison, characters are not case folded in the Map preparation step, and o + nly Insignificant Space Handling is applied in the Insignificant Character + Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.27 NAME 'generalizedTimeMatch' DESC 'The rule evalua + tes to TRUE if and only if the attribute value represents the same universa + l coordinated time as the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.24 ) +matchingRules: ( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' DESC 'The rul + e evaluates to TRUE if and only if the attribute value represents a univers + al coordinated time that is earlier than the universal coordinated time rep + resented by the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +matchingRules: ( 2.5.13.13 NAME 'booleanMatch' DESC 'The booleanMatch rule c + ompares an assertion value of the Boolean syntax to an attribute value of a + syntax (e.g., the Boolean syntax) whose corresponding ASN.1 type is BOOLEA + N. The rule evaluates to TRUE if and only if the attribute value and the a + ssertion value are both TRUE or both FALSE.' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.7 ) +matchingRules: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' DESC ' + The caseIgnoreIA5Match rule compares an assertion value of the IA5 String s + yntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose + corresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and + only if the prepared attribute value character string and the prepared asse + rtion value character string have the same number of characters and corresp + onding characters have the same code point. In preparing the attribute val + ue and assertion value for comparison, characters are case folded in the Ma + p preparation step, and only Insignificant Space Handling is applied in the + Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +matchingRules: ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMat + ch' DESC 'The caseIgnoreIA5SubstringsMatch rule compares an assertion value + of the Substring Assertion syntax to an attribute value of a syntax (e.g., + the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The r + ule evaluates to TRUE if and only if (1) the prepared substrings of the ass + ertion value match disjoint portions of the prepared attribute value charac + ter string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attrib + ute value character string, and (3) a substring, if present, matche + s the end of the prepared attribute value character string. A prepared sub + string matches a portion of the prepared attribute value character string i + f corresponding characters have the same code point. In preparing the attr + ibute value and assertion value substrings for comparison, characters are c + ase folded in the Map preparation step, and only Insignificant Space Handli + ng is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.2 NAME 'caseIgnoreMatch' DESC 'The caseIgnoreMatch r + ule compares an assertion value of the Directory String syntax to an attrib + ute value of a syntax (e.g., the Directory String, Printable String, Countr + y String, or Telephone Number syntax) whose corresponding ASN.1 type is Dir + ectoryString or one of its alternative string types. The rule evaluates to + TRUE if and only if the prepared attribute value character string and the + prepared assertion value character string have the same number of character + s and corresponding characters have the same code point. In preparing the a + ttribute value and assertion value for comparison, characters are case fold + ed in the Map preparation step, and only Insignificant Space Handling is ap + plied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 ) +matchingRules: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' DESC 'The caseIgnor + eOrderingMatch rule compares an assertion value of the Directory String syn + tax to an attribute value of a syntax (e.g., the Directory String, Printabl + e String, Country String, or Telephone Number syntax) whose corresponding A + SN.1 type is DirectoryString or one of its alternative string types. The ru + le evaluates to TRUE if and only if, in the code point collation order, the + prepared attribute value character string appears earlier than the prepare + d assertion value character string; i.e., the attribute value is "less than + " the assertion value. In preparing the attribute value and assertion value + for comparison, characters are case folded in the Map preparation step, an + d only Insignificant Space Handling is applied in the Insignificant Charact + er Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' DESC 'The caseIgn + oreSubstringsMatch rule compares an assertion value of the Substring Assert + ion syntax to an attribute value of a syntax (e.g., the Directory String, P + rintable String, Country String, or Telephone Number syntax) whose correspo + nding ASN.1 type is DirectoryString or one of its alternative string types. + The rule evaluates to TRUE if and only if (1) the prepared substrings of t + he assertion value match disjoint portions of the prepared attribute value + character string in the order of the substrings in the assertion value, (2) + an substring, if present, matches the beginning of the prepared + attribute value character string, and (3) a substring, if present, + matches the end of the prepared attribute value character string. A prepar + ed substring matches a portion of the prepared attribute value character st + ring if corresponding characters have the same code point. In preparing the + attribute value and assertion value substrings for comparison, characters + are case folded in the Map preparation step, and only Insignificant Space H + andling is applied in the Insignificant Character Handling step.' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.11 NAME 'caseIgnoreListMatch' DESC 'The caseIgnoreLi + stMatch rule compares an assertion value that is a sequence of strings to a + n attribute value of a syntax (e.g., the Postal Address syntax) whose corre + sponding ASN.1 type is a SEQUENCE OF the DirectoryString ASN.1 type. The ru + le evaluates to TRUE if and only if the attribute value and the assertion v + alue have the same number of strings and corresponding strings (by position + ) match according to the caseIgnoreMatch matching rule. In [X.520], the ass + ertion syntax for this matching rule is defined to be: SEQUENCE OF Di + rectoryString {ub-match} That is, it is different from the corresponding ty + pe for the Postal Address syntax. The choice of the Postal Address syntax + for the assertion syntax of the caseIgnoreListMatch in LDAP should not be s + een as limiting the matching rule to apply only to attributes with the Post + al Address syntax.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +matchingRules: ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' DESC 'The ca + seIgnoreListSubstringsMatch rule compares an assertion value of the Substri + ng Assertion syntax to an attribute value of a syntax (e.g., the Postal Add + ress syntax) whose corresponding ASN.1 type is a SEQUENCE OF the DirectoryS + tring ASN.1 type. The rule evaluates to TRUE if and only if the assertion v + alue matches, per the caseIgnoreSubstringsMatch rule, the character string + formed by concatenating the strings of the attribute value, except that non + e of the , , or substrings of the assertion value are + considered to match a substring of the concatenated string which spans mor + e than one of the original strings of the attribute value. Note that, in te + rms of the LDAP-specific encoding of the Postal Address syntax, the concate + nated string omits the line separator and the escaping of "\" and + "$" characters.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.0 NAME 'objectIdentifierMatch' DESC 'The objectIdent + ifierMatch rule compares an assertion value of the OID syntax to an attribu + te value of a syntax (e.g., the OID syntax) whose corresponding ASN.1 type + is OBJECT IDENTIFIER. The rule evaluates to TRUE if and only if the asserti + on value and the attribute value represent the same object identifier; that + is, the same sequence of integers, whether represented explicitly in the < + numericoid> form of or implicitly in the form (see [RFC4512]) + . If an LDAP client supplies an assertion value in the form and the + chosen descriptor is not recognized by the server, then the objectIdentifi + erMatch rule evaluates to Undefined.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 + ) +matchingRules: ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch' DESC 'T + he directoryStringFirstComponentMatch rule compares an assertion value of t + he Directory String syntax to an attribute value of a syntax whose correspo + nding ASN.1 type is a SEQUENCE with a mandatory first component of the Dire + ctoryString ASN.1 type. Note that the assertion syntax of this matching rul + e differs from the attribute syntax of attributes for which this is the equ + ality matching rule. The rule evaluates to TRUE if and only if the assertio + n value matches the first component of the attribute value using the rules + of caseIgnoreMatch.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' DESC ' + The objectIdentifierFirstComponentMatch rule compares an assertion value of + the OID syntax to an attribute value of a syntax (e.g., the Attribute Type + Description, DIT Content Rule Description, LDAP Syntax Description, Matchi + ng Rule Description, Matching Rule Use Description, Name Form Description, + or Object Class Description syntax) whose corresponding ASN.1 type is a SEQ + UENCE with a mandatory first component of the OBJECT IDENTIFIER ASN.1 type. + Note that the assertion syntax of this matching rule differs from the attr + ibute syntax of attributes for which this is the equality matching rule. Th + e rule evaluates to TRUE if and only if the assertion value matches the fir + st component of the attribute value using the rules of objectIdentifierMatc + h.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +matchingRules: ( 2.5.13.1 NAME 'distinguishedNameMatch' DESC 'The distinguis + hedNameMatch rule compares an assertion value of the DN syntax to an attrib + ute value of a syntax (e.g., the DN syntax) whose corresponding ASN.1 type + is DistinguishedName. The rule evaluates to TRUE if and only if the attribu + te value and the assertion value have the same number of relative distingui + shed names and corresponding relative distinguished names (by position) are + the same. A relative distinguished name (RDN) of the assertion value is t + he same as an RDN of the attribute value if and only if they have the same + number of attribute value assertions and each attribute value assertion (AV + A) of the first RDN is the same as the AVA of the second RDN with the same + attribute type. The order of the AVAs is not significant. Also note that + a particular attribute type may appear in at most one AVA in an RDN. Two A + VAs with the same attribute type are the same if their values are equal acc + ording to the equality matching rule of the attribute type. If one or more + of the AVA comparisons evaluate to Undefined and the remaining AVA compari + sons return TRUE then the distinguishedNameMatch rule evaluates to Undefine + d.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +matchingRules: ( 2.5.13.14 NAME 'integerMatch' DESC 'The rule evaluates to T + RUE if and only if the attribute value and the assertion value are the same + integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +matchingRules: ( 2.5.13.15 NAME 'integerOrderingMatch' DESC 'The rule evalua + tes to TRUE if and only if the integer value of the attribute value is less + than the integer value of the assertion value.' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 ) +matchingRules: ( 2.5.13.29 NAME 'integerFirstComponentMatch' DESC 'The integ + erFirstComponentMatch rule compares an assertion value of the Integer synta + x to an attribute value of a syntax (e.g., the DIT Structure Rule Descripti + on syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory fi + rst component of the INTEGER ASN.1 type. Note that the assertion syntax of + this matching rule differs from the attribute syntax of attributes for whi + ch this is the equality matching rule. The rule evaluates to TRUE if and o + nly if the assertion value and the first component of the attribute value a + re the same integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.0.1 NAME 'caseIgnoreOrderingMatch-d + efault' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.0.1.6 NAME 'caseIgnoreSubstringMatc + h-default' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.1.1 NAME 'caseIgnoreOrderingMatch-a + r' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.1.1.6 NAME 'caseIgnoreSubstringMatc + h-ar' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.2.1 NAME 'caseIgnoreOrderingMatch-b + e' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.2.1.6 NAME 'caseIgnoreSubstringMatc + h-be' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.3.1 NAME 'caseIgnoreOrderingMatch-b + g' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.3.1.6 NAME 'caseIgnoreSubstringMatc + h-bg' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.4.1 NAME 'caseIgnoreOrderingMatch-c + a' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.4.1.6 NAME 'caseIgnoreSubstringMatc + h-ca' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.5.1 NAME 'caseIgnoreOrderingMatch-c + s' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.5.1.6 NAME 'caseIgnoreSubstringMatc + h-cs' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.6.1 NAME 'caseIgnoreOrderingMatch-d + a' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.6.1.6 NAME 'caseIgnoreSubstringMatc + h-da' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.7.1 NAME 'caseIgnoreOrderingMatch-d + e' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.7.1.6 NAME 'caseIgnoreSubstringMatc + h-de' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.8.1 NAME 'caseIgnoreOrderingMatch-d + e-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.8.1.6 NAME 'caseIgnoreSubstringMatc + h-de-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.9.1 NAME 'caseIgnoreOrderingMatch-d + e-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.9.1.6 NAME 'caseIgnoreSubstringMatc + h-de-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.10.1 NAME 'caseIgnoreOrderingMatch- + el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.10.1.6 NAME 'caseIgnoreSubstringMat + ch-el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.11.1 NAME 'caseIgnoreOrderingMatch- + en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.11.1.6 NAME 'caseIgnoreSubstringMat + ch-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.12.1 NAME 'caseIgnoreOrderingMatch- + en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.12.1.6 NAME 'caseIgnoreSubstringMat + ch-en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.13.1 NAME 'caseIgnoreOrderingMatch- + en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.13.1.6 NAME 'caseIgnoreSubstringMat + ch-en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.14.1 NAME 'caseIgnoreOrderingMatch- + en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.14.1.6 NAME 'caseIgnoreSubstringMat + ch-en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.15.1 NAME 'caseIgnoreOrderingMatch- + es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.15.1.6 NAME 'caseIgnoreSubstringMat + ch-es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.16.1 NAME 'caseIgnoreOrderingMatch- + et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.16.1.6 NAME 'caseIgnoreSubstringMat + ch-et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.17.1 NAME 'caseIgnoreOrderingMatch- + fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.17.1.6 NAME 'caseIgnoreSubstringMat + ch-fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.18.1 NAME 'caseIgnoreOrderingMatch- + fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.18.1.6 NAME 'caseIgnoreSubstringMat + ch-fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.19.1 NAME 'caseIgnoreOrderingMatch- + fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.19.1.6 NAME 'caseIgnoreSubstringMat + ch-fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.20.1 NAME 'caseIgnoreOrderingMatch- + fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.20.1.6 NAME 'caseIgnoreSubstringMat + ch-fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.21.1 NAME 'caseIgnoreOrderingMatch- + fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.21.1.6 NAME 'caseIgnoreSubstringMat + ch-fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.22.1 NAME 'caseIgnoreOrderingMatch- + hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.22.1.6 NAME 'caseIgnoreSubstringMat + ch-hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.23.1 NAME 'caseIgnoreOrderingMatch- + hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.23.1.6 NAME 'caseIgnoreSubstringMat + ch-hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.24.1 NAME 'caseIgnoreOrderingMatch- + is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.24.1.6 NAME 'caseIgnoreSubstringMat + ch-is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.25.1 NAME 'caseIgnoreOrderingMatch- + it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.25.1.6 NAME 'caseIgnoreSubstringMat + ch-it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.26.1 NAME 'caseIgnoreOrderingMatch- + it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.26.1.6 NAME 'caseIgnoreSubstringMat + ch-it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.27.1 NAME 'caseIgnoreOrderingMatch- + iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.27.1.6 NAME 'caseIgnoreSubstringMat + ch-iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.28.1 NAME 'caseIgnoreOrderingMatch- + ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.28.1.6 NAME 'caseIgnoreSubstringMat + ch-ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.29.1 NAME 'caseIgnoreOrderingMatch- + ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.29.1.6 NAME 'caseIgnoreSubstringMat + ch-ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.30.1 NAME 'caseIgnoreOrderingMatch- + lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.30.1.6 NAME 'caseIgnoreSubstringMat + ch-lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.31.1 NAME 'caseIgnoreOrderingMatch- + lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.31.1.6 NAME 'caseIgnoreSubstringMat + ch-lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.32.1 NAME 'caseIgnoreOrderingMatch- + mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.32.1.6 NAME 'caseIgnoreSubstringMat + ch-mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.33.1 NAME 'caseIgnoreOrderingMatch- + nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.33.1.6 NAME 'caseIgnoreSubstringMat + ch-nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.34.1 NAME 'caseIgnoreOrderingMatch- + nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.34.1.6 NAME 'caseIgnoreSubstringMat + ch-nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.35.1 NAME 'caseIgnoreOrderingMatch- + no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.35.1.6 NAME 'caseIgnoreSubstringMat + ch-no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.36.1 NAME 'caseIgnoreOrderingMatch- + no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.36.1.6 NAME 'caseIgnoreSubstringMat + ch-no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.37.1 NAME 'caseIgnoreOrderingMatch- + no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.37.1.6 NAME 'caseIgnoreSubstringMat + ch-no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.38.1 NAME 'caseIgnoreOrderingMatch- + pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.38.1.6 NAME 'caseIgnoreSubstringMat + ch-pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.39.1 NAME 'caseIgnoreOrderingMatch- + ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.39.1.6 NAME 'caseIgnoreSubstringMat + ch-ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.40.1 NAME 'caseIgnoreOrderingMatch- + ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.40.1.6 NAME 'caseIgnoreSubstringMat + ch-ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.41.1 NAME 'caseIgnoreOrderingMatch- + sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.41.1.6 NAME 'caseIgnoreSubstringMat + ch-sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch- + sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.42.1.6 NAME 'caseIgnoreSubstringMat + ch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.43.1 NAME 'caseIgnoreOrderingMatch- + sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.43.1.6 NAME 'caseIgnoreSubstringMat + ch-sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.44.1 NAME 'caseIgnoreOrderingMatch- + sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.44.1.6 NAME 'caseIgnoreSubstringMat + ch-sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.45.1 NAME 'caseIgnoreOrderingMatch- + sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.45.1.6 NAME 'caseIgnoreSubstringMat + ch-sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.46.1 NAME 'caseIgnoreOrderingMatch- + sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.46.1.6 NAME 'caseIgnoreSubstringMat + ch-sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.47.1 NAME 'caseIgnoreOrderingMatch- + tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.47.1.6 NAME 'caseIgnoreSubstringMat + ch-tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.48.1 NAME 'caseIgnoreOrderingMatch- + uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.48.1.6 NAME 'caseIgnoreSubstringMat + ch-uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.49.1 NAME 'caseIgnoreOrderingMatch- + zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.49.1.6 NAME 'caseIgnoreSubstringMat + ch-zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.50.1 NAME 'caseIgnoreOrderingMatch- + zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.50.1.6 NAME 'caseIgnoreSubstringMat + ch-zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.51.1 NAME 'caseIgnoreOrderingMatch- + af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.51.1.6 NAME 'caseIgnoreSubstringMat + ch-af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.52.1 NAME 'caseIgnoreOrderingMatch- + af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.52.1.6 NAME 'caseIgnoreSubstringMat + ch-af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.53.1 NAME 'caseIgnoreOrderingMatch- + af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.53.1.6 NAME 'caseIgnoreSubstringMat + ch-af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.54.1 NAME 'caseIgnoreOrderingMatch- + ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.54.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.55.1 NAME 'caseIgnoreOrderingMatch- + ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.55.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.56.1 NAME 'caseIgnoreOrderingMatch- + ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.56.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.57.1 NAME 'caseIgnoreOrderingMatch- + ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.57.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.58.1 NAME 'caseIgnoreOrderingMatch- + ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.58.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.59.1 NAME 'caseIgnoreOrderingMatch- + ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.59.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.60.1 NAME 'caseIgnoreOrderingMatch- + ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.60.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.61.1 NAME 'caseIgnoreOrderingMatch- + ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.61.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.62.1 NAME 'caseIgnoreOrderingMatch- + ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.62.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.63.1 NAME 'caseIgnoreOrderingMatch- + ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.63.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.64.1 NAME 'caseIgnoreOrderingMatch- + ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.64.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.65.1 NAME 'caseIgnoreOrderingMatch- + ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.65.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.66.1 NAME 'caseIgnoreOrderingMatch- + ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.66.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.67.1 NAME 'caseIgnoreOrderingMatch- + ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.67.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.68.1 NAME 'caseIgnoreOrderingMatch- + ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.68.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.69.1 NAME 'caseIgnoreOrderingMatch- + ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.69.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.70.1 NAME 'caseIgnoreOrderingMatch- + ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.70.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.71.1 NAME 'caseIgnoreOrderingMatch- + as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.71.1.6 NAME 'caseIgnoreSubstringMat + ch-as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.72.1 NAME 'caseIgnoreOrderingMatch- + as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.72.1.6 NAME 'caseIgnoreSubstringMat + ch-as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.73.1 NAME 'caseIgnoreOrderingMatch- + az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.73.1.6 NAME 'caseIgnoreSubstringMat + ch-az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.74.1 NAME 'caseIgnoreOrderingMatch- + az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.74.1.6 NAME 'caseIgnoreSubstringMat + ch-az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.75.1 NAME 'caseIgnoreOrderingMatch- + az-Latn-AZ' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.75.1.6 NAME 'caseIgnoreSubstringMat + ch-az-Latn-AZ' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.76.1 NAME 'caseIgnoreOrderingMatch- + bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.76.1.6 NAME 'caseIgnoreSubstringMat + ch-bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.77.1 NAME 'caseIgnoreOrderingMatch- + bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.77.1.6 NAME 'caseIgnoreSubstringMat + ch-bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.78.1 NAME 'caseIgnoreOrderingMatch- + bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.78.1.6 NAME 'caseIgnoreSubstringMat + ch-bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.79.1 NAME 'caseIgnoreOrderingMatch- + bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.79.1.6 NAME 'caseIgnoreSubstringMat + ch-bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.80.1 NAME 'caseIgnoreOrderingMatch- + chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.80.1.6 NAME 'caseIgnoreSubstringMat + ch-chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.81.1 NAME 'caseIgnoreOrderingMatch- + chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.81.1.6 NAME 'caseIgnoreSubstringMat + ch-chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.82.1 NAME 'caseIgnoreOrderingMatch- + cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.82.1.6 NAME 'caseIgnoreSubstringMat + ch-cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.83.1 NAME 'caseIgnoreOrderingMatch- + de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.83.1.6 NAME 'caseIgnoreSubstringMat + ch-de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.84.1 NAME 'caseIgnoreOrderingMatch- + de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.84.1.6 NAME 'caseIgnoreSubstringMat + ch-de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.85.1 NAME 'caseIgnoreOrderingMatch- + de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.85.1.6 NAME 'caseIgnoreSubstringMat + ch-de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.86.1 NAME 'caseIgnoreOrderingMatch- + el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.86.1.6 NAME 'caseIgnoreSubstringMat + ch-el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.87.1 NAME 'caseIgnoreOrderingMatch- + el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.87.1.6 NAME 'caseIgnoreSubstringMat + ch-el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.88.1 NAME 'caseIgnoreOrderingMatch- + en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.88.1.6 NAME 'caseIgnoreSubstringMat + ch-en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.89.1 NAME 'caseIgnoreOrderingMatch- + en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.89.1.6 NAME 'caseIgnoreSubstringMat + ch-en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.90.1 NAME 'caseIgnoreOrderingMatch- + en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.90.1.6 NAME 'caseIgnoreSubstringMat + ch-en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.91.1 NAME 'caseIgnoreOrderingMatch- + en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.91.1.6 NAME 'caseIgnoreSubstringMat + ch-en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.92.1 NAME 'caseIgnoreOrderingMatch- + en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.92.1.6 NAME 'caseIgnoreSubstringMat + ch-en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.93.1 NAME 'caseIgnoreOrderingMatch- + en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.93.1.6 NAME 'caseIgnoreSubstringMat + ch-en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.94.1 NAME 'caseIgnoreOrderingMatch- + en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.94.1.6 NAME 'caseIgnoreSubstringMat + ch-en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.95.1 NAME 'caseIgnoreOrderingMatch- + en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.95.1.6 NAME 'caseIgnoreSubstringMat + ch-en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.96.1 NAME 'caseIgnoreOrderingMatch- + en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.96.1.6 NAME 'caseIgnoreSubstringMat + ch-en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.97.1 NAME 'caseIgnoreOrderingMatch- + en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.97.1.6 NAME 'caseIgnoreSubstringMat + ch-en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.98.1 NAME 'caseIgnoreOrderingMatch- + en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.98.1.6 NAME 'caseIgnoreSubstringMat + ch-en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.99.1 NAME 'caseIgnoreOrderingMatch- + en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.99.1.6 NAME 'caseIgnoreSubstringMat + ch-en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.100.1 NAME 'caseIgnoreOrderingMatch + -en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.100.1.6 NAME 'caseIgnoreSubstringMa + tch-en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.101.1 NAME 'caseIgnoreOrderingMatch + -en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.101.1.6 NAME 'caseIgnoreSubstringMa + tch-en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.102.1 NAME 'caseIgnoreOrderingMatch + -en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.102.1.6 NAME 'caseIgnoreSubstringMa + tch-en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.103.1 NAME 'caseIgnoreOrderingMatch + -en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.103.1.6 NAME 'caseIgnoreSubstringMa + tch-en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.104.1 NAME 'caseIgnoreOrderingMatch + -en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.104.1.6 NAME 'caseIgnoreSubstringMa + tch-en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.105.1 NAME 'caseIgnoreOrderingMatch + -en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.105.1.6 NAME 'caseIgnoreSubstringMa + tch-en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.106.1 NAME 'caseIgnoreOrderingMatch + -en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.106.1.6 NAME 'caseIgnoreSubstringMa + tch-en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.107.1 NAME 'caseIgnoreOrderingMatch + -en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.107.1.6 NAME 'caseIgnoreSubstringMa + tch-en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.108.1 NAME 'caseIgnoreOrderingMatch + -en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.108.1.6 NAME 'caseIgnoreSubstringMa + tch-en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.109.1 NAME 'caseIgnoreOrderingMatch + -en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.109.1.6 NAME 'caseIgnoreSubstringMa + tch-en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.110.1 NAME 'caseIgnoreOrderingMatch + -en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.110.1.6 NAME 'caseIgnoreSubstringMa + tch-en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.111.1 NAME 'caseIgnoreOrderingMatch + -en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.111.1.6 NAME 'caseIgnoreSubstringMa + tch-en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.112.1 NAME 'caseIgnoreOrderingMatch + -en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.112.1.6 NAME 'caseIgnoreSubstringMa + tch-en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.113.1 NAME 'caseIgnoreOrderingMatch + -en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.113.1.6 NAME 'caseIgnoreSubstringMa + tch-en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.114.1 NAME 'caseIgnoreOrderingMatch + -es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.114.1.6 NAME 'caseIgnoreSubstringMa + tch-es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.115.1 NAME 'caseIgnoreOrderingMatch + -es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.115.1.6 NAME 'caseIgnoreSubstringMa + tch-es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.116.1 NAME 'caseIgnoreOrderingMatch + -es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.116.1.6 NAME 'caseIgnoreSubstringMa + tch-es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.117.1 NAME 'caseIgnoreOrderingMatch + -es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.117.1.6 NAME 'caseIgnoreSubstringMa + tch-es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.118.1 NAME 'caseIgnoreOrderingMatch + -es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.118.1.6 NAME 'caseIgnoreSubstringMa + tch-es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.119.1 NAME 'caseIgnoreOrderingMatch + -es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.119.1.6 NAME 'caseIgnoreSubstringMa + tch-es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.120.1 NAME 'caseIgnoreOrderingMatch + -es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.120.1.6 NAME 'caseIgnoreSubstringMa + tch-es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.121.1 NAME 'caseIgnoreOrderingMatch + -es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.121.1.6 NAME 'caseIgnoreSubstringMa + tch-es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.122.1 NAME 'caseIgnoreOrderingMatch + -es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.122.1.6 NAME 'caseIgnoreSubstringMa + tch-es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.123.1 NAME 'caseIgnoreOrderingMatch + -es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.123.1.6 NAME 'caseIgnoreSubstringMa + tch-es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.124.1 NAME 'caseIgnoreOrderingMatch + -es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.124.1.6 NAME 'caseIgnoreSubstringMa + tch-es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.125.1 NAME 'caseIgnoreOrderingMatch + -es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.125.1.6 NAME 'caseIgnoreSubstringMa + tch-es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.126.1 NAME 'caseIgnoreOrderingMatch + -es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.126.1.6 NAME 'caseIgnoreSubstringMa + tch-es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.127.1 NAME 'caseIgnoreOrderingMatch + -es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.127.1.6 NAME 'caseIgnoreSubstringMa + tch-es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.128.1 NAME 'caseIgnoreOrderingMatch + -es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.128.1.6 NAME 'caseIgnoreSubstringMa + tch-es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.129.1 NAME 'caseIgnoreOrderingMatch + -es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.129.1.6 NAME 'caseIgnoreSubstringMa + tch-es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.130.1 NAME 'caseIgnoreOrderingMatch + -es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.130.1.6 NAME 'caseIgnoreSubstringMa + tch-es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.131.1 NAME 'caseIgnoreOrderingMatch + -es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.131.1.6 NAME 'caseIgnoreSubstringMa + tch-es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.132.1 NAME 'caseIgnoreOrderingMatch + -es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.132.1.6 NAME 'caseIgnoreSubstringMa + tch-es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.133.1 NAME 'caseIgnoreOrderingMatch + -es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.133.1.6 NAME 'caseIgnoreSubstringMa + tch-es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.134.1 NAME 'caseIgnoreOrderingMatch + -es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.134.1.6 NAME 'caseIgnoreSubstringMa + tch-es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.135.1 NAME 'caseIgnoreOrderingMatch + -fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.135.1.6 NAME 'caseIgnoreSubstringMa + tch-fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.136.1 NAME 'caseIgnoreOrderingMatch + -fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.136.1.6 NAME 'caseIgnoreSubstringMa + tch-fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.137.1 NAME 'caseIgnoreOrderingMatch + -fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.137.1.6 NAME 'caseIgnoreSubstringMa + tch-fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.138.1 NAME 'caseIgnoreOrderingMatch + -fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.138.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.139.1 NAME 'caseIgnoreOrderingMatch + -fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.139.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.140.1 NAME 'caseIgnoreOrderingMatch + -fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.140.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.141.1 NAME 'caseIgnoreOrderingMatch + -fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.141.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.142.1 NAME 'caseIgnoreOrderingMatch + -fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.142.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.143.1 NAME 'caseIgnoreOrderingMatch + -fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.143.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.144.1 NAME 'caseIgnoreOrderingMatch + -fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.144.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.145.1 NAME 'caseIgnoreOrderingMatch + -fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.145.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.146.1 NAME 'caseIgnoreOrderingMatch + -fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.146.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.147.1 NAME 'caseIgnoreOrderingMatch + -fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.147.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.148.1 NAME 'caseIgnoreOrderingMatch + -fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.148.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.149.1 NAME 'caseIgnoreOrderingMatch + -fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.149.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.150.1 NAME 'caseIgnoreOrderingMatch + -fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.150.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.151.1 NAME 'caseIgnoreOrderingMatch + -fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.151.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.152.1 NAME 'caseIgnoreOrderingMatch + -fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.152.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.153.1 NAME 'caseIgnoreOrderingMatch + -fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.153.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.154.1 NAME 'caseIgnoreOrderingMatch + -fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.154.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.155.1 NAME 'caseIgnoreOrderingMatch + -fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.155.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.156.1 NAME 'caseIgnoreOrderingMatch + -fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.156.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.157.1 NAME 'caseIgnoreOrderingMatch + -fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.157.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.158.1 NAME 'caseIgnoreOrderingMatch + -fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.158.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.159.1 NAME 'caseIgnoreOrderingMatch + -fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.159.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.160.1 NAME 'caseIgnoreOrderingMatch + -fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.160.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.161.1 NAME 'caseIgnoreOrderingMatch + -fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.161.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.162.1 NAME 'caseIgnoreOrderingMatch + -fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.162.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.163.1 NAME 'caseIgnoreOrderingMatch + -fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.163.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.164.1 NAME 'caseIgnoreOrderingMatch + -fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.164.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.165.1 NAME 'caseIgnoreOrderingMatch + -ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.165.1.6 NAME 'caseIgnoreSubstringMa + tch-ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.166.1 NAME 'caseIgnoreOrderingMatch + -ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.166.1.6 NAME 'caseIgnoreSubstringMa + tch-ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.167.1 NAME 'caseIgnoreOrderingMatch + -ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.167.1.6 NAME 'caseIgnoreSubstringMa + tch-ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.168.1 NAME 'caseIgnoreOrderingMatch + -ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.168.1.6 NAME 'caseIgnoreSubstringMa + tch-ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.169.1 NAME 'caseIgnoreOrderingMatch + -ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.169.1.6 NAME 'caseIgnoreSubstringMa + tch-ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.170.1 NAME 'caseIgnoreOrderingMatch + -ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.170.1.6 NAME 'caseIgnoreSubstringMa + tch-ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.171.1 NAME 'caseIgnoreOrderingMatch + -ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.171.1.6 NAME 'caseIgnoreSubstringMa + tch-ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.172.1 NAME 'caseIgnoreOrderingMatch + -ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.172.1.6 NAME 'caseIgnoreSubstringMa + tch-ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.173.1 NAME 'caseIgnoreOrderingMatch + -he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.173.1.6 NAME 'caseIgnoreSubstringMa + tch-he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.174.1 NAME 'caseIgnoreOrderingMatch + -hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.174.1.6 NAME 'caseIgnoreSubstringMa + tch-hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.175.1 NAME 'caseIgnoreOrderingMatch + -hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.175.1.6 NAME 'caseIgnoreSubstringMa + tch-hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.176.1 NAME 'caseIgnoreOrderingMatch + -id' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.176.1.6 NAME 'caseIgnoreSubstringMa + tch-id' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.177.1 NAME 'caseIgnoreOrderingMatch + -ig' DESC 'ig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.177.1.6 NAME 'caseIgnoreSubstringMa + tch-ig' DESC 'ig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.178.1 NAME 'caseIgnoreOrderingMatch + -it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.178.1.6 NAME 'caseIgnoreSubstringMa + tch-it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.179.1 NAME 'caseIgnoreOrderingMatch + -ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.179.1.6 NAME 'caseIgnoreSubstringMa + tch-ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.180.1 NAME 'caseIgnoreOrderingMatch + -ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.180.1.6 NAME 'caseIgnoreSubstringMa + tch-ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.181.1 NAME 'caseIgnoreOrderingMatch + -kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.181.1.6 NAME 'caseIgnoreSubstringMa + tch-kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.182.1 NAME 'caseIgnoreOrderingMatch + -kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.182.1.6 NAME 'caseIgnoreSubstringMa + tch-kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.183.1 NAME 'caseIgnoreOrderingMatch + -kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.183.1.6 NAME 'caseIgnoreSubstringMa + tch-kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.184.1 NAME 'caseIgnoreOrderingMatch + -kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.184.1.6 NAME 'caseIgnoreSubstringMa + tch-kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.185.1 NAME 'caseIgnoreOrderingMatch + -ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.185.1.6 NAME 'caseIgnoreSubstringMa + tch-ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.186.1 NAME 'caseIgnoreOrderingMatch + -ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.186.1.6 NAME 'caseIgnoreSubstringMa + tch-ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.187.1 NAME 'caseIgnoreOrderingMatch + -ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.187.1.6 NAME 'caseIgnoreSubstringMa + tch-ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.188.1 NAME 'caseIgnoreOrderingMatch + -ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.188.1.6 NAME 'caseIgnoreSubstringMa + tch-ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.189.1 NAME 'caseIgnoreOrderingMatch + -mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.189.1.6 NAME 'caseIgnoreSubstringMa + tch-mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.190.1 NAME 'caseIgnoreOrderingMatch + -nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.190.1.6 NAME 'caseIgnoreSubstringMa + tch-nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.191.1 NAME 'caseIgnoreOrderingMatch + -nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.191.1.6 NAME 'caseIgnoreSubstringMa + tch-nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.192.1 NAME 'caseIgnoreOrderingMatch + -om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.192.1.6 NAME 'caseIgnoreSubstringMa + tch-om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.193.1 NAME 'caseIgnoreOrderingMatch + -om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.193.1.6 NAME 'caseIgnoreSubstringMa + tch-om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.194.1 NAME 'caseIgnoreOrderingMatch + -om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.194.1.6 NAME 'caseIgnoreSubstringMa + tch-om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.195.1 NAME 'caseIgnoreOrderingMatch + -or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.195.1.6 NAME 'caseIgnoreSubstringMa + tch-or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.196.1 NAME 'caseIgnoreOrderingMatch + -pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.196.1.6 NAME 'caseIgnoreSubstringMa + tch-pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.197.1 NAME 'caseIgnoreOrderingMatch + -pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.197.1.6 NAME 'caseIgnoreSubstringMa + tch-pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.198.1 NAME 'caseIgnoreOrderingMatch + -pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.198.1.6 NAME 'caseIgnoreSubstringMa + tch-pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.199.1 NAME 'caseIgnoreOrderingMatch + -pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.199.1.6 NAME 'caseIgnoreSubstringMa + tch-pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.200.1 NAME 'caseIgnoreOrderingMatch + -pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.200.1.6 NAME 'caseIgnoreSubstringMa + tch-pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.201.1 NAME 'caseIgnoreOrderingMatch + -ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.201.1.6 NAME 'caseIgnoreSubstringMa + tch-ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.202.1 NAME 'caseIgnoreOrderingMatch + -pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.202.1.6 NAME 'caseIgnoreSubstringMa + tch-pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.203.1 NAME 'caseIgnoreOrderingMatch + -pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.203.1.6 NAME 'caseIgnoreSubstringMa + tch-pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.204.1 NAME 'caseIgnoreOrderingMatch + -pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.204.1.6 NAME 'caseIgnoreSubstringMa + tch-pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.205.1 NAME 'caseIgnoreOrderingMatch + -ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.205.1.6 NAME 'caseIgnoreSubstringMa + tch-ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.206.1 NAME 'caseIgnoreOrderingMatch + -ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.206.1.6 NAME 'caseIgnoreSubstringMa + tch-ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.207.1 NAME 'caseIgnoreOrderingMatch + -ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.207.1.6 NAME 'caseIgnoreSubstringMa + tch-ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.208.1 NAME 'caseIgnoreOrderingMatch + -ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.208.1.6 NAME 'caseIgnoreSubstringMa + tch-ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.209.1 NAME 'caseIgnoreOrderingMatch + -ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.209.1.6 NAME 'caseIgnoreSubstringMa + tch-ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.210.1 NAME 'caseIgnoreOrderingMatch + -si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.210.1.6 NAME 'caseIgnoreSubstringMa + tch-si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch + -sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.211.1.6 NAME 'caseIgnoreSubstringMa + tch-sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.212.1 NAME 'caseIgnoreOrderingMatch + -sl-SI' DESC 'sl-SI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.212.1.6 NAME 'caseIgnoreSubstringMa + tch-sl-SI' DESC 'sl-SI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.213.1 NAME 'caseIgnoreOrderingMatch + -sq-AL' DESC 'sq-AL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.213.1.6 NAME 'caseIgnoreSubstringMa + tch-sq-AL' DESC 'sq-AL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.214.1 NAME 'caseIgnoreOrderingMatch + -sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.214.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.215.1 NAME 'caseIgnoreOrderingMatch + -sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.215.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.216.1 NAME 'caseIgnoreOrderingMatch + -sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.216.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.217.1 NAME 'caseIgnoreOrderingMatch + -sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.217.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.218.1 NAME 'caseIgnoreOrderingMatch + -sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.218.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.219.1 NAME 'caseIgnoreOrderingMatch + -sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.219.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.220.1 NAME 'caseIgnoreOrderingMatch + -sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.220.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.221.1 NAME 'caseIgnoreOrderingMatch + -sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.221.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.222.1 NAME 'caseIgnoreOrderingMatch + -sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.222.1.6 NAME 'caseIgnoreSubstringMa + tch-sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.223.1 NAME 'caseIgnoreOrderingMatch + -sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.223.1.6 NAME 'caseIgnoreSubstringMa + tch-sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.224.1 NAME 'caseIgnoreOrderingMatch + -sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.224.1.6 NAME 'caseIgnoreSubstringMa + tch-sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.225.1 NAME 'caseIgnoreOrderingMatch + -sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.225.1.6 NAME 'caseIgnoreSubstringMa + tch-sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.226.1 NAME 'caseIgnoreOrderingMatch + -sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.226.1.6 NAME 'caseIgnoreSubstringMa + tch-sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.227.1 NAME 'caseIgnoreOrderingMatch + -ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.227.1.6 NAME 'caseIgnoreSubstringMa + tch-ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.228.1 NAME 'caseIgnoreOrderingMatch + -ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.228.1.6 NAME 'caseIgnoreSubstringMa + tch-ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.229.1 NAME 'caseIgnoreOrderingMatch + -ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.229.1.6 NAME 'caseIgnoreSubstringMa + tch-ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.230.1 NAME 'caseIgnoreOrderingMatch + -te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.230.1.6 NAME 'caseIgnoreSubstringMa + tch-te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.231.1 NAME 'caseIgnoreOrderingMatch + -th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.231.1.6 NAME 'caseIgnoreSubstringMa + tch-th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.232.1 NAME 'caseIgnoreOrderingMatch + -ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.232.1.6 NAME 'caseIgnoreSubstringMa + tch-ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.233.1 NAME 'caseIgnoreOrderingMatch + -ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.233.1.6 NAME 'caseIgnoreSubstringMa + tch-ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.234.1 NAME 'caseIgnoreOrderingMatch + -ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.234.1.6 NAME 'caseIgnoreSubstringMa + tch-ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.235.1 NAME 'caseIgnoreOrderingMatch + -vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.235.1.6 NAME 'caseIgnoreSubstringMa + tch-vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.236.1 NAME 'caseIgnoreOrderingMatch + -yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.236.1.6 NAME 'caseIgnoreSubstringMa + tch-yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.237.1 NAME 'caseIgnoreOrderingMatch + -zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.237.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.238.1 NAME 'caseIgnoreOrderingMatch + -zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.238.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.239.1 NAME 'caseIgnoreOrderingMatch + -zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.239.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.240.1 NAME 'caseIgnoreOrderingMatch + -zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.240.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.241.1 NAME 'caseIgnoreOrderingMatch + -zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.241.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.242.1 NAME 'caseIgnoreOrderingMatch + -zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.242.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.243.1 NAME 'caseIgnoreOrderingMatch + -zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.243.1.6 NAME 'caseIgnoreSubstringMa + tch-zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.244.1 NAME 'caseIgnoreOrderingMatch + -zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.244.1.6 NAME 'caseIgnoreSubstringMa + tch-zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.0.3 SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.0.3.6 SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.11.3 NAME 'caseExactOrderingMatch-e + n' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.11.3.6 NAME 'caseExactSubstringMatc + h-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.23 NAME 'uniqueMemberMatch' DESC 'The uniqueMemberMa + tch rule compares an assertion value of the Name And Optional UID syntax to + an attribute value of a syntax (e.g., the Name And Optional UID syntax) wh + ose corresponding ASN.1 type is NameAndOptionalUID. The rule evaluates to + TRUE if and only if the components of the assertion val + ue and attribute value match according to the distinguishedNameMatch rule a + nd either, (1) the component is absent from both the attribute + value and assertion value, or (2) the component is present in b + oth the attribute value and the assertion value and the compone + nt of the assertion value matches the component of the attribut + e value according to the bitStringMatch rule. Note that this matching rule + has been altered from its description in X.520 [X.520] in order to make th + e matching rule commutative. Server implementors should consider using the + original X.520 semantics (where the matching was less exact) for approxima + te matching of attributes with uniqueMemberMatch as the equality matching r + ule.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) +matchingRules: ( 2.5.13.8 NAME 'numericStringMatch' DESC 'The rule evaluates + to TRUE if and only if the prepared attribute value character string and t + he prepared assertion value character string have the same number of charac + ters and corresponding characters have the same code point.' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.36 ) +matchingRules: ( 2.5.13.9 NAME 'numericStringOrderingMatch' DESC 'The rule e + valuates to TRUE if and only if, in the code point collation order, the pre + pared attribute value character string appears earlier than the prepared as + sertion value character string; i.e., the attribute value is less than the + assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) +matchingRules: ( 2.5.13.10 NAME 'numericStringSubstringsMatch' DESC 'The rul + e evaluates to TRUE if and only if (1) the prepared substrings of the asser + tion value match disjoint portions of the prepared attribute value, (2) an + initial substring, if present, matches the beginning of the prepared attrib + ute value character string, and (3) a final substring, if present, matches + the end of the prepared attribute value character string.' SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.20 NAME 'telephoneNumberMatch' DESC 'The telephoneNu + mberMatch rule compares an assertion value of the Telephone Number syntax t + o an attribute value of a syntax (e.g., the Telephone Number syntax) whose + corresponding ASN.1 type is a PrintableString representing a telephone numb + er. The rule evaluates to TRUE if and only if the prepared attribute value + character string and the prepared assertion value character string have the + same number of characters and corresponding characters have the same code + point. In preparing the attribute value and assertion value for comparison, + characters are case folded in the Map preparation step, and only telephone + Number Insignificant Character Handling is applied in the Insignificant Cha + racter Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) +matchingRules: ( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' DESC 'The t + elephoneNumberSubstringsMatch rule compares an assertion value of the Subst + ring Assertion syntax to an attribute value of a syntax (e.g., the Telephon + e Number syntax) whose corresponding ASN.1 type is a PrintableString repres + enting a telephone number. The rule evaluates to TRUE if and only if (1) th + e prepared substrings of the assertion value match disjoint portions of the + prepared attribute value character string in the order of the substrings i + n the assertion value, (2) an substring, if present, matches the + beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value c + haracter string. A prepared substring matches a portion of the prepared at + tribute value character string if corresponding characters have the same co + de point. In preparing the attribute value and assertion value substrings f + or comparison, characters are case folded in the Map preparation step, and + only telephoneNumber Insignificant Character Handling is applied in the Ins + ignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) +objectClass: top +objectClass: ldapSubentry +objectClass: subschema +objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass X-ORIGIN 'RFC + 4512' ) +objectClasses: ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectN + ame X-ORIGIN 'RFC 4512' ) +objectClasses: ( 2.5.20.1 NAME 'subschema' AUXILIARY MAY ( dITStructureRules + $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingR + ules $ matchingRuleUse ) X-ORIGIN 'RFC 4512' ) +objectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' SUP to + p AUXILIARY X-ORIGIN 'RFC 4512' ) +objectClasses: ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST + cn MAY ( seeAlso $ ou $ l $ description ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY ( sear + chGuide $ description ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'Standard LDAP ob + jectclass' SUP top AUXILIARY MUST dc X-ORIGIN ( 'IPA v4.4.2' 'user defined' + ) ) +objectClasses: ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn MAY ( ser + ialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) X-ORIGIN 'RFC 4519 + ' ) +objectClasses: ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST cn MAY + ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description ) X-OR + IGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST + cn MAY ( uniqueMember $ businessCategory $ seeAlso $ owner $ ou $ o $ descr + iption ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MAY ( street $ s + eeAlso $ searchGuide $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o MAY ( + userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ re + gisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNum + ber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber + $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalA + ddress $ physicalDeliveryOfficeName $ st $ l $ description ) X-ORIGIN 'RFC + 4519' ) +objectClasses: ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) M + AY ( userPassword $ telephoneNumber $ seeAlso $ description ) X-ORIGIN 'RFC + 4519' ) +objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL M + AY ( title $ x121Address $ registeredAddress $ destinationIndicator $ prefe + rredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationa + lISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCod + e $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) X-ORIGIN 'RF + C 4519' ) +objectClasses: ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST c + n MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredD + eliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ + internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupan + t $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryO + fficeName $ ou $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST o + u MAY ( businessCategory $ description $ destinationIndicator $ facsimileTe + lephoneNumber $ internationalISDNNumber $ l $ physicalDeliveryOfficeName $ + postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ regi + steredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ tel + etexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGI + N 'RFC 4519' ) +objectClasses: ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUS + T l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationI + ndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifie + r $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOffic + eBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) X + -ORIGIN 'RFC 4519' ) +objectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid X + -ORIGIN 'RFC 4519' ) +objectClasses: ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDA + P Subentry class, version 1' SUP top STRUCTURAL MAY cn X-ORIGIN 'LDAP Suben + try Internet Draft' ) +objectClasses: ( 2.16.840.1.113730.3.2.40 NAME 'directoryServerFeature' DESC + 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( oid $ cn $ multiLi + neDescription ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscap + e defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsslapd-pluginPath $ + nsslapd-pluginInitfunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pl + uginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pl + uginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-ty + pe ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defi + ned objectclass' SUP top STRUCTURAL MUST ( cn $ nsSystemIndex ) MAY ( descr + iption $ nsIndexType $ nsMatchingRule $ nsIndexIDListScanLimit ) X-ORIGIN ' + Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Ne + tscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape D + irectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netsca + pe defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Direc + tory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Directo + ry Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscap + e defined objectclass' SUP top STRUCTURAL MUST ( nsDS5ReplicaRoot $ nsDS5Re + plicaId ) MAY ( cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaClea + nRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ + nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral + $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstone + PurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds + 5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ + nsds5ReplicaReleaseTimeout ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MAY ( nstombstonecsn $ nsParentUni + queId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' + DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsds5R + eplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5Replica + TransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5Replica + BindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5Replica + tedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefre + sh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5replicaTimeo + ut $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds + 5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdate + InProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLa + stInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5 + replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime + $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5Repli + caFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape D + irectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscap + e defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Directo + ry Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netsca + pe defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsSaslMapRegexString + $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY nsSaslMapPriorit + y X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMP + Organization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPN + ame $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Se + rver' ) +objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsK + eyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSe + ssionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsS + SL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ + allowWeakDHParam ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsSSLToken $ nsS + SLPersonalitySSL $ nsSSLActivation $ ServerKeyExtractFile $ ServerCertExtra + ctFile ) X-ORIGIN 'Netscape' ) +objectClasses: ( 2.16.840.1.113730.3.2.327 NAME 'rootDNPluginConfig' DESC 'N + etscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( rootdn-open-t + ime $ rootdn-close-time $ rootdn-days-allowed $ rootdn-allow-host $ rootdn- + deny-host $ rootdn-allow-ip $ rootdn-deny-ip ) X-ORIGIN 'Netscape' ) +objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC 'Netsc + ape defined objectclass' SUP top STRUCTURAL MAY ( cn $ schemaUpdateObjectcl + assAccept $ schemaUpdateObjectclassReject $ schemaUpdateAttributeAccept $ s + chemaUpdateAttributeReject ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.31 NAME 'groupOfCertificates' DESC 'N + etscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberCertifi + cateDescription $ businessCategory $ description $ o $ ou $ owner $ seeAlso + ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.33 NAME 'groupOfURLs' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberURL $ businessC + ategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Direc + tory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.35 NAME 'LDAPServer' DESC 'Netscape d + efined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou $ + seeAlso $ generation $ changeLogMaximumAge $ changeLogMaximumSize ) X-ORIG + IN 'Netscape Directory Server' ) +objectClasses: ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' DESC 'object that c + ontains the TTL (time to live) attribute type' SUP top STRUCTURAL MAY ttl X + -ORIGIN 'LDAP Caching Internet Draft' ) +objectClasses: ( 2.16.840.1.113730.3.2.10 NAME 'netscapeServer' DESC 'Netsca + pe defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ serv + erRoot $ serverProductName $ serverVersionNumber $ installationTimeStamp $ + administratorContactInfo $ userPassword $ adminUrl $ serverHostName ) X-ORI + GIN 'Netscape Administration Services' ) +objectClasses: ( 2.16.840.1.113730.3.2.7 NAME 'nsLicenseUser' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MAY ( nsLicensedFor $ nsLicenseSta + rtTime $ nsLicenseEndTime ) X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' DESC 'LDAP ch + angelog objectclass' SUP top STRUCTURAL MUST ( targetDn $ changeTime $ chan + geNumber $ changeType ) MAY ( changes $ newRdn $ deleteOldRdn $ newSuperior + ) X-ORIGIN 'Changelog Internet Draft' ) +objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'LDAP referral + s objectclass' SUP top STRUCTURAL MAY ref X-ORIGIN 'LDAPv3 referrals Intern + et Draft' ) +objectClasses: ( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' DESC 'Netsca + pe defined password policy objectclass' SUP top STRUCTURAL MAY ( pwdpolicys + ubentry $ passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ + retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowC + hangeTime $ passwordGraceUserTime ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netsca + pe defined password policy objectclass' SUP top STRUCTURAL MAY ( passwordMa + xAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHi + story $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFai + lure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ p + asswordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordM + inAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits + $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSp + ecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ pas + swordMinTokenLength $ passwordTrackUpdateTime $ passwordAdminDN ) X-ORIGIN + 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.30 NAME 'glue' DESC 'Netscape defined + objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'N + etscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Director + y Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape de + fined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvBase $ vlvScope $ vlvF + ilter ) MAY multiLineDescription X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.42 NAME 'vlvIndex' DESC 'Netscape def + ined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvSort ) MAY ( vlvEnabled + $ vlvUses ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.84 NAME 'cosDefinition' DESC 'Netscap + e defined objectclass' SUP top STRUCTURAL MAY ( costargettree $ costemplate + dn $ cosspecifier $ cosAttribute $ aci $ cn $ uid ) X-ORIGIN 'Netscape Dire + ctory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.93 NAME 'nsRoleDefinition' DESC 'Nets + cape defined objectclass' SUP ldapSubEntry STRUCTURAL MAY ( description $ n + sRoleScopeDN ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.94 NAME 'nsSimpleRoleDefinition' DESC + 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN 'N + etscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.95 NAME 'nsComplexRoleDefinition' DES + C 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN ' + Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.96 NAME 'nsManagedRoleDefinition' DES + C 'Netscape defined objectclass' SUP nsSimpleRoleDefinition STRUCTURAL X-OR + IGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.97 NAME 'nsFilteredRoleDefinition' DE + SC 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MU + ST nsRoleFilter X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.98 NAME 'nsNestedRoleDefinition' DESC + 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MUST + nsRoleDN X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.99 NAME 'cosSuperDefinition' DESC 'Ne + tscape defined objectclass' SUP ldapSubEntry STRUCTURAL MUST cosAttribute M + AY description X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC + 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY ( cost + emplatedn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC + 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY costem + platedn X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC + 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY cosIn + directSpecifier X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgree + ment' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( + nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5Repl + icaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5Replica + Root $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5Beg + inReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsd + s5replicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUp + dateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds + 5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitSt + art $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaB + usyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ n + sds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroup + SyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ o + neWaySync $ winSyncMoveAction $ nsds5ReplicaEnabled $ winSyncDirectoryFilte + r $ winSyncWindowsFilter $ winSyncSubtreePair ) X-ORIGIN 'Netscape Director + y Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MAY ( cn $ cosPriority ) X-ORIGIN + 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defi + ned objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORI + GIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC + 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsEncryption + Algorithm ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'X.509 PKI User' SUP top AUXIL + IARY MAY userCertificate X-ORIGIN 'RFC 4523' ) +objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'X.509 PKI Certificate Authority + ' SUP top AUXILIARY MAY ( cACertificate $ certificateRevocationList $ autho + rityRevocationList $ crossCertificatePair ) X-ORIGIN 'RFC 4523' ) +objectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' DESC 'X.509 CRL distri + bution point' SUP top STRUCTURAL MUST cn MAY ( certificateRevocationList $ + authorityRevocationList $ deltaRevocationList ) X-ORIGIN 'RFC 4523' ) +objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'X.509 delta CRL' SUP top AUX + ILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523' ) +objectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'X.521 strong + authentication user' SUP top AUXILIARY MUST userCertificate X-ORIGIN 'RFC + 4523' ) +objectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'X.521 user se + curity information' SUP top AUXILIARY MAY supportedAlgorithms X-ORIGIN 'RFC + 4523' ) +objectClasses: ( 2.5.6.16 NAME 'certificationAuthority' DESC 'X.509 certific + ate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certifica + teRevocationList $ cACertificate ) MAY crossCertificatePair X-ORIGIN 'RFC 4 + 523' ) +objectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' DESC 'X.509 cer + tificate authority, version 2' SUP certificationAuthority AUXILIARY MAY del + taRevocationList X-ORIGIN 'RFC 4523' ) +objectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL + MUST uid MAY ( description $ seeAlso $ l $ o $ ou $ host ) X-ORIGIN 'RFC 4 + 524' ) +objectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURA + L MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $ o $ ou $ d + ocumentTitle $ documentVersion $ documentAuthor $ documentLocation $ docume + ntPublisher ) X-ORIGIN 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STR + UCTURAL MUST cn MAY ( description $ l $ o $ ou $ seeAlso $ telephoneNumber + ) X-ORIGIN 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' DESC 'Standard LDA + P objectclass' SUP top STRUCTURAL MUST dc MAY ( associatedName $ businessCa + tegory $ description $ destinationIndicator $ facsimileTelephoneNumber $ in + ternationalISDNNumber $ l $ o $ physicalDeliveryOfficeName $ postOfficeBox + $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress + $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalId + entifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN ( 'IPA v4.4. + 2' 'user defined' ) ) +objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' SUP t + op AUXILIARY MUST associatedDomain X-ORIGIN 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP count + ry STRUCTURAL MUST co X-ORIGIN 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' DESC 'Pil + ot objectclass' SUP domain STRUCTURAL MAY ( cn $ sn ) X-ORIGIN ( 'IPA v4.4. + 2' 'user defined' ) ) +objectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MU + ST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) X-ORIGIN + 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' SUP + top AUXILIARY MUST userPassword X-ORIGIN 'RFC 4524' ) +objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP organizati + onalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departm + entNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homeP + hone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manag + er $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertif + icate $ x500UniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ u + serPKCS12 ) X-ORIGIN 'RFC 2798' ) +objectClasses: ( 2.16.840.1.113730.3.2.322 NAME 'autoMemberDefinition' DESC + 'Auto Membership Config Definition Entry' SUP top STRUCTURAL MUST ( cn $ au + toMemberScope $ autoMemberFilter $ autoMemberGroupingAttr ) MAY ( autoMembe + rDefaultGroup $ autoMemberDisabled ) X-ORIGIN '389 Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.323 NAME 'autoMemberRegexRule' DESC ' + Auto Membership Regex Rule Entry' SUP top STRUCTURAL MUST ( cn $ autoMember + TargetGroup ) MAY ( autoMemberExclusiveRegex $ autoMemberInclusiveRegex $ d + escription ) X-ORIGIN '389 Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig' DESC 'DNA + plugin configuration' SUP top AUXILIARY MAY ( dnaType $ dnaPrefix $ dnaNext + Value $ dnaMaxValue $ dnaInterval $ dnaMagicRegen $ dnaFilter $ dnaScope $ + dnaExcludeScope $ dnaSharedCfgDN $ dnaThreshold $ dnaNextRange $ dnaRangeRe + questTimeout $ dnaRemoteBindDN $ dnaRemoteBindCred $ cn ) X-ORIGIN '389 Dir + ectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.325 NAME 'dnaSharedConfig' DESC 'DNA + Shared Configuration' SUP top AUXILIARY MAY ( dnaHostname $ dnaPortNum $ dn + aSecurePortNum $ dnaRemoteBindMethod $ dnaRemoteConnProtocol $ dnaRemaining + Values ) X-ORIGIN '389 Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.319 NAME 'mepManagedEntry' DESC 'Mana + ged Entries Managed Entry' SUP top AUXILIARY MAY mepManagedBy X-ORIGIN '389 + Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.320 NAME 'mepOriginEntry' DESC 'Manag + ed Entries Origin Entry' SUP top AUXILIARY MAY mepManagedEntry X-ORIGIN '38 + 9 Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.321 NAME 'mepTemplateEntry' DESC 'Man + aged Entries Template Entry' SUP top AUXILIARY MAY ( cn $ mepStaticAttr $ m + epMappedAttr $ mepRDNAttr ) X-ORIGIN '389 Directory Server' ) +objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard LDAP obj + ectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeD + irectory ) MAY ( userPassword $ loginShell $ gecos $ description ) X-ORIGIN + 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Standard LDAP ob + jectclass' SUP top AUXILIARY MUST uid MAY ( userPassword $ shadowLastChange + $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ + shadowFlag $ description ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Standard LDAP objec + tclass' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ mem + berUid $ description ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Standard LDAP object + class' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipServiceProtocol ) M + AY description X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Standard LDAP objec + tclass' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber ) MAY description X + -ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Standard LDAP objectcla + ss' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber ) MAY description X-ORIGIN + 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Standard LDAP objectcla + ss' SUP top AUXILIARY MUST ( ipHostNumber $ cn ) MAY ( manager $ descriptio + n $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP object + class' SUP top STRUCTURAL MUST ( ipNetworkNumber $ cn ) MAY ( ipNetmaskNumb + er $ manager $ l $ description ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Standard LDAP obje + ctclass' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetg + roup $ description ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'Standard LDAP objec + tclass' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descr + iption X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'Standard LDAP o + bjectclass' SUP top AUXILIARY MUST cn MAY ( macAddress $ description $ l $ + o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'Standard LDAP + objectclass' SUP top AUXILIARY MUST cn MAY ( bootFile $ bootParameter $ des + cription $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307 + ' ) +objectClasses: ( 1.3.6.1.1.1.2.13 NAME 'nisMap' DESC 'Standard LDAP objectcl + ass' SUP top STRUCTURAL MUST nisMapName MAY description X-ORIGIN 'RFC 2307' + ) +objectClasses: ( 2.16.840.1.113730.3.2.129 NAME 'inetDomain' DESC 'Auxiliary + class for virtual domain nodes' SUP top AUXILIARY MAY ( inetDomainBaseDN $ + inetDomainStatus ) X-ORIGIN 'Netscape subscriber interoperability' ) +objectClasses: ( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary c + lass which must be present in an entry for delivery of subscriber services' + SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHttpURL $ userPassw + ord $ memberOf ) X-ORIGIN 'Netscape subscriber interoperability' ) +objectClasses: ( 1.3.6.1.4.1.1466.101.120.141 NAME 'NetscapeLinkedOrganizati + on' AUXILIARY MAY parentOrganization X-ORIGIN 'Netscape' ) +objectClasses: ( 1.3.6.1.4.1.1466.101.120.142 NAME 'NetscapePreferences' AUX + ILIARY MAY ( preferredLanguage $ preferredLocale $ preferredTimeZone ) X-OR + IGIN 'Netscape' ) +objectClasses: ( 2.16.840.1.113730.3.2.134 NAME 'inetSubscriber' SUP top AUX + ILIARY MAY ( inetSubscriberAccountId $ inetSubscriberChallenge $ inetSubscr + iberResponse ) X-ORIGIN 'Netscape subscriber interoperability' ) +objectClasses: ( 2.16.840.1.113730.3.2.112 NAME 'inetAdmin' DESC 'Marker for + an administrative group or user' SUP top AUXILIARY MAY ( aci $ memberOf $ + adminRole ) X-ORIGIN 'Netscape Delegated Administrator' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Contai + ner for a Java object' SUP top STRUCTURAL MUST cn X-ORIGIN 'RFC 2713' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java obje + ct representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNames + $ javaCodebase $ javaDoc $ description ) X-ORIGIN 'RFC 2713' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' DESC + 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData X + -ORIGIN 'RFC 2713' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DESC ' + JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ javaF + actory ) X-ORIGIN 'RFC 2713' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' DESC + 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData X + -ORIGIN 'RFC 2713' ) +objectClasses: ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' DESC 'Standard + LDAP objectclass' SUP top STRUCTURAL MAY ( audio $ ditRedirect $ info $ jp + egPhoto $ lastModifiedBy $ lastModifiedTime $ manager $ photo $ uniqueIdent + ifier ) X-ORIGIN 'RFC 1274' ) +objectClasses: ( nsAdminDomain-oid NAME 'nsAdminDomain' DESC 'Netscape defin + ed objectclass' SUP organizationalUnit STRUCTURAL MAY nsAdminDomainName X-O + RIGIN 'Netscape' ) +objectClasses: ( nsHost-oid NAME 'nsHost' DESC 'Netscape defined objectclass + ' SUP top STRUCTURAL MUST cn MAY ( serverHostName $ description $ l $ nsHos + tLocation $ nsHardwarePlatform $ nsOsVersion ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsAdminGroup-oid NAME 'nsAdminGroup' DESC 'Netscape defined + objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdminGroupName $ descripti + on $ nsConfigRoot $ nsAdminSIEDN ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsApplication-oid NAME 'nsApplication' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST cn MAY ( nsVendor $ description $ n + sProductName $ nsNickName $ nsProductVersion $ nsBuildNumber $ nsRevisionNu + mber $ nsSerialNumber $ nsInstalledLocation $ installationTimeStamp $ nsExp + irationDate $ nsBuildSecurity $ nsLdapSchemaVersion $ nsServerMigrationClas + sname $ nsServerCreationClassname ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsResourceRef-oid NAME 'nsResourceRef' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST cn MAY seeAlso X-ORIGIN 'Netscape' + ) +objectClasses: ( nsTask-oid NAME 'nsTask' DESC 'Netscape defined objectclass + ' SUP top STRUCTURAL MUST cn MAY ( nsTaskLabel $ nsHelpRef $ nsExecRef $ ns + LogSuppress ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsTaskGroup-oid NAME 'nsTaskGroup' DESC 'Netscape defined o + bjectclass' SUP top STRUCTURAL MUST cn MAY nsTaskLabel X-ORIGIN 'Netscape' + ) +objectClasses: ( nsAdminObject-oid NAME 'nsAdminObject' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST cn MAY ( nsJarfilename $ nsClassnam + e ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsConfig-oid NAME 'nsConfig' DESC 'Netscape defined objectc + lass' SUP top STRUCTURAL MUST cn MAY ( description $ nsServerPort $ nsServe + rAddress $ nsSuiteSpotUser $ nsErrorLog $ nsPidLog $ nsAccessLog $ nsDefaul + tAcceptLanguage $ nsServerSecurity ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsDirectoryInfo-oid NAME 'nsDirectoryInfo' DESC 'Netscape d + efined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsBindDN $ nsBindPassw + ord $ nsDirectoryURL $ nsDirectoryFailoverList $ nsDirectoryInfoRef ) X-ORI + GIN 'Netscape' ) +objectClasses: ( nsAdminServer-oid NAME 'nsAdminServer' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY description + X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( nsAdminConfig-oid NAME 'nsAdminConfig' DESC 'Netscape defin + ed objectclass' SUP nsConfig STRUCTURAL MAY ( nsAdminCgiWaitPid $ nsAdminUs + ers $ nsAdminAccessHosts $ nsAdminAccessAddresses $ nsAdminOneACLDir $ nsAd + minEnableDSGW $ nsAdminEnableEnduser $ nsAdminCacheLifetime ) X-ORIGIN 'Net + scape Administration Services' ) +objectClasses: ( nsAdminResourceEditorExtension-oid NAME 'nsAdminResourceEdi + torExtension' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTU + RAL MAY ( nsAdminAccountInfo $ nsDeleteclassname ) X-ORIGIN 'Netscape Admin + istration Services' ) +objectClasses: ( nsAdminGlobalParameters-oid NAME 'nsAdminGlobalParameters' + DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdmi + nEndUserHTMLIndex $ nsNickName ) X-ORIGIN 'Netscape Administration Services + ' ) +objectClasses: ( nsGlobalParameters-oid NAME 'nsGlobalParameters' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsUniqueAttribut + e $ nsUserIDFormat $ nsUserRDNComponent $ nsGroupRDNComponent $ nsWellKnown + Jarfiles $ nsNYR ) X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( nsDefaultObjectClasses-oid NAME 'nsDefaultObjectClasses' DE + SC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsDefaultO + bjectClass X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( nsAdminConsoleUser-oid NAME 'nsAdminConsoleUser' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsPreference X-ORI + GIN 'Netscape Administration Services' ) +objectClasses: ( nsCustomView-oid NAME 'nsCustomView' DESC 'Netscape defined + objectclass' SUP nsAdminObject STRUCTURAL MAY nsDisplayName X-ORIGIN 'Nets + cape Administration Services' ) +objectClasses: ( nsTopologyCustomView-oid NAME 'nsTopologyCustomView' DESC ' + Netscape defined objectclass' SUP nsCustomView STRUCTURAL MAY nsViewConfigu + ration X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( nsTopologyPlugin-oid NAME 'nsTopologyPlugin' DESC 'Netscape + defined objectclass' SUP nsAdminObject STRUCTURAL X-ORIGIN 'Netscape Admin + istration Services' ) +objectClasses: ( 2.16.840.1.113730.3.2.18 NAME 'netscapeCertificateServer' D + ESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Ce + rtificate Management System' ) +objectClasses: ( nsCertificateServer-oid NAME 'nsCertificateServer' DESC 'Ne + tscape defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( server + HostName $ nsServerPort $ nsCertConfig ) X-ORIGIN 'Netscape Certificate Man + agement System' ) +objectClasses: ( 2.16.840.1.113730.3.2.23 NAME 'netscapeDirectoryServer' DES + C 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Dire + ctory Server' ) +objectClasses: ( nsDirectoryServer-oid NAME 'nsDirectoryServer' DESC 'Netsca + pe defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( serverHost + Name $ nsServerPort $ nsSecureServerPort $ nsBindPassword $ nsBindDN $ nsBa + seDN ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.8 NAME 'ntUser' DESC 'Netscape define + d objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ l + $ ou $ seeAlso $ ntUserPriv $ ntUserHomeDir $ ntUserComment $ ntUserFlags + $ ntUserScriptPath $ ntUserAuthFlags $ ntUserUsrComment $ ntUserParms $ ntU + serWorkstations $ ntUserLastLogon $ ntUserLastLogoff $ ntUserAcctExpires $ + ntUserMaxStorage $ ntUserUnitsPerWeek $ ntUserLogonHours $ ntUserBadPwCount + $ ntUserNumLogons $ ntUserLogonServer $ ntUserCountryCode $ ntUserCodePage + $ ntUserUniqueId $ ntUserPrimaryGroupId $ ntUserProfile $ ntUserHomeDirDri + ve $ ntUserPasswordExpired $ ntUserCreateNewAccount $ ntUserDeleteAccount $ + ntUniqueId $ ntUserNtPassword ) X-ORIGIN 'Netscape NT Synchronization' ) +objectClasses: ( 2.16.840.1.113730.3.2.9 NAME 'ntGroup' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ + l $ ou $ seeAlso $ ntGroupId $ ntGroupAttributes $ ntGroupCreateNewGroup $ + ntGroupDeleteGroup $ ntGroupType $ ntUniqueId $ mail ) X-ORIGIN 'Netscape N + T Synchronization' ) +objectClasses: ( 2.16.840.1.113730.3.2.82 NAME 'nsChangelog4Config' DESC 'Ne + tscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Di + rectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.114 NAME 'nsConsumer4Config' DESC 'Ne + tscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Di + rectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.36 NAME 'LDAPReplica' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou + $ seeAlso $ replicaRoot $ replicaHost $ replicaPort $ replicaBindDn $ repli + caCredentials $ replicaBindMethod $ replicaUseSSL $ replicaUpdateSchedule $ + replicaUpdateReplayed $ replicaUpdateFailedAt $ replicaBeginOrc $ replicaN + ickName $ replicaEntryFilter $ replicatedattributelist $ replicaCFUpdated $ + replicaAbandonedChanges $ replicaLastRelevantChange ) X-ORIGIN 'Netscape D + irectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.11 NAME 'cirReplicaSource' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( cirReplicaRoot $ + cirHost $ cirPort $ cirBindDn $ cirUsePersistentSearch $ cirUseSsl $ cirBi + ndCredentials $ cirLastUpdateApplied $ cirUpdateSchedule $ cirSyncInterval + $ cirUpdateFailedat $ cirBeginORC $ replicaNickName $ replicaEntryFilter $ + replicatedattributelist ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape + Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( cn $ mai + l $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain + $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForward + ingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multi + LineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server + 4.x' ) +objectClasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'N + etscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( c + n $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDelivery + Option $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo + $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPre + fs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Ser + ver 4.x' ) +objectClasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'mailGroup' S + UP top STRUCTURAL MUST mail MAY ( cn $ mgrpRFC822MailMember ) X-ORIGIN ( 'I + PA v4.4.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueName + s' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIA + RY MUST cn MAY ( businessCategory $ description $ mailEnhancedUniqueMember + $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' ) +objectClasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Ne + tscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY X-ORIGIN + 'Netscape Messaging Server 4.x' ) +objectClasses: ( 2.16.840.1.113730.3.2.45 NAME 'nsValueItem' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsValueCIS $ nsValueC + ES $ nsValueTel $ nsValueInt $ nsValueBin $ nsValueDN $ nsValueType $ nsVal + ueSyntax $ nsValueDescription $ nsValueHelpURL $ nsValueFlags $ nsValueDefa + ult ) X-ORIGIN 'Netscape servers - value item' ) +objectClasses: ( 2.16.840.1.113730.3.2.29 NAME 'netscapeWebServer' DESC 'Net + scape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY + ( description $ nsServerPort ) X-ORIGIN 'Netscape Web Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.154 NAME 'netscapeReversiblePasswordO + bject' DESC 'object that contains an netscapeReversiblePassword' AUXILIARY + MAY netscapeReversiblePassword X-ORIGIN 'Netscape Web Server' ) +objectClasses: ( 1.3.6.1.4.1.11.1.3.2.2.1 NAME 'accountPolicy' DESC 'Account + policy entry' SUP top AUXILIARY MAY accountInactivityLimit X-ORIGIN 'Accou + nt Policy Plugin' ) +objectClasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount informati + on' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY des + cription X-ORIGIN ( 'RFC 2307bis' 'user defined' ) ) +objectClasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' DESC 'Automount Map in + formation' SUP top STRUCTURAL MUST automountMapName MAY description X-ORIGI + N ( 'RFC 2307bis' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST fqd + n MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf $ userClass + $ ipaAssignedIDView ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objec + tclass' AUXILIARY MUST ipaUniqueID X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.14 NAME 'ipaEntitlement' DESC 'IPA + Entitlement object' AUXILIARY MUST ipaEntitlementId MAY ( userPKCS12 $ user + Certificate ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.15 NAME 'ipaPermission' DESC 'IPA P + ermission objectclass' AUXILIARY MAY ipaPermissionType X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA servi + ce objectclass' AUXILIARY MAY ( memberOf $ managedBy $ ipaKrbAuthzData ) X- + ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group th + at supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA + v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA use + r group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.5 NAME 'ipaHostGroup' DESC 'IPA hos + t group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation' ABSTRACT MU + ST ( ipaUniqueID $ cn ) MAY ( memberUser $ userCategory $ memberHost $ host + Category $ ipaEnabledFlag $ description ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssocia + tion STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ + serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IP + A v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA v + ersion of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ + nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY + ( member $ hostCApolicy ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' STRUCTURAL + MUST cn MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC + 'IPA HBAC service group object class' SUP groupOfNames STRUCTURAL X-ORIGIN + 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top + STRUCTURAL MUST cn MAY ( ipaExternalMember $ memberOf $ description $ owner + ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AU + XILIARY MUST ipaNTSecurityIdentifier MAY ( ipaNTHash $ ipaNTLogonScript $ i + paNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN ( + 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top A + UXILIARY MUST ipaNTSecurityIdentifier X-ORIGIN ( 'IPA v3' 'user defined' ) + ) +objectClasses: ( 2.16.840.1.113730.3.8.12.4 NAME 'ipaNTDomainAttrs' SUP top + AUXILIARY MUST ( ipaNTSecurityIdentifier $ ipaNTFlatName $ ipaNTDomainGUID + ) MAY ipaNTFallbackPrimaryGroup X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' DESC ' + Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( ipaNTTrustType $ ip + aNTTrustAttributes $ ipaNTTrustDirection $ ipaNTTrustPartner $ ipaNTFlatNam + e $ ipaNTTrustAuthOutgoing $ ipaNTTrustAuthIncoming $ ipaNTTrustedDomainSID + $ ipaNTTrustForestTrustInfo $ ipaNTTrustPosixOffset $ ipaNTSupportedEncryp + tionTypes $ ipaNTSIDBlacklistIncoming $ ipaNTSIDBlacklistOutgoing $ ipaNTAd + ditionalSuffixes ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.6 NAME 'groupOfPrincipals' SUP top + AUXILIARY MUST cn MAY memberPrincipal X-ORIGIN ( 'IPA v3' 'user defined' ) + ) +objectClasses: ( 2.16.840.1.113730.3.8.12.7 NAME 'ipaKrb5DelegationACL' SUP + groupOfPrincipals STRUCTURAL MAY ( ipaAllowToImpersonate $ ipaAllowedTarget + ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.10 NAME 'ipaSELinuxUserMap' SUP ip + aAssociation STRUCTURAL MUST ipaSELinuxUser MAY ( accessTime $ seeAlso ) X- + ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' ABS + TRACT MAY ipaSshPubKey X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' SUP ipaSshGro + upOfPubKeys AUXILIARY X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' SUP ipaSshGro + upOfPubKeys AUXILIARY X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXI + LIARY MAY ( uidNumber $ gidNumber $ ipaNTSecurityIdentifier ) X-ORIGIN ( 'I + PA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST + ( cn $ ipaBaseID $ ipaIDRangeSize $ ipaRangeType ) X-ORIGIN ( 'IPA v3' 'us + er defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.16 NAME 'ipaDomainIDRange' SUP ipa + IDrange STRUCTURAL MAY ( ipaBaseRID $ ipaSecondaryBaseRID ) X-ORIGIN ( 'IPA + v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.17 NAME 'ipaTrustedADDomainRange' + SUP ipaIDrange STRUCTURAL MUST ( ipaBaseRID $ ipaNTTrustedDomainSID ) X-ORI + GIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.19 NAME 'ipaUserAuthTypeClass' DES + C 'Class for authentication methods definition' SUP top AUXILIARY MAY ipaUs + erAuthType X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 1.3.6.1.4.1.5923.1.1.2 NAME 'eduPerson' AUXILIARY MAY ( edu + PersonAffiliation $ eduPersonNickName $ eduPersonOrgDN $ eduPersonOrgUnitDN + $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlem + ent $ eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation ) X-ORIGIN 'ht + tp://middleware.internet2.edu/eduperson/' ) +objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY + ( ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ ipaSea + rchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ ipaDefaultLoginShell + $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ ipaPwdExpAdvNotify $ ipaU + serObjectClasses $ ipaGroupObjectClasses $ ipaDefaultEmailDomain $ ipaMigra + tionEnabled $ ipaCertificateSubjectBase $ ipaSELinuxUserMapDefault $ ipaSEL + inuxUserMapOrder $ ipaKrbAuthzData ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.13 NAME 'ipaConfigObject' DESC 'gen + eric config object for IPA' AUXILIARY MAY ipaConfigString X-ORIGIN 'IPA v2' + ) +objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Recor + d, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDyn + Update $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ c + NAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInf + oRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ n + XTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ s + SHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $ UnknownRec + ord $ RPRecord $ APLRecord $ IPSECKEYRecord $ DHCIDRecord $ HIPRecord $ SPF + Record ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' + SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArN + ame $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsS + OAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ i + dnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning + $ nSEC3PARAMRecord $ dNSdefaultTTL ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user + defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS + global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders + $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) X-ORIGIN 'us + er defined' ) +objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXIL + IARY MUST idnsName MAY managedBy X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.1.1 NAME 'krbContainer' SUP top S + TRUCTURAL MUST cn ) +objectClasses: ( 2.16.840.1.113719.1.301.6.2.1 NAME 'krbRealmContainer' SUP + top STRUCTURAL MUST cn MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSear + chScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltType + s $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServer + s $ krbPrincNamingAttr $ krbPwdPolicyReference $ krbPrincContainerRef ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.3.1 NAME 'krbService' SUP top ABS + TRACT MUST cn MAY ( krbHostServer $ krbRealmReferences ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP krbS + ervice STRUCTURAL ) +objectClasses: ( 2.16.840.1.113719.1.301.6.5.1 NAME 'krbPwdService' SUP krbS + ervice STRUCTURAL ) +objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILI + ARY MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipal + Key $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpira + tion $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPw + dChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ + krbLoginFailedCount $ krbExtraData $ krbLastAdminUnlock $ krbAllowedToDele + gateTo $ krbPrincipalAuthInd ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined + ' ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.9.1 NAME 'krbPrincipal' SUP top S + TRUCTURAL MUST krbPrincipalName MAY krbObjectReferences ) +objectClasses: ( 2.16.840.1.113719.1.301.6.11.1 NAME 'krbPrincRefAux' SUP to + p AUXILIARY MAY krbPrincipalReferences ) +objectClasses: ( 2.16.840.1.113719.1.301.6.13.1 NAME 'krbAdmService' SUP krb + Service STRUCTURAL ) +objectClasses: ( 2.16.840.1.113719.1.301.6.14.1 NAME 'krbPwdPolicy' SUP top + STRUCTURAL MUST cn MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars + $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailure + CountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ + krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) X-ORIGIN ( 'IPA v4.3.0' 'u + ser defined' ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.16.1 NAME 'krbTicketPolicyAux' AU + XILIARY MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.17.1 NAME 'krbTicketPolicy' SUP t + op STRUCTURAL MUST cn ) +objectClasses: ( 1.3.6.1.4.1.13769.9.1 NAME 'mozillaAbPersonAlpha' SUP top A + UXILIARY MUST cn MAY ( c $ description $ displayName $ facsimileTelephoneNu + mber $ givenName $ homePhone $ l $ mail $ mobile $ mozillaCustom1 $ mozilla + Custom2 $ mozillaCustom3 $ mozillaCustom4 $ mozillaHomeCountryName $ mozill + aHomeLocalityName $ mozillaHomePostalCode $ mozillaHomeState $ mozillaHomeS + treet $ mozillaHomeStreet2 $ mozillaHomeUrl $ mozillaNickname $ mozillaSeco + ndEmail $ mozillaUseHtmlMail $ mozillaWorkStreet2 $ mozillaWorkUrl $ nsAIMi + d $ o $ ou $ pager $ postalCode $ postOfficeBox $ sn $ st $ street $ teleph + oneNumber $ title ) X-ORIGIN 'Mozilla Address Book' ) +objectClasses: ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC + 'Auxiliary object class for adding authorizedService attribute' SUP top AU + XILIARY MAY authorizedService X-ORIGIN 'NSS LDAP schema' ) +objectClasses: ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary o + bject class for adding host attribute' SUP top AUXILIARY MAY host X-ORIGIN + 'NSS LDAP schema' ) +objectClasses: ( 2.16.840.1.113730.3.2.318 NAME 'pamConfig' DESC 'PAM plugin + configuration' SUP top AUXILIARY MAY ( cn $ pamMissingSuffix $ pamExcludeS + uffix $ pamIncludeSuffix $ pamIDAttr $ pamIDMapMethod $ pamFallback $ pamSe + cure $ pamService $ pamFilter ) X-ORIGIN 'Red Hat Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.326 NAME 'dynamicGroup' DESC 'Group c + ontaining internal dynamically-generated members' SUP posixGroup AUXILIARY + MAY dsOnlyMemberUid X-ORIGIN 'Red Hat Directory Server' ) +objectClasses: ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser' DESC 'PureFTPd + user with optional quota, throttling and ratio' STRUCTURAL MAY ( FTPStatus + $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ FTPDownloadRatio $ FTPU + ploadBandwidth $ FTPDownloadBandwidth $ FTPuid $ FTPgid ) X-ORIGIN 'Pure-FT + Pd' ) +objectClasses: ( 1.2.840.113556.1.5.87 NAME 'calEntry' DESC 'RFC2739: Calend + ar Entry' SUP top AUXILIARY MAY ( calCalURI $ calFBURL $ calOtherCalURIs $ + calOtherFBURLs $ calCAPURI $ calOtherCAPURIs ) X-ORIGIN 'rfc2739' ) +objectClasses: ( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer relat + ed information.' SUP top ABSTRACT MAY ( printer-name $ printer-natural-lang + uage-configured $ printer-location $ printer-info $ printer-more-info $ pri + nter-make-and-model $ printer-multiple-document-jobs-supported $ printer-ch + arset-configured $ printer-charset-supported $ printer-generated-natural-la + nguage-supported $ printer-document-format-supported $ printer-color-suppor + ted $ printer-compression-supported $ printer-pages-per-minute $ printer-pa + ges-per-minute-color $ printer-finishings-supported $ printer-number-up-sup + ported $ printer-sides-supported $ printer-media-supported $ printer-media- + local-supported $ printer-resolution-supported $ printer-print-quality-supp + orted $ printer-job-priority-supported $ printer-copies-supported $ printer + -job-k-octets-supported $ printer-current-operator $ printer-service-person + $ printer-delivery-orientation-supported $ printer-stacking-order-supporte + d $ printer-output-features-supported ) X-ORIGIN 'rfc3712' ) +objectClasses: ( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer inform + ation.' SUP printerAbstract STRUCTURAL MAY ( printer-uri $ printer-xri-supp + orted ) X-ORIGIN 'rfc3712' ) +objectClasses: ( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printe + r information.' SUP printerAbstract AUXILIARY MAY ( printer-uri $ printer-x + ri-supported ) X-ORIGIN 'rfc3712' ) +objectClasses: ( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing + Protocol (IPP) information.' SUP top AUXILIARY MAY ( printer-ipp-versions-s + upported $ printer-multiple-document-jobs-supported ) X-ORIGIN 'rfc3712' ) +objectClasses: ( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' + SUP top AUXILIARY MUST printer-name MAY printer-aliases X-ORIGIN 'rfc3712' + ) +objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.1 NAME 'sabayonProfile' DESC 'sabayo + n profile' SUP top STRUCTURAL MUST cn MAY ( sabayonProfileURL $ description + ) X-ORIGIN 'Sabayon' ) +objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.2 NAME 'sabayonProfileNameObject' DE + SC 'contains sabayon profile name' SUP top AUXILIARY MUST sabayonProfileNam + e X-ORIGIN 'Sabayon' ) +objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.3 NAME 'sabayonProfileURLObject' DES + C 'contains sabayon profile' SUP top AUXILIARY MUST cn MAY sabayonProfileUR + L X-ORIGIN 'Sabayon' ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3 + .0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn + $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s + ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange + $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogo + nScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPri + maryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ + sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba + Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupT + ype ) MAY ( displayName $ description $ sambaSIDList ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC 'Sam + ba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPassw + ord $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domai + n Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( + sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB + ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ samb + aMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservatio + nWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdC + hange ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool fo + r allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber + ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping + from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ gid + Number ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Structura + l Class for a SID' SUP top STRUCTURAL MUST sambaSID ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba Conf + iguration Section' SUP top AUXILIARY MAY description ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba Share + Section' SUP top STRUCTURAL MUST sambaShareName MAY description ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC 'Samb + a Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( samba + BoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListOption + $ description ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' D + ESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomainNa + me $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY sambaPreviou + sClearTextPassword ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC 'Sam + ba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustType $ + sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlat + Name $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdent + ifier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedE + ncryptionTypes ) ) +objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entrie + s' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ sud + oRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudo + NotAfter $ sudoOrder $ description ) X-ORIGIN 'SUDO' ) +objectClasses: ( 5.3.6.1.1.1.2.0 NAME 'trustAccount' DESC 'Sets trust accoun + ts information' SUP top AUXILIARY MUST trustModel MAY accessTo X-ORIGIN 'ns + s_ldap/pam_ldap' ) +objectClasses: ( 2.16.840.1.113730.3.8.12.8 NAME 'ipaKrbPrincipal' SUP krbPr + incipalAux AUXILIARY MUST ( krbPrincipalName $ ipaKrbPrincipalAlias ) X-ORI + GIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssocia + tion STRUCTURAL MAY ( externalUser $ externalHost $ hostMask $ memberAllowC + md $ memberDenyCmd $ cmdCategory $ ipaSudoOpt $ ipaSudoRunAs $ ipaSudoRunAs + ExtUser $ ipaSudoRunAsUserCategory $ ipaSudoRunAsGroup $ ipaSudoRunAsExtGro + up $ ipaSudoRunAsGroupCategory $ sudoNotBefore $ sudoNotAfter $ sudoOrder $ + ipaSudoRunAsExtUserGroup ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA objec + t class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ sudoCmd ) MAY ( m + emberOf $ description ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA ob + ject class to store groups of SUDO commands' SUP groupOfNames STRUCTURAL MU + ST ipaUniqueID X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.1 NAME 'ipaToken' DESC 'Abstract + token class for tokens' SUP top ABSTRACT MUST ipatokenUniqueID MAY ( descr + iption $ managedBy $ ipatokenOwner $ ipatokenDisabled $ ipatokenNotBefore $ + ipatokenNotAfter $ ipatokenVendor $ ipatokenModel $ ipatokenSerial ) X-ORI + GIN ( 'IPA v4.0.0' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.2 NAME 'ipatokenTOTP' DESC 'TOTP + Token Type' SUP ipaToken STRUCTURAL MAY ( ipatokenOTPkey $ ipatokenOTPalgo + rithm $ ipatokenOTPdigits $ ipatokenTOTPclockOffset $ ipatokenTOTPtimeStep + $ ipatokenTOTPwatermark ) X-ORIGIN ( 'IPA v4.1.3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.3 NAME 'ipatokenRadiusProxyUser' + DESC 'Radius Proxy User' SUP top AUXILIARY MAY ( ipatokenRadiusConfigLink + $ ipatokenRadiusUserName ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.4 NAME 'ipatokenRadiusConfigurat + ion' DESC 'Proxy Radius Configuration' SUP top STRUCTURAL MUST ( cn $ ipato + kenRadiusServer $ ipatokenRadiusSecret ) MAY ( description $ ipatokenRadius + Timeout $ ipatokenRadiusRetries $ ipatokenUserMapAttribute ) X-ORIGIN ( 'IP + A OTP' 'user defined' ) ) +objectClasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTUR + AL MUST usertype MAY userstate X-ORIGIN 'user defined' ) +objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP t + op STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) +objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' S + UP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publis + hingStatus ) X-ORIGIN 'user defined' ) +objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top + STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ request + State $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId + $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages ) + X-ORIGIN 'user defined' ) +objectClasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' + SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ trans + Status $ transOps ) X-ORIGIN 'user defined' ) +objectClasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC + 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOf + Modify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ delt + aSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ cr + lCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-O + RIGIN 'user defined' ) +objectClasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS de + fined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dat + eOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ versi + on $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingA + lgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension + $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) +objectClasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' + SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ passwor + d $ p12Expiration ) X-ORIGIN 'user defined' ) +objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP + top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyS + tate $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ d + ateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ + clientId $ dataType $ status ) X-ORIGIN 'user defined' ) +objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS de + fined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' + ) +objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defi + ned class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined clas + s' SUP top STRUCTURAL MUST ( cn $ host $ SecurePort $ SubsystemName $ Clone + ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ SecureEEClient + AuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) +objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP t + op STRUCTURAL MUST ( cn $ beginRange $ endRange $ host $ SecurePort ) X-ORI + GIN 'user defined' ) +objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionE + ntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ + cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'nisKeyObject' SU + P top STRUCTURAL MUST ( cn $ nisPublickey $ nisSecretkey ) MAY ( uidNumber + $ description ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.1.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'nisDomainOb + ject' SUP top AUXILIARY MUST nisDomain X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' DESC 'nisNetId' S + UP top STRUCTURAL MUST cn MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost + ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.5 NAME 'DUAConfigProfile' DESC 'Abst + raction of a base configuration for a DUA' SUP top STRUCTURAL MUST cn MAY ( + defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearc + hScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authentication + Method $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ s + erviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attr + ibuteMap $ profileTTL ) X-ORIGIN ( 'RFC4876' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.22 NAME 'ipaAllowedOperations' DES + C 'Class to apply access controls to arbitrary operations' SUP top AUXILIAR + Y MAY ( ipaAllowedToPerform $ ipaProtectedOperation ) X-ORIGIN ( 'IPA v4.0. + 0' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.21 NAME 'ipaPermissionV2' DESC 'IP + A Permission objectclass, version 2' SUP ipaPermission AUXILIARY MUST ( ipa + PermBindRuleType $ ipaPermLocation ) MAY ( ipaPermDefaultAttr $ ipaPermIncl + udedAttr $ ipaPermExcludedAttr $ ipaPermRight $ ipaPermTargetFilter $ ipaPe + rmTarget $ ipaPermTargetTo $ ipaPermTargetFrom ) X-ORIGIN ( 'IPA v4.2.2' 'u + ser defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.20 NAME 'ipaUser' AUXILIARY MUST u + id MAY ( userClass $ ipaKrbAuthzData ) X-ORIGIN ( 'IPA v4.3.1' 'user define + d' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.3 NAME 'idnsForwardZone' DESC 'Forw + ard Zone class' SUP top STRUCTURAL MUST ( idnsName $ idnsZoneActive ) MAY ( + idnsForwarders $ idnsForwardPolicy ) X-ORIGIN ( 'IPA v4.0.0' 'user defined + ' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.5 NAME 'ipatokenHOTP' DESC 'HOTP + Token Type' SUP ipaToken STRUCTURAL MUST ( ipatokenOTPkey $ ipatokenOTPalg + orithm $ ipatokenOTPdigits $ ipatokenHOTPcounter ) X-ORIGIN ( 'IPA v4.0.0' + 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.25 NAME 'ipaPrivateKeyObject' DESC + 'Wrapped private keys' SUP top AUXILIARY MUST ( ipaPrivateKey $ ipaWrappin + gKey $ ipaWrappingMech ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.24 NAME 'ipaPublicKeyObject' DESC + 'Wrapped public keys' SUP top AUXILIARY MUST ipaPublicKey X-ORIGIN ( 'IPA v + 4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.34 NAME 'ipaSecretKeyRefObject' DE + SC 'Indirect storage for encoded key material' SUP top AUXILIARY MUST ipaSe + cretKeyRef X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.26 NAME 'ipaSecretKeyObject' DESC + 'Wrapped secret keys' SUP top AUXILIARY MUST ( ipaSecretKey $ ipaWrappingKe + y $ ipaWrappingMech ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.1 NAME 'ipk11Object' DESC 'Objec + t' SUP top STRUCTURAL MUST ipk11UniqueId X-ORIGIN ( 'IPA v4.1.2' 'user defi + ned' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.2 NAME 'ipk11StorageObject' DESC + 'Storage object' SUP top ABSTRACT MAY ( ipk11Private $ ipk11Modifiable $ i + pk11Label $ ipk11Copyable $ ipk11Destroyable ) X-ORIGIN ( 'IPA v4.1.2' 'use + r defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.5 NAME 'ipk11Key' DESC 'Key' SUP + ipk11StorageObject ABSTRACT MAY ( ipk11KeyType $ ipk11Id $ ipk11StartDate + $ ipk11EndDate $ ipk11Derive $ ipk11Local $ ipk11KeyGenMechanism $ ipk11All + owedMechanisms ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.7 NAME 'ipk11PrivateKey' DESC 'P + rivate key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Sensitive $ ip + k11Decrypt $ ipk11Sign $ ipk11SignRecover $ ipk11Unwrap $ ipk11Extractable + $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11WrapWithTrusted $ ipk + 11UnwrapTemplate $ ipk11AlwaysAuthenticate $ ipk11PublicKeyInfo ) X-ORIGIN + ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.8 NAME 'ipk11SecretKey' DESC 'Se + cret key' SUP ipk11Key AUXILIARY MAY ( ipk11Sensitive $ ipk11Encrypt $ ipk1 + 1Decrypt $ ipk11Sign $ ipk11Verify $ ipk11Wrap $ ipk11Unwrap $ ipk11Extract + able $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11CheckValue $ ipk + 11WrapWithTrusted $ ipk11Trusted $ ipk11WrapTemplate $ ipk11UnwrapTemplate + ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.6 NAME 'ipk11PublicKey' DESC 'Pu + blic key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Encrypt $ ipk11V + erify $ ipk11VerifyRecover $ ipk11Wrap $ ipk11Trusted $ ipk11WrapTemplate $ + ipk11Distrusted $ ipk11PublicKeyInfo ) X-ORIGIN ( 'IPA v4.1.2' 'user defin + ed' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.4 NAME 'idnsSecKey' DESC 'DNSSEC ke + y metadata' SUP top STRUCTURAL MUST ( idnsSecKeyRef $ idnsSecKeyCreated $ i + dnsSecAlgorithm ) MAY ( idnsSecKeyPublish $ idnsSecKeyActivate $ idnsSecKey + Inactive $ idnsSecKeyDelete $ idnsSecKeyZone $ idnsSecKeyRevoke $ idnsSecKe + ySep $ cn ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.27 NAME 'ipaCertificate' SUP top S + TRUCTURAL MUST ( cn $ ipaCertIssuerSerial $ ipaCertSubject $ ipaPublicKey ) + MAY ipaConfigString X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.28 NAME 'ipaKeyPolicy' SUP top AUX + ILIARY MAY ( ipaKeyTrust $ ipaKeyUsage $ ipaKeyExtUsage ) X-ORIGIN ( 'IPA v + 4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.29 NAME 'ipaIDView' SUP nsContaine + r STRUCTURAL MAY description X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.35 NAME 'ipaOverrideTarget' SUP to + p STRUCTURAL MUST ipaAnchorUUID X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.30 NAME 'ipaOverrideAnchor' SUP to + p STRUCTURAL MUST ipaAnchorUUID MAY description X-ORIGIN ( 'IPA v4.1.2' 'us + er defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.31 NAME 'ipaUserOverride' DESC 'Ov + erride for User Attributes' SUP ipaOverrideAnchor STRUCTURAL MAY ( uid $ ui + dNumber $ gidNumber $ homeDirectory $ loginShell $ gecos $ ipaOriginalUid $ + userCertificate ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.32 NAME 'ipaGroupOverride' DESC 'O + verride for Group Attributes' SUP ipaOverrideAnchor STRUCTURAL MAY ( gidNum + ber $ cn ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.6 NAME 'ipatokenOTPConfig' DESC + 'OTP Global Configuration' SUP top STRUCTURAL MUST cn MAY ( ipatokenTOTPaut + hWindow $ ipatokenTOTPsyncWindow $ ipatokenHOTPauthWindow $ ipatokenHOTPsyn + cWindow ) X-ORIGIN ( 'IPA v4.1.3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.18.1.1 NAME 'ipaVault' DESC 'IPA vaul + t' SUP top STRUCTURAL MUST cn MAY ( description $ ipaVaultType $ ipaVaultSa + lt $ ipaVaultPublicKey $ owner $ member ) X-ORIGIN ( 'IPA v4.2.2' 'user def + ined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.18.1.2 NAME 'ipaVaultContainer' DESC + 'IPA vault container' SUP top STRUCTURAL MUST cn MAY ( description $ owner + ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.21.2.1 NAME 'ipaCertProfile' SUP top + STRUCTURAL MUST ( cn $ description $ ipaCertProfileStoreIssued ) X-ORIGIN ( + 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.21.2.2 NAME 'ipaCaAcl' SUP ipaAssocia + tion STRUCTURAL MAY ( ipaCaCategory $ ipaCertProfileCategory $ serviceCateg + ory $ ipaMemberCa $ ipaMemberCertProfile $ memberService ) X-ORIGIN ( 'IPA + v4.4.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.20.1.2 NAME 'ipaReplTopoSegment' DESC + 'IPA defined objectclass' SUP top STRUCTURAL MUST ( ipaReplTopoSegmentDire + ction $ ipaReplTopoSegmentLeftNode $ ipaReplTopoSegmentRightNode ) MAY ( cn + $ ipaReplTopoSegmentStatus $ ipaReplTopoSegmentGenerated $ nsDS5Replicated + AttributeList $ nsDS5ReplicatedAttributeListTotal $ nsds5BeginReplicaRefres + h $ description $ nsds5replicaTimeout $ nsds5ReplicaEnabled $ nsds5ReplicaS + tripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout ) X- + ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.20.1.1 NAME 'ipaReplTopoConf' DESC 'I + PA defined objectclass' SUP top STRUCTURAL MUST ipaReplTopoConfRoot MAY ( c + n $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttrib + uteListTotal $ nsds5ReplicaStripAttrs ) X-ORIGIN ( 'IPA v4.3.0' 'user defin + ed' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.20.1.4 NAME 'ipaReplTopoManagedServer + ' DESC 'part of managed replication topology' SUP top AUXILIARY MAY ipaRepl + TopoManagedSuffix X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.20.1.3 NAME 'ipaReplTopoManagedAgreem + ent' DESC 'marker objectclass for managed replication agreements' SUP top A + UXILIARY MAY ipaReplTopoManagedAgreementState X-ORIGIN ( 'IPA v4.2.2' 'user + defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.19.1.2 NAME 'ipaSupportedDomainLevelC + onfig' DESC 'Supported Domain Level Configuration' SUP ipaConfigObject AUXI + LIARY MUST ( ipaMinDomainLevel $ ipaMaxDomainLevel ) X-ORIGIN ( 'IPA v4.2.2 + ' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.19.1.1 NAME 'ipaDomainLevelConfig' DE + SC 'Domain Level Configuration' SUP ipaConfigObject AUXILIARY MUST ipaDomai + nLevel X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profil + e' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN + 'user defined' ) +objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' + SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ + tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPo + licy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals + $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user define + d' ) +objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined cl + ass' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp + $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ + tokenType ) X-ORIGIN 'user defined' ) +objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP + top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate + $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ token + Serial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNot + After $ extensions ) X-ORIGIN 'user defined' ) +objectClasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined clas + s' SUP top AUXILIARY MAY profileID X-ORIGIN ( 'user-defined' 'user defined' + ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.7 NAME 'ipaLocationObject' DESC 'Ob + ject for storing IPA server location' SUP top STRUCTURAL MUST idnsName MAY + description X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.36 NAME 'ipaDNSContainer' DESC 'IP + A DNS container' AUXILIARY MUST ipaDNSVersion X-ORIGIN ( 'IPA v4.4.0.alpha1 + ' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.6 NAME 'idnsServerConfigObject' DES + C 'DNS server configuration options' SUP top STRUCTURAL MUST idnsServerId M + AY ( idnsSubstitutionVariable $ idnsSOAmName $ idnsForwarders $ idnsForward + Policy ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.5 NAME 'idnsTemplateObject' DESC 'T + emplate object for dynamic DNS attribute generation' AUXILIARY MUST idnsTem + plateAttribute X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME 'ipaLocationMember' DESC 'Me + mber object of IPA location' AUXILIARY MAY ( ipaLocation $ ipaServiceWeight + ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.21.2.3 NAME 'ipaCa' SUP top STRUCTURA + L MUST ( cn $ ipaCaId $ ipaCaSubjectDN $ ipaCaIssuerDN ) MAY description X- + ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( authority-oid NAME 'authority' DESC 'Certificate Authority' + SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ author + ityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ auth + orityParentDN $ authorityKeyHost $ description ) X-ORIGIN ( 'IPA v4.4.0.alp + ha1' 'user defined' ) ) + diff --git a/Tests/ldif/subschema-openldap-all.ldif b/Tests/ldif/subschema-openldap-all.ldif new file mode 100644 index 0000000..3e930c6 --- /dev/null +++ b/Tests/ldif/subschema-openldap-all.ldif @@ -0,0 +1,8017 @@ +######################################################################## +# LDIF export by web2ldap 1.2.80, see http://www.web2ldap.de +# Date and time: Saturday, 2017-02-18 17:09:50 GMT +# Bind-DN: u'cn=Michael Str\xf6der+mail=michael@stroeder.com,ou=Private,dc=stroeder,dc=de' +# LDAP-URL of search: +# ldapi:///cn%3DSubschema?matchingRuleUse,ldapSyntaxes,nameForms,dITStructureRules,attributeTypes,matchingRules,dITContentRules,objectClasses,objectClass,cn?base?%28objectClass%3D%2A%29?x-saslmech=EXTERNAL +######################################################################## +version: 1 + +dn: cn=Subschema +attributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes o + f the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.38 ) +attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: struc + tural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOper + ation ) +attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which + object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODI + FICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which + object was last modified' EQUALITY generalizedTimeMatch ORDERING generalize + dTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USE + R-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creato + r' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN + GLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last + modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has chi + ldren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VAL + UE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of + controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpe + ration ) +attributeTypes: ( 2.5.18.12 NAME 'collectiveAttributeSubentries' DESC 'RFC36 + 71: collective attribute subentries' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperatio + n ) +attributeTypes: ( 2.5.18.7 NAME 'collectiveExclusions' DESC 'RFC3671: collec + tive attribute exclusions' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.38 USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' E + QUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-V + ALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequ + ence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMat + ch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION + USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change se + quence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrde + ringMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIF + ICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'sync + repl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetString + OrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MOD + IFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the larg + est committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch + SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOpera + tion ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: + alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperati + on ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC + 4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperat + ion ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC ' + RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSA + Operation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC + 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 38 USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DE + SC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' + DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4 + 512: features supported by the server' EQUALITY objectIdentifierMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'moni + tor context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'confi + g context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of imple + mentation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of + implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administ + rative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.38 USAGE directoryOperation ) +attributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtre + e specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE di + rectoryOperation ) +attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT struc + ture rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.17 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content + rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.16 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rule + s' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.30 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute ty + pes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.3 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classe + s' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.37 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUA + LITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 35 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching ru + le uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.31 USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4 + 512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) +attributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DE + SC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordi + nate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 USAGE distributedOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL ent + ry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MOD + IFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL + children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-US + ER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) + DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4 + 203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom + ' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4 + .1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: + entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-US + ER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RF + C2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIF + ICATION USAGE dSAOperation ) +attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common su + pertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.12 ) +attributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of na + me attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common n + ame(s) for which the entity is known by' SUP name ) +attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RF + C4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer + uniquely identifying a user in an administrative domain' EQUALITY integerM + atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer + uniquely identifying a group in an administrative domain' EQUALITY integer + Match ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI + NGLE-VALUE ) +attributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password + of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128 + } ) +attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Unif + orm Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive inf + ormation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15{1024} ) +attributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related objec + t' SUP distinguishedName ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.78 NAME 'olcConfigFile' DESC ' + File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.79 NAME 'olcConfigDir' DESC 'D + irectory for slapd configuration backend' EQUALITY caseIgnoreMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.1 NAME 'olcAccess' DESC 'Acces + s Control List' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.86 NAME 'olcAddContentAcl' DES + C 'Check ACLs against content of Add ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.2 NAME 'olcAllows' DESC 'Allow + ed set of deprecated features' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.3 NAME 'olcArgsFile' DESC 'Fil + e for slapd command line options' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.5 NAME 'olcAttributeOptions' E + QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.4 NAME 'olcAttributeTypes' DES + C 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.6 NAME 'olcAuthIDRewrite' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES + ' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.7 NAME 'olcAuthzPolicy' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.8 NAME 'olcAuthzRegexp' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.9 NAME 'olcBackend' DESC 'A ty + pe of backend' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORDERED 'SIBLINGS' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.10 NAME 'olcConcurrency' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.11 NAME 'olcConnMaxPending' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.12 NAME 'olcConnMaxPendingAuth + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.13 NAME 'olcDatabase' DESC 'Th + e backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDER + ED 'SIBLINGS' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.14 NAME 'olcDefaultSearchBase' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.15 NAME 'olcDisallows' EQUALIT + Y caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.16 NAME 'olcDitContentRules' D + ESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.20 NAME 'olcExtraAttrs' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.17 NAME 'olcGentleHUP' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.17 NAME 'olcHidden' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.18 NAME 'olcIdleTimeout' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.19 NAME 'olcInclude' SUP label + edURI ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.20 NAME 'olcIndexSubstrIfMinLe + n' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.21 NAME 'olcIndexSubstrIfMaxLe + n' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.22 NAME 'olcIndexSubstrAnyLen' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.23 NAME 'olcIndexSubstrAnyStep + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.84 NAME 'olcIndexIntLen' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.4 NAME 'olcLastMod' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.85 NAME 'olcLdapSyntaxes' DESC + 'OpenLDAP ldapSyntax' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.5 NAME 'olcLimits' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.93 NAME 'olcListenerThreads' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.26 NAME 'olcLocalSSF' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.27 NAME 'olcLogFile' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.28 NAME 'olcLogLevel' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.6 NAME 'olcMaxDerefDepth' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.16 NAME 'olcMirrorMode' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.30 NAME 'olcModuleLoad' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.31 NAME 'olcModulePath' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.18 NAME 'olcMonitoring' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.32 NAME 'olcObjectClasses' DES + C 'OpenLDAP object classes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.33 NAME 'olcObjectIdentifier' + EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.34 NAME 'olcOverlay' SUP olcDa + tabase SINGLE-VALUE X-ORDERED 'SIBLINGS' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.35 NAME 'olcPasswordCryptSaltF + ormat' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.36 NAME 'olcPasswordHash' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.37 NAME 'olcPidFile' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.38 NAME 'olcPlugin' EQUALITY c + aseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.39 NAME 'olcPluginLogFile' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.40 NAME 'olcReadOnly' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.41 NAME 'olcReferral' SUP labe + ledURI SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.7 NAME 'olcReplica' SUP labe + ledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.43 NAME 'olcReplicaArgsFile' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.44 NAME 'olcReplicaPidFile' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.45 NAME 'olcReplicationInterva + l' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.46 NAME 'olcReplogFile' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.47 NAME 'olcRequires' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.48 NAME 'olcRestrict' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.49 NAME 'olcReverseLookup' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.8 NAME 'olcRootDN' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.51 NAME 'olcRootDSE' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.9 NAME 'olcRootPW' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.89 NAME 'olcSaslAuxprops' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.53 NAME 'olcSaslHost' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.54 NAME 'olcSaslRealm' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.56 NAME 'olcSaslSecProps' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.58 NAME 'olcSchemaDN' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.59 NAME 'olcSecurity' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.81 NAME 'olcServerID' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.60 NAME 'olcSizeLimit' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.61 NAME 'olcSockbufMaxIncoming + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.62 NAME 'olcSockbufMaxIncoming + Auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.83 NAME 'olcSortVals' DESC 'At + tributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.15 NAME 'olcSubordinate' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.10 NAME 'olcSuffix' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.19 NAME 'olcSyncUseSubentry' + DESC 'Store sync context in a subentry' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.11 NAME 'olcSyncrepl' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.90 NAME 'olcTCPBuffer' DESC 'C + ustom TCP buffer size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.66 NAME 'olcThreads' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.67 NAME 'olcTimeLimit' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.68 NAME 'olcTLSCACertificateFi + le' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.69 NAME 'olcTLSCACertificatePa + th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyF + ile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.72 NAME 'olcTLSCipherSuite' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.73 NAME 'olcTLSCRLCheck' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.82 NAME 'olcTLSCRLFile' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.74 NAME 'olcTLSRandFile' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.75 NAME 'olcTLSVerifyClient' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.77 NAME 'olcTLSDHParamFile' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.87 NAME 'olcTLSProtocolMin' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.80 NAME 'olcToolThreads' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.12 NAME 'olcUpdateDN' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.13 NAME 'olcUpdateRef' SUP l + abeledURI EQUALITY caseIgnoreMatch ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.88 NAME 'olcWriteTimeout' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.1 NAME 'olcDbDirectory' DESC + 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci' DESC 'OpenLDAP + access control information (experimental)' EQUALITY OpenLDAPaciMatch SYNTA + X 1.3.6.1.4.1.4203.666.2.1 USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.2 NAME 'olcDbCheckpoint' DES + C 'Database checkpoint interval in kbytes and minutes' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.4 NAME 'olcDbNoSync' DESC 'D + isable synchronous database writes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.3 NAME 'olcDbEnvFlags' DESC + 'Database environment flags' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.2 NAME 'olcDbIndex' DESC 'At + tribute index parameters' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.1 NAME 'olcDbMaxReaders' DE + SC 'Maximum number of threads that may access the DB concurrently' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.2 NAME 'olcDbMaxSize' DESC + 'Maximum size of DB in bytes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.3 NAME 'olcDbMode' DESC 'Uni + x permissions of database files' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.5 NAME 'olcDbRtxnSize' DESC + 'Number of entries to process in one read transaction' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.9 NAME 'olcDbSearchStack' DE + SC 'Depth of search stack in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.11 NAME 'olcDbCacheFree' DES + C 'Number of extra entries to free when max is reached' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.1 NAME 'olcDbCacheSize' DESC + 'Entry cache size in entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.16 NAME 'olcDbChecksum' DESC + 'Enable database checksum validation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.13 NAME 'olcDbCryptFile' DES + C 'Pathname of file containing the DB encryption key' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.14 NAME 'olcDbCryptKey' DESC + 'DB encryption key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.3 NAME 'olcDbConfig' DESC 'B + erkeleyDB DB_CONFIG configuration directives' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.15 NAME 'olcDbPageSize' DESC + 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.5 NAME 'olcDbDirtyRead' DESC + 'Allow reads of uncommitted data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.12 NAME 'olcDbDNcacheSize' D + ESC 'DN cache size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.6 NAME 'olcDbIDLcacheSize' D + ESC 'IDL cache size in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.7 NAME 'olcDbLinearIndex' DE + SC 'Index attributes one at a time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.8 NAME 'olcDbLockDetect' DES + C 'Deadlock detection algorithm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.10 NAME 'olcDbShmKey' DESC ' + Key for shared memory region' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.14 NAME 'olcDbURI' DESC 'URI + (list) for remote DSA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.1 NAME 'olcDbStartTLS' DESC + 'StartTLS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.2 NAME 'olcDbACLAuthcDn' DES + C 'Remote ACL administrative identity' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.3 NAME 'olcDbACLPasswd' DESC + 'Remote ACL administrative identity credentials' OBSOLETE SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.4 NAME 'olcDbACLBind' DESC ' + Remote ACL administrative identity auth bind configuration' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.5 NAME 'olcDbIDAssertAuthcDn + ' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.6 NAME 'olcDbIDAssertPasswd' + DESC 'Remote Identity Assertion administrative identity credentials' OBSOL + ETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.7 NAME 'olcDbIDAssertBind' D + ESC 'Remote Identity Assertion administrative identity auth bind configurat + ion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.8 NAME 'olcDbIDAssertMode' D + ESC 'Remote Identity Assertion mode' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.9 NAME 'olcDbIDAssertAuthzFr + om' DESC 'Remote Identity Assertion authz rules' EQUALITY caseIgnoreMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.10 NAME 'olcDbRebindAsUser' + DESC 'Rebind as user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.11 NAME 'olcDbChaseReferrals + ' DESC 'Chase referrals' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.12 NAME 'olcDbTFSupport' DES + C 'Absolute filters support' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.13 NAME 'olcDbProxyWhoAmI' D + ESC 'Proxy whoAmI exop' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.14 NAME 'olcDbTimeout' DESC + 'Per-operation timeouts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.15 NAME 'olcDbIdleTimeout' D + ESC 'connection idle timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.16 NAME 'olcDbConnTtl' DESC + 'connection ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.17 NAME 'olcDbNetworkTimeout + ' DESC 'connection network timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.18 NAME 'olcDbProtocolVersio + n' DESC 'protocol version' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU + E ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.19 NAME 'olcDbSingleConn' DE + SC 'cache a single connection per identity' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.20 NAME 'olcDbCancel' DESC ' + abandon/ignore/exop operations when appropriate' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.21 NAME 'olcDbQuarantine' DE + SC 'Quarantine database if connection fails and retry according to rule' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.22 NAME 'olcDbUseTemporaryCo + nn' DESC 'Use temporary connections if the cached one is busy' SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.23 NAME 'olcDbConnectionPool + Max' DESC 'Max size of privileged connections pool' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.24 NAME 'olcDbSessionTrackin + gRequest' DESC 'Add session tracking control to proxied requests' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.25 NAME 'olcDbNoRefs' DESC ' + Do not return search reference responses' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.26 NAME 'olcDbNoUndefFilter' + DESC 'Do not propagate undefined search filters' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.108 NAME 'olcDbOnErr' DESC ' + error handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.27 NAME 'olcDbIDAssertPassTh + ru' DESC 'Remote Identity Assertion passthru rules' EQUALITY caseIgnoreMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.29 NAME 'olcDbKeepalive' DES + C 'TCP keepalive' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.1 NAME 'olcChainingBehavior' + DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chainin + g)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.2 NAME 'olcChainCacheURI' DE + SC 'Enables caching of URIs not present in configuration' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.3 NAME 'olcChainMaxReferralD + epth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.4 NAME 'olcChainReturnError' + DESC 'Errors are returned instead of the original referral' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.101 NAME 'olcDbRewrite' DESC + 'DN rewriting rules' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.102 NAME 'olcDbMap' DESC 'Ma + p attribute and objectclass names' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.103 NAME 'olcDbSubtreeExclud + e' DESC 'DN of subtree to exclude from target' EQUALITY caseIgnoreMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.104 NAME 'olcDbSubtreeInclud + e' DESC 'DN of subtree to include in target' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.105 NAME 'olcDbDefaultTarget + ' DESC 'Specify the default target' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.106 NAME 'olcDbDnCacheTtl' D + ESC 'dncache ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.107 NAME 'olcDbBindTimeout' + DESC 'bind timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.109 NAME 'olcDbPseudoRootBin + dDefer' DESC 'error handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.110 NAME 'olcDbNretries' DES + C 'retry handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.111 NAME 'olcDbClientPr' DES + C 'PagedResults handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.100 NAME 'olcMetaSub' DESC ' + Placeholder to name a Target entry' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORDERED 'SIBLINGS' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.112 NAME 'olcDbFilter' DESC + 'Filter regex pattern to include in target' EQUALITY caseExactMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'mon + itored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOpera + tion ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monit + or managed info' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'mo + nitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC + 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USA + GE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC + 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USA + GE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' + DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION U + SAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN + ' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperat + ion ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAd + dress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER-MO + DIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAdd + ress' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-MODI + FICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC + 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODI + FICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'n + ame of overlays defined for a given database' SUP monitoredInfo NO-USER-MOD + IFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/wr + ite status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DE + SC 'name of restricted operation for a given database' SUP managedInfo ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtoc + ol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFICATI + ON USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsRec + eived' DESC 'monitor number of operations received by the connection' SUP m + onitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExe + cuting' DESC 'monitor number of operations in execution within the connecti + on' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPen + ding' DESC 'monitor number of pending operations within the connection' SUP + monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCom + pleted' DESC 'monitor number of operations completed within the connection' + SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' D + ESC 'number of times connection_get() was called so far' SUP monitorCounter + NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' + DESC 'number of times connection_read() was called so far' SUP monitorCount + er NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' + DESC 'number of times connection_write() was called so far' SUP monitorCou + nter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' + DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE + dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListen + er' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFICATI + ON USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDo + main' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MODIF + ICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartT + ime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VALUE + NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivi + tyTime' DESC 'monitor connection activity time' SUP monitorTimestamp SINGLE + -VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC ' + TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC + 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE + dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' D + ESC 'TRUE if component allows runtime configuration' EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.30 NAME 'monitorSuperiorDN' DESC + 'monitor superior DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.5.1 NAME 'olcRelay' DESC 'Rela + y DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.15.1 NAME 'olcAuditlogFile' DE + SC 'Filename for auditlogging' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.1 NAME 'olcAccessLogDB' DESC + 'Suffix of database for log content' SUP distinguishedName SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.2 NAME 'olcAccessLogOps' DES + C 'Operation types to log' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.3 NAME 'olcAccessLogPurge' D + ESC 'Log cleanup parameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.4 NAME 'olcAccessLogSuccess' + DESC 'Log successful ops only' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.5 NAME 'olcAccessLogOld' DES + C 'Log old values when modifying entries matching the filter' SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.6 NAME 'olcAccessLogOldAttr' + DESC 'Log old values of these attributes even if unmodified' EQUALITY case + IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.7 NAME 'olcAccessLogBase' DE + SC 'Operation types to log under a specific branch' EQUALITY caseIgnoreMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN' DESC 'Target DN + of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart' DESC 'Start + time of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrde + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd' DESC 'End time + of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrdering + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType' DESC 'Type of + request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession' DESC 'Sess + ion ID of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID' DESC 'Auth + orization ID of requestor' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult' DESC 'Resul + t code of request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage' DESC 'Erro + r text of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral' DESC 'Ref + errals returned for request' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls' DESC 'Re + quest controls' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1 + .4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME 'reqRespControls' DESC + 'Response controls of request' EQUALITY objectIdentifierFirstComponentMatc + h SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' DESC 'ID of Re + quest to Abandon' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion' DESC 'Pro + tocol version of Bind request' EQUALITY integerMatch ORDERING integerOrderi + ngMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod' DESC 'Bind + method of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion' DESC 'C + ompare Assertion of request' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod' DESC 'Modific + ations of request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld' DESC 'Old val + ues of entry before request completed' EQUALITY octetStringMatch SUBSTR oct + etStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN' DESC 'New + RDN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME 'reqDeleteOldRDN' DESC + 'Delete old RDN' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME 'reqNewSuperior' DESC + 'New superior DN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope' DESC 'Scope + of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME 'reqDerefAliases' DESC + 'Disposition of Aliases in request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly' DESC 'A + ttributes and values of request' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter' DESC 'Filt + er of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr' DESC 'Attrib + utes of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit' DESC 'S + ize limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit' DESC 'T + ime limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries' DESC 'Num + ber of entries returned' EQUALITY integerMatch ORDERING integerOrderingMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData' DESC 'Data o + f extended request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'D + N of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-U + SER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.31 NAME 'reqEntryUUID' DESC 'U + UID of entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1. + 1.16.1 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.19.1 NAME 'olcCollectInfo' DES + C 'DN of entry and attribute to distribute' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.8.1 NAME 'olcDlAttrSet' DESC ' + Dynamic list: , , ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.1 NAME 'olcRefintAttribute' + DESC 'Attributes for referential integrity' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.2 NAME 'olcRefintNothing' D + ESC 'Replacement DN to supply when needed' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.3 NAME 'olcRefintModifiersN + ame' DESC 'The DN to use as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that th + e entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.0 NAME 'olcMemberOfDN' DESC + 'DN to be used as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.1 NAME 'olcMemberOfDangling + ' DESC 'Behavior with respect to dangling members, constrained to ignore, d + rop, error' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.2 NAME 'olcMemberOfRefInt' + DESC 'Take care of referential integrity' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.3 NAME 'olcMemberOfGroupOC' + DESC 'Group objectClass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.4 NAME 'olcMemberOfMemberAD + ' DESC 'member attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.5 NAME 'olcMemberOfMemberOf + AD' DESC 'memberOf attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.7 NAME 'olcMemberOfDangling + Error' DESC 'Error code returned in case of dangling back reference' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.1 NAME 'olcSpCheckpoint' DES + C 'ContextCSN checkpoint interval in ops and minutes' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.2 NAME 'olcSpSessionlog' DES + C 'Session log size in ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL + UE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.3 NAME 'olcSpNoPresent' DESC + 'Omit Present phase processing' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE + -VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.4 NAME 'olcSpReloadHint' DES + C 'Observe Reload Hint in Request control' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.1 NAME 'olcTranslucentStric + t' DESC 'Reveal attribute deletion constraint violations' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.2 NAME 'olcTranslucentNoGlu + e' DESC 'Disable automatic glue records for ADD and MODRDN' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.3 NAME 'olcTranslucentLocal + ' DESC 'Attributes to use in local search filter' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.4 NAME 'olcTranslucentRemot + e' DESC 'Attributes to use in remote search filter' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.5 NAME 'olcTranslucentBindL + ocal' DESC 'Enable local bind' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.6 NAME 'olcTranslucentPwMod + Local' DESC 'Enable local RFC 3062 Password Modify extended operation' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.1 NAME 'olcUniqueBase' DESC + 'Subtree for uniqueness searches' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.2 NAME 'olcUniqueIgnore' DE + SC 'Attributes for which uniqueness shall not be enforced' EQUALITY caseIgn + oreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.3 NAME 'olcUniqueAttribute' + DESC 'Attributes for which uniqueness shall be enforced' EQUALITY caseIgno + reMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.4 NAME 'olcUniqueStrict' DE + SC 'Enforce uniqueness of null values' EQUALITY booleanMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.5 NAME 'olcUniqueURI' DESC + 'List of keywords and LDAP URIs for a uniqueness domain' EQUALITY caseExact + Match ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.13.1 NAME 'olcConstraintAttrib + ute' DESC 'constraint for list of attributes' EQUALITY caseIgnoreMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.5.1 NAME 'olcValSortAttr' DESC + 'Sorting rule for attribute under given DN' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.1 NAME 'olcSssVlvMax' DESC + 'Maximum number of concurrent Sort requests' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.2 NAME 'olcSssVlvMaxKeys' D + ESC 'Maximum number of Keys in a Sort request' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.3 NAME 'olcSssVlvMaxPerConn + ' DESC 'Maximum number of concurrent paged search requests per connection' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime' DESC 'The + time the password was last changed' EQUALITY generalizedTimeMatch ORDERING + generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V + ALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime' DES + C 'The time an user account was locked' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC 'The + timestamps of the last consecutive authentication failures' EQUALITY gener + alizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The his + tory of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime' DESC 'Th + e timestamps of the grace login once the password has expired' EQUALITY gen + eralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION + USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset' DESC 'The indic + ation that the password has been reset' EQUALITY booleanMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC ' + The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNam + eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOpe + ration ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.1 NAME 'olcPPolicyDefault' + DESC 'DN of a pwdPolicy object for uncustomized objects' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.2 NAME 'olcPPolicyHashClear + text' DESC 'Hash passwords on add or modify' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.4 NAME 'olcPPolicyForwardUp + dates' DESC 'Allow policy state updates to be forwarded via updateref' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.3 NAME 'olcPPolicyUseLockou + t' DESC 'Warn clients with AccountLocked' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.57 NAME 'entryExpireTimestamp' DESC + 'RFC2589 OpenLDAP extension: expire time of a dynamic object, computed as + now + entryTtl' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrder + ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICA + TION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.1 NAME 'olcDDSstate' DESC 'R + FC2589 Dynamic directory services state' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.2 NAME 'olcDDSmaxTtl' DESC ' + RFC2589 Dynamic directory services max TTL' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.3 NAME 'olcDDSminTtl' DESC ' + RFC2589 Dynamic directory services min TTL' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.4 NAME 'olcDDSdefaultTtl' DE + SC 'RFC2589 Dynamic directory services default TTL' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.5 NAME 'olcDDSinterval' DESC + 'RFC2589 Dynamic directory services expiration task run interval' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.6 NAME 'olcDDStolerance' DES + C 'RFC2589 Dynamic directory services additional TTL in expiration scheduli + ng' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.7 NAME 'olcDDSmaxDynamicObje + cts' DESC 'RFC2589 Dynamic directory services max number of dynamic objects + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.453.16.2.188 NAME 'authTimestamp' DESC 'last s + uccessful authentication using any method/mech' EQUALITY generalizedTimeMat + ch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.4.5.1 NAME 'olcLastBindPrecision + ' DESC 'Precision of authTimestamp attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.0.1.1 NAME 'olmDbDirectory' DESC + 'Path name of the directory where the database environment resides' SUP mo + nitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowled + ge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15{32768} ) +attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (famil + y) name(s) for which the entity is known by' SUP name ) +attributeTypes: ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number o + f the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) +attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two-lett + er ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SIN + GLE-VALUE ) +attributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: localit + y which this object resides in' SUP name ) +attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: + state or province which this object resides in' SUP name ) +attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: s + treet address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: or + ganization this object belongs to' SUP name ) +attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2 + 256: organizational unit this object belongs to' SUP name ) +attributeTypes: ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with + the entity' SUP name ) +attributeTypes: ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, d + eprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) +attributeTypes: ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business c + ategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal addres + s' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.41 ) +attributeTypes: ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQU + ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15{40} ) +attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office B + ox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15{40} ) +attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: + Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone N + umber' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) +attributeTypes: ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) +attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: T + eletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) +attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'R + FC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .22 ) +attributeTypes: ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.36{15} ) +attributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: int + ernational ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) +attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registere + d postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destin + ation indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) +attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: pre + ferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: present + ation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.43 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: + supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' S + UP distinguishedName ) +attributeTypes: ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object) + ' SUP distinguishedName ) +attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of ro + le' SUP distinguishedName ) +attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user + certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.8 ) +attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA cert + ificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.8 ) +attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.5 + 09 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.9 ) +attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X + .509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.9 ) +attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 + cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) +attributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first na + me(s) for which the entity is known by' SUP name ) +attributeTypes: ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some o + r all of names, but not the surname(s).' SUP name ) +attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qu + alifier indicating a generation' SUP name ) +attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 + unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.6 ) +attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' E + QUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) +attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhance + d search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) +attributeTypes: ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protoco + l information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.42 ) +attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member + of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 + ) +attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house ident + ifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15{32768} ) +attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: support + ed algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) +attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta r + evocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +attributeTypes: ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP na + me ) +attributeTypes: ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for + the object' SUP name ) +attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor + eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR c + aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL + UE ) +attributeTypes: ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'R + FC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR c + aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9e + mail' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALIT + Y caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26{128} ) +attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUA + LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: gener + al information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) +attributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' + ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1274: + room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: phot + o (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) +attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC1274: + category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: host + computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1274: D + N of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' DESC + 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR ca + seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC 'RFC1 + 274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DESC 'RF + C1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC + 1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DESC 'R + FC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelepho + neNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumberM + atch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.50 ) +attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC1274: + DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.39 ) +attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgn + oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY cas + eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC + 1274: DN of entry associated with domain' EQUALITY distinguishedNameMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC ' + RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnor + eListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1 + 274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephon + eNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNumber + Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.50 ) +attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneN + umber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumberMat + ch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 50 ) +attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryNam + e' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DESC 'R + FC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' DES + C 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC 'RFC12 + 74: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption' DES + C 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC 'RFC12 + 74: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RFC1274 + : DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC + 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE + -VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' DE + SC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 + SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' DE + SC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 + SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' DESC ' + RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 + ) +attributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'RFC127 + 4: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274: aud + io (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) +attributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' DESC ' + RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2798: v + ehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'RFC2 + 798: identifies a department within an organization' EQUALITY caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC2798 + : preferred name to be used when displaying entries' EQUALITY caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RFC279 + 8: numerically identifies an employee within an organization' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2798: + type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2798: + a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) +attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RF + C2798: preferred written or spoken language for a person' EQUALITY caseIgno + reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC + 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.5 ) +attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2798: + personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.5 ) +attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC + 822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the + SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26{256} SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'R + FC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'r + fc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the co + mmon name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute pa + th to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the lo + gin shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integerMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Mat + ch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExa + ctIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup t + riple' SYNTAX 1.3.6.1.1.1.0.0 ) +attributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY integerMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) +attributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address' EQU + ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +attributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGL + E-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGL + E-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +attributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd + parameter' SYNTAX 1.3.6.1.1.1.0.1 ) +attributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name' EQ + UALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) +attributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExactIA5M + atch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully + qualified name of distinguished Java class or interface' EQUALITY caseExac + tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) + specifying the location of class definition' EQUALITY caseExactIA5Match SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Ful + ly qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC ' + Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully + qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DES + C 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java d + ocumentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Stringifi + ed interoperable object reference of a CORBA object' EQUALITY caseIgnoreIA5 + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DESC ' + Repository ids of interfaces implemented by a CORBA object' EQUALITY caseEx + actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Identifie + s an URL associated with each member of a group. Any type of labeled URL ca + n be used.' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.8.1.1 NAME 'dgIdentity' DESC 'Iden + tity to use when processing the memberURL' SUP distinguishedName SINGLE-VAL + UE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.8.1.2 NAME 'dgAuthz' DESC 'Optiona + l authorization rules that determine who is allowed to assume the dgIdentit + y' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY obj + ectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY intege + rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY intege + rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY int + egerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUALITY + integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY int + egerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUALITY + integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQUALI + TY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY boole + anMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' EQUAL + ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUALITY i + ntegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInterval' + EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUALITY b + ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' EQUAL + ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUALITY b + ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailure' EQ + UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'Loadab + le module that instantiates check_password() function' EQUALITY caseExactIA + 5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.72 NAME 'role' DESC 'X.509 Role attribute, use ;bina + ry' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.6 ) +attributeTypes: ( 2.5.4.75 NAME 'xmlPrivilegeInfo' DESC 'X.509 XML privilege + information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.5.4.58 NAME 'attributeCertificateAttribute' DESC 'X.509 + Attribute certificate attribute, use ;binary' EQUALITY attributeCertificate + ExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) +attributeTypes: ( 2.5.4.61 NAME 'aACertificate' DESC 'X.509 AA certificate a + ttribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX 1.3.6 + .1.4.1.4203.666.11.10.2.1 ) +attributeTypes: ( 2.5.4.62 NAME 'attributeDescriptorCertificate' DESC 'X.509 + Attribute descriptor certificate attribute, use ;binary' EQUALITY attribut + eCertificateExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) +attributeTypes: ( 2.5.4.59 NAME 'attributeCertificateRevocationList' DESC 'X + .509 Attribute certificate revocation list attribute, use ;binary' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.9 X-EQUALITY 'certificateListExactMatch, not impl + emented yet' ) +attributeTypes: ( 2.5.4.63 NAME 'attributeAuthorityRevocationList' DESC 'X.5 + 09 AA certificate revocation list attribute, use ;binary' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.9 X-EQUALITY 'certificateListExactMatch, not implemented y + et' ) +attributeTypes: ( 2.5.4.73 NAME 'delegationPath' DESC 'X.509 Delegation path + attribute, use ;binary' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.4 ) +attributeTypes: ( 2.5.4.71 NAME 'privPolicy' DESC 'X.509 Privilege policy at + tribute, use ;binary' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.5 ) +attributeTypes: ( 2.5.4.74 NAME 'protPrivPolicy' DESC 'X.509 Protected privi + lege policy attribute, use ;binary' EQUALITY attributeCertificateExactMatch + SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) +attributeTypes: ( 2.5.4.76 NAME 'xmlPrivPolicy' DESC 'X.509 XML Protected pr + ivilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE ) +attributeTypes: ( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE ) +attributeTypes: ( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE ) +attributeTypes: ( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE ) +attributeTypes: ( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE ) +attributeTypes: ( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress COLLEC + TIVE ) +attributeTypes: ( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTIVE ) +attributeTypes: ( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox COLLEC + TIVE ) +attributeTypes: ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP physica + lDeliveryOfficeName COLLECTIVE ) +attributeTypes: ( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumber CO + LLECTIVE ) +attributeTypes: ( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLECTIVE + ) +attributeTypes: ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facsimile + TelephoneNumber COLLECTIVE ) +attributeTypes: ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP internatio + nalISDNNumber COLLECTIVE ) +attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IAN + A GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'De + fault LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'De + fault LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC ' + Preferred LDAP server host addresses to be used by a DUA' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maxi + mum time in seconds a DUA should allow for a search to complete' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximu + m time in seconds a DUA should allow for the bind operation to c + omplete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tell + s DUA if it should follow referrals returned by a DSA search res + ult' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases' DESC ' + Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC + 'A keystring which identifies the type of authentication method + used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to l + ive, in seconds, before a client DUA should re-read this configu + ration profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' D + ESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribu + te mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Ide + ntifies type of credentials a DUA should use when binding to the + LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Obje + ctclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC ' + Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DE + SC 'Identifies type of credentials a DUA should use when binding + to the LDAP server for a specific service' EQUALITY caseIgnoreI + A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMetho + d' DESC 'Authentication method used by a service of the DUA' EQUALITY caseI + gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.2.840.113533.7.68.10 NAME 'attributeCertificate' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.5 ) +attributeTypes: ( 1.2.840.113533.7.68.0 NAME 'entrustCAInfo' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.5 ) +attributeTypes: ( 1.2.840.113533.7.68.30 NAME 'entrustPolicyCertificate' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.22 NAME 'entrustRoamFileEncInfo' EQUAL + ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.79.0 NAME 'entrustRoamingCAPAB' EQUALITY + octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.28 NAME 'entrustRoamingEOP' EQUALITY o + ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.24 NAME 'entrustRoamingPAB' EQUALITY o + ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.27 NAME 'entrustRoamingPRV' EQUALITY o + ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.23 NAME 'entrustRoamingProfile' EQUALI + TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.25 NAME 'entrustRoamingRecipList' EQUA + LITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.26 NAME 'entrustRoamingSLA' EQUALITY o + ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.114027.22.4 NAME 'entrustAttributeCertificate' + EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.79.1 NAME 'entrustRoamingId' SUP uid ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC + 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickname' DESC 'ed + uPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'eduPe + rson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'e + duPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation + ' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DES + C 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR ca + seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC + 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' + DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' + DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.2 NAME 'eduOrgHomePageURI' DESC 'ed + uOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.3 NAME 'eduOrgIdentityAuthNPolicyUR + I' DESC 'eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.4 NAME 'eduOrgLegalName' DESC 'eduO + rg per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.5 NAME 'eduOrgSuperiorURI' DESC 'ed + uOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.6 NAME 'eduOrgWhitePagesURI' DESC ' + eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.1 NAME 'schacMotherTongue' DESC 'RFC + 3066 code for prefered language of communication' EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.2 NAME 'schacGender' DESC 'Represent + ation of human sex (see ISO 5218)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.3 NAME 'schacDateOfBirth' DESC 'Date + of birth (format YYYYMMDD, only numeric chars)' EQUALITY numericStringMatc + h ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.4 NAME 'schacPlaceOfBirth' DESC 'Bir + th place of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.5 NAME 'schacCountryOfCitizenship' D + ESC 'Country of citizenship of a person. Format two-letter acronym accordin + g to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.6 NAME 'schacSn1' DESC 'First surnam + e of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.7 NAME 'schacSn2' DESC 'Second surna + me of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.8 NAME 'schacPersonalTitle' DESC 'RF + C1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.9 NAME 'schacHomeOrganization' DESC + 'Domain name of the home organization' EQUALITY caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.10 NAME 'schacHomeOrganizationType' + DESC 'Type of the home organization' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.11 NAME 'schacCountryOfResidence' DE + SC 'Country of citizenship of a person. Format two-letter acronym according + to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.12 NAME 'schacUserPresenceID' DESC ' + Used to store a set of values related to the network presence' EQUALITY cas + eExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.13 NAME 'schacPersonalPosition' DESC + 'Position inside an institution' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.14 NAME 'schacPersonalUniqueCode' DE + SC 'unique code for the subject' EQUALITY caseIgnoreMatch ORDERING caseIgno + reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.15 NAME 'schacPersonalUniqueID' DESC + 'Unique identifier for the subject' EQUALITY caseExactMatch ORDERING caseE + xactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.17 NAME 'schacExpiryDate' DESC 'Date + from which the set of data is to be considered invalid (format YYYYMMDDhhm + mssZ)' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.18 NAME 'schacUserPrivateAttribute' + DESC 'Set of denied access attributes' EQUALITY caseIgnoreIA5Match SUBSTR c + aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.19 NAME 'schacUserStatus' DESC 'Used + to store a set of status of a person as user of services' EQUALITY caseIgn + oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.20 NAME 'schacProjectMembership' DES + C 'Name of the project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.21 NAME 'schacProjectSpecificRole' D + ESC 'Used to store a set of roles of a person inside a project' EQUALITY ca + seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.0.2.3 NAME 'schacYearOfBirth' DESC 'Ye + ar of birth (format YYYY, only numeric chars)' EQUALITY numericStringMatch + ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer den + oting time to live' EQUALITY integerMatch ORDERING integerOrderingMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of + a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.11 NAME 'wKSRecord' DESC 'a well kno + wn service description, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIg + noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain nam + e pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host inf + ormation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox + or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR case + IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text strin + g, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.17 NAME 'rPRecord' DESC 'for Respons + ible Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS + Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnore + IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, + RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2 + 535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.27 NAME 'gPosRecord' DESC 'Geographi + cal Position, RFC 1712' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addr + ess, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, + RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-exista + nt, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service lo + cation, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming A + uthority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA + 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchang + e Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certifica + te, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record T + ype, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Term + inal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR cas + eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.42 NAME 'aPLRecord' DESC 'Lists of A + ddress Prefixes, RFC 3123' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation + Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key + Fingerprint, RFC 4255' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.45 NAME 'iPSecKeyRecord' DESC 'SSH K + ey Fingerprint, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5S + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, R + FC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC + 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.48 NAME 'dNSKeyRecord' DESC 'DNSKEY, + RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.49 NAME 'dHCIDRecord' DESC 'DHCID, R + FC 4701' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.51 NAME 'nSec3ParamRecord' DESC 'par + ameters for NSEC3, RFC 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI + A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based + Authentication of Named Entities - Transport Layer Security Protocol, RFC + 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'sPFRecord' DESC 'Sender Pol + icy Framework, RFC 4408' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Su + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.257 NAME 'CAARecord' DESC 'Certifica + tion Authority Authorization, RFC 6844' EQUALITY caseIgnoreIA5Match SUBSTR + caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'RFC 443 + 1: DNSSEC Lookaside Validation' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno + reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' SUP name ) +attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC + 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNe + tIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisN + etIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNe + tIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.15 NAME 'SolarisLDAPServers' DESC + 'SolarisLDAPServers' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.16 NAME 'SolarisSearchBaseDN' DESC + 'SolarisSearchBaseDN' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' DESC 'So + larisCacheTTL' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.18 NAME 'SolarisBindDN' DESC 'Sola + risBindDN' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.19 NAME 'SolarisBindPassword' DESC + 'SolarisBindPassword' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.20 NAME 'SolarisAuthMethod' DESC ' + SolarisAuthMethod' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.21 NAME 'SolarisTransportSecurity' + DESC 'SolarisTransportSecurity' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.24 NAME 'SolarisDataSearchDN' DESC + 'SolarisDataSearchDN' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.25 NAME 'SolarisSearchScope' DESC + 'SolarisSearchScope' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' D + ESC 'SolarisSearchTimeLimit' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.27 NAME 'SolarisPreferedServer' DE + SC 'SolarisPreferedServer' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.28 NAME 'SolarisPreferedServerOnly + ' DESC 'SolarisPreferedServerOnly' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.29 NAME 'SolarisSearchReferral' DE + SC 'SolarisSearchReferral' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.31 NAME 'homeFax' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.22 ) +attributeTypes: ( 2.16.128.113533.1.1400.1 NAME 'thumbnailPhoto' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.28 ) +attributeTypes: ( 2.16.128.113533.1.1400.2 NAME 'thumbnailLogo' SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.28 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.34 NAME 'middleName' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.1 NAME ( 'xmozillanickname' 'mozilla + Nickname' ) SUP name ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.2 NAME ( 'xmozillausehtmlmail' 'mozi + llaUseHtmlMail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.3 NAME 'mozillaSecondEmail' EQUALITY + caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.4 NAME 'mozillaHomeLocalityName' EQU + ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.5 NAME 'mozillaPostalAddress2' EQUAL + ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.41 ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.6 NAME 'mozillaHomePostalAddress2' E + QUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.41 ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.7 NAME 'mozillaHomeState' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.8 NAME 'mozillaHomePostalCode' EQUAL + ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15{40} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.9 NAME 'mozillaHomeCountryName' SUP + name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.10 NAME 'mozillaHomeFriendlyCountryN + ame' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.11 NAME ( 'homeurl' 'mozillaHomeUrl' + ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.12 NAME ( 'workurl' 'mozillaWorkUrl' + ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.13 NAME 'nsAIMid' DESC 'AOL Instant + Messenger (AIM) Identity' EQUALITY telephoneNumberMatch SUBSTR telephoneNum + berSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.96 NAME ( 'custom1' 'mozillaCustom1' + ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.97 NAME ( 'custom2' 'mozillaCustom2' + ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.98 NAME ( 'custom3' 'mozillaCustom3' + ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.99 NAME ( 'custom4' 'mozillaCustom4' + ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanMa + nager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26{32} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 h + ash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26{32} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Accoun + t Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 6} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Times + tamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Tim + estamp of when the user is allowed to update the password' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Ti + mestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timest + amp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Times + tamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Time + stamp of when the user will be logged off automatically' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC + 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC ' + Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon + Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42 + } SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver + letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logo + n script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5{255} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roam + ing profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15{255} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC + 'List of user workstations the user is allowed to logon to' EQUALITY caseIg + noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home di + rectory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windo + ws NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base6 + 4 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC ' + Concatenated MD5 hashes of the salted NT passwords used on this account' EQ + UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' + EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC ' + Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security + ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 64} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Gro + up Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next + NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Nex + t NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT + rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DES + C 'Base at which the samba RID generation algorithm should operate' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share + Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Optio + n Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boo + lean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An + integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A s + tring option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC + 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust + Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Min + imal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC + 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Fo + rce Users to logon for password change (default: 0 => off, 2 => on)' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximu + m password age, in seconds (default: -1 => never expire passwords)' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimu + m password age, in seconds (default: 0 => allow immediate password change)' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC ' + Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindo + w' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC + 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disc + onnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' + DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC + 'Clear text password (used for trusted domain passwords)' EQUALITY octetSt + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPasswo + rd' DESC 'Previous clear text password (used for trusted domain passwords)' + EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type o + f trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC ' + Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'D + irection of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Ful + ly qualified name of the domain with which a trust exists' EQUALITY caseIgn + oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS + name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC + 'Authentication information for the outgoing portion of a trust' EQUALITY + caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC + 'Authentication information for the incoming portion of a trust' EQUALITY + caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DES + C 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' D + ESC 'Forest trust information for a trusted domain object' EQUALITY caseExa + ctMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' DESC + 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionType + s' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.1 NAME 'krb5PrincipalName' DESC 'The + unparsed Kerberos principal name' EQUALITY caseExactIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.2 NAME 'krb5KeyVersionNumber' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.3 NAME 'krb5MaxLife' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.4 NAME 'krb5MaxRenew' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.5 NAME 'krb5KDCFlags' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.6 NAME 'krb5EncryptionType' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.7 NAME 'krb5ValidStart' EQUALITY gen + eralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.8 NAME 'krb5ValidEnd' EQUALITY gener + alizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.9 NAME 'krb5PasswordEnd' EQUALITY ge + neralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.10 NAME 'krb5Key' DESC 'Encoded ASN1 + Key as an octet string' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.11 NAME 'krb5PrincipalRealm' DESC 'D + istinguished name of krb5Realm entry' SUP distinguishedName ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.12 NAME 'krb5RealmName' EQUALITY oct + etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUA + LITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY + caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Bo + olean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' E + QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUAL + ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUALI + TY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReference + s' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' E + QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY i + ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY int + egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference + ' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING + LE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQUA + LITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyRefere + nce' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 S + INGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltType + s' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTy + pes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUALI + TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQU + ALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALU + E ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALITY + generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY oct + etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' + EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' EQ + UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VAL + UE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALIT + Y octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' EQ + UALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQUA + LITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.1 NAME ( 'esgSid' 'esgStreamId' ) + DESC 'String uniquely identifying each stream' EQUALITY caseExactMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.2 NAME ( 'esgSN' 'esgSessionName' + ) DESC 'Session name/title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.3 NAME ( 'esgInfo' 'esgInformation + ' ) DESC 'Short description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.4 NAME 'esgInfoUri' DESC 'URI to m + ore Information' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.1 NAME 'esgContact' DESC 'Other co + ntact Information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.2 NAME 'esgContactMail' DESC 'Emai + l-address to contact-person' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI + A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.3 NAME 'esgContactPhone' DESC 'Pho + ne number to contact-person' EQUALITY telephoneNumberMatch SUBSTR telephone + NumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.4 NAME 'esgContactDN' DESC 'LDAP D + N to contact-person' SUP distinguishedName ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.6 NAME ( 'esgCategory' 'esgCat' ) + DESC 'Meta-category: meeting, broadcast, test etc.' EQUALITY caseIgnoreMatc + h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} + ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.7 NAME 'esgTool' DESC 'Tool that m + ade the announcement (SDP: a=tool:...)' EQUALITY caseIgnoreMatch SUBSTR cas + eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.8 NAME 'esgSource' DESC 'How the a + nnouncement entered the system' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.1 NAME 'esgFormat' DESC 'Media for + mat' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.10 NAME 'esgStreamUri' DESC 'Direc + t absolute url to stream' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.11 NAME 'esgSdpUri' DESC 'Url to f + ile in sdp-format, if any' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.1 NAME 'esgAlwaysOn' DESC 'Whether + the stream is permanent/on-demand or temporary/live' EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.2 NAME 'esgFirstShown' DESC 'When + the stream starts to be transmitted for the first time' EQUALITY generalize + dTimeMatch ORDERING generalizedTimeOrderingMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.3 NAME 'esgFinalEnd' DESC 'When th + e stream will no longer be transmitted' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.24 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.4 NAME 'esgDuration' DESC 'Duratio + n of stream if temporary' EQUALITY numericStringMatch SUBSTR numericStringS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.5 NAME 'esgRepeatInterval' DESC 'F + rom SDP: r=repeatinterval duration offset [offset [offset ...]]' EQUALITY n + umericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.36 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.6 NAME 'esgIntervalOffset' DESC 'F + rom SDP: r=repeatinterval duration offset [offset [offset ...]]' EQUALITY n + umericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.36 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.8 NAME 'esgTotalDuration' DESC 'Le + ngth if on-demand stream, else: finalend - firsthown' EQUALITY numericStrin + gMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.36 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.255 NAME 'esgSdp' DESC 'File in sd + p-format, if any' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC 'The + DN of the dhcpServer which is the primary server for the configuration.' E + QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- + VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'T + he DN of dhcpServer(s) which provide backup service for the configuration.' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Fl + exible storage for specific data depending on what object this exists in. L + ike conditional statements, server parameters, etc. This allows the standar + d to evolve without needing to adjust the schema.' EQUALITY caseIgnoreIA5Ma + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The sta + rting & ending IP Addresses in the range (inclusive), separated by a hyphen + ; if the range only contains one address, then just the address can be spec + ified with no hyphen. Each range is defined as a separate value.' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'Th + is attribute contains the permit lists associated with a pool. Each permit + list is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The s + ubnet mask length for the subnet. The mask can be easily computed from thi + s length.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL + E-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encode + d option values to be sent to clients. Each value represents a single opti + on and contains (OptionTag, Length, OptionValue) encoded in the format used + by DHCP.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Enc + oded text string or list of bytes expressed in hexadecimal, separated by co + lons. Clients match subclasses based on matching the class data with the r + esults of match or spawn with statements in the class name declarations.' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU + E ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The + distinguished name(s) of the dhcpOption objects containing the configurati + on options provided by the server.' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the d + istinguished name(s) of the dhcpHost objects.' EQUALITY distinguishedNameMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The d + istinguished name(s) of pools.' EQUALITY distinguishedNameMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The + distinguished name(s) of the groups.' EQUALITY distinguishedNameMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The + distinguished name(s) of the subnets.' EQUALITY distinguishedNameMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The + distinguished name of a client address.' EQUALITY distinguishedNameMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The + distinguished name(s) client addresses.' EQUALITY distinguishedNameMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'Th + e distinguished name(s) of a class(es) in a subclass.' EQUALITY distinguish + edNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC + 'The distinguished name(s) of subclass(es).' EQUALITY distinguishedNameMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DE + SC 'The distinguished name(s) of sharedNetworks.' EQUALITY distinguishedNam + eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'Th + e DN of dhcpService object(s)which contain the configuration information. E + ach dhcpServer object has this attribute identifying the DHCP configuration + (s) that the server is associated with.' EQUALITY distinguishedNameMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The + version attribute of this object.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DES + C 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA + LUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC + 'This stores information about the current binding-status of an address. F + or dynamic addresses managed by DHCP, the values should be restricted to th + e following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", + "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOW + N", "RESERVED" (an address that is managed by DHCP that is reserved for a s + pecific client), "RESERVED-ACTIVE" (same as reserved, but address is curren + tly in use), "ASSIGNED" (assigned manually or by some other mechanism), "UN + ASSIGNED", "NOTASSIGNABLE".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DES + C 'This is the time the current lease for an address expires.' EQUALITY gen + eralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' D + ESC 'This is the time of the last state change for a leased address.' EQUAL + ITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE + ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime + ' DESC 'This is the last time a valid DHCP packet was received from the cli + ent.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SI + NGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'Th + is indicates whether the address was assigned via BOOTP.' EQUALITY booleanM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'T + his is the name of the domain sent to the client by the server. It is esse + ntially the same as the value for DHCP option 15 sent to the client, and re + presents only the domain - not the full FQDN. To obtain the full FQDN assi + gned to the client you must prepend the "dhcpAssignedHostName" to this valu + e with a ".".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'Th + is indicates the status of updating DNS resource records on behalf of the c + lient by the DHCP server for this address. The value is a 16-bit bitmask.' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' + DESC 'This is the hostname that was requested by the client.' EQUALITY case + IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' D + ESC 'This is the actual hostname that was assigned to a client. It may not + be the name that was requested by the client. The fully qualified domain n + ame can be determined by appending the value of "dhcpDomainName" (with a do + t separator) to this name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' + DESC 'The distinguished name of a "dhcpClient" that an address is reserved + for. This may not be the same as the "dhcpAssignedToClient" attribute if t + he address is being reassigned but the current lease has not yet expired.' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE + -VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' D + ESC 'This is the distinguished name of a "dhcpClient" that an address is cu + rrently assigned to. This attribute is only present in the class when the + address is leased.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DES + C 'If the client request was received via a relay agent, this contains info + rmation about the relay agent that was available from the DHCP request. Th + is is a hex-encoded option value.' EQUALITY octetStringMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'Th + e clients hardware address that requested this IP address.' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignmen + t' DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DH + C Load Balancing Algorithm [RFC 3074].' EQUALITY octetStringMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParam + eter' DESC 'Delay in seconds corresponding to Delayed Service Parameter con + figuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' + DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP + Failover Protocol [FAILOVR]' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointSta + te' DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Pro + tocol [FAILOVR]' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC 'Gen + eric error log attribute that allows logging error conditions within a dhcp + Service or a dhcpSubnet, like no IP addresses available for lease.' EQUALIT + Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.40 NAME 'dhcpLocatorDN' DESC 'Th + e DN of dhcpLocator object which contain the DNs of all DHCP configuration + objects. There will be a single dhcpLocator object in the tree with links t + o all the DHCP objects in the tree' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.41 NAME 'dhcpKeyAlgorithm' DESC + 'Algorithm to generate TSIG Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.42 NAME 'dhcpKeySecret' DESC 'Se + cret to generate TSIG Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.43 NAME 'dhcpDnsZoneServer' DESC + 'Master server of the DNS Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.44 NAME 'dhcpKeyDN' DESC 'The DN + s of TSIG Key to use in secure dynamic updates. In case of locator object, + this will be list of TSIG keys. In case of DHCP Service, Shared Network, S + ubnet and DNS Zone, it will be a single key.' EQUALITY distinguishedNameMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.45 NAME 'dhcpZoneDN' DESC 'The D + Ns of DNS Zone. In case of locator object, this will be list of DNS Zones i + n the tree. In case of DHCP Service, Shared Network and Subnet, it will be + a single DNS Zone.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.46 NAME 'dhcpFailOverPrimaryServ + er' DESC 'IP address or DNS name of the server playing primary role in DHC + Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.47 NAME 'dhcpFailOverSecondarySe + rver' DESC 'IP address or DNS name of the server playing secondary role in + DHC Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.48 NAME 'dhcpFailOverPrimaryPort + ' DESC 'Port on which primary server listens for connections from its fail + over peer (secondary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.49 NAME 'dhcpFailOverSecondaryPo + rt' DESC 'Port on which secondary server listens for connections from its f + ail over peer (primary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.50 NAME 'dhcpFailOverResponseDel + ay' DESC 'Maximum response time in seconds, before Server assumes that conn + ection to fail over peer has failed' EQUALITY integerMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.51 NAME 'dhcpFailOverUnackedUpda + tes' DESC 'Number of BNDUPD messages that server can send before it receive + s BNDACK from its fail over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.52 NAME 'dhcpFailOverSplit' DESC + 'Split between the primary and secondary servers for fail over purpose' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.53 NAME 'dhcpFailOverLoadBalance + Time' DESC 'Cutoff time in seconds, after which load balance is disabled' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.54 NAME 'dhcpFailOverPeerDN' DES + C 'The DNs of Fail over peers. In case of locator object, this will be list + of fail over peers in the tree. In case of Subnet and pool, it will be a s + ingle Fail Over Peer' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.55 NAME 'dhcpServerDN' DESC 'Lis + t of all DHCP Servers in the tree. Used by dhcpLocatorObject' EQUALITY dis + tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.56 NAME 'dhcpComments' DESC 'Gen + eric attribute that allows coments within any DHCP object' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone + name - domain name not including host name' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host por + tion of a domain name' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the + resource record' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record t + ype - A, SOA, NS, MX, etc...' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record + serial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA recor + d refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry t + ime in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire + time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minim + um time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mai + l address of person responsible for this zone - @ should be replaced with . + (period)' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primar + y name server for this zone - should be host name not IP address' SUP name + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP addres + s - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon + notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Matc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' + SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS M + X record preference. Lower numbers have higher preference' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to + live - how long this record can be cached by caching DNS servers' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique + ID for each DLZ resource record' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount M + ap Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key v + alue' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automou + nt information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.37 NAME 'x509CRLThisUpdate' DESC ' + Date at which this revocation list was issued - see RFC3280 5.1.2.4' EQUALI + TY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.38 NAME 'x509CRLNextUpdate' DESC ' + Date by which the next revocation list in this series will be issued, see + - RFC3280 5.1.2.5' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOr + deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.102 NAME 'x509CRLNumber' DESC 'seq + uence number of issued CRL - see RFC3280 5.2.3' EQUALITY integerMatch ORDER + ING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.48 NAME 'x509CRLDPRfc822Name' DESC + 'Internet electronic mail address of the issuing distribution point, se + e RFC3280 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.49 NAME 'x509CRLDPDnsName' DESC 'I + nternet domain name of the issuing distribution point, see RFC3280 5.2.5' + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.50 NAME 'x509CRLDPDN' DESC 'Distin + guished name of the issuing distribution point, see RFC3280 5.2.5' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.51 NAME 'x509CRLDPURI' DESC 'Unifo + rm Resource Identifier of the issuing distribution point, see RFC3280 5.2 + .5' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.52 NAME 'x509CRLDPIpAddress' DESC + 'Internet Protocol address, of the issuing distribution point, see RFC3280 + 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.53 NAME 'x509CRLDPRegisteredID' DE + SC 'Any registered OID of the certificate issuer, see RFC3280 5.2.5' EQUAL + ITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.54 NAME 'x509CRLDPOnlyUserCerts' D + ESC 'If true, the CRL only contains revocations for end-entity certs, see + RFC3280 5.2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.55 NAME 'x509CRLDPOnlyCACerts' DES + C 'If true, the CRL only contains revocations for CA certs, see RFC3280 5. + 2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.56 NAME 'x509CRLDPOnlySomeReasons' + DESC 'If true, the CRL only contains some revocation reason codes, see RF + C3280 5.2.5' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.57 NAME 'x509CRLDPOnlyAttCerts' DE + SC 'If true, the CRL only contains revocations for attribute certs, see RF + C3280 5.2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.58 NAME 'x509CRLDPindirect' DESC ' + If true, the CRL is an indirect CRL, see RFC3280 5.2.5' EQUALITY booleanMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.59 NAME 'x509CRLDeltaIndicator' DE + SC 'Indicates this is a delta CRL, and the value points to the sequence nu + mber of the issued base CRL to which this is a delta - see RFC3280 5.2.4' + EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE ) +attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS4zOSBOQU1FICd4NTA5Q1JMQ2V + ydFJldm9jYXRpb25EYXRlJyBERVNDICdEYXRlL3RpbWUgdGhlIENBIGFjdHVhbGx5IHJldm9rZW + QgdGhlIGNlcnRpZmljYXRlLCBzZWUg4oCTICAJUkZDMzI4MCA1LjEuMi42JyBFUVVBTElUWSBnZ + W5lcmFsaXplZFRpbWVNYXRjaCBPUkRFUklORyBnZW5lcmFsaXplZFRpbWVPcmRlcmluZ01hdGNo + IFNZTlRBWCAxLjMuNi4xLjQuMS4xNDY2LjExNS4xMjEuMS4yNCBTSU5HTEUtVkFMVUUgKQ== +attributeTypes: ( 1.2.826.0.1.3344810.1.1.40 NAME 'x509CRLCertInvalidityDate + ' DESC 'date at which it is known or suspected that the private key was co + mpromised, see RFC3280 5.3.3' EQUALITY generalizedTimeMatch ORDERING genera + lizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.41 NAME 'x509CRLCertIssuerRfc822Na + me' DESC 'Internet electronic mail address of the certificate issuer, see + RFC3280 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.42 NAME 'x509CRLCertIssuerDnsName' + DESC 'Internet domain name of the certificate issuer, see RFC3280 5.3.4' + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.43 NAME 'x509CRLCertIssuerDN' DESC + 'Distinguished name of the certificate issuer, see RFC3280 5.3.4' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.44 NAME 'x509CRLCertIssuerURI' DES + C 'Uniform Resource Identifier of the certificate issuer, see RFC3280 5.3. + 4' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.45 NAME 'x509CRLCertIssuerIpAddres + s' DESC 'Internet Protocol address, of the certificate issuer, see RFC3280 + 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.46 NAME 'x509CRLCertIssuerRegister + edID' DESC 'Any registered OID of the certificate issuer, see RFC3280 5.3. + 4' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.47 NAME 'x509CRLCertReasonCode' DE + SC 'An integer code indicating the reason for the revocation, see RFC3280 + 5.3.1' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.103 NAME 'x509CRLCertHoldInstructi + onCode' DESC 'Any registered OID indicating a hold instruction, see RFC328 + 0 5.3.2' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 + 8 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.1 NAME 'x509version' DESC 'X.509 V + ersion of the certificate, or of the CRL' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.2 NAME 'x509serialNumber' DESC 'Un + ique integer for each certificate issued by a particular CA' EQUALITY inte + gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.3 NAME 'x509signatureAlgorithm' DE + SC 'OID of the algorithm used by the CA in signing the CRL or the certific + ate' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SI + NGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.4 NAME 'x509issuer' DESC 'Distingu + ished name of the entity who has signed and issued the certificate' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.5 NAME 'x509validityNotBefore' DES + C 'Date on which the certificate validity period begins' EQUALITY generaliz + edTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.6 NAME 'x509validityNotAfter' DESC + 'Date on which the certificate validity period ends' EQUALITY generalizedT + imeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.7 NAME 'x509subject' DESC 'Disting + uished name of the entity associated with this public-key' EQUALITY distin + guishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.8 NAME 'x509subjectPublicKeyInfoAl + gorithm' DESC 'OID identifying the algorithm associated with the certified + public key' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.38 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.11 NAME 'x509authorityKeyIdentifie + r' DESC 'Key Identifier field of the Authority Key Identifier extension' E + QUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.12 NAME 'x509authorityCertIssuer' + DESC 'Authority Cert Issuer field of the Authority Key Identifier extensio + n' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.13 NAME 'x509authorityCertSerialNu + mber' DESC 'Authority Cert Serial Number field of the Authority Key Identi + fier extension' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.14 NAME 'x509subjectKeyIdentifier' + DESC 'Key identifier which must be unique with respect to all key identif + iers for the subject' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.15 NAME 'x509keyUsage' DESC 'Purpo + se for which the certified public key is used' EQUALITY caseIgnoreMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.16 NAME 'x509policyInformationIden + tifier' DESC 'OID which indicates the policy under which the certificate h + as been issued and the purposes for which the certificate may be used' EQU + ALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VAL + UE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.17 NAME 'x509subjectRfc822Name' DE + SC 'Internet electronic mail address of the entity associated with this pu + blic-key' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.18 NAME 'x509subjectDnsName' DESC + 'Internet domain name of the entity associated with this public-key' EQUAL + ITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.19 NAME 'x509subjectDirectoryName' + DESC 'Distinguished name of the entity associated with this public-key' E + QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.20 NAME 'x509subjectUniformResourc + eIdentifier' DESC 'Uniform Resource Identifier for the World-Wide Web of t + he entity associated with this public-key' EQUALITY caseExactIA5Match SUBST + R caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.21 NAME 'x509subjectIpAddress' DES + C 'Internet Protocol address of the entity associated with this public-key + ' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.22 NAME 'x509subjectRegisteredID' + DESC 'OID of any registered object identifying the entity associated with + this public-key' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.38 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.23 NAME 'x509issuerRfc822Name' DES + C 'Internet electronic mail address of the entity who has signed and issue + d the certificate' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.24 NAME 'x509issuerDnsName' DESC ' + Internet domain name of the entity who has signed and issued the certifica + te' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.25 NAME 'x509issuerDirectoryName' + DESC 'Distinguished name of the entity who has signed and issued the certi + ficate' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 2 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.26 NAME 'x509issuerUniformResource + Identifier' DESC 'Uniform Resource Identifier for the World-Wide Web of th + e entity who has signed and issued the certificate' EQUALITY caseExactIA5Ma + tch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.27 NAME 'x509issuerIpAddress' DESC + 'Internet Protocol address of the entity who has signed and issued the ce + rtificate' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.28 NAME 'x509issuerRegisteredID' D + ESC 'OID of any registered object identifying the entity who has signed an + d issued the certificate' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.38 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.29 NAME 'x509basicConstraintsCa' D + ESC 'Identifies whether the subject of the certificate is a CA' EQUALITY b + ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.30 NAME 'x509extKeyUsage' DESC 'Pu + rposes for which the certified public key may be used, identified by an OI + D' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.32 NAME 'x509fullCRLDistributionPo + intURI' DESC 'URI type of DistributionPointName for the full CRL' EQUALITY + caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.74 NAME 'x509certLocation' DESC 'P + ointer to a x509certificate Entry' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.75 NAME 'x509certHolder' DESC 'Poi + nter to the directory entry of the end entity to which this certificate wa + s issued' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .12 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.76 NAME 'x509userCert' DESC 'Compl + ete x.509 user certificate' SUP userCertificate SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.77 NAME 'x509caCert' DESC 'Complet + e x.509 CA certificate' SUP caCertificate SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.60 NAME 'x509issuerSerial' DESC 'U + sed to hold the RDN of a certificate entry, formed by concatenating the AC + serial number and issuer fields ' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.61 NAME 'x509ACHolderPKCSerialNumb + er' DESC 'The serial number of the PKC of the AC holder - see RFC3281 4.2. + 2' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.62 NAME 'x509ACHolderPKCissuerDN' + DESC 'Distinguished name of the issuer of the PKC belonging to the AC hold + er - see RFC3281 4.2.2' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.63 NAME 'x509ACHolderRfc822Name' D + ESC 'Internet electronic mail address of the AC holder - see RFC3281 4.2. + 2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.64 NAME 'x509ACHolderDNSName' DESC + 'Internet domain name of the AC Holder, see RFC3281 4.2.2' EQUALITY caseI + gnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.65 NAME 'x509ACHolderDN' DESC 'Dis + tinguished name of the AC Holder, see RFC3281 4.2.2' EQUALITY distinguishe + dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.66 NAME 'x509ACHolderURI' DESC 'Un + iform Resource Identifier of the AC Holder - see RFC3281 4.2.2' EQUALITY + caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.67 NAME 'x509ACHolderIPAddress' DE + SC 'Internet Protocol address of the AC Holder, see RFC3281 4.2.2' EQUALIT + Y caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.68 NAME 'x509ACHolderRegisteredID' + DESC 'Any registered OID of the AC holder, see RFC3281 4.2.2' EQUALITY ob + jectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS42OSBOQU1FICd4NTA5QUNPYmp + lY3REaWdlc3QnIERFU0MgJ0hvbGRzIHRoZSBoYXNoIHZhbHVlIG9mIHRoZSBvYmplY3QgaWRlbn + RpZmllZCBieSAJeDUwOUFDRGlnZXN0ZWRPYmplY3RUeXBlIOKAkyBzZWUgUkZDIDMyODEsIHNlY + 3Rpb24gNy4zJyBFUVVBTElUWSBiaXRTdHJpbmdNYXRjaCBTWU5UQVggMS4zLjYuMS40LjEuMTQ2 + Ni4xMTUuMTIxLjEuNiBTSU5HTEUtVkFMVUUgKQ== +attributeTypes: ( 1.2.826.0.1.3344810.1.1.70 NAME 'x509ACDigestAlgorithm' DE + SC 'OID of the hashing algorithm used to create the Object digest, see RFC + 3281, section 7.3' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.38 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.71 NAME 'x509ACDigestedObjectType' + DESC 'Type of object being digested - see RFC3281, section 7.3' EQUALITY i + ntegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.72 NAME 'x509ACAuditID' DESC 'Iden + tity of holder used in audit trails - see RFC3281 4.3.1' EQUALITY octetStri + ngMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.73 NAME 'x509ACTargetRfc822Name' D + ESC 'Internet electronic mail address of the ACs Target - see RFC3281 4.3 + .2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.74 NAME 'x509ACTargetDNSName' DESC + 'Internet domain name of the ACs Target, see RFC3281 4.3.2' EQUALITY case + IgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.75 NAME 'x509ACTargetDN' DESC 'Dis + tinguished name of the ACs Target, see RFC3281 4.3.2' EQUALITY distinguishe + dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.76 NAME 'x509ACTargetURI' DESC 'Un + iform Resource Identifier of the ACs Target - see RFC3281 4.3.2' EQUALITY + caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.77 NAME 'x509ACTargetIPAddress' DE + SC 'Internet Protocol address of the ACs Target, see RFC3281 4.3.2' EQUALI + TY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.78 NAME 'x509ACTargetRegisteredID' + DESC 'Any registered OID of the ACs Target, see RFC3281 4.3.2' EQUALITY o + bjectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.79 NAME 'x509ACTargetGroupRfc822Na + me' DESC 'Internet electronic mail address of the ACs Target group - see + RFC3281 4.3.2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.80 NAME 'x509ACTargetGroupDNSName' + DESC 'Internet domain name of the ACs Target group, see RFC3281 4.3.2' EQ + UALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 ) +attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS44MSBOQU1FICd4NTA5QUNUYXJ + nZXRHcm91cEROJyBERVNDICdEaXN0aW5ndWlzaGVkIG5hbWUgb2YgdGhlIEFD4oCZcyBUYXJnZX + QgZ3JvdXAsIHNlZSAJUkZDMzI4MSA0LjMuMicgRVFVQUxJVFkgZGlzdGluZ3Vpc2hlZE5hbWVNY + XRjaCBTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMTIgKQ== +attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS44MiBOQU1FICd4NTA5QUNUYXJ + nZXRHcm91cFVSSScgREVTQyAnVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIG9mIHRoZSBBQ+ + KAmXMgVGFyZ2V0IGdyb3VwICAJLSBzZWUgUkZDMzI4MSA0LjMuMicgRVFVQUxJVFkgY2FzZUV4Y + WN0SUE1TWF0Y2ggU1VCU1RSIGNhc2VFeGFjdElBNVN1YnN0cmluZ3NNYXRjaCBTWU5UQVggMS4z + LjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMjYgKQ== +attributeTypes: ( 1.2.826.0.1.3344810.1.1.83 NAME 'x509ACTargetGroupIPAddres + s' DESC 'Internet Protocol address of the ACs Target group, see RFC3281 4. + 3.2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.84 NAME 'x509ACTargetGroupRegister + edID' DESC 'Any registered OID of the ACs Target group, see RFC3281 4.3.2' + EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.85 NAME 'x509ACNoRevocation' DESC + 'If true, the AC will never be revoked, see RFC3281 section 4.3.6' EQUALIT + Y booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.86 NAME 'x509DPRfc822Name' DESC 'I + nternet electronic mail address of the distribution point, see RFC3280 + section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.87 NAME 'x509DPDNSName' DESC 'Inte + rnet domain name of the distribution point, see RFC3280 section 4.2.1.14' + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.88 NAME 'x509DPDN' DESC 'Distingui + shed name of the distribution point, see RFC3280 section 4.2.1.14' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.89 NAME 'x509DPURI' DESC 'Uniform + Resource Identifier of the distribution point, see RFC3280 section 4.2.1. + 14' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.90 NAME 'x509DPIPAddress' DESC 'In + ternet Protocol address of the distribution point, see RFC3280 section 4.2 + .1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.91 NAME 'x509DPRegisteredID' DESC + 'Any registered OID of the distribution point, see RFC3280 section 4.2.1.1 + 4' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.92 NAME 'x509DPrelativeToIssuer' D + ESC 'RDN of the distribution point, relative to the issuer, see RFC3280 s + ection 4.2.1.14' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.93 NAME 'x509DPissuerRfc822Name' D + ESC 'Internet electronic mail address of the distribution point CRL iss + uer, see RFC3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseI + gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.94 NAME 'x509DPissuerDNSName' DESC + 'Internet domain name of the distribution point CRL issuer, see RFC3280 s + ection 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.95 NAME 'x509DPissuerDN' DESC 'Dis + tinguished name of the distribution point CRL issuer, see RFC3280 section + 4.2.1.14' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.96 NAME 'x509DPissuerURI' DESC 'Un + iform Resource Identifier of the distribution point CRL issuer, see RFC32 + 80 section 4.2.1.14' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.97 NAME 'x509DPissuerIPAddress' DE + SC 'Internet Protocol address of the distribution point CRL issuer, see RF + C3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.98 NAME 'x509DPissuerRegisteredID' + DESC 'Any registered OID of the distribution point CRL issuer, see RFC32 + 80 section 4.2.1.14' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.99 NAME 'x509DPReasonCodes' DESC ' + The reason codes used by a DP, see RFC3280 section 4.2.1.14' EQUALITY bitS + tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) +attributeTypes: ( 1.3.6.1.1.11.1.2.1 NAME 'vPIMTelephoneNumber' DESC 'draft- + ietf-vpim-vpimdir: The full E.164 form of the telephone number, including a + ny sub-addressing portion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.44{20} ) +attributeTypes: ( 1.3.6.1.1.11.1.2.2 NAME 'vPIMRfc822Mailbox' DESC 'draft-ie + tf-vpim-vpimdir: stores the inter-domain SMTP address of the voice mailbox + associated with a given telephone number' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.1.11.1.2.3 NAME 'vPIMSpokenName' DESC 'draft-ietf- + vpim-vpimdir: the spoken name of the user in the voice of the user' EQUALIT + Y octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{20000} SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.1.11.1.2.4 NAME 'vPIMTextName' DESC 'draft-ietf-vp + im-vpimdir: consistent with the unstructured text name databases used for c + alling name delivery service of caller ID' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15{20} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.11.1.2.5 NAME 'vPIMSupportedAudioMediaTypes' DES + C 'draft-ietf-vpim-vpimdir: MIME audio subtype(s) of encodings that can be + received at the address specified in vPIMRfc822Mailbox' EQUALITY caseIgnore + IA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.11.1.2.6 NAME 'vPIMSupportedMessageContext' DESC + 'draft-ietf-vpim-vpimdir: provides guidance to the sender about the messag + e contexts the recipient is likely to accept' EQUALITY caseIgnoreIA5Match S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.11.1.2.7 NAME 'vPIMExtendedAbsenceStatus' DESC ' + draft-ietf-vpim-vpimdir: indicates to the subscriber whether the recipient + is accepting messages during his absence' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.11.1.2.8 NAME 'vPIMSupportedUABehaviors' DESC 'd + raft-ietf-vpim-vpimdir: list of the attributes considered optional by VPIM + and other vendor-specific attributes maybe supported by the recipient' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.11.1.2.9 NAME 'vPIMMaxMessageSize' DESC 'draft-i + etf-vpim-vpimdir: maximum message length in seconds the receiving mailbox a + ccepts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.1.11.1.2.10 NAME 'vPIMSubMailboxes' DESC 'draft-ie + tf-vpim-vpimdir: indicates the presence of sub-mailboxes' EQUALITY numericS + tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{4} ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.1 NAME 'AstContext' DESC 'Asterisk C + ontext' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.2 NAME 'AstExtension' DESC 'Asterisk + Extension' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.3 NAME 'AstPriority' DESC 'Asterisk + Priority' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.4 NAME 'AstApplication' DESC 'Asteri + sk Application' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.5 NAME 'AstApplicationData' DESC 'As + terisk Application Data' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.6 NAME 'AstAccountAMAFlags' DESC 'As + terisk Account AMA Flags' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.7 NAME 'AstAccountCallerID' DESC 'As + terisk Account CallerID' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.8 NAME 'AstAccountContext' DESC 'Ast + erisk Account Context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.9 NAME 'AstAccountMailbox' DESC 'Ast + erisk Account Mailbox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.10 NAME 'AstMD5secret' DESC 'Asteris + k Account MD5 Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.11 NAME 'AstAccountDeny' DESC 'Aster + isk Account Deny' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.12 NAME 'AstAccountPermit' DESC 'Ast + erisk Account Permit' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.13 NAME 'AstAccountQualify' DESC 'As + terisk Account Qualify' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.14 NAME 'AstAccountType' DESC 'Aster + isk Account Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.15 NAME 'AstAccountDisallowedCodec' + DESC 'Asterisk Account Disallowed Codec' EQUALITY caseIgnoreMatch SUBSTR ca + seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.16 NAME 'AstAccountExpirationTimesta + mp' DESC 'Asterisk Account Expiration Timestamp' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.17 NAME 'AstAccountRegistrationConte + xt' DESC 'Asterisk Account Registration Context' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.18 NAME 'AstAccountRegistrationExten + ' DESC 'Asterisk Account Registration Extension' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.19 NAME 'AstAccountNoTransfer' DESC + 'Asterisk Account No Transfer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.20 NAME 'AstAccountCallGroup' DESC ' + Asterisk Account Call Group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.21 NAME 'AstAccountCanReinvite' DESC + 'Asterisk Account Can Reinvite' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.22 NAME 'AstAccountDTMFMode' DESC 'A + sterisk Account DTMF Flags' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.23 NAME 'AstAccountFromUser' DESC 'A + sterisk Account From User' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.24 NAME 'AstAccountFromDomain' DESC + 'Asterisk Account From Domain' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.25 NAME 'AstAccountFullContact' DESC + 'Asterisk Account Full Contact' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.26 NAME 'AstAccountHost' DESC 'Aster + isk Account Host' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.27 NAME 'AstAccountInsecure' DESC 'A + sterisk Account Insecure' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.28 NAME 'AstAccountNAT' DESC 'Asteri + sk Account NAT' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.29 NAME 'AstAccountPickupGroup' DESC + 'Asterisk Account PickupGroup' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.30 NAME 'AstAccountPort' DESC 'Aster + isk Account Port' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.31 NAME 'AstAccountRestrictCID' DESC + 'Asterisk Account Restrict CallerID' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.32 NAME 'AstAccountRTPTimeout' DESC + 'Asterisk Account RTP Timeout' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.33 NAME 'AstAccountRTPHoldTimeout' D + ESC 'Asterisk Account RTP Hold Timeout' EQUALITY caseIgnoreMatch SUBSTR cas + eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.34 NAME 'AstAccountRealmedPassword' + DESC 'Asterisk Account Realmed Password' EQUALITY caseIgnoreMatch SUBSTR ca + seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.35 NAME 'AstAccountAllowedCodec' DES + C 'Asterisk Account Allowed Codec' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.36 NAME 'AstAccountMusicOnHold' DESC + 'Asterisk Account Music On Hold' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.37 NAME 'AstAccountCanCallForward' D + ESC 'Asterisk Account Can Call Forward' EQUALITY caseIgnoreMatch SUBSTR cas + eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.38 NAME 'AstAccountSecret' DESC 'Ast + erisk Account Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.39 NAME 'AstAccountName' DESC 'Aster + isk Account Username' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.40 NAME 'AstConfigFilename' DESC 'As + terisk LDAP Configuration Filename' EQUALITY caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.41 NAME 'AstConfigCategory' DESC 'As + terisk LDAP Configuration Category' EQUALITY caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.42 NAME 'AstConfigCategoryMetric' DE + SC 'Asterisk LDAP Configuration Category Metric' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.43 NAME 'AstConfigVariableName' DESC + 'Asterisk LDAP Configuration Variable Name' EQUALITY caseIgnoreMatch SUBST + R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.44 NAME 'AstConfigVariableValue' DES + C 'Asterisk LDAP Configuration Variable Value' EQUALITY caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.45 NAME 'AstConfigCommented' DESC 'A + sterisk LDAP Configuration Commented' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.46 NAME 'AstAccountIPAddress' DESC ' + Asterisk Account IP Address' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.47 NAME 'AstAccountDefaultUser' DESC + 'Asterisk Account Default User' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.48 NAME 'AstAccountRegistrationServe + r' DESC 'Asterisk Account Registration Server' EQUALITY caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.49 NAME 'AstAccountLastQualifyMillis + econds' DESC 'Asterisk Account Last Qualify Milliseconds' EQUALITY caseIgno + reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.50 NAME 'AstAccountCallLimit' DESC ' + Asterisk Account Call Limit' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.51 NAME 'AstVoicemailMailbox' DESC ' + Asterisk voicemail mailbox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.52 NAME 'AstVoicemailPassword' DESC + 'Asterisk voicemail password' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.53 NAME 'AstVoicemailFullname' DESC + 'Asterisk voicemail fullname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.54 NAME 'AstVoicemailEmail' DESC 'As + terisk voicemail email' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.55 NAME 'AstVoicemailPager' DESC 'As + terisk voicemail pager' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.56 NAME 'AstVoicemailOptions' DESC ' + Asterisk voicemail options' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.57 NAME 'AstVoicemailTimestamp' DESC + 'Asterisk voicemail timestamp' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.58 NAME 'AstVoicemailContext' DESC ' + Asterisk voicemail context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.59 NAME 'AstAccountSubscribeContext' + DESC 'Asterisk subscribe context' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.61 NAME 'AstAccountUserAgent' DESC ' + Asterisk account user context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.62 NAME 'AstAccountLanguage' DESC 'A + sterisk account user language' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.63 NAME 'AstAccountTransport' DESC ' + Asterisk account transport type' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.64 NAME 'AstAccountPromiscRedir' DES + C 'Asterisk account promiscous redirects' EQUALITY caseIgnoreMatch SUBSTR c + aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.65 NAME 'AstAccountAccountCode' DESC + 'Asterisk account billing code' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.66 NAME 'AstAccountSetVar' DESC 'Ast + erisk account setvar' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.67 NAME 'AstAccountAllowOverlap' DES + C 'Asterisk account allow overlap dialing' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.68 NAME 'AstAccountVideoSupport' DES + C 'Asterisk account video support' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.69 NAME 'AstAccountIgnoreSDPVersion' + DESC 'Asterisk account ignore SDP version' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.70 NAME 'AstAccountPathSupport' DESC + 'Asterisk account support Path RFC 3327' EQUALITY caseIgnoreMatch SUBSTR c + aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.8 NAME 'pgpBaseKeySpaceDN' DESC 'Poin + ts to DN of the object that will store the PGP keys.' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.9 NAME 'pgpSoftware' DESC 'pgpSoftwar + e attribute for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-OR + IGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.10 NAME 'pgpVersion' DESC 'pgpVersion + attribute for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORI + GIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.11 NAME 'pgpKey' DESC 'pgpKey attribu + te for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Pre + tty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.12 NAME 'pgpCertID' DESC 'pgpCertID a + ttribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Pr + ivacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.13 NAME 'pgpDisabled' DESC 'pgpDisabl + ed attribute for PGP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.14 NAME 'pgpKeyID' DESC 'pgpKeyID att + ribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Priv + acy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.15 NAME 'pgpKeyType' DESC 'pgpKeyType + attribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good + Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.16 NAME 'pgpUserID' DESC 'User ID(s) + associated with the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Pri + vacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.17 NAME 'pgpKeyCreateTime' DESC 'pgpK + eyCreateTime attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnor + eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.18 NAME 'pgpSignerID' DESC 'pgpSigner + ID attribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Privacy (PG + P)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.19 NAME 'pgpRevoked' DESC 'pgpRevoked + attribute for PGP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.20 NAME 'pgpSubKeyID' DESC 'Sub-key I + D(s) of the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Privacy (PG + P)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.21 NAME 'pgpKeySize' DESC 'pgpKeySize + attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.22 NAME 'pgpKeyExpireTime' DESC 'pgpK + eyExpireTime attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnor + eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.6 NAME 'pgpReconData' DESC 'PGP defin + ed attributed containing reconstruction data' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.40 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.7 NAME 'pgpReconCertID' DESC 'PGP def + ined attribute containing the certID of the key' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.2 NAME 'pgpElementType' DESC 'PGP def + ined attribute containing the type of the pref object' EQUALITY caseIgnoreM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.3 NAME 'pgpData' DESC 'PGP defined at + tribute containing the admin pref data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 + 0 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'URI to a sna + pshot of the users entire default calendar' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU + E ) +attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'URI to the us + ers default free/busy time data' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'URI used to + communicate with the users calendar' EQUALITY caseIgnoreMatch SUBSTR caseIg + noreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'URI to wh + ich event requests should be sent for the user' EQUALITY caseIgnoreMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'URIs t + o snapshots of non-default calendars belonging to the user' EQUALITY caseIg + noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 ) +attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'URIs to + non-default free/busy data belonging to the user' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'URIs t + o non-default calendars belonging to the user' EQUALITY caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'URI + s of destinations for event requests to non-default calendars' EQUALITY cas + eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.13040.2.1.1 NAME 'hordePrefs' DESC 'Horde Pref + erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.3.1.1 NAME 'impPrefs' DESC 'IMP Preferen + ces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} + ) +attributeTypes: ( 1.3.6.1.4.1.13040.4.1.1 NAME 'turbaPrefs' DESC 'Turba Pref + erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.4.1.2 NAME 'turbaType' DESC 'Turba Objec + t Type: Contact/List' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{8} ) +attributeTypes: ( 1.3.6.1.4.1.13040.4.1.3 NAME 'turbaMembers' DESC 'Encoded + members of a Turba list' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.13040.4.1.4 NAME 'turbaPGPPublicKey' DESC 'PGP + /GPG Public Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26{4000} ) +attributeTypes: ( 1.3.6.1.4.1.13040.5.1.1 NAME 'kronolithPrefs' DESC 'Kronol + ith Preferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.6.1.1 NAME 'nagPrefs' DESC 'Nag Preferen + ces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} + ) +attributeTypes: ( 1.3.6.1.4.1.13040.7.1.1 NAME 'gollemPrefs' DESC 'Gollem Pr + eferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + {1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.8.1.1 NAME 'choraPrefs' DESC 'Chora Pref + erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.9.1.1 NAME 'mnemoPrefs' DESC 'Mnemo Pref + erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.10.1.1 NAME 'trollPrefs' DESC 'Troll Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.11.1.1 NAME 'klutzPrefs' DESC 'Klutz Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.12.1.1 NAME 'jonahPrefs' DESC 'Jonah Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.13.1.1 NAME 'hermesPrefs' DESC 'Hermes P + references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.14.1.1 NAME 'junoPrefs' DESC 'Juno Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.15.1.1 NAME 'treanPrefs' DESC 'Trean Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.16.1.1 NAME 'whupsPrefs' DESC 'Whups Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.17.1.1 NAME 'ingoPrefs' DESC 'Ingo Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.18.1.1 NAME 'anselPrefs' DESC 'Ansel Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.19.1.1 NAME 'geniePrefs' DESC 'Genie Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.20.1.1 NAME 'scryPrefs' DESC 'Scry Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.21.1.1 NAME 'wickedPrefs' DESC 'Wicked P + references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.22.1.1 NAME 'agoraPrefs' DESC 'Agora Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.24.1.1 NAME 'goopsPrefs' DESC 'Goops Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.25.1.1 NAME 'merkPrefs' DESC 'Merk Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.26.1.1 NAME 'mimpPrefs' DESC 'MIMP Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.27.1.1 NAME 'mottlePrefs' DESC 'Mottle P + references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.28.1.1 NAME 'nicPrefs' DESC 'NIC Prefere + nces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024 + } ) +attributeTypes: ( 1.3.6.1.4.1.13040.29.1.1 NAME 'occamPrefs' DESC 'Occam Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.30.1.1 NAME 'odinPrefs' DESC 'Odin Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.31.1.1 NAME 'rakimPrefs' DESC 'Rakim Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.32.1.1 NAME 'seshaPrefs' DESC 'Sesha Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.33.1.1 NAME 'swooshPrefs' DESC 'Swoosh P + references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.34.1.1 NAME 'thorPrefs' DESC 'Thor Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.35.1.1 NAME 'ulaformPrefs' DESC 'Ulaform + Preferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.36.1.1 NAME 'volosPrefs' DESC 'Volos Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.37.1.1 NAME 'jetaPrefs' DESC 'Jeta Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.5 NAME 'arrayIndex' DESC 'the inde + x of this child' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.101 NAME 'dlmIdentifyingDescriptio + n' DESC 'A free-form string providing explanation and details be + hind the entries in the dlmOtherIdentifyingInfo attribute.' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.112 NAME 'dlmOtherIdentifyingInfo' + DESC 'OtherIdentifyingInfo captures additional data, beyond tha + t of Tag information, that could be used to identify a Physical + Element. One example is bar code data associated with an Element + that also has an asset tag. Note that if only bar code data is + available and is unique/able to be used as an Element key, this + property would be NULL and the bar code data used as + the class key, in the Tag property.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.1 NAME 'orderedCimKeys' DESC 'The + model path for the instance (without propagated keys). May be us + ed as an RDN' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.2 NAME 'orderedCimModelPath' DESC + 'The model path for the instance (with propagated keys). May be + used as an RDN' OBSOLETE EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.103 NAME 'dlmCaption' DESC 'The Ca + ption property is a short textual description (oneline string) o + f the object.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.104 NAME 'dlmDescription' DESC 'Th + e Description property provides a textual description of the obje + ct.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.105 NAME 'dlmInstallDate' DESC 'A + datetime value indicating when the object was installed. A lack + of a value does not indicate that the object is not installed.' + EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.106 NAME 'dlmName' DESC 'The Name + property defines the label by which the object is known. When su + bclassed, the Name property can be overridden to be a Key proper + ty.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.107 NAME 'dlmStatus' DESC 'A strin + g indicating the current status of the object. Various operation + al and non-operational statuses are defined. Operational statuse + s are "OK", "Degraded", "Stressed" and "Pred Fail". "Stressed" + indicates that the Element is functioning, but needs a + ttention. Examples of "Stressed" states are overload, overheate + d, etc. The condition "Pred Fail" (failure predicted) indicates + that an Element is functioning properly but predicting a failure + in the near future. An example is a SMART-enabled hard drive. + [...]' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15{10} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.108 NAME 'dlmCreationClassName' DE + SC 'CreationClassName indicates the name of the class or the su + bclass used in the creation of an instance. When used with the o + ther key properties of this class, this property allows all ins + tances of this class and its subclasses to be uniquely identifie + d.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.119 NAME 'dlmNameFormat' DESC 'The + System object and its derivatives are Top Level Objects of CIM. + They provide the scope for numerous components. Having unique S + ystem keys is required. A heuristic can be defined in individual + System subclasses to attempt to always generate the + same System Name Key. The NameFormat property identifies how the + System name was generated, using the subclass" heuristic.' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.120 NAME 'dlmPrimaryOwnerContact' + DESC 'A string that provides information on how the primary syst + em owner can be reached (e.g. phone number, email address, ...). + ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE + -VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.121 NAME 'dlmPrimaryOwnerName' DES + C 'The name of the primary system owner.' EQUALITY caseIgnoreMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.122 NAME 'dlmRoles' DESC 'An array + (bag) of strings that specify the roles this System plays in th + e IT-environment. Subclasses of System may override this proper + ty to define explicit Roles values. Alternately, a Working Group + may describe the heuristics, conventions and guidelines + for specifying Roles. For example, for an instance of a netw + orking system, the Roles property might contain the string, "Swi + tch" or "Bridge".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.123 NAME 'dlmDedicated' DESC 'Enum + eration indicating whether the ComputerSystem is a special-purp + ose System (ie, dedicated to a particular use), versus being "ge + neral purpose". For example, one could specify that the System i + s dedicated to "Print" (value=11) or acts as a "Hub" + (value=8). Values are 0="Not Dedicated", 1="Unknown", 2="Other" + , 3="Storage", 4="Router", 5="Switch", 6="Layer 3 Switch", 7="Ce + ntral Office Switch", 8="Hub", 9="Access Server", 10="Firewall", + 11="Print", 12="I/O", 13="Web Caching", 14="Manageme + nt"' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.136 NAME 'dlmStartMode' DESC 'Star + tMode is a string value indicating whether the Service is automa + tically started by a System, Operating System, etc. or only star + ted upon request. Value Mapping are "Automatic", "Manual"' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.137 NAME 'dlmStarted' DESC 'Starte + d is a boolean indicating whether the Service has been started ( + TRUE), or stopped (FALSE).' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALU + E ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.139 NAME 'dlmSettingID' DESC 'The + identifier by which the Setting object is known.' EQUALITY caseI + gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.159 NAME 'dlmElementSettingElement + Ref' DESC 'The ManagedSystemElement. Values of this attribute po + int to entries of class dlmManagedSystemElement.' EQUALITY disti + nguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.160 NAME 'dlmElementSettingSetting + Ref' DESC 'The Setting object associated with the ManagedSystem + Element. Values of this attribute point to entries of class dlmS + etting.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.186 NAME 'dlmMemberOfCollectionCol + lectionRef' DESC 'The Collection that aggregates members. Values of + this attribute point to entries of class dlmCollection.' EQUALITY dist + inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.187 NAME 'dlmMemberOfCollectionMem + berRef' DESC 'The aggregated member of the collection. Values of + this attribute point to entries of class dlmManagedElement.' EQ + UALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.8 NAME 'dlm1FilterListDirection' + DESC 'This defines whether the FilterList is used for input, outp + ut, or both input and output filtering. All values are used with r + espect to the interface for which the FilterList applies. + "Not Applicable" (0) is used when there is no direction applicabl + e to the FilterList. "Input" (1) is used when the FilterList appli + es to packets that are inbound on the related interface. + "Output" (2) is used when the FilterList applies to packe + ts that are outbound on the related interface. "Both" (3) + is used to indicate that the direction is immaterial, e.g., to fi + lter on a source subnet regardless of whether the flow is + inbound or outbound. "Mirrored" (4) is also applicable to + both inbound and outbound flow processing, but indicates that th + e filter criteria are applied asymmetrically to traffic in both di + rections and, thus, specifies the reversal of source and + destination criteria (as opposed to the equality of these criteria + as indicated by "Both"). The match conditions in the aggregated + FilterEntryBase subclass instances are defined from the pe + rspective of outbound flows and applied to inbound flows as well b + y reversing the source and destination criteria. So, for example, + consider a FilterList with 3 FilterEntries indicating des + tination port = 80, and source and destination addresses of a and + b, respectively. Then, for the outbound direction, the filter + entries match as specified and the mirror (for the inbound di + rection) matches on source port = 80 and source and destination ad + dresses of b and a, respectively.), Values are "Not Appli + cable", "Input", "Output", "Both", "Mirrored"' EQUALITY caseIgnore + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.1 NAME 'dlm1FilterEntryBaseIsNeg + ated' DESC 'Boolean indicating that the match condition described + in the properties of the FilterEntryBase subclass should be negate + d.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.2 NAME 'dlmProtocolType' DESC 'P + rotocolType is an enumeration that provides additional information + that can be used to help categorize and classify different instan + ces of this class. Values are "Unknown", "Other", "IPv4", "IPv6", + "IPX", "AppleTalk", "DECnet", "SNA", "CONP", "CLNP", "VINES", + "XNS", "ATM", "Frame Relay", "Ethernet", "TokenRing", "FDDI", + "Infiniband", "Fibre Channel", "ISDN BRI Endpoint", "ISDN B Chann + el Endpoint", "ISDN D Channel Endpoint"' EQUALITY caseIgnoreMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.3 NAME 'dlmOtherTypeDescription' + DESC 'A string describing the type of ProtocolEndpoint that this + instance is when the Type property of this class (or any of its s + ubclasses) is set to "Other". The format of the string inserted in + this property should be similar in format to the values defined f + or the Type property. This property should be set to NULL when the + Type property is any value other than "Other".' EQUALITY caseIgno + reMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.4 NAME 'dlmIPAddress' DESC 'The + IP address that this ProtocolEndpoint represents, formatted accord + ing to the appropriate convention as defined in the AddressType pr + operty of this class (e.g., 171.79.6.40).' EQUALITY caseIgnoreMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.5 NAME 'dlmIPSubnetMask' DESC 'T + he mask for the IP address of this ProtocolEndpoint, formatted acc + ording to the appropriate convention as defined in the AddressType + property of this class (e.g., 255.255.252.0).' EQUALITY caseIgnor + eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.6 NAME 'dlmIPAddressType' DESC ' + An enumeration that describes the format of the address property. + Whenever possible, IPv4-compatible addresses should be used instea + d of native IPv6 addresses (see RFC 2373, section 2.5.4). In order + to have a consistent format for IPv4 addresses in a mixed IPv4/v6 + environment, all IPv4 addresses and both IPv4-compatible IPv6 add + resses and IPv4-mapped IPv6 addresses, per RFC 2373, section + 2.5.4, should be formatted in standard IPv4 format. However, t + his (the 2.2) version of the Network Common Model will not explici + tly support mixed IPv4/IPv6 environments. This will be added in a + future release. Values are "Unknown", "IPv4", "IPv6".' EQUALITY ca + seIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.7 NAME 'dlmIPVersionSupport' DES + C 'It is not possible to tell from the address alone if a given IP + ProtocolEndpoint can support IPv4 and IPv6, or just one of these. + This property explicitly defines the support for different version + s of IP that this IPProtocolEndpoint has. More implementa + tion experience is needed in order to correctly model mixed IPv4/I + Pv6 networks; therefore, this version (2.2) of the Network Common + Model will not support mixed IPv4/IPv6 environments. This will be + looked at further in a future version. Values are "Unknow + n", "IPv4 Only", "IPv6 Only".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.18 NAME 'dlmBiometric' DESC 'Biome + tric information used to identify a person. The property value + is left null or set to "N/A" for non-human user or a user not u + sing biometric information for authentication. Values are 0="N/ + A", 1="Other", 2="Facial", 3="Retina", 4="Mark", 5="F + inger", 6="Voice", 7="DNA-RNA", 8="EEG".' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.19 NAME 'dlmElementID' DESC 'The E + lementID property uniquely specifies the ManagedElement object i + nstance that is the user represented by the UsersAccess object i + nstance. The ElementID is formatted similarly to a model path + except that the property-value pairs are ordered in al + phabetical order (US ASCII lexical order).' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.41 NAME 'dlmElementAsUserAnteceden + tRef' DESC 'The ManagedElement that has UsersAccess. The value + of this attribute points to an entry of class dlm1ManagedElement + .' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.42 NAME 'dlmElementAsUserDependent + Ref' DESC 'The "owned" UsersAccess. Values of this attribute poi + nt to entries of class dlm1UsersAccess.' EQUALITY distinguishedNameMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.57 NAME 'dlmUsersCredentialAnteced + entRef' DESC 'The issued credential that may be used. Values of + this attribute point to entries of class dlm1Credential.' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.58 NAME 'dlmUsersCredentialDepende + ntRef' DESC 'The UsersAccess that has use of a credential. Value + s of this attribute point to entries of class dlm1UsersAccess.' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.26 NAME 'dlmRemoteID' DESC 'Remote + ID is the name by which the user is known at the KDC security ser + vice.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.28 NAME 'dlmAlgorithm' DESC 'algor + ithm names the transformation algorithm, if any, used to protect + passwords before use in the protocol. For instance, Kerberos doe + sn"t store passwords as the shared secret, but rather, a hash of + the password.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.29 NAME 'dlmProtocol' DESC 'protoc + ol names the protocol with which the SharedSecret is used.' EQUAL + ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.30 NAME 'dlmSecret' DESC 'secret i + s the secret known by the Users Access.' EQUALITY caseIgnoreMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.15 NAME 'pcimRoles' DESC 'RFC 3703: Each val + ue of this attribute represents a role-combination.' EQUALITY caseIgnoreMat + ch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.6.2.3 NAME 'pcimKeywords' DESC 'RFC 3703: A set + of keywords to assist directory clients in locating the policy objects appl + icable to them.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.6.2.4 NAME 'pcimGroupName' DESC 'RFC 3703: The u + ser-friendly name of this policy group.' EQUALITY caseIgnoreMatch ORDERING + caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.5 NAME 'pcimRuleName' DESC 'RFC 3703: The us + er-friendly name of this policy rule.' EQUALITY caseIgnoreMatch ORDERING ca + seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.6 NAME 'pcimRuleEnabled' DESC 'RFC 3703: An + integer indicating whether a policy rule is administratively enabled (value + =1), disabled (value=2), or enabled for debug (value=3).' EQUALITY integerM + atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.11 NAME 'pcimRuleUsage' DESC 'RFC 3703: This + attribute is a free-form sting providing guidelines on how this policy sho + uld be used.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.13 NAME 'pcimRuleMandatory' DESC 'RFC 3703: + If TRUE, indicates that for this policy rule, the evaluation of its conditi + ons and execution of its actions (if the condition is satisfied) is require + d.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.1.6.2.16 NAME 'pcimConditionGroupNumber' DESC 'RFC + 3703: The number of the group to which a policy condition belongs. This i + s used to form the DNF or CNF expression associated with a policy rule.' EQ + UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.17 NAME 'pcimConditionNegated' DESC 'RFC 370 + 3: If TRUE (FALSE), it indicates that a policy condition IS (IS NOT) negate + d in the DNF or CNF expression associated with a policy rule.' EQUALITY boo + leanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.18 NAME 'pcimConditionName' DESC 'RFC 3703: + A user-friendly name for a policy condition.' EQUALITY caseIgnoreMatch ORDE + RING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.19 NAME 'pcimConditionDN' DESC 'RFC 3703: A + DN that references an instance of a reusable policy condition.' EQUALITY di + stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.23 NAME 'pcimActionOrder' DESC 'RFC 3703: An + integer indicating the relative order of an action in the context of a pol + icy rule.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.22 NAME 'pcimActionName' DESC 'RFC 3703: A u + ser-friendly name for a policy action.' EQUALITY caseIgnoreMatch ORDERING c + aseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.24 NAME 'pcimActionDN' DESC 'RFC 3703: A DN + that references a reusable policy action.' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.36 NAME 'pcimRepositoryName' DESC 'RFC 3703: + The user-friendly name of this policy repository.' EQUALITY caseIgnoreMatc + h ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.1 NAME 'pcelsPolicySetName' DESC 'RFC 4104: + User-friendly name of a policy set' EQUALITY caseIgnoreMatch ORDERING caseI + gnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.2 NAME 'pcelsDecisionStrategy' DESC 'RFC 410 + 4: Evaluation method for the components of a pcelsPolicySet' EQUALITY integ + erMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.3 NAME 'pcelsPolicySetList' DESC 'RFC 4104: + Unordered set of DNs of pcelsPolicySetAssociation entries' EQUALITY disting + uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.4 NAME 'pcelsPriority' DESC 'RFC 4104: Prior + ity of a component' EQUALITY integerMatch ORDERING integerOrderingMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.5 NAME 'pcelsPolicySetDN' DESC 'RFC 4104: DN + of a pcelsPolicySet entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.62 NAME 'pcelsRuleValidityPeriodList' DESC ' + RFC 4104: Unordered set of DNs of pcimRuleValidityAssociation entries' EQUA + LITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.6 NAME 'pcelsConditionListType' DESC 'RFC 41 + 04: Indicates the type of condition aggregation' EQUALITY integerMatch ORDE + RING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.1.9.2.7 NAME 'pcelsConditionList' DESC 'RFC 4104: + Unordered set of DNs of pcelsConditionAssociation entries' EQUALITY disting + uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.8 NAME 'pcelsActionList' DESC 'RFC 4104: Uno + rdered set of DNs of pcelsActionAssociation entries' EQUALITY distinguished + NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.9 NAME 'pcelsSequencedActions' DESC 'RFC 410 + 4: Indicates the importance of action sequencing' EQUALITY integerMatch ORD + ERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU + E ) +attributeTypes: ( 1.3.6.1.1.9.2.10 NAME 'pcelsExecutionStrategy' DESC 'RFC 4 + 104: Indicates the action execution strategy' EQUALITY integerMatch ORDERIN + G integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.11 NAME 'pcelsVariableDN' DESC 'RFC 4104: DN + of a pcelsVariable entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.12 NAME 'pcelsValueDN' DESC 'RFC 4104: DN of + a pcelsValueAuxClass entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.13 NAME 'pcelsIsMirrored' DESC 'RFC 4104: In + dicates whether the mirrored traffic matches' EQUALITY booleanMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.14 NAME 'pcelsVariableName' DESC 'RFC 4104: + The user-friendly name of a variable.' EQUALITY caseIgnoreMatch ORDERING ca + seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.15 NAME 'pcelsExpectedValueList' DESC 'RFC 4 + 104: Unordered set of DNs of pcelsValueAuxClass entries representing + expected values for a policy variable' EQUALITY distinguishedNameMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.16 NAME 'pcelsVariableModelClass' DESC 'RFC + 4104: Identifies a CIM class' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.17 NAME 'pcelsVariableModelProperty' DESC 'R + FC 4104: Identifies the property of a CIM class.' EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.18 NAME 'pcelsExpectedValueTypes' DESC 'RFC + 4104: Identifies subclasses of pcelsValueAuxClass by name' EQUALITY caseIgn + oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.19 NAME 'pcelsValueName' DESC 'RFC 4104: The + user-friendly name of a value' EQUALITY caseIgnoreMatch ORDERING caseIgnor + eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.20 NAME 'pcelsIPv4AddrList' DESC 'RFC 4104: + Unordered set of IPv4 addresses, IPv4 address ranges or hosts' EQUAL + ITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.21 NAME 'pcelsIPv6AddrList' DESC 'RFC 4104: + Unordered set of IPv6 addresses, IPv6 address ranges or hosts' EQUAL + ITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.22 NAME 'pcelsMACAddrList' DESC 'RFC 4104: U + nordered set of MAC addresses or MAC address ranges' EQUALITY caseIgnoreMat + ch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.23 NAME 'pcelsStringList' DESC 'RFC 4104: Un + ordered set of strings with wildcards' EQUALITY caseIgnoreMatch ORDERING ca + seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.24 NAME 'pcelsBitStringList' DESC 'RFC 4104: + Unordered set of bit strings or bit string ranges' EQUALITY caseIgnoreMatc + h ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.25 NAME 'pcelsIntegerList' DESC 'RFC 4104: U + nordered set of integers or integer ranges' EQUALITY caseIgnoreMatch ORDERI + NG caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.26 NAME 'pcelsBoolean' DESC 'RFC 4104: Boole + an value' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.27 NAME 'pcelsReusableContainerName' DESC 'R + FC 4104: User-friendly name of a reusable policy container' EQUALITY caseIg + noreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.28 NAME 'pcelsReusableContainerList' DESC 'R + FC 4104: Unordered set of DNs of pcelsReusableContainer entries' EQUALITY d + istinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.29 NAME 'pcelsRole' DESC 'RFC 4104: String r + epresenting a role.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMa + tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.30 NAME 'pcelsRoleCollectionName' DESC 'RFC + 4104: User-friendly name of a role collection' EQUALITY caseIgnoreMatch ORD + ERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.31 NAME 'pcelsElementList' DESC 'RFC 4104: U + nordered set of managed elements' EQUALITY distinguishedNameMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.32 NAME 'pcelsFilterName' DESC 'RFC 4104: Us + er-friendly name of a filter entry' EQUALITY caseIgnoreMatch ORDERING caseI + gnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.33 NAME 'pcelsFilterIsNegated' DESC 'RFC 410 + 4: Indicates whether the filter is negated' EQUALITY booleanMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.34 NAME 'pcelsIPHdrVersion' DESC 'RFC 4104: + IP version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.35 NAME 'pcelsIPHdrSourceAddress' DESC 'RFC + 4104: Source IP address' EQUALITY octetStringMatch ORDERING octetStringOrde + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.36 NAME 'pcelsIPHdrSourceAddressEndOfRange' + DESC 'RFC 4104: End of a range of source IP addresses' EQUALITY octetString + Match ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 + 0 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.37 NAME 'pcelsIPHdrSourceMask' DESC 'RFC 410 + 4: Mask to be used in comparing the source IP address' EQUALITY octetString + Match ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 + 0 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.38 NAME 'pcelsIPHdrDestAddress' DESC 'RFC 41 + 04: Destination IP address' EQUALITY octetStringMatch ORDERING octetStringO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.39 NAME 'pcelsIPHdrDestAddressEndOfRange' DE + SC 'RFC 4104: End of a range of destination IP addresses' EQUALITY octetStr + ingMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.40 NAME 'pcelsIPHdrDestMask' DESC 'RFC 4104: + Mask to be used in comparing the destination IP address' EQUALITY octetStr + ingMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.41 NAME 'pcelsIPHdrProtocolID' DESC 'RFC 410 + 4: IP protocol type' EQUALITY integerMatch ORDERING integerOrderingMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.42 NAME 'pcelsIPHdrSourcePortStart' DESC 'RF + C 4104: Lower end of a range of UDP or TCP source ports' EQUALITY integerMa + tch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.43 NAME 'pcelsIPHdrSourcePortEnd' DESC 'RFC + 4104: Upper end of a range of UDP or TCP source ports' EQUALITY integerMatc + h ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE + -VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.44 NAME 'pcelsIPHdrDestPortStart' DESC 'RFC + 4104: Lower end of a range of UDP or TCP destination ports' EQUALITY intege + rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.45 NAME 'pcelsIPHdrDestPortEnd' DESC 'RFC 41 + 04: Upper end of a range of UDP or TCP destination ports' EQUALITY integerM + atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.46 NAME 'pcelsIPHdrDSCPList' DESC 'RFC 4104: + DSCP values' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.1.9.2.47 NAME 'pcelsIPHdrFlowLabel' DESC 'RFC 4104 + : IP flow label' EQUALITY octetStringMatch ORDERING octetStringOrderingMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.48 NAME 'pcels8021HdrSourceMACAddress' DESC + 'RFC 4104: Source MAC address' EQUALITY octetStringMatch ORDERING octetStri + ngOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.49 NAME 'pcels8021HdrSourceMACMask' DESC 'RF + C 4104: Source MAC address mask' EQUALITY octetStringMatch ORDERING octetSt + ringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.50 NAME 'pcels8021HdrDestMACAddress' DESC 'R + FC 4104: Destination MAC address' EQUALITY octetStringMatch ORDERING octetS + tringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.51 NAME 'pcels8021HdrDestMACMask' DESC 'RFC + 4104: Destination MAC address mask' EQUALITY octetStringMatch ORDERING octe + tStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.52 NAME 'pcels8021HdrProtocolID' DESC 'RFC 4 + 104: Ethernet protocol ID' EQUALITY integerMatch ORDERING integerOrderingMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.1.9.2.53 NAME 'pcels8021HdrPriority' DESC 'RFC 410 + 4: 802.1Q priority' EQUALITY integerMatch ORDERING integerOrderingMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.1.9.2.54 NAME 'pcels8021HdrVLANID' DESC 'RFC 4104: + 802.1Q VLAN ID' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.1.9.2.55 NAME 'pcelsFilterListName' DESC 'RFC 4104 + : User-friendly name of a FilterList' EQUALITY caseIgnoreMatch ORDERING cas + eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.56 NAME 'pcelsFilterDirection' DESC 'RFC 410 + 4: Direction to which this filter is applied' EQUALITY integerMatch ORDERIN + G integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.57 NAME 'pcelsFilterEntryList' DESC 'RFC 410 + 4: Unordered set of DNs of pcelsFilterEntryBase entries' EQUALITY distingui + shedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.58 NAME 'pcelsVendorVariableData' DESC 'RFC + 4104: Mechanism for representing variables that have not been specif + ically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.1.9.2.59 NAME 'pcelsVendorVariableEncoding' DESC ' + RFC 4104: Identifies the format and semantics for policy variables' EQUALIT + Y objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.60 NAME 'pcelsVendorValueData' DESC 'RFC 410 + 4: Mechanism for representing values that have not been specifically + modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.1.9.2.61 NAME 'pcelsVendorValueEncoding' DESC 'RFC + 4104: Identifies the format and semantics for policy values' EQUALITY obje + ctIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7924.2.1.1.1 NAME 'demailMaxAuthLevel' DESC 'd + escribes the maximum authentification the person is capable of (NORMAL/HIGH + /VERY HIGH)' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who + may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who + may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s + ) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imp + ersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) + followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) + impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group( + s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start o + f time interval for which the entry is valid' EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of t + ime interval for which the entry is valid' EQUALITY generalizedTimeMatch OR + DERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer + to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrder + ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'M + ANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.10 NAME 'puppetClass' DESC 'Puppet + Node Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.9 NAME 'parentNode' DESC 'Puppet P + arent Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.11 NAME 'environment' DESC 'Puppet + Node Environment' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.12 NAME 'puppetVar' DESC 'A variab + le setting for puppet' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.1 NAME 'DKIMSelector' DESC 'Select + or name associated with DKIM signing key' EQUALITY caseExactIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.2 NAME 'DKIMKey' DESC 'DKIM signin + g key' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.3 NAME 'DKIMIdentity' DESC 'The Ag + ent or User Identifier (AUID)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.4 NAME 'DKIMDomain' DESC 'DKIM sen + der domain' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (FileSys + tem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5Mat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) +attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.1 NAME 'tacacsClient' DESC 'Valid clie + nt address range for this user, in CIDR notation' EQUALITY caseExactIA5Matc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{20} ) +attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.2 NAME 'tacacsMember' DESC 'Tacacs gro + up membership' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26{40} ) +attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.3 NAME 'tacacsProfile' DESC 'Tacacs us + er profile' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + {1024} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.8 NAME 'tacacsFlag' DESC 'Arbitrary te + xt, may be used by LDAP filters' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26{40} ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.1 NAME 'cmusaslsecretCRAM-MD5' DESC 'P + rehashed password as described in CRAM-MD5' EQUALITY octetStringMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.40{32} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.2 NAME 'cmusaslsecretDIGEST-MD5' DESC + 'Shared secret for DIGEST-MD5' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.40{16} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.3 NAME 'cmusaslsecretOTP' DESC 'OTP se + cret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.4 NAME 'cmusaslsecretSRP' DESC 'base64 + encoded SRP secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.5 NAME 'cmusaslsecretPLAIN' DESC 'PLAI + N secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.1 NAME 'fedfsUuid' DESC 'A UUID used b + y NSDB' EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.4 NAME 'fedfsFsnUuid' DESC 'The FSN UU + ID component of an FSN' SUP fedfsUuid SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.11 NAME 'fedfsFsnTTL' DESC 'Time to li + ve of an FSN tree' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.14 NAME 'fedfsNceDN' DESC 'NCE Disting + uished Name' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.8 NAME 'fedfsFslUuid' DESC 'UUID of an + FSL' SUP fedfsUuid SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.12 NAME 'fedfsAnnotation' DESC 'Annota + tion of an object' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.13 NAME 'fedfsDescr' DESC 'Description + of an object' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.120 NAME 'fedfsNfsURI' DESC 'Location + of fileset' SUP labeledURI SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.103 NAME 'fedfsNfsCurrency' DESC 'up-t + o-date measure of the data' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.104 NAME 'fedfsNfsGenFlagWritable' DES + C 'Indicates if the file system is writable' EQUALITY booleanMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.105 NAME 'fedfsNfsGenFlagGoing' DESC ' + Indicates if the file system is going' EQUALITY booleanMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.106 NAME 'fedfsNfsGenFlagSplit' DESC ' + Indicates if there are multiple file systems' EQUALITY booleanMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.107 NAME 'fedfsNfsTransFlagRdma' DESC + 'Indicates if the transport supports RDMA' EQUALITY booleanMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.108 NAME 'fedfsNfsClassSimul' DESC 'Th + e simultaneous-use class of the file system' EQUALITY integerMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.109 NAME 'fedfsNfsClassHandle' DESC 'T + he handle class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.110 NAME 'fedfsNfsClassFileid' DESC 'T + he fileid class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.111 NAME 'fedfsNfsClassWritever' DESC + 'The write-verifier class of the file system' EQUALITY integerMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.112 NAME 'fedfsNfsClassChange' DESC 'T + he change class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.113 NAME 'fedfsNfsClassReaddir' DESC ' + The readdir class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.114 NAME 'fedfsNfsReadRank' DESC 'The + read rank of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.115 NAME 'fedfsNfsReadOrder' DESC 'The + read order of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.116 NAME 'fedfsNfsWriteRank' DESC 'The + write rank of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.117 NAME 'fedfsNfsWriteOrder' DESC 'Th + e write order of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.118 NAME 'fedfsNfsVarSub' DESC 'Indica + tes if variable substitution is present' EQUALITY booleanMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.19 NAME 'fedfsNfsValidFor' DESC 'Valid + for time' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL + E-VALUE ) +attributeTypes: ( 0.0.8.350.1.1.1.1.1 NAME 'commURI' DESC 'Labeled URI forma + t to point to the distinguished name of the commUniqueId' EQUALITY caseExac + tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.0.8.350.1.1.2.1.1 NAME 'commUniqueId' DESC 'To hold the + endpoints unique Id' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.0.8.350.1.1.2.1.2 NAME 'commOwner' DESC 'Labeled URI to + point back to the original owner' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 ) +attributeTypes: ( 0.0.8.350.1.1.2.1.3 NAME 'commPrivate' DESC 'To decide whe + ther the entry is visible to world or not' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.1 NAME 'SIPIdentitySIPURI' DESC 'Univers + al Resource Indicator of the SIP UA' EQUALITY caseExactMatch SUBSTR caseExa + ctSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.2 NAME 'SIPIdentityRegistrarAddress' DES + C 'specifies the location of the registrar' EQUALITY caseIgnoreIA5Match SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.3 NAME 'SIPIdentityProxyAddress' DESC 'S + pecifies the location of the SIP Proxy' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.4 NAME 'SIPIdentityAddress' DESC 'IP add + ress of the UA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.5 NAME 'SIPIdentityPassword' DESC 'The u + ser agent SIP password ' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.40 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.6 NAME 'SIPIdentityUserName' DESC 'The u + ser agent user name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.7 NAME 'SIPIdentityServiceLevel' DESC 'T + o define services that a user can belong to.' EQUALITY caseIgnoreIA5Match S + UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' EQUALI + TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' EQUALI + TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC 'con + trolItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC 're + plyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC + 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DES + C 'controlItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DE + SC 'controlItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC 'replyIt + em: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' EQ + UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC 'repl + yItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink + ' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetw + ork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone + ' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' + DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DE + SC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DE + SC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' D + ESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC 're + plyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol' DES + C 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC ' + replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC + 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' EQUALITY case + IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC ' + replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC ' + replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC + 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC + 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC + 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DE + SC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC + 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC + 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC 're + plyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' EQUALITY ca + seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' EQUAL + ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' D + ESC 'control:Replicate-To-Realm' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' EQUALITY cas + eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC ' + replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout' DES + C 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' + DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' EQU + ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupI + d' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoin + t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' EQUALIT + Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoin + t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DE + SC 'controlItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' EQUAL + ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' EQUALITY ca + seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC 'c + ontrolItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC 'co + ntrolItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusNASIpAddress' EQUAL + ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusReplyMessage' DESC + 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.63 NAME 'radiusControlAttribute' D + ESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.64 NAME 'radiusReplyAttribute' DES + C 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.65 NAME 'radiusRequestAttribute' D + ESC 'requestItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.1 NAME 'radiusClientIdentifier' + DESC 'Client Identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.2 NAME 'radiusClientSecret' DESC + 'Client Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.3 NAME 'radiusClientShortname' D + ESC 'Client Shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.4 NAME 'radiusClientVirtualServe + r' DESC 'VirtualServer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.5 NAME 'radiusClientType' DESC ' + Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.6 NAME 'radiusClientRequireMa' D + ESC 'Require Message Authenticator' EQUALITY booleanMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.7 NAME 'radiusClientComment' DES + C 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.2 NAME 'dateOfBirth' DESC 'Date o + f birth (format YYYY-MM-DD, see ISO 8601)' EQUALITY caseExactIA5Match SUBST + R caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10} SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.12 NAME 'birthPlace' DESC 'Place + of birth' SUP l SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.14 NAME 'birthName' DESC 'Last na + me at time of birth, e.g. maiden name' SUP sn SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.7 NAME 'gender' DESC 'Representat + ion of human sex (see ISO 5218)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27{1} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.9 NAME 'businessTitle' DESC 'Busi + ness title describing the kind of job a person does' SUP title ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.15 NAME 'academicTitle' DESC 'Aca + demic title a person is allowed to use' SUP title ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.10 NAME 'nickName' DESC 'A nick n + ame of a person' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.11 NAME 'euVATId' DESC 'value add + ed tax ID of company within EU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26{20} ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.13 NAME 'labeledBICandIBAN' DESC + 'international bank arrangement consisting of BIC, IBAN and optional label + (format: "BIC:,IBAN:#