How to get all the attributes of an LDAP database

Question

How to get all the attributes of an LDAP database

I am using the python ldap module to connect to the ldap server . I can query the database, but I don’t know how to get the fields present in the database , so that I can notify the user in advance about the database request, telling him that the field that he is trying to access is not in the database.

For example, if the fields present are simply

cn memberOf

and if the user tries to query a database with a filter

 cn and memberOf and notcontained

I should know that the notcontained attribute is not in the dabase schema.

How can i do this.

Thanks.

+4

python ldap python-ldap

ashokadhikari Jul 10 '12 at 10:58

source share

3 answers

You need to read the diagram of your ldap server.

This code may work for you, like tempalte

 #!/usr/bin/env python #coding:utf-8 # Author: peter --< pjl@hpc.com.py > # Purpose: Tareas comunes a utilizar con respecto a schemas ldap # Created: 01/05/12 import ldap import ldap.schema ######################################################################## class SchemasIPA(object): __ldaps = ldap.schema #---------------------------------------------------------------------- def __init__(self, url): """Constructor""" ldap._trace_level = 0 ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) subschemasubentry_dn, self.schema = ldap.schema.urlfetch(url,ldap._trace_level) self.oc_tree = self.schema.tree(ldap.schema.ObjectClass) self.at_tree = self.schema.tree(ldap.schema.AttributeType) def getobjectclasses(self): """ trae la listas de objectclasses de un servidor dado """ allobjc = {} for a in self.oc_tree.keys(): objc = self.schema.get_obj(ldap.schema.ObjectClass, a) if objc != None: allobjc[objc.oid] = (objc.names, objc.must, objc.may, objc.sup, objc.obsolete) return allobjc def getatributes(self): """ trae la lista de atributos de un servidor dado """ allatt= {} o = [] for a in self.at_tree.keys(): att = self.schema.get_obj(ldap.schema.AttributeType, a) if att != None: allatt[att.oid] = (att.names, att.syntax, att.syntax_len, att.desc, att.collective, att.equality, att.single_value) return allatt def getvalidoid(self, objects): """ retorno un valor oid libre valida para la creacion de esquemas y atributos el proceso valido es pedirle a la iana un oid valido, pero se tarda mas de un mes los oid a utilizar son valores predefinidos al momento de la instalacion del servidor ldap """ pass if __name__ == '__main__': sch = SchemasIPA('ldap://localhost') #at = sch.getatributes() ob = sch.getobjectclasses() for a, b in ob.iteritems(): print a print b[0]

Then you can wrap this class as follows

 #a file contained the above class import schemas olschemas = schemas.SchemasIPA(url='ldap://192.168.1.81') #here are, some magic :) pa = olschemas.schema.get_obj(olschemas._SchemasIPA__ldaps.ObjectClass, 'posixaccount') pa.must #going to print all the attributes that can't be null's pa.may #going to print all the attributes that are optional's

+5

peter May 15, '13 at 5:10

source share

Root DSE and Possible Base Schema DN

Assuming that the LDAP client only cares about which attributes are defined in the schema (see extensibleObject below) to determine if an attribute defined in the server schema, retrieve the schema. On many directory servers, the base DN (or base object) for a schema is defined in the subSchemaSubEntry attribute, which may be present in the root DSE. For more information about root DSE, see LDAP: Root DSE . To retrieve the contents of the root DSE, submit the search request to the server consisting of the base object '' and the base search area, and the requested list of attributes consisting of * and + .

extensibleObject

Note that the presence of objectClass extensibleObject allows LDAP clients to add any attribute name and value that they require, similar to the general FORTRAN garbage block, that is, attributes can be present in the record but not defined in the schema.

subSchemaSubEntry no

If the subSchemaSubEntry attribute subSchemaSubEntry missing, contact the server administrators and ask for information on retrieving the schema and sufficient access rights for this.

subSchemaSubEntry present

If the subSchemaSubEntry attribute is subSchemaSubEntry , read the diagram by sending the search request to the server using the value of the subSchemaSubEntry attribute as the base object, the search scope one and the list of requested attributes from * and + . Definitions of attribute types and objectClass definitions are contained in the schema.

+3

Terry gardner Jul 10 '12 at 12:37

source share

Burhan khalid · Accepted Answer · 2012-07-10T13:01:43+0000

I am using the python ldap module to connect to the ldap server. I am able to query the database, but I don’t know how to get the fields present in the database, so that I can notify the user in advance by requesting the database, telling him that the field that he is trying to access is not in the database.

A simple solution would be to search and then print a list of keys from the result.

 import ldap # connect to your ldap server some_dn = '...' # Your base dn some_lookup = '...' # your lookup attr result = conn.search_s(some_dn,ldap.SCOPE_SUBTREE,some_lookup) result[0][1].keys()

For example, against my AD server, it returns the following:

 ['mailNickname', 'publicDelegatesBL', 'logonCount', 'cn', 'countryCode', 'dSCorePropagationData', 'objectClass', # ... many many more 'telephoneNumber', 'physicalDeliveryOfficeName', 'name', 'memberOf', 'codePage', 'userAccountControl', 'msExchMDBRulesQuota', 'lastLogon', 'protocolSettings', 'uSNChanged', 'sn', 'msExchVersion', 'mDBUseDefaults', 'givenName', 'msExchMailboxGuid', 'lastLogoff']

How to get all the attributes of an LDAP database

Root DSE and Possible Base Schema DN

extensibleObject

subSchemaSubEntry no

subSchemaSubEntry present

More articles: