Re: [Fedora-directory-devel] Attribute to determine allowed write attributes?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Richard Megginson wrote:

Andrew Bartlett wrote:

On Tue, 2006-10-31 at 21:05 -0700, David Boreham wrote:

Andrew Bartlett wrote:
Does anybody have any pointers to an existing feature request like this, 
or should I file one in Bugzilla?

This is what is implemented :

http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#1216899


That has:


Information is not given for attributes in an entry that do not have a
value; for example, if the userPassword value is removed, then a
future effective rights search on the entry above would not return any
effective rights for userPassword, even though self-write and
self-delete rights could be allowed. Likewise, if the street attribute
were added with read, compare, and search rights, then street: rsc
would appear in the attributeLevelRights results.


I need information on unknown attributes, so that MMC can show them as
valid, writable fields (not greyed out).  My preferred format is a list
of writable fields, as permitted by the current schema for that entry.
This could be useful in any general purpose GUI app, to have the ability to perform one query and get back a list of 
1) regular attributes available according to the schema
2) operational attributes - writable vs. read-only
3) virtual attributes - writable vs. read-only
I would like to support the openldap "+" special attribute which retrieves all operational attributes, and I would also like to support the Sun DS real and virtual attrs controls.
I wrote the Sun DS real and virtual attrs controls before the fork, so we do :) 

Attached a little rootDSE decoder python script.

--
Pete


#!/usr/bin/python
import sys
import ldap

controls = {
'1.2.840.113556.1.4.473': 'Server side sort request',
'1.3.6.1.4.1.1466.29539.12': 'Chaining loop detection',
'1.3.6.1.4.1.42.2.27.8.5.1': 'Password policy request/response',
'1.3.6.1.4.1.42.2.27.9.5.2': 'Get effective rights',
'2.16.840.1.113730.3.4.12': 'Proxied authorization (version 1)',
'2.16.840.1.113730.3.4.13': 'Replication update information',
'2.16.840.1.113730.3.4.14': 'Search on specific backend',
'2.16.840.1.113730.3.4.15': 'Authentication response',
'2.16.840.1.113730.3.4.16': 'Authentication request',
'2.16.840.1.113730.3.4.17': 'Real attributes only',
'2.16.840.1.113730.3.4.18': 'Proxied authorization (version 2)',
'2.16.840.1.113730.3.4.19': 'Virtual attributes only',
'2.16.840.1.113730.3.4.2': 'Manage DSA IT',
'2.16.840.1.113730.3.4.20': 'Search on one backend',
'2.16.840.1.113730.3.4.3': 'Persistent search',
'2.16.840.1.113730.3.4.4': 'Password expired',
'2.16.840.1.113730.3.4.5': 'Password expiring',
'2.16.840.1.113730.3.4.6': 'NT synchcronization client',
'2.16.840.1.113730.3.4.7': 'Entry change notification',
'2.16.840.1.113730.3.4.9': 'VLV request',
'2.16.840.1.113730.3.4.10': 'VLV response',
'2.16.840.1.113730.3.4.11': 'Transaction ID response',
'2.16.840.1.113730.3.4.999': 'Replication modrdn extra mods'
}

extensions = {
'1.3.6.1.4.1.4203.1.11.1': 'Modify password',
'2.16.840.1.113730.3.5.1': 'Transaction request',
'2.16.840.1.113730.3.5.2': 'Transaction response',
'2.16.840.1.113730.3.5.3': 'Start replication request',
'2.16.840.1.113730.3.5.4': 'Replication response',
'2.16.840.1.113730.3.5.5': 'End replication request',
'2.16.840.1.113730.3.5.6': 'Replication entry request',
'2.16.840.1.113730.3.5.7': 'Bulk import start',
'2.16.840.1.113730.3.5.8': 'Bulk import finished',
'2.16.840.1.113730.3.5.9': 'Digest authentication calculation'
}

def translate_value(attr, value):
	ret = value
	a = attr.lower()

	if 'supportedcontrol' == a:
		if controls.has_key(value):
			ret = controls[value] + " (" + value + ")"
        if 'supportedextension' == a:
                if extensions.has_key(value):
                        ret = extensions[value] + " (" + value + ")"
	return ret

def parse_entry(entry): 
	dn, attrs = entry
	out = []

        for attr in attrs:
        	for value in attrs[attr]:
                	line = attr + ': ' + translate_value(attr, value)
			out.append(line)

	out.sort()
	return out


try:
	host = sys.argv[1]
except IndexError:
	host = ""

try:
	l = ldap.open(host)
	l.protocol_version = ldap.VERSION3

	id = l.search("", ldap.SCOPE_BASE)

	while 1:
		msg_type, data = l.result(id, 0)
		if (data == []):
			break
		else:
			if msg_type == ldap.RES_SEARCH_ENTRY:
				out = parse_entry(data[0])
				for line in out:
					print line
except ldap.LDAPError, e:
	print e

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux