[389-devel] [lib389] Deref control advice needed

William Brown william at blackhats.net.au
Tue Aug 25 06:17:48 UTC 2015 

Hi,

In relation to ticket 47757, I have started work on a deref control for Noriko.
The idea is to get it working in lib389, then get it upstreamed into pyldap.

At this point it's all done, except that the actual request control doesn't
appear to work. Could one of the lib389 / ldap python experts cast their eye
over this and let me know where I've gone wrong? 

For one, I don't think that the DerferenceControl decodeControlValue function is
ever called, as I'm never seeing the encodedControlValue printed in my logs.

Second, the results I get from result3 are:

[('cn=testgroup,dc=example,dc=com', {'objectClass': ['top', 'extensibleobject'],
'uniqueMember': ['uid=test,dc=example,dc=com'], 'cn': ['testgroup']})]
[]

Which again, doesn't seem correct, as there should be a result from the control.

Additionally, any tips on how to make the code nicer would be appreciated.

I've attached the complete patch, with a unit test to trigger the search, but
the request control looks like:

    """
     controlValue ::= SEQUENCE OF derefSpec DerefSpec

     DerefSpec ::= SEQUENCE {
         derefAttr       attributeDescription,    ; with DN syntax
         attributes      AttributeList }

     AttributeList ::= SEQUENCE OF attr AttributeDescription
    """
    class AttributeList(univ.SequenceOf):
        componentType = AttributeDescription()

    class DerefSpec(univ.Sequence):
        componentType = namedtype.NamedTypes(
            namedtype.NamedType('derefAttr', AttributeDescription()),
            namedtype.NamedType('attributes', AttributeList()),
        )

    class ControlValue(univ.SequenceOf):
        componentType = DerefSpec()

    class DereferenceControl(LDAPControl):
        """
        Dereference Control
        """

        def __init__(self, criticality, deref):
            LDAPControl.__init__(self, CONTROL_DEREF, criticality)
            self.deref = deref

        def encodeControlValue(self):
            # How does -E ask for many values?
            derefAttr, attributes = self.deref.split(':')
            attributes = attributes.split(',')
            al = AttributeList()
            i = 0
            while len(attributes) > 0:
                al.setComponentByPosition(i, attributes.pop())
                i += 1
            ds = DerefSpec()
            ds.setComponentByName('derefAttr', derefAttr)
            ds.setComponentByName('attributes', al)
            cv = ControlValue()
            cv.setComponentByPosition(0, ds)
            print(cv.prettyPrint())
            return encoder.encode(cv)

        def decodeControlValue(self,encodedControlValue):
            print(encodedControlValue)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-dereference-request-control-to-lib389-for-testin.patch
Type: text/x-patch
Size: 8384 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-devel/attachments/20150825/9e310bc0/attachment.bin>

More information about the 389-devel mailing list