[389-devel] [lib389] Deref control advice needed

William Brown william at blackhats.net.au
Wed Aug 26 09:28:32 UTC 2015 

> In relation to ticket 47757, I have started work on a deref control for
> Noriko.
> The idea is to get it working in lib389, then get it upstreamed into pyldap.
> 
> At this point it's all done, except that the actual request control doesn't
> appear to work. Could one of the lib389 / ldap python experts cast their eye
> over this and let me know where I've gone wrong? 

I have improved this, but am having issues with the asn1spec for ber decoding.

I have attached the updated patch, but specifically the issue is in _controls.py

I would appreciate if anyone could take a look at this, and let me know if there
is something I have missed.

"""
 controlValue ::= SEQUENCE OF derefRes DerefRes

 DerefRes ::= SEQUENCE {
     derefAttr       AttributeDescription,
     derefVal        LDAPDN,
     attrVals        [0] PartialAttributeList OPTIONAL }

 PartialAttributeList ::= SEQUENCE OF
                partialAttribute PartialAttribute
"""

class DerefRes(univ.Sequence):
    componentType = namedtype.NamedTypes(
        namedtype.NamedType('derefAttr', AttributeDescription()),
        namedtype.NamedType('derefVal', LDAPDN()),
        namedtype.OptionalNamedType('attrVals', PartialAttributeList()),
    )

class DerefResultControlValue(univ.SequenceOf):
    componentType = DerefRes()


....


    def decodeControlValue(self,encodedControlValue):
        self.entry = {}
        #decodedValue,_ =
decoder.decode(encodedControlValue,asn1Spec=DerefResultControlValue())
        # Gets the error: TagSet(Tag(tagClass=0, tagFormat=32, tagId=16),
Tag(tagClass=128, tagFormat=32, tagId=0)) not in asn1Spec:
{TagSet(Tag(tagClass=0, tagFormat=32, tagId=16)): PartialAttributeList()}/{}
        decodedValue,_ = decoder.decode(encodedControlValue)
        print(decodedValue.prettyPrint())
        # Pretty print yields
        #Sequence:  <-- Sequence of
        # <no-name>=Sequence:  <-- derefRes
        #  <no-name>=uniqueMember <-- derefAttr
        #  <no-name>=uid=test,dc=example,dc=com <-- derefVal
        #  <no-name>=Sequence: <-- attrVals
        #   <no-name>=uid
        #   <no-name>=Set:
        #    <no-name>=test
        # For now, while asn1spec is sad, we'll just rely on it being well
formed
        # However, this isn't good, as without the asn1spec, we seem to actually
be dropping values ....
        for result in decodedValue:
            derefAttr, derefVal, _ = result
            self.entry[str(derefAttr)] = str(derefVal)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-dereference-request-control-to-lib389-for-testin.patch
Type: text/x-patch
Size: 11057 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-devel/attachments/20150826/a4c91d31/attachment.bin>

More information about the 389-devel mailing list