3.8 KiB
:pyldap.dn
LDAP Distinguished
Name handling
python-ldap project (see http://www.python-ldap.org/)
For LDAPv3 DN syntax see:
4514
- Lightweight
Directory Access Protocol (LDAP): String Representation of Distinguished
Names
For deprecated LDAPv2 DN syntax (obsoleted by LDAPv3) see:
1779
- A String
Representation of Distinguished Names
The ldap.dn
module
defines the following functions:
escape_dn_chars(s)
This function escapes characters in string s which are special in LDAP distinguished names. You should use this function when building LDAP DN strings from arbitrary input.
str2dn(s [, flags=0])
This function takes s and breaks it up into its component
parts down to AVA level. The optional parameter flags describes
the DN format of s (see ldap-dn-flags
). Note that hex-encoded non-ASCII chars
are decoded to the raw bytes.
dn2str(dn)
This function takes a decomposed DN in dn and returns a
single string. It's the inverse to str2dn
. Special characters are escaped with the help
of function escape_dn_chars
.
explode_dn(dn [, notypes=0[, flags=0]])
This function takes dn and breaks it up into its component
parts. Each part is known as an RDN (Relative Distinguished Name). The
optional notypes parameter is used to specify that only the RDN
values be returned and not their types. The optional parameter
flags describes the DN format of s (see ldap-dn-flags
). This function
is emulated by function str2dn
since the function ldap_explode_dn() in the C
library is deprecated.
explode_rdn(rdn [, notypes=0[, flags=0]])
This function takes a (multi-valued) rdn and breaks it up
into a list of characteristic attributes. The optional notypes
parameter is used to specify that only the RDN values be returned and
not their types. The optional flags parameter describes the DN
format of s (see ldap-dn-flags
). This function is emulated by function
str2dn
since the
function ldap_explode_rdn() in the C library is deprecated.
Examples
Splitting a LDAPv3 DN to AVA level. Note that both examples have the same result but in the first example the non-ASCII chars are passed as is (byte buffer string) whereas in the second example the hex-encoded DN representation are passed to the function.
>>> ldap.dn.str2dn('cn=Michael Strxc3xb6der,dc=stroeder,dc=com',flags=ldap.DN_FORMAT_LDAPV3) [[('cn', 'Michael Strxc3xb6der', 4)], [('dc', 'stroeder', 1)], [('dc', 'com', 1)]] >>> ldap.dn.str2dn('cn=Michael StrC3B6der,dc=stroeder,dc=com',flags=ldap.DN_FORMAT_LDAPV3) [[('cn', 'Michael Strxc3xb6der', 4)], [('dc', 'stroeder', 1)], [('dc', 'com', 1)]]
Splitting a LDAPv2 DN into RDN parts:
>>> ldap.dn.explode_dn('cn=Michael Stroeder;dc=stroeder;dc=com',flags=ldap.DN_FORMAT_LDAPV2) ['cn=Michael Stroeder', 'dc=stroeder', 'dc=com']
Splitting a multi-valued RDN:
>>> ldap.dn.explode_rdn('cn=Michael Stroeder+mail=michael@stroeder.com',flags=ldap.DN_FORMAT_LDAPV2) ['cn=Michael Stroeder', 'mail=michael@stroeder.com']
Splitting a LDAPv3 DN with a multi-valued RDN into its AVA parts:
>>> ldap.dn.str2dn('cn=Michael Stroeder+mail=michael@stroeder.com,dc=stroeder,dc=com') [[('cn', 'Michael Stroeder', 1), ('mail', 'michael@stroeder.com', 1)], [('dc', 'stroeder', 1)], [('dc', 'com', 1)]]