You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Syed Mudassir Ahmed <sm...@icloud.com> on 2015/09/18 19:36:30 UTC
Get all attributes
Hi Everybody,
I am using plain java coding (Apache directory API) This is the problem I am facing.
I am able to connect to Windows Active Directory. I am able to lookup an object and get the attributes.
Suppose an entry has 'm' attributes out of which 'n' attributes are assigned values. The remaining attributes are simply unassigned.
When I do search or lookup operation, I am getting only 'n' attributes listed. I need the reamining (m-n) attributes as well.
Anyone can help how to that? How are you fetching it?
Sent from my iPad
Re: Get all attributes
Posted by Emmanuel Lécharny <el...@gmail.com>.
>> Ping!! Can someone help?
FTR, the responses are sent to the mailing list, not to you personnaly.
The reason is that those repsonses will (and shoulr) benefit to
*everyine* having the exact same question. So you have to read this
mailing list to get your answer.
FTR, doing otherwise simply invalidate the rule : "check on the mailing
list of someone else has already asked the same question".
Re: Get all attributes
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 25/09/15 02:43, Syed Mudassir Ahmed a écrit :
> I am curious to know how ldap API can do that?
As the subschema tells where the schema is, we can load it on demand.
Actually, this is not what we do : we fetch teh schema from the rootDSE,
which always hold a reference to the schema (see later why we don't
fetch teh schema from the subschemaSubentry attrubte).
Once we know where the schema is stored, and assuming it is stored with
respect to teh RFC, it's all about loading all the schema elements into
a SchemaManager, and eventually check that the schema is consistent (and
sadly, none of the existing LDAP server out there - execpt ApacheDS -
is. Not that it's a bad thing, but we are extremely picky with the
respect of standards). As some LDAP server are a bit lax about teh
schema consistency, there is a relaxed mode taht allows us to load most
of teh server's schema.
Frankly, this is not perfect, and it's more a work in progress, but it
already works quite well with OpenLDAP and a few others.
Bottom line, behind the curtain, it's just a matter of reading teh AT,
OC and a few other elements, parsing them and store them. The process is
partially explained on
http://directory.apache.org/api/user-guide/4-schema-management.html
(this is not fully completed).
Why don't we load the schemaManager from the subschemaSubentry found in
each entry ? For two reasons :
- first because I don't know about any LDAP server that is defining more
than one schema for the entire server (although this is mandated by the
scpecification)
- and second because accordingly to RFC 2252, it was not mandatory to
store a subschemaSubentry in each entry, and apacheDS didn't do iut.
Obviously, this is a mistake that will be fixed soon.
Re: Get all attributes
Posted by Syed Mudassir Ahmed <sm...@icloud.com>.
I am curious to know how ldap API can do that?
Sent from my iPad
> On 24-Sep-2015, at 7:28 PM, Emmanuel Lécharny <el...@gmail.com> wrote:
>
> Le 24/09/15 15:19, Syed Mudassir Ahmed a écrit :
>> This solution applies to Windows active directory. For each value of objectClass (top, person, etc) there is an object in cn=schema,cn=configuration,dc=... . Each of these objects tells required and optional attributes. For the given entry, get all the values of its objectClass and query those objects for attributes.
> yes, but this is not the solution to the very question you asked. Here,
> what you are doing is that you fetch the schema, and then you deduce the
> optional AttributeTypes a specific entry can have by checking for its
> ObjectClasses.
>
> Your question was "When I do search or lookup operation, I am getting
> only 'n' attributes listed. I need the reamining (m-n) attributes as
> well." and the short answer is : you can't. It's a two step operation,
> actually...
>
> Now, yes, fecthing the schema is the way to go, and you have to store
> the information locally. The LDAP API can do that, so you won't need to
> specifically request for the information every tilme you fecth an entry.
> (although for AD, this is a bt more complex than just fetching teh
> schema, just because AD is not implementng LDAP the way it should ;-)
>
>
Re: Get all attributes
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 24/09/15 15:19, Syed Mudassir Ahmed a écrit :
> This solution applies to Windows active directory. For each value of objectClass (top, person, etc) there is an object in cn=schema,cn=configuration,dc=... . Each of these objects tells required and optional attributes. For the given entry, get all the values of its objectClass and query those objects for attributes.
yes, but this is not the solution to the very question you asked. Here,
what you are doing is that you fetch the schema, and then you deduce the
optional AttributeTypes a specific entry can have by checking for its
ObjectClasses.
Your question was "When I do search or lookup operation, I am getting
only 'n' attributes listed. I need the reamining (m-n) attributes as
well." and the short answer is : you can't. It's a two step operation,
actually...
Now, yes, fecthing the schema is the way to go, and you have to store
the information locally. The LDAP API can do that, so you won't need to
specifically request for the information every tilme you fecth an entry.
(although for AD, this is a bt more complex than just fetching teh
schema, just because AD is not implementng LDAP the way it should ;-)
Re: Get all attributes
Posted by Syed Mudassir Ahmed <sm...@icloud.com>.
This solution applies to Windows active directory. For each value of objectClass (top, person, etc) there is an object in cn=schema,cn=configuration,dc=... . Each of these objects tells required and optional attributes. For the given entry, get all the values of its objectClass and query those objects for attributes.
Sent from my iPad
> On 24-Sep-2015, at 6:25 PM, Emmanuel Lécharny <el...@gmail.com> wrote:
>
> Le 24/09/15 14:34, Syed Mudassir Ahmed a écrit :
>> r&d simply means research and development.
>
> Ok, but that does not say what was your solution.
>
Re: Get all attributes
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 24/09/15 14:34, Syed Mudassir Ahmed a écrit :
> r&d simply means research and development.
Ok, but that does not say what was your solution.
Re: Get all attributes
Posted by Syed Mudassir Ahmed <sm...@icloud.com>.
r&d simply means research and development.
Sent from my iPad
> On 22-Sep-2015, at 12:40 AM, Emmanuel Lécharny <el...@gmail.com> wrote:
>
> Le 21/09/15 20:03, Syed Mudassir Ahmed a écrit :
>> Hello all, it's actually possible to list all the possible attributes for a given entry (both assigned and unassigned). I have done it after a hard r&d.
>
> What is a hard r&d ?
>
Re: Get all attributes
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 21/09/15 20:03, Syed Mudassir Ahmed a écrit :
> Hello all, it's actually possible to list all the possible attributes for a given entry (both assigned and unassigned). I have done it after a hard r&d.
What is a hard r&d ?
Re: Get all attributes
Posted by Syed Mudassir Ahmed <sm...@icloud.com>.
Hello all, it's actually possible to list all the possible attributes for a given entry (both assigned and unassigned). I have done it after a hard r&d.
Sent from my iPad
> On 19-Sep-2015, at 8:51 AM, Kiran Ayyagari <ka...@apache.org> wrote:
>
> there are two replies to your earlier mail with subject "Question about fetching attributes"
>
> here are the references to those replied http://mail-archives.apache.org/mod_mbox/directory-users/201509.mbox/%3C55FC13EB.20709@gmail.com%3E
>
> http://mail-archives.apache.org/mod_mbox/directory-users/201509.mbox/%3CCABzFU-dUCRsp71zFwjDhxsaw3jgSNOKi7=p+_ohqFnq_v8PeDw@mail.gmail.com%3E
>
>
>> On Sat, Sep 19, 2015 at 11:14 AM, Syed Mudassir Ahmed <sm...@icloud.com> wrote:
>> Ping!! Can someone help?
>>
>> Sent from my iPad
>>
>> > On 18-Sep-2015, at 11:06 PM, Syed Mudassir Ahmed <sm...@icloud.com> wrote:
>> >
>> > Hi Everybody,
>> > I am using plain java coding (Apache directory API) This is the problem I am facing.
>> > I am able to connect to Windows Active Directory. I am able to lookup an object and get the attributes.
>> > Suppose an entry has 'm' attributes out of which 'n' attributes are assigned values. The remaining attributes are simply unassigned.
>> > When I do search or lookup operation, I am getting only 'n' attributes listed. I need the reamining (m-n) attributes as well.
>> > Anyone can help how to that? How are you fetching it?
>> >
>> > Sent from my iPad
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
Re: Get all attributes
Posted by Kiran Ayyagari <ka...@apache.org>.
there are two replies to your earlier mail with subject "Question about
fetching attributes"
here are the references to those replied
http://mail-archives.apache.org/mod_mbox/directory-users/201509.mbox/%3C55FC13EB.20709@gmail.com%3E
http://mail-archives.apache.org/mod_mbox/directory-users/201509.mbox/%3CCABzFU-dUCRsp71zFwjDhxsaw3jgSNOKi7=p+_ohqFnq_v8PeDw@mail.gmail.com%3E
On Sat, Sep 19, 2015 at 11:14 AM, Syed Mudassir Ahmed <sm...@icloud.com>
wrote:
> Ping!! Can someone help?
>
> Sent from my iPad
>
> > On 18-Sep-2015, at 11:06 PM, Syed Mudassir Ahmed <sm...@icloud.com>
> wrote:
> >
> > Hi Everybody,
> > I am using plain java coding (Apache directory API) This is the
> problem I am facing.
> > I am able to connect to Windows Active Directory. I am able to lookup
> an object and get the attributes.
> > Suppose an entry has 'm' attributes out of which 'n' attributes are
> assigned values. The remaining attributes are simply unassigned.
> > When I do search or lookup operation, I am getting only 'n' attributes
> listed. I need the reamining (m-n) attributes as well.
> > Anyone can help how to that? How are you fetching it?
> >
> > Sent from my iPad
>
--
Kiran Ayyagari
http://keydap.com
Re: Get all attributes
Posted by Syed Mudassir Ahmed <sm...@icloud.com>.
Ping!! Can someone help?
Sent from my iPad
> On 18-Sep-2015, at 11:06 PM, Syed Mudassir Ahmed <sm...@icloud.com> wrote:
>
> Hi Everybody,
> I am using plain java coding (Apache directory API) This is the problem I am facing.
> I am able to connect to Windows Active Directory. I am able to lookup an object and get the attributes.
> Suppose an entry has 'm' attributes out of which 'n' attributes are assigned values. The remaining attributes are simply unassigned.
> When I do search or lookup operation, I am getting only 'n' attributes listed. I need the reamining (m-n) attributes as well.
> Anyone can help how to that? How are you fetching it?
>
> Sent from my iPad