tldap package

Subpackages

• tldap.backend package
  • Submodules
  • tldap.backend.base module
    • LdapBase
      • LdapBase.add()
      • LdapBase.check_password()
      • LdapBase.close()
      • LdapBase.commit()
      • LdapBase.delete()
      • LdapBase.enter_transaction_management()
      • LdapBase.is_dirty()
      • LdapBase.is_managed()
      • LdapBase.leave_transaction_management()
      • LdapBase.modify()
      • LdapBase.modify_no_rollback()
      • LdapBase.rename()
      • LdapBase.reset()
      • LdapBase.rollback()
      • LdapBase.search()
      • LdapBase.set_connection_class()
  • tldap.backend.fake_transactions module
    • LDAPwrapper
      • LDAPwrapper.add()
      • LDAPwrapper.commit()
      • LDAPwrapper.delete()
      • LDAPwrapper.enter_transaction_management()
      • LDAPwrapper.fail()
      • LDAPwrapper.is_dirty()
      • LDAPwrapper.is_managed()
      • LDAPwrapper.leave_transaction_management()
      • LDAPwrapper.modify()
      • LDAPwrapper.modify_no_rollback()
      • LDAPwrapper.rename()
      • LDAPwrapper.reset()
      • LDAPwrapper.rollback()
    • NoSuchObject
    • raise_testfailure()
  • tldap.backend.no_transactions module
    • LDAPwrapper
      • LDAPwrapper.add()
      • LDAPwrapper.commit()
      • LDAPwrapper.delete()
      • LDAPwrapper.enter_transaction_management()
      • LDAPwrapper.is_dirty()
      • LDAPwrapper.is_managed()
      • LDAPwrapper.leave_transaction_management()
      • LDAPwrapper.modify()
      • LDAPwrapper.modify_no_rollback()
      • LDAPwrapper.rename()
      • LDAPwrapper.reset()
      • LDAPwrapper.rollback()
  • Module contents
    • DefaultConnectionProxy
    • connections
    • setup()
• tldap.database package
  • Submodules
  • tldap.database.helpers module
    • add_group_member()
    • get_fields_account()
    • get_fields_common()
    • get_fields_group()
    • get_fields_password_object()
    • get_fields_person()
    • get_fields_pwdpolicy()
    • get_fields_shadow()
    • get_fields_shibboleth()
    • load_account()
    • load_group()
    • load_password_object()
    • load_person()
    • load_pwdpolicy()
    • load_shadow()
    • load_shibboleth()
    • rdn_to_dn()
    • remove_group_member()
    • save_account()
    • save_group()
    • save_password_object()
    • save_person()
    • save_pwdpolicy()
    • save_shadow()
    • save_shibboleth()
    • set_object_class()
  • Module contents
    • Changeset
      • Changeset.changes
      • Changeset.errors
      • Changeset.force_add()
      • Changeset.force_delete()
      • Changeset.force_replace()
      • Changeset.get_value_as_list()
      • Changeset.get_value_as_single()
      • Changeset.is_valid
      • Changeset.src
    • Database
      • Database.connection
      • Database.settings
    • LdapObject
      • LdapObject.get_as_list()
      • LdapObject.get_as_single()
      • LdapObject.get_fields()
      • LdapObject.get_search_options()
      • LdapObject.on_load()
      • LdapObject.on_save()
    • NotLoaded
      • NotLoaded.load()
    • NotLoadedList
      • NotLoadedList.load()
    • NotLoadedObject
      • NotLoadedObject.load()
    • SearchOptions
    • changeset()
    • delete()
    • get_database()
    • get_default_database()
    • get_one()
    • insert()
    • preload()
    • rename()
    • save()
    • search()
• tldap.django package
  • Subpackages
    • tldap.django.migrations package
      • Submodules
      • tldap.django.migrations.0001_initial module
        • Migration
          • Migration.dependencies
          • Migration.operations
      • Module contents
  • Submodules
  • tldap.django.apps module
    • TldapConfig
      • TldapConfig.label
      • TldapConfig.name
      • TldapConfig.verbose_name
  • tldap.django.helpers module
    • save_account()
    • save_group()
  • tldap.django.middleware module
    • TransactionMiddleware
      • TransactionMiddleware.process_exception()
      • TransactionMiddleware.process_request()
      • TransactionMiddleware.process_response()
  • tldap.django.models module
    • Counters
      • Counters.DoesNotExist
      • Counters.MultipleObjectsReturned
      • Counters.count
      • Counters.get_and_increment()
      • Counters.id
      • Counters.name
      • Counters.objects
      • Counters.scheme
  • Module contents
• tldap.test package
  • Submodules
  • tldap.test.slapd module
    • Slapd
      • Slapd.PATH_LDAPADD
      • Slapd.PATH_LDAPSEARCH
      • Slapd.PATH_SCHEMA_DIR
      • Slapd.PATH_SLAPD
      • Slapd.PATH_SLAP_TEST
      • Slapd.TEST_UTILS_DIR
      • Slapd.get_address()
      • Slapd.get_dn_suffix()
      • Slapd.get_root_dn()
      • Slapd.get_root_password()
      • Slapd.get_url()
      • Slapd.ldap_add()
      • Slapd.ldap_search()
      • Slapd.restart()
      • Slapd.set_debug()
      • Slapd.set_dn_suffix()
      • Slapd.set_port()
      • Slapd.set_root_cn()
      • Slapd.set_root_password()
      • Slapd.set_slapd_debug_level()
      • Slapd.start()
      • Slapd.stop()
      • Slapd.wait()
    • delete_directory_content()
    • find_available_tcp_port()
    • is_port_in_use()
    • mkdirs()
    • quote()
    • test()
  • Module contents

Submodules

tldap.dict module

Dictionary related classes.

class tldap.dict.CaseInsensitiveDict(allowed_keys: Set[str], d: dict | None = None)

Bases: object

Case insensitve dictionary for searches however preserves the case for retrieval. Needs to be supplied with a set of allowed keys.

fix_key(key: str) → str

get(key: str, default: any | None = None)

items() → ItemsView[str, any]

keys() → KeysView[str]

to_dict() → dict

class tldap.dict.ImmutableDict(allowed_keys: Set[str] | None = None, d: dict | None = None)

Bases: object

Immutable dictionary that cannot be changed without creating a new instance.

fix_key(key: str) → str

get(key: str, default: any | None = None)

items() → ItemsView[str, any]

keys() → KeysView[str]

merge(d: dict) → ImmutableDictEntity

set(key: str, value: any) → ImmutableDictEntity

to_dict() → dict

tldap.dn module

dn.py - misc stuff for handling distinguished names (see RFC 4514)

tldap.dn.dn2str(dn)

This function takes a decomposed DN as parameter and returns a single string. It’s the inverse to str2dn() but will always return a DN in LDAPv3 format compliant to RFC 4514.

tldap.dn.escape_dn_chars(s)

Escape all DN special characters found in s with a back-slash (see RFC 4514, section 2.4)

tldap.dn.explode_dn(dn[, notypes=0]) → list

This function takes a DN and breaks it up into its component parts. The notypes parameter is used to specify that only the component’s attribute values be returned and not the attribute types.

tldap.dn.explode_rdn(rdn[, notypes=0]) → list

This function takes a RDN and breaks it up into its component parts if it is a multi-valued RDN. The notypes parameter is used to specify that only the component’s attribute values be returned and not the attribute types.

tldap.dn.str2dn(dn, flags=0)

This function takes a DN as string as parameter and returns a decomposed DN. It’s the inverse to dn2str().

flags describes the format of the dn

See also the OpenLDAP man-page ldap_str2dn(3)

tldap.exceptions module

Various TLDAP exceptions.

exception tldap.exceptions.FieldError

Bases: Exception

Some kind of problem with a field.

exception tldap.exceptions.InvalidDN

Bases: Exception

DN value is invalid and cannot be parsed.

exception tldap.exceptions.MultipleObjectsReturned

Bases: Exception

The query returned multiple objects when only one was expected.

exception tldap.exceptions.ObjectAlreadyExists

Bases: Exception

The requested object already exists

exception tldap.exceptions.ObjectDoesNotExist

Bases: Exception

The requested object does not exist

exception tldap.exceptions.RollbackError

Bases: Exception

An error in rollback and consistency cannot be guaranteed.

exception tldap.exceptions.TestFailure

Bases: Exception

Simulated failure for testing.

exception tldap.exceptions.ValidationError

Bases: Exception

An error while validating data.

tldap.fields module

LDAP field types.

class tldap.fields.BinaryField(max_instances=1, required=False)

Bases: Field

Field contains a binary value that can not be interpreted in anyway.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Validates value and throws ValidationError. Subclasses should override this to provide validation logic.

class tldap.fields.CharField(max_instances=1, required=False)

Bases: Field

Field contains a UTF8 character string.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Validates value and throws ValidationError. Subclasses should override this to provide validation logic.

class tldap.fields.DaysSinceEpochField(max_instances=1, required=False)

Bases: Field

Field is an integer containing number of days since epoch.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

class tldap.fields.FakeField(max_instances=1, required=False)

Bases: Field

db_field = False

Field contains a binary value that can not be interpreted in anyway.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Validates value and throws ValidationError. Subclasses should override this to provide validation logic.

class tldap.fields.Field(max_instances=1, required=False)

Bases: object

The base field type.

clean(value)

Convert the value’s type and run validation. Validation errors from to_python and validate are propagated. The correct value is returned if no error is raised.

db_field = True

property is_list

to_db(value)

Returns field’s single value prepared for saving into a database.

to_python(value)

Converts the input value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

validate(value)

Validates value and throws ValidationError. Subclasses should override this to provide validation logic.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_filter(value)

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Validates value and throws ValidationError. Subclasses should override this to provide validation logic.

class tldap.fields.IntegerField(max_instances=1, required=False)

Bases: Field

Field contains an integer value.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

class tldap.fields.SecondsSinceEpochField(max_instances=1, required=False)

Bases: Field

Field is an integer containing number of seconds since epoch.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

class tldap.fields.SidField(max_instances=1, required=False)

Bases: Field

Field is a binary representation of a Microsoft SID.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

class tldap.fields.UnicodeField(max_instances=1, required=False)

Bases: Field

Field contains a UTF16 character string.

value_to_db(value)

Returns field’s single value prepared for saving into a database.

value_to_python(value)

Converts the input single value into the expected Python data type, raising django.core.exceptions.ValidationError if the data can’t be converted. Returns the converted value. Subclasses should override this.

value_validate(value)

Validates value and throws ValidationError. Subclasses should override this to provide validation logic.

tldap.filter module

filters.py - misc stuff for handling LDAP filter strings (see RFC2254)

tldap.filter.escape_filter_chars(assertion_value, escape_mode=0)

Replace all special characters found in assertion_value by quoted notation.

escape_mode

If 0 only special chars mentioned in RFC 4515 are escaped. If 1 all NON-ASCII chars are escaped. If 2 all chars are escaped.

tldap.filter.filter_format(filter_template, assertion_values)

filter_template

String containing %s as placeholder for assertion values.

assertion_values

List or tuple of assertion values. Length must match count of %s in filter_template.

tldap.ldap_passwd module

Hash and check passwords.

tldap.ldap_passwd.check_password(password: str, encrypted: str) → bool

Check a plaintext password against a hashed password.

tldap.ldap_passwd.encode_password(password: str) → str

Encode a password.

tldap.modlist module

This module contains a modifyModlist function adopted from ldap.modlist.

tldap.modlist.addModlist(entry: dict, ignore_attr_types: List[str] | None = None) → Dict[str, List[bytes]]

Build modify list for call of method LDAPObject.add()

tldap.modlist.escape_list(bytes_list)

tldap.modlist.modifyModlist(old_entry: dict, new_entry: dict, ignore_attr_types: List[str] | None = None, ignore_oldexistent: bool = False) → Dict[str, Tuple[str, List[bytes]]]

Build differential modify list for calling LDAPObject.modify()/modify_s()

Parameters:

• old_entry – Dictionary holding the old entry

• new_entry – Dictionary holding what the new entry should be

• ignore_attr_types – List of attribute type names to be ignored completely

• ignore_oldexistent – If true attribute type names which are in old_entry but are not found in new_entry at all are not deleted. This is handy for situations where your application sets attribute value to ‘’ for deleting an attribute. In most cases leave zero.

Returns:

List of tuples suitable for ldap.LDAPObject.modify().

This function is the same as ldap.modlist.modifyModlist() except for the following changes:

• MOD_DELETE/MOD_DELETE used in preference to MOD_REPLACE when updating an existing value.

tldap.query module

tldap.query.get_filter(q: Q, fields: Dict[str, Field], pk: str)

Translate the Q tree into a filter string to search for, or None if no results possible.

tldap.query.get_filter_item(name: str, operation: bytes, value: bytes) → bytes

A field could be found for this term, try to get filter string for it.

tldap.query.search(connection: LdapBase, query: Q | None, fields: Dict[str, Field], base_dn: str, object_classes: Set[str], pk: str) → Iterator[Tuple[str, dict]]

tldap.query_utils module

class tldap.query_utils.Q(*args, **kwargs)

Bases: Node

Encapsulates filters as objects that can then be combined logically (using & and |).

AND = 'AND'

OR = 'OR'

default = 'AND'

tldap.transaction module

This module implements a transaction manager that can be used to define transaction handling in a request or view function. It is used by transaction control middleware and decorators.

The transaction manager can be in managed or in auto state. Auto state means the system is using a commit-on-save strategy (actually it’s more like commit-on-change). As soon as the .save() or .delete() (or related) methods are called, a commit is made.

Managed transactions don’t do those commits, but will need some kind of manual or implicit commits or rollbacks.

class tldap.transaction.Transaction(entering, exiting, using)

Bases: object

Acts as either a decorator, or a context manager. If it’s a decorator it takes a function and returns a wrapped function. If it’s a contextmanager it’s used with the with statement. In either event entering/exiting are called before and after, respectively, the function/block is executed.

autocommit, commit_on_success, and commit_manually contain the implementations of entering and exiting.

exception tldap.transaction.TransactionManagementError

Bases: Exception

This exception is thrown when something bad happens with transaction management.

tldap.transaction.commit(using=None)

Does the commit itself and resets the dirty flag.

tldap.transaction.commit_manually(using=None)

Decorator that activates manual transaction control. It just disables automatic transaction control and doesn’t do any commit/rollback of its own – it’s up to the user to call the commit and rollback functions themselves.

tldap.transaction.commit_on_success(using=None)

This decorator activates commit on response. This way, if the view function runs successfully, a commit is made; if the viewfunc produces an exception, a rollback is made. This is one of the most common ways to do transaction control in Web apps.

tldap.transaction.enter_transaction_management(using=None)

Enters transaction management for a running thread. It must be balanced with the appropriate leave_transaction_management call, since the actual state is managed as a stack.

The state and dirty flag are carried over from the surrounding block or from the settings, if there is no surrounding block (dirty is always false when no current block is running).

tldap.transaction.is_dirty(using=None)

Returns True if the current transaction requires a commit for changes to happen.

tldap.transaction.is_managed(using=None)

Checks whether the transaction manager is in manual or in auto state.

tldap.transaction.leave_transaction_management(using=None)

Leaves transaction management for a running thread. A dirty flag is carried over to the surrounding block, as a commit will commit all changes, even those from outside. (Commits are on connection level.)

tldap.transaction.rollback(using=None)

This function does the rollback itself and resets the dirty flag.

tldap.tree module

A class for storing a tree graph. Primarily used for filter constructs in the ORM.

class tldap.tree.Node(children=None, connector=None, negated=False)

Bases: object

A single internal node in the tree graph. A Node should be viewed as a connection (the root) with the children being either leaf nodes or other Node instances.

add(data, conn_type, squash=True)

Combines this tree and the data represented by data using the connector conn_type. The combine is done by squashing the node other away if possible.

This tree (self) will never be pushed to a child node of the combined tree, nor will the connector or negated properties change.

The function returns a node which can be used in place of data regardless if the node other got squashed or not.

If squash is False the data is prepared and added as a child to this tree without further logic.

default = 'DEFAULT'

negate()

Negate the sense of the root connector.

tldap.utils module

Contains ConnectionHandler which represents a list of connections.

class tldap.utils.ConnectionHandler(databases)

Bases: object

Contains a list of known LDAP connections.

all()

Return list of all connections.

tldap.utils.load_backend(backend_name)

Module contents

Holds global stuff for tldap.

Q

Shortcut to tldap.query_utils.Q, allows combining query terms.

DEFAULT_LDAP_ALIAS

Alias for default LDAP connection.