[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question about using OpenLDAP client libraries to write attribute with unknown syntax OID

I realize this may well be off topic, but we are trying to augment a
general directory management tool that we are actively developing
(Ganymede, http://www.arlut.utexas.edu/gash2/) so that it can do
management of users in an Active Directory server.  We are using a
Python program and the OpenLDAP client libraries to communicate with
it, but we are having difficulty writing to the ntSecurityDescriptor

We've written code to do the binary parsing, deconstruction, and
reconstruction of the contents of the ntSecurityDescriptor, but when
we send it to AD, it doesn't go, reporting a 'SERVER UNWILLING TO

I've found that ntSecurityDescriptor is specified using a syntax OID
of 1.2.840.113556.1.4.907, which is specific to Microsoft.

I suppose what my question comes down to is, do the OpenLDAP client
libraries require knowledge of the specific syntax OID (such as above)
in order to properly generate the ASN.1/BER encoding of the attribute?
Or do the OpenLDAP client libraries not care about the syntax OID?

We're treating the attribute as a simple octet string, and we're able
to read it fine, so I would imagine that reversing it and just sending
the same octet string back should work, but in fact it does not.  We
get the same error even if we send back the exact same octet string we

Does this seem indicative of a syntax/encoding problem?  Do the client
libraries even care about syntax OIDs?



Jonathan Abbey				              jonabbey@arlut.utexas.edu
Applied Research Laboratories                 The University of Texas at Austin
GPG Key: 71767586 at keyserver pgp.mit.edu, http://www.ganymeta.org/workkey.gpg

Attachment: pgpfh93w0WW2F.pgp
Description: PGP signature