Re: [ActiveDir] List Attribute Syntaxes?
Hi Joe, Actually I think my terminology is a little off. From snooping around a bit I think I want the attributeSchema information under CN=Schema,CN=Configuration,DC=example,DC=com. What I was thinking of originally are the attribute syntax definitions like: ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) But it's clear now that AD doesn't really use these textual definitions (at least not anywhere I can see). Anyway, the overall objective here is to do is to give my custom LDAP client API intellegence (see previous post about scripting language binding) about attributeSchema information so that the API can properly type attribute values. In particular I need to create a table of at least lDAPDisplayName, isSingleValued, and attributeSyntax. This table will be consulted by the API to determine how to compare and present values whether they be binary, multivalued, strings, etc. To make it efficient I will need an index which will be just a hashmap where the lDAPDisplayName is the key and the attributeSchema entry is the datum. Additionally the attributeSyntax value should be one of several predefined OID constants (e.g. ADSTYPE_CASE_IGNORE_STRING) so that attributeSyntaxes can be comared logically. Does any of this make sense? I suppose you don't get a little programmer double talk here :-) Mike On Fri, 20 Oct 2006 23:50:03 -0400 joe [EMAIL PROTECTED] wrote: First off... anything you do with LDIF will be an LDAP query... It speaks pure LDAP. Next off, if I understand what you are asking, yes, you query the schema and you can find all attribute syntaxes assigned, it won't tell you what they are, but you will know all in use. Multivalue status has nothing to do with attribute syntax, that is separate. Whether something is binary or text depends on what you ask for and how you ask for it. You can ask for anything to come back in a binary format with the standard LDAP binary modifier. What that exactly means though depends on the attribute, asking, for instance for a unicode text field in binary really isn't going to look all that different to you either way. But asking for say one of the replication attributes will result in dramatically different results being returned. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen Sent: Friday, October 20, 2006 8:49 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] List Attribute Syntaxes? How can I get a list of attribute syntaxes? For each attribute used by a system I would like to know if it is a multivalue attribute and if it is binary or text. Can I get such a list using an LDAP query? If not can I use ldifde? Thanks, Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] List Attribute Syntaxes?
Are you maybe looking for the extendedAttributeInfo of the Aggregate object from the schema? That is the closest thing to that format in AD that I am aware of. AD's schema is entirely within the LDAP directory and is readable directly with LDAP, there is no need to go to extra files etc. The downside is that the schema doesn't tell the whole story unfortunately. For instance, the description attribute is multivalued, but on certain SAM type objects the SAM enforces that attribute to be single valued. Try it, add values to description on say an OU and then on a user. One allows it, one throws an error. Another issue is there there is no easy way to determine what attributes are say GUIDS. I have come up with a mechanism in AdFind to do that programmatically but that is far from 100%, I sometimes treat things as GUIDs that aren't. But it is far better than having to maintain a list in my eyes which I initially did, then I started getting quite a few emails from folks who wanted me to add their custom GUID attributes to the decoding. There are other items such as rangeupper saying one thing in the schema and being something else due to SAM, etc. The attributeSyntaxes combined with the oMSyntax is what you want to mostly look at for handling attributes. See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad schema/syntaxes.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/choos ing_a_syntax.asp And actually overall reading everything under the following link will probably be helpful http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad schema/active_directory_schema.asp There isn't a lot of programmer talk on this list but the list has some extremely high powered programming resources available here both from inside and outside of Microsoft and in native and NET topics. There are also quite a few non-programmer resources (or maybe they programmed in the past but don't any longer) that can lend great insight into the products overall and their experiences with folks who do write code and where they may want to reconsider. My overall posting recommendation would be to try and keep questions focused to very tight specific scopes, the bigger the scope andm question, the more likely people are not going to respond because they either don't want to tackle something so large in scope or their response needs to be so big it isn't worth their time or maybe something is so big they just don't have time to read it. It could be that there is concern that if a problem can't be summed up in a short space, the poster may not actually have an understanding of the problem and is fishing and hope someone reads through all of the chafe to come out with the actual problem. That does happen and the answers do come out, but I think the number of respondents and sometimes the quality can be impacted. I know when I walk through the newsgroups and this list looking for posts to respond to, if someone has more than one or two small paragraphs unless they completely hook me with the subject or the first paragraph I won't read it and just move on to something else. Subject is #1 thing I look at and that tells me which messages to even open, then it is how long is it. I usually do newsgroups and listservs in short bursts of time between other things, so anything that can be read, understood, and responded to quickly is what I tend to go after. My responses are often long but that is simply because I type rather quickly. If I was slower at it, I would respond a lot less. There are others that even though they can type fast, if they can't answer the question in a sentence or two they don't want to respond at all unless something else sucked them into the problem like some kind of issue they haven't ever seen before or a pet problem (aka something that they have worked on and are still gathering info). :) joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: Michael B Allen [mailto:[EMAIL PROTECTED] Sent: Saturday, October 21, 2006 2:39 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: Re: [ActiveDir] List Attribute Syntaxes? Hi Joe, Actually I think my terminology is a little off. From snooping around a bit I think I want the attributeSchema information under CN=Schema,CN=Configuration,DC=example,DC=com. What I was thinking of originally are the attribute syntax definitions like: ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) But it's clear now that AD doesn't really use these textual definitions (at least not anywhere I can see). Anyway, the overall objective here is to do is to give my custom LDAP client API intellegence (see previous post about scripting language binding) about attributeSchema information so that the API can
Re: [ActiveDir] List Attribute Syntaxes?
and listservs in short bursts of time between other things, so anything that can be read, understood, and responded to quickly is what I tend to go after. My responses are often long but that is simply because I type rather quickly. If I was slower at it, I would respond a lot less. There are others that even though they can type fast, if they can't answer the question in a sentence or two they don't want to respond at all unless something else sucked them into the problem like some kind of issue they haven't ever seen before or a pet problem (aka something that they have worked on and are still gathering info). :) joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: Michael B Allen [mailto:[EMAIL PROTECTED] Sent: Saturday, October 21, 2006 2:39 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: Re: [ActiveDir] List Attribute Syntaxes? Hi Joe, Actually I think my terminology is a little off. From snooping around a bit I think I want the attributeSchema information under CN=Schema,CN=Configuration,DC=example,DC=com. What I was thinking of originally are the attribute syntax definitions like: ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) But it's clear now that AD doesn't really use these textual definitions (at least not anywhere I can see). Anyway, the overall objective here is to do is to give my custom LDAP client API intellegence (see previous post about scripting language binding) about attributeSchema information so that the API can properly type attribute values. In particular I need to create a table of at least lDAPDisplayName, isSingleValued, and attributeSyntax. This table will be consulted by the API to determine how to compare and present values whether they be binary, multivalued, strings, etc. To make it efficient I will need an index which will be just a hashmap where the lDAPDisplayName is the key and the attributeSchema entry is the datum. Additionally the attributeSyntax value should be one of several predefined OID constants (e.g. ADSTYPE_CASE_IGNORE_STRING) so that attributeSyntaxes can be comared logically. Does any of this make sense? I suppose you don't get a little programmer double talk here :-) Mike On Fri, 20 Oct 2006 23:50:03 -0400 joe [EMAIL PROTECTED] wrote: First off... anything you do with LDIF will be an LDAP query... It speaks pure LDAP. Next off, if I understand what you are asking, yes, you query the schema and you can find all attribute syntaxes assigned, it won't tell you what they are, but you will know all in use. Multivalue status has nothing to do with attribute syntax, that is separate. Whether something is binary or text depends on what you ask for and how you ask for it. You can ask for anything to come back in a binary format with the standard LDAP binary modifier. What that exactly means though depends on the attribute, asking, for instance for a unicode text field in binary really isn't going to look all that different to you either way. But asking for say one of the replication attributes will result in dramatically different results being returned. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen Sent: Friday, October 20, 2006 8:49 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] List Attribute Syntaxes? How can I get a list of attribute syntaxes? For each attribute used by a system I would like to know if it is a multivalue attribute and if it is binary or text. Can I get such a list using an LDAP query? If not can I use ldifde? Thanks, Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] List Attribute Syntaxes?
On Sat, 21 Oct 2006 18:30:47 -0400 Michael B Allen [EMAIL PROTECTED] wrote: Apparently I don't have CN=Aggregate,CN=Schema,DC=X. I'm using W2K 2003 but maybe it's because it's SBS? Correction: I do have it. I left out CN=Configuration. The exact DN is available through the subschemaSubentry in the RootDSE. Mike List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] List Attribute Syntaxes?
First off... anything you do with LDIF will be an LDAP query... It speaks pure LDAP. Next off, if I understand what you are asking, yes, you query the schema and you can find all attribute syntaxes assigned, it won't tell you what they are, but you will know all in use. Multivalue status has nothing to do with attribute syntax, that is separate. Whether something is binary or text depends on what you ask for and how you ask for it. You can ask for anything to come back in a binary format with the standard LDAP binary modifier. What that exactly means though depends on the attribute, asking, for instance for a unicode text field in binary really isn't going to look all that different to you either way. But asking for say one of the replication attributes will result in dramatically different results being returned. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen Sent: Friday, October 20, 2006 8:49 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] List Attribute Syntaxes? How can I get a list of attribute syntaxes? For each attribute used by a system I would like to know if it is a multivalue attribute and if it is binary or text. Can I get such a list using an LDAP query? If not can I use ldifde? Thanks, Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
