Sign inDemoInstall


Package Overview
File Explorer

Install Socket

Protect your apps from supply chain attacks



Temporary slapd launcher for testing purposes





.. image::

.. image::
    :alt: Latest Version

.. image::
    :alt: Supported Python versions

.. image::
    :alt: Wheel status

.. image::
    :alt: License

``volatildap`` provides simple helpers for testing code against a LDAP database.

Its main features include:

* **Simple configuration:** Don't provide anything; the LDAP server will start with sane defaults
* **Built-in cleanup:** As soon as the test ends / the test process exits, the server is instantly removed
* **Cross-distribution setup:** Automatically discover system paths for OpenLDAP binaries, schemas, etc.


.. code-block:: python

    import volatildap

    class MyTests(unittest.TestCase):

        def setUpClass(cls):
            super(MyTests, cls).setUpClass()
            cls._slapd = volatildap.LdapServer(suffix='dc=example,dc=org')

        def setUp(self):
            # Will start the server, or reset/restart it if already started from a previous test.

        def test_something(self):
            conn = ldap.connection(self._slapd.uri)
            # Do some tests

        def test_with_data(self):
            # Load some data
            self._slapd.add({'ou=people': {'cn': [b'Users']}})
            # Run the tests

The ``volatildap.LdapServer`` provides a few useful methods:

    Start or restart the server.
    This will:

    * Clear all data, if any
    * Start the server if it's not yet running
    * Populate the initial data

    Stop the server.

    This will clean up all data and kill the proces.

    Wait until the server is asked to stop.

    Mostly useful when controlling the server in another manner, or to use the volatildap
    server as a development instance.

    Add some data, see the ``initial_data`` structure below.

    Retrieve an object by its distinguished name;

    Returns a dictionary mapping an attribute to the list of its values, as bytes.

    Raises ``KeyError`` if the distinguished name is unknown to the underlying database.

    Add lines from a LDIF file - contents should be bytes.

    Return an entry as a list of lines for a LDIF file

    Restore the server to its pristine, initial state.
    This includes loading the inital_data.

It also exposes the following attributes:

    The URI to use to contect the server (e.g ``ldap://localhost:10389/``)

    The distinguishedName of the admin account

    The password of the admin account

    The suffix used by the LDAP server

    The TCP port the LDAP server is listening on

    The hostname the LDAP server is listening on

    A named tuple, containing the TLS attributes.
    The only guaranteed attribute is ``tls_config.root``, which contains the PEM-formatted
    server certificate.


The ``volatildap.LdapServer`` class accepts a few parameters:

    The suffix to use for the LDAP tree

    *Default:* ``dc=example,dc=org``

    The administrator account for the LDAP server

    *Default:* ``cn=testadmin,dc=example,dc=org``

    The administrator password.

    *Default:* A random value, available through ``LdapServer.rootpw``

    List of schemas to load; can be either a simple name (e.g ``cosine.schema``; looked up in openldap installation); or a path to a custom one.

    *Default:* ``['core.schema']``

    Dict mapping a distinguished name to a dict of attribute/values:

    .. code-block:: python

            'ou=people': {
                'objectClass': ['organizationalUnit'],
                'cn': ['People'],

    **Note:** When adding data, the suffix can be omitted on objects DNs.

    *Default:* ``{}``

    When loading schemas, this flag instructs ``volatildap`` to continue if some schemas
    can't be found.

    *Default:* ``False``

    The port to use.

    *Default:* An available TCP port on the system

    The hostname or IP to listen on.

    *Default:* ``localhost``

    The debug level for slapd; see ``slapd.conf``

    *Default:* ``0``

    The maximum delay allowed for server startup, in seconds.

    *Default:* ``30``

    A set of TLS certificate files for configuring the server.
    A valid set for ``localhost`` is provided as ``volatildap.LOCALHOST_TLS_CONFIG``, but users may also provide their own:

    .. code-block:: python

      tls_config = volatildap.TLSConfig(

Command line

volatildap provides a command line entrypoint for simplicity: ``python -m volatildap.cli``

Its usage follows:

.. code-block::

    usage: [-h] [--port PORT] [--host HOST] [--suffix SUFFIX]
                  [--rootdn ROOTDN] [--rootpw ROOTPW] [--debug DEBUG]
                  [--control CONTROL] [--initial INITIAL]
                  [--schemas [SCHEMAS [SCHEMAS ...]]] [--tls]

    optional arguments:
      -h, --help            show this help message and exit
      --port PORT           Port to listen on; empty for a dynamic port
      --host HOST           Host to listen on; defaults to localhost
      --suffix SUFFIX       LDAP suffix
      --rootdn ROOTDN       Distinguished Name of LDAP admin user
      --rootpw ROOTPW       Password of LDAP admin user
      --debug DEBUG         slapd debug level
      --control CONTROL     Start the HTTP control server on this address
      --initial INITIAL     Load initial objects from the provided LDIF file
      --schemas [SCHEMAS [SCHEMAS ...]]
			    Schemas to load (multi-valued)
      --tls                 Enable TLS, using a built-in stack

Remote control

Once such a server has been started, if a control server has been provided
(for instance as ``--control :10380``), it is possible to start a Python proxy to control it:

.. code-block::

    def setUpClass(cls):
        cls._slapd = volatildap.ProxyServer('http://localhost:10380')

All commands available on a normal instance will be available on the proxy:
``reset``, ``start``, ``stop``, ``add``, ``add_ldif``, ``get``, ``get_ldif``.

The readonly attributes are also available: ``uri``, ``suffix``, ``rootdn``,
``rootpw``, ``port``, ``host``, ``tls_config``.

When using TLS, the server's root certificate authority can be accessed
through ``proxy.tls_config.root``.

Per-distribution specificities

    Under Ubuntu, the default AppArmor policy does not allow ``slapd`` (the LDAP daemon) to read temporary folders.
    Users should update the ``/etc/apparmor.d/usr.sbin.slapd`` file and add ``/tmp/** rwk,`` there.
    `k` option is used to acquire lock on files.
    Users must also add a line with the path to their home. Using the variable `$HOME` won't work so you have to add the full path. Something like `/path/to/my/home/** rw,`.



Did you know?

Socket installs a GitHub app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc