Codecov Report

Merging #247 into master will increase coverage by 13.01%.
The diff coverage is 100%.

@@             Coverage Diff             @@
##           master     #247       +/-   ##
===========================================
+ Coverage   57.91%   70.93%   +13.01%     
===========================================
  Files          49       49               
  Lines        5910     4816     -1094     
  Branches      815      812        -3     
===========================================
- Hits         3423     3416        -7     
+ Misses       2157     1066     -1091     
- Partials      330      334        +4

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7ce471e...9c48d3e. Read the comment docs.

I checked how the attribute looks on the object, and all looks fine. I suggest adding this extra test. Could you quickly review it?

AttributeType also doesn't have info about 'X-ORIGIN' in its docstring. Should I update it too?

Test looks good to me.

I've added the docstrings.

One more issue popped up. It is described here -
https://pagure.io/389-ds-base/pull-request/50005#comment-67932

So should I implement it? Are you okay with it?
And should I do it in this PR?

As I see it, the problem with X-ATTR is that it's not really standardized anywhere. Is that right?
Does any other server use it as a multi-valued attribute, or is this 389-DS specific behavior?

As I see it, the problem with X-ATTR is that it's not really standardized anywhere. Is that right?

Yes, it's right.

Does any other server use it as a multi-valued attribute, or is this 389-DS specific behavior?

At least, Oracle's Directory Server uses it the same way we are. :)

Anyway, if we'll add the multi-value support it wouldn't hurt the existing functionality.
The same way we have NAME now.
It will be NAME ( 'nsAIMid' 'nscpaimscreenname' ) for multi-values and NAME 'cosspecifier' for single-valued.

Also, currently, if we have X-ORIGIN ( 'my objectclass' 'user defined' ), the existing python-ldap implementation will just print the first value, which is wrong.

I've added the functionality I mentioned before and a test for it (also, I used FreeIPA LDIFs which have multi-valued X-ORIGIN, btw).

Please, check.

Are there any objections? :)
Or we can merge? The tests pass.

Tests pass, but there's standard to verify that the behavior is correct. I can't find anything to suggest that there's agreement between LDAP servers on what X-ORIGIN actually means.
Is there such a standard or some other neutral documentation that could be referenced here?

LDAP does not define any standard schema extensions, but many directory servers accept any properly-formatted extension as a means of annotating the schema element. For example, one of the most commonly-used extension types is “X-ORIGIN”, which is typically used to indicate the source of the associated schema element, and the string “X-ORIGIN ‘RFC 4519’” might be used to indicate that the associated schema element is defined in RFC 4519.

as seen on
[1] https://ldap.com/schema-element-extensions/
[2] https://ldapwiki.com/wiki/LDAP%20Schema%20Element%20Extensions

Another usage example in LDAP server implementation:
https://github.com/ForgeRock/opendj-community-edition/blob/master/resource/schema/00-core.ldif

I'm missing a test that setting x_origin works, and a test of the behavior of setting x_origin (to values like None, list, tuple, or single string).

Sure.
I've searched for any examples in other tests but it looks to me that we don't test 'set' operation of any particular attributes (like self.names = d['NAME'], self.desc = d['DESC'][0], self.must = d['MUST'], etc.)

So if I missed something and it's there (or you have tools for that) feel free point me to it :)
Thanks

Well, new features need tests, even if old ones don't have them.
Right now I don't know how they would be written, but I can look into it tomorrow (and, in the process, actually write the tests).

Well, new features need tests, even if old ones don't have them.
Right now I don't know how they would be written, but I can look into it tomorrow (and, in the process, actually write the tests).

Sure, I agree. Thank you very much!

Can I ask for a quick check of these?

Looks great! Thank you!