Release 3.3.0:
Highlights:
* ``LDAPError`` now contains additional fields, such as ctrls, result, msgid
* ``passwd_s`` can now extract the newly generated password
* LDAP connections can now be made from a file descriptor
This release is tested on Python 3.8, and the beta of Python 3.9.
The following undocumented functions are deprecated and scheduled for removal:
- ``ldap.cidict.strlist_intersection``
- ``ldap.cidict.strlist_minus``
- ``ldap.cidict.strlist_union``
Modules/
* Ensure ReconnectLDAPObject is not left in an inconsistent state after
a reconnection timeout
* Syncrepl now correctly parses SyncInfoMessage when the message is a syncIdSet
* Release GIL around global get/set option call
* Do not leak serverctrls in result functions
* Don't overallocate memory in attrs_from_List()
* Fix thread support check for Python 3
* With OpenLDAP 2.4.48, use the new header openldap.h
Lib/
* Fix some edge cases regarding quoting in the schema tokenizer
* Fix escaping a single space in ldap.escape_dn_chars
* Fix string formatting in ldap.compare_ext_s
* Prefer iterating dict instead of calling dict.keys()
Doc/
* Clarify the relationship between initialize() and LDAPObject()
* Improve documentation of TLS options
* Update FAQ to include Samba AD-DC error message
"Operation unavailable without authentication"
* Fix several incorrect examples and demos
(but note that these are not yet tested)
* Update Debian installation instructions for Debian Buster
* Typo fixes in docs and docstrings
Test/
* Test and document error cases in ldap.compare_s
* Test if reconnection is done after connection loss
* Make test certificates valid for the far future
* Use slapd -Tt instead of slaptest
Infrastructure:
* Mark the LICENCE file as a license for setuptools
* Use "unittest discover" rather than "setup.py test" to run tests
Release 3.2.0:
Lib/
* Add support for X-ORIGIN in ldap.schema's ObjectClass
* Make initialize() pass extra keyword arguments to LDAPObject
* ldap.controls.sss: use str instead of basestring on Python 3
* Provide ldap._trace_* atributes in non-debug mode
Doc/
* Fix ReST syntax for links to set_option and get_option
Tests/
* Use intersphinx to link to Python documentation
* Correct type of some attribute values to bytes
* Use system-specific ENOTCONN value
Infrastructure:
* Add testing and document support for Python 3.7
* Add Python 3.8-dev to Tox and CI configuration
* Add Doc/requirements.txt for building on Read the Docs
Released 3.1.0:
This release brings two minor API changes:
- Long-deprecated functions ldap.open() and ldap.init() are removed
- LDAPObject.compare_s() and compare_ext_s return bool instead of 0 or 1
All changes since 3.0.0:
Lib/
* Remove long deprecated functions ldap.open() and ldap.init()
* LDAPObject.compare_s() and LDAPObject.compare_ext_s() now return a bool
instead of 1 or 0.
* Make iteration over cidict yield same values as keys()
* Fail if pyasn1 is not installed
* Fix parsing of PPolicyControl ASN.1 structure
* Use items() when appropriate in dict iteration
* Add support for tracing LDAP calls. Tracing can now be enabled with
the env var PYTHON_LDAP_TRACE_LEVEL and redirected to a file with
PYTHON_LDAP_TRACE_FILE.
(This is mainly intended for debugging and internal testing; the
configuration or output may change in future versions.)
Modules/
* Fix ref counting bug in LDAPmessage_to_python
Doc/
* Remove warning about unreleased version
* Doc: Replace Mac OS X -> macOS
Tests/
* Add tests and coverage for tracing
* Disable warnings-as-errors for Python 3.4
* Fix assertTrue to assertEqual
* Mark several test values as bytes
Lib/slapdtest/
* Fix error message for missing commands
* Make SlapdObject a context manager
* Disable SASL external when missing SASL support
* Make SlapdObject.root_dn a property
* In SlapdObject, build include directives dynamically
* Move import statements to top level
Code style:
* Add Makefile rules for automatic formatting of C and Python code
* Reformat and indent all C files
* Trim white space throughout the project
Infrastructure:
* Add py3-trace tox environment to Travis CI config
* Add new Pytest cache directory to gitignore
General:
* Update all pypi.python.org URLs to pypi.org
Released 3.0.0:
Notable changes since 2.4.45 (please see detailed logs below):
* Python 3 support and bytes_mode
see: https://python-ldap.readthedocs.io/en/latest/bytes_mode.html
* The module ldap.async is renamed to ldap.asyncsearch
* New dependencies: pyasn1, pyasn1_modules
* Dropped support for Python 2.6 and 3.3
Release 2.5.2:
* code-cleaning in setup.py
Modules/
* PyBytes_ instead of PyString_ and added PyInt_FromLong compat macro
* moved code from version.c to ldapmodule.c
* removed obsolete back-ward compability constants from common.h
* build checks whether LDAP_API_VERSION is OpenLDAP 2.4.x
* _ldap.__author__ and _ldap.__license__ also set from ldap.pkginfo
* assume C extension API for Python 2.7+
Lib/
* removed all dependencies on modules string and types
* removed use of .has_key()
* removed class ldap.ldapobject.NonblockingLDAPObject
* new global constant ldap.LIBLDAP_API_INFO
* right after importing _ldap there is a call into libldap to initialize it
* method .decodeControlValue() of SSSResponseControl and VLVResponseControl
does not set class attribute result_code anymore
* always use bytes() for UUID() constructor in ldap.syncrepl
* module ldif now uses functions b64encode() and b64decode()
* fixed pickling and restoring of ReconnectLDAPObject
* more modules with PEP-8 compliance
* ldap.ldapobject split into module-package
Tests/
* scripts do not directly call SlapdTestCase.setUpClass() anymore
* added LDIF test with folded, base64-encoded attribute
* added more tests for sub-module ldap.dn
* added tests for ldap.syncrepl
Changes since 2.4.45:
Mandatory prerequisites:
- Python 2.7.x
- pyasn1 0.3.7+ and pyasn1_modules 0.1.5+
Modules/
* removed unused code schema.c
Lib/
* ldap.__version__, ldap.__author__ and ldap.__license__ now
imported from new sub-module ldap.pkginfo also to setup.py
* Added safety assertion when importing _ldap:
ldap.pkginfo.__version__ must match _ldap.__version__
* removed stand-alone module dsml
* slapdtest.SlapdObject.restart() just restarts slapd
without cleaning any data
* Compability changes for pyasn1 0.3.x or newer
(thanks to Ilya Etingof and Christian Heimes)
* The methods SSSResponseControl.decodeControlValue() and
VLVResponseControl.decodeControlValue() now follow the coding
convention to use camel-cased ASN.1 name as class attribute name.
The old class names are still set for back-ward compability
but should not be used in new code because they might be removed
in a later release.
* removed SSSRequestControl from ldap.controls.KNOWN_RESPONSE_CONTROLS
Tests/
* added explicit reconnect tests for ReconnectLDAPObject
Lib/
* fixed passing all arguments from LDAPObject.sasl_non_interactive_bind_s()
to LDAPObject.sasl_interactive_bind_s()
Tests/
* added test for LDAPObject.sasl_external_bind_s()
Doc/
* added docs for SASL bind methods
* more references
* better sorting of LDAPObject methods
2.4.42:
Lib/
* added new SlapdObject methods _ln_schema_files() and
_create_sub_dirs()
* SlapdObject methods setup_rundir() and gen_config()
are now "public" methods
* removed pseudo test script from module ldap.cidict
Tests/
* added sub-module for testing class ldap.cidict.cidict
* avoid deprecated method alias unittest.TestCase.assertEquals
Lib/slapdtest.py
* SlapdObject now evaluates env var SLAPD for optionally pointing
to OpenLDAP's slapd executable (e.g. with OpenLDAP LTB builds)
* added LDAPI support in slaptest.SlapdObject which is internally used
in methods ldapadd() and ldapwhoami()
* added method slaptest.SlapdObject.ldapmodify()
* fixed enabling logger in slaptest
* directory name now contains port to be able to run several SlapdObject
instances side-by-side (e.g. with replication)
* added authz-regexp mapping to rootdn for user running the test
* internally use SASL/EXTERNAL via LDAPI to bind
* SlapdObject.server_id used as serverID in slapd.conf for MMR
* Removed method SlapdObject.started() because SlapdTestCase.setUpClass()
will be used to add initial entries
Tests/
* ReconnectLDAPObject is also tested by sub-classing test class
Lib/
* added 'strf_secs' and 'strp_secs' to ldap.functions.__all__
* fixed regression introduced with 2.4.26:
ldif.LDIFParser did not fully parse LDIF records without trailing empty
separator line
Lib/
* LDIFParser now also accepts value-spec without a space
after the colon.
* Added key-word argument authz_id to LDAPObject methods
sasl_non_interactive_bind_s(), sasl_external_bind_s() and
sasl_gssapi_bind_s()
* Hmmpf! Added missing self to LDAPObject.fileno().
* ReconnectLDAPObject.sasl_bind_s() now correctly uses
generic wrapper arguments *args,**kwargs
* LDIFParser.parse_change_records() now correctly calls
LDIFParser.handle_change_modify()
* Corrected ldap.controls.pwdpolicy.__all__
Doc/
* Started missing docs for sub-module ldap.sasl.
Problems found with existing distfiles:
distfiles/D6.data.ros.gz
distfiles/cstore0.2.tar.gz
distfiles/data4.tar.gz
distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* New wrapping of OpenLDAP's function ldap_sasl_bind_s() allows
to intercept the SASL handshake
Modules/
* Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and
ldap.AUTH_METHOD_NOT_SUPPORTED
Lib/
* Abandoned old syntax when raising ValueError in modules ldif and
ldapurl, more information in some exceptions.
* ldap.ldapobject.LDAPObject:
New convenience methods for SASL GSSAPI or EXTERNAL binds
* Refactored parts in ldif.LDIFParser:
- New class attributes line_counter and byte_counter contain
amount of LDIF data read so far
- Renamed some internally used methods
- Added support for parsing change records currently limited to
changetype: modify
- New separate methods parse_entry_records() (also called by parse())
and parse_change_records()
- Stricter order checking of dn:, changetype:, etc.
- Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__
* New mix-in class ldap.controls.openldap.SearchNoOpMixIn
adds convience method noop_search_st() to LDAPObject class
* Added new modules which implement the control classes
for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) and
Server-side Sorting (see RFC 2891)
Note: This is still experimental! Even the API can change later.
* Fixed missing ReconnectLDAPObject._reconnect_lock when pickling
* Added ldap.controls.pagedresults which is pure Python implementation of
Simple Paged Results Control (see RFC 2696) and delivers the correct
result size
Released 2.4.18 2014-10-09
Changes since 2.4.17:
Lib/
* Fixed raising exception in LDAPObject.read_s() when reading
an entry returns empty search result
Released 2.4.17 2014-09-27
Changes since 2.4.16:
Lib/
* New hook syncrepl_refreshdone() in ldap.syncrepl.SyncReplConsumer
(thanks to Petr Spacek and Chris Mikkelson)
Modules/
* Added support for getting file descriptor of connection
with ldap.OPT_DESC
Released 2.4.16 2014-09-10
Changes since 2.4.15:
Lib/
* New convenience function ldap.dn.is_dn()
* New convenience function ldap.escape_str()
* New convenience methods LDAPObject.read_s() and
LDAPObject.find_unique_entry()
* Fixed invoking start_tls_s() in ReconnectLDAPObject.reconnect()
(thanks to Philipp Hahn)
Replace interpreter path in installed file.
Released 2.4.15 2014-03-24
Changes since 2.4.14:
Lib/
* Added missing modules ldap.controls.openldap and
ldap.controls.pwdpolicy to setup.py
* Added missing imports to ldap.controls.pwdpolicy
* Fixed ldap.controls.pwdpolicy.decodeControlValue() to decode
string of digits
* Support for X-SUBST in schema element class LDAPSyntax
* Support for X-ORDERED and X-ORIGIN in schema element class AttributeType
* ldapurl: New scope 'subordinates' defined in
draft-sermersheim-ldap-subordinate-scope
Modules/
* New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for
draft-sermersheim-ldap-subordinate-scope
* Fixed constant ldap.sasl.CB_GETREALM (thanks to Martin Pfeifer)
Lib/
* Added ldap.controls.openldap.SearchNoOpControl
* New method ldap.async.AsyncSearchHandler.afterFirstResult()
for doing something right after successfully receiving but before
processing first result
* Better log data written when invoking ldap.LDAPLock.acquire() and
ldap.LDAPLock.release()
* LDAPObject and friends now pass `desc' to ldap.LDAPLock() which
results in better logging
* ldapobject.ReconnectLDAPObject now uses internal class-wide
lock for serializing reconnects
* Method signature of ReconnectLDAPObject.reconnect() changed to be able
to call it with separate retry_max and retry_delay values
Modules/
* Added support for retrieving negotiated TLS version/cipher
with LDAPObject.get_option() with the help of upcoming OpenLDAP libs
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Lib/
* ldapobject.ReconnectLDAPObject._apply_last_bind() now sends
anonymous simple bind request even if the calling application
did not to provoke ldap.SERVER_DOWN in method reconnect()
* ldapobject.ReconnectLDAPObject.reconnect() now also catches
ldap.TIMEOUT exception after reconnection attempt
* Several other fixes for ldapobject.ReconnectLDAPObject
Lib/
* ldapobject.ReconnectLDAPObject.reconnect() now preserves
order of options set with LDAPObject.set_option before.
This is needed e.g. for setting connection-specific TLS options.
Demo/
* Better version of Demo/pyasn1/syncrepl.py
* ldapobject.ReconnectLDAPObject.reconnect() now does kind of
an internal locking to pause other threads while reconnecting
is pending.
* Changes to bind- and startTLS-related operation methods of
class ReconnectLDAPObject for more robustness
* New constant ldap.OPT_NAMES_DICT contains mapping from
integer to variable name for all option-related constants.
Lib/
* Fixed overzealous check for non-unique NAMEs in
ldap.schema.subentry.SubSchema.__init__()
* Fixed typos in control decoding method
ldap.controls.simple.OctetStringInteger.decodeControlValue()
* Added experimental support for draft-vchu-ldap-pwd-policy
Lib/
* ldap.controls.ppolicy:
Another fix for decoding the password policy response control
Changes 2.4.5:
Installation:
* defines for SASL and SSL in setup.cfg to be more friendly to
Python setup tools (easy_install)
Lib/
* Fixed typo in ldap.functions._ldap_function_call() which
always released ldap._ldap_module_lock instead of local lock
* ldap.controls.ppolicy:
Fixed decoding the password policy response control
Demo/
* Demo script for ldap.controls.ppolicy
Lib/
* Mostly corrected/updated __doc__ strings
Doc/
* Corrected rst files
* Added missing modules, functions, classes, methods, parameters etc.
at least as auto-generated doc
Changes 2.4.2:
Logging:
* pprint.pformat() is now used when writing method/function
arguments to the trace log
ldap.schema.subentry:
* SubSchema.__init__() now has new key-word argument check_uniqueness
which enables checking whether OIDs are unique in the subschema subentry
* Code-cleaning: consequent use of method SubSchema.getoid() instead of
accessing SubSchema.name2oid directly.
* SubSchema.getoid() and SubSchema.getoid() now have key-word argument
raise_keyerror=0 and raise KeyError with appropriate description.
Modules:
* New LDAP option OPT_X_TLS_PACKAGE available in OpenLDAP 2.4.26+
to determine the name of the SSL/TLS package OpenLDAP was
built with
Lib/
* ldap.modlist.modifyModlist(): New key-word argument
case_ignore_attr_types used to define attribute types for which
comparison of old and new values should be case-insensitive
* Minor changes to which data is sent to debug output for various
trace levels
* Now tag [1] is used in ldap.extop.dds.RefreshResponse in
compliance with RFC 2589 (fix available for OpenLDAP ITS-6886)
* New sub-module ldap.controls.sessiontrack implements request control
as described in draft-wahl-ldap-session (needs pyasn1_modules)
Changes since 2.4.0:
* OpenLDAP 2.4.11+ required to build
* Support for extracting LDAPv3 extended controls in
LDAP_RES_SEARCH_ENTRY responses
(see SF-2829057, thanks to Rich)
* Generic support for LDAPv3 extended operations (thanks to Rich)
Lib/
* new class API in ldap.controls, not backwards-compatible!
* new sub-modules for ldap.controls, some require pyasn1 and pyasn1_modules
* New methods LDAPObject.result4() and LDAPObject.extop_result()
* New (optional) class ldap.controls.AssertionControl
* New helper module ldap.logger contains file-like object which
sends trace messages to logging.log()
* Removed non-functional method LDAPObject.set_cache_options()
* Removed unused dictionary ldap.controls.knownLDAPControls
Modules/
* ldapcontrol.c: Fixed encode_assertion_control() and function is no longer
hidden behind ifdef-statement
Lib
* Removed tabs from various modules to make things work with python -tt.
* Quick fix to ldif.is_dn() to let multi-valued RDNs pass as valid.
Is too liberal in some corner-cases though...
* Fix to ldif.is_dn() to allow dashes in attribute type
* ldap.open() now outputs a deprecation warning
* module-wide locking is now limited to calling _ldap.initialize().
Still ldap.functions._ldap_function_call() is used to wrap all
calls for writing debug log.
Modules
* New LDAP options available in OpenLDAP 2.4.18+ supported in
LDAPObject.get/set_option():
ldap.OPT_X_KEEPALIVE_IDLE, ldap.OPT_X_KEEPALIVE_PROBES,
ldap.OPT_X_KEEPALIVE_INTERVAL,
ldap.OPT_X_TLS_CRLCHECK, ldap.OPT_X_TLS_CRLFILE
Doc
* Various small updates/improvements
