Lib/slapdtest.py
* SlapdObject now evaluates env var SLAPD for optionally pointing
to OpenLDAP's slapd executable (e.g. with OpenLDAP LTB builds)
* added LDAPI support in slaptest.SlapdObject which is internally used
in methods ldapadd() and ldapwhoami()
* added method slaptest.SlapdObject.ldapmodify()
* fixed enabling logger in slaptest
* directory name now contains port to be able to run several SlapdObject
instances side-by-side (e.g. with replication)
* added authz-regexp mapping to rootdn for user running the test
* internally use SASL/EXTERNAL via LDAPI to bind
* SlapdObject.server_id used as serverID in slapd.conf for MMR
* Removed method SlapdObject.started() because SlapdTestCase.setUpClass()
will be used to add initial entries
Tests/
* ReconnectLDAPObject is also tested by sub-classing test class
Lib/
* added 'strf_secs' and 'strp_secs' to ldap.functions.__all__
* fixed regression introduced with 2.4.26:
ldif.LDIFParser did not fully parse LDIF records without trailing empty
separator line
Lib/
* LDIFParser now also accepts value-spec without a space
after the colon.
* Added key-word argument authz_id to LDAPObject methods
sasl_non_interactive_bind_s(), sasl_external_bind_s() and
sasl_gssapi_bind_s()
* Hmmpf! Added missing self to LDAPObject.fileno().
* ReconnectLDAPObject.sasl_bind_s() now correctly uses
generic wrapper arguments *args,**kwargs
* LDIFParser.parse_change_records() now correctly calls
LDIFParser.handle_change_modify()
* Corrected ldap.controls.pwdpolicy.__all__
Doc/
* Started missing docs for sub-module ldap.sasl.
Problems found with existing distfiles:
distfiles/D6.data.ros.gz
distfiles/cstore0.2.tar.gz
distfiles/data4.tar.gz
distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* New wrapping of OpenLDAP's function ldap_sasl_bind_s() allows
to intercept the SASL handshake
Modules/
* Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and
ldap.AUTH_METHOD_NOT_SUPPORTED
Lib/
* Abandoned old syntax when raising ValueError in modules ldif and
ldapurl, more information in some exceptions.
* ldap.ldapobject.LDAPObject:
New convenience methods for SASL GSSAPI or EXTERNAL binds
* Refactored parts in ldif.LDIFParser:
- New class attributes line_counter and byte_counter contain
amount of LDIF data read so far
- Renamed some internally used methods
- Added support for parsing change records currently limited to
changetype: modify
- New separate methods parse_entry_records() (also called by parse())
and parse_change_records()
- Stricter order checking of dn:, changetype:, etc.
- Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__
* New mix-in class ldap.controls.openldap.SearchNoOpMixIn
adds convience method noop_search_st() to LDAPObject class
* Added new modules which implement the control classes
for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) and
Server-side Sorting (see RFC 2891)
Note: This is still experimental! Even the API can change later.
* Fixed missing ReconnectLDAPObject._reconnect_lock when pickling
* Added ldap.controls.pagedresults which is pure Python implementation of
Simple Paged Results Control (see RFC 2696) and delivers the correct
result size
Released 2.4.18 2014-10-09
Changes since 2.4.17:
Lib/
* Fixed raising exception in LDAPObject.read_s() when reading
an entry returns empty search result
Released 2.4.17 2014-09-27
Changes since 2.4.16:
Lib/
* New hook syncrepl_refreshdone() in ldap.syncrepl.SyncReplConsumer
(thanks to Petr Spacek and Chris Mikkelson)
Modules/
* Added support for getting file descriptor of connection
with ldap.OPT_DESC
Released 2.4.16 2014-09-10
Changes since 2.4.15:
Lib/
* New convenience function ldap.dn.is_dn()
* New convenience function ldap.escape_str()
* New convenience methods LDAPObject.read_s() and
LDAPObject.find_unique_entry()
* Fixed invoking start_tls_s() in ReconnectLDAPObject.reconnect()
(thanks to Philipp Hahn)
Replace interpreter path in installed file.
Released 2.4.15 2014-03-24
Changes since 2.4.14:
Lib/
* Added missing modules ldap.controls.openldap and
ldap.controls.pwdpolicy to setup.py
* Added missing imports to ldap.controls.pwdpolicy
* Fixed ldap.controls.pwdpolicy.decodeControlValue() to decode
string of digits
* Support for X-SUBST in schema element class LDAPSyntax
* Support for X-ORDERED and X-ORIGIN in schema element class AttributeType
* ldapurl: New scope 'subordinates' defined in
draft-sermersheim-ldap-subordinate-scope
Modules/
* New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for
draft-sermersheim-ldap-subordinate-scope
* Fixed constant ldap.sasl.CB_GETREALM (thanks to Martin Pfeifer)
Lib/
* Added ldap.controls.openldap.SearchNoOpControl
* New method ldap.async.AsyncSearchHandler.afterFirstResult()
for doing something right after successfully receiving but before
processing first result
* Better log data written when invoking ldap.LDAPLock.acquire() and
ldap.LDAPLock.release()
* LDAPObject and friends now pass `desc' to ldap.LDAPLock() which
results in better logging
* ldapobject.ReconnectLDAPObject now uses internal class-wide
lock for serializing reconnects
* Method signature of ReconnectLDAPObject.reconnect() changed to be able
to call it with separate retry_max and retry_delay values
Modules/
* Added support for retrieving negotiated TLS version/cipher
with LDAPObject.get_option() with the help of upcoming OpenLDAP libs
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Lib/
* ldapobject.ReconnectLDAPObject._apply_last_bind() now sends
anonymous simple bind request even if the calling application
did not to provoke ldap.SERVER_DOWN in method reconnect()
* ldapobject.ReconnectLDAPObject.reconnect() now also catches
ldap.TIMEOUT exception after reconnection attempt
* Several other fixes for ldapobject.ReconnectLDAPObject
Lib/
* ldapobject.ReconnectLDAPObject.reconnect() now preserves
order of options set with LDAPObject.set_option before.
This is needed e.g. for setting connection-specific TLS options.
Demo/
* Better version of Demo/pyasn1/syncrepl.py
* ldapobject.ReconnectLDAPObject.reconnect() now does kind of
an internal locking to pause other threads while reconnecting
is pending.
* Changes to bind- and startTLS-related operation methods of
class ReconnectLDAPObject for more robustness
* New constant ldap.OPT_NAMES_DICT contains mapping from
integer to variable name for all option-related constants.
Lib/
* Fixed overzealous check for non-unique NAMEs in
ldap.schema.subentry.SubSchema.__init__()
* Fixed typos in control decoding method
ldap.controls.simple.OctetStringInteger.decodeControlValue()
* Added experimental support for draft-vchu-ldap-pwd-policy
Lib/
* ldap.controls.ppolicy:
Another fix for decoding the password policy response control
Changes 2.4.5:
Installation:
* defines for SASL and SSL in setup.cfg to be more friendly to
Python setup tools (easy_install)
Lib/
* Fixed typo in ldap.functions._ldap_function_call() which
always released ldap._ldap_module_lock instead of local lock
* ldap.controls.ppolicy:
Fixed decoding the password policy response control
Demo/
* Demo script for ldap.controls.ppolicy
Lib/
* Mostly corrected/updated __doc__ strings
Doc/
* Corrected rst files
* Added missing modules, functions, classes, methods, parameters etc.
at least as auto-generated doc
Changes 2.4.2:
Logging:
* pprint.pformat() is now used when writing method/function
arguments to the trace log
ldap.schema.subentry:
* SubSchema.__init__() now has new key-word argument check_uniqueness
which enables checking whether OIDs are unique in the subschema subentry
* Code-cleaning: consequent use of method SubSchema.getoid() instead of
accessing SubSchema.name2oid directly.
* SubSchema.getoid() and SubSchema.getoid() now have key-word argument
raise_keyerror=0 and raise KeyError with appropriate description.
Modules:
* New LDAP option OPT_X_TLS_PACKAGE available in OpenLDAP 2.4.26+
to determine the name of the SSL/TLS package OpenLDAP was
built with
Lib/
* ldap.modlist.modifyModlist(): New key-word argument
case_ignore_attr_types used to define attribute types for which
comparison of old and new values should be case-insensitive
* Minor changes to which data is sent to debug output for various
trace levels
* Now tag [1] is used in ldap.extop.dds.RefreshResponse in
compliance with RFC 2589 (fix available for OpenLDAP ITS-6886)
* New sub-module ldap.controls.sessiontrack implements request control
as described in draft-wahl-ldap-session (needs pyasn1_modules)
Changes since 2.4.0:
* OpenLDAP 2.4.11+ required to build
* Support for extracting LDAPv3 extended controls in
LDAP_RES_SEARCH_ENTRY responses
(see SF-2829057, thanks to Rich)
* Generic support for LDAPv3 extended operations (thanks to Rich)
Lib/
* new class API in ldap.controls, not backwards-compatible!
* new sub-modules for ldap.controls, some require pyasn1 and pyasn1_modules
* New methods LDAPObject.result4() and LDAPObject.extop_result()
* New (optional) class ldap.controls.AssertionControl
* New helper module ldap.logger contains file-like object which
sends trace messages to logging.log()
* Removed non-functional method LDAPObject.set_cache_options()
* Removed unused dictionary ldap.controls.knownLDAPControls
Modules/
* ldapcontrol.c: Fixed encode_assertion_control() and function is no longer
hidden behind ifdef-statement
Lib
* Removed tabs from various modules to make things work with python -tt.
* Quick fix to ldif.is_dn() to let multi-valued RDNs pass as valid.
Is too liberal in some corner-cases though...
* Fix to ldif.is_dn() to allow dashes in attribute type
* ldap.open() now outputs a deprecation warning
* module-wide locking is now limited to calling _ldap.initialize().
Still ldap.functions._ldap_function_call() is used to wrap all
calls for writing debug log.
Modules
* New LDAP options available in OpenLDAP 2.4.18+ supported in
LDAPObject.get/set_option():
ldap.OPT_X_KEEPALIVE_IDLE, ldap.OPT_X_KEEPALIVE_PROBES,
ldap.OPT_X_KEEPALIVE_INTERVAL,
ldap.OPT_X_TLS_CRLCHECK, ldap.OPT_X_TLS_CRLFILE
Doc
* Various small updates/improvements
----------------------------------------------------------------
Released 2.3.8 2009-04-30
Changes since 2.3.7:
Lib/
* ldap.schema.models: More fault-tolerant parsing of SYNTAX in
AttributeTypeDescription
* ldap.schema.tokenizer.split_tokens():
More tolerant parsing of items separated only with a DOLLAR without
surrounding white-spaces (because WSP is declared as zero or more spaces
in RFC 4512)
----------------------------------------------------------------
Released 2.3.7 2009-04-09
Changes since 2.3.6:
Lib/
* urllib.quote() is now used in LDAPUrlExtension.unparse() to quote
all special URL characters in extension values
Modules/
* Fixed ldapcontrol.c not to raise ldap.ENCODING_ERROR in
function encode_rfc2696() on 64-bit systems
* Fixed seg fault if error code in a LDAP response was outside
the known error codes and could not be mapped to a specific
exception class (thanks to Sean)
* errors.c: LDAP_ERROR_MAX set to LDAP_PROXIED_AUTHORIZATION_DENIED
if available in OpenLDAP header
* new exception class ldap.PROXIED_AUTHORIZATION_DENIED
if available in OpenLDAP header
* Fixed functions.c not to raise ldap.ENCODING_ERROR in
function l_ldap_str2dn() on 64-bit systems (see SF#2725356)
----------------------------------------------------------------
Released 2.3.6 2009-02-22
Changes since 2.3.5:
Lib/
* Importing ldap.str2dn() which directly imported _ldap.str2dn()
is prohibited now (see SF#2181141)
Modules/
* get_option(): Added support for reading more SASL options.
(OPT_X_SASL_MECH, OPT_X_SASL_REALM, OPT_X_SASL_AUTHCID and
OPT_X_SASL_AUTHZID)
* Added some explicit type casts to fix issues while building
with SunStudio
* Fixed compiling issue with GCC 4.4
(see SF#2555793, thanks to Matej and Martin)
Doc/
* Clarified not to use ldap_get_dn() directly
* Fixed description of ldap.SASL_AVAIL and ldap.TLS_AVAIL
(see SF#2555804, thanks to Matej and Martin)
----------------------------------------------------------------
Released 2.3.5 2008-07-06
Changes since 2.3.4:
Lib/
* Fixed methods ldap.cidict.__contains__() and
ldap.schema.models.Entry.__contains__()
* FWIW method LDAPObject.cancel_s() returns a result now
* Fixed ldap.schema.models.NameForm: Class attribute oc is now
of type string, not tuple to be compliant with RFC 4512
----------------------------------------------------------------
Released 2.3.4 2008-03-29
Changes since 2.3.3:
Modules/
* Fixed seg fault when calling LDAPObject.get_option()
(see SF#1926507, thanks to Matej)
----------------------------------------------------------------
Released 2.3.3 2008-03-26
Changes since 2.3.2:
Fixed backward-compability when building with OpenLDAP 2.3.x libs.
----------------------------------------------------------------
Released 2.3.2 2008-03-26
Changes since 2.3.1:
Lib/
* ldap.dn.escape_dn_chars() now really adheres to
RFC 4514 section 2.4 by escaping null characters and a
space occurring at the beginning of the string
* New method ldap.cidict.cidict.__contains__()
* ldap.dn.explode_dn() and ldap.dn.explode_rdn()
have a new optional key-word argument flags which is
passed to ldap.dn.str2dn().
Modules/
* Removed unused OPT_PRIVATE_EXTENSION_BASE from constants.c
Doc/
* Various additions, updates, polishing (thanks to James).
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.
- assume that Python 2.4 and 2.5 are compatible and allow checking for
fallout.
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.
* Support for setuptools (building .egg, thanks to Torsten)
* Support for matched values control
* Fixed ldif
* ldap.schema.models: SUP now separated by $
* Added constant MOD_INCREMENT to support
modify+increment extension
Changes 2.2.1:
* OpenLDAP 2.3+ required now to build.
* Added support for Cancel operation ext. op. if supported
in OpenLDAP API of the libs used for the build.
* Removed deprecated code for setting options by name
* Added l_ldap_cancel()