-
Notifications
You must be signed in to change notification settings - Fork 273
/
_changelog.txt
1062 lines (948 loc) · 63.5 KB
/
_changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# 2.10.1 - 2024.03.20
- tested against Python 3.11
- fixed multiple issues
- add pycryptodomex as a dependency
- add TLS channel binding during NTLM authentication
# 2.9.1 - 2021.07.18
- new feature: added support for using Kerberos authentication on windows clients using the native winkerberos library
- new feature: added support for using Channel Bind tokens with Kerberos authentication on windows clients
- fixed a bug related to using start_tls with a RESTARTABLE strategy that caused errors to be raised erroneously.
- fixed a bug around the type checking of Reverse DNS Settings with Kerberos authentication
- fixed an issue related to decoding unicode strings in LDAP referrals and attributes in python 2
- minor documentation updates and corrections
# 2.9 - 2021.01.24
- new feature: SafeRestartable strategy (SAFE_RESTARTABLE) for using a restartable Connection object in a multi-threading program
- tested against Python 3.9
- added requirements-dev.txt
- fixed logging unicode exceptions in python2.7
- added more granular control over use of reverse dns with Kerberos (thanks Azaria)
- support MS Active Directory persistent search (thanks eLeX)
- added support for LDAP signing when using DIGEST-MD5 authentication (thanks Augustin-FL)
- check only for searchResEntries in LDIF conversion (thanks Jay)
- modify-increment now works properly in mock strategies (thanks Saint-Marcel)
- objectGUID are now converted properly (thanks Janne)
- default timeout in asynchronous strategies raised to 20 seconds
# 2.8.1 - 2020.09.07
- fixed regression in 2.8 for members returned in AD auto-range search (thanks Felix)
- fixed regression in 2.8 for attribute error in restartable class (thanks Christian)
- try to use Crypto library if present for hashing NTLM password on python interpreter missing the MD4 OpenSSL algorithm (thanks Doron)
# 2.8 - 2020.08.08
- new feature: SafeSync strategy (SAFE_SYNC) for using a synchronous Connection object in a multi-threading program
- new feature: LDIF_LINE_LENGTH for specifying line length wrapping in ldif-content output (default to 78 as per RFC 2849)
- fixed requirements for pyasn1
- fixed regression for ldapi connections
- fixed issue with lazy connection requesting server info on every operation
- fixed searching by objectGUID in hex format (thanks Matt)
- added iso_format parameter to utils.format_json to return dates in ISO format (thanks Hugh)
- fixed issue with Referral attributes not returned by the referral server (thanks Nazarii)
- fixed lost error message in auto_bind (thanks cfelder)
- fixed delete_old_dn in mock connections (thanks kpinc)
- fixed a ResourceWarning with lazy connections
- fixed entry_to_json() that in python2 modified the original entry value (thanks Dirk-Jan)
- tests doesnt' raise Exception if real server is not present (thanks Matej)
# 2.7 - 2020.03.01
- tested against Python 3.8.1 and pyasn1 0.4.8
- re-enabled ssl exception raising on bad certificate when only 1 server is present in the server pool
- removed Python 2.6 from Travis configuration (thanks gliptak)
- added support for source specifications in LDAP connections (thanks Azaria)
- added support for allowing special AD security identifier (SID) in DN (thanks John)
- fixed pickling of entry and attribute (thanks cfelder)
- close connection when auto_bind fails (thank Hrishikesh)
- operational attributes can be used in Abstraction Layer (thanks Sohalt)
- additional SSL options can be used in Tls object (thanks Nazarii)
- threading.Event replaces loop checking in async strategy. ASYNC strategy should be much faster now (thanks Yang)
- adding a key that is already an alias that contains other aliases in CaseInsensitiveWithAliasDict() now works properly (thanks Mark)
- when searching for GUID, UUID and SID the backslash character (0x5C) is properly managed (thanks Nocturem)
- LDIF output properly formatted when controls are missing (thanks Tom)
- operational attributes are not returned in MOCK strategies when not requested (thanks kpinc)
- undecodable values are returned as raw bytes when using the pyasn1 decoder
# 2.6.1 - 2019.09.06
- tested against pyasn1 0.4.7
- added eDirectory 9.1.4 (EDIR_9_1_4) to offline schemas
- added json converter for timedelta (thanks dirkjanm)
- strip parameter defaults to False in utils.dn.parse_dn()
- escaped space is allowed as trailing character in attribute_value in utils.dn.parse_dn() (thanks phi1010)
- connection.extend.standard.paged_search doesn't raise exceptions when raise_exceptions is False
- the Search operation returns the entries fetched by the server when size or time limits are reached even if raise_exceptions is set to True
- Handle the minimum value that can be stored in an Int64 in format_ad_timedelta (thanks mprahl)
- EntryState: `entry_raw_attributes` is populated instead of `raw_attributes` (thanks Christian)
- Removed restriction to perform rename and move simultaneously in modify_dn (thanks Fabian)
- fixed checking for hexdigits in parse_dn (thanks Michael)
- fixed escaping when multiple backslashes are present in parse_dn (thanks Phillip)
- fixed multiple NoneType exceptions in entry_to_json() (thanks David and cfelder)
- allowing Microsoft specific syntax (<WKGUID=xxx>) for WellKnownObjects in DN (thanks David)
- connection.extend.standard.paged_search() now follows referrals when auto_referrals=True (thanks kprativa)
- fixed a bug in decoding replica list in connection.extend.novell.list_replicas()
- fixed a bug when adding duplicate alias in CaseInsensitiveWithAliasDict()
- added ignore_duplicates=False in set_aliases in CaseInsensitiveWithAliasDict() to ignore a duplicate alias (either in aliases or in keys)
- Schema info now uses CaseInsensitiveWithAlias dict as default so object and attributes can also be referentiated with OID (thanks ahoffm11)
- added block mode and timeout parameters to next() method of persistent_search
- when using the pyasn1 decoder raw_dn is not returned as a pyasn1 object anymore but as bytes
- Return offset timezone aware datetime for max AD timestamp (thanks Jussi)
# 2.6 - 2019.03.24
- fixed empty digestMd5.py file in 2.5.2 package
- explicitly declare digest module md5 in util.ntlm (thanks adawalli)
- change object passed to modify() was unexpectedly mutated (thanks John)
- added LDAPInfoError exception
- added Server.has_control(control) method to check if a server has a specific control
- added Server.has_extension(extension) method to check if a server has a specific extension
- added Server.has_feature(feature) method to check if a server has a specific feature
- fixed checking of \\ in safe_dn (thanks Maxim)
- fixed uuid checking with 5c byte value
- added single=True parameter to the ServerPool object definition. Servers state is shared between connections using the same pool
- updated copyright notice
# 2.5.2 - 2018.12.28
- when starting tls before binding the connection is automatically open
- fixed changelog date (thanks Adam)
- support for AD timedeltas (thanks mprahl)
- fixed WhoAmI in mock strategies (thanks mprahl)
- prevent unnecessary exception in extend/standard/ModifyPassword (thanks Johnny)
- added support for external gssapi credentials to be passed to the sasl connection (thanks Firstyear)
- added support for gssapi store in sasl connection (thanks clhendrick)
- fixed LdifProducer (thanks antoinell)
- fixed NTLM bind (thanks ribx)
- server state in ServerPool is now a namedtuple "ServerState" (thanks Krisztian)
- fixed error when adding member to AD group with unsafe DN (thanks Maxim)
- properly restore lazy status in reusable strategy (thanks Krisztian)
- ServerState namedtuple converted to class in core/pooling (thanks Krisztian)
- empty schema doesn't raise exception in Abstraction Layer (thanks ghost)
# 2.5.1 - 2018.08.01
- connection.result is populated when exception raised with raise_exceptions=True
- fixed objectSid in mocking strategies
- fixed circular reference in exception history
- added objectSid validator
- byte values are properly searched in MOCK strategies (thanks dyj216)
- exception history refactored (thanks Tamas)
- connections in context manager don't bind anymore when auto_bind is set to AUTO_BIND_NONE (Thanks Tim)
- Cython compatible build (thanks Pedro)
- more detailed exception message in Mock strategy (thanks Janne)
- exceptions flow refactored in reusable strategy (thanks kxt)
- pwdlastset accept any positive integer (thanks abenbecker)
- fixed an exception while logging packet with pyasn1 decoder
- fixed importing abc from collections for Python 3.8
# 2.5 - 2018.04.15
- abstract layer now handles auxiliary classes
- pwdLastSet in AD is valid for 0 and -1 (thanks Taylor)
- fixed extend.novell.get_universal_password (thanks Fernando)
- entryUUID is properly validated in search filters (thanks FriedrichI)
- custom attribute formatters are properly applied when parsing the search filter
- REUSABLE strategy now honours credentials when changed in the original connection (thanks Prof Hase)
- add operation doesn't change passed attribute dict anymore (thanks Daniele)
- missing entry's attribute return False when searching instead of raising an exception (thanks Maxsond)
- fixed ad_timestamp evaluation for integers (thanks Flynn)
- wrong exception raised when user name is empty in simple binding (thanks Ivan)
- exception is raised if size limit is exceed when searching in mocking strategies with raise_exceptions=True (thanks David)
- fixed validator for novell guid
- fixed validator for openldap EntryUUID
- fixed validator for AD objectGUID, now follows MS-DTYP
- fixed formatter for AD objectGUID
- fixed exception when adding binary values (thanks guidow)
- added escape_rdn_chars() to ldap3.utils.dn for safe checking untrusted input while building DNs (thanks Alex)
- fixed search for binary values in mock strategies
- fixed exception with unicode chars in subfilters for python 2 (thanks Friedrich)
- connection.extend.paged_search() doesn't miss the last entries anymore when size limit is exceeded on the server (thanks Friedrich)
- validators are not applied when loading data from json dump in Mock strategies (thanks Derek)
- additional validator to check for erroneous bytes to string conversion in Python 3 (thanks Brian)
- additional formatter and validator to check for generalizedTime with 0 year (thanks Brian)
- added ADDITIONAL_CLIENT_ENCODINGS parameter
- fixed AD dir_sync extended operation (thanks Lucas)
- ad_unlock_account works properly (thanks Francowxu)
- added Microsoft security descriptor control (thanks Dirk-jan)
- fixed search in mock strategies when raise_exceptions=True (thanks Derek)
- formatters never raise exceptions but return the raw_value when unable to format
- fixed controls duplication in paged search (thanks Dirk-jan)
# 2.4.1 - 2018.01.21
- tested against pyasn1 from version 0.1.8 up to version 0.4.2, Python 2.6.6, Python 2.7.14, Python 3.6.4
- auto_encode parameter is honored when binding (thanks jkolo)
- fixed organizationalName definition in oid (thanks mingulov)
- automatic byte to int conversion working again (thanks Brian)
- mock connection searchs correctly escape filters (thanks kiddick)
- fixed bind with not unicode characters in Python 2 (thanks jkolo)
- extended filter attributes should work again with pyasn1 0.4.1 (thanks Dirk-jan)
- fixed error when reading incomplete server info
- NOT keyword properly handled in dit_content_rules (thanks Michael)
- operational attributes are prorerly returned in Cursor whit get_operational_attributes = True (thanks a23s4a)
- start_tls() is properly executed with AD when raise_exceptions=True (thanks Andrew)
- reopening a Connection honours auto_bind setting (thanks calken)
- an attribute returned with no value from a flaky server doesn't raise exception anymore (thanks Terrence)
- pwdLastSet in AD is valid only for -1 (thanks Thane)
- fixed docs for ldifProducer (thanks lhoekenga)
- fixed monkeypatching of pyasn1 for Boolean Value in BER encoding (thanks tmarlok88)
- check_names was not honoured while validating attribute values (thanks ymcymc)
- locks refactored in Connection and in Async strategy
- socket properly closed when checking availability of an invalid server
# 2.4 - 2017.11.14
- security fix in the rebind() method of the Connection object (thanks Daniel)
- fix for Sasl credentials in Python 3 (thanks Busuwe)
- fixed bug when checking for equality in MockBase
- added validator parameter to Server object for custom validators
- attribute values are now validated in add/compare/modify operations in the Connection object
- Python types can now be used in add/compare/modify operations
- compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.3 for now) version
- fixed compatibility with Twisted on Windows on Python 2.7 (thanks Pmisik)
- fixed paged_search behaviour in Reader object
- fixed regression in MockBase (thanks Markus)
- fixed invalid filter sequence in MockBase (thanks SignedBit)
- added compatibility with Cython (thanks Pedro)
- fixed auto_encode check in validate_attribute_value for unknown attrs (thanks CFelder)
- don't encode response_value as extended_response_to_dict expects a decoded value (thanks Matthias)
- compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.7 for now) version
- added LDAPObjectDereferenceError exception
- LDAPObjectDereferenceError is raised when an object tries to dereference itself in the Abstraction Layer (thanks Daniele)
- async module renamed to asynchronous for compatibility with Python 3.7 (thank Barry)
- long integer are properly checked in mocking strategies (thanks gregn610)
- NUMERIC_TYPES includes long for Python 2
# 2.3 - 2017.08.02
- compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.1 for now) version
- MockAsync strategy is available
- added __ne__ method to Attribute in abstraction layer (thank Rodrigo)
- added LDAPUserNameIsMandatoryError exception in simple bind when user name is empty
- search referrals are properly decoded with fast decoder
- paged search works in mock strategies
- paged_search in extend.standard namespace raises an exception of class LDAPOperationResult if the search returns an error
- search_paged() method of Cursor object now return the whole list of entries if generator=False
- updated docs for defaults parameters (thanks Guarnacciaa)
- fixed mockBase for integer matching (thanks Jijo)
- boolean values are now uppercase in LDIF (thanks Linus)
- fixed timeout in ssl connection on Linux and Mac (thanks Allan)
- changed some internal functions to private in ldap3.utils.dn
- operational attribute entryDN is properly managed in Mock strategies (thanks Mark)
- new rdn in renamed entry is properly set in Mock strategies (thanks Mark)
- metrics are now updated for Mock strategies, except that for received bytes (thanks joehy)
- better managing of missing schema from the server (thanks Deborah)
- fixed error while schema is not in string format (thanks Alexandre)
- SNI support added when the underlying python library allows it (thanks Edmund)
- added pool_keepalive parameter to Connection object for REUSABLE strategy
- connection.extend.microsoft.modify_password returns False when change is not successful (thanks Ashley)
- added validators for uuid and uuid_le
- fixed error while searching for bytes
- fixed pickling and unpickling of datetime values (thanks David)
- fixed error that resulted in valid generalizedTime strings not being parsed (thanks Busuwe)
- fixed error with modify operation on referrals (thanks Busuwe)
- fixed error in mockBase add_entry() with raw rdn (thanks Chad)
- fixed error when stdin has not encoding in config.py (thanks cronicryo)
- fixed error when optional field are not present in pyasn1 requests (thanks Ilya)
- added DEFAULT_SERVER_ENCODING config parameter, should always be utf-8
- DEFAULT_ENCODING config parameter renamed to DEFAULT_CLIENT_ENCODING
- ADDITIONAL_ENCODINGS config parameter renamed to ADDITIONAL_SERVER_ENCONDINGS
- additional encodings are applied to all data received from the server
- additional encodings are not applied to client data
- added from_server=False parameter to to_unicode() to not try client encoding while decoding data from server
# 2.2.4 - 2017.05.07
- leading and trailing spaces in server name don't raise exception anymore
- DitContentRule is properly read from the schema
- added validator for Active Directory timestamp
- Mock strategies raise an exception if a non-bytes value is added to the schema when no offline schema is provided (str and int are automatically converted)
- added custom_validators property to Mock strategies
- modifying objectClass with bytes values doesn't raise an exception anymore (but it may fail anyway because of server constraints)
- ensure that config sequence parameters are properly set
- allow case insensitive attribute and class names in config parameters
- added server.schema.is_valid() to check if the schema is available
- empty schema properties are set to empty dict() instead of None
- schema definitions with trailing and leading spaces are now properly parsed and don't raise an LDAPSchemaError exception anymore
- fixed error when flaky servers (OpenLDAP) don't return the correct response with StartTls
# 2.2.3 - 2017.04.30
- abstraction layer query converts int values to string (thanks dgadmin)
- CaseInsensitiveDictWithAlias doesn't raise an exception anymore if alias is set multiple times to the same key
- friendly names in AttrDef are properly managed when performing commits in Writer cursors
- no more errors when server returns an empty schema (thanks Glen)
- range attributes in entries are properly recognized when auto_range is False
- fixed random errors in auto_range searches (thanks James)
- fixed checking of malformed schema
- added configuration parameter IGNORE_MALFORMED_SCHEMA to not raise exception for servers that don't follow the LDAP RFCs (defaults to False)
- test config moved to test/config.py
- testcase_id generated randomly for each test
- added ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF parmeter to exclude some attribute from automatic populate of ObjectDef in Abstract Layer (helpful for AD)
- added IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF parmeter to exclude some attribute from mandatory attribute list in ObjectDef in Abstract Layer (helpful for AD)
- fixed error when using implicit assigning in WritableEntry
- added LDAPInvalidValueError Exception
- in Python 3 byte filter are converted to unicode before parsing
- RESPONSE_DN_ENCODING parameter renamed to ADDITIONAL_ENCODINGS
- to_unicode(value, encoding=None, additional_encodings=False) now checks for additional encoodings in ADDITIONAL_ENCODINGS list if additional_encoding is set to True
- Reusable strategy uses not lazy Restartable connections
- Reusable strategy doesn't keep requesting the schema
- connection pool size in Reusable strategy defaults to 5
- optimized usage of configuration parameters
# 2.2.2 - 2017.03.17
- PLAIN mechanism added to SASL authentication (thanks Janusz)
- added RESULT_RESERVED return code (thanks Rak)
- added RESPONSE_DN_ENCODING in config for flaky servers that return non utf-8 encoded DN. Set it to a list of encoding to sequentially try for decodign DNs.
- removed StopIteration in generators (deprecated by PEP 479)
- fixed a bug when converting AD datetimes on Windows systems
- added compatibility with pyasn1 0.2.3
- fixed NTLM authentication with pyasn1 0.2.3
- fixed an error when installing via executable on Windows (thanks TrumSteven)
- added 'raw_dn' key in search response dictionary. It contains the DN byte value returned for DN by the server
- attributes with ";binary" tag can now be retrieved in abstraction layer with the usual entry.atttribute syntax
- updated tests for OpenLDAP
- fixed error when in add/remove extend operation for case mismatch in user or group dn
- integer validator now automatically convert valid string numbers to int
- invalid timezone are checked when validating Generalized Time Format
- added test cases for validators
- updated tests for OpenLDAP
# 2.2.1 - 2017.02.12
- tested against pyasn1 0.2.2 (thanks Ilya)
- get_response() has an optional new parameter "get_request" to return the request too, helpful in asynchronous strategies
- connection.request, connection.response and connection result are now properly blanked in async strategies
- ldap3.utils.dn.safe_dn() now checks for AD names only if no equal sign is present in the dn
- abstraction layer properly works with asynchronous strategies
- added a named tuple "Operation" used to store the request, result and response of an LDAP operation in Cursor history
- cursors in the Abstraction Layer keep history of executed LDAP operations for the last Cursor operation in the cursor.operation property
- Cursors in the Abstraction Layer keep history of errors for the last Cursor operation in the cursor.errors property
- if any error has occurred in the last operation of a Cursor the cursor.failed property is set to True
- added a named tuple "Operation" for storing request, result and response of an LDAP operation in Cursor history
- Cursor honours raise_exception parameter of the Connection.
- Cursor commit() return True if operations are successful and False if not. All pending commits are executed even if some fail
- new entries that have no additional mandatory attributes other those defined in dn are properly managed in Writers (thanks Matt)
- CaseInsensitiveDict now properly strips blanks from keys
- updated hashing alghoritm SHA to SHA1 (thanks Satoh)
- added match_dn(dn) to Cursor for matching entries with specified text in DN
- added match(attributes, value) for matching entries with specified value in one or more attribute values. It checks values and raw_values
- Cursors have simple match capability. When key is a string Cursor tries to match it against the DN of entries found.
# 2.2.0 - 2017.01.16
- tested againsts Python 3.6.0, Python 2.7.13 and Python 2.6.6
- updated docs regarding search response attributes (thanks James)
- fixed LDIF representation for operation_to_ldif (thanks m7four)
- fixed rebind for pooled connections
- fixed custom sort order in LDIF representation of entry
- added Active Directory GUID syntax for safe_dn() (thanks dinhngtu)
- added pre-post read control (thanks Elizabeth)
- added add_members_to_groups in microsoft.extend namespace for Active Directory
- added remove_members_to_groups in microsoft.extend namespace for Active Directory
- refactored internal extend.microsoft and extend.novell structures
- fixed auto_escape for extended characters (thanks asand3r)
- validators now transform the Python value to a valid LDAP value when appropriate (thanks Sjd-Risca)
- added validator for boolean types
- added validator for date types
- fixed representation of binary data in Abstraction Layer for Python 2
- added auto_encode parameter to Connection object (defaults to True)
- limited auto_escape feature only to filter values
- escape_filter_chars doens't try anymore to guess if the value is already escaped.
- added ldap3.conv.is_filter_safe() (thanks Robert)
- added auto_escape parameter to connection.search() to override connection auto_escape behaviour (defaults to None)
- auto_escape is not applied to filter value if already escaped
- automatically encode output to stdout encoding for repr() and str() (for printing and logging attributes values).
- binary data are converted to a hex values string in repr() and str() (for printing and logging attributes values).
- auto_encoding is performed only for well known attribute types that use Unicode format in LDAP
- CLASSES_EXCLUDED_FROM_CHECK and ATTRIBUTES_EXCLUDED_FROM_CHECK moved to ldap3.utils.config and made available via get_config_parameter()
- added UTF8_ENCODED_SYNTAXES in ldap3.config.utils and made available via get_config_parameter()
- added UTF8_ENCODED_TYPES in ldap3.config.utils and made available via get_config_parameter()
- config parameters made available only via get_config_parameters()
- removed to_bytes() and check_escape() from ldap3.utils.conv (ambiguous functions)
- added connection.request to MockSync (thanks Fabian)
- tags are properly managed in add, compare and modify requests (thanks guidow)
- in Mock strategies single-valued attributes are properly managed
- in Mock strategies attributes type names are properly managed
- implemented extended operation machinery in MockBase
- implemented WhoAmI [RFC4532] in Mock strategies
- implemented GetBindDn [NOVELL] in Mock strategies
- implemented operational attributes machinery in MockBase
- implemented entryDN [RFC5020] operational attribute in MockBase
- Sphinx updated to 1.5.1
# 2.1.1 - 2016.11.18
- Mock strategy uses case insensitive matching when appropriate
- fixed error when adding a virtual attribute in the abstract Entry object
- fixed error messages in Entry moving and renaming
- Reverted default connection strategy to SYNC (thanks Mauro)
- Fixed tutorials (thanks Mauro)
- Fixed checking of schema in ObjectDef (thanks Pierre)
- Fixed checking of stdin in config (thanks Oleg)
- fixed commit of entry with async strategies
- fixed reading of entries in async strategies
- added cipher argument to Tls (thanks Nicolas)
- fixed bug when using the abstraction layer with lazy connections
- fixed case matching while adding new entry in Writer cursor (thanks t0neg)
- disabled auto_escape for byte values
- fixed auto_escape for python 2
- fixed tutorials (thanks Ivano)
# 2.1.0 - 2016.11.03
- changed default Connection strategy from SYNC to RESTARTABLE
- enable automatic escaping of assertion values
- fixed decoding error with check_name=False
- added auto_escape parameter in connection, for trying automatic filter and attribute values escape
- fixed checking of schema in MockBase
- SASLBindInProgress doesn't raise an exception anymore with raise_exceptions=True
- standard formatters are applied in mocking strategies when serching for exact match
# 2.0.9 - 2016.10.28
- removed sanitization of DN in bind operation because some servers accept non standard DN for Simple Bind
# 2.0.8 - 2016.10.28
- included referral caching (thanks TWAC)
# 2.0.7 - 2016.10.27
- FIRST RELEASE OF LDAP3 V2
- changed signature of ldap3.abstract.Reader object
- removed search_size_limit(), search_time_limit() and search_types_only in the Reader cursor
- fixed SASL in progress error (thanks Styleex)
- fixed ALL_ATTRIBUTES in MOCK_SYNC strategy (thanks Belgarion)
- ncorrect attribute type error message now includes the name of the attribute (Thanks Andrej)
- relaxed dn checking for Active Directory UserPrincipalName
- relaxed dn checking for Active Directory SamAccountName
- added checking of attribute name in add, compare and search operations
- added checking of class name in add operation
- renamed exception LDAPTypeError to LDAPAttributeError
- in sync strategies LDAP operations populate the last_error attribute of the connection in case of not RESULT_SUCCESS
- connection.return_empty_attributes defaults to True
- escaped filter by default
- fixed escaping of filter
- add move and rename to abstraction layer entry
- ldap3 namespace decluttered
- RESULT_CODES moved to ldap3.core.results
- compatibility constants removed
- exceptions removed from ldap3 namespace, defined in ldap3.core.exceptions only
- ADDRESS_INFO_REFRESH_TIME is now configurable via set_config_parameter
- Operational attribute prefix set to 'OA_'
- Allows cert and key file in the same file (thanks Jan-Philip)
- Removed logging info when logging is disabled (thanks Dan)
- Updated copyright notice
- Refactored abstraction layer with full support for CRUD (Create, Read, Update, Delete) abstract operations
- Added WritableEntry and WritableAttribute to abstraction layer
- Added standard validators for attribute types and syntaxes defined in the standard LDAP schema
- Added custom validators for attribute values
- Added update capability to abstraction layer
- Fixed typo in docs (thanks Gerardwx)
- Fixed Object and Attribute representation in schema (superior class not shown)
- ObjectDef automatically populates attributes from schema, following object_class hierarchy
- Added attributes parameter to search* methods of Cursor, so that only needed attributes are read even if attr_defs defines more
- Fixed connect_timeout not honored while wrapping socket in tls (thanks Kyle)
- Added 'set' to SEQUENCE_TYPES (thanks Christian)
- Entries returned by search are now writable via the abstraction layer
- LDAPReaderError exception renamed to LDAPCursorError
- auto_range parameter in Connection defaults to True (thanks Ashley)
- get_info defaults to SCHEMA while defining Server object
- Included ordereddict 1.1 (# Copyright (c) 2009 Raymond Hettinger) in ldap3.utils.ordDict for backporting OrderedDict in Python 2.6
- Added config parameter RESET_AVAILABILITY_TIMEOUT to reinsert invalid address in candidate_addresses while checking connection, defaults to 5 seconds
- Fixed inability to connect to a server if the connection starts when the server is unavailable and then it becomes available again
- All DNs are sanitized if connection.check_names is True
- LDAPControlsError exception renamed to LDAPControlError
- LDAPChangesError exception renamed to LDAPChangeError
- The following older constants in ldap3 have been removed, please use the suggested ones:
- AUTH_ANONYMOUS = ANONYMOUS
- AUTH_SIMPLE = SIMPLE
- AUTH_SASL = SASL
- SEARCH_SCOPE_BASE_OBJECT = BASE
- SEARCH_SCOPE_SINGLE_LEVEL = LEVEL
- SEARCH_SCOPE_WHOLE_SUBTREE = SUBTREE
- SEARCH_NEVER_DEREFERENCE_ALIASES = DEREF_NEVER
- SEARCH_DEREFERENCE_IN_SEARCHING = DEREF_SEARCH
- SEARCH_DEREFERENCE_FINDING_BASE_OBJECT = DEREF_BASE
- SEARCH_DEREFERENCE_ALWAYS = DEREF_ALWAYS
- STRATEGY_SYNC = SYNC
- STRATEGY_ASYNC_THREADED = ASYNC
- STRATEGY_LDIF_PRODUCER = LDIF
- STRATEGY_SYNC_RESTARTABLE = RESTARTABLE
- STRATEGY_REUSABLE_THREADED = REUSABLE
- STRATEGY_MOCK_SYNC = MOCK_SYNC
- STRATEGY_MOCK_ASYNC = MOCK_ASYNC
- POOLING_STRATEGY_FIRST = FIRST
- POOLING_STRATEGY_ROUND_ROBIN = ROUND_ROBIN
- POOLING_STRATEGY_RANDOM = RANDOM
- GET_NO_INFO = NONE
- GET_DSA_INFO = DSA
- GET_SCHEMA_INFO = SCHEMA
- GET_ALL_INFO = ALL
# 1.4.0 - 2016.07.18
- Multiple Mock strategies now share entries when using the same Server object
- Added AsyncStreamStrategy
- Added Connection.extend.standard.persistent_search() (Thanks martinrm77)
- Added escaping of character > 0x7F in filter validation (thanks cfelder)
- Added better descriptions of Exception in abstraction layer (thanks cfelder)
- Added queue in Persistent Search
- Added callback in Persistent Search
- MockStrategy now honors raise_exception parameter (thanks Simon)
# 1.3.3 - 2016.07.03
- Change paameter name from 'check' to 'fix' in connection.extend.novell.add_members_to_groups() and connection.extend.novell.remove_members_from_groups
- Added connection.extend.novell.check_groups_memberships() that check if members are in groups and fixes the user-group relation if incorrect
- Updated docs link to ldap3.readthedocs.io
- Fixed error in utils.conv.check_escape (thanks Anjuta)
- Fixed typo in server.py when IP_V4_PREFERRED is used (thanks eva8668)
- Host name certificate matching exception and logging is much more informative (thanks eddie-dunn)
- Fixed typo in docs for use_ssl (thanks Brooks Kindle)
- Tested against Python 2.6., Python 2.7.12, Python 3.5.2 and PyPy 5.3.1
# 1.3.2 - 2016.07.01
- unreleased on pypi
# 1.3.1 - 2016.05.11
- Added support for mocking the ldap3 library
- Added support for MockSync strategy (thanks Roxana)
- Added checked_attributes=True parameter to connection.response_to_json()
- Added checked_attributes=True parameter to entry.entry_to_json()
- MockSyncBase strategy supports bind(), unbind(), delete(), compare(), modify(), modify_dn(), abandon(), add()
- MockSyncBase strategy accepts directory entries in json file
- Fixed schema representation (thanks Conrado)
- Allow connection.abandon(0), useful to "ping" the server
- Added connection.abandon() test suite
- Reusable strategy checks bind credential at bind() time, only on one worker connection
- Reusable strategy ignores abandon() operation because of multiple connection workers
- Reusable strategy honours return_empty_attributes connection parameter
- Added lazy information to connection representation
- Added support for hash (LM:NTLM) Windows NTLM authentication (thanks Dirk)
- Fixed representation of empty attributes in connection.entries
- Comparison of entry attributes value is easier
- Added new extended operation connection.extend.novell.start_transaction()
- Added new extended operation connection.extend.novell.end_transaction()
- Added new extended operation connection.extend.novell.add_members_to_groups(members, groups, check, transaction)
- Added new extended operation connection.extend.novell.remove_members_from_groups(members, groups, check, transaction)
- Added new exception LDAPTransactionError
- Added logic to handle Novell Transaction Error Unsolicited Notice
- Ignore cheching of ssl context when cadata, cafile and capath are not provided (thanks DelboyJan)
# 1.2.2 - 2016.03.23
- repr encoding set to 'ascii' when sys.stdout.encoding is None (thanks Jeff)
# 1.2.1 - 2016.03.19
- try to use the requested ssl protocol in SSLContext for Python>=3.4 (thanks Patrick)
- added return_empty_attributes to Connection object to return an empty list when the attribute requested is missing in the retrieved object
# 1.1.2 - 2016.03.10
- Added rebind() method to Connection object to rebind with a different user (thanks Lorenzo)
- Added Tests for rebind operation
- Start_tls honored in referrals
- Default ldaps port honored in referrals
- Additional connection parameters honored in referrals and in the restartable strategy
- Server connection timeout is honored while connecting, connection receive timeout while receiving
- Extended operations followed on referrals (thanks Pavel)
- Added receive_timeout parameter in Connection object to set socket in non-blocking mode with a specified timeout (thanks Antho)
- Fixed abstract entry __getattr__() throwing KeyError instead of AttributeError (thanks Kilroy)
- Fixed start_tls() Reusable strategy
# 1.0.4 - 2016.01.25
- Controls can be added to extended operation in the extend package (thanks Hinel)
# 1.0.3 - 2015.12.1
- Fixed set_config_parameter (thanks Sigmunau)
- Disabled unauthenticated authentication, see RFC 4513 section 5.1.2 (thanks Petros)
- Fixed falsey value in abstract Entry object __contains__() (thanks Vampouille)
# 1.0.2 - 2015.12.07
- Allowed_referral_hosts in Server objects defaults to [('*', True)] to accept any referral server with authentication
- Referral uri is now properly percent-undecoded (thanks TWAC)
- Referral Server object now use the same configuration of the original Server object
- Fixed __contains__() in Entry object (thanks Vampouille)
# 1.0.1 - 2015.12.06
- Removed the compat package
- Refactored docs for extend operations
# 1.0.0 - 2015.12.06
- Private RC for production
- Status moved to 5 - Production/Stable
# 0.9.9.4 - 2015.12.02
- Added items() to CaseInsensitiveDict class (thanks Jan-Hendrik)
- Added set_config_parameter() in ldap3 namespace to modify the values of the configurable parameters of ldap3
- Added microsoft.extend.modify_password() extended operation to change AD password
- Fixed find_active_random_server() in pooling (thanks Sargul)
- Fixed referral decoding in fast ber decoder (thanks TWAC)
# 0.9.9.3 - 2015.11.15
- Added LDAPI (LDAP over IPC) support for unix socket communication
- Added mandatory_in and optional_in in server schema for attribute types. Now you can see in which classes attributes are used
- Added last_transmitted_time and last_received_time to Usage object to track time of the last sent and received operation
- Exception SessionTerminatedByServer renamed to SessionTerminatedByServerError and added to ldap3 namespace
- Added get_config_parameter() in ldap3 namespace to read the current value of ldap3 configurable parameters
- Added SASL mechanism name as constants in the ldap3 namespace
- Added escape_filter_chars in utils.conv (thanks Peter)
- Reverted ALL_ATTRIBUTES behaviour in search to 0.9.9.1 (thanks Petros)
# 0.9.9.2 - 2015.10.19
- Fixed hasattr() behaviour for Entry object in Python 3
- Allows empty sasl_credentials in SASL bind
- Added POOLING_LOOP_TIMEOUT constant to specify how many seconds the server pooling strategy has to wait before retrying if it did not find an active server (defaults to 10)
- Pooling strategy now allows to specify the number of cycles to try when finding a server (with active=N)
- Pooling strategy now allows to specify how many seconds a server must be considered offline before retrying to check for availabiliry (with exhaust=N)
- Connection.entries defaults to empty list
- ALL_ATTRIBUTES don't send any attribute in the attribute list (was sending '*') while searching
- Added DirSync extended function for Microsoft Active Directory
- Added LDAP_SERVER_DIRSYNC_OID control for Microsoft Active Directory
- Added LDAP_SERVER_EXTENDED_DN_OID control for Microsoft Active Directory
- Added LDAP_SERVER_SHOW_DELETED_OID control for Microsoft Active Directory
- Fixed AD tests for single valued attributes
- Added ACL attribute in the ATTRIBUTES_EXCLUDED_FROM_CHECK list
# 0.9.9.1 - 2015.09.21
- Allows empty member values in groups while adding - this should not be as per rfc4511 4.1.7, but some servers expects it (thanks John)
- Faster case insensitive dict while getting and setting key (thanks Pierre)
- Updated setuptools to 18.3.2
- Updated wheel to 0.26
- Tested against Python 2.6 - Python 2.7 - Python 3.3 - Python 3.4 - Python 3.5 - pypy - pypy3
# 0.9.9 - 2015.09.09
- Fixed boolean value for True value in ASN.1 encoding for certain ldap servers. (thanks Will)
- Fixed follow auto referrals. (thanks WIll)
- Now protocol defined integer values can be used for scope and derefAliases arguments when searching. (thanks Will)
- Added description field in the AttrDef object. (thanks Hogne)
- Added a custom ber decoder. Decoding of received packets is now 10x faster.
- Added new boolean argument fast_decoder in connection object. Defaults to True.
- Highest date correctly managed by the format_ad_timestamp() formatter. (thanks Will)
- Fix for latest gssapi kerberos authentication module (thanks Alex)
- Added freeIPA OID descriptors
- Removed unneeded OidInfo class
# 0.9.8.8 - 2015.08.14
- Coerce objectClass to a list in Add operation. (thanks Yutaka)
- ObjectClass attribute values mantain their order in the Add operation. (thanks Yutaka)
- Fixed search filter composition when the value part of the assertion contains = character. (thanks Eero)
- Fixed modify_password extended operation when no hash method is specified. (thanks midnightlynx)
- Added credentials to kerberos authentication. (thanks Alex)
- Target name can be specified in sasl_credentials for Kerberos authentication. (thanks Alex)
- Target name can be read from DNS in sasl_credential for Kerberos authentication. (thanks Alex)
- Fixed connection.entries error when referrals are in the search response. (thanks WIll)
# 0.9.8.7 - 2015.07.19
- Backported ssl.match_hostname from Python 3.4.3 standard library to be used in Python < 2.7.10
- Use backports.ssl_match_hostname if present instead of static backported functions for matching server names in ssl certificate (thanks Michal)
- Attributes values are properly printed when not strings in abstract.attribute (thanks hogneh)
- Checking unicode __repr__() in python2
- Added hashing capability to Modify Password extended operation (thanks Gawain)
# 0.9.8.6 - 2015.06.30
- Modify operation now accept multiple changes for same attribute (Thanks Lorenzo)
- Fixed entries property in connection when objects from multiple object classes are returned
- Hide sensitive data in logging. use the utils.log.set_library_hide_sensitive_data(False) to show sensitive data
and utils.log.get_library_hide_sensitive_data() to get the current value
- Limited number of characters in a single log line. use the utils.log.set_library_log_max_line_length(length) to set
and utils.log.get_library_log_max_line_length(length) to get the current value
- Added CHANGES.txt with full changelog, latest changes only in README.txt
# 0.9.8.5.post2 - 2015.06.24
- Updated pyasn1 to 0.1.8
- Fixed error in not filter with pyasn1 0.1.8
# 0.9.8.5 - 2015.06.23
- Updated docs with ldap operations pages
- Fixed a bug where an Exception was raised on OpenBSD for missing IPV4_MAPPED flag
- Fixed missing add operation usage metrics
- Abstract Attribute doesn't permit "falsy" values or None as default (thanks Lucas)
# 0.9.8.4 - 2015.05.19
- Added EXTENDED log detail level with prettyPrint description of ldap messages
- Fixed logging of IPv6 address description
- Fixed checking of open address when dns returns more than one ip for the same host
- Fixed selection of proper address when failing back from IPv6 to IPv4 and vice-versa
- When sending controls controlValue is now optional (as stated in RFC 4511), specify None to not send it
- Moved badges to shields.io
# 0.9.8.3 - 2015.05.11
- Added support for logging
- Added LDAPInvalidTlsSpecificationError exception
- Added support for kerberos sasl - needs the gssapi package (thanks sigmaris and pefoley2)
- Added support for using generator objects in ldap operations (thanks Matt)
- Fixed bug in collect_usage (thanks Philippe)
- Changed default server mode from IP_SYSTEM_DEFAULT to IP_V6_PREFERRED
# 0.9.8.2 - 2015.04.08
- SaslCred returned as raw bytes (thanks Peter)
- Search_paged now properly works in abstract.reader (thanks wazboy)
# 0.9.8.1 - 2015.04.04
- Added NTLMv2 authentication method
- extend.standard.who_am_i() now try to decode the authzid as unicode
- Tests for AD (Active Directory) now use tls_before_bind when opening a connection
- 0.9.8 not working for pypi problems
# 0.9.7.12 - 2015.03.18
- Fixed missing optional authzid in digestMD5 sasl mechanism (thanks Damiano)
- Changed unneeded classmethods to staticmethods
# 0.9.7.11 - 2015.03.12
- Fixed address_info resolution on systems without the IPV4MAPPED flag (thanks Andryi)
# 0.9.7.10 - 2015.02.28
- Fixed bug in PagedSearch when server has a hard limit on the number of entries returned (thanks Reimar)
- 0.9.7.9 not working for pypi problems
- 0.9.7.8 not working for pypi problems
- 0.9.7.7 not working for pypi problems
- 0.9.7.6 not working for pypi problems
# 0.9.7.5 - 2015.02.20
- Fixed exception raised when opening a connection to a server. If there is only one candidate address and there is an error it returns the specific Exception, not a generic LDAPException error
- Address_info filters out any impossible address to reach
- Address_info include an IPV4MAPPED address for IPV6 host that try to reach an IPV4 only server
- Added SyncMock strategy (needs the sldap3 package)
- Fixed bug when using the aproximation operation in ldap search operations (thanks Laurent)
- Removed response from exception raised with raise_exceptions=True to avoid very long exceptions message
# 0.9.7.4 - 2015.02.02
- Added connection.entries property for storing response from search operations as and abstract.Entry collection.
# 0.9.7.3 - 2015.01.25
- Modify operation type can also be passed as integer
# 0.9.7.2 - 2015.01.16
- Fixed a bug when resolving IP address with getaddrinfo(). On OSX returned an UDP connection (thanks Hiroshi).
# 0.9.7.1 - 2015.01.05
- Moved to Github
- Moved to Travis-CI for continuous integration
- Moved to ReadTheDocs for documentation
- Moved testing servers in the cloud, to allow testing from Travis-CI
- Project renamed from python3-ldap to ldap3 to avoid name clashing with the existing python-ldap library
- Constant values in ldap3 are now strings. This is helpful in testing and debugging
- Test suite fully refactored to be used in cloud lab and local development lab
- Test suite includes options for testing against eDirectory, Active Directory and OpenLDAP
# 0.9.7 - 2014.12.17
- Fixed bug for auto_range used in paged search
- Added dual IP stack mode parameter in Server object, values are: IP_SYSTEM_DEFAULT, IP_V4_ONLY, IP_V4_PREFERRED, IP_V6_ONLY, IP_V6_PREFERRED
- Added read_server_info parameter to bind() and start_tls() to avoid multiple schema and info read operations with auto_bind
- Redesigned Reusable (pooled) strategy
- Added LDAPResponseTimeoutError exception raised when get_response() doesn't receive any response in the allowed timeout period
- Added shortened authentication parameters in ldap3 namespace: ANONYMOUS, SIMPLE, SASL
- Added shortened scope parameters in ldap3 namespace: BASE, LEVEL, SUBTREE
- Added shortened get_info parameters in ldap3 namespace: NONE, DSA, SCHEMA, ALL
- Added shortened alias dereferencing parameters in ldap3 namespace: DEREF_NONE, DEREF_SEARCH, DEREF_BASE, DEREF_ALWAYS
- Added shortened connection strategy parameters in ldap3 namespace: SYNC, ASYNC, LDIF, RESTARTABLE, REUSABLE
- Added shortened pooling strategy parameters in ldap3 namespace: FIRST, ROUND_ROBIN, RANDOM
- Added reentrant lock to avoid race conditions in the Connection object
- When runs in Python 2.7.9 uses SSLContext
- Tested against Python 2.7.9, PyPy 2.4.0 and PyPy3 2.4.0
- setuptools updated to 8.2.1
# 0.9.6.2 - 2014.11.17
- Changed SESSION_TERMINATED_BY_SERVER from 0 to -2
- Removed unneeded FORMAT_xxx variables in ldap3 namespace
- Fixed bug in auto_range when search operation returns search continuations
- Added infrastructure for Mock DSA (not functional yet)
# 0.9.6.1 - 2014.11.11
- Added boolean parameter "auto_range" to catch the "range" ldap tag in searches. When true all needed search operation are made to fully obtain the whole range of result values
- Fixed bug in sdist
- Added offline schema for Fedora 389 Directory Server 1.3.3
- Fixed bug while reading DSA info
# 0.9.6 - 2014.11.01
- New feature 'offline schema' to let the client have knowledge of schema and DSA info even if not returned by the server
- Offline schema for Novell eDirectory 8.8.8
- Offline schema for Microsoft Active Directory 2012 R2
- Offline schema for slapd 2.4 (Openldap)
- Added server.info.to_json() and server.info.to_file to JSON serialize schema and info from Server object
- Added Server.from_json() and Server.from_file() to create a Server object from a JSON definition
- Added response_to_json() and response_to_file() to Connection object to serialize search response entries in JSON as a string or as a file
- New exception hierarchy LDAPConfigurationError includes library configuration exceptions
- New exception LDAPInvalidConfigurationDefinitionError
- Dsa info and schema are not read twice when binding (thanks phobie)
- LDAPStartTLSError exception is merged with exception raised from ssl packaged
- Digest-MD5 SASL authentication accepts directives with list attributes (thanks John)
- Fixed caseInsensitiveDictionary for keys() and values() methods
- Fixed matching of certificate name in ssl with Python2
- Attributes names and formatters are checked even if schema is not read by the server
- Fixed fractional time when parsing generalized time
- Specific decoder for Active Directory ObjectGuid and ObjectSid
- Added additional checking for unicode in Python 2
- Tested against Python 3.4.2, 2.7.8, 2.6.6
- Updated setuptools to 7.0
# 0.9.5.4 - 2014.09.22
- Fixed security issue in lazy connections (thanks Moritz)
- Added ldap3.utils.dn with parse_dn(dn) to verify dn compliance with RFC4514
- Added safe_dn(dn) to properly escape dn (if possible)
- Added ldap3.utils.uri with parse_uri(uri) to verify uri compliance with RFC4516
- Check for trailing slashes in hostname (thanks Dylan)
- Timeout for socket connect operation. Server.connect_timeout = seconds_to_wait_for_establishing_connection (thanks Florian)
- Closing socket error doesn't raise exception anymore
- ServerPool can be implicity defined with a list of server names (even when defining a connection)
# 0.9.5.3 - 2014.08.24
- elements returned in schema and dsa info are in a case insensitive dictionary (can be changed in ldap3.CASE_INSENSITIVE_SCHEMA_NAMES = True|False)
- attributes name returned in searches are now case insensitive (can be changed in ldap3.CASE_INSENSITIVE_ATTRIBUTE_NAMES = True|False)
- change parameter name from separe_rdn to separate_rdn in ldap3.utils.conv.to_dn()
- sync dev from Bitbucket to GitHub
- schema attributes are explicitly read (useful for Active directory and 389 Directory Server)
- new extended operation: list_replicas (Novell)
- new extended operation: get_replica_info (Novell)
- new extended operation: partition_entry_count (Novell)
- renamed convert_to_ldif() to _convert_to_ldif()
# 0.9.5.2 - 2014.08.05
- fixed LDAPOperationResult.__str__ (thanks David)
- added to_dn() in utils.conv to convert a dn string to a list of components (strings or tuples)
- added __version__ in ldap3
- don't raise exception if the schema cannot be read in unauthenticated state
- server.address_info is now a property
# 0.9.5.1 - 2014.08.02
- getaddrinfo called only once
- real_server machinery removed - messageId is now global and monotonic for the whole library
- attributes are returned formatted if schema is read and check_names = True, removed checked_attributes
- bind result is populated again when successful (was removed in 0.9.2.1)
- exception is now raised if you receive multiple extended response to a single extended request. This is not allowed by RFC 4511
# 0.9.5 - 2014.07.22
- added support for IPv6 (thanks Robert)
- auto_bind can be used even for establishing tls, possible values (defined in ldap3) are: AUTO_BIND_NONE, AUTO_BIND_NO_TLS, AUTO_BIND_TLS_AFTER_BIND, AUTO_BIND_TLS_BEFORE_BIND
- refactored extend package to use classes
- new extended operation: get_universal_password (Novell)
- new extended operation: set_universal_password (Novell)
- added parsing of hostname in scheme://hostname:hostport format. This has the precedence on the parameters (thanks Sorin)
- added extra checks when the schema is read (with the get_info parameter) but nothing is returned by the server
- updated setuptools to version 5.4.1
- when check_name is True and schema is read attributes are checked and formatted in "checked_attributes" as specified by RFCs following the server schema
- added formatter for generalizedTime syntax as specified in RFC4517 (ASN.1)
- custom formatter can be added in Server definition
# 0.9.4.2 - 2014.07.03
- Moved to Bitbucket + Mercurial
- Fixed import in core.tls package
- Removed unneeded imports
# 0.9.4.1 - 2014.07.02
- included missing extend package (thanks to debnet)
# 0.9.4 - 2014.07.02
- when running in python 3.4 or newer now Tls class uses SSLContext object with default secure setting
- added parameters ca_certs_path, ca_certs_data, local_private_key_password to Tls object creation, valid when using SSLContext
- in python 3.4 or newer the system CA certificates configuration can be used (just leave ca_cert_file, ca_certs_path and ca_certs_data set to None)
- removed TLSv1 as default for Tls connection
- upgraded backported ssl function from python 3.4.1 when using with python 2
- when creating a connection the server parameter can be a string: the name of the server to connect in cleartext on default port 389
- fixed bug in ldap3.util.conv.escape_bytes()
- attributes parameter in search can be a tuple
- check_names parameter in connection now defaults to True (so when schema info is available attribute and class name will be checked when performing LDAP operations)
- remove the connection.close() method - use connection.unbind()
- new exception LDAPExtensionError for signalling when the requestValue of extended operation is of an unknown ASN1 type
- exiting connection manager doesn't raise an exception if unbind is not successful (needed in long operations)
- new extended operation: modify_password (RFC3062)
- new extended operation: who_am_i (RFC4532)
- new extended operation: get_bind_dn (Novell)
- updated setuptools to version 5.3
# 0.9.3.5 - 2014.06.22
- Exception history in restartable strategy is printed when reached the maximum number of retries
- Fixed conditions on terminated_by_server unsolicited message
- Added python2.6 egg installation package
# 0.9.3.4 - 2014.06.16
- Exception can now be imported from ldap3 package
- Escape_bytes return '' for empty string instead of None (thanks Brian)
- Added exception history to restartable connection (not for infinite retries)
- Fixed start_tls retrying in restartable connection (thanks Brian)
- New exception LDAPMaximumRetriesError for signalling when the SyncRestartable Strategy has reached the maximum number of retries while performing an operation
- Inverted deleteoldrdn value in LDIF output (thanks Joseph)
# 0.9.3.3 - 2014.06.01
- Fixed a bug in LDIFProducer when using context manager for connection
- LDIF header in stream is added only whene there are actual data in the stream
- Now LDIF stream can be added to an existing file - version header will not be written if stream is not empty
# 0.9.3.2 - 2014.05.30
- Fixed a bug while reading schema
- Add an implicit open() when trying binding on a closed connection
# 0.9.3.1 - 2014.05.28
- Added stream capability to LDIFProducer strategy
- Customizable line separator for LDIF output
- Customizable sorting order for LDIF output
- object_class parameter is now optional in connection.add()
- Fixed objectClass attribute case sensitive dependency in add operation
- Added stream capability to response_to_ldif() while searching
# 0.9.3 - 2014.05.20
- Now the key in server.schema.attribute_type is the attribute name (was the oid)
- Now the key in server.schema.object_classes is the class name (was the oid)
- Added check_names to Connection definition to have name of attributes and of object class checked against the schema
- Updated setuptools to 3.6
- Added wheel installation format
- Added raise_exceptions mode for connection
- Exception hierarchy reworked
- Added locking to Server object (for multithreading)
# 0.9.2.2 - 2014.04.30
- fixed a bug from 0.9.1 that broke start_tls() (thanks Mark)
# 0.9.2.1 - 2014.04.28
- fixed a bug in 0.9.2 that allowed only string attributes in add, modify and compare operations (thank Mladen)
# 0.9.2 - 2014.04.26
- changed return value in get_response from response to (response, result) - helpful for multi-threaded connections
- added ReusableStrategy for pooling connections
- refined docstrings (thanks Will)
- result and response attributes don't overlap anymore. Operation result is only in result attribute.
- fixed search for binary values (thanks Marcin)
- added convenience function to convert bytes to LDAP binary value string format for search filter
# 0.9.1 - 2014.03.30
- added laziness flag to test suite
- changed ServerPool signature to accept active and exhaust parameters
- removed unneeded start_listen parameter
- added 'lazy' parameter to open, to bind and to unbind a connection only when an effective operation is performed
- fixed start_tls in SyncWaitRestartable strategy
- fixed certificate name checking while opening an ssl connection
- fixed syntax error during installation
- socket operations now raises proper exception, not generic LDAPException (thanks Joseph)
- tested against Python 3.4, 3.3, 2.7, 2.6
- updated setuptools to 3.3
# 0.9.0 - 2014.03.20
- PEP8 compliance
- added ldap3.compat package with older (non PEP8 compliant) signatures
- renamed ldap3.abstraction to ldap3.abstract
- moved connection.py, server.py and tls.py files to ldap3.core
- fixed SyncWaitRestartableStrategy (thanks Christoph)
# 0.8.3 - 2014.03.08
- added SyncWaitRestartable strategy
- removed useless forceBind parameter
- usage statistics updated with restartable success/failure counters and open/closed/wrapped socket counters
# 0.8.2 - 2014.03.04
- Added refresh() method to Entry object to read again the attributes from the Reader in the abstraction layer
- Fixed Python 2.6 issues
- Fixed test suite for Python 2.6
# 0.8.1 - 2014.02.12
- Changed exceptions returned by the library to LDAPException, a subclass of Exception.
- Fixed documentation typos
# 0.8.0 - 2014.02.08
- Added abstraction layer (for searching, read only)
- Added context manager to Connection class
- Added readOnly parameter to Connection class
- Fixed a bug in search with 'less than' parameter
- Remove validation of available SSL protocols because different Python interpreters can use different ssl packages
# 0.7.3 - 2014.01.05
- Added SASL DIGEST-MD5 support
- Moved to intrapackage (relative) imports
# 0.7.2 - 2013.12.30
- Fixed a bug when parentheses are used in search filter as ASCII escaped sequences
# 0.7.1 - 2013.12.21
- Completed support for LDIF as per RFC2849
- Added new LDIF_PRODUCER strategy to generate LDIF-CHANGE stream
- Fixed a bug in the autoReferral feature when controls where used in operation
# 0.7.0 - 2013.12.12
- Added support for LDIF as per RFC2849
- Added LDIF-CONTENT compliant search responses
- Added exception when using autoBind if connection is not successful
# 0.6.7 - 2013.12.03
- Fixed exception when DSA is not willing to return rootDSE and schema info
# 0.6.6 - 2013.11.13
- Added parameters to test suite
# 0.6.5 - 2013.11.05
- Modified rawAttributes decoding, now null (empty) values are returned
# 0.6.4 - 2013.10.16
- Added simple paged search as per RFC2696
- Controls return values are decoded and stored in result attribute of connection
# 0.6.3 - 2013.10.07
- Added Extesible Filter syntax to search filter
- Fixed exception while closing connection in AsyncThreaded strategy
# 0.6.2 - 2013.10.01
- Fix for referrals in searchRefResult
- Disabled schema reading on Active Directory
# 0.6.1 - 2013.09.22
- Experimental support for Python 2 - no unicode
- Added backport of ssl.match_name for Python 2
- Minor fixes for using the client in Python 2
- Fix for getting schema info with AsyncThreaded strategy
# 0.6.0 - 2013.09.16
- Moved to beta!
- Added support site hosted on www.assembla.com
- Added public svn repository on www.assembla.com
- Added getInfo to server object, parameter can be: GET_NO_INFO, GET_DSA_INFO, GET_SCHEMA_INFO, GET_ALL_INFO
- Added method to read the schema from the server. Schema is decoded and returned in different dictionaries of the server.schema object
- Updated connection usage info (elapsed time is now computed when connection is closed)
- Updated OID dictionary with extensions and controls from Active Directory specifications.
# 0.5.3 - 2013.09.03
- Added getOperationalAttributes boolean to Search operation to fetch the operational attributes during search
- Added increment operation to modify operation as per RFC4525
- Added dictionary of OID descriptions (for DSE and schema decoding)
- Added method to get Info from DSE (returned in server.info object)
- Modified exceptions for sending controls in LDAP request
- Added connection usage (in connection.usage if collectUsage=True in connection definition)
- Fixed StartTls in asynchronous client strategy
# 0.5.2 - 2013.08.27
- Added SASLprep profile for validating password
- Fixed RFC4511 asn1 definitions
# 0.5.1 - 2013.08.17