CHANGELOG¶
- # 2.9.1 - 2021.07.18
- new feature: added support for using Kerberos authentication on windows clients using the native winkerberos library
- new feature: added support for using Channel Bind tokens with Kerberos authentication on windows clients
- fixed a bug related to using start_tls with a RESTARTABLE strategy that caused errors to be raised erroneously.
- fixed a bug around the type checking of Reverse DNS Settings with Kerberos authentication
- fixed an issue related to decoding unicode strings in LDAP referrals and attributes in python 2
- minor documentation updates and corrections
- # 2.9 - 2021.01.24
- new feature: SafeRestartable strategy (SAFE_RESTARTABLE) for using a restartable Connection object in a multi-threading program
- tested against Python 3.9
- added requirements-dev.txt
- fixed logging unicode exceptions in python2.7
- added more granular control over use of reverse dns with Kerberos (thanks Azaria)
- support MS Active Directory persistent search (thanks eLeX)
- added support for LDAP signing when using DIGEST-MD5 authentication (thanks Augustin-FL)
- check only for searchResEntries in LDIF conversion (thanks Jay)
- modify-increment now works properly in mock strategies (thanks Saint-Marcel)
- objectGUID are now converted properly (thanks Janne)
- default timeout in asynchronous strategies raised to 20 seconds
- # 2.8.1 - 2020.09.07
- fixed regression in 2.8 for members returned in AD auto-range search (thanks Felix)
- fixed regression in 2.8 for attribute error in restartable class (thanks Christian)
- try to use Crypto library if present for hashing NTLM password on python interpreter missing the MD4 OpenSSL algorithm (thanks Doron)
- # 2.8 - 2020.08.08
- new feature: SafeSync strategy (SAFE_SYNC) for using a synchronous Connection object in a multi-threading program
- new feature: LDIF_LINE_LENGTH for specifying line length wrapping in ldif-content output (default to 78 as per RFC 2849)
- fixed requirements for pyasn1
- fixed regression for ldapi connections
- fixed issue with lazy connection requesting server info on every operation
- fixed searching by objectGUID in hex format (thanks Matt)
- added iso_format parameter to utils.format_json to return dates in ISO format (thanks Hugh)
- fixed issue with Referral attributes not returned by the referral server (thanks Nazarii)
- fixed lost error message in auto_bind (thanks cfelder)
- fixed delete_old_dn in mock connections (thanks kpinc)
- fixed a ResourceWarning with lazy connections
- fixed entry_to_json() that in python2 modified the original entry value (thanks Dirk-Jan)
- tests doesnt’ raise Exception if real server is not present (thanks Matej)
- # 2.7 - 2020.03.01
- tested against Python 3.8.1 and pyasn1 0.4.8
- re-enabled ssl exception raising on bad certificate when only 1 server is present in the server pool
- removed Python 2.6 from Travis configuration (thanks gliptak)
- added support for source specifications in LDAP connections (thanks Azaria)
- added support for allowing special AD security identifier (SID) in DN (thanks John)
- fixed pickling of entry and attribute (thanks cfelder)
- close connection when auto_bind fails (thank Hrishikesh)
- operational attributes can be used in Abstraction Layer (thanks Sohalt)
- additional SSL options can be used in Tls object (thanks Nazarii)
- threading.Event replaces loop checking in async strategy. ASYNC strategy should be much faster now (thanks Yang)
- adding a key that is already an alias that contains other aliases in CaseInsensitiveWithAliasDict() now works properly (thanks Mark)
- when searching for GUID, UUID and SID the backslash character (0x5C) is properly managed (thanks Nocturem)
- LDIF output properly formatted when controls are missing (thanks Tom)
- operational attributes are not returned in MOCK strategies when not requested (thanks kpinc)
- undecodable values are returned as raw bytes when using the pyasn1 decoder
- # 2.6.1 - 2019.09.06
- tested against pyasn1 0.4.7
- added eDirectory 9.1.4 (EDIR_9_1_4) to offline schemas
- added json converter for timedelta (thanks dirkjanm)
- strip parameter defaults to False in utils.dn.parse_dn()
- escaped space is allowed as trailing character in attribute_value in utils.dn.parse_dn() (thanks phi1010)
- connection.extend.standard.paged_search doesn’t raise exceptions when raise_exceptions is False
- the Search operation returns the entries fetched by the server when size or time limits are reached even if raise_exceptions is set to True
- Handle the minimum value that can be stored in an Int64 in format_ad_timedelta (thanks mprahl)
- EntryState: entry_raw_attributes is populated instead of raw_attributes (thanks Christian)
- Removed restriction to perform rename and move simultaneously in modify_dn (thanks Fabian)
- fixed checking for hexdigits in parse_dn (thanks Michael)
- fixed escaping when multiple backslashes are present in parse_dn (thanks Phillip)
- fixed multiple NoneType exceptions in entry_to_json() (thanks David and cfelder)
- allowing Microsoft specific syntax (<WKGUID=xxx>) for WellKnownObjects in DN (thanks David)
- connection.extend.standard.paged_search() now follows referrals when auto_referrals=True (thanks kprativa)
- fixed a bug in decoding replica list in connection.extend.novell.list_replicas()
- fixed a bug when adding duplicate alias in CaseInsensitiveWithAliasDict()
- added ignore_duplicates=False in set_aliases in CaseInsensitiveWithAliasDict() to ignore a duplicate alias (either in aliases or in keys)
- Schema info now uses CaseInsensitiveWithAlias dict as default so object and attributes can also be referentiated with OID (thanks ahoffm11)
- added block mode and timeout parameters to next() method of persistent_search
- when using the pyasn1 decoder raw_dn is not returned as a pyasn1 object anymore but as bytes
- Return offset timezone aware datetime for max AD timestamp (thanks Jussi)
- # 2.6 - 2019.03.24
- fixed empty digestMd5.py file in 2.5.2 package
- explicitly declare digest module md5 in util.ntlm (thanks adawalli)
- change object passed to modify() was unexpectedly mutated (thanks John)
- added LDAPInfoError exception
- added Server.has_control(control) method to check if a server has a specific control
- added Server.has_extension(extension) method to check if a server has a specific extension
- added Server.has_feature(feature) method to check if a server has a specific feature
- fixed checking of \ in safe_dn (thanks Maxim)
- fixed uuid checking with 5c byte value
- added single=True parameter to the ServerPool object definition. Servers state is shared between connections using the same pool
- updated copyright notice
- # 2.5.2 - 2018.12.28
- when starting tls before binding the connection is automatically open
- fixed changelog date (thanks Adam)
- support for AD timedeltas (thanks mprahl)
- fixed WhoAmI in mock strategies (thanks mprahl)
- prevent unnecessary exception in extend/standard/ModifyPassword (thanks Johnny)
- added support for external gssapi credentials to be passed to the sasl connection (thanks Firstyear)
- added support for gssapi store in sasl connection (thanks clhendrick)
- fixed LdifProducer (thanks antoinell)
- fixed NTLM bind (thanks ribx)
- server state in ServerPool is now a namedtuple “ServerState” (thanks Krisztian)
- fixed error when adding member to AD group with unsafe DN (thanks Maxim)
- properly restore lazy status in reusable strategy (thanks Krisztian)
- ServerState namedtuple converted to class in core/pooling (thanks Krisztian)
- empty schema doesn’t raise exception in Abstraction Layer (thanks ghost)
- # 2.5.1 - 2018.08.01
- connection.result is populated when exception raised with raise_exceptions=True
- fixed objectSid in mocking strategies
- fixed circular reference in exception history
- added objectSid validator
- byte values are properly searched in MOCK strategies (thanks dyj216)
- exception history refactored (thanks Tamas)
- connections in context manager don’t bind anymore when auto_bind is set to AUTO_BIND_NONE (Thanks Tim)
- Cython compatible build (thanks Pedro)
- more detailed exception message in Mock strategy (thanks Janne)
- exceptions flow refactored in reusable strategy (thanks kxt)
- pwdlastset accept any positive integer (thanks abenbecker)
- fixed an exception while logging packet with pyasn1 decoder
- fixed importing abc from collections for Python 3.8
- # 2.5 - 2018.04.15
- abstract layer now handles auxiliary classes
- pwdLastSet in AD is valid for 0 and -1 (thanks Taylor)
- fixed extend.novell.get_universal_password (thanks Fernando)
- entryUUID is properly validated in search filters (thanks FriedrichI)
- custom attribute formatters are properly applied when parsing the search filter
- REUSABLE strategy now honours credentials when changed in the original connection (thanks Prof Hase)
- add operation doesn’t change passed attribute dict anymore (thanks Daniele)
- missing entry’s attribute return False when searching instead of raising an exception (thanks Maxsond)
- fixed ad_timestamp evaluation for integers (thanks Flynn)
- wrong exception raised when user name is empty in simple binding (thanks Ivan)
- exception is raised if size limit is exceed when searching in mocking strategies with raise_exceptions=True (thanks David)
- fixed validator for novell guid
- fixed validator for openldap EntryUUID
- fixed validator for AD objectGUID, now follows MS-DTYP
- fixed formatter for AD objectGUID
- fixed exception when adding binary values (thanks guidow)
- added escape_rdn_chars() to ldap3.utils.dn for safe checking untrusted input while building DNs (thanks Alex)
- fixed search for binary values in mock strategies
- fixed exception with unicode chars in subfilters for python 2 (thanks Friedrich)
- connection.extend.paged_search() doesn’t miss the last entries anymore when size limit is exceeded on the server (thanks Friedrich)
- validators are not applied when loading data from json dump in Mock strategies (thanks Derek)
- additional validator to check for erroneous bytes to string conversion in Python 3 (thanks Brian)
- additional formatter and validator to check for generalizedTime with 0 year (thanks Brian)
- added ADDITIONAL_CLIENT_ENCODINGS parameter
- fixed AD dir_sync extended operation (thanks Lucas)
- ad_unlock_account works properly (thanks Francowxu)
- added Microsoft security descriptor control (thanks Dirk-jan)
- fixed search in mock strategies when raise_exceptions=True (thanks Derek)
- formatters never raise exceptions but return the raw_value when unable to format
- fixed controls duplication in paged search (thanks Dirk-jan)
- # 2.4.1 - 2018.01.21
- tested against pyasn1 from version 0.1.8 up to version 0.4.2, Python 2.6.6, Python 2.7.14, Python 3.6.4
- auto_encode parameter is honored when binding (thanks jkolo)
- fixed organizationalName definition in oid (thanks mingulov)
- automatic byte to int conversion working again (thanks Brian)
- mock connection searchs correctly escape filters (thanks kiddick)
- fixed bind with not unicode characters in Python 2 (thanks jkolo)
- extended filter attributes should work again with pyasn1 0.4.1 (thanks Dirk-jan)
- fixed error when reading incomplete server info
- NOT keyword properly handled in dit_content_rules (thanks Michael)
- operational attributes are prorerly returned in Cursor whit get_operational_attributes = True (thanks a23s4a)
- start_tls() is properly executed with AD when raise_exceptions=True (thanks Andrew)
- reopening a Connection honours auto_bind setting (thanks calken)
- an attribute returned with no value from a flaky server doesn’t raise exception anymore (thanks Terrence)
- pwdLastSet in AD is valid only for -1 (thanks Thane)
- fixed docs for ldifProducer (thanks lhoekenga)
- fixed monkeypatching of pyasn1 for Boolean Value in BER encoding (thanks tmarlok88)
- check_names was not honoured while validating attribute values (thanks ymcymc)
- locks refactored in Connection and in Async strategy
- socket properly closed when checking availability of an invalid server
- # 2.4 - 2017.11.14
- security fix in the rebind() method of the Connection object (thanks Daniel)
- fix for Sasl credentials in Python 3 (thanks Busuwe)
- fixed bug when checking for equality in MockBase
- added validator parameter to Server object for custom validators
- attribute values are now validated in add/compare/modify operations in the Connection object
- Python types can now be used in add/compare/modify operations
- compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.3 for now) version
- fixed compatibility with Twisted on Windows on Python 2.7 (thanks Pmisik)
- fixed paged_search behaviour in Reader object
- fixed regression in MockBase (thanks Markus)
- fixed invalid filter sequence in MockBase (thanks SignedBit)
- added compatibility with Cython (thanks Pedro)
- fixed auto_encode check in validate_attribute_value for unknown attrs (thanks CFelder)
- don’t encode response_value as extended_response_to_dict expects a decoded value (thanks Matthias)
- compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.7 for now) version
- added LDAPObjectDereferenceError exception
- LDAPObjectDereferenceError is raised when an object tries to dereference itself in the Abstraction Layer (thanks Daniele)
- async module renamed to asynchronous for compatibility with Python 3.7 (thank Barry)
- long integer are properly checked in mocking strategies (thanks gregn610)
- NUMERIC_TYPES includes long for Python 2
- # 2.3 - 2017.08.02
- compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.1 for now) version
- MockAsync strategy is available
- added __ne__ method to Attribute in abstraction layer (thank Rodrigo)
- added LDAPUserNameIsMandatoryError exception in simple bind when user name is empty
- search referrals are properly decoded with fast decoder
- paged search works in mock strategies
- paged_search in extend.standard namespace raises an exception of class LDAPOperationResult if the search returns an error
- search_paged() method of Cursor object now return the whole list of entries if generator=False
- updated docs for defaults parameters (thanks Guarnacciaa)
- fixed mockBase for integer matching (thanks Jijo)
- boolean values are now uppercase in LDIF (thanks Linus)
- fixed timeout in ssl connection on Linux and Mac (thanks Allan)
- changed some internal functions to private in ldap3.utils.dn
- operational attribute entryDN is properly managed in Mock strategies (thanks Mark)
- new rdn in renamed entry is properly set in Mock strategies (thanks Mark)
- metrics are now updated for Mock strategies, except that for received bytes (thanks joehy)
- better managing of missing schema from the server (thanks Deborah)
- fixed error while schema is not in string format (thanks Alexandre)
- SNI support added when the underlying python library allows it (thanks Edmund)
- added pool_keepalive parameter to Connection object for REUSABLE strategy
- connection.extend.microsoft.modify_password returns False when change is not successful (thanks Ashley)
- added validators for uuid and uuid_le
- fixed error while searching for bytes
- fixed pickling and unpickling of datetime values (thanks David)
- fixed error that resulted in valid generalizedTime strings not being parsed (thanks Busuwe)
- fixed error with modify operation on referrals (thanks Busuwe)
- fixed error in mockBase add_entry() with raw rdn (thanks Chad)
- fixed error when stdin has not encoding in config.py (thanks cronicryo)
- fixed error when optional field are not present in pyasn1 requests (thanks Ilya)
- added DEFAULT_SERVER_ENCODING config parameter, should always be utf-8
- DEFAULT_ENCODING config parameter renamed to DEFAULT_CLIENT_ENCODING
- ADDITIONAL_ENCODINGS config parameter renamed to ADDITIONAL_SERVER_ENCONDINGS
- additional encodings are applied to all data received from the server
- additional encodings are not applied to client data
- added from_server=False parameter to to_unicode() to not try client encoding while decoding data from server
- # 2.2.4 - 2017.05.07
- leading and trailing spaces in server name don’t raise exception anymore
- DitContentRule is properly read from the schema
- added validator for Active Directory timestamp
- Mock strategies raise an exception if a non-bytes value is added to the schema when no offline schema is provided (str and int are automatically converted)
- added custom_validators property to Mock strategies
- modifying objectClass with bytes values doesn’t raise an exception anymore (but it may fail anyway because of server constraints)
- ensure that config sequence parameters are properly set
- allow case insensitive attribute and class names in config parameters
- added server.schema.is_valid() to check if the schema is available
- empty schema properties are set to empty dict() instead of None
- schema definitions with trailing and leading spaces are now properly parsed and don’t raise an LDAPSchemaError exception anymore
- fixed error when flaky servers (OpenLDAP) don’t return the correct response with StartTls
- # 2.2.3 - 2017.04.30
- abstraction layer query converts int values to string (thanks dgadmin)
- CaseInsensitiveDictWithAlias doesn’t raise an exception anymore if alias is set multiple times to the same key
- friendly names in AttrDef are properly managed when performing commits in Writer cursors
- no more errors when server returns an empty schema (thanks Glen)
- range attributes in entries are properly recognized when auto_range is False
- fixed random errors in auto_range searches (thanks James)
- fixed checking of malformed schema
- added configuration parameter IGNORE_MALFORMED_SCHEMA to not raise exception for servers that don’t follow the LDAP RFCs (defaults to False)
- test config moved to test/config.py
- testcase_id generated randomly for each test
- added ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF parmeter to exclude some attribute from automatic populate of ObjectDef in Abstract Layer (helpful for AD)
- added IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF parmeter to exclude some attribute from mandatory attribute list in ObjectDef in Abstract Layer (helpful for AD)
- fixed error when using implicit assigning in WritableEntry
- added LDAPInvalidValueError Exception
- in Python 3 byte filter are converted to unicode before parsing
- RESPONSE_DN_ENCODING parameter renamed to ADDITIONAL_ENCODINGS
- to_unicode(value, encoding=None, additional_encodings=False) now checks for additional encoodings in ADDITIONAL_ENCODINGS list if additional_encoding is set to True
- Reusable strategy uses not lazy Restartable connections
- Reusable strategy doesn’t keep requesting the schema
- connection pool size in Reusable strategy defaults to 5
- optimized usage of configuration parameters
- # 2.2.2 - 2017.03.17
- PLAIN mechanism added to SASL authentication (thanks Janusz)
- added RESULT_RESERVED return code (thanks Rak)
- added RESPONSE_DN_ENCODING in config for flaky servers that return non utf-8 encoded DN. Set it to a list of encoding to sequentially try for decodign DNs.
- removed StopIteration in generators (deprecated by PEP 479)
- fixed a bug when converting AD datetimes on Windows systems
- added compatibility with pyasn1 0.2.3
- fixed NTLM authentication with pyasn1 0.2.3
- fixed an error when installing via executable on Windows (thanks TrumSteven)
- added ‘raw_dn’ key in search response dictionary. It contains the DN byte value returned for DN by the server
- attributes with “;binary” tag can now be retrieved in abstraction layer with the usual entry.atttribute syntax
- updated tests for OpenLDAP
- fixed error when in add/remove extend operation for case mismatch in user or group dn
- integer validator now automatically convert valid string numbers to int
- invalid timezone are checked when validating Generalized Time Format
- added test cases for validators
- updated tests for OpenLDAP
- # 2.2.1 - 2017.02.12
- tested against pyasn1 0.2.2 (thanks Ilya)
- get_response() has an optional new parameter “get_request” to return the request too, helpful in asynchronous strategies
- connection.request, connection.response and connection result are now properly blanked in async strategies
- ldap3.utils.dn.safe_dn() now checks for AD names only if no equal sign is present in the dn
- abstraction layer properly works with asynchronous strategies
- added a named tuple “Operation” used to store the request, result and response of an LDAP operation in Cursor history
- cursors in the Abstraction Layer keep history of executed LDAP operations for the last Cursor operation in the cursor.operation property
- Cursors in the Abstraction Layer keep history of errors for the last Cursor operation in the cursor.errors property
- if any error has occurred in the last operation of a Cursor the cursor.failed property is set to True
- added a named tuple “Operation” for storing request, result and response of an LDAP operation in Cursor history
- Cursor honours raise_exception parameter of the Connection.
- Cursor commit() return True if operations are successful and False if not. All pending commits are executed even if some fail
- new entries that have no additional mandatory attributes other those defined in dn are properly managed in Writers (thanks Matt)
- CaseInsensitiveDict now properly strips blanks from keys
- updated hashing alghoritm SHA to SHA1 (thanks Satoh)
- added match_dn(dn) to Cursor for matching entries with specified text in DN
- added match(attributes, value) for matching entries with specified value in one or more attribute values. It checks values and raw_values
- Cursors have simple match capability. When key is a string Cursor tries to match it against the DN of entries found.
- # 2.2.0 - 2017.01.16
- tested againsts Python 3.6.0, Python 2.7.13 and Python 2.6.6
- updated docs regarding search response attributes (thanks James)
- fixed LDIF representation for operation_to_ldif (thanks m7four)
- fixed rebind for pooled connections
- fixed custom sort order in LDIF representation of entry
- added Active Directory GUID syntax for safe_dn() (thanks dinhngtu)
- added pre-post read control (thanks Elizabeth)
- added add_members_to_groups in microsoft.extend namespace for Active Directory
- added remove_members_to_groups in microsoft.extend namespace for Active Directory
- refactored internal extend.microsoft and extend.novell structures
- fixed auto_escape for extended characters (thanks asand3r)
- validators now transform the Python value to a valid LDAP value when appropriate (thanks Sjd-Risca)
- added validator for boolean types
- added validator for date types
- fixed representation of binary data in Abstraction Layer for Python 2
- added auto_encode parameter to Connection object (defaults to True)
- limited auto_escape feature only to filter values
- escape_filter_chars doens’t try anymore to guess if the value is already escaped.
- added ldap3.conv.is_filter_safe() (thanks Robert)
- added auto_escape parameter to connection.search() to override connection auto_escape behaviour (defaults to None)
- auto_escape is not applied to filter value if already escaped
- automatically encode output to stdout encoding for repr() and str() (for printing and logging attributes values).
- binary data are converted to a hex values string in repr() and str() (for printing and logging attributes values).
- auto_encoding is performed only for well known attribute types that use Unicode format in LDAP
- CLASSES_EXCLUDED_FROM_CHECK and ATTRIBUTES_EXCLUDED_FROM_CHECK moved to ldap3.utils.config and made available via get_config_parameter()
- added UTF8_ENCODED_SYNTAXES in ldap3.config.utils and made available via get_config_parameter()
- added UTF8_ENCODED_TYPES in ldap3.config.utils and made available via get_config_parameter()
- config parameters made available only via get_config_parameters()
- removed to_bytes() and check_escape() from ldap3.utils.conv (ambiguous functions)
- added connection.request to MockSync (thanks Fabian)
- tags are properly managed in add, compare and modify requests (thanks guidow)
- in Mock strategies single-valued attributes are properly managed
- in Mock strategies attributes type names are properly managed
- implemented extended operation machinery in MockBase
- implemented WhoAmI [RFC4532] in Mock strategies
- implemented GetBindDn [NOVELL] in Mock strategies
- implemented operational attributes machinery in MockBase
- implemented entryDN [RFC5020] operational attribute in MockBase
- Sphinx updated to 1.5.1
- # 2.1.1 - 2016.11.18
- Mock strategy uses case insensitive matching when appropriate
- fixed error when adding a virtual attribute in the abstract Entry object
- fixed error messages in Entry moving and renaming
- Reverted default connection strategy to SYNC (thanks Mauro)
- Fixed tutorials (thanks Mauro)
- Fixed checking of schema in ObjectDef (thanks Pierre)
- Fixed checking of stdin in config (thanks Oleg)
- fixed commit of entry with async strategies
- fixed reading of entries in async strategies
- added cipher argument to Tls (thanks Nicolas)
- fixed bug when using the abstraction layer with lazy connections
- fixed case matching while adding new entry in Writer cursor (thanks t0neg)
- disabled auto_escape for byte values
- fixed auto_escape for python 2
- fixed tutorials (thanks Ivano)
- # 2.1.0 - 2016.11.03
- changed default Connection strategy from SYNC to RESTARTABLE
- enable automatic escaping of assertion values
- fixed decoding error with check_name=False
- added auto_escape parameter in connection, for trying automatic filter and attribute values escape
- fixed checking of schema in MockBase
- SASLBindInProgress doesn’t raise an exception anymore with raise_exceptions=True
- standard formatters are applied in mocking strategies when serching for exact match
- # 2.0.9 - 2016.10.28
- removed sanitization of DN in bind operation because some servers accept non standard DN for Simple Bind
- # 2.0.8 - 2016.10.28
- included referral caching (thanks TWAC)
- # 2.0.7 - 2016.10.27
- FIRST RELEASE OF LDAP3 V2
- changed signature of ldap3.abstract.Reader object
- removed search_size_limit(), search_time_limit() and search_types_only in the Reader cursor
- fixed SASL in progress error (thanks Styleex)
- fixed ALL_ATTRIBUTES in MOCK_SYNC strategy (thanks Belgarion)
- ncorrect attribute type error message now includes the name of the attribute (Thanks Andrej)
- relaxed dn checking for Active Directory UserPrincipalName
- relaxed dn checking for Active Directory SamAccountName
- added checking of attribute name in add, compare and search operations
- added checking of class name in add operation
- renamed exception LDAPTypeError to LDAPAttributeError
- in sync strategies LDAP operations populate the last_error attribute of the connection in case of not RESULT_SUCCESS
- connection.return_empty_attributes defaults to True
- escaped filter by default
- fixed escaping of filter
- add move and rename to abstraction layer entry
- ldap3 namespace decluttered
- RESULT_CODES moved to ldap3.core.results
- compatibility constants removed
- exceptions removed from ldap3 namespace, defined in ldap3.core.exceptions only
- ADDRESS_INFO_REFRESH_TIME is now configurable via set_config_parameter
- Operational attribute prefix set to ‘OA_’
- Allows cert and key file in the same file (thanks Jan-Philip)
- Removed logging info when logging is disabled (thanks Dan)
- Updated copyright notice
- Refactored abstraction layer with full support for CRUD (Create, Read, Update, Delete) abstract operations
- Added WritableEntry and WritableAttribute to abstraction layer
- Added standard validators for attribute types and syntaxes defined in the standard LDAP schema
- Added custom validators for attribute values
- Added update capability to abstraction layer
- Fixed typo in docs (thanks Gerardwx)
- Fixed Object and Attribute representation in schema (superior class not shown)
- ObjectDef automatically populates attributes from schema, following object_class hierarchy
- Added attributes parameter to search* methods of Cursor, so that only needed attributes are read even if attr_defs defines more
- Fixed connect_timeout not honored while wrapping socket in tls (thanks Kyle)
- Added ‘set’ to SEQUENCE_TYPES (thanks Christian)
- Entries returned by search are now writable via the abstraction layer
- LDAPReaderError exception renamed to LDAPCursorError
- auto_range parameter in Connection defaults to True (thanks Ashley)
- get_info defaults to SCHEMA while defining Server object
- Included ordereddict 1.1 (# Copyright (c) 2009 Raymond Hettinger) in ldap3.utils.ordDict for backporting OrderedDict in Python 2.6
- Added config parameter RESET_AVAILABILITY_TIMEOUT to reinsert invalid address in candidate_addresses while checking connection, defaults to 5 seconds
- Fixed inability to connect to a server if the connection starts when the server is unavailable and then it becomes available again
- All DNs are sanitized if connection.check_names is True
- LDAPControlsError exception renamed to LDAPControlError
- LDAPChangesError exception renamed to LDAPChangeError
- The following older constants in ldap3 have been removed, please use the suggested ones:
- AUTH_ANONYMOUS = ANONYMOUS
- AUTH_SIMPLE = SIMPLE
- AUTH_SASL = SASL
- SEARCH_SCOPE_BASE_OBJECT = BASE
- SEARCH_SCOPE_SINGLE_LEVEL = LEVEL
- SEARCH_SCOPE_WHOLE_SUBTREE = SUBTREE
- SEARCH_NEVER_DEREFERENCE_ALIASES = DEREF_NEVER
- SEARCH_DEREFERENCE_IN_SEARCHING = DEREF_SEARCH
- SEARCH_DEREFERENCE_FINDING_BASE_OBJECT = DEREF_BASE
- SEARCH_DEREFERENCE_ALWAYS = DEREF_ALWAYS
- STRATEGY_SYNC = SYNC
- STRATEGY_ASYNC_THREADED = ASYNC
- STRATEGY_LDIF_PRODUCER = LDIF
- STRATEGY_SYNC_RESTARTABLE = RESTARTABLE
- STRATEGY_REUSABLE_THREADED = REUSABLE
- STRATEGY_MOCK_SYNC = MOCK_SYNC
- STRATEGY_MOCK_ASYNC = MOCK_ASYNC
- POOLING_STRATEGY_FIRST = FIRST
- POOLING_STRATEGY_ROUND_ROBIN = ROUND_ROBIN
- POOLING_STRATEGY_RANDOM = RANDOM
- GET_NO_INFO = NONE
- GET_DSA_INFO = DSA
- GET_SCHEMA_INFO = SCHEMA
- GET_ALL_INFO = ALL
- # 1.4.0 - 2016.07.18
- Multiple Mock strategies now share entries when using the same Server object
- Added AsyncStreamStrategy
- Added Connection.extend.standard.persistent_search() (Thanks martinrm77)
- Added escaping of character > 0x7F in filter validation (thanks cfelder)
- Added better descriptions of Exception in abstraction layer (thanks cfelder)
- Added queue in Persistent Search
- Added callback in Persistent Search
- MockStrategy now honors raise_exception parameter (thanks Simon)
- # 1.3.3 - 2016.07.03
- Change paameter name from ‘check’ to ‘fix’ in connection.extend.novell.add_members_to_groups() and connection.extend.novell.remove_members_from_groups
- Added connection.extend.novell.check_groups_memberships() that check if members are in groups and fixes the user-group relation if incorrect
- Updated docs link to ldap3.readthedocs.io
- Fixed error in utils.conv.check_escape (thanks Anjuta)
- Fixed typo in server.py when IP_V4_PREFERRED is used (thanks eva8668)
- Host name certificate matching exception and logging is much more informative (thanks eddie-dunn)
- Fixed typo in docs for use_ssl (thanks Brooks Kindle)
- Tested against Python 2.6., Python 2.7.12, Python 3.5.2 and PyPy 5.3.1
- # 1.3.2 - 2016.07.01
- unreleased on pypi
- # 1.3.1 - 2016.05.11
- Added support for mocking the ldap3 library
- Added support for MockSync strategy (thanks Roxana)
- Added checked_attributes=True parameter to connection.response_to_json()
- Added checked_attributes=True parameter to entry.entry_to_json()
- MockSyncBase strategy supports bind(), unbind(), delete(), compare(), modify(), modify_dn(), abandon(), add()
- MockSyncBase strategy accepts directory entries in json file
- Fixed schema representation (thanks Conrado)
- Allow connection.abandon(0), useful to “ping” the server
- Added connection.abandon() test suite
- Reusable strategy checks bind credential at bind() time, only on one worker connection
- Reusable strategy ignores abandon() operation because of multiple connection workers
- Reusable strategy honours return_empty_attributes connection parameter
- Added lazy information to connection representation
- Added support for hash (LM:NTLM) Windows NTLM authentication (thanks Dirk)
- Fixed representation of empty attributes in connection.entries
- Comparison of entry attributes value is easier
- Added new extended operation connection.extend.novell.start_transaction()
- Added new extended operation connection.extend.novell.end_transaction()
- Added new extended operation connection.extend.novell.add_members_to_groups(members, groups, check, transaction)
- Added new extended operation connection.extend.novell.remove_members_from_groups(members, groups, check, transaction)
- Added new exception LDAPTransactionError
- Added logic to handle Novell Transaction Error Unsolicited Notice
- Ignore cheching of ssl context when cadata, cafile and capath are not provided (thanks DelboyJan)
- # 1.2.2 - 2016.03.23
- repr encoding set to ‘ascii’ when sys.stdout.encoding is None (thanks Jeff)
- # 1.2.1 - 2016.03.19
- try to use the requested ssl protocol in SSLContext for Python>=3.4 (thanks Patrick)
- added return_empty_attributes to Connection object to return an empty list when the attribute requested is missing in the retrieved object
- # 1.1.2 - 2016.03.10
- Added rebind() method to Connection object to rebind with a different user (thanks Lorenzo)
- Added Tests for rebind operation
- Start_tls honored in referrals
- Default ldaps port honored in referrals
- Additional connection parameters honored in referrals and in the restartable strategy
- Server connection timeout is honored while connecting, connection receive timeout while receiving
- Extended operations followed on referrals (thanks Pavel)
- Added receive_timeout parameter in Connection object to set socket in non-blocking mode with a specified timeout (thanks Antho)
- Fixed abstract entry __getattr__() throwing KeyError instead of AttributeError (thanks Kilroy)
- Fixed start_tls() Reusable strategy
- # 1.0.4 - 2016.01.25
- Controls can be added to extended operation in the extend package (thanks Hinel)
- # 1.0.3 - 2015.12.1
- Fixed set_config_parameter (thanks Sigmunau)
- Disabled unauthenticated authentication, see RFC 4513 section 5.1.2 (thanks Petros)
- Fixed falsey value in abstract Entry object __contains__() (thanks Vampouille)
- # 1.0.2 - 2015.12.07
- Allowed_referral_hosts in Server objects defaults to [(‘*’, True)] to accept any referral server with authentication
- Referral uri is now properly percent-undecoded (thanks TWAC)
- Referral Server object now use the same configuration of the original Server object
- Fixed __contains__() in Entry object (thanks Vampouille)
- # 1.0.1 - 2015.12.06
- Removed the compat package
- Refactored docs for extend operations
- # 1.0.0 - 2015.12.06
- Private RC for production
- Status moved to 5 - Production/Stable
- # 0.9.9.4 - 2015.12.02
- Added items() to CaseInsensitiveDict class (thanks Jan-Hendrik)
- Added set_config_parameter() in ldap3 namespace to modify the values of the configurable parameters of ldap3
- Added microsoft.extend.modify_password() extended operation to change AD password
- Fixed find_active_random_server() in pooling (thanks Sargul)
- Fixed referral decoding in fast ber decoder (thanks TWAC)
- # 0.9.9.3 - 2015.11.15
- Added LDAPI (LDAP over IPC) support for unix socket communication
- Added mandatory_in and optional_in in server schema for attribute types. Now you can see in which classes attributes are used
- Added last_transmitted_time and last_received_time to Usage object to track time of the last sent and received operation
- Exception SessionTerminatedByServer renamed to SessionTerminatedByServerError and added to ldap3 namespace
- Added get_config_parameter() in ldap3 namespace to read the current value of ldap3 configurable parameters
- Added SASL mechanism name as constants in the ldap3 namespace
- Added escape_filter_chars in utils.conv (thanks Peter)
- Reverted ALL_ATTRIBUTES behaviour in search to 0.9.9.1 (thanks Petros)
- # 0.9.9.2 - 2015.10.19
- Fixed hasattr() behaviour for Entry object in Python 3
- Allows empty sasl_credentials in SASL bind
- Added POOLING_LOOP_TIMEOUT constant to specify how many seconds the server pooling strategy has to wait before retrying if it did not find an active server (defaults to 10)
- Pooling strategy now allows to specify the number of cycles to try when finding a server (with active=N)
- Pooling strategy now allows to specify how many seconds a server must be considered offline before retrying to check for availabiliry (with exhaust=N)
- Connection.entries defaults to empty list
- ALL_ATTRIBUTES don’t send any attribute in the attribute list (was sending ‘*’) while searching
- Added DirSync extended function for Microsoft Active Directory
- Added LDAP_SERVER_DIRSYNC_OID control for Microsoft Active Directory
- Added LDAP_SERVER_EXTENDED_DN_OID control for Microsoft Active Directory
- Added LDAP_SERVER_SHOW_DELETED_OID control for Microsoft Active Directory
- Fixed AD tests for single valued attributes
- Added ACL attribute in the ATTRIBUTES_EXCLUDED_FROM_CHECK list
- # 0.9.9.1 - 2015.09.21
- Allows empty member values in groups while adding - this should not be as per rfc4511 4.1.7, but some servers expects it (thanks John)
- Faster case insensitive dict while getting and setting key (thanks Pierre)
- Updated setuptools to 18.3.2
- Updated wheel to 0.26
- Tested against Python 2.6 - Python 2.7 - Python 3.3 - Python 3.4 - Python 3.5 - pypy - pypy3
- # 0.9.9 - 2015.09.09
- Fixed boolean value for True value in ASN.1 encoding for certain ldap servers. (thanks Will)
- Fixed follow auto referrals. (thanks WIll)
- Now protocol defined integer values can be used for scope and derefAliases arguments when searching. (thanks Will)
- Added description field in the AttrDef object. (thanks Hogne)
- Added a custom ber decoder. Decoding of received packets is now 10x faster.
- Added new boolean argument fast_decoder in connection object. Defaults to True.
- Highest date correctly managed by the format_ad_timestamp() formatter. (thanks Will)
- Fix for latest gssapi kerberos authentication module (thanks Alex)
- Added freeIPA OID descriptors
- Removed unneeded OidInfo class
- # 0.9.8.8 - 2015.08.14
- Coerce objectClass to a list in Add operation. (thanks Yutaka)
- ObjectClass attribute values mantain their order in the Add operation. (thanks Yutaka)
- Fixed search filter composition when the value part of the assertion contains = character. (thanks Eero)
- Fixed modify_password extended operation when no hash method is specified. (thanks midnightlynx)
- Added credentials to kerberos authentication. (thanks Alex)
- Target name can be specified in sasl_credentials for Kerberos authentication. (thanks Alex)
- Target name can be read from DNS in sasl_credential for Kerberos authentication. (thanks Alex)
- Fixed connection.entries error when referrals are in the search response. (thanks WIll)
- # 0.9.8.7 - 2015.07.19
- Backported ssl.match_hostname from Python 3.4.3 standard library to be used in Python < 2.7.10
- Use backports.ssl_match_hostname if present instead of static backported functions for matching server names in ssl certificate (thanks Michal)
- Attributes values are properly printed when not strings in abstract.attribute (thanks hogneh)
- Checking unicode __repr__() in python2
- Added hashing capability to Modify Password extended operation (thanks Gawain)
- # 0.9.8.6 - 2015.06.30
- Modify operation now accept multiple changes for same attribute (Thanks Lorenzo)
- Fixed entries property in connection when objects from multiple object classes are returned
- Hide sensitive data in logging. use the utils.log.set_library_hide_sensitive_data(False) to show sensitive data and utils.log.get_library_hide_sensitive_data() to get the current value
- Limited number of characters in a single log line. use the utils.log.set_library_log_max_line_length(length) to set and utils.log.get_library_log_max_line_length(length) to get the current value
- Added CHANGES.txt with full changelog, latest changes only in README.txt
- # 0.9.8.5.post2 - 2015.06.24
- Updated pyasn1 to 0.1.8
- Fixed error in not filter with pyasn1 0.1.8
- # 0.9.8.5 - 2015.06.23
- Updated docs with ldap operations pages
- Fixed a bug where an Exception was raised on OpenBSD for missing IPV4_MAPPED flag
- Fixed missing add operation usage metrics
- Abstract Attribute doesn’t permit “falsy” values or None as default (thanks Lucas)
- # 0.9.8.4 - 2015.05.19
- Added EXTENDED log detail level with prettyPrint description of ldap messages
- Fixed logging of IPv6 address description
- Fixed checking of open address when dns returns more than one ip for the same host
- Fixed selection of proper address when failing back from IPv6 to IPv4 and vice-versa
- When sending controls controlValue is now optional (as stated in RFC 4511), specify None to not send it
- Moved badges to shields.io
- # 0.9.8.3 - 2015.05.11
- Added support for logging
- Added LDAPInvalidTlsSpecificationError exception
- Added support for kerberos sasl - needs the gssapi package (thanks sigmaris and pefoley2)
- Added support for using generator objects in ldap operations (thanks Matt)
- Fixed bug in collect_usage (thanks Philippe)
- Changed default server mode from IP_SYSTEM_DEFAULT to IP_V6_PREFERRED
- # 0.9.8.2 - 2015.04.08
- SaslCred returned as raw bytes (thanks Peter)
- Search_paged now properly works in abstract.reader (thanks wazboy)
- # 0.9.8.1 - 2015.04.04
- Added NTLMv2 authentication method
- extend.standard.who_am_i() now try to decode the authzid as unicode
- Tests for AD (Active Directory) now use tls_before_bind when opening a connection
- 0.9.8 not working for pypi problems
- # 0.9.7.12 - 2015.03.18
- Fixed missing optional authzid in digestMD5 sasl mechanism (thanks Damiano)
- Changed unneeded classmethods to staticmethods
- # 0.9.7.11 - 2015.03.12
- Fixed address_info resolution on systems without the IPV4MAPPED flag (thanks Andryi)
- # 0.9.7.10 - 2015.02.28
- Fixed bug in PagedSearch when server has a hard limit on the number of entries returned (thanks Reimar)
- 0.9.7.9 not working for pypi problems
- 0.9.7.8 not working for pypi problems
- 0.9.7.7 not working for pypi problems
- 0.9.7.6 not working for pypi problems
- # 0.9.7.5 - 2015.02.20
- Fixed exception raised when opening a connection to a server. If there is only one candidate address and there is an error it returns the specific Exception, not a generic LDAPException error
- Address_info filters out any impossible address to reach
- Address_info include an IPV4MAPPED address for IPV6 host that try to reach an IPV4 only server
- Added SyncMock strategy (needs the sldap3 package)
- Fixed bug when using the aproximation operation in ldap search operations (thanks Laurent)
- Removed response from exception raised with raise_exceptions=True to avoid very long exceptions message
- # 0.9.7.4 - 2015.02.02
- Added connection.entries property for storing response from search operations as and abstract.Entry collection.
- # 0.9.7.3 - 2015.01.25
- Modify operation type can also be passed as integer
- # 0.9.7.2 - 2015.01.16
- Fixed a bug when resolving IP address with getaddrinfo(). On OSX returned an UDP connection (thanks Hiroshi).
- # 0.9.7.1 - 2015.01.05
- Moved to Github
- Moved to Travis-CI for continuous integration
- Moved to ReadTheDocs for documentation
- Moved testing servers in the cloud, to allow testing from Travis-CI
- Project renamed from python3-ldap to ldap3 to avoid name clashing with the existing python-ldap library
- Constant values in ldap3 are now strings. This is helpful in testing and debugging
- Test suite fully refactored to be used in cloud lab and local development lab
- Test suite includes options for testing against eDirectory, Active Directory and OpenLDAP
- # 0.9.7 - 2014.12.17
- Fixed bug for auto_range used in paged search
- Added dual IP stack mode parameter in Server object, values are: IP_SYSTEM_DEFAULT, IP_V4_ONLY, IP_V4_PREFERRED, IP_V6_ONLY, IP_V6_PREFERRED
- Added read_server_info parameter to bind() and start_tls() to avoid multiple schema and info read operations with auto_bind
- Redesigned Reusable (pooled) strategy
- Added LDAPResponseTimeoutError exception raised when get_response() doesn’t receive any response in the allowed timeout period
- Added shortened authentication parameters in ldap3 namespace: ANONYMOUS, SIMPLE, SASL
- Added shortened scope parameters in ldap3 namespace: BASE, LEVEL, SUBTREE
- Added shortened get_info parameters in ldap3 namespace: NONE, DSA, SCHEMA, ALL
- Added shortened alias dereferencing parameters in ldap3 namespace: DEREF_NONE, DEREF_SEARCH, DEREF_BASE, DEREF_ALWAYS
- Added shortened connection strategy parameters in ldap3 namespace: SYNC, ASYNC, LDIF, RESTARTABLE, REUSABLE
- Added shortened pooling strategy parameters in ldap3 namespace: FIRST, ROUND_ROBIN, RANDOM
- Added reentrant lock to avoid race conditions in the Connection object
- When runs in Python 2.7.9 uses SSLContext
- Tested against Python 2.7.9, PyPy 2.4.0 and PyPy3 2.4.0
- setuptools updated to 8.2.1
- # 0.9.6.2 - 2014.11.17
- Changed SESSION_TERMINATED_BY_SERVER from 0 to -2
- Removed unneeded FORMAT_xxx variables in ldap3 namespace
- Fixed bug in auto_range when search operation returns search continuations
- Added infrastructure for Mock DSA (not functional yet)
- # 0.9.6.1 - 2014.11.11
- Added boolean parameter “auto_range” to catch the “range” ldap tag in searches. When true all needed search operation are made to fully obtain the whole range of result values
- Fixed bug in sdist
- Added offline schema for Fedora 389 Directory Server 1.3.3
- Fixed bug while reading DSA info
- # 0.9.6 - 2014.11.01
- New feature ‘offline schema’ to let the client have knowledge of schema and DSA info even if not returned by the server
- Offline schema for Novell eDirectory 8.8.8
- Offline schema for Microsoft Active Directory 2012 R2
- Offline schema for slapd 2.4 (Openldap)
- Added server.info.to_json() and server.info.to_file to JSON serialize schema and info from Server object
- Added Server.from_json() and Server.from_file() to create a Server object from a JSON definition
- Added response_to_json() and response_to_file() to Connection object to serialize search response entries in JSON as a string or as a file
- New exception hierarchy LDAPConfigurationError includes library configuration exceptions
- New exception LDAPInvalidConfigurationDefinitionError
- Dsa info and schema are not read twice when binding (thanks phobie)
- LDAPStartTLSError exception is merged with exception raised from ssl packaged
- Digest-MD5 SASL authentication accepts directives with list attributes (thanks John)
- Fixed caseInsensitiveDictionary for keys() and values() methods
- Fixed matching of certificate name in ssl with Python2
- Attributes names and formatters are checked even if schema is not read by the server
- Fixed fractional time when parsing generalized time
- Specific decoder for Active Directory ObjectGuid and ObjectSid
- Added additional checking for unicode in Python 2
- Tested against Python 3.4.2, 2.7.8, 2.6.6
- Updated setuptools to 7.0
- # 0.9.5.4 - 2014.09.22
- Fixed security issue in lazy connections (thanks Moritz)
- Added ldap3.utils.dn with parse_dn(dn) to verify dn compliance with RFC4514
- Added safe_dn(dn) to properly escape dn (if possible)
- Added ldap3.utils.uri with parse_uri(uri) to verify uri compliance with RFC4516
- Check for trailing slashes in hostname (thanks Dylan)
- Timeout for socket connect operation. Server.connect_timeout = seconds_to_wait_for_establishing_connection (thanks Florian)
- Closing socket error doesn’t raise exception anymore
- ServerPool can be implicity defined with a list of server names (even when defining a connection)
- # 0.9.5.3 - 2014.08.24
- elements returned in schema and dsa info are in a case insensitive dictionary (can be changed in ldap3.CASE_INSENSITIVE_SCHEMA_NAMES = True|False)
- attributes name returned in searches are now case insensitive (can be changed in ldap3.CASE_INSENSITIVE_ATTRIBUTE_NAMES = True|False)
- change parameter name from separe_rdn to separate_rdn in ldap3.utils.conv.to_dn()
- sync dev from Bitbucket to GitHub
- schema attributes are explicitly read (useful for Active directory and 389 Directory Server)
- new extended operation: list_replicas (Novell)
- new extended operation: get_replica_info (Novell)
- new extended operation: partition_entry_count (Novell)
- renamed convert_to_ldif() to _convert_to_ldif()
- # 0.9.5.2 - 2014.08.05
- fixed LDAPOperationResult.__str__ (thanks David)
- added to_dn() in utils.conv to convert a dn string to a list of components (strings or tuples)
- added __version__ in ldap3
- don’t raise exception if the schema cannot be read in unauthenticated state
- server.address_info is now a property
- # 0.9.5.1 - 2014.08.02
- getaddrinfo called only once
- real_server machinery removed - messageId is now global and monotonic for the whole library
- attributes are returned formatted if schema is read and check_names = True, removed checked_attributes
- bind result is populated again when successful (was removed in 0.9.2.1)
- exception is now raised if you receive multiple extended response to a single extended request. This is not allowed by RFC 4511
- # 0.9.5 - 2014.07.22
- added support for IPv6 (thanks Robert)
- auto_bind can be used even for establishing tls, possible values (defined in ldap3) are: AUTO_BIND_NONE, AUTO_BIND_NO_TLS, AUTO_BIND_TLS_AFTER_BIND, AUTO_BIND_TLS_BEFORE_BIND
- refactored extend package to use classes
- new extended operation: get_universal_password (Novell)
- new extended operation: set_universal_password (Novell)
- added parsing of hostname in scheme://hostname:hostport format. This has the precedence on the parameters (thanks Sorin)
- added extra checks when the schema is read (with the get_info parameter) but nothing is returned by the server
- updated setuptools to version 5.4.1
- when check_name is True and schema is read attributes are checked and formatted in “checked_attributes” as specified by RFCs following the server schema
- added formatter for generalizedTime syntax as specified in RFC4517 (ASN.1)
- custom formatter can be added in Server definition
- # 0.9.4.2 - 2014.07.03
- Moved to Bitbucket + Mercurial
- Fixed import in core.tls package
- Removed unneeded imports
- # 0.9.4.1 - 2014.07.02
- included missing extend package (thanks to debnet)
- # 0.9.4 - 2014.07.02
- when running in python 3.4 or newer now Tls class uses SSLContext object with default secure setting
- added parameters ca_certs_path, ca_certs_data, local_private_key_password to Tls object creation, valid when using SSLContext
- in python 3.4 or newer the system CA certificates configuration can be used (just leave ca_cert_file, ca_certs_path and ca_certs_data set to None)
- removed TLSv1 as default for Tls connection
- upgraded backported ssl function from python 3.4.1 when using with python 2
- when creating a connection the server parameter can be a string: the name of the server to connect in cleartext on default port 389
- fixed bug in ldap3.util.conv.escape_bytes()
- attributes parameter in search can be a tuple
- check_names parameter in connection now defaults to True (so when schema info is available attribute and class name will be checked when performing LDAP operations)
- remove the connection.close() method - use connection.unbind()
- new exception LDAPExtensionError for signalling when the requestValue of extended operation is of an unknown ASN1 type
- exiting connection manager doesn’t raise an exception if unbind is not successful (needed in long operations)
- new extended operation: modify_password (RFC3062)
- new extended operation: who_am_i (RFC4532)
- new extended operation: get_bind_dn (Novell)
- updated setuptools to version 5.3
- # 0.9.3.5 - 2014.06.22
- Exception history in restartable strategy is printed when reached the maximum number of retries
- Fixed conditions on terminated_by_server unsolicited message
- Added python2.6 egg installation package
- # 0.9.3.4 - 2014.06.16
- Exception can now be imported from ldap3 package
- Escape_bytes return ‘’ for empty string instead of None (thanks Brian)
- Added exception history to restartable connection (not for infinite retries)
- Fixed start_tls retrying in restartable connection (thanks Brian)
- New exception LDAPMaximumRetriesError for signalling when the SyncRestartable Strategy has reached the maximum number of retries while performing an operation
- Inverted deleteoldrdn value in LDIF output (thanks Joseph)
- # 0.9.3.3 - 2014.06.01
- Fixed a bug in LDIFProducer when using context manager for connection
- LDIF header in stream is added only whene there are actual data in the stream
- Now LDIF stream can be added to an existing file - version header will not be written if stream is not empty
- # 0.9.3.2 - 2014.05.30
- Fixed a bug while reading schema
- Add an implicit open() when trying binding on a closed connection
- # 0.9.3.1 - 2014.05.28
- Added stream capability to LDIFProducer strategy
- Customizable line separator for LDIF output
- Customizable sorting order for LDIF output
- object_class parameter is now optional in connection.add()
- Fixed objectClass attribute case sensitive dependency in add operation
- Added stream capability to response_to_ldif() while searching
- # 0.9.3 - 2014.05.20
- Now the key in server.schema.attribute_type is the attribute name (was the oid)
- Now the key in server.schema.object_classes is the class name (was the oid)
- Added check_names to Connection definition to have name of attributes and of object class checked against the schema
- Updated setuptools to 3.6
- Added wheel installation format
- Added raise_exceptions mode for connection
- Exception hierarchy reworked
- Added locking to Server object (for multithreading)
- # 0.9.2.2 - 2014.04.30
- fixed a bug from 0.9.1 that broke start_tls() (thanks Mark)
- # 0.9.2.1 - 2014.04.28
- fixed a bug in 0.9.2 that allowed only string attributes in add, modify and compare operations (thank Mladen)
- # 0.9.2 - 2014.04.26
- changed return value in get_response from response to (response, result) - helpful for multi-threaded connections
- added ReusableStrategy for pooling connections
- refined docstrings (thanks Will)
- result and response attributes don’t overlap anymore. Operation result is only in result attribute.
- fixed search for binary values (thanks Marcin)
- added convenience function to convert bytes to LDAP binary value string format for search filter
- # 0.9.1 - 2014.03.30
- added laziness flag to test suite
- changed ServerPool signature to accept active and exhaust parameters
- removed unneeded start_listen parameter
- added ‘lazy’ parameter to open, to bind and to unbind a connection only when an effective operation is performed
- fixed start_tls in SyncWaitRestartable strategy
- fixed certificate name checking while opening an ssl connection
- fixed syntax error during installation
- socket operations now raises proper exception, not generic LDAPException (thanks Joseph)
- tested against Python 3.4, 3.3, 2.7, 2.6
- updated setuptools to 3.3
- # 0.9.0 - 2014.03.20
- PEP8 compliance
- added ldap3.compat package with older (non PEP8 compliant) signatures
- renamed ldap3.abstraction to ldap3.abstract
- moved connection.py, server.py and tls.py files to ldap3.core
- fixed SyncWaitRestartableStrategy (thanks Christoph)
- # 0.8.3 - 2014.03.08
- added SyncWaitRestartable strategy
- removed useless forceBind parameter
- usage statistics updated with restartable success/failure counters and open/closed/wrapped socket counters
- # 0.8.2 - 2014.03.04
- Added refresh() method to Entry object to read again the attributes from the Reader in the abstraction layer
- Fixed Python 2.6 issues
- Fixed test suite for Python 2.6
- # 0.8.1 - 2014.02.12
- Changed exceptions returned by the library to LDAPException, a subclass of Exception.
- Fixed documentation typos
- # 0.8.0 - 2014.02.08
- Added abstraction layer (for searching, read only)
- Added context manager to Connection class
- Added readOnly parameter to Connection class
- Fixed a bug in search with ‘less than’ parameter
- Remove validation of available SSL protocols because different Python interpreters can use different ssl packages
- # 0.7.3 - 2014.01.05
- Added SASL DIGEST-MD5 support
- Moved to intrapackage (relative) imports
- # 0.7.2 - 2013.12.30
- Fixed a bug when parentheses are used in search filter as ASCII escaped sequences
- # 0.7.1 - 2013.12.21
- Completed support for LDIF as per RFC2849
- Added new LDIF_PRODUCER strategy to generate LDIF-CHANGE stream
- Fixed a bug in the autoReferral feature when controls where used in operation
- # 0.7.0 - 2013.12.12
- Added support for LDIF as per RFC2849
- Added LDIF-CONTENT compliant search responses
- Added exception when using autoBind if connection is not successful
- # 0.6.7 - 2013.12.03
- Fixed exception when DSA is not willing to return rootDSE and schema info
- # 0.6.6 - 2013.11.13
- Added parameters to test suite
- # 0.6.5 - 2013.11.05
- Modified rawAttributes decoding, now null (empty) values are returned
- # 0.6.4 - 2013.10.16
- Added simple paged search as per RFC2696
- Controls return values are decoded and stored in result attribute of connection
- # 0.6.3 - 2013.10.07
- Added Extesible Filter syntax to search filter
- Fixed exception while closing connection in AsyncThreaded strategy
- # 0.6.2 - 2013.10.01
- Fix for referrals in searchRefResult
- Disabled schema reading on Active Directory
- # 0.6.1 - 2013.09.22
- Experimental support for Python 2 - no unicode
- Added backport of ssl.match_name for Python 2
- Minor fixes for using the client in Python 2
- Fix for getting schema info with AsyncThreaded strategy
- # 0.6.0 - 2013.09.16
- Moved to beta!
- Added support site hosted on www.assembla.com
- Added public svn repository on www.assembla.com
- Added getInfo to server object, parameter can be: GET_NO_INFO, GET_DSA_INFO, GET_SCHEMA_INFO, GET_ALL_INFO
- Added method to read the schema from the server. Schema is decoded and returned in different dictionaries of the server.schema object
- Updated connection usage info (elapsed time is now computed when connection is closed)
- Updated OID dictionary with extensions and controls from Active Directory specifications.
- # 0.5.3 - 2013.09.03
- Added getOperationalAttributes boolean to Search operation to fetch the operational attributes during search
- Added increment operation to modify operation as per RFC4525
- Added dictionary of OID descriptions (for DSE and schema decoding)
- Added method to get Info from DSE (returned in server.info object)
- Modified exceptions for sending controls in LDAP request
- Added connection usage (in connection.usage if collectUsage=True in connection definition)
- Fixed StartTls in asynchronous client strategy
- # 0.5.2 - 2013.08.27
- Added SASLprep profile for validating password
- Fixed RFC4511 asn1 definitions
- # 0.5.1 - 2013.08.17
- Refactored package structure
- Project description reformatted with reStructuredText
- Added Windows graphical installation
- # 0.5.0 - 2013.08.15
- Added reference to LGPL v3 license
- Added Tls object to hold ssl/tls configuration
- Added StartTLS feature
- Added SASL feature
- Added SASL EXTERNAL mechanism
- Fixed Unbind
- connection.close is now an alias for connection.unbind
- # 0.4.4 - 2013.08.01
- Added ‘Controls’ to all LDAP Requests
- Added Extended Request feature
- Added Intermediate Response feature
- Added namespace ‘ldap3’
- # 0.4.3 - 2013.07.31
- Test suite refactored
- Fixed single object search response error
- Changed attributes returned in search from tuple to dict
- Added ‘raw_attributes’ key in search response to hold undecoded (binary) attribute values read from ldap
- Added __repr__ for Server and Connection objects to re-create the object instance
- # 0.4.2 - 2013.07.29
- Added autoReferral feature as per RFC4511 (4.1.10)
- Added allowedReferralHosts to conform to Security considerations of RFC4516
- # 0.4.1 - 2013.07.20
- Add validation to Abandon operation
- Added connection.request to hold a dictionary of infos about last request
- Added info about outstanding operation in connection.strategy._oustanding
- Implemented RFC4515 for search filter coding and decoding
- Added a parser to build filter string from LdapMessage
- # 0.4.0 - 2013.07.15
- Refactoring of the connection and strategy classes
- Added the ldap3.strategy namespace to contain client connection strategies
- Added ssl authentication
- Moved authentication parameters from Server object to Connection object
- Added ssl parameters to Server Object
- # 0.3.0 - 2013.07.14
- Fixed AsyncThreaded strategy with _outstanding and _responses attributes to hold the pending requests and the not-yet-read responses
- Added Extended Operation
- Added “Unsolicited Notification” discover logic
- Added managing of “Notice of Disconnection” from server to properly close connection
- # 0.2.0 - 2013.07.13
- Update setup with setuptools 0.7
- Docstrings added to class
- Removed ez_setup dependency
- Removed distribute dependency
- # 0.1.0 - 2013.07.12
- Initial upload on pypi
- PyASN1 RFC4511 module completed and tested
- Synchronous client working properly
- Asynchronous client working but not fully tested
- Basic authentication working