CHANGELOG¶

# 2.9.1 - 2021.07.18

new feature: added support for using Kerberos authentication on windows clients using the native winkerberos library
new feature: added support for using Channel Bind tokens with Kerberos authentication on windows clients
fixed a bug related to using start_tls with a RESTARTABLE strategy that caused errors to be raised erroneously.
fixed a bug around the type checking of Reverse DNS Settings with Kerberos authentication
fixed an issue related to decoding unicode strings in LDAP referrals and attributes in python 2
minor documentation updates and corrections

# 2.9 - 2021.01.24

new feature: SafeRestartable strategy (SAFE_RESTARTABLE) for using a restartable Connection object in a multi-threading program
tested against Python 3.9
added requirements-dev.txt
fixed logging unicode exceptions in python2.7
added more granular control over use of reverse dns with Kerberos (thanks Azaria)
support MS Active Directory persistent search (thanks eLeX)
added support for LDAP signing when using DIGEST-MD5 authentication (thanks Augustin-FL)
check only for searchResEntries in LDIF conversion (thanks Jay)
modify-increment now works properly in mock strategies (thanks Saint-Marcel)
objectGUID are now converted properly (thanks Janne)
default timeout in asynchronous strategies raised to 20 seconds

# 2.8.1 - 2020.09.07

fixed regression in 2.8 for members returned in AD auto-range search (thanks Felix)
fixed regression in 2.8 for attribute error in restartable class (thanks Christian)
try to use Crypto library if present for hashing NTLM password on python interpreter missing the MD4 OpenSSL algorithm (thanks Doron)

# 2.8 - 2020.08.08

new feature: SafeSync strategy (SAFE_SYNC) for using a synchronous Connection object in a multi-threading program
new feature: LDIF_LINE_LENGTH for specifying line length wrapping in ldif-content output (default to 78 as per RFC 2849)
fixed requirements for pyasn1
fixed regression for ldapi connections
fixed issue with lazy connection requesting server info on every operation
fixed searching by objectGUID in hex format (thanks Matt)
added iso_format parameter to utils.format_json to return dates in ISO format (thanks Hugh)
fixed issue with Referral attributes not returned by the referral server (thanks Nazarii)
fixed lost error message in auto_bind (thanks cfelder)
fixed delete_old_dn in mock connections (thanks kpinc)
fixed a ResourceWarning with lazy connections
fixed entry_to_json() that in python2 modified the original entry value (thanks Dirk-Jan)
tests doesnt’ raise Exception if real server is not present (thanks Matej)

# 2.7 - 2020.03.01

tested against Python 3.8.1 and pyasn1 0.4.8
re-enabled ssl exception raising on bad certificate when only 1 server is present in the server pool
removed Python 2.6 from Travis configuration (thanks gliptak)
added support for source specifications in LDAP connections (thanks Azaria)
added support for allowing special AD security identifier (SID) in DN (thanks John)
fixed pickling of entry and attribute (thanks cfelder)
close connection when auto_bind fails (thank Hrishikesh)
operational attributes can be used in Abstraction Layer (thanks Sohalt)
additional SSL options can be used in Tls object (thanks Nazarii)
threading.Event replaces loop checking in async strategy. ASYNC strategy should be much faster now (thanks Yang)
adding a key that is already an alias that contains other aliases in CaseInsensitiveWithAliasDict() now works properly (thanks Mark)
when searching for GUID, UUID and SID the backslash character (0x5C) is properly managed (thanks Nocturem)
LDIF output properly formatted when controls are missing (thanks Tom)
operational attributes are not returned in MOCK strategies when not requested (thanks kpinc)
undecodable values are returned as raw bytes when using the pyasn1 decoder

# 2.6.1 - 2019.09.06

tested against pyasn1 0.4.7
added eDirectory 9.1.4 (EDIR_9_1_4) to offline schemas
added json converter for timedelta (thanks dirkjanm)
strip parameter defaults to False in utils.dn.parse_dn()
escaped space is allowed as trailing character in attribute_value in utils.dn.parse_dn() (thanks phi1010)
connection.extend.standard.paged_search doesn’t raise exceptions when raise_exceptions is False
the Search operation returns the entries fetched by the server when size or time limits are reached even if raise_exceptions is set to True
Handle the minimum value that can be stored in an Int64 in format_ad_timedelta (thanks mprahl)
EntryState: entry_raw_attributes is populated instead of raw_attributes (thanks Christian)
Removed restriction to perform rename and move simultaneously in modify_dn (thanks Fabian)
fixed checking for hexdigits in parse_dn (thanks Michael)
fixed escaping when multiple backslashes are present in parse_dn (thanks Phillip)
fixed multiple NoneType exceptions in entry_to_json() (thanks David and cfelder)
allowing Microsoft specific syntax (<WKGUID=xxx>) for WellKnownObjects in DN (thanks David)
connection.extend.standard.paged_search() now follows referrals when auto_referrals=True (thanks kprativa)
fixed a bug in decoding replica list in connection.extend.novell.list_replicas()
fixed a bug when adding duplicate alias in CaseInsensitiveWithAliasDict()
added ignore_duplicates=False in set_aliases in CaseInsensitiveWithAliasDict() to ignore a duplicate alias (either in aliases or in keys)
Schema info now uses CaseInsensitiveWithAlias dict as default so object and attributes can also be referentiated with OID (thanks ahoffm11)
added block mode and timeout parameters to next() method of persistent_search
when using the pyasn1 decoder raw_dn is not returned as a pyasn1 object anymore but as bytes
Return offset timezone aware datetime for max AD timestamp (thanks Jussi)

# 2.6 - 2019.03.24

fixed empty digestMd5.py file in 2.5.2 package
explicitly declare digest module md5 in util.ntlm (thanks adawalli)
change object passed to modify() was unexpectedly mutated (thanks John)
added LDAPInfoError exception
added Server.has_control(control) method to check if a server has a specific control
added Server.has_extension(extension) method to check if a server has a specific extension
added Server.has_feature(feature) method to check if a server has a specific feature
fixed checking of \ in safe_dn (thanks Maxim)
fixed uuid checking with 5c byte value
added single=True parameter to the ServerPool object definition. Servers state is shared between connections using the same pool
updated copyright notice

# 2.5.2 - 2018.12.28

when starting tls before binding the connection is automatically open
fixed changelog date (thanks Adam)
support for AD timedeltas (thanks mprahl)
fixed WhoAmI in mock strategies (thanks mprahl)
prevent unnecessary exception in extend/standard/ModifyPassword (thanks Johnny)
added support for external gssapi credentials to be passed to the sasl connection (thanks Firstyear)
added support for gssapi store in sasl connection (thanks clhendrick)
fixed LdifProducer (thanks antoinell)
fixed NTLM bind (thanks ribx)
server state in ServerPool is now a namedtuple “ServerState” (thanks Krisztian)
fixed error when adding member to AD group with unsafe DN (thanks Maxim)
properly restore lazy status in reusable strategy (thanks Krisztian)
ServerState namedtuple converted to class in core/pooling (thanks Krisztian)
empty schema doesn’t raise exception in Abstraction Layer (thanks ghost)

# 2.5.1 - 2018.08.01

connection.result is populated when exception raised with raise_exceptions=True
fixed objectSid in mocking strategies
fixed circular reference in exception history
added objectSid validator
byte values are properly searched in MOCK strategies (thanks dyj216)
exception history refactored (thanks Tamas)
connections in context manager don’t bind anymore when auto_bind is set to AUTO_BIND_NONE (Thanks Tim)
Cython compatible build (thanks Pedro)
more detailed exception message in Mock strategy (thanks Janne)
exceptions flow refactored in reusable strategy (thanks kxt)
pwdlastset accept any positive integer (thanks abenbecker)
fixed an exception while logging packet with pyasn1 decoder
fixed importing abc from collections for Python 3.8

# 2.5 - 2018.04.15

abstract layer now handles auxiliary classes
pwdLastSet in AD is valid for 0 and -1 (thanks Taylor)
fixed extend.novell.get_universal_password (thanks Fernando)
entryUUID is properly validated in search filters (thanks FriedrichI)
custom attribute formatters are properly applied when parsing the search filter
REUSABLE strategy now honours credentials when changed in the original connection (thanks Prof Hase)
add operation doesn’t change passed attribute dict anymore (thanks Daniele)
missing entry’s attribute return False when searching instead of raising an exception (thanks Maxsond)
fixed ad_timestamp evaluation for integers (thanks Flynn)
wrong exception raised when user name is empty in simple binding (thanks Ivan)
exception is raised if size limit is exceed when searching in mocking strategies with raise_exceptions=True (thanks David)
fixed validator for novell guid
fixed validator for openldap EntryUUID
fixed validator for AD objectGUID, now follows MS-DTYP
fixed formatter for AD objectGUID
fixed exception when adding binary values (thanks guidow)
added escape_rdn_chars() to ldap3.utils.dn for safe checking untrusted input while building DNs (thanks Alex)
fixed search for binary values in mock strategies
fixed exception with unicode chars in subfilters for python 2 (thanks Friedrich)
connection.extend.paged_search() doesn’t miss the last entries anymore when size limit is exceeded on the server (thanks Friedrich)
validators are not applied when loading data from json dump in Mock strategies (thanks Derek)
additional validator to check for erroneous bytes to string conversion in Python 3 (thanks Brian)
additional formatter and validator to check for generalizedTime with 0 year (thanks Brian)
added ADDITIONAL_CLIENT_ENCODINGS parameter
fixed AD dir_sync extended operation (thanks Lucas)
ad_unlock_account works properly (thanks Francowxu)
added Microsoft security descriptor control (thanks Dirk-jan)
fixed search in mock strategies when raise_exceptions=True (thanks Derek)
formatters never raise exceptions but return the raw_value when unable to format
fixed controls duplication in paged search (thanks Dirk-jan)

# 2.4.1 - 2018.01.21

tested against pyasn1 from version 0.1.8 up to version 0.4.2, Python 2.6.6, Python 2.7.14, Python 3.6.4
auto_encode parameter is honored when binding (thanks jkolo)
fixed organizationalName definition in oid (thanks mingulov)
automatic byte to int conversion working again (thanks Brian)
mock connection searchs correctly escape filters (thanks kiddick)
fixed bind with not unicode characters in Python 2 (thanks jkolo)
extended filter attributes should work again with pyasn1 0.4.1 (thanks Dirk-jan)
fixed error when reading incomplete server info
NOT keyword properly handled in dit_content_rules (thanks Michael)
operational attributes are prorerly returned in Cursor whit get_operational_attributes = True (thanks a23s4a)
start_tls() is properly executed with AD when raise_exceptions=True (thanks Andrew)
reopening a Connection honours auto_bind setting (thanks calken)
an attribute returned with no value from a flaky server doesn’t raise exception anymore (thanks Terrence)
pwdLastSet in AD is valid only for -1 (thanks Thane)
fixed docs for ldifProducer (thanks lhoekenga)
fixed monkeypatching of pyasn1 for Boolean Value in BER encoding (thanks tmarlok88)
check_names was not honoured while validating attribute values (thanks ymcymc)
locks refactored in Connection and in Async strategy
socket properly closed when checking availability of an invalid server

# 2.4 - 2017.11.14

security fix in the rebind() method of the Connection object (thanks Daniel)
fix for Sasl credentials in Python 3 (thanks Busuwe)
fixed bug when checking for equality in MockBase
added validator parameter to Server object for custom validators
attribute values are now validated in add/compare/modify operations in the Connection object
Python types can now be used in add/compare/modify operations
compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.3 for now) version
fixed compatibility with Twisted on Windows on Python 2.7 (thanks Pmisik)
fixed paged_search behaviour in Reader object
fixed regression in MockBase (thanks Markus)
fixed invalid filter sequence in MockBase (thanks SignedBit)
added compatibility with Cython (thanks Pedro)
fixed auto_encode check in validate_attribute_value for unknown attrs (thanks CFelder)
don’t encode response_value as extended_response_to_dict expects a decoded value (thanks Matthias)
compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.7 for now) version
added LDAPObjectDereferenceError exception
LDAPObjectDereferenceError is raised when an object tries to dereference itself in the Abstraction Layer (thanks Daniele)
async module renamed to asynchronous for compatibility with Python 3.7 (thank Barry)
long integer are properly checked in mocking strategies (thanks gregn610)
NUMERIC_TYPES includes long for Python 2

# 2.3 - 2017.08.02

compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.1 for now) version
MockAsync strategy is available
added __ne__ method to Attribute in abstraction layer (thank Rodrigo)
added LDAPUserNameIsMandatoryError exception in simple bind when user name is empty
search referrals are properly decoded with fast decoder
paged search works in mock strategies
paged_search in extend.standard namespace raises an exception of class LDAPOperationResult if the search returns an error
search_paged() method of Cursor object now return the whole list of entries if generator=False
updated docs for defaults parameters (thanks Guarnacciaa)
fixed mockBase for integer matching (thanks Jijo)
boolean values are now uppercase in LDIF (thanks Linus)
fixed timeout in ssl connection on Linux and Mac (thanks Allan)
changed some internal functions to private in ldap3.utils.dn
operational attribute entryDN is properly managed in Mock strategies (thanks Mark)
new rdn in renamed entry is properly set in Mock strategies (thanks Mark)
metrics are now updated for Mock strategies, except that for received bytes (thanks joehy)
better managing of missing schema from the server (thanks Deborah)
fixed error while schema is not in string format (thanks Alexandre)
SNI support added when the underlying python library allows it (thanks Edmund)
added pool_keepalive parameter to Connection object for REUSABLE strategy
connection.extend.microsoft.modify_password returns False when change is not successful (thanks Ashley)
added validators for uuid and uuid_le
fixed error while searching for bytes
fixed pickling and unpickling of datetime values (thanks David)
fixed error that resulted in valid generalizedTime strings not being parsed (thanks Busuwe)
fixed error with modify operation on referrals (thanks Busuwe)
fixed error in mockBase add_entry() with raw rdn (thanks Chad)
fixed error when stdin has not encoding in config.py (thanks cronicryo)
fixed error when optional field are not present in pyasn1 requests (thanks Ilya)
added DEFAULT_SERVER_ENCODING config parameter, should always be utf-8
DEFAULT_ENCODING config parameter renamed to DEFAULT_CLIENT_ENCODING
ADDITIONAL_ENCODINGS config parameter renamed to ADDITIONAL_SERVER_ENCONDINGS
additional encodings are applied to all data received from the server
additional encodings are not applied to client data
added from_server=False parameter to to_unicode() to not try client encoding while decoding data from server

# 2.2.4 - 2017.05.07

leading and trailing spaces in server name don’t raise exception anymore
DitContentRule is properly read from the schema
added validator for Active Directory timestamp
Mock strategies raise an exception if a non-bytes value is added to the schema when no offline schema is provided (str and int are automatically converted)
added custom_validators property to Mock strategies
modifying objectClass with bytes values doesn’t raise an exception anymore (but it may fail anyway because of server constraints)
ensure that config sequence parameters are properly set
allow case insensitive attribute and class names in config parameters
added server.schema.is_valid() to check if the schema is available
empty schema properties are set to empty dict() instead of None
schema definitions with trailing and leading spaces are now properly parsed and don’t raise an LDAPSchemaError exception anymore
fixed error when flaky servers (OpenLDAP) don’t return the correct response with StartTls

# 2.2.3 - 2017.04.30

abstraction layer query converts int values to string (thanks dgadmin)
CaseInsensitiveDictWithAlias doesn’t raise an exception anymore if alias is set multiple times to the same key
friendly names in AttrDef are properly managed when performing commits in Writer cursors
no more errors when server returns an empty schema (thanks Glen)
range attributes in entries are properly recognized when auto_range is False
fixed random errors in auto_range searches (thanks James)
fixed checking of malformed schema
added configuration parameter IGNORE_MALFORMED_SCHEMA to not raise exception for servers that don’t follow the LDAP RFCs (defaults to False)
test config moved to test/config.py
testcase_id generated randomly for each test
added ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF parmeter to exclude some attribute from automatic populate of ObjectDef in Abstract Layer (helpful for AD)
added IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF parmeter to exclude some attribute from mandatory attribute list in ObjectDef in Abstract Layer (helpful for AD)
fixed error when using implicit assigning in WritableEntry
added LDAPInvalidValueError Exception
in Python 3 byte filter are converted to unicode before parsing
RESPONSE_DN_ENCODING parameter renamed to ADDITIONAL_ENCODINGS
to_unicode(value, encoding=None, additional_encodings=False) now checks for additional encoodings in ADDITIONAL_ENCODINGS list if additional_encoding is set to True
Reusable strategy uses not lazy Restartable connections
Reusable strategy doesn’t keep requesting the schema
connection pool size in Reusable strategy defaults to 5
optimized usage of configuration parameters

# 2.2.2 - 2017.03.17

PLAIN mechanism added to SASL authentication (thanks Janusz)
added RESULT_RESERVED return code (thanks Rak)
added RESPONSE_DN_ENCODING in config for flaky servers that return non utf-8 encoded DN. Set it to a list of encoding to sequentially try for decodign DNs.
removed StopIteration in generators (deprecated by PEP 479)
fixed a bug when converting AD datetimes on Windows systems
added compatibility with pyasn1 0.2.3
fixed NTLM authentication with pyasn1 0.2.3
fixed an error when installing via executable on Windows (thanks TrumSteven)
added ‘raw_dn’ key in search response dictionary. It contains the DN byte value returned for DN by the server
attributes with “;binary” tag can now be retrieved in abstraction layer with the usual entry.atttribute syntax
updated tests for OpenLDAP
fixed error when in add/remove extend operation for case mismatch in user or group dn
integer validator now automatically convert valid string numbers to int
invalid timezone are checked when validating Generalized Time Format
added test cases for validators
updated tests for OpenLDAP

# 2.2.1 - 2017.02.12

tested against pyasn1 0.2.2 (thanks Ilya)
get_response() has an optional new parameter “get_request” to return the request too, helpful in asynchronous strategies
connection.request, connection.response and connection result are now properly blanked in async strategies
ldap3.utils.dn.safe_dn() now checks for AD names only if no equal sign is present in the dn
abstraction layer properly works with asynchronous strategies
added a named tuple “Operation” used to store the request, result and response of an LDAP operation in Cursor history
cursors in the Abstraction Layer keep history of executed LDAP operations for the last Cursor operation in the cursor.operation property
Cursors in the Abstraction Layer keep history of errors for the last Cursor operation in the cursor.errors property
if any error has occurred in the last operation of a Cursor the cursor.failed property is set to True
added a named tuple “Operation” for storing request, result and response of an LDAP operation in Cursor history
Cursor honours raise_exception parameter of the Connection.
Cursor commit() return True if operations are successful and False if not. All pending commits are executed even if some fail
new entries that have no additional mandatory attributes other those defined in dn are properly managed in Writers (thanks Matt)
CaseInsensitiveDict now properly strips blanks from keys
updated hashing alghoritm SHA to SHA1 (thanks Satoh)
added match_dn(dn) to Cursor for matching entries with specified text in DN
added match(attributes, value) for matching entries with specified value in one or more attribute values. It checks values and raw_values
Cursors have simple match capability. When key is a string Cursor tries to match it against the DN of entries found.

# 2.2.0 - 2017.01.16

tested againsts Python 3.6.0, Python 2.7.13 and Python 2.6.6
updated docs regarding search response attributes (thanks James)
fixed LDIF representation for operation_to_ldif (thanks m7four)
fixed rebind for pooled connections
fixed custom sort order in LDIF representation of entry
added Active Directory GUID syntax for safe_dn() (thanks dinhngtu)
added pre-post read control (thanks Elizabeth)
added add_members_to_groups in microsoft.extend namespace for Active Directory
added remove_members_to_groups in microsoft.extend namespace for Active Directory
refactored internal extend.microsoft and extend.novell structures
fixed auto_escape for extended characters (thanks asand3r)
validators now transform the Python value to a valid LDAP value when appropriate (thanks Sjd-Risca)
added validator for boolean types
added validator for date types
fixed representation of binary data in Abstraction Layer for Python 2
added auto_encode parameter to Connection object (defaults to True)
limited auto_escape feature only to filter values
escape_filter_chars doens’t try anymore to guess if the value is already escaped.
added ldap3.conv.is_filter_safe() (thanks Robert)
added auto_escape parameter to connection.search() to override connection auto_escape behaviour (defaults to None)
auto_escape is not applied to filter value if already escaped
automatically encode output to stdout encoding for repr() and str() (for printing and logging attributes values).
binary data are converted to a hex values string in repr() and str() (for printing and logging attributes values).
auto_encoding is performed only for well known attribute types that use Unicode format in LDAP
CLASSES_EXCLUDED_FROM_CHECK and ATTRIBUTES_EXCLUDED_FROM_CHECK moved to ldap3.utils.config and made available via get_config_parameter()
added UTF8_ENCODED_SYNTAXES in ldap3.config.utils and made available via get_config_parameter()
added UTF8_ENCODED_TYPES in ldap3.config.utils and made available via get_config_parameter()
config parameters made available only via get_config_parameters()
removed to_bytes() and check_escape() from ldap3.utils.conv (ambiguous functions)
added connection.request to MockSync (thanks Fabian)
tags are properly managed in add, compare and modify requests (thanks guidow)
in Mock strategies single-valued attributes are properly managed
in Mock strategies attributes type names are properly managed
implemented extended operation machinery in MockBase
implemented WhoAmI [RFC4532] in Mock strategies
implemented GetBindDn [NOVELL] in Mock strategies
implemented operational attributes machinery in MockBase
implemented entryDN [RFC5020] operational attribute in MockBase
Sphinx updated to 1.5.1

# 2.1.1 - 2016.11.18

Mock strategy uses case insensitive matching when appropriate
fixed error when adding a virtual attribute in the abstract Entry object
fixed error messages in Entry moving and renaming
Reverted default connection strategy to SYNC (thanks Mauro)
Fixed tutorials (thanks Mauro)
Fixed checking of schema in ObjectDef (thanks Pierre)
Fixed checking of stdin in config (thanks Oleg)
fixed commit of entry with async strategies
fixed reading of entries in async strategies
added cipher argument to Tls (thanks Nicolas)
fixed bug when using the abstraction layer with lazy connections
fixed case matching while adding new entry in Writer cursor (thanks t0neg)
disabled auto_escape for byte values
fixed auto_escape for python 2
fixed tutorials (thanks Ivano)

# 2.1.0 - 2016.11.03

changed default Connection strategy from SYNC to RESTARTABLE
enable automatic escaping of assertion values
fixed decoding error with check_name=False
added auto_escape parameter in connection, for trying automatic filter and attribute values escape
fixed checking of schema in MockBase
SASLBindInProgress doesn’t raise an exception anymore with raise_exceptions=True
standard formatters are applied in mocking strategies when serching for exact match

# 2.0.9 - 2016.10.28

removed sanitization of DN in bind operation because some servers accept non standard DN for Simple Bind

# 2.0.8 - 2016.10.28

included referral caching (thanks TWAC)

# 2.0.7 - 2016.10.27

FIRST RELEASE OF LDAP3 V2
changed signature of ldap3.abstract.Reader object
removed search_size_limit(), search_time_limit() and search_types_only in the Reader cursor
fixed SASL in progress error (thanks Styleex)
fixed ALL_ATTRIBUTES in MOCK_SYNC strategy (thanks Belgarion)
ncorrect attribute type error message now includes the name of the attribute (Thanks Andrej)
relaxed dn checking for Active Directory UserPrincipalName
relaxed dn checking for Active Directory SamAccountName
added checking of attribute name in add, compare and search operations
added checking of class name in add operation
renamed exception LDAPTypeError to LDAPAttributeError
in sync strategies LDAP operations populate the last_error attribute of the connection in case of not RESULT_SUCCESS
connection.return_empty_attributes defaults to True
escaped filter by default
fixed escaping of filter
add move and rename to abstraction layer entry
ldap3 namespace decluttered
RESULT_CODES moved to ldap3.core.results
compatibility constants removed
exceptions removed from ldap3 namespace, defined in ldap3.core.exceptions only
ADDRESS_INFO_REFRESH_TIME is now configurable via set_config_parameter
Operational attribute prefix set to ‘OA_’
Allows cert and key file in the same file (thanks Jan-Philip)
Removed logging info when logging is disabled (thanks Dan)
Updated copyright notice
Refactored abstraction layer with full support for CRUD (Create, Read, Update, Delete) abstract operations
Added WritableEntry and WritableAttribute to abstraction layer
Added standard validators for attribute types and syntaxes defined in the standard LDAP schema
Added custom validators for attribute values
Added update capability to abstraction layer
Fixed typo in docs (thanks Gerardwx)
Fixed Object and Attribute representation in schema (superior class not shown)
ObjectDef automatically populates attributes from schema, following object_class hierarchy
Added attributes parameter to search* methods of Cursor, so that only needed attributes are read even if attr_defs defines more
Fixed connect_timeout not honored while wrapping socket in tls (thanks Kyle)
Added ‘set’ to SEQUENCE_TYPES (thanks Christian)
Entries returned by search are now writable via the abstraction layer
LDAPReaderError exception renamed to LDAPCursorError
auto_range parameter in Connection defaults to True (thanks Ashley)
get_info defaults to SCHEMA while defining Server object
Included ordereddict 1.1 (# Copyright (c) 2009 Raymond Hettinger) in ldap3.utils.ordDict for backporting OrderedDict in Python 2.6
Added config parameter RESET_AVAILABILITY_TIMEOUT to reinsert invalid address in candidate_addresses while checking connection, defaults to 5 seconds
Fixed inability to connect to a server if the connection starts when the server is unavailable and then it becomes available again
All DNs are sanitized if connection.check_names is True
LDAPControlsError exception renamed to LDAPControlError
LDAPChangesError exception renamed to LDAPChangeError
The following older constants in ldap3 have been removed, please use the suggested ones:
AUTH_ANONYMOUS = ANONYMOUS
AUTH_SIMPLE = SIMPLE
AUTH_SASL = SASL
SEARCH_SCOPE_BASE_OBJECT = BASE
SEARCH_SCOPE_SINGLE_LEVEL = LEVEL
SEARCH_SCOPE_WHOLE_SUBTREE = SUBTREE
SEARCH_NEVER_DEREFERENCE_ALIASES = DEREF_NEVER
SEARCH_DEREFERENCE_IN_SEARCHING = DEREF_SEARCH
SEARCH_DEREFERENCE_FINDING_BASE_OBJECT = DEREF_BASE
SEARCH_DEREFERENCE_ALWAYS = DEREF_ALWAYS
STRATEGY_SYNC = SYNC
STRATEGY_ASYNC_THREADED = ASYNC
STRATEGY_LDIF_PRODUCER = LDIF
STRATEGY_SYNC_RESTARTABLE = RESTARTABLE
STRATEGY_REUSABLE_THREADED = REUSABLE
STRATEGY_MOCK_SYNC = MOCK_SYNC
STRATEGY_MOCK_ASYNC = MOCK_ASYNC
POOLING_STRATEGY_FIRST = FIRST
POOLING_STRATEGY_ROUND_ROBIN = ROUND_ROBIN
POOLING_STRATEGY_RANDOM = RANDOM
GET_NO_INFO = NONE
GET_DSA_INFO = DSA
GET_SCHEMA_INFO = SCHEMA
GET_ALL_INFO = ALL

# 1.4.0 - 2016.07.18

Multiple Mock strategies now share entries when using the same Server object
Added AsyncStreamStrategy
Added Connection.extend.standard.persistent_search() (Thanks martinrm77)
Added escaping of character > 0x7F in filter validation (thanks cfelder)
Added better descriptions of Exception in abstraction layer (thanks cfelder)
Added queue in Persistent Search
Added callback in Persistent Search
MockStrategy now honors raise_exception parameter (thanks Simon)

# 1.3.3 - 2016.07.03

Change paameter name from ‘check’ to ‘fix’ in connection.extend.novell.add_members_to_groups() and connection.extend.novell.remove_members_from_groups
Added connection.extend.novell.check_groups_memberships() that check if members are in groups and fixes the user-group relation if incorrect
Updated docs link to ldap3.readthedocs.io
Fixed error in utils.conv.check_escape (thanks Anjuta)
Fixed typo in server.py when IP_V4_PREFERRED is used (thanks eva8668)
Host name certificate matching exception and logging is much more informative (thanks eddie-dunn)
Fixed typo in docs for use_ssl (thanks Brooks Kindle)
Tested against Python 2.6., Python 2.7.12, Python 3.5.2 and PyPy 5.3.1

# 1.3.2 - 2016.07.01

unreleased on pypi

# 1.3.1 - 2016.05.11

Added support for mocking the ldap3 library
Added support for MockSync strategy (thanks Roxana)
Added checked_attributes=True parameter to connection.response_to_json()
Added checked_attributes=True parameter to entry.entry_to_json()
MockSyncBase strategy supports bind(), unbind(), delete(), compare(), modify(), modify_dn(), abandon(), add()
MockSyncBase strategy accepts directory entries in json file
Fixed schema representation (thanks Conrado)
Allow connection.abandon(0), useful to “ping” the server
Added connection.abandon() test suite
Reusable strategy checks bind credential at bind() time, only on one worker connection
Reusable strategy ignores abandon() operation because of multiple connection workers
Reusable strategy honours return_empty_attributes connection parameter
Added lazy information to connection representation
Added support for hash (LM:NTLM) Windows NTLM authentication (thanks Dirk)
Fixed representation of empty attributes in connection.entries
Comparison of entry attributes value is easier
Added new extended operation connection.extend.novell.start_transaction()
Added new extended operation connection.extend.novell.end_transaction()
Added new extended operation connection.extend.novell.add_members_to_groups(members, groups, check, transaction)
Added new extended operation connection.extend.novell.remove_members_from_groups(members, groups, check, transaction)
Added new exception LDAPTransactionError
Added logic to handle Novell Transaction Error Unsolicited Notice
Ignore cheching of ssl context when cadata, cafile and capath are not provided (thanks DelboyJan)

# 1.2.2 - 2016.03.23

repr encoding set to ‘ascii’ when sys.stdout.encoding is None (thanks Jeff)

# 1.2.1 - 2016.03.19

try to use the requested ssl protocol in SSLContext for Python>=3.4 (thanks Patrick)
added return_empty_attributes to Connection object to return an empty list when the attribute requested is missing in the retrieved object

# 1.1.2 - 2016.03.10

Added rebind() method to Connection object to rebind with a different user (thanks Lorenzo)
Added Tests for rebind operation
Start_tls honored in referrals
Default ldaps port honored in referrals
Additional connection parameters honored in referrals and in the restartable strategy
Server connection timeout is honored while connecting, connection receive timeout while receiving
Extended operations followed on referrals (thanks Pavel)
Added receive_timeout parameter in Connection object to set socket in non-blocking mode with a specified timeout (thanks Antho)
Fixed abstract entry __getattr__() throwing KeyError instead of AttributeError (thanks Kilroy)
Fixed start_tls() Reusable strategy

# 1.0.4 - 2016.01.25

Controls can be added to extended operation in the extend package (thanks Hinel)

# 1.0.3 - 2015.12.1

Fixed set_config_parameter (thanks Sigmunau)
Disabled unauthenticated authentication, see RFC 4513 section 5.1.2 (thanks Petros)
Fixed falsey value in abstract Entry object __contains__() (thanks Vampouille)

# 1.0.2 - 2015.12.07

Allowed_referral_hosts in Server objects defaults to [(‘*’, True)] to accept any referral server with authentication
Referral uri is now properly percent-undecoded (thanks TWAC)
Referral Server object now use the same configuration of the original Server object
Fixed __contains__() in Entry object (thanks Vampouille)

# 1.0.1 - 2015.12.06

Removed the compat package
Refactored docs for extend operations

# 1.0.0 - 2015.12.06

Private RC for production
Status moved to 5 - Production/Stable

# 0.9.9.4 - 2015.12.02

Added items() to CaseInsensitiveDict class (thanks Jan-Hendrik)
Added set_config_parameter() in ldap3 namespace to modify the values of the configurable parameters of ldap3
Added microsoft.extend.modify_password() extended operation to change AD password
Fixed find_active_random_server() in pooling (thanks Sargul)
Fixed referral decoding in fast ber decoder (thanks TWAC)

# 0.9.9.3 - 2015.11.15

Added LDAPI (LDAP over IPC) support for unix socket communication
Added mandatory_in and optional_in in server schema for attribute types. Now you can see in which classes attributes are used
Added last_transmitted_time and last_received_time to Usage object to track time of the last sent and received operation
Exception SessionTerminatedByServer renamed to SessionTerminatedByServerError and added to ldap3 namespace
Added get_config_parameter() in ldap3 namespace to read the current value of ldap3 configurable parameters
Added SASL mechanism name as constants in the ldap3 namespace
Added escape_filter_chars in utils.conv (thanks Peter)
Reverted ALL_ATTRIBUTES behaviour in search to 0.9.9.1 (thanks Petros)

# 0.9.9.2 - 2015.10.19

Fixed hasattr() behaviour for Entry object in Python 3
Allows empty sasl_credentials in SASL bind
Added POOLING_LOOP_TIMEOUT constant to specify how many seconds the server pooling strategy has to wait before retrying if it did not find an active server (defaults to 10)
Pooling strategy now allows to specify the number of cycles to try when finding a server (with active=N)
Pooling strategy now allows to specify how many seconds a server must be considered offline before retrying to check for availabiliry (with exhaust=N)
Connection.entries defaults to empty list
ALL_ATTRIBUTES don’t send any attribute in the attribute list (was sending ‘*’) while searching
Added DirSync extended function for Microsoft Active Directory
Added LDAP_SERVER_DIRSYNC_OID control for Microsoft Active Directory
Added LDAP_SERVER_EXTENDED_DN_OID control for Microsoft Active Directory
Added LDAP_SERVER_SHOW_DELETED_OID control for Microsoft Active Directory
Fixed AD tests for single valued attributes
Added ACL attribute in the ATTRIBUTES_EXCLUDED_FROM_CHECK list

# 0.9.9.1 - 2015.09.21

Allows empty member values in groups while adding - this should not be as per rfc4511 4.1.7, but some servers expects it (thanks John)
Faster case insensitive dict while getting and setting key (thanks Pierre)
Updated setuptools to 18.3.2
Updated wheel to 0.26
Tested against Python 2.6 - Python 2.7 - Python 3.3 - Python 3.4 - Python 3.5 - pypy - pypy3

# 0.9.9 - 2015.09.09

Fixed boolean value for True value in ASN.1 encoding for certain ldap servers. (thanks Will)
Fixed follow auto referrals. (thanks WIll)
Now protocol defined integer values can be used for scope and derefAliases arguments when searching. (thanks Will)
Added description field in the AttrDef object. (thanks Hogne)
Added a custom ber decoder. Decoding of received packets is now 10x faster.
Added new boolean argument fast_decoder in connection object. Defaults to True.
Highest date correctly managed by the format_ad_timestamp() formatter. (thanks Will)
Fix for latest gssapi kerberos authentication module (thanks Alex)
Added freeIPA OID descriptors
Removed unneeded OidInfo class

# 0.9.8.8 - 2015.08.14

Coerce objectClass to a list in Add operation. (thanks Yutaka)
ObjectClass attribute values mantain their order in the Add operation. (thanks Yutaka)
Fixed search filter composition when the value part of the assertion contains = character. (thanks Eero)
Fixed modify_password extended operation when no hash method is specified. (thanks midnightlynx)
Added credentials to kerberos authentication. (thanks Alex)
Target name can be specified in sasl_credentials for Kerberos authentication. (thanks Alex)
Target name can be read from DNS in sasl_credential for Kerberos authentication. (thanks Alex)
Fixed connection.entries error when referrals are in the search response. (thanks WIll)

# 0.9.8.7 - 2015.07.19

Backported ssl.match_hostname from Python 3.4.3 standard library to be used in Python < 2.7.10
Use backports.ssl_match_hostname if present instead of static backported functions for matching server names in ssl certificate (thanks Michal)
Attributes values are properly printed when not strings in abstract.attribute (thanks hogneh)
Checking unicode __repr__() in python2
Added hashing capability to Modify Password extended operation (thanks Gawain)

# 0.9.8.6 - 2015.06.30

Modify operation now accept multiple changes for same attribute (Thanks Lorenzo)
Fixed entries property in connection when objects from multiple object classes are returned
Hide sensitive data in logging. use the utils.log.set_library_hide_sensitive_data(False) to show sensitive data and utils.log.get_library_hide_sensitive_data() to get the current value
Limited number of characters in a single log line. use the utils.log.set_library_log_max_line_length(length) to set and utils.log.get_library_log_max_line_length(length) to get the current value
Added CHANGES.txt with full changelog, latest changes only in README.txt

# 0.9.8.5.post2 - 2015.06.24

Updated pyasn1 to 0.1.8
Fixed error in not filter with pyasn1 0.1.8

# 0.9.8.5 - 2015.06.23

Updated docs with ldap operations pages
Fixed a bug where an Exception was raised on OpenBSD for missing IPV4_MAPPED flag
Fixed missing add operation usage metrics
Abstract Attribute doesn’t permit “falsy” values or None as default (thanks Lucas)

# 0.9.8.4 - 2015.05.19

Added EXTENDED log detail level with prettyPrint description of ldap messages
Fixed logging of IPv6 address description
Fixed checking of open address when dns returns more than one ip for the same host
Fixed selection of proper address when failing back from IPv6 to IPv4 and vice-versa
When sending controls controlValue is now optional (as stated in RFC 4511), specify None to not send it
Moved badges to shields.io

# 0.9.8.3 - 2015.05.11

Added support for logging
Added LDAPInvalidTlsSpecificationError exception
Added support for kerberos sasl - needs the gssapi package (thanks sigmaris and pefoley2)
Added support for using generator objects in ldap operations (thanks Matt)
Fixed bug in collect_usage (thanks Philippe)
Changed default server mode from IP_SYSTEM_DEFAULT to IP_V6_PREFERRED

# 0.9.8.2 - 2015.04.08

SaslCred returned as raw bytes (thanks Peter)
Search_paged now properly works in abstract.reader (thanks wazboy)

# 0.9.8.1 - 2015.04.04

Added NTLMv2 authentication method
extend.standard.who_am_i() now try to decode the authzid as unicode
Tests for AD (Active Directory) now use tls_before_bind when opening a connection
0.9.8 not working for pypi problems

# 0.9.7.12 - 2015.03.18

Fixed missing optional authzid in digestMD5 sasl mechanism (thanks Damiano)
Changed unneeded classmethods to staticmethods

# 0.9.7.11 - 2015.03.12

Fixed address_info resolution on systems without the IPV4MAPPED flag (thanks Andryi)

# 0.9.7.10 - 2015.02.28

Fixed bug in PagedSearch when server has a hard limit on the number of entries returned (thanks Reimar)
0.9.7.9 not working for pypi problems
0.9.7.8 not working for pypi problems
0.9.7.7 not working for pypi problems
0.9.7.6 not working for pypi problems

# 0.9.7.5 - 2015.02.20

Fixed exception raised when opening a connection to a server. If there is only one candidate address and there is an error it returns the specific Exception, not a generic LDAPException error
Address_info filters out any impossible address to reach
Address_info include an IPV4MAPPED address for IPV6 host that try to reach an IPV4 only server
Added SyncMock strategy (needs the sldap3 package)
Fixed bug when using the aproximation operation in ldap search operations (thanks Laurent)
Removed response from exception raised with raise_exceptions=True to avoid very long exceptions message

# 0.9.7.4 - 2015.02.02

Added connection.entries property for storing response from search operations as and abstract.Entry collection.

# 0.9.7.3 - 2015.01.25

Modify operation type can also be passed as integer

# 0.9.7.2 - 2015.01.16

Fixed a bug when resolving IP address with getaddrinfo(). On OSX returned an UDP connection (thanks Hiroshi).

# 0.9.7.1 - 2015.01.05

Moved to Github
Moved to Travis-CI for continuous integration
Moved to ReadTheDocs for documentation
Moved testing servers in the cloud, to allow testing from Travis-CI
Project renamed from python3-ldap to ldap3 to avoid name clashing with the existing python-ldap library
Constant values in ldap3 are now strings. This is helpful in testing and debugging
Test suite fully refactored to be used in cloud lab and local development lab
Test suite includes options for testing against eDirectory, Active Directory and OpenLDAP

# 0.9.7 - 2014.12.17

Fixed bug for auto_range used in paged search
Added dual IP stack mode parameter in Server object, values are: IP_SYSTEM_DEFAULT, IP_V4_ONLY, IP_V4_PREFERRED, IP_V6_ONLY, IP_V6_PREFERRED
Added read_server_info parameter to bind() and start_tls() to avoid multiple schema and info read operations with auto_bind
Redesigned Reusable (pooled) strategy
Added LDAPResponseTimeoutError exception raised when get_response() doesn’t receive any response in the allowed timeout period
Added shortened authentication parameters in ldap3 namespace: ANONYMOUS, SIMPLE, SASL
Added shortened scope parameters in ldap3 namespace: BASE, LEVEL, SUBTREE
Added shortened get_info parameters in ldap3 namespace: NONE, DSA, SCHEMA, ALL
Added shortened alias dereferencing parameters in ldap3 namespace: DEREF_NONE, DEREF_SEARCH, DEREF_BASE, DEREF_ALWAYS
Added shortened connection strategy parameters in ldap3 namespace: SYNC, ASYNC, LDIF, RESTARTABLE, REUSABLE
Added shortened pooling strategy parameters in ldap3 namespace: FIRST, ROUND_ROBIN, RANDOM
Added reentrant lock to avoid race conditions in the Connection object
When runs in Python 2.7.9 uses SSLContext
Tested against Python 2.7.9, PyPy 2.4.0 and PyPy3 2.4.0
setuptools updated to 8.2.1

# 0.9.6.2 - 2014.11.17

Changed SESSION_TERMINATED_BY_SERVER from 0 to -2
Removed unneeded FORMAT_xxx variables in ldap3 namespace
Fixed bug in auto_range when search operation returns search continuations
Added infrastructure for Mock DSA (not functional yet)

# 0.9.6.1 - 2014.11.11

Added boolean parameter “auto_range” to catch the “range” ldap tag in searches. When true all needed search operation are made to fully obtain the whole range of result values
Fixed bug in sdist
Added offline schema for Fedora 389 Directory Server 1.3.3
Fixed bug while reading DSA info

# 0.9.6 - 2014.11.01

New feature ‘offline schema’ to let the client have knowledge of schema and DSA info even if not returned by the server
Offline schema for Novell eDirectory 8.8.8
Offline schema for Microsoft Active Directory 2012 R2
Offline schema for slapd 2.4 (Openldap)
Added server.info.to_json() and server.info.to_file to JSON serialize schema and info from Server object
Added Server.from_json() and Server.from_file() to create a Server object from a JSON definition
Added response_to_json() and response_to_file() to Connection object to serialize search response entries in JSON as a string or as a file
New exception hierarchy LDAPConfigurationError includes library configuration exceptions
New exception LDAPInvalidConfigurationDefinitionError
Dsa info and schema are not read twice when binding (thanks phobie)
LDAPStartTLSError exception is merged with exception raised from ssl packaged
Digest-MD5 SASL authentication accepts directives with list attributes (thanks John)
Fixed caseInsensitiveDictionary for keys() and values() methods
Fixed matching of certificate name in ssl with Python2
Attributes names and formatters are checked even if schema is not read by the server
Fixed fractional time when parsing generalized time
Specific decoder for Active Directory ObjectGuid and ObjectSid
Added additional checking for unicode in Python 2
Tested against Python 3.4.2, 2.7.8, 2.6.6
Updated setuptools to 7.0

# 0.9.5.4 - 2014.09.22

Fixed security issue in lazy connections (thanks Moritz)
Added ldap3.utils.dn with parse_dn(dn) to verify dn compliance with RFC4514
Added safe_dn(dn) to properly escape dn (if possible)
Added ldap3.utils.uri with parse_uri(uri) to verify uri compliance with RFC4516
Check for trailing slashes in hostname (thanks Dylan)
Timeout for socket connect operation. Server.connect_timeout = seconds_to_wait_for_establishing_connection (thanks Florian)
Closing socket error doesn’t raise exception anymore
ServerPool can be implicity defined with a list of server names (even when defining a connection)

# 0.9.5.3 - 2014.08.24

elements returned in schema and dsa info are in a case insensitive dictionary (can be changed in ldap3.CASE_INSENSITIVE_SCHEMA_NAMES = True|False)
attributes name returned in searches are now case insensitive (can be changed in ldap3.CASE_INSENSITIVE_ATTRIBUTE_NAMES = True|False)
change parameter name from separe_rdn to separate_rdn in ldap3.utils.conv.to_dn()
sync dev from Bitbucket to GitHub
schema attributes are explicitly read (useful for Active directory and 389 Directory Server)
new extended operation: list_replicas (Novell)
new extended operation: get_replica_info (Novell)
new extended operation: partition_entry_count (Novell)
renamed convert_to_ldif() to _convert_to_ldif()

# 0.9.5.2 - 2014.08.05

fixed LDAPOperationResult.__str__ (thanks David)
added to_dn() in utils.conv to convert a dn string to a list of components (strings or tuples)
added __version__ in ldap3
don’t raise exception if the schema cannot be read in unauthenticated state
server.address_info is now a property

# 0.9.5.1 - 2014.08.02

getaddrinfo called only once
real_server machinery removed - messageId is now global and monotonic for the whole library
attributes are returned formatted if schema is read and check_names = True, removed checked_attributes
bind result is populated again when successful (was removed in 0.9.2.1)
exception is now raised if you receive multiple extended response to a single extended request. This is not allowed by RFC 4511

# 0.9.5 - 2014.07.22

added support for IPv6 (thanks Robert)
auto_bind can be used even for establishing tls, possible values (defined in ldap3) are: AUTO_BIND_NONE, AUTO_BIND_NO_TLS, AUTO_BIND_TLS_AFTER_BIND, AUTO_BIND_TLS_BEFORE_BIND
refactored extend package to use classes
new extended operation: get_universal_password (Novell)
new extended operation: set_universal_password (Novell)
added parsing of hostname in scheme://hostname:hostport format. This has the precedence on the parameters (thanks Sorin)
added extra checks when the schema is read (with the get_info parameter) but nothing is returned by the server
updated setuptools to version 5.4.1
when check_name is True and schema is read attributes are checked and formatted in “checked_attributes” as specified by RFCs following the server schema
added formatter for generalizedTime syntax as specified in RFC4517 (ASN.1)
custom formatter can be added in Server definition

# 0.9.4.2 - 2014.07.03

Moved to Bitbucket + Mercurial
Fixed import in core.tls package
Removed unneeded imports

# 0.9.4.1 - 2014.07.02

included missing extend package (thanks to debnet)

# 0.9.4 - 2014.07.02

when running in python 3.4 or newer now Tls class uses SSLContext object with default secure setting
added parameters ca_certs_path, ca_certs_data, local_private_key_password to Tls object creation, valid when using SSLContext
in python 3.4 or newer the system CA certificates configuration can be used (just leave ca_cert_file, ca_certs_path and ca_certs_data set to None)
removed TLSv1 as default for Tls connection
upgraded backported ssl function from python 3.4.1 when using with python 2
when creating a connection the server parameter can be a string: the name of the server to connect in cleartext on default port 389
fixed bug in ldap3.util.conv.escape_bytes()
attributes parameter in search can be a tuple
check_names parameter in connection now defaults to True (so when schema info is available attribute and class name will be checked when performing LDAP operations)
remove the connection.close() method - use connection.unbind()
new exception LDAPExtensionError for signalling when the requestValue of extended operation is of an unknown ASN1 type
exiting connection manager doesn’t raise an exception if unbind is not successful (needed in long operations)
new extended operation: modify_password (RFC3062)
new extended operation: who_am_i (RFC4532)
new extended operation: get_bind_dn (Novell)
updated setuptools to version 5.3

# 0.9.3.5 - 2014.06.22

Exception history in restartable strategy is printed when reached the maximum number of retries
Fixed conditions on terminated_by_server unsolicited message
Added python2.6 egg installation package

# 0.9.3.4 - 2014.06.16

Exception can now be imported from ldap3 package
Escape_bytes return ‘’ for empty string instead of None (thanks Brian)
Added exception history to restartable connection (not for infinite retries)
Fixed start_tls retrying in restartable connection (thanks Brian)
New exception LDAPMaximumRetriesError for signalling when the SyncRestartable Strategy has reached the maximum number of retries while performing an operation
Inverted deleteoldrdn value in LDIF output (thanks Joseph)

# 0.9.3.3 - 2014.06.01

Fixed a bug in LDIFProducer when using context manager for connection
LDIF header in stream is added only whene there are actual data in the stream
Now LDIF stream can be added to an existing file - version header will not be written if stream is not empty

# 0.9.3.2 - 2014.05.30

Fixed a bug while reading schema
Add an implicit open() when trying binding on a closed connection

# 0.9.3.1 - 2014.05.28

Added stream capability to LDIFProducer strategy
Customizable line separator for LDIF output
Customizable sorting order for LDIF output
object_class parameter is now optional in connection.add()
Fixed objectClass attribute case sensitive dependency in add operation
Added stream capability to response_to_ldif() while searching

# 0.9.3 - 2014.05.20

Now the key in server.schema.attribute_type is the attribute name (was the oid)
Now the key in server.schema.object_classes is the class name (was the oid)
Added check_names to Connection definition to have name of attributes and of object class checked against the schema
Updated setuptools to 3.6
Added wheel installation format
Added raise_exceptions mode for connection
Exception hierarchy reworked
Added locking to Server object (for multithreading)

# 0.9.2.2 - 2014.04.30

fixed a bug from 0.9.1 that broke start_tls() (thanks Mark)

# 0.9.2.1 - 2014.04.28

fixed a bug in 0.9.2 that allowed only string attributes in add, modify and compare operations (thank Mladen)

# 0.9.2 - 2014.04.26

changed return value in get_response from response to (response, result) - helpful for multi-threaded connections
added ReusableStrategy for pooling connections
refined docstrings (thanks Will)
result and response attributes don’t overlap anymore. Operation result is only in result attribute.
fixed search for binary values (thanks Marcin)
added convenience function to convert bytes to LDAP binary value string format for search filter

# 0.9.1 - 2014.03.30

added laziness flag to test suite
changed ServerPool signature to accept active and exhaust parameters
removed unneeded start_listen parameter
added ‘lazy’ parameter to open, to bind and to unbind a connection only when an effective operation is performed
fixed start_tls in SyncWaitRestartable strategy
fixed certificate name checking while opening an ssl connection
fixed syntax error during installation
socket operations now raises proper exception, not generic LDAPException (thanks Joseph)
tested against Python 3.4, 3.3, 2.7, 2.6
updated setuptools to 3.3

# 0.9.0 - 2014.03.20

PEP8 compliance
added ldap3.compat package with older (non PEP8 compliant) signatures
renamed ldap3.abstraction to ldap3.abstract
moved connection.py, server.py and tls.py files to ldap3.core
fixed SyncWaitRestartableStrategy (thanks Christoph)

# 0.8.3 - 2014.03.08

added SyncWaitRestartable strategy
removed useless forceBind parameter
usage statistics updated with restartable success/failure counters and open/closed/wrapped socket counters

# 0.8.2 - 2014.03.04

Added refresh() method to Entry object to read again the attributes from the Reader in the abstraction layer
Fixed Python 2.6 issues
Fixed test suite for Python 2.6

# 0.8.1 - 2014.02.12

Changed exceptions returned by the library to LDAPException, a subclass of Exception.
Fixed documentation typos

# 0.8.0 - 2014.02.08

Added abstraction layer (for searching, read only)
Added context manager to Connection class
Added readOnly parameter to Connection class
Fixed a bug in search with ‘less than’ parameter
Remove validation of available SSL protocols because different Python interpreters can use different ssl packages

# 0.7.3 - 2014.01.05

Added SASL DIGEST-MD5 support
Moved to intrapackage (relative) imports

# 0.7.2 - 2013.12.30

Fixed a bug when parentheses are used in search filter as ASCII escaped sequences

# 0.7.1 - 2013.12.21

Completed support for LDIF as per RFC2849
Added new LDIF_PRODUCER strategy to generate LDIF-CHANGE stream
Fixed a bug in the autoReferral feature when controls where used in operation

# 0.7.0 - 2013.12.12

Added support for LDIF as per RFC2849
Added LDIF-CONTENT compliant search responses
Added exception when using autoBind if connection is not successful

# 0.6.7 - 2013.12.03

Fixed exception when DSA is not willing to return rootDSE and schema info

# 0.6.6 - 2013.11.13

Added parameters to test suite

# 0.6.5 - 2013.11.05

Modified rawAttributes decoding, now null (empty) values are returned

# 0.6.4 - 2013.10.16

Added simple paged search as per RFC2696
Controls return values are decoded and stored in result attribute of connection

# 0.6.3 - 2013.10.07

Added Extesible Filter syntax to search filter
Fixed exception while closing connection in AsyncThreaded strategy

# 0.6.2 - 2013.10.01

Fix for referrals in searchRefResult
Disabled schema reading on Active Directory

# 0.6.1 - 2013.09.22

Experimental support for Python 2 - no unicode
Added backport of ssl.match_name for Python 2
Minor fixes for using the client in Python 2
Fix for getting schema info with AsyncThreaded strategy

# 0.6.0 - 2013.09.16

Moved to beta!
Added support site hosted on www.assembla.com
Added public svn repository on www.assembla.com
Added getInfo to server object, parameter can be: GET_NO_INFO, GET_DSA_INFO, GET_SCHEMA_INFO, GET_ALL_INFO
Added method to read the schema from the server. Schema is decoded and returned in different dictionaries of the server.schema object
Updated connection usage info (elapsed time is now computed when connection is closed)
Updated OID dictionary with extensions and controls from Active Directory specifications.

# 0.5.3 - 2013.09.03

Added getOperationalAttributes boolean to Search operation to fetch the operational attributes during search
Added increment operation to modify operation as per RFC4525
Added dictionary of OID descriptions (for DSE and schema decoding)
Added method to get Info from DSE (returned in server.info object)
Modified exceptions for sending controls in LDAP request
Added connection usage (in connection.usage if collectUsage=True in connection definition)
Fixed StartTls in asynchronous client strategy

# 0.5.2 - 2013.08.27

Added SASLprep profile for validating password
Fixed RFC4511 asn1 definitions

# 0.5.1 - 2013.08.17

Refactored package structure
Project description reformatted with reStructuredText
Added Windows graphical installation

# 0.5.0 - 2013.08.15

Added reference to LGPL v3 license
Added Tls object to hold ssl/tls configuration
Added StartTLS feature
Added SASL feature
Added SASL EXTERNAL mechanism
Fixed Unbind
connection.close is now an alias for connection.unbind

# 0.4.4 - 2013.08.01

Added ‘Controls’ to all LDAP Requests
Added Extended Request feature
Added Intermediate Response feature
Added namespace ‘ldap3’

# 0.4.3 - 2013.07.31

Test suite refactored
Fixed single object search response error
Changed attributes returned in search from tuple to dict
Added ‘raw_attributes’ key in search response to hold undecoded (binary) attribute values read from ldap
Added __repr__ for Server and Connection objects to re-create the object instance

# 0.4.2 - 2013.07.29

Added autoReferral feature as per RFC4511 (4.1.10)
Added allowedReferralHosts to conform to Security considerations of RFC4516

# 0.4.1 - 2013.07.20

Add validation to Abandon operation
Added connection.request to hold a dictionary of infos about last request
Added info about outstanding operation in connection.strategy._oustanding
Implemented RFC4515 for search filter coding and decoding
Added a parser to build filter string from LdapMessage

# 0.4.0 - 2013.07.15

Refactoring of the connection and strategy classes
Added the ldap3.strategy namespace to contain client connection strategies
Added ssl authentication
Moved authentication parameters from Server object to Connection object
Added ssl parameters to Server Object

# 0.3.0 - 2013.07.14

Fixed AsyncThreaded strategy with _outstanding and _responses attributes to hold the pending requests and the not-yet-read responses
Added Extended Operation
Added “Unsolicited Notification” discover logic
Added managing of “Notice of Disconnection” from server to properly close connection

# 0.2.0 - 2013.07.13

Update setup with setuptools 0.7
Docstrings added to class
Removed ez_setup dependency
Removed distribute dependency

# 0.1.0 - 2013.07.12

Initial upload on pypi
PyASN1 RFC4511 module completed and tested
Synchronous client working properly
Asynchronous client working but not fully tested
Basic authentication working