Merge branch 'cvs'

CHANGES

@@ -1,11 +1,23 @@
 ----------------------------------------------------------------
-Released 2.4.22 2015-10-xx
+Released 2.4.22 2015-10-25
 
 Changes since 2.4.21:
 
 Lib/
 * LDIFParser now also accepts value-spec without a space
   after the colon.
+* Added key-word argument authz_id to LDAPObject methods
+  sasl_non_interactive_bind_s(), sasl_external_bind_s() and 
+  sasl_gssapi_bind_s()
+* Hmmpf! Added missing self to LDAPObject.fileno().
+* ReconnectLDAPObject.sasl_bind_s() now correctly uses
+  generic wrapper arguments *args,**kwargs
+* LDIFParser.parse_change_records() now correctly calls
+  LDIFParser.handle_change_modify()
+* Corrected ldap.controls.pwdpolicy.__all__
+
+Doc/
+* Started missing docs for sub-module ldap.sasl.
 
 ----------------------------------------------------------------
 Released 2.4.21 2015-09-25 (upstream), 2015-10-19 (pyldap)
@@ -1204,4 +1216,4 @@ Released 2.0.0pre02 2002-02-01
 ----------------------------------------------------------------
 Released 1.10alpha3 2000-09-19
 
-$Id: CHANGES,v 1.358 2015/09/30 17:17:28 stroeder Exp $
+$Id: CHANGES,v 1.363 2015/10/24 15:55:07 stroeder Exp $

Demo/pyasn1/noopsearch.py

@@ -15,8 +15,6 @@ import sys,ldap,ldapurl,getpass
 
 from ldap.controls.openldap import SearchNoOpControl
 
-LDAPLimitErrors = (ldap.TIMEOUT,ldap.TIMELIMIT_EXCEEDED,ldap.SIZELIMIT_EXCEEDED,ldap.ADMINLIMIT_EXCEEDED)
-
 SEARCH_TIMEOUT=30.0
 
 try:
@@ -57,7 +55,11 @@ try:
     serverctrls=[SearchNoOpControl(criticality=True)],
   )
   _,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT)
-except LDAPLimitErrors as e:
+except (
+  ldap.TIMEOUT,
+  ldap.TIMELIMIT_EXCEEDED,
+  ldap.SIZELIMIT_EXCEEDED,
+  ldap.ADMINLIMIT_EXCEEDED) as e:
   ldap_conn.abandon(msg_id)
   sys.exit(1)
 

Doc/conf.py

@@ -11,7 +11,7 @@
 # All configuration values have a default value; values that are commented out
 # serve to show the default value.
 #
-# $Id: conf.py,v 1.21 2015/06/05 21:05:37 stroeder Exp $
+# $Id: conf.py,v 1.22 2015/10/24 12:37:39 stroeder Exp $
 
 import sys
 
@@ -36,7 +36,7 @@ master_doc = 'index'
 
 # General substitutions.
 project = 'python-ldap'
-copyright = '2008-2014, python-ldap project team'
+copyright = '2008-2015, python-ldap project team'
 
 # The default replacements for |version| and |release|, also used in various
 # other places throughout the built documents.
@@ -44,7 +44,7 @@ copyright = '2008-2014, python-ldap project team'
 # The short X.Y version.
 version = '2.4'
 # The full version, including alpha/beta/rc tags.
-release = '2.4.20.0'
+release = '2.4.21.0'
 
 # There are two options for replacing |today|: either, you set today to some
 # non-false value, then it is used:

Doc/index.rst

@@ -2,7 +2,7 @@
 python-ldap Documentation
 ##########################
 
-.. % $Id: index.rst,v 1.8 2011/10/26 19:42:45 stroeder Exp $
+.. % $Id: index.rst,v 1.9 2015/10/24 12:49:41 stroeder Exp $
 
 .. topic:: Abstract
 
@@ -30,6 +30,7 @@ Contents
    ldap-resiter.rst
    ldap-schema.rst
    ldap-syncrepl.rst
+   ldap-sasl.rst
    ldif.rst
    ldapurl.rst
    dsml.rst

Doc/ldap-sasl.rst

@@ -0,0 +1,78 @@
+.. % $Id: ldap-sasl.rst,v 1.3 2015/10/24 13:41:02 stroeder Exp $
+
+
+********************************************
+:py:mod:`ldap.sasl` Handling LDAPv3 schema
+********************************************
+
+.. py:module:: ldap.sasl
+
+This module implements various authentication methods for SASL bind.
+
+.. seealso::
+
+   :rfc:`4422` - Simple Authentication and Security Layer (SASL)
+   :rfc:`4513` - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
+
+
+Constants
+=========
+
+.. py:data:: CB_USER
+
+.. py:data:: CB_AUTHNAME
+
+.. py:data:: CB_LANGUAGE
+
+.. py:data:: CB_PASS
+
+.. py:data:: CB_ECHOPROMPT
+
+.. py:data:: CB_NOECHOPROMPT
+
+.. py:data:: CB_GETREALM
+
+
+Classes
+=======
+
+.. autoclass:: ldap.sasl.sasl
+   :members:
+
+.. autoclass:: ldap.sasl.cram_md5
+   :members:
+
+.. autoclass:: ldap.sasl.digest_md5
+   :members:
+
+.. autoclass:: ldap.sasl.gssapi
+   :members:
+
+.. autoclass:: ldap.sasl.external
+   :members:
+
+
+.. _ldap.sasl-example:
+
+Examples for ldap.sasl
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+This example connects to an OpenLDAP server via LDAP over IPC
+(see `draft-chu-ldap-ldapi <https://tools.ietf.org/html/draft-chu-ldap-ldapi>`_)
+and sends a SASL external bind request.
+
+::
+
+   import ldap, ldap.sasl, urllib
+
+   ldapi_path = '/tmp/openldap-socket'
+   ldap_conn = ldap.initialize(
+       'ldapi://%s' % (
+           urllib.quote_plus(ldapi_path)
+       )
+   )
+   # Send SASL bind request for mechanism EXTERNAL
+   ldap_conn.sasl_non_interactive_bind_s('EXTERNAL')
+   # Find out the SASL Authorization Identity
+   print ldap_conn.whoami_s()
+

Doc/ldap.rst

@@ -1,4 +1,4 @@
-.. % $Id: ldap.rst,v 1.28 2015/06/05 20:49:04 stroeder Exp $
+.. % $Id: ldap.rst,v 1.29 2015/11/19 05:16:46 stroeder Exp $
 
 ********************************************
 :py:mod:`ldap` LDAP library interface module
@@ -107,7 +107,7 @@ Options
 
 .. seealso::
 
-   :manpage:`ldap.conf{5}` and :manpage:`ldap_get_options{3}`
+   :manpage:`ldap.conf(5)` and :manpage:`ldap_get_option(3)`
 
 
 For use with functions :py:func:set_option() and :py:func:get_option()

Lib/ldap/controls/openldap.py

@@ -4,7 +4,7 @@ ldap.controls.openldap - classes for OpenLDAP-specific controls
 
 See http://www.python-ldap.org/ for project details.
 
-$Id: openldap.py,v 1.4 2015/09/18 17:24:39 stroeder Exp $
+$Id: openldap.py,v 1.6 2015/10/24 16:21:56 stroeder Exp $
 """
 
 import ldap.controls
@@ -15,7 +15,8 @@ from pyasn1.codec.ber import decoder
 
 
 __all__ = [
-  'SearchNoOpControl'
+  'SearchNoOpControl',
+  'SearchNoOpMixIn',
 ]
 
 
@@ -63,7 +64,12 @@ class SearchNoOpMixIn:
         serverctrls=[SearchNoOpControl(criticality=True)],
       )
       _,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout)
-    except LDAPLimitErrors as e:
+    except (
+      ldap.TIMEOUT,
+      ldap.TIMELIMIT_EXCEEDED,
+      ldap.SIZELIMIT_EXCEEDED,
+      ldap.ADMINLIMIT_EXCEEDED
+    ) as e:
       self.abandon(msg_id)
       raise e
     else:

Lib/ldap/controls/pwdpolicy.py

@@ -5,11 +5,12 @@ ldap.controls.pwdpolicy - classes for Password Policy controls
 
 See http://www.python-ldap.org/ for project details.
 
-$Id: pwdpolicy.py,v 1.4 2014/03/12 21:34:07 stroeder Exp $
+$Id: pwdpolicy.py,v 1.5 2015/10/24 15:55:07 stroeder Exp $
 """
 
 __all__ = [
-  'ExpirationWarningControl'
+  'PasswordExpiringControl',
+  'PasswordExpiredControl',
 ]
 
 # Imports from python-ldap 2.4+

Lib/ldap/controls/sss.py

@@ -5,13 +5,12 @@ ldap.controls.sss - classes for Server Side Sorting
 
 See http://www.python-ldap.org/ for project details.
 
-$Id: sss.py,v 1.1 2015/06/22 16:47:08 stroeder Exp $
+$Id: sss.py,v 1.2 2015/10/24 15:52:23 stroeder Exp $
 """
 
 __all__ = [
     'SSSRequestControl',
     'SSSResponseControl',
-    'SSSVLVPagedLDAPObject'
 ]
 
 

Lib/ldap/ldapobject.py

@@ -3,7 +3,7 @@ ldapobject.py - wraps class _ldap.LDAPObject
 
 See http://www.python-ldap.org/ for details.
 
-\$Id: ldapobject.py,v 1.147 2015/08/08 13:37:41 stroeder Exp $
+\$Id: ldapobject.py,v 1.149 2015/10/24 15:46:12 stroeder Exp $
 
 Compability:
 - Tested with Python 2.0+ but should work with Python 1.5.x
@@ -274,7 +274,7 @@ class SimpleLDAPObject:
         self.__class__.__name__,repr(name)
       ))
 
-  def fileno():
+  def fileno(self):
     """
     Returns file description of LDAP connection.
 
@@ -384,23 +384,29 @@ class SimpleLDAPObject:
     """
     return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
 
-  def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
+  def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
     """
     Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL)
     """
-    self.sasl_interactive_bind_s('',ldap.sasl.sasl({},sasl_mech))
+    self.sasl_interactive_bind_s(
+      '',
+      ldap.sasl.sasl(
+        {ldap.sasl.CB_USER:authz_id},
+        sasl_mech
+      )
+    )
 
-  def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
+  def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
     """
     Send SASL bind request using SASL mech EXTERNAL
     """
-    self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags)
+    self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags,authz_id)
 
-  def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
+  def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
     """
     Send SASL bind request using SASL mech GSSAPI
     """
-    self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags)
+    self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id)
 
   def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None):
     """
@@ -1079,7 +1085,7 @@ class ReconnectLDAPObject(SimpleLDAPObject):
     self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
     return res
 
-  def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None):
+  def sasl_bind_s(self,*args,**kwargs):
     res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs)
     self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs)
     return res

Lib/ldif.py

@@ -3,7 +3,7 @@ ldif - generate and parse LDIF data (see RFC 2849)
 
 See http://www.python-ldap.org/ for details.
 
-$Id: ldif.py,v 1.85 2015/09/30 17:17:28 stroeder Exp $
+$Id: ldif.py,v 1.87 2015/10/24 16:12:31 stroeder Exp $
 
 Python compability note:
 Tested with Python 2.0+, but should work with Python 1.5.2+.
@@ -415,7 +415,7 @@ class LDIFParser:
     """
     return self.parse_entry_records() # parse()
 
-  def handle_change_modify(self,dn,modops,controls=None):
+  def handle_modify(self,dn,modops,controls=None):
     """
     Process a single LDIF record representing a single modify operation.
     This method should be implemented by applications using LDIFParser.