Merge branch 'cvs'
This commit is contained in:
commit
2b07379b53
16
CHANGES
16
CHANGES
|
@ -1,11 +1,23 @@
|
||||||
----------------------------------------------------------------
|
----------------------------------------------------------------
|
||||||
Released 2.4.22 2015-10-xx
|
Released 2.4.22 2015-10-25
|
||||||
|
|
||||||
Changes since 2.4.21:
|
Changes since 2.4.21:
|
||||||
|
|
||||||
Lib/
|
Lib/
|
||||||
* LDIFParser now also accepts value-spec without a space
|
* LDIFParser now also accepts value-spec without a space
|
||||||
after the colon.
|
after the colon.
|
||||||
|
* Added key-word argument authz_id to LDAPObject methods
|
||||||
|
sasl_non_interactive_bind_s(), sasl_external_bind_s() and
|
||||||
|
sasl_gssapi_bind_s()
|
||||||
|
* Hmmpf! Added missing self to LDAPObject.fileno().
|
||||||
|
* ReconnectLDAPObject.sasl_bind_s() now correctly uses
|
||||||
|
generic wrapper arguments *args,**kwargs
|
||||||
|
* LDIFParser.parse_change_records() now correctly calls
|
||||||
|
LDIFParser.handle_change_modify()
|
||||||
|
* Corrected ldap.controls.pwdpolicy.__all__
|
||||||
|
|
||||||
|
Doc/
|
||||||
|
* Started missing docs for sub-module ldap.sasl.
|
||||||
|
|
||||||
----------------------------------------------------------------
|
----------------------------------------------------------------
|
||||||
Released 2.4.21 2015-09-25 (upstream), 2015-10-19 (pyldap)
|
Released 2.4.21 2015-09-25 (upstream), 2015-10-19 (pyldap)
|
||||||
|
@ -1204,4 +1216,4 @@ Released 2.0.0pre02 2002-02-01
|
||||||
----------------------------------------------------------------
|
----------------------------------------------------------------
|
||||||
Released 1.10alpha3 2000-09-19
|
Released 1.10alpha3 2000-09-19
|
||||||
|
|
||||||
$Id: CHANGES,v 1.358 2015/09/30 17:17:28 stroeder Exp $
|
$Id: CHANGES,v 1.363 2015/10/24 15:55:07 stroeder Exp $
|
||||||
|
|
|
@ -15,8 +15,6 @@ import sys,ldap,ldapurl,getpass
|
||||||
|
|
||||||
from ldap.controls.openldap import SearchNoOpControl
|
from ldap.controls.openldap import SearchNoOpControl
|
||||||
|
|
||||||
LDAPLimitErrors = (ldap.TIMEOUT,ldap.TIMELIMIT_EXCEEDED,ldap.SIZELIMIT_EXCEEDED,ldap.ADMINLIMIT_EXCEEDED)
|
|
||||||
|
|
||||||
SEARCH_TIMEOUT=30.0
|
SEARCH_TIMEOUT=30.0
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -57,7 +55,11 @@ try:
|
||||||
serverctrls=[SearchNoOpControl(criticality=True)],
|
serverctrls=[SearchNoOpControl(criticality=True)],
|
||||||
)
|
)
|
||||||
_,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT)
|
_,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT)
|
||||||
except LDAPLimitErrors as e:
|
except (
|
||||||
|
ldap.TIMEOUT,
|
||||||
|
ldap.TIMELIMIT_EXCEEDED,
|
||||||
|
ldap.SIZELIMIT_EXCEEDED,
|
||||||
|
ldap.ADMINLIMIT_EXCEEDED) as e:
|
||||||
ldap_conn.abandon(msg_id)
|
ldap_conn.abandon(msg_id)
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
# All configuration values have a default value; values that are commented out
|
# All configuration values have a default value; values that are commented out
|
||||||
# serve to show the default value.
|
# serve to show the default value.
|
||||||
#
|
#
|
||||||
# $Id: conf.py,v 1.21 2015/06/05 21:05:37 stroeder Exp $
|
# $Id: conf.py,v 1.22 2015/10/24 12:37:39 stroeder Exp $
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ master_doc = 'index'
|
||||||
|
|
||||||
# General substitutions.
|
# General substitutions.
|
||||||
project = 'python-ldap'
|
project = 'python-ldap'
|
||||||
copyright = '2008-2014, python-ldap project team'
|
copyright = '2008-2015, python-ldap project team'
|
||||||
|
|
||||||
# The default replacements for |version| and |release|, also used in various
|
# The default replacements for |version| and |release|, also used in various
|
||||||
# other places throughout the built documents.
|
# other places throughout the built documents.
|
||||||
|
@ -44,7 +44,7 @@ copyright = '2008-2014, python-ldap project team'
|
||||||
# The short X.Y version.
|
# The short X.Y version.
|
||||||
version = '2.4'
|
version = '2.4'
|
||||||
# The full version, including alpha/beta/rc tags.
|
# The full version, including alpha/beta/rc tags.
|
||||||
release = '2.4.20.0'
|
release = '2.4.21.0'
|
||||||
|
|
||||||
# There are two options for replacing |today|: either, you set today to some
|
# There are two options for replacing |today|: either, you set today to some
|
||||||
# non-false value, then it is used:
|
# non-false value, then it is used:
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
python-ldap Documentation
|
python-ldap Documentation
|
||||||
##########################
|
##########################
|
||||||
|
|
||||||
.. % $Id: index.rst,v 1.8 2011/10/26 19:42:45 stroeder Exp $
|
.. % $Id: index.rst,v 1.9 2015/10/24 12:49:41 stroeder Exp $
|
||||||
|
|
||||||
.. topic:: Abstract
|
.. topic:: Abstract
|
||||||
|
|
||||||
|
@ -30,6 +30,7 @@ Contents
|
||||||
ldap-resiter.rst
|
ldap-resiter.rst
|
||||||
ldap-schema.rst
|
ldap-schema.rst
|
||||||
ldap-syncrepl.rst
|
ldap-syncrepl.rst
|
||||||
|
ldap-sasl.rst
|
||||||
ldif.rst
|
ldif.rst
|
||||||
ldapurl.rst
|
ldapurl.rst
|
||||||
dsml.rst
|
dsml.rst
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
.. % $Id: ldap-sasl.rst,v 1.3 2015/10/24 13:41:02 stroeder Exp $
|
||||||
|
|
||||||
|
|
||||||
|
********************************************
|
||||||
|
:py:mod:`ldap.sasl` Handling LDAPv3 schema
|
||||||
|
********************************************
|
||||||
|
|
||||||
|
.. py:module:: ldap.sasl
|
||||||
|
|
||||||
|
This module implements various authentication methods for SASL bind.
|
||||||
|
|
||||||
|
.. seealso::
|
||||||
|
|
||||||
|
:rfc:`4422` - Simple Authentication and Security Layer (SASL)
|
||||||
|
:rfc:`4513` - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
|
||||||
|
|
||||||
|
|
||||||
|
Constants
|
||||||
|
=========
|
||||||
|
|
||||||
|
.. py:data:: CB_USER
|
||||||
|
|
||||||
|
.. py:data:: CB_AUTHNAME
|
||||||
|
|
||||||
|
.. py:data:: CB_LANGUAGE
|
||||||
|
|
||||||
|
.. py:data:: CB_PASS
|
||||||
|
|
||||||
|
.. py:data:: CB_ECHOPROMPT
|
||||||
|
|
||||||
|
.. py:data:: CB_NOECHOPROMPT
|
||||||
|
|
||||||
|
.. py:data:: CB_GETREALM
|
||||||
|
|
||||||
|
|
||||||
|
Classes
|
||||||
|
=======
|
||||||
|
|
||||||
|
.. autoclass:: ldap.sasl.sasl
|
||||||
|
:members:
|
||||||
|
|
||||||
|
.. autoclass:: ldap.sasl.cram_md5
|
||||||
|
:members:
|
||||||
|
|
||||||
|
.. autoclass:: ldap.sasl.digest_md5
|
||||||
|
:members:
|
||||||
|
|
||||||
|
.. autoclass:: ldap.sasl.gssapi
|
||||||
|
:members:
|
||||||
|
|
||||||
|
.. autoclass:: ldap.sasl.external
|
||||||
|
:members:
|
||||||
|
|
||||||
|
|
||||||
|
.. _ldap.sasl-example:
|
||||||
|
|
||||||
|
Examples for ldap.sasl
|
||||||
|
^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
This example connects to an OpenLDAP server via LDAP over IPC
|
||||||
|
(see `draft-chu-ldap-ldapi <https://tools.ietf.org/html/draft-chu-ldap-ldapi>`_)
|
||||||
|
and sends a SASL external bind request.
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
import ldap, ldap.sasl, urllib
|
||||||
|
|
||||||
|
ldapi_path = '/tmp/openldap-socket'
|
||||||
|
ldap_conn = ldap.initialize(
|
||||||
|
'ldapi://%s' % (
|
||||||
|
urllib.quote_plus(ldapi_path)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
# Send SASL bind request for mechanism EXTERNAL
|
||||||
|
ldap_conn.sasl_non_interactive_bind_s('EXTERNAL')
|
||||||
|
# Find out the SASL Authorization Identity
|
||||||
|
print ldap_conn.whoami_s()
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.. % $Id: ldap.rst,v 1.28 2015/06/05 20:49:04 stroeder Exp $
|
.. % $Id: ldap.rst,v 1.29 2015/11/19 05:16:46 stroeder Exp $
|
||||||
|
|
||||||
********************************************
|
********************************************
|
||||||
:py:mod:`ldap` LDAP library interface module
|
:py:mod:`ldap` LDAP library interface module
|
||||||
|
@ -107,7 +107,7 @@ Options
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
|
|
||||||
:manpage:`ldap.conf{5}` and :manpage:`ldap_get_options{3}`
|
:manpage:`ldap.conf(5)` and :manpage:`ldap_get_option(3)`
|
||||||
|
|
||||||
|
|
||||||
For use with functions :py:func:set_option() and :py:func:get_option()
|
For use with functions :py:func:set_option() and :py:func:get_option()
|
||||||
|
|
|
@ -4,7 +4,7 @@ ldap.controls.openldap - classes for OpenLDAP-specific controls
|
||||||
|
|
||||||
See http://www.python-ldap.org/ for project details.
|
See http://www.python-ldap.org/ for project details.
|
||||||
|
|
||||||
$Id: openldap.py,v 1.4 2015/09/18 17:24:39 stroeder Exp $
|
$Id: openldap.py,v 1.6 2015/10/24 16:21:56 stroeder Exp $
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import ldap.controls
|
import ldap.controls
|
||||||
|
@ -15,7 +15,8 @@ from pyasn1.codec.ber import decoder
|
||||||
|
|
||||||
|
|
||||||
__all__ = [
|
__all__ = [
|
||||||
'SearchNoOpControl'
|
'SearchNoOpControl',
|
||||||
|
'SearchNoOpMixIn',
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -63,7 +64,12 @@ class SearchNoOpMixIn:
|
||||||
serverctrls=[SearchNoOpControl(criticality=True)],
|
serverctrls=[SearchNoOpControl(criticality=True)],
|
||||||
)
|
)
|
||||||
_,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout)
|
_,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout)
|
||||||
except LDAPLimitErrors as e:
|
except (
|
||||||
|
ldap.TIMEOUT,
|
||||||
|
ldap.TIMELIMIT_EXCEEDED,
|
||||||
|
ldap.SIZELIMIT_EXCEEDED,
|
||||||
|
ldap.ADMINLIMIT_EXCEEDED
|
||||||
|
) as e:
|
||||||
self.abandon(msg_id)
|
self.abandon(msg_id)
|
||||||
raise e
|
raise e
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -5,11 +5,12 @@ ldap.controls.pwdpolicy - classes for Password Policy controls
|
||||||
|
|
||||||
See http://www.python-ldap.org/ for project details.
|
See http://www.python-ldap.org/ for project details.
|
||||||
|
|
||||||
$Id: pwdpolicy.py,v 1.4 2014/03/12 21:34:07 stroeder Exp $
|
$Id: pwdpolicy.py,v 1.5 2015/10/24 15:55:07 stroeder Exp $
|
||||||
"""
|
"""
|
||||||
|
|
||||||
__all__ = [
|
__all__ = [
|
||||||
'ExpirationWarningControl'
|
'PasswordExpiringControl',
|
||||||
|
'PasswordExpiredControl',
|
||||||
]
|
]
|
||||||
|
|
||||||
# Imports from python-ldap 2.4+
|
# Imports from python-ldap 2.4+
|
||||||
|
|
|
@ -5,13 +5,12 @@ ldap.controls.sss - classes for Server Side Sorting
|
||||||
|
|
||||||
See http://www.python-ldap.org/ for project details.
|
See http://www.python-ldap.org/ for project details.
|
||||||
|
|
||||||
$Id: sss.py,v 1.1 2015/06/22 16:47:08 stroeder Exp $
|
$Id: sss.py,v 1.2 2015/10/24 15:52:23 stroeder Exp $
|
||||||
"""
|
"""
|
||||||
|
|
||||||
__all__ = [
|
__all__ = [
|
||||||
'SSSRequestControl',
|
'SSSRequestControl',
|
||||||
'SSSResponseControl',
|
'SSSResponseControl',
|
||||||
'SSSVLVPagedLDAPObject'
|
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ ldapobject.py - wraps class _ldap.LDAPObject
|
||||||
|
|
||||||
See http://www.python-ldap.org/ for details.
|
See http://www.python-ldap.org/ for details.
|
||||||
|
|
||||||
\$Id: ldapobject.py,v 1.147 2015/08/08 13:37:41 stroeder Exp $
|
\$Id: ldapobject.py,v 1.149 2015/10/24 15:46:12 stroeder Exp $
|
||||||
|
|
||||||
Compability:
|
Compability:
|
||||||
- Tested with Python 2.0+ but should work with Python 1.5.x
|
- Tested with Python 2.0+ but should work with Python 1.5.x
|
||||||
|
@ -274,7 +274,7 @@ class SimpleLDAPObject:
|
||||||
self.__class__.__name__,repr(name)
|
self.__class__.__name__,repr(name)
|
||||||
))
|
))
|
||||||
|
|
||||||
def fileno():
|
def fileno(self):
|
||||||
"""
|
"""
|
||||||
Returns file description of LDAP connection.
|
Returns file description of LDAP connection.
|
||||||
|
|
||||||
|
@ -384,23 +384,29 @@ class SimpleLDAPObject:
|
||||||
"""
|
"""
|
||||||
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
|
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
|
||||||
|
|
||||||
def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
|
def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
|
||||||
"""
|
"""
|
||||||
Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL)
|
Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL)
|
||||||
"""
|
"""
|
||||||
self.sasl_interactive_bind_s('',ldap.sasl.sasl({},sasl_mech))
|
self.sasl_interactive_bind_s(
|
||||||
|
'',
|
||||||
|
ldap.sasl.sasl(
|
||||||
|
{ldap.sasl.CB_USER:authz_id},
|
||||||
|
sasl_mech
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
|
def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
|
||||||
"""
|
"""
|
||||||
Send SASL bind request using SASL mech EXTERNAL
|
Send SASL bind request using SASL mech EXTERNAL
|
||||||
"""
|
"""
|
||||||
self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags)
|
self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags,authz_id)
|
||||||
|
|
||||||
def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
|
def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
|
||||||
"""
|
"""
|
||||||
Send SASL bind request using SASL mech GSSAPI
|
Send SASL bind request using SASL mech GSSAPI
|
||||||
"""
|
"""
|
||||||
self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags)
|
self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id)
|
||||||
|
|
||||||
def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None):
|
def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None):
|
||||||
"""
|
"""
|
||||||
|
@ -1079,7 +1085,7 @@ class ReconnectLDAPObject(SimpleLDAPObject):
|
||||||
self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
|
self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
|
||||||
return res
|
return res
|
||||||
|
|
||||||
def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None):
|
def sasl_bind_s(self,*args,**kwargs):
|
||||||
res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs)
|
res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs)
|
||||||
self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs)
|
self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs)
|
||||||
return res
|
return res
|
||||||
|
|
|
@ -3,7 +3,7 @@ ldif - generate and parse LDIF data (see RFC 2849)
|
||||||
|
|
||||||
See http://www.python-ldap.org/ for details.
|
See http://www.python-ldap.org/ for details.
|
||||||
|
|
||||||
$Id: ldif.py,v 1.85 2015/09/30 17:17:28 stroeder Exp $
|
$Id: ldif.py,v 1.87 2015/10/24 16:12:31 stroeder Exp $
|
||||||
|
|
||||||
Python compability note:
|
Python compability note:
|
||||||
Tested with Python 2.0+, but should work with Python 1.5.2+.
|
Tested with Python 2.0+, but should work with Python 1.5.2+.
|
||||||
|
@ -415,7 +415,7 @@ class LDIFParser:
|
||||||
"""
|
"""
|
||||||
return self.parse_entry_records() # parse()
|
return self.parse_entry_records() # parse()
|
||||||
|
|
||||||
def handle_change_modify(self,dn,modops,controls=None):
|
def handle_modify(self,dn,modops,controls=None):
|
||||||
"""
|
"""
|
||||||
Process a single LDIF record representing a single modify operation.
|
Process a single LDIF record representing a single modify operation.
|
||||||
This method should be implemented by applications using LDIFParser.
|
This method should be implemented by applications using LDIFParser.
|
||||||
|
|
Loading…
Reference in New Issue