openstack/deb-python-pyldap
Code Issues Proposed changes

Merge branch 'cvs'

Browse Source
This commit is contained in:
Petr Viktorin
2015-11-19 12:45:15 +01:00
parent b58b779e91 277a6f2add
commit 2b07379b53
11 changed files with 134 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
CHANGES
View File

@@ -1,11 +1,23 @@
----------------------------------------------------------------
Released 2.4.22 2015-10-xx
Released 2.4.22 2015-10-25
Changes since 2.4.21:
Lib/
* LDIFParser now also accepts value-spec without a space
after the colon.
* Added key-word argument authz_id to LDAPObject methods
sasl_non_interactive_bind_s(), sasl_external_bind_s() and
sasl_gssapi_bind_s()
* Hmmpf! Added missing self to LDAPObject.fileno().
* ReconnectLDAPObject.sasl_bind_s() now correctly uses
generic wrapper arguments *args,**kwargs
* LDIFParser.parse_change_records() now correctly calls
LDIFParser.handle_change_modify()
* Corrected ldap.controls.pwdpolicy.__all__
Doc/
* Started missing docs for sub-module ldap.sasl.
----------------------------------------------------------------
Released 2.4.21 2015-09-25 (upstream), 2015-10-19 (pyldap)
@@ -1204,4 +1216,4 @@ Released 2.0.0pre02 2002-02-01
----------------------------------------------------------------
Released 1.10alpha3 2000-09-19
$Id: CHANGES,v 1.358 2015/09/30 17:17:28 stroeder Exp $
$Id: CHANGES,v 1.363 2015/10/24 15:55:07 stroeder Exp $

8
Demo/pyasn1/noopsearch.py
View File

@@ -15,8 +15,6 @@ import sys,ldap,ldapurl,getpass
from ldap.controls.openldap import SearchNoOpControl
LDAPLimitErrors = (ldap.TIMEOUT,ldap.TIMELIMIT_EXCEEDED,ldap.SIZELIMIT_EXCEEDED,ldap.ADMINLIMIT_EXCEEDED)
SEARCH_TIMEOUT=30.0
try:
@@ -57,7 +55,11 @@ try:
serverctrls=[SearchNoOpControl(criticality=True)],
)
_,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT)
except LDAPLimitErrors as e:
except (
ldap.TIMEOUT,
ldap.TIMELIMIT_EXCEEDED,
ldap.SIZELIMIT_EXCEEDED,
ldap.ADMINLIMIT_EXCEEDED) as e:
ldap_conn.abandon(msg_id)
sys.exit(1)

6
Doc/conf.py
View File

@@ -11,7 +11,7 @@
# All configuration values have a default value; values that are commented out
# serve to show the default value.
#
# $Id: conf.py,v 1.21 2015/06/05 21:05:37 stroeder Exp $
# $Id: conf.py,v 1.22 2015/10/24 12:37:39 stroeder Exp $
import sys
@@ -36,7 +36,7 @@ master_doc = 'index'
# General substitutions.
project = 'python-ldap'
copyright = '2008-2014, python-ldap project team'
copyright = '2008-2015, python-ldap project team'
# The default replacements for |version| and |release|, also used in various
# other places throughout the built documents.
@@ -44,7 +44,7 @@ copyright = '2008-2014, python-ldap project team'
# The short X.Y version.
version = '2.4'
# The full version, including alpha/beta/rc tags.
release = '2.4.20.0'
release = '2.4.21.0'
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:

3
Doc/index.rst
View File

@@ -2,7 +2,7 @@
python-ldap Documentation
##########################
.. % $Id: index.rst,v 1.8 2011/10/26 19:42:45 stroeder Exp $
.. % $Id: index.rst,v 1.9 2015/10/24 12:49:41 stroeder Exp $
.. topic:: Abstract
@@ -30,6 +30,7 @@ Contents
ldap-resiter.rst
ldap-schema.rst
ldap-syncrepl.rst
ldap-sasl.rst
ldif.rst
ldapurl.rst
dsml.rst

78
Doc/ldap-sasl.rst Normal file
View File

@@ -0,0 +1,78 @@
.. % $Id: ldap-sasl.rst,v 1.3 2015/10/24 13:41:02 stroeder Exp $
********************************************
:py:mod:`ldap.sasl` Handling LDAPv3 schema
********************************************
.. py:module:: ldap.sasl
This module implements various authentication methods for SASL bind.
.. seealso::
:rfc:`4422` - Simple Authentication and Security Layer (SASL)
:rfc:`4513` - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
Constants
=========
.. py:data:: CB_USER
.. py:data:: CB_AUTHNAME
.. py:data:: CB_LANGUAGE
.. py:data:: CB_PASS
.. py:data:: CB_ECHOPROMPT
.. py:data:: CB_NOECHOPROMPT
.. py:data:: CB_GETREALM
Classes
=======
.. autoclass:: ldap.sasl.sasl
:members:
.. autoclass:: ldap.sasl.cram_md5
:members:
.. autoclass:: ldap.sasl.digest_md5
:members:
.. autoclass:: ldap.sasl.gssapi
:members:
.. autoclass:: ldap.sasl.external
:members:
.. _ldap.sasl-example:
Examples for ldap.sasl
^^^^^^^^^^^^^^^^^^^^^^^^
This example connects to an OpenLDAP server via LDAP over IPC
(see `draft-chu-ldap-ldapi <https://tools.ietf.org/html/draft-chu-ldap-ldapi>`_)
and sends a SASL external bind request.
::
import ldap, ldap.sasl, urllib
ldapi_path = '/tmp/openldap-socket'
ldap_conn = ldap.initialize(
'ldapi://%s' % (
urllib.quote_plus(ldapi_path)
)
)
# Send SASL bind request for mechanism EXTERNAL
ldap_conn.sasl_non_interactive_bind_s('EXTERNAL')
# Find out the SASL Authorization Identity
print ldap_conn.whoami_s()

4
Doc/ldap.rst
View File

@@ -1,4 +1,4 @@
.. % $Id: ldap.rst,v 1.28 2015/06/05 20:49:04 stroeder Exp $
.. % $Id: ldap.rst,v 1.29 2015/11/19 05:16:46 stroeder Exp $
********************************************
:py:mod:`ldap` LDAP library interface module
@@ -107,7 +107,7 @@ Options
.. seealso::
:manpage:`ldap.conf{5}` and :manpage:`ldap_get_options{3}`
:manpage:`ldap.conf(5)` and :manpage:`ldap_get_option(3)`
For use with functions :py:func:set_option() and :py:func:get_option()

12
Lib/ldap/controls/openldap.py
View File

@@ -4,7 +4,7 @@ ldap.controls.openldap - classes for OpenLDAP-specific controls
See http://www.python-ldap.org/ for project details.
$Id: openldap.py,v 1.4 2015/09/18 17:24:39 stroeder Exp $
$Id: openldap.py,v 1.6 2015/10/24 16:21:56 stroeder Exp $
"""
import ldap.controls
@@ -15,7 +15,8 @@ from pyasn1.codec.ber import decoder
__all__ = [
'SearchNoOpControl'
'SearchNoOpControl',
'SearchNoOpMixIn',
]
@@ -63,7 +64,12 @@ class SearchNoOpMixIn:
serverctrls=[SearchNoOpControl(criticality=True)],
)
_,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout)
except LDAPLimitErrors as e:
except (
ldap.TIMEOUT,
ldap.TIMELIMIT_EXCEEDED,
ldap.SIZELIMIT_EXCEEDED,
ldap.ADMINLIMIT_EXCEEDED
) as e:
self.abandon(msg_id)
raise e
else:

5
Lib/ldap/controls/pwdpolicy.py
View File

@@ -5,11 +5,12 @@ ldap.controls.pwdpolicy - classes for Password Policy controls
See http://www.python-ldap.org/ for project details.
$Id: pwdpolicy.py,v 1.4 2014/03/12 21:34:07 stroeder Exp $
$Id: pwdpolicy.py,v 1.5 2015/10/24 15:55:07 stroeder Exp $
"""
__all__ = [
'ExpirationWarningControl'
'PasswordExpiringControl',
'PasswordExpiredControl',
]
# Imports from python-ldap 2.4+

3
Lib/ldap/controls/sss.py
View File

@@ -5,13 +5,12 @@ ldap.controls.sss - classes for Server Side Sorting
See http://www.python-ldap.org/ for project details.
$Id: sss.py,v 1.1 2015/06/22 16:47:08 stroeder Exp $
$Id: sss.py,v 1.2 2015/10/24 15:52:23 stroeder Exp $
"""
__all__ = [
'SSSRequestControl',
'SSSResponseControl',
'SSSVLVPagedLDAPObject'
]

24
Lib/ldap/ldapobject.py
View File

@@ -3,7 +3,7 @@ ldapobject.py - wraps class _ldap.LDAPObject
See http://www.python-ldap.org/ for details.
\$Id: ldapobject.py,v 1.147 2015/08/08 13:37:41 stroeder Exp $
\$Id: ldapobject.py,v 1.149 2015/10/24 15:46:12 stroeder Exp $
Compability:
- Tested with Python 2.0+ but should work with Python 1.5.x
@@ -274,7 +274,7 @@ class SimpleLDAPObject:
self.__class__.__name__,repr(name)
))
def fileno():
def fileno(self):
"""
Returns file description of LDAP connection.
@@ -384,23 +384,29 @@ class SimpleLDAPObject:
"""
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
"""
Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL)
"""
self.sasl_interactive_bind_s('',ldap.sasl.sasl({},sasl_mech))
self.sasl_interactive_bind_s(
'',
ldap.sasl.sasl(
{ldap.sasl.CB_USER:authz_id},
sasl_mech
)
)
def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
"""
Send SASL bind request using SASL mech EXTERNAL
"""
self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags)
self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags,authz_id)
def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET):
def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''):
"""
Send SASL bind request using SASL mech GSSAPI
"""
self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags)
self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id)
def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None):
"""
@@ -1079,7 +1085,7 @@ class ReconnectLDAPObject(SimpleLDAPObject):
self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
return res
def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None):
def sasl_bind_s(self,*args,**kwargs):
res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs)
self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs)
return res

4
Lib/ldif.py
View File

@@ -3,7 +3,7 @@ ldif - generate and parse LDIF data (see RFC 2849)
See http://www.python-ldap.org/ for details.
$Id: ldif.py,v 1.85 2015/09/30 17:17:28 stroeder Exp $
$Id: ldif.py,v 1.87 2015/10/24 16:12:31 stroeder Exp $
Python compability note:
Tested with Python 2.0+, but should work with Python 1.5.2+.
@@ -415,7 +415,7 @@ class LDIFParser:
"""
return self.parse_entry_records() # parse()
def handle_change_modify(self,dn,modops,controls=None):
def handle_modify(self,dn,modops,controls=None):
"""
Process a single LDIF record representing a single modify operation.
This method should be implemented by applications using LDIFParser.