[python-ldap] pyasn1 recent versions break ldap.syncrepl - What policy should be followed?

Karl Kornel akkornel at stanford.edu
Thu Aug 17 03:22:55 EDT 2017


In testing my syncrepl code, I have discovered that pyasn1 version 0.3.1 and 0.3.2 have a change in their API, which causes ldap.syncrepl to silently fail.

When I say "silently fail", I mean the exceptions pyasn1 generates are mostly ignored, because most of the Syncrepl LDAP controls are not marked critical.

I have many more details, including a script to expose the pyasn1 issue, at this URL:


I need to open an issue with pyasn1, which I'll probably do tomorrow.  However, before I do that, I have a question: What is the policy regarding supported versions of pyasn1?

Here's what I mean: If the author of pyasn1 decides that the new version is not going to be backwards-compatible, then ldap.syncrepl will have to either use the old API, use the new API, or detect the pyasn1 version in real-time.

Which policy be preferred?

For reference, Debian jessie (the current oldstable) has pyasn1 version 0.1.7.  All other active Debian distributions have version 0.1.9.  CentOS 6 has version 0.0.12a; CentOS 7 has version 0.1.8.  Fedora 22 has version 0.1.7 (with patches).  MacPorts has version 0.2.2.

So, to maintain support with most packages, the policy would have to be "use the old API" or "detect the version".

One other possibility is, the pyasn1 author fixes the issue, so that ldap.syncrepl works again.

As for my opinion, I am not sure.  I want to wait to hear from the pyasn1 author, to see if this is something which is going to be a breaking change.

So, what should be the direction?

 ~  A. Karl Kornel, (650) 736-9327
 Research  Computing
 University  IT, Stanford University

More information about the python-ldap mailing list