From pviktori at redhat.com Wed Jan 10 06:46:16 2018 From: pviktori at redhat.com (Petr Viktorin) Date: Wed, 10 Jan 2018 12:46:16 +0100 Subject: [python-ldap] ANN: python-ldap 3.0.0b3 (beta release) Message-ID: Find a new BETA release of python-ldap: https://pypi.python.org/pypi/python-ldap/3.0.0b4 To install this beta release via pip, you need to supply the `--pre` flag: pip install --pre python-ldap Please test with your code and report any issues, either on this mailing list or on the GitHub tracker: https://github.com/python-ldap/python-ldap/issues If there are no major issues found with it, this will become 3.0.0 in a week or so. About the project: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAP URLs and LDAPv3 schema). Project's web site: https://www.python-ldap.org/ After years of being hosted by Michael Str?der (thank you!), the project's website was merged with the documentation, and is hosted at Read the Docs & Cloudflare. Git commit hash for the release: python-ldap-3.0.0b4 ad46c1104ea40117f8fb0fd08653517743f94723 ---------------------------------------------------------------- Released 3.0.0b4 2018-01-10 Changes since 3.0.0b3: Removed support for Python 3.3, which reached its end-of-life 2017-09-29. Lib/ * Make default argument values work under bytes_mode * Update use of map() to use list/set comprehensions instead Test/ * Refactor syncrepl tests to run with bytes_mode Doc/ * Document all_records attribute of LDIFRecordList -- Petr Viktorin From paulobruck1 at gmail.com Mon Mar 5 12:36:31 2018 From: paulobruck1 at gmail.com (paulo bruck) Date: Mon, 5 Mar 2018 14:36:31 -0300 Subject: [python-ldap] ldap + tls + ssf Message-ID: Hi I have been using pyhon-ldap with success untill not - Thanks guys for excellent work on it. Now I'm tryng to one more step. Nowadays I use python 2.7 + TLS for all search, add, delete and I would like to implement SSF. Using ldapsearch -xLLLZZ works like a charm ( I insert at cn=config.ldif a line as) olcSecurity: ssf=1 update_ssf=112 simple_bind=64 and my olcDatabase.mdb has olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to * by self write by anonymous read by * read #olcAccess: {2}to * by self write by anonymous none by * read I would like to use as below: anonymous none) olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none olcAccess: {1}to attrs=shadowLastChange by self write by * read #olcAccess: {2}to * by self write by anonymous read by * read olcAccess: {2}to * by self write by anonymous none by * read But when I use it I receive this error: Traceback (most recent call last): File "./ldap_contato.py", line 447, in l = Ldap_Contato() File "./ldap_contato.py", line 85, in __init__ conn.simple_bind_s(cn,password) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 223, in simple_bind_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) ldap.CONFIDENTIALITY_REQUIRED: {'info': 'confidentiality required', 'desc': 'Confidentiality required'} and part of my connections userd: global conn conn = ldap.initialize('ldap://' + hostnamef) # nao coloquei o simple_bind_s por causa do ssf conn.simple_bind_s(cn,password) conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_ALLOW) conn.set_option(ldap.OPT_X_TLS_CACERTFILE,"/etc/ssl/" + hostnamed + "/cacert.pem") conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) conn.set_option(ldap.OPT_REFERRALS, 0) try: conn.start_tls_s() # print(a) except ldap.LDAPError as e: with open (log,"a") as f: f.write("erro na conex?o ldap+tls info:" + e.message['info'] + " desc:" + e.message['desc'] + "\n") f.close() I saw at ldapobject.py a sslxssf but I 'm not sure that I can use it because I'm using TLS instead ssl. any directions about what is missing? thank's in advanced -- Paulo Ricardo Bruck consultor -------------- next part -------------- An HTML attachment was scrubbed... URL: From linus at vangeuns.name Mon Mar 5 13:35:49 2018 From: linus at vangeuns.name (Linus van Geuns) Date: Mon, 5 Mar 2018 19:35:49 +0100 Subject: [python-ldap] ldap + tls + ssf In-Reply-To: References: Message-ID: Hi, On Mon, Mar 5, 2018 at 6:36 PM, paulo bruck wrote: > Hi > [..] > > Nowadays I use python 2.7 + TLS for all search, add, delete and I would like > to implement SSF. > [..] > > But when I use it I receive this error: > > Traceback (most recent call last): > File "./ldap_contato.py", line 447, in > l = Ldap_Contato() > File "./ldap_contato.py", line 85, in __init__ > conn.simple_bind_s(cn,password) [..] > ldap.CONFIDENTIALITY_REQUIRED: {'info': 'confidentiality required', 'desc': > 'Confidentiality required'} > > > and part of my connections userd: > > global conn > conn = ldap.initialize('ldap://' + hostnamef) > > # nao coloquei o simple_bind_s por causa do ssf > conn.simple_bind_s(cn,password) [..] > > try: > conn.start_tls_s() [..] > > any directions about what is missing? looks like you are calling simple_bind_s before start_tls_s. :) Gru?, Linus From paulobruck1 at gmail.com Mon Mar 5 14:19:33 2018 From: paulobruck1 at gmail.com (paulo bruck) Date: Mon, 5 Mar 2018 16:19:33 -0300 Subject: [python-ldap] ldap + tls + ssf In-Reply-To: References: Message-ID: Hi Linux Thanks for observe my mistake , commented line # conn.simple_bind_s(cn,password) but unfortunatelly it is still not working...80( Is there an options that I must use TLS + ssf ? thanks again for your time 2018-03-05 15:35 GMT-03:00 Linus van Geuns : > Hi, > > On Mon, Mar 5, 2018 at 6:36 PM, paulo bruck wrote: > > Hi > > > [..] > > > > Nowadays I use python 2.7 + TLS for all search, add, delete and I would > like > > to implement SSF. > > > [..] > > > > But when I use it I receive this error: > > > > Traceback (most recent call last): > > File "./ldap_contato.py", line 447, in > > l = Ldap_Contato() > > File "./ldap_contato.py", line 85, in __init__ > > conn.simple_bind_s(cn,password) > [..] > > ldap.CONFIDENTIALITY_REQUIRED: {'info': 'confidentiality required', > 'desc': > > 'Confidentiality required'} > > > > > > and part of my connections userd: > > > > global conn > > conn = ldap.initialize('ldap://' + hostnamef) > > > > # nao coloquei o simple_bind_s por causa do ssf > > conn.simple_bind_s(cn,password) > [..] > > > > try: > > conn.start_tls_s() > [..] > > > > any directions about what is missing? > > looks like you are calling simple_bind_s before start_tls_s. :) > > Gru?, Linus > -- Paulo Ricardo Bruck consultor tel 011 3596-4881/4882 011 98140-9184 (TIM) http://www.contatogs.com.br http://www.protejasuarede.com.br gpg AAA59989 at wwwkeys.us.pgp.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From linus at vangeuns.name Mon Mar 5 15:45:53 2018 From: linus at vangeuns.name (Linus van Geuns) Date: Mon, 5 Mar 2018 21:45:53 +0100 Subject: [python-ldap] ldap + tls + ssf In-Reply-To: References:

Message-ID: Hi Paulo, On Mon, Mar 5, 2018 at 8:19 PM, paulo bruck wrote: > Hi Linux > > Thanks for observe my mistake , commented line > > # conn.simple_bind_s(cn,password) > > but unfortunatelly it is still not working...80( Coud you provide the current stacktrace? > > Is there an options that I must use TLS + ssf ? I have not configured slapd for quite some time, so I don't know. If it works fine with ldapsearch -ZZ, my approach would be to debug based on the errors encountered. Gru?, Linus From pviktori at redhat.com Tue Mar 13 09:11:00 2018 From: pviktori at redhat.com (Petr Viktorin) Date: Tue, 13 Mar 2018 14:11:00 +0100 Subject: [python-ldap] ANN: python-ldap 3.0.0 Message-ID: <52b658ce-563a-2eac-8bfa-e6a340f05acf@redhat.com> Find a new release of python-ldap: https://pypi.python.org/pypi/python-ldap/3.0.0 Notable changes since 2.4.45 (depending on what you are upgrading from, some may already be in your current version): * This is the first official release with Python 3 support. This includes "bytes mode" to ease porting from Python 2; see the documentation for more details: https://python-ldap.readthedocs.io/en/latest/bytes_mode.html * The module `ldap.async` is renamed to `ldap.asyncsearch` * python-ldap now depends on pyasn1 and pyasn1_modules. When python-ldap is installed using pip, these are pulled in automatically. * Dropped support for Python 2.6 and 3.3 * Lots of other fixes and enhancement -- see the full list below. If you find any issues, please report them either on this mailing list or on the GitHub tracker: https://github.com/python-ldap/python-ldap/issues About the project: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAP URLs and LDAPv3 schema). Project's web site: https://www.python-ldap.org/ After years of being hosted by Michael Str?der (thank you!), the project's website was merged with the documentation, and is hosted at Read the Docs & Cloudflare. Git commit hash for the release: python-ldap-3.0.0 6e0dca67594dd90270864fcf24780472458ae642 ---------------------------------------------------------------- Released 3.0.0 2018-03-12 Changes since 3.0.0b4: Lib/ * Add bytes_strictness to allow configuring behavior on bytes/text mismatch Modules/ * Add argument name to bytes mode TypeError * Use correct integer types for BER encode/decode (fix for big endian machines) Test/ * Set $LDAPNOINIT in all tests * Add test for secure TLS default * Ignore SASL methods in DSE test (fix for restricted environments) * Remove filterstr workaround from syncrepl test * Explicitly set TLS_REQUIRE_CERT option to TLS_HARD in test_tls_ext_noca Doc/ * Link to bytes mode from text-string arguments in the ldap module Infrastructure: * Include lber in list of libraries in setup.cfg ---------------------------------------------------------------- Released 3.0.0b4 2018-01-10 Changes since 3.0.0b3: Removed support for Python 3.3, which reached its end-of-life 2017-09-29. Lib/ * Make default argument values work under bytes_mode * Update use of map() to use list/set comprehensions instead Test/ * Refactor syncrepl tests to run with bytes_mode Doc/ * Document all_records attribute of LDIFRecordList ---------------------------------------------------------------- Released 3.0.0b3 2017-12-20 Changes since 3.0.0b2: The functions `ldap.open()`, `ldap.init()`, `ldif.CreateLDIF()` and `ldif.ParseLDIF()`, which were deprecated for over a decade, are scheduled for removal in python-ldap 3.1. Infrastructure: * Require setuptools to build * Start running automatic tests on PyPy Lib/ * When raising LDAPBytesWarning, give helpful code locations * Use modern Python idioms in several places * Avoid reimplementing UserDict.get() in cidict and models.Entry Doc/ * Use https links Test/ * Add reproducer for openldap's NSS shutdown/restart issue * Make testing on non-Linux platforms easier ---------------------------------------------------------------- Released 3.0.0b2 2017-12-11 Changes since 3.0.0b1: The module `ldap.async` is renamed to `ldap.asyncsearch`, due to `async` becoming a keyword in Python 3.7. The old module name is deprecated, but will be available as long as Python 3.6 is supported. Lib/ * Use custom ldap.LDAPBytesWarning class * Rename ldap.async to ldap.asyncsearch Modules/ * Support None for set_option(OPT_TIMEOUT) and OPT_NETWORK_TIMEOUT * Fix error reporting of LDAPObject.set_option() * Change memory handling in attrs_from_List() Test/ * Remove workaround for OpenLDAP NSS issue Demo/ * Use uniform shebang in all demos Doc/ * Provide build deps for Alpine and CentOS * Move sample workflow out of the main Contributing guide Infrastructure: * Add valgrind target to check for memory leaks * Minimal configuration for pytest ---------------------------------------------------------------- Released 3.0.0b1 2017-12-04 Changes since 2.4.45: (this list includes changes from 2.5.x) New dependencies (automatically installed when using pip): * pyasn1 0.3.7+ * pyasn1_modules 0.1.5+ Python 3 support and bytes_mode: * merged from the pyldap fork (https://github.com/pyldap) * please see documentation on bytes_mode and text/bytes handling: https://python-ldap.readthedocs.io/en/latest/bytes_mode.html Removed support for Python 2.6. Infrastructure: * Move to Git * Don't define search path for includes and libs in the default setup.cfg * Include sasl/sasl.h from the standard path * Re-format README to ReStructured Text * Setup for automatic testing using Travis CI * Add coverage reporting for Python and C * Add install requires into setup.py * Remove distclean.sh in favor of make clean * Use `package`, `depends`, `install_requires` in setup.py * Add make target for scan-build (static analysis using clang) * Add make target and suppression file for Valgrind (memory checker) Modules/ * Remove unused LDAPberval helper functions * Fix type conversion in page control * Fix multiple ref leaks in error-handling code * Fix reference leak in result4 * Fix several compiler warnings * Fix memory leak in whoami * Fix internal error handling of LDAPControl_to_List() * Fix two memory leaks and release GIL in encode_assertion_control * Allow set_option() to set timeouts to infinity and, thanks to Michael Str?der: * removed unused code schema.c * moved code from version.c to ldapmodule.c * removed obsolete back-ward compability constants from common.h * build checks whether LDAP_API_VERSION is OpenLDAP 2.4.x * _ldap.__author__ and _ldap.__license__ also set from ldap.pkginfo * assume C extension API for Python 2.7+ Lib/ * Avoid eval() for getting module-level variables to fix running under pytest * Compability changes for pyasn1 0.3 or newer and, thanks to Michael Str?der: * ldap.__version__, ldap.__author__ and ldap.__license__ now imported from new sub-module ldap.pkginfo also to setup.py * Added safety assertion when importing _ldap: ldap.pkginfo.__version__ must match _ldap.__version__ * removed stand-alone module dsml * slapdtest.SlapdObject.restart() just restarts slapd without cleaning any data * The methods SSSResponseControl.decodeControlValue() and VLVResponseControl.decodeControlValue() now follow the coding convention to use camel-cased ASN.1 name as class attribute name. The old class names are still set for back-ward compability but should not be used in new code because they might be removed in a later release. * removed SSSRequestControl from ldap.controls.KNOWN_RESPONSE_CONTROLS * removed all dependencies on modules string and types * removed use of .has_key() * removed class ldap.ldapobject.NonblockingLDAPObject * new global constant ldap.LIBLDAP_API_INFO * right after importing _ldap there is a call into libldap to initialize it * method .decodeControlValue() of SSSResponseControl and VLVResponseControl does not set class attribute result_code anymore * always use bytes() for UUID() constructor in ldap.syncrepl * module ldif now uses functions b64encode() and b64decode() * fixed pickling and restoring of ReconnectLDAPObject Lib/slapdtest * Automatically try some common locations for SCHEMADIR * Ensure server is stopped when the process exits * Check for LDAP schema and slapd binaries * slapdtest is now a package and includes testing certificates Tests/ * Expand cidict membership test * Add test suite for binds * Add test suite for edits * Add a smoke-check for listall() and attribute_types() * Add test case for SASL EXTERNAL auth * Add tests for start_tls * In CI, treat compiler warnings as fatal errors * Added tests for ldap.syncrepl and, thanks to Michael Str?der: * added explicit reconnect tests for ReconnectLDAPObject * scripts do not directly call SlapdTestCase.setUpClass() anymore * added LDIF test with folded, base64-encoded attribute * added more tests for sub-module ldap.dn Doc/ * Build documentation without the compiled C extension * Merge contents from python-ldap.org * Move reference documentation in its own section * Document return value of {modify,add,delete}_ext_s() as a tuple * Add tests for documentation (build & spelling) * Link to documentation of old versions * Add a contributing guide From aadhikar at redhat.com Thu Mar 22 08:12:37 2018 From: aadhikar at redhat.com (Akshay Adhikari) Date: Thu, 22 Mar 2018 17:42:37 +0530 Subject: [python-ldap] Not able to fetch passwordGraceLimit's value Message-ID: Hi All, I was testing password policies for ldap and got around with this issue in the following code : [1] https://github.com/python-ldap/python-ldap/blame/master/Lib/ldap/controls/ppolicy.py So the problem which I am facing is, I am not able to extract passwordGraceLimit's value. It is returning as Null value. The same sort of code works for me while extracting value for passwordWarning. For clearance on this I will share my piece of code. [2] https://pastebin.com/WAYCQ7F8 Also for more clear idea I am pasting the whole code. [3] https://pagure.io/389-ds-base/blob/master/f/dirsrvtests/tests/suites/password/pwdPolicy_controls_test.py Please go through it, any suggestion would be really helpful. Thanks and Regards Akshay Adhikari -------------- next part -------------- An HTML attachment was scrubbed... URL: From christian at python.org Thu Mar 22 09:42:11 2018 From: christian at python.org (Christian Heimes) Date: Thu, 22 Mar 2018 14:42:11 +0100 Subject: [python-ldap] Not able to fetch passwordGraceLimit's value In-Reply-To: References: Message-ID: On 2018-03-22 13:12, Akshay Adhikari wrote: > Hi All, > > I was testing password policies for ldap and got around with this issue > in the following code : > [1] > https://github.com/python-ldap/python-ldap/blame/master/Lib/ldap/controls/ppolicy.py > > So the problem which I am facing is, I am not able to extract > passwordGraceLimit's value. It is returning as Null value. The same sort > of code works for me while extracting value for?passwordWarning. For > clearance on this I will share my piece of code.? > [2]?https://pastebin.com/WAYCQ7F8 > > Also for more clear idea I am pasting the whole code. > [3] > ?https://pagure.io/389-ds-base/blob/master/f/dirsrvtests/tests/suites/password/pwdPolicy_controls_test.py > > > Please go through it, any suggestion would be really helpful. ? The operation may not be supported by your LDAP server or your user may not have privileges to access the field. It looks like you are working on 389-DS. Mark, Simon, or William should be able to help you to debug the issue. Christian From aadhikar at redhat.com Thu Mar 22 10:14:59 2018 From: aadhikar at redhat.com (Akshay Adhikari) Date: Thu, 22 Mar 2018 19:44:59 +0530 Subject: [python-ldap] Not able to fetch passwordGraceLimit's value In-Reply-To: References: Message-ID: Hi Christian, Thanks for you feedback on this, Actually the entries are reflecting in the dse.ldif with the proper values under cn=config, which suggest that the operation is happening on the ldap, so as per me there isn't any issue with the server. I have talked with Simon on this and will defiantly get along with others. Also I have manually tried setting up the entry for passwordGraceLimit. Here is the dse.ldif : https://pastebin.com/VmsxWiZ4 Thanks, On Thu, Mar 22, 2018 at 7:12 PM, Christian Heimes wrote: > On 2018-03-22 13:12, Akshay Adhikari wrote: > > Hi All, > > > > I was testing password policies for ldap and got around with this issue > > in the following code : > > [1] > > https://github.com/python-ldap/python-ldap/blame/master/ > Lib/ldap/controls/ppolicy.py > > > > So the problem which I am facing is, I am not able to extract > > passwordGraceLimit's value. It is returning as Null value. The same sort > > of code works for me while extracting value for passwordWarning. For > > clearance on this I will share my piece of code. > > [2] https://pastebin.com/WAYCQ7F8 > > > > Also for more clear idea I am pasting the whole code. > > [3] > > https://pagure.io/389-ds-base/blob/master/f/dirsrvtests/tests/suites/ > password/pwdPolicy_controls_test.py > > password/pwdPolicy_controls_test.py> > > > > Please go through it, any suggestion would be really helpful. > > The operation may not be supported by your LDAP server or your user may > not have privileges to access the field. > > It looks like you are working on 389-DS. Mark, Simon, or William should > be able to help you to debug the issue. > > Christian > > _______________________________________________ > python-ldap mailing list > python-ldap at python.org > https://mail.python.org/mailman/listinfo/python-ldap > -------------- next part -------------- An HTML attachment was scrubbed... URL: