Ldap3

Latest version: v2.9.1

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 18

2.9.1

- new feature: added support for using Kerberos authentication on windows clients using the native winkerberos library
- new feature: added support for using Channel Bind tokens with Kerberos authentication on windows clients
- fixed a bug related to using start_tls with a RESTARTABLE strategy that caused errors to be raised erroneously.
- fixed a bug around the type checking of Reverse DNS Settings with Kerberos authentication
- fixed an issue related to decoding unicode strings in LDAP referrals and attributes in python 2
- minor documentation updates and corrections

2.9

- new feature: SafeRestartable strategy (SAFE_RESTARTABLE) for using a restartable Connection object in a multi-threading program
- tested against Python 3.9
- added requirements-dev.txt
- fixed logging unicode exceptions in python2.7
- added more granular control over use of reverse dns with Kerberos (thanks Azaria)
- support MS Active Directory persistent search (thanks eLeX)
- added support for LDAP signing when using DIGEST-MD5 authentication (thanks Augustin-FL)
- check only for searchResEntries in LDIF conversion (thanks Jay)
- modify-increment now works properly in mock strategies (thanks Saint-Marcel)
- objectGUID are now converted properly (thanks Janne)
- default timeout in asynchronous strategies raised to 20 seconds

2.8.1

- fixed regression in 2.8 for members returned in AD auto-range search (thanks Felix)
- fixed regression in 2.8 for attribute error in restartable class (thanks Christian)
- try to use Crypto library if present for hashing NTLM password on python interpreter missing the MD4 OpenSSL algorithm (thanks Doron)

2.8

- new feature: SafeSync strategy (SAFE_SYNC) for using a synchronous Connection object in a multi-threading program
- new feature: LDIF_LINE_LENGTH for specifying line length wrapping in ldif-content output (default to 78 as per RFC 2849)
- fixed requirements for pyasn1
- fixed regression for ldapi connections
- fixed issue with lazy connection requesting server info on every operation
- fixed searching by objectGUID in hex format (thanks Matt)
- added iso_format parameter to utils.format_json to return dates in ISO format (thanks Hugh)
- fixed issue with Referral attributes not returned by the referral server (thanks Nazarii)
- fixed lost error message in auto_bind (thanks cfelder)
- fixed delete_old_dn in mock connections (thanks kpinc)
- fixed a ResourceWarning with lazy connections
- fixed entry_to_json() that in python2 modified the original entry value (thanks Dirk-Jan)
- tests doesnt' raise Exception if real server is not present (thanks Matej)

2.7

- tested against Python 3.8.1 and pyasn1 0.4.8
- re-enabled ssl exception raising on bad certificate when only 1 server is present in the server pool
- removed Python 2.6 from Travis configuration (thanks gliptak)
- added support for source specifications in LDAP connections (thanks Azaria)
- added support for allowing special AD security identifier (SID) in DN (thanks John)
- fixed pickling of entry and attribute (thanks cfelder)
- close connection when auto_bind fails (thank Hrishikesh)
- operational attributes can be used in Abstraction Layer (thanks Sohalt)
- additional SSL options can be used in Tls object (thanks Nazarii)
- threading.Event replaces loop checking in async strategy. ASYNC strategy should be much faster now (thanks Yang)
- adding a key that is already an alias that contains other aliases in CaseInsensitiveWithAliasDict() now works properly (thanks Mark)
- when searching for GUID, UUID and SID the backslash character (0x5C) is properly managed (thanks Nocturem)
- LDIF output properly formatted when controls are missing (thanks Tom)
- operational attributes are not returned in MOCK strategies when not requested (thanks kpinc)
- undecodable values are returned as raw bytes when using the pyasn1 decoder

2.6.1

- tested against pyasn1 0.4.7
- added eDirectory 9.1.4 (EDIR_9_1_4) to offline schemas
- added json converter for timedelta (thanks dirkjanm)
- strip parameter defaults to False in utils.dn.parse_dn()
- escaped space is allowed as trailing character in attribute_value in utils.dn.parse_dn() (thanks phi1010)
- connection.extend.standard.paged_search doesn't raise exceptions when raise_exceptions is False
- the Search operation returns the entries fetched by the server when size or time limits are reached even if raise_exceptions is set to True
- Handle the minimum value that can be stored in an Int64 in format_ad_timedelta (thanks mprahl)
- EntryState: `entry_raw_attributes` is populated instead of `raw_attributes` (thanks Christian)
- Removed restriction to perform rename and move simultaneously in modify_dn (thanks Fabian)
- fixed checking for hexdigits in parse_dn (thanks Michael)
- fixed escaping when multiple backslashes are present in parse_dn (thanks Phillip)
- fixed multiple NoneType exceptions in entry_to_json() (thanks David and cfelder)
- allowing Microsoft specific syntax (<WKGUID=xxx>) for WellKnownObjects in DN (thanks David)
- connection.extend.standard.paged_search() now follows referrals when auto_referrals=True (thanks kprativa)
- fixed a bug in decoding replica list in connection.extend.novell.list_replicas()
- fixed a bug when adding duplicate alias in CaseInsensitiveWithAliasDict()
- added ignore_duplicates=False in set_aliases in CaseInsensitiveWithAliasDict() to ignore a duplicate alias (either in aliases or in keys)
- Schema info now uses CaseInsensitiveWithAlias dict as default so object and attributes can also be referentiated with OID (thanks ahoffm11)
- added block mode and timeout parameters to next() method of persistent_search
- when using the pyasn1 decoder raw_dn is not returned as a pyasn1 object anymore but as bytes
- Return offset timezone aware datetime for max AD timestamp (thanks Jussi)

Page 1 of 18

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.