xref: /dports/net/py-ldap/python-ldap-3.4.0/CHANGES

Released 3.4.0 2021-11-26

This release requires Python 3.6 or above,
and is tested with Python 3.6 to 3.10.
Python 2 is no longer supported.

New code in the python-ldap project is available under the MIT licence
(available in ``LICENCE.MIT`` in the source). Several contributors have agreed
to apply this licence their previous contributions as well.
See the ``README`` for details.

The following undocumented functions are deprecated and scheduled for removal:
- ``ldap.cidict.strlist_intersection``
- ``ldap.cidict.strlist_minus``
- ``ldap.cidict.strlist_union``

Security fixes:
* Fix inefficient regular expression which allows denial-of-service attacks
  when parsing specially-crafted LDAP schema.
  (GHSL-2021-117)

Changes:
* On MacOS, remove option to make LDAP connections from a file descriptor
  when built with the system libldap (which lacks the underlying function,
  ``ldap_init_fd``)
* Attribute values of the post read control are now ``bytes``
  instead of ISO8859-1 decoded ``str``
* ``LDAPUrl`` now treats urlscheme as case-insensitive
* Several OpenLDAP options are now supported:
  * ``OPT_X_TLS_REQUIRE_SAN``
  * ``OPT_X_SASL_SSF_EXTERNAL``
  * ``OPT_X_TLS_PEERCERT``

Fixes:
* The ``copy()`` method of ``cidict`` was added back. It was unintentionally
  removed in 3.3.0
* Fixed getting/setting ``SASL`` options on big endian platforms
* Unknown LDAP result code are now converted to ``LDAPexception``,
  rather than raising a ``SystemError``.

slapdtest:
* Show stderr of slapd -Ttest
* ``SlapdObject`` uses directory-based configuration of ``slapd``
* ``SlapdObject`` startup is now faster

Infrastructure:
* CI now runs on GitHub Actions rather than Travis CI.


----------------------------------------------------------------
Released 3.3.0 2020-06-18

Highlights:
* ``LDAPError`` now contains additional fields, such as ctrls, result, msgid
* ``passwd_s`` can now extract the newly generated password
* LDAP connections can now be made from a file descriptor

This release is tested on Python 3.8, and the beta of Python 3.9.

The following undocumented functions are deprecated and scheduled for removal:
- ``ldap.cidict.strlist_intersection``
- ``ldap.cidict.strlist_minus``
- ``ldap.cidict.strlist_union``

Modules/
* Ensure ReconnectLDAPObject is not left in an inconsistent state after
  a reconnection timeout
* Syncrepl now correctly parses SyncInfoMessage when the message is a syncIdSet
* Release GIL around global get/set option call
* Do not leak serverctrls in result functions
* Don't overallocate memory in attrs_from_List()
* Fix thread support check for Python 3
* With OpenLDAP 2.4.48, use the new header openldap.h

Lib/
* Fix some edge cases regarding quoting in the schema tokenizer
* Fix escaping a single space in ldap.escape_dn_chars
* Fix string formatting in ldap.compare_ext_s
* Prefer iterating dict instead of calling dict.keys()

Doc/
* Clarify the relationship between initialize() and LDAPObject()
* Improve documentation of TLS options
* Update FAQ to include Samba AD-DC error message
  "Operation unavailable without authentication"
* Fix several incorrect examples and demos
  (but note that these are not yet tested)
* Update Debian installation instructions for Debian Buster
* Typo fixes in docs and docstrings

Test/
* Test and document error cases in ldap.compare_s
* Test if reconnection is done after connection loss
* Make test certificates valid for the far future
* Use slapd -Tt instead of slaptest

Infrastructure:
* Mark the LICENCE file as a license for setuptools
* Use "unittest discover" rather than "setup.py test" to run tests


----------------------------------------------------------------
Released 3.2.0 2019-03-13

Lib/
* Add support for X-ORIGIN in ldap.schema's ObjectClass
* Make initialize() pass extra keyword arguments to LDAPObject
* ldap.controls.sss: use str instead of basestring on Python 3
* Provide ldap._trace_* atributes in non-debug mode

Doc/
* Fix ReST syntax for links to set_option and get_option

Tests/
* Use intersphinx to link to Python documentation
* Correct type of some attribute values to bytes
* Use system-specific ENOTCONN value

Infrastructure:
* Add testing and document support for Python 3.7
* Add Python 3.8-dev to Tox and CI configuration
* Add Doc/requirements.txt for building on Read the Docs


----------------------------------------------------------------
Released 3.1.0 2018-05-25

This release brings two minor API changes:
- Long-deprecated functions `ldap.open()` and `ldap.init()` are removed
- `LDAPObject.compare_s()` and `compare_ext_s` return bool instead of 0 or 1

All changes since 3.0.0:

Lib/
* Remove long deprecated functions ldap.open() and ldap.init()
* LDAPObject.compare_s() and LDAPObject.compare_ext_s() now return a bool
  instead of 1 or 0.
* Make iteration over cidict yield same values as keys()
* Fail if pyasn1 is not installed
* Fix parsing of PPolicyControl ASN.1 structure
* Use items() when appropriate in dict iteration
* Add support for tracing LDAP calls. Tracing can now be enabled with
  the env var PYTHON_LDAP_TRACE_LEVEL and redirected to a file with
  PYTHON_LDAP_TRACE_FILE.
  (This is mainly intended for debugging and internal testing; the
  configuration or output may change in future versions.)

Modules/
* Fix ref counting bug in LDAPmessage_to_python

Doc/
* Remove warning about unreleased version
* Doc: Replace Mac OS X -> macOS

Tests/
* Add tests and coverage for tracing
* Disable warnings-as-errors for Python 3.4
* Fix assertTrue to assertEqual
* Mark several test values as bytes

Lib/slapdtest/
* Fix error message for missing commands
* Make SlapdObject a context manager
* Disable SASL external when missing SASL support
* Make SlapdObject.root_dn a property
* In SlapdObject, build include directives dynamically
* Move import statements to top level

Code style:
* Add Makefile rules for automatic formatting of C and Python code
* Reformat and indent all C files
* Trim white space throughout the project

Infrastructure:
* Add py3-trace tox environment to Travis CI config
* Add new Pytest cache directory to gitignore

General:
* Update all pypi.python.org URLs to pypi.org


----------------------------------------------------------------
Released 3.0.0 2018-03-12

Notable changes since 2.4.45 (please see detailed logs below):
* Python 3 support and bytes_mode
  see: https://python-ldap.readthedocs.io/en/latest/bytes_mode.html
* The module `ldap.async` is renamed to `ldap.asyncsearch`
* New dependencies: pyasn1, pyasn1_modules
* Dropped support for Python 2.6 and 3.3


Changes since 3.0.0b4:

Lib/
* Add bytes_strictness to allow configuring behavior on bytes/text mismatch

Modules/
* Add argument name to bytes mode TypeError
* Use correct integer types for BER encode/decode (fix for big endian machines)

Test/
* Set $LDAPNOINIT in all tests
* Add test for secure TLS default
* Ignore SASL methods in DSE test (fix for restricted environments)
* Remove filterstr workaround from syncrepl test
* Explicitly set TLS_REQUIRE_CERT option to TLS_HARD in test_tls_ext_noca

Doc/
* Link to bytes mode from text-string arguments in the ldap module

Infrastructure:
* Include lber in list of libraries in setup.cfg

----------------------------------------------------------------
Released 3.0.0b4 2018-01-10

Changes since 3.0.0b3:

Removed support for Python 3.3, which reached its end-of-life 2017-09-29.

Lib/
* Make default argument values work under bytes_mode
* Update use of map() to use list/set comprehensions instead

Test/
* Refactor syncrepl tests to run with bytes_mode

Doc/
* Document all_records attribute of LDIFRecordList


----------------------------------------------------------------
Released 3.0.0b3 2017-12-20

Changes since 3.0.0b2:

The functions `ldap.open()`, `ldap.init()`, `ldif.CreateLDIF()`
and `ldif.ParseLDIF()`, which were deprecated for over a decade,
are scheduled for removal in python-ldap 3.1.

Infrastructure:
* Require setuptools to build
* Start running automatic tests on PyPy

Lib/
* When raising LDAPBytesWarning, give helpful code locations
* Use modern Python idioms in several places
* Avoid reimplementing UserDict.get() in cidict and models.Entry

Doc/
* Use https links

Test/
* Add reproducer for openldap's NSS shutdown/restart issue
* Make testing on non-Linux platforms easier


----------------------------------------------------------------
Released 3.0.0b2 2017-12-11

Changes since 3.0.0b1:

The module `ldap.async` is renamed to `ldap.asyncsearch`, due to
`async` becoming a keyword in Python 3.7.
The old module name is deprecated, but will be available as long
as Python 3.6 is supported.

Lib/
* Use custom ldap.LDAPBytesWarning class
* Rename ldap.async to ldap.asyncsearch

Modules/
* Support None for set_option(OPT_TIMEOUT) and OPT_NETWORK_TIMEOUT
* Fix error reporting of LDAPObject.set_option()
* Change memory handling in attrs_from_List()

Test/
* Remove workaround for OpenLDAP NSS issue

Demo/
* Use uniform shebang in all demos

Doc/
* Provide build deps for Alpine and CentOS
* Move sample workflow out of the main Contributing guide

Infrastructure:
* Add valgrind target to check for memory leaks
* Minimal configuration for pytest


----------------------------------------------------------------
Released 3.0.0b1 2017-12-04

Changes since 2.4.45:
(this list includes changes from 2.5.x)

New dependencies (automatically installed when using pip):
* pyasn1 0.3.7+
* pyasn1_modules 0.1.5+

Python 3 support and bytes_mode:
* merged from the pyldap fork (https://github.com/pyldap)
* please see documentation on bytes_mode and text/bytes handling:
    https://python-ldap.readthedocs.io/en/latest/bytes_mode.html

Removed support for Python 2.6.

Infrastructure:
* Move to Git
* Don't define search path for includes and libs in the default setup.cfg
* Include sasl/sasl.h from the standard path
* Re-format README to ReStructured Text
* Setup for automatic testing using Travis CI
* Add coverage reporting for Python and C
* Add install requires into setup.py
* Remove distclean.sh in favor of make clean
* Use `package`, `depends`, `install_requires` in setup.py
* Add make target for scan-build (static analysis using clang)
* Add make target and suppression file for Valgrind (memory checker)

Modules/
* Remove unused LDAPberval helper functions
* Fix type conversion in page control
* Fix multiple ref leaks in error-handling code
* Fix reference leak in result4
* Fix several compiler warnings
* Fix memory leak in whoami
* Fix internal error handling of LDAPControl_to_List()
* Fix two memory leaks and release GIL in encode_assertion_control
* Allow set_option() to set timeouts to infinity
and, thanks to Michael Ströder:
* removed unused code schema.c
* moved code from version.c to ldapmodule.c
* removed obsolete back-ward compability constants from common.h
* build checks whether LDAP_API_VERSION is OpenLDAP 2.4.x
* _ldap.__author__ and _ldap.__license__ also set from ldap.pkginfo
* assume C extension API for Python 2.7+

Lib/
* Avoid eval() for getting module-level variables to fix running under pytest
* Compability changes for pyasn1 0.3 or newer
and, thanks to Michael Ströder:
* ldap.__version__, ldap.__author__ and ldap.__license__ now
  imported from new sub-module ldap.pkginfo also to setup.py
* Added safety assertion when importing _ldap:
  ldap.pkginfo.__version__ must match _ldap.__version__
* removed stand-alone module dsml
* slapdtest.SlapdObject.restart() just restarts slapd
  without cleaning any data
* The methods SSSResponseControl.decodeControlValue() and
  VLVResponseControl.decodeControlValue() now follow the coding
  convention to use camel-cased ASN.1 name as class attribute name.
  The old class names are still set for back-ward compability
  but should not be used in new code because they might be removed
  in a later release.
* removed SSSRequestControl from ldap.controls.KNOWN_RESPONSE_CONTROLS
* removed all dependencies on modules string and types
* removed use of .has_key()
* removed class ldap.ldapobject.NonblockingLDAPObject
* new global constant ldap.LIBLDAP_API_INFO
* right after importing _ldap there is a call into libldap to initialize it
* method .decodeControlValue() of SSSResponseControl and VLVResponseControl
  does not set class attribute result_code anymore
* always use bytes() for UUID() constructor in ldap.syncrepl
* module ldif now uses functions b64encode() and b64decode()
* fixed pickling and restoring of ReconnectLDAPObject

Lib/slapdtest
* Automatically try some common locations for SCHEMADIR
* Ensure server is stopped when the process exits
* Check for LDAP schema and slapd binaries
* slapdtest is now a package and includes testing certificates

Tests/
* Expand cidict membership test
* Add test suite for binds
* Add test suite for edits
* Add a smoke-check for listall() and attribute_types()
* Add test case for SASL EXTERNAL auth
* Add tests for start_tls
* In CI, treat compiler warnings as fatal errors
* Added tests for ldap.syncrepl
and, thanks to Michael Ströder:
* added explicit reconnect tests for ReconnectLDAPObject
* scripts do not directly call SlapdTestCase.setUpClass() anymore
* added LDIF test with folded, base64-encoded attribute
* added more tests for sub-module ldap.dn

Doc/
* Build documentation without the compiled C extension
* Merge contents from python-ldap.org
* Move reference documentation in its own section
* Document return value of {modify,add,delete}_ext_s() as a tuple
* Add tests for documentation (build & spelling)
* Link to documentation of old versions
* Add a contributing guide

----------------------------------------------------------------
Released 2.4.45 2017-10-09

Changes since 2.4.44:

Lib/
* Fixed reraising of wrong exception in SimpleLDAPObject._ldap_call()
  (thanks to Aigars Grins)

Tests/
* removed work-around in t_cext.py

----------------------------------------------------------------
Released 2.4.44 2017-09-08

Changes since 2.4.43:

Modules/
* more fine-grained GIL releasing in function l_ldap_result4()

----------------------------------------------------------------
Released 2.4.43 2017-09-06

Changes since 2.4.42:

Lib/
* fixed passing all arguments from LDAPObject.sasl_non_interactive_bind_s()
  to LDAPObject.sasl_interactive_bind_s()

Tests/
* added test for LDAPObject.sasl_external_bind_s()

Doc/
* added docs for SASL bind methods
* more references
* better sorting of LDAPObject methods

----------------------------------------------------------------
Released 2.4.42 2017-09-04

Changes since 2.4.41:

Lib/
* added new SlapdObject methods _ln_schema_files() and
  _create_sub_dirs()
* SlapdObject methods setup_rundir() and gen_config()
  are now "public" methods
* removed pseudo test script from module ldap.cidict

Tests/
* added sub-module for testing class ldap.cidict.cidict
* avoid deprecated method alias unittest.TestCase.assertEquals

----------------------------------------------------------------
Released 2.4.41 2017-07-12

Changes since 2.4.40:

Lib/
* Added support for increment: lines in LDIF changes records

----------------------------------------------------------------
Released 2.4.40 2017-06-27

Changes since 2.4.39:

Modules/
* fixed memory leaks when using extended controls
  (thanks to Erik Cumps)

----------------------------------------------------------------
Released 2.4.39 2017-05-31

Changes since 2.4.38:

Lib/
* fixed errno-related ldap.TIMEOUT regression

Lib/slapdtest.py
* Removed obsolete assert statements

----------------------------------------------------------------
Released 2.4.38 2017-04-28

Changes since 2.4.37:

Lib/slapdtest.py
* SlapdObject now evaluates env var SLAPD for optionally pointing
  to OpenLDAP's slapd executable (e.g. with OpenLDAP LTB builds)
* added LDAPI support in slaptest.SlapdObject which is internally used
  in methods ldapadd() and ldapwhoami()
* added method slaptest.SlapdObject.ldapmodify()
* fixed enabling logger in slaptest
* directory name now contains port to be able to run several SlapdObject
  instances side-by-side (e.g. with replication)
* added authz-regexp mapping to rootdn for user running the test
* internally use SASL/EXTERNAL via LDAPI to bind
* SlapdObject.server_id used as serverID in slapd.conf for MMR
* Removed method SlapdObject.started() because SlapdTestCase.setUpClass()
  will be used to add initial entries

Tests/
* ReconnectLDAPObject is also tested by sub-classing test class

----------------------------------------------------------------
Released 2.4.37 2017-04-27

Changes since 2.4.36:

Lib/
* fixed errno-related regression introduced in 2.4.35

Tests/
* added more checks to t_cext.py
* renamed t_search.py to t_ldapobject.py and code-cleaning
* added test for errno-related regression to t_ldapobject.py

----------------------------------------------------------------
Released 2.4.36 2017-04-26

Changes since 2.4.35:

Lib/
* gracefully handle KeyError in LDAPObject._ldap_call() when
  using errno
* added new stand-alone module slapdtest (formerly Tests/slapd.py)
  for general use (still experimental)

Tests/
* re-factored t_cext.py and t_search.py
* set env var LDAPNOINIT=1 in t_cext.py and t_search.py to avoid
  interference with locally installed .ldaprc or ldap.conf
* by default back-mdb is now used for slapd-based tests
  which requires fairly recent OpenLDAP builds but implements
  full feature set
* env vars can be set for slapd.py to tweak path names
  of executables, temporary and schema data to be used
* new class SlapdTestCase

----------------------------------------------------------------
Released 2.4.35 2017-04-25

Changes since 2.4.33:
(2.4.34 is missing because of foolish pypi version madness)

Modules/
* use errno in a safer way
* set errno as LDAPError class item
* do not use strerror() which is not thread-safe and platform-specific

Lib/
* LDAPObject._ldap_call() sets LDAPError info to value returned
  by platform-neutral os.stderror()

----------------------------------------------------------------
Released 2.4.33 2017-04-25

Changes since 2.4.32:

Lib/
* faster implementation of ldap.schema.tokenizer.split_tokens()
  (thanks to Christian Heimes)
* removed unused 2nd argument of ldap.schema.tokenizer.split_tokens()
* fixed method calls in ReconnectLDAPObject (thanks to Philipp Hahn)

Modules/
* an empty info message is replaced with strerror(errno) if errno is non-zero
  which gives more information e.g. in case of ldap.SERVER_DOWN
  (thanks to Markus Klein)
* removed superfluous ldap_memfree(error) from LDAPerror()
  (thanks to Markus Klein)

Tests/
* re-factored t_ldap_schema_tokenizer.py

----------------------------------------------------------------
Released 2.4.32 2017-02-14

Changes since 2.4.31:

Running tests made easier:
- python setup.py test
- added tox.ini

----------------------------------------------------------------
Released 2.4.31 2017-02-14

Changes since 2.4.30:

Tests/
* new test scripts t_ldap_schema_tokenizer.py and t_ldap_modlist.py
  on former raw scripts (thanks to Petr Viktorin)
* new test-cases in t_ldapurl.py based on former raw scripts
  (thanks to Petr Viktorin)
* new test-cases in t_ldap_dn.py
* moved a script to Demo/

----------------------------------------------------------------
Released 2.4.30 2017-02-08

Changes since 2.4.29:

Lib/
* compability fix in ldap.controls.deref to be compatible to
  recent pyasn1 0.2.x (thanks to Ilya Etingof)

----------------------------------------------------------------
Released 2.4.29 2017-01-25

Changes since 2.4.28:

Modules/
* Fixed checking for empty server error message
  (thanks to Bradley Baetz)
* Fixed releasing GIL when calling ldap_start_tls_s()
  (thanks to Lars Munch)

----------------------------------------------------------------
Released 2.4.28 2016-11-17

Changes since 2.4.27:

Lib/
* LDAPObject.unbind_ext_s() invokes LDAPObject._trace_file.flush()
  only if LDAPObject._trace_level is non-zero and Python is running
  in debug mode
* LDAPObject.unbind_ext_s() now ignores AttributeError
  in case LDAPObject._trace_file has no flush() method
* added dummy method ldap.logger.logging_file_class.flush() because
  LDAPObject.unbind_ext_s() invokes it

----------------------------------------------------------------
Released 2.4.27 2016-08-01

Changes since 2.4.26:

Lib/
* added 'strf_secs' and 'strp_secs' to ldap.functions.__all__
* fixed regression introduced with 2.4.26:
  ldif.LDIFParser did not fully parse LDIF records without trailing empty
  separator line

----------------------------------------------------------------
Released 2.4.26 2016-07-24

Changes since 2.4.25:

Installation:
* added ldap.controls.sss to py_modules in setup.py

Lib/
* LDAPObject.unbind_ext() now removes class attribute
  LDAPObject._l to completely invalidate C wrapper object
* LDAPObject.unbind_ext() now flushes trace file
* ldap.ldapobject.SimpleLDAPObject:
  added convenience methods read_rootdse_s() and get_naming_contexts()
* added functions ldap.strf_secs() and ldap.strp_secs()
* added function ldap.filter.time_span_filter()
* Refactored ldif.LDIFParser
  * ldif.LDIFParser.version ís now Integer
  * ignore multiple empty lines between records
* Fixed ldap.dn.is_dn()

Modules/
* Fixed #69 Segmentation fault on whoami_s after unbind
  (thanks to Christian Heimes and Petr Viktorin)

Tests/
* Fixed result3() being used instead of correct result4()
  (see #66, thanks to David D. Riddle)
* Tests/slapd.py honors env var $TMP instead of just using
  hard-coded /var/tmp
* Tests/slapd.py now expects schema to be in /etc/openldap/
* Tests/t_ldapurl.py now independent of module ldap
* Tests/t_ldif.py now has more test-cases including change records
* added some more test scripts for sub-modules ldap.dn, ldap.filter and
  ldap.functions (not complete yet)

----------------------------------------------------------------
Released 2.4.25 2016-01-18

Changes since 2.4.23:
(2.4.24 is missing because of foolish pypi version madness)

Lib/
* Fix for attrlist=None regression introduced in 2.4.23
  by ref count patch

----------------------------------------------------------------
Released 2.4.23 2016-01-17

Changes since 2.4.22:

Modules/
* Ref count issue in attrs_from_List() was fixed
  (thanks to Elmir Jagudin)

----------------------------------------------------------------
Released 2.4.22 2015-10-25

Changes since 2.4.21:

Lib/
* LDIFParser now also accepts value-spec without a space
  after the colon.
* Added key-word argument authz_id to LDAPObject methods
  sasl_non_interactive_bind_s(), sasl_external_bind_s() and
  sasl_gssapi_bind_s()
* Hmmpf! Added missing self to LDAPObject.fileno().
* ReconnectLDAPObject.sasl_bind_s() now correctly uses
  generic wrapper arguments *args,**kwargs
* Correct method name LDIFParser.handle_modify()
* Corrected __all__ in modules ldap.controls.pwdpolicy and
  ldap.controls.openldap

Doc/
* Started missing docs for sub-module ldap.sasl.

----------------------------------------------------------------
Released 2.4.21 2015-09-25

Changes since 2.4.20:

Lib/
* LDAPObject.read_s() now returns None instead of raising
  ldap.NO_SUCH_OBJECT in case the search operation returned emtpy result.
* ldap.resiter.ResultProcessor.allresults() now takes new key-word
  argument add_ctrls which is internally passed to LDAPObject.result4()
  and lets the method also return response control along with the search
  results.
* Added ldap.controls.deref implementing support for dereference control

Tests/
* Unit tests for module ldif (thanks to Petr Viktorin)

----------------------------------------------------------------
Released 2.4.20 2015-07-07

Changes since 2.4.19:

* New wrapping of OpenLDAP's function ldap_sasl_bind_s() allows
  to intercept the SASL handshake (thanks to René Kijewski)

Modules/
* Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and
  ldap.AUTH_METHOD_NOT_SUPPORTED

Lib/
* Abandoned old syntax when raising ValueError in modules ldif and
  ldapurl, more information in some exceptions.
* ldap.ldapobject.LDAPObject:
  New convenience methods for SASL GSSAPI or EXTERNAL binds
* Refactored parts in ldif.LDIFParser:
  - New class attributes line_counter and byte_counter contain
    amount of LDIF data read so far
  - Renamed some internally used methods
  - Added support for parsing change records currently limited to
    changetype: modify
  - New separate methods parse_entry_records() (also called by parse())
    and parse_change_records()
  - Stricter order checking of dn:, changetype:, etc.
  - Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__
* New mix-in class ldap.controls.openldap.SearchNoOpMixIn
  adds convience method noop_search_st() to LDAPObject class
* Added new modules which implement the control classes
  for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) and
  Server-side Sorting (see RFC 2891) (thanks to Benjamin Dauvergne)
  Note: This is still experimental! Even the API can change later.

----------------------------------------------------------------
Released 2.4.19 2015-01-10

Changes since 2.4.18:

Lib/
* Fixed missing ReconnectLDAPObject._reconnect_lock when pickling
  (see SF#64, thanks to Dan O'Reilly)
* Added ldap.controls.pagedresults which is pure Python implementation of
  Simple Paged Results Control (see RFC 2696) and delivers the correct
  result size

----------------------------------------------------------------
Released 2.4.18 2014-10-09

Changes since 2.4.17:

Lib/
* Fixed raising exception in LDAPObject.read_s() when reading
  an entry returns empty search result

----------------------------------------------------------------
Released 2.4.17 2014-09-27

Changes since 2.4.16:

Lib/
* New hook syncrepl_refreshdone() in ldap.syncrepl.SyncReplConsumer
  (thanks to Petr Spacek and Chris Mikkelson)

Modules/
* Added support for getting file descriptor of connection
  with ldap.OPT_DESC

----------------------------------------------------------------
Released 2.4.16 2014-09-10

Changes since 2.4.15:

Lib/
* New convenience function ldap.dn.is_dn()
* New convenience function ldap.escape_str()
* New convenience methods LDAPObject.read_s() and
  LDAPObject.find_unique_entry()
* Fixed invoking start_tls_s() in ReconnectLDAPObject.reconnect()
  (thanks to Philipp Hahn)

----------------------------------------------------------------
Released 2.4.15 2014-03-24

Changes since 2.4.14:

Lib/
* Added missing modules ldap.controls.openldap and
  ldap.controls.pwdpolicy to setup.py
* Added missing imports to ldap.controls.pwdpolicy
* Fixed ldap.controls.pwdpolicy.decodeControlValue() to decode
  string of digits
* Support for X-SUBST in schema element class LDAPSyntax
* Support for X-ORDERED and X-ORIGIN in schema element class AttributeType
* ldapurl: New scope 'subordinates' defined in
  draft-sermersheim-ldap-subordinate-scope

Modules/
* New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for
  draft-sermersheim-ldap-subordinate-scope
* Fixed constant ldap.sasl.CB_GETREALM (thanks to Martin Pfeifer)

----------------------------------------------------------------
Released 2.4.14 2014-01-31

Changes since 2.4.13:

Lib/
* Added ldap.controls.openldap.SearchNoOpControl
* New method ldap.async.AsyncSearchHandler.afterFirstResult()
  for doing something right after successfully receiving but before
  processing first result
* Better log data written when invoking ldap.LDAPLock.acquire() and
  ldap.LDAPLock.release()
* LDAPObject and friends now pass `desc' to ldap.LDAPLock() which
  results in better logging
* ldapobject.ReconnectLDAPObject now uses internal class-wide
  lock for serializing reconnects
* Method signature of ReconnectLDAPObject.reconnect() changed to be able
  to call it with separate retry_max and retry_delay values

Modules/
* Added support for retrieving negotiated TLS version/cipher
  with LDAPObject.get_option() with the help of upcoming OpenLDAP libs

----------------------------------------------------------------
Released 2.4.13 2013-06-27

Changes since 2.4.12:

Lib/
* ldapobject.ReconnectLDAPObject._apply_last_bind() now sends
  anonymous simple bind request even if the calling application
  did not to provoke ldap.SERVER_DOWN in method reconnect()
* ldapobject.ReconnectLDAPObject.reconnect() now also catches
  ldap.TIMEOUT exception after reconnection attempt
* Several other fixes for ldapobject.ReconnectLDAPObject
  (thanks to Jonathan Giannuzzi)

----------------------------------------------------------------
Released 2.4.12 2013-06-01

Changes since 2.4.11:

Lib/
* Truly optional import of PyAsn1Error exception which should
  not fail anymore if pyasn1 is not installed

----------------------------------------------------------------
Released 2.4.11 2013-05-27

Changes since 2.4.10:

Lib/
* ldap.controls.DecodeControlTuples() now simply ignores
  PyAsn1Error exception raised during decoding malformed
  response control values in case of non-critical controls.
* ldif.LDIFWriter.unparse() does not simply skip empty
  records anymore.

----------------------------------------------------------------
Released 2.4.10 2012-06-07

Changes since 2.4.9:

Lib/
* ldapobject.ReconnectLDAPObject.reconnect() now preserves
  order of options set with LDAPObject.set_option before.
  This is needed e.g. for setting connection-specific TLS options.

Demo/
* Better version of Demo/pyasn1/syncrepl.py
  (thanks to Ben Cooksley)

----------------------------------------------------------------
Released 2.4.9 2012-03-14

Changes since 2.4.8:

Lib/
* ldapobject.ReconnectLDAPObject.reconnect() now does kind of
  an internal locking to pause other threads while reconnecting
  is pending.
* Changes to bind- and startTLS-related operation methods of
  class ReconnectLDAPObject for more robustness
* New constant ldap.OPT_NAMES_DICT contains mapping from
  integer to variable name for all option-related constants.

----------------------------------------------------------------
Released 2.4.8 2012-02-21

Changes since 2.4.7:

Lib/
* Fixed overzealous check for non-unique NAMEs in
  ldap.schema.subentry.SubSchema.__init__()
* Fixed typos in control decoding method
  ldap.controls.simple.OctetStringInteger.decodeControlValue()
* Added experimental support for draft-vchu-ldap-pwd-policy

----------------------------------------------------------------
Released 2.4.7 2012-12-19

Changes since 2.4.6:

Lib/
* Separate classes for request/response controls for RFC 3829
* Fixed ldap.schema.subentry.SubSchema.attribute_types() to
  also eliminate double attribute types in MAY clause of
  DIT content rule

Modules/
* Fixed memory leak (thanks to David Malcolm)

----------------------------------------------------------------
Released 2.4.6 2011-11-27

Changes since 2.4.5:

Lib/
* ldap.controls.ppolicy:
  Another fix for decoding the password policy response control

----------------------------------------------------------------
Released 2.4.5 2011-11-25

Changes since 2.4.4:

Installation:
* defines for SASL and SSL in setup.cfg to be more friendly to
  Python setup tools (easy_install)

Lib/
* Fixed typo in ldap.functions._ldap_function_call() which
  always released ldap._ldap_module_lock instead of local lock
* ldap.controls.ppolicy:
  Fixed decoding the password policy response control

Demo/
* Demo script for ldap.controls.ppolicy

----------------------------------------------------------------
Released 2.4.4 2011-10-26

Changes since 2.4.3:

Modules/
* Format intermediate messages as 3-tuples instead of
  4-tuples to match the format of other response messages.
  (thanks to Chris Mikkelson)
* Fixes for memory leaks (thanks to Chris Mikkelson)

Lib/
* New experimental(!) sub-module ldap.syncrepl implementing syncrepl
  consumer (see RFC 4533, thanks to Chris Mikkelson)

Doc/
* Cleaned up rst files
* Added missing classes

----------------------------------------------------------------
Released 2.4.3 2011-07-23

Changes since 2.4.2:

Lib/
* Mostly corrected/updated __doc__ strings

Doc/
* Corrected rst files
* Added missing modules, functions, classes, methods, parameters etc.
  at least as auto-generated doc

----------------------------------------------------------------
Released 2.4.2 2011-07-21

Changes since 2.4.1:

Lib/

Logging:
* pprint.pformat() is now used when writing method/function
  arguments to the trace log

ldap.schema.subentry:
* SubSchema.__init__() now has new key-word argument check_uniqueness
  which enables checking whether OIDs are unique in the subschema subentry
* Code-cleaning: consequent use of method SubSchema.getoid() instead of
  accessing SubSchema.name2oid directly.
* SubSchema.getoid() and SubSchema.getoid() now have key-word argument
  raise_keyerror=0 and raise KeyError with appropriate description.

----------------------------------------------------------------
Released 2.4.1 2011-07-05

Changes since 2.4.0:

Modules:
* New LDAP option OPT_X_TLS_PACKAGE available in OpenLDAP 2.4.26+
  to determine the name of the SSL/TLS package OpenLDAP was
  built with

Lib/
* ldap.modlist.modifyModlist(): New key-word argument
  case_ignore_attr_types used to define attribute types for which
  comparison of old and new values should be case-insensitive
* Minor changes to which data is sent to debug output for various
  trace levels
* Now tag [1] is used in ldap.extop.dds.RefreshResponse in
  compliance with RFC 2589 (fix available for OpenLDAP ITS#6886)
* New sub-module ldap.controls.sessiontrack implements request control
  as described in draft-wahl-ldap-session (needs pyasn1_modules)

----------------------------------------------------------------
Released 2.4.0 2011-06-02

Changes since 2.3.13:

* OpenLDAP 2.4.11+ required to build
* Support for extracting LDAPv3 extended controls in
  LDAP_RES_SEARCH_ENTRY responses
  (see SF#2829057, thanks to Rich)
* Generic support for LDAPv3 extended operations (thanks to Rich)

Lib/
* new class API in ldap.controls, not backwards-compatible!
* new sub-modules for ldap.controls, some require pyasn1 and pyasn1_modules
* New methods LDAPObject.result4() and LDAPObject.extop_result()
* New (optional) class ldap.controls.AssertionControl
* New helper module ldap.logger contains file-like object which
  sends trace messages to logging.log()
* Removed non-functional method LDAPObject.set_cache_options()
* Removed unused dictionary ldap.controls.knownLDAPControls

Modules/
* ldapcontrol.c: Fixed encode_assertion_control() and function is no longer
  hidden behind ifdef-statement

----------------------------------------------------------------
Released 2.3.13 2011-02-19

Changes since 2.3.12:

Modules/
* Correct #ifdef-statement for LDAP_OPT_X_TLS_CRLFILE in
  constants.c fixes build with older OpenLDAP libs
* Support for LDAP_OPT_DEFBASE (see SF#3072016, thanks to Johannes)

----------------------------------------------------------------
Released 2.3.12 2010-08-05

Changes since 2.3.11:

Lib/
* Removed tabs from various modules to make things work with python -tt.
* Quick fix to ldif.is_dn() to let multi-valued RDNs pass as valid.
  Is too liberal in some corner-cases though...
* Fix to ldif.is_dn() to allow dashes in attribute type (see SF#3020292)
* ldap.open() now outputs a deprecation warning
* module-wide locking is now limited to calling _ldap.initialize().
  Still ldap.functions._ldap_function_call() is used to wrap all
  calls for writing debug log.

Modules/
* New LDAP options available in OpenLDAP 2.4.18+ supported in
  LDAPObject.get/set_option():
  ldap.OPT_X_KEEPALIVE_IDLE, ldap.OPT_X_KEEPALIVE_PROBES,
  ldap.OPT_X_KEEPALIVE_INTERVAL,
  ldap.OPT_X_TLS_CRLCHECK, ldap.OPT_X_TLS_CRLFILE

Doc/
* Various small updates/improvements

----------------------------------------------------------------
Released 2.3.11 2010-02-26

Changes since 2.3.10:

Lib/
* Fixed LDAP URL parsing with four ? but no real extensions
* ldap.ldapobject.LDAPObject.rename_s() now also accepts arguments
  serverctrls and clientctrls
* Removed untested and undocumented class ldap.ldapobject.SmartLDAPObject
* Removed broken method ldap.ldapobject.LDAPObject.manage_dsa_it()

Modules/
* Make use of LDAP_OPT_X_TLS_NEWCTX only if available in
  OpenLDAP libs used for the build
* Fixed #ifdef-statements for OPT_X_TLS_PROTOCOL_MIN

Doc/
* Some updates and corrections regarding description of use of
  LDAPv3 controls
* Some more descriptions for constants
* Removed comments related to old LaTeX-based documentation system

----------------------------------------------------------------
Released 2.3.10 2009-10-30

Changes since 2.3.9:

Lib/
* The diagnosticMessage returned by a server is written to the trace
  output also for successful operations.
* Fixed handling of LDAP URL extensions with implicit value None which are
  mapped to class attributes of LDAPUrl.
* Fixed handling of LDAP URLs with ? being part of extensions.
* Fixed exceptions raised by get_option/set_option (SF#1964993)
* ldap.functions: Fixed import trace-related variables from base-module ldap
* Fixed ldap.resiter missing in RPMs built with python setup.py bdist_rpm
* Fix in class ldap.schema.models.SchemaElement:
  repr() was liberally used in methods key_attr() and key_list() to enclose
  values in quotes.

Modules/
* Changed internal API List_to_LDAPControls() to LDAPControls_from_object()
* Supported was added for retrieving the SASL username during SASL bind with
  ldap_get_option(LDAP_OPT_X_SASL_USERNAME) if available in libldap.
* New LDAP option constant ldap.OPT_X_TLS_NEWCTX supported
  in LDAPObject.set_option()
* New LDAP option constants supported in LDAPObject.get/set_option():
  ldap.OPT_X_TLS_PROTOCOL_MIN, ldap.OPT_CONNECT_ASYNC, ldap.OPT_X_TLS_DHFILE
* Fixed setting _ldap.OPT_ON and _ldap.OPT_OFF
* l_ldap_result3(): controls are now parsed for all response types (SF#2829057)

Doc/
* Added example for ldap.resiter

----------------------------------------------------------------
Released 2.3.9 2009-07-26

Changes since 2.3.8:

Lib/
* All modules (ldap, ldif, dsml and ldapurl) have common version number now
* Non-exported function ldif.needs_base64() was abandoned and is now
  implemented as method LDIFWriter._needs_base64_encoding().
  This allows sub-classes of LDIFWriter to implement determining whether
  attribute values have to be base64-encoded in a different manner and is
  the same approach like in class dsml.DSMLWriter.
* LDAPUrlExtension._parse() now gracefully handles LDAP URL extensions
  without explicit exvalue as being set with implicit value None.

Modules/
* New LDAP option constant ldap.OPT_X_SASL_NOCANON supported
  in LDAPObject.get/set_option()

----------------------------------------------------------------
Released 2.3.8 2009-04-30

Changes since 2.3.7:

Lib/
* ldap.schema.models: More fault-tolerant parsing of SYNTAX in
  AttributeTypeDescription
* ldap.schema.tokenizer.split_tokens():
  More tolerant parsing of items separated only with a DOLLAR without
  surrounding white-spaces (because WSP is declared as zero or more spaces
  in RFC 4512)

----------------------------------------------------------------
Released 2.3.7 2009-04-09

Changes since 2.3.6:

Lib/
* urllib.quote() is now used in LDAPUrlExtension.unparse() to quote
  all special URL characters in extension values

Modules/
* Fixed ldapcontrol.c not to raise ldap.ENCODING_ERROR in
  function encode_rfc2696() on 64-bit systems
* Fixed seg fault if error code in a LDAP response was outside
  the known error codes and could not be mapped to a specific
  exception class (thanks to Sean)
* errors.c: LDAP_ERROR_MAX set to LDAP_PROXIED_AUTHORIZATION_DENIED
  if available in OpenLDAP header
* new exception class ldap.PROXIED_AUTHORIZATION_DENIED
  if available in OpenLDAP header
* Fixed functions.c not to raise ldap.ENCODING_ERROR in
  function l_ldap_str2dn() on 64-bit systems (see SF#2725356)

----------------------------------------------------------------
Released 2.3.6 2009-02-22

Changes since 2.3.5:

Lib/
* Importing ldap.str2dn() which directly imported _ldap.str2dn()
  is prohibited now (see SF#2181141)

Modules/
* get_option(): Added support for reading more SASL options.
  (OPT_X_SASL_MECH, OPT_X_SASL_REALM, OPT_X_SASL_AUTHCID and
  OPT_X_SASL_AUTHZID)
* Added some explicit type casts to fix issues while building
  with SunStudio
* Fixed compiling issue with GCC 4.4
  (see SF#2555793, thanks to Matej and Martin)

Doc/
* Clarified not to use ldap_get_dn() directly
* Fixed description of ldap.SASL_AVAIL and ldap.TLS_AVAIL
  (see SF#2555804, thanks to Matej and Martin)

----------------------------------------------------------------
Released 2.3.5 2008-07-06

Changes since 2.3.4:

Lib/
* Fixed methods ldap.cidict.__contains__() and
  ldap.schema.models.Entry.__contains__()
* FWIW method LDAPObject.cancel_s() returns a result now
* Fixed ldap.schema.models.NameForm: Class attribute oc is now
  of type string, not tuple to be compliant with RFC 4512
----------------------------------------------------------------
Released 2.3.4 2008-03-29

Changes since 2.3.3:

Modules/
* Fixed seg fault when calling LDAPObject.get_option()
  (see SF#1926507, thanks to Matej)

----------------------------------------------------------------
Released 2.3.3 2008-03-26

Changes since 2.3.2:

Fixed backward-compability when building with OpenLDAP 2.3.x libs.

----------------------------------------------------------------
Released 2.3.2 2008-03-26

Changes since 2.3.1:

Lib/
* ldap.dn.escape_dn_chars() now really adheres to
  RFC 4514 section 2.4 by escaping null characters and a
  space occurring at the beginning of the string
* New method ldap.cidict.cidict.__contains__()
* ldap.dn.explode_dn() and ldap.dn.explode_rdn()
  have a new optional key-word argument flags which is
  passed to ldap.dn.str2dn().

Modules/
* Removed unused OPT_PRIVATE_EXTENSION_BASE from constants.c

Doc/
* Various additions, updates, polishing (thanks to James).

----------------------------------------------------------------
Released 2.3.1 2007-07-25

Changes since 2.3.0:

* Support for setuptools (building .egg, thanks to Torsten)
* Support for matched values control (RFC 3876, thanks to Andreas)

Lib/
* Fixed ldif (see SF#1709111, thanks to Dmitry)
* ldap.schema.models:
  SUP now separated by $ (method __str__() of classes
  AttributeType, ObjectClass and DITStructureRule, thanks to Stefan)

Modules/
* Added constant MOD_INCREMENT to support
  modify+increment extension (see RFC 4525, thanks to Andreas)
----------------------------------------------------------------
Released 2.3.0 2007-03-27

Changes since 2.2.1:

* OpenLDAP 2.3+ required now to build.
* Added support for Cancel operation ext. op. if supported
in OpenLDAP API of the libs used for the build.

Modules/
* Removed deprecated code for setting options by name
* Added l_ldap_cancel()
* Some modifications related to PEP 353 for
  Python 2.5 on 64-bit platforms (see SF#1467529, thanks to Matej)
* Added new function l_ldap_str2dn(), removed functions
  l_ldap_explode_dn() and l_ldap_explode_rdn()
  (see SF#1657848, thanks to David)

Lib/
* Added method ldapobject.LDAPObject.cancel()
* ldap.schema.subentry.urlfetch() now can do non-anonymous
  simple bind if the LDAP URL provided contains extensions
  'bindname' and 'X-BINDPW'. (see SF#1589206)
* ldap.filter.escape_filter_chars() has new a key-word argument
  escape_mode now which defines which chars to be escaped
  (see SF#1193271).
* Various important fixes to ldapobject.ReconnectLDAPObject
* Moved all DN-related functions to sub-module ldap.dn,
  import them in ldap.functions for backward compability
* ldap.dn.explode_dn() and ldap.dn.explode_rdn() use the new
  wrapper function ldap.dn.str2dn() (related to SF#1657848)
* changetype issue partially fixed (see SF#1683746)

----------------------------------------------------------------
Released 2.2.1 2006-11-15

Changes since 2.2.0:

Modules/
* Fix for Python 2.5 free(): invalid pointer (see SF#1575329)
* passwd() accepts None for arguments user, oldpw, newpw
  (see SF#1440151)

Lib/
* ldif.LDIFWriter.unparse() now accepts instances of
  derived dict and list classes (see SF#1489898)

----------------------------------------------------------------
Released 2.2.0 2006-04-10

Changes since 2.0.11:

* OpenLDAP 2.2+ required now to build.

Modules/
* Dropped all occurences of '#ifdef #LDAP_VENDOR_VERSION'.
* Fixed wrong tuple size in l_ldap_result3() (see SF#1368108)
* Fixed get_option(ldap.OPT_API_INFO) (see SF#1440165)
* Fixed memory leak in l_ldap_result3() when all=0
  (see SF#1457325)
* Fixed memory leak in l_ldap_result3() in error cases
  (see SF#1464085)

Lib/
* Fixed ldap.schema.models.DITStructureRule.__str__() to
  separate SUP rule-ids with a single space instead of ' $ '
* Fixed ldap.async.Dict
* Added ldap.async.IndexedDict
* ldap.schema.subentry.SubSchema.attribute_types() has new
  key-word argument ignore_dit_content_rule
----------------------------------------------------------------
Released 2.0.11 2005-11-07

Changes since 2.0.10:

Lib/
* Class ldap.ldapobject.LDAPObject:
  Each method returns a result now
* Class ldap.ldapobject.ReconnectLDAPObject:
  Some methods called the wrong methods of LDAPObject. Fixed.
* Added new class ldap.async.Dict
* Slightly cleaned up ldap.schema.subentry.attribute_types()
* New sub-module ldap.resiter which simply provides a mix-in
  class for ldap.ldapobject.LDAPObject with a generator method
  allresults().
  Obviously this only works with Python 2.3+. And
  it's still experimental.

----------------------------------------------------------------
Released 2.0.10 2005-09-23

Changes since 2.0.9:

Lib/
* Switched back to old implementation of
  ldap.schema.tokenizer.split_tokens() since the new one
  had a bug which deletes the spaces from DESC
* ldap.INSUFFICIENT_ACCESS is now ignored in
  ldap.ldapobject.LDAPObject.search_subschemasubentry_s()

----------------------------------------------------------------
Released 2.0.9 2005-07-28

Changes since 2.0.8:

Modules/
* Removed __doc__ strings from ldapcontrol.c to "fix"
  build problems with Python versions 2.2 and earlier.

----------------------------------------------------------------
Released 2.0.8 2005-06-22 at Linuxtag 2005, Karlsruhe, Germany

Changes since 2.0.7:

* Preliminary support for receiving LDAP controls added.
  Contributor:
  - Andreas Ames

Lib/
- Added classes in module ldif to ldif.__all__ to fix
  from ldif import *
- Removed BitString syntax from
  ldap.schema.models.NOT_HUMAN_READABLE_LDAP_SYNTAXES
  since the LDAP encoding is in fact human-readable
- ldapurl.LDAPUrlExtension.unparse() outputs empty string
  if LDAPUrlExtension.exvalue is None
- Added ldap.controls.SimplePagedResultsControl

----------------------------------------------------------------
Released 2.0.7 2005-04-29

Changes since 2.0.6:

* Added preliminary support for sending LDAP controls
  with a request.
  Contributors:
  - Deepak Giridharagopal
  - Ingo Steuwer
  (Receiving controls in LDAP results still not supported.)

Modules:
* LDAPObject.c: removed l_ldap_manage_dsa_it()
* LDAPObject.c: Added missing #ifdef around l_ldap_passwd()
  for compability with older OpenLDAP libs.

Lib/
* New algorithm in ldap.schema.tokenizer.split_tokens()
  contributed by Wido Depping which is more robust
  when parsing very broken schema elements
  (e.g. Oracle's OID).
* Fixed argument list (position of timeout) when calling
  LDAPObject.search_ext_s() from search_st() and search_s().
* LDAPObject.search_ext_s() correctly calls search_ext_s() now.
* Re-implemented LDAPObject.manage_dsa_it() without calling _ldap.

----------------------------------------------------------------
Released 2.0.6 2004-12-03

Changes since 2.0.5:

Lib/
* Added sub-module ldap.dn
* Added function ldap.dn.escape_dn_chars()
* Special check when implicitly setting SUP 'top' to
  structural object classes without SUP defined to avoid
  a loop in the super class chain.

----------------------------------------------------------------
Released 2.0.5 2004-11-11

Changes since 2.0.4:

Some small improvements for SASL:
The noisy output during SASL bind is avoided now. Interaction
with output on stderr can be enabled by the calling application
by explicitly defining SASL flags.

Removed obsolete directory Win32/.

Lib/
* Make sure that ldap.sasl.sasl.cb_value_dict is a dictionary
  even when the caller passes in None to argument cb_value_dict
* Added new key-word arg sasl_flags to method
  LDAPObject.sasl_interactive_bind_s()

Modules/
* l_ldap_sasl_interactive_bind_s():
  New key-word arg sasl_flags passed to
  ldap_sasl_interactive_bind_s()

----------------------------------------------------------------
Released 2.0.4 2004-10-27

Changes since 2.0.3:

Modules/
* Applied some fixes for 64-bit platforms to LDAPObject.c
* Constants ldap.TLS_AVAIL and ldap.SASL_AVAIL will indicate
  whether python-ldap was built with support for SSL/TLS
  and/or SASL

setup.py and Modules/
* Applied some fixes for building under Win32

----------------------------------------------------------------
Released 2.0.3 2004-10-06

Changes since 2.0.2:

* Added support for LDAP Password Modify Extended Operation
  (see RFC 3062)

Demo/:
* Added passwd_ext_op.py

Modules/
* Added l_ldap_passwd() in LDAPObject.c

Lib/
* Added methods passwd() and passwd_s() to
  ldap.ldapobject.LDAPObject

----------------------------------------------------------------
Released 2.0.2 2004-07-29

Changes since 2.0.1:

Modules/
* Fixed detecting appropriate OpenLDAP libs version for
  determining whether ldap_whoami_s() is available or not.
  This fixes build problems with OpenLDAP libs 2.1.0 up
  to 2.1.12.

----------------------------------------------------------------
Released 2.0.1 2004-06-29

Changes since 2.0.0:

dsml:
* Fixed wrong exception message format string

ldap.schema.models:
* Fixed Entry.__delitem__() to delete really everything
  when deleting an attribute dictionary item.

----------------------------------------------------------------
Released 2.0.0 2004-05-18

Changes since 2.0.0pre21:

ldif:
* Empty records are simply ignored in ldif.LDIFWriter.unparse()

Modules/
* New method result2() returns 3-tuple containing the msgid
  of the outstanding operation.

ldap.ldapobject:
* New _ldap wrapper method LDAPObject.result2() (see above)
  which is now used by LDAPObject.result().

----------------------------------------------------------------
Released 2.0.0pre21 2004-03-29

Changes since 2.0.0pre20:

setup.py:
* runtime_library_dirs is set

Modules/
* (Hopefully) fixed building with OpenLDAP 2.2 libs in errors.c
* Removed meaningless repr() function from LDAPObject.c
* Removed setting LDAP_OPT_PROTOCOL_VERSION in l_ldap_sasl_bind_s()
* Modified string handling via berval instead of *char
  in l_ldap_compare_ext() makes it possible to compare attribute
  values with null chars.
* Wrapped ldap_sasl_bind() for simple binds instead of ldap_bind()
  since 1. the latter is marked deprecated and 2. ldap_sasl_bind()
  allows password credentials with null chars.
* Removed unused sources linkedlist.c and linkedlist.h
* Function l_ldap_whoami_s() only added if built against
  OpenLDAP 2.1.x+ libs (should preserve compability with 2.0 libs)

ldap.ldapobject:
* LDAPObject.bind() only allows simple binds since Kerberos V4
  binds of LDAPv2 are not supported anymore. An assert statement
  was added to make the coder aware of that.
* Renamed former LDAPObject.sasl_bind_s() to
  LDAPObject.sasl_interactive_bind_s() since it wraps OpenLDAP's
  ldap_sasl_interactive_bind_s()

----------------------------------------------------------------
Released 2.0.0pre20 2004-03-19

Changes since 2.0.0pre19:

Modules/
* Removed doc strings from functions.c
* Removed probably unused wrapper function l_ldap_dn2ufn() since
  ldap_dn2ufn() is deprecated in OpenLDAP 2.1+
* Removed wrapper function l_ldap_is_ldap_url().
* Removed macro add_int_r() from constants.c since it caused
  incompability issues with OpenLDAP 2.2 libs
  (Warning: all result types are Integers now! Use the constants!)
* New wrapper function l_ldap_whoami_s()

ldap.ldapobject:
* New wrapper method LDAPObject.whoami_s()

ldap.functions:
* Removed is_ldap_url(). The more general function
  ldapurl.isLDAPUrl() should be used instead.

ldap.sasl:
* Added class cram_md5 (for SASL mech CRAM-MD5)

ldap.async:
* Use constants for search result types (see note about
  add_int_r() above).

----------------------------------------------------------------
Released 2.0.0pre19 2004-01-22

Changes since 2.0.0pre18:

Modules/
* LDAPObject.c:
  Most deprecated functions of OpenLDAP C API are not used anymore.
* functions.c:
  Removed unused default_ldap_port().
* constants.c:
  Removed unused or silly constants
  AUTH_KRBV4, AUTH_KRBV41, AUTH_KRBV42, URL_ERR_BADSCOPE, URL_ERR_MEM
* errors.c:
  Fixed building with OpenLDAP 2.2.x
  (errors caused by negative error constants in ldap.h)

ldap.ldapobject.LDAPObject:
* Removed unused wrapper methods uncache_entry(), uncache_request(),
  url_search(), url_search_st() and url_search_s()
* New wrapper methods for all the _ext() methods in _ldap.LDAPObject.

ldap.modlist:
* Some performance optimizations and simplifications
  in function modifyModlist()

----------------------------------------------------------------
Released 2.0.0pre18 2003-12-09

Changes since 2.0.0pre17:

ldap.ldapobject:
* Fixed missing ldap._ldap_function_call() in
  ReconnectLDAPObject.reconnect()

----------------------------------------------------------------
Released 2.0.0pre17 2003-12-03

Changes since 2.0.0pre16:

ldap.functions:
* Fixed ImportError when running python -O

----------------------------------------------------------------
Released 2.0.0pre16 2003-12-02

Changes since 2.0.0pre15:

Modules/
* Removed definition of unused constant RES_EXTENDED_PARTIAL since
  the corresponding symbol LDAP_RES_EXTENDED_PARTIAL seems to not
  be available in OpenLDAP-HEAD (pre 2.2) anymore.

All in Lib/
* Fixed some subtle bugs/oddities mentioned by pychecker.

dsml:
* Renamed DSMLWriter._f to DSMLWriter._output_file
* Added wrapper method DSMLWriter.unparse() which simply
  calls DSMLWriter.writeRecord()

ldap.ldapobject:
* Simplified LDAPObject.search_subschemasubentry_s()

ldap.functions:
* Moved ldap._ldap_function_call() into ldap.functions.
* apply() is not used anymore since it seems deprecated

ldap.async:
* Added class DSMLWriter

ldap.schema:
* Removed unused key-word argument strict from
  ldap.schema.subentry.SubSchema.attribute_types()
* Fixed backward compability issue (for Python prior to 2.2) in
  ldap.schema.subentry.SubSchema.listall()
----------------------------------------------------------------
Released 2.0.0pre15 2003-11-11

Changes since 2.0.0pre14:

Modules/
Follow rule "Always include Python.h first"

ldap.schema.subentry:
* Added new method SubSchema.get_structural_oc()
* Added new method SubSchema.get_applicable_aux_classes()
* Methods SubSchema.listall() and SubSchema.tree() have
  new key-word argument schema_element_filters
* Support for DIT content rules in SubSchema.attribute_types()

----------------------------------------------------------------
Released 2.0.0pre14 2003-10-03

Changes since 2.0.0pre13:

setup.py:
* Some modifications to ease building for Win32
* Added directory Build/ mainly intended for platform-specific
  examples of setup.cfg
* Fixed installing ldap.filter

ldap.ldapobject:
* Added class attribute LDAPObject.network_timeout mapped to
  set_option(ldap.OPT_NETWORK_TIMEOUT,..)
* LDAPObject.search_ext(): Pass arguments serverctrls,clientctrls
  to _ldap.search_ext()

ldap.sasl:
* Added class ldap.sasl.external for handling
  the SASL mechanism EXTERNAL
* Dictionary ldap.sasl.saslmech_handler_class built during import
  for all the known SASL mechanisms derived from class definitions

ldap.schema:
* More graceful handling of KeyError in SubSchema.attribute_types()
* New method SubSchema.get_inheritedattr() for retrieving inherited
  class attributes
* New method SubSchema.get_inheritedobj() for retrieving a
  schema element instance including all inherited class attributes

----------------------------------------------------------------
Released 2.0.0pre13 2003-06-02

Changes since 2.0.0pre12:

ldap.async:
* Checking type of argument writer_obj relaxed in
  LDIFWriter.__init__() since file-like objects are
  not necessarily an instance of file.

ldap.schema:
* ldap.schema.subentry.SubSchema.attribute_types() now correctly
  handles attribute types without NAME set
* If SUP is not defined for a structural object class 'top' is
  assumed to be the only super-class by default
* '_' is now the abstract top node in SubSchema.tree() for all
  schema element classes since ABSTRACT and AUXILIARY object
  classes are not derived from 'top' by default

----------------------------------------------------------------
Released 2.0.0pre12 2003-05-27

Changes since 2.0.0pre11:

New sub-module ldap.filter:
* Added functions escape_filter_chars() and filter_format()

ldap.ldapobject:
* Trace log writes LDAP URI of connection instead of module name
* search_s() passes self.timeout as argument timeout when
  calling search_ext_s()
* Key-word arguments for simple_bind() and simple_bind_s()
  with defaults for anonymous bind.
* LDAPObject.protocol_version is set to LDAPv3 as default
  (this might make code changes necessary in a real LDAPv2
   environment)
* Default for key-word argument trace_stack_limit passed to
  __init__() is 5
* Updated __doc__ strings
* Aligned and tested ReconnectLDAPObject and SmartLDAPObject

ldap.async:
* LDIFWriter uses ldif.LDIFWriter instead of calling
  function ldif.CreateLDIF
* LDIFWriter accepts either file-like object or ldif.LDIFWriter
  instance as argument for specifying the output

ldif:
* Abandoned argument all_records of LDIFRecordList.__init__()

ldapurl:
* urllib.unquote() used instead of urllib.unquote_plus()

----------------------------------------------------------------
Released 2.0.0pre11 2003-05-02

Changes since 2.0.0pre10:

ldap.ldapobject:
* Cosmetic change: Named argument list for LDAPObject.compare()
  instead of *args,**kwargs.
* Fixed bug in ReconnectLDAPObject._apply_method_s() affecting
  compability with Python 2.0. The bug was introduced with
  2.0.0pre09 by dropping use of apply().

ldap.modlist:
* modifyModlist(): Only None is filtered from attribute value lists,
  '' is preserved as valid attribute value. But filtering applies
  to old_value and new_value now.

ldap.schema:
* Zero-length attribute values for schema elements are ignored
  (needed on e.g. Active Directory)

dsml:
Added support for parsing and generating DSMLv1.
Still experimental though.


----------------------------------------------------------------
Released 2.0.0pre10 2003-04-19

Changes since 2.0.0pre09:

ldap.schema:
* Emulate BooleanType for compability with Python2.3 in assert
  statements

----------------------------------------------------------------
Released 2.0.0pre09 2003-04-19

Changes since 2.0.0pre08:

Modified setup.py to support Cyrus-SASL 2.x.

ldap.ldapobject:
* apply() is not used anymore since it seems deprecated
* Fixed __setstate__() and __getstate__() of ReconnectLDAPObject

ldap.schema:
* Completed classes for nameForms, dITStructureRules and
  dITContentRules

----------------------------------------------------------------
Released 2.0.0pre08 2003-04-11

Changes since 2.0.0pre07:

ldap.schema:
* For backward compability with Python versions prior to 2.2
  Lib/ldap/schema/tokenizer.py and Lib/ldap/schema/models.py use
  (()) instead of tuple() for creating empty tuples.

----------------------------------------------------------------
Released 2.0.0pre07 2003-04-03

Changes since 2.0.0pre06:

LDAPObject.c:
  * Wrapped OpenLDAP's ldap_search_ext()
  * Removed empty __doc__ strings
  * Removed fileno
  * Removed all stuff related to caching in OpenLDAP libs

ldap.ldapobject:
  * Fixed SASL rebind in ldap.ldapobject.ReconnectLDAPObject
  * use search_ext() instead ldap_search()
  * new class attribute timeout for setting a global time-out
    value for all synchronous operations

ldap.schema:
* Fixed two typos in ldap.schema.models
* Some attempts to improve performance of parser/tokenizer
* Completely reworked to have separate OID dictionaries for
  the different schema element classes
* Fixed the Demo/schema*.py to reflect changes to ldap.schema

Documentation updates and various __doc__ string modifications.

ldapurl:
  * Removed all Unicode stuff from module ldapurl
  * Consistent URL encoding in module ldapurl

ldif:
  * Removed ldif.FileWriter
  * Proper handling of FILL (see RFC 2849)

----------------------------------------------------------------
Released 2.0.0pre06 2002-09-23

Changes since 2.0.0pre05:
- Fine-grained locking when linking against libldap_r
- New wrapper class ldap.ReconnectLDAPObject
- Security fix to module ldapurl
- Other fixes and improvements to whole package
- LDAPv3 schema support
  (still somewhat premature and undocumented)

----------------------------------------------------------------
Released 2.0.0pre05 2002-07-20

----------------------------------------------------------------
Released 2.0.0pre04 2002-02-09

----------------------------------------------------------------
Released 2.0.0pre02 2002-02-01

----------------------------------------------------------------
Released 1.10alpha3 2000-09-19