Skip to content

Prepare a new release #596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
droideck merged 16 commits into from
Oct 10, 2025
Merged

Prepare a new release #596

droideck merged 16 commits into from
Oct 10, 2025

Conversation

@droideck
Copy link
Contributor

@droideck droideck commented Oct 7, 2025
edited
Loading

Security fixes:

Fixes:

  • ReconnectLDAPObject now properly reconnects on UNAVAILABLE, CONNECT_ERROR
    and TIMEOUT exceptions (previously only SERVER_DOWN), fixing reconnection
    issues especially during server restarts
  • Fixed syncrepl.py to use named constants instead of raw decimal values
    for result types
  • Fixed error handling in SearchNoOpMixIn to prevent a undefined variable error

Tests:

  • Added comprehensive reconnection test cases including concurrent operation
    handling and server restart scenarios

Doc/

  • Updated installation docs and fixed various documentation typos
  • Added ReadTheDocs configuration file

Infrastructure:

  • Add testing and document support for Python 3.13

intgr and others added 11 commits October 6, 2025 19:14
@intgr @droideck
Update link to unofficial Windows binary builds (python-ldap#524)
cdf5520
@ojob @droideck
docs: add missing negation in contributing.rst (python-ldap#552)
4033f38 
Current description contains a sentence that miss a negative form, contradicting previous sentence and leaving the reader with an ambiguity.
@RafaelWO @droideck
Update docs on installation requirements (python-ldap#548)
be51c3d 
Separate building and testing requirements for Debian
@quanah @droideck
Fixes python-ldap#565 - Use name values instead of raw decimal
38e24bb 
Use the name values for result types in syncrepl.py rather than the raw decimal values.

Signed-off-by: Quanah Gibson-Mount <quanah@openldap.org>
@JennyHo5 @droideck
Fix typo (python-ldap#584)
ba5e708 
The cookie is saved with key `cookie` intead of `ldap_cookie` in the `self.__data` dict
@spaceone @droideck
docs(ldapobject): fix typos in docstring (python-ldap#590)
8500218
@mistotebe @droideck
Add readthedocs configuration file
b93422e 
Running without one has apparently been deprecated since September 2023.
@spaceone @droideck
test: Implement test cases for reconnection handling
0ea51b7 
test_106_reconnect_restore() handles a SERVER_DOWN exception manually
and tries to re-use the connection afterwards again.
This established the connection again but did not bind(), so it now
raises ldap.INSUFFICIENT_ACCESS.

test_107_reconnect_restore() restarts the LDAP server during searches,
which causes a UNAVAILABLE exception.
@spaceone @droideck
fix(ReconnectLDAPObject): Also reconnect on UNAVILABLE, CONNECT_ERROR…
cc981a9 
… and TIMEOUT
@spaceone @droideck
fix(controls): make sure msg_id is not undefined in error case
62c63bd
@spaceone @droideck
docs(ldapobject): fix typo in docstring
ed2444e
@droideck
Copy link
Contributor Author

droideck commented Oct 7, 2025

@spaceone hi!
Regarding the DN format enhancement patches #466, I've decided to postpone these until the next major release as they introduce new features and API extensions, while I'd like to keep 3.4.5 focused on bug fixes and stability improvements following semantic versioning best practices.

The most anticipated fix #267 is included, though!

@droideck droideck force-pushed the release-345 branch 7 times, most recently from cb09cd9 to 247f5c6 Compare October 7, 2025 22:53
@droideck droideck requested review from a team and mistotebe October 8, 2025 00:40
Firstyear
Firstyear approved these changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@Firstyear Firstyear left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thank you!

@spaceone
Copy link
Contributor

spaceone commented Oct 8, 2025

I understand your semantic versioning thought.
On one hand #466 is a feature but on the other hand it's a fix:

It's nearly 4 times faster, which is a performance fix.
And it allows DN normalization as the LDAP server does it.
Currently for example, we have a bug due to it, because the LDAP DNs normalized by the current Python functions which don't match the real DNs from the OpenLDAP backend, so that our Javascript frontend doesn't detect the currently set value (cn=+1 != cn=\2B1) and we have no way to compare a DN correctly in Javascript.

mistotebe
mistotebe reviewed Oct 8, 2025
View reviewed changes
mistotebe
mistotebe reviewed Oct 8, 2025
View reviewed changes
droideck and others added 2 commits October 8, 2025 11:49
@droideck
Add support for Python 3.13 (python-ldap#576)
5e299e1 
Update GitHub Actions.
Explicitly install python3-setuptools for Tox env runs on Fedora.
@droideck
Package python-ldap with pyproject.toml (python-ldap#589)
f8dc99a
@droideck droideck force-pushed the release-345 branch 2 times, most recently from cde5fa8 to a145b0d Compare October 8, 2025 19:14
@droideck
Copy link
Contributor Author

droideck commented Oct 9, 2025

I understand your semantic versioning thought. On one hand #466 is a feature but on the other hand it's a fix:

It's nearly 4 times faster, which is a performance fix. And it allows DN normalization as the LDAP server does it. Currently for example, we have a bug due to it, because the LDAP DNs normalized by the current Python functions which don't match the real DNs from the OpenLDAP backend, so that our Javascript frontend doesn't detect the currently set value (cn=+1 != cn=\2B1) and we have no way to compare a DN correctly in Javascript.

Yes... I understand that the DN normalization issue is causing real problems in your production environment. However, adding 217 lines of new C code with API extensions in a patch release goes against semantic versioning principles and risks introducing instability for other users expecting only bug fixes in 3.4.5.

We also have a couple of CVEs to include as soon as possible, so I'm a bit in a rush (even though they are Low severity) and I really want to focus this build on being a patch release.

Besides, I think 4.0 should really be released soon.
Hopefully, we'll wrap up #464 quite soon, and I'll be happy to make 4.0 build right after that.
If @mistotebe thinks that #464 might take more time, we can release 3.5.0 sooner.
WDYT?

droideck and others added 3 commits October 10, 2025 10:57
@droideck
Merge commit from fork
bdf7000 
Update tests to expect \00 and verify RFC-compliant escaping
@lukas-eu @droideck
Merge commit from fork
530d493
@droideck
Prepare a new release
0c50a6f 
Disable Python 3.6, 3.7 CI workflow
as it's supported on Ubuntu 22.04
Update GH Workflows.
@droideck droideck merged commit bf666e9 into python-ldap:3.4 Oct 10, 2025
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mistotebe mistotebe mistotebe left review comments

@Firstyear Firstyear Firstyear approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@droideck @spaceone @Firstyear @mistotebe @intgr @ojob @RafaelWO @quanah @JennyHo5 @lukas-eu