Update to python-ldap 3.0.0

Replace python3-pyldap with python3-ldap.

Remove some old code for compatibility with very old python-ldap.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>

freeipa.spec.in

@@ -43,6 +43,7 @@
 %global samba_version 4.7.0
 %global selinux_policy_version 3.12.1-153
 %global slapi_nis_version 0.56.0-4
+%global python_ldap_version 2.4.15
 %else
 # 1.15.1-7: certauth (http://krbdev.mit.edu/rt/Ticket/Display.html?id=8561)
 %global krb5_version 1.15.1-7
@@ -52,8 +53,10 @@
 %global samba_version 2:4.7.0
 %global selinux_policy_version 3.13.1-158.4
 %global slapi_nis_version 0.56.1
+%global python_ldap_version 3.0.0
 %endif
 
+
 %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
 
 %global plugin_dir %{_libdir}/dirsrv/plugins
@@ -143,7 +146,7 @@ BuildRequires:  python-lesscpy
 # Build dependencies for makeapi/makeaci
 # makeapi/makeaci is using Python 2 only for now
 #
-BuildRequires:  python-ldap
+BuildRequires:  python2-ldap >= %{python_ldap_version}
 BuildRequires:  python2-netaddr
 BuildRequires:  python2-pyasn1
 BuildRequires:  python2-pyasn1-modules
@@ -252,7 +255,7 @@ BuildRequires:  python3-augeas
 BuildRequires:  python3-netaddr
 BuildRequires:  python3-pyasn1
 BuildRequires:  python3-pyasn1-modules
-BuildRequires:  python3-pyldap
+BuildRequires:  python3-ldap >= %{python_ldap_version}
 %endif # with_python3
 %endif # with_lint
 
@@ -283,10 +286,10 @@ Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 %if 0%{?with_python3}
 Requires: python3-ipaserver = %{version}-%{release}
-Requires: python3-pyldap >= 2.4.15
+Requires: python3-ldap >= %{python_ldap_version}
 %else
 Requires: python2-ipaserver = %{version}-%{release}
-Requires: python-ldap >= 2.4.15
+Requires: python2-ldap >= %{python_ldap_version}
 %endif
 # 1.3.7.6-1: https://bugzilla.redhat.com/show_bug.cgi?id=1488295
 Requires: 389-ds-base >= 1.3.7.6-1
@@ -385,7 +388,7 @@ Requires: %{name}-server-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaclient = %{version}-%{release}
 Requires: python2-custodia >= 0.3.1
-Requires: python-ldap >= 2.4.15
+Requires: python2-ldap >= %{python_ldap_version}
 Requires: python2-lxml
 Requires: python2-gssapi >= 1.2.0-5
 Requires: python2-sssdconfig
@@ -418,7 +421,7 @@ Requires: %{name}-common = %{version}-%{release}
 Requires: python3-ipaclient = %{version}-%{release}
 Requires: python3-custodia >= 0.3.1
 # we need pre-requires since earlier versions may break upgrade
-Requires(pre): python3-pyldap >= 2.4.35.1-2
+Requires(pre): python3-ldap >= %{python_ldap_version}
 Requires: python3-lxml
 Requires: python3-gssapi >= 1.2.0
 Requires: python3-sssdconfig
@@ -541,11 +544,11 @@ Requires: %{name}-common = %{version}-%{release}
 %if 0%{?with_python3}
 Requires: python3-gssapi >= 1.2.0-5
 Requires: python3-ipaclient = %{version}-%{release}
-Requires: python3-pyldap
+Requires: python3-ldap >= %{python_ldap_version}
 %else
 Requires: python2-gssapi >= 1.2.0-5
 Requires: python2-ipaclient = %{version}-%{release}
-Requires: python-ldap
+Requires: python2-ldap >= %{python_ldap_version}
 %endif
 Requires: cyrus-sasl-gssapi%{?_isa}
 Requires: ntp
@@ -722,7 +725,7 @@ Requires: python2-six
 # 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
 Requires: python2-jwcrypto >= 0.4.2
 Requires: python2-cffi
-Requires: python-ldap >= 2.4.15
+Requires: python2-ldap >= %{python_ldap_version}
 Requires: python2-requests
 Requires: python2-dns >= 1.15
 Requires: python2-enum34
@@ -773,7 +776,7 @@ Requires: python3-six
 Requires: python3-jwcrypto >= 0.4.2
 Requires: python3-cffi
 # we need pre-requires since earlier versions may break upgrade
-Requires(pre): python3-pyldap >= 2.4.35.1-2
+Requires(pre): python3-ldap >= %{python_ldap_version}
 Requires: python3-requests
 Requires: python3-dns >= 1.15
 Requires: python3-netifaces >= 0.10.4

ipapython/ipaldap.py

@@ -29,6 +29,7 @@ import contextlib
 import collections
 import os
 import pwd
+import warnings
 
 # pylint: disable=import-error
 from six.moves.urllib.parse import urlparse
@@ -76,6 +77,20 @@ TRUNCATED_ADMIN_LIMIT = object()
 DIRMAN_DN = DN(('cn', 'directory manager'))
 
 
+if six.PY2:
+    # XXX silence python-ldap's BytesWarnings
+    warnings.filterwarnings(
+        action="ignore",
+        message="Under Python 2, python-ldap uses bytes",
+        category=BytesWarning
+    )
+    warnings.filterwarnings(
+        action="ignore",
+        message="Received non-bytes value",
+        category=BytesWarning
+    )
+
+
 class _ServerSchema(object):
     '''
     Properties of a schema retrieved from an LDAP server.

ipapython/setup.py

@@ -45,11 +45,11 @@ if __name__ == '__main__':
             "ipaplatform",
             "netaddr",
             "netifaces",
+            "python-ldap",
             "six",
         ],
         extras_require={
-            ":python_version<'3'": ["enum34", "python-ldap"],
+            ":python_version<'3'": ["enum34"],
-            ":python_version>='3'": ["pyldap"],
             "install": ["dbus-python"],  # for certmonger
         },
     )

ipaserver/dcerpc.py

@@ -185,17 +185,13 @@ def assess_dcerpc_error(error):
 
 
 class ExtendedDNControl(LDAPControl):
-    # This class attempts to implement LDAP control that would work
-    # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties
-    # from both worlds and encodeControlValue has default parameter
     def __init__(self):
-        self.controlValue = 1
+        LDAPControl.__init__(
-        self.controlType = "1.2.840.113556.1.4.529"
+            self,
-        self.criticality = False
+            controlType="1.2.840.113556.1.4.529",
-        self.integerValue = 1
+            criticality=False,
-
+            encodedControlValue=b'0\x03\x02\x01\x01'
-    def encodeControlValue(self, value=None):
+        )
-        return b'0\x03\x02\x01\x01'
 
 
 class DomainValidator(object):

ipaserver/dnssec/syncrepl.py

@@ -9,9 +9,7 @@ to a local dict.
 
 import logging
 
-# Import the python-ldap modules
 import ldap
-# Import specific classes from python-ldap
 from ldap.cidict import cidict
 from ldap.ldapobject import ReconnectLDAPObject
 from ldap.syncrepl import SyncreplConsumer

ipaserver/plugins/ldap2.py

@@ -38,20 +38,7 @@ from ipapython.dn import DN
 from ipapython.ipaldap import (LDAPClient, AUTOBIND_AUTO, AUTOBIND_ENABLED,
                                AUTOBIND_DISABLED)
 
-
+from ldap.controls.simple import GetEffectiveRightsControl
-try:
-    from ldap.controls.simple import GetEffectiveRightsControl
-except ImportError:
-    """
-    python-ldap 2.4.x introduced a new API for effective rights control, which
-    needs to be used or otherwise bind dn is not passed correctly. The following
-    class is created for backward compatibility with python-ldap 2.3.x.
-    Relevant BZ: https://bugzilla.redhat.com/show_bug.cgi?id=802675
-    """
-    from ldap.controls import LDAPControl
-    class GetEffectiveRightsControl(LDAPControl):
-        def __init__(self, criticality, authzId=None):
-            LDAPControl.__init__(self, '1.3.6.1.4.1.42.2.27.9.5.2', criticality, authzId)
 
 from ipalib import Registry, errors, _
 from ipalib.crud import CrudBackend

ipaserver/setup.py

@@ -62,6 +62,7 @@ if __name__ == '__main__':
             "requests",
             "six",
             "python-augeas",
+            "python-ldap",
         ],
         entry_points={
             'custodia.authorizers': [
@@ -72,8 +73,6 @@ if __name__ == '__main__':
             ],
         },
         extras_require={
-            ":python_version<'3'": ["python-ldap"],
-            ":python_version>='3'": ["pyldap"],
             # These packages are currently not available on PyPI.
             "dcerpc": ["samba", "pysss", "pysss_nss_idmap"],
             "hbactest": ["pyhbac"],

ipasetup.py.in

@@ -81,7 +81,7 @@ PACKAGE_VERSION = {
     'jwcrypto': 'jwcrpyto >= 0.4.2',
     'kdcproxy': 'kdcproxy >= 0.3',
     'netifaces': 'netifaces >= 0.10.4',
-    'pyldap': 'pyldap >= 2.4.15',
+    'python-ldap': 'python-ldap >= 3.0.0b1',  # install --pre
     'python-yubico': 'python-yubico >= 1.2.3',
     'qrcode': 'qrcode >= 5.0',
 }

ipatests/setup.py

@@ -71,11 +71,10 @@ if __name__ == '__main__':
             "polib",
             "pytest",
             "pytest_multihost",
+            "python-ldap",
             "six",
         ],
         extras_require={
-            ":python_version<'3'": ["python-ldap"],
-            ":python_version>='3'": ["pyldap"],
             "integration": ["dbus-python", "pyyaml", "ipaserver"],
             "ipaserver": ["ipaserver"],
             "webui": ["selenium", "pyyaml", "ipaserver"],