ldap3 Features ############## 1. ldap3 strictly conforms to the current RFCs for the version 3 of the LDAP protocol (from 4510 to 4519): * RFC4510: Technical Specification Road Map * RFC4511: The Protocol * RFC4512: Directory Information Models * RFC4513: Authentication Methods and Security Mechanisms * RFC4514: String Representation of Distinguished Names * RFC4515: String Representation of Search Filters * RFC4516: Uniform Resource Locator * RFC4517: Syntaxes and Matching Rules * RFC4518: Internationalized String Preparation * RFC4519: Schema for User Applications The following RFCs, describing additional functionalities of the LDAP3 protocol, are also followed: * RFC2696: LDAP Control Extension for Simple Paged Results Manipulation * RFC2849: The LDAP Data Interchange Format (LDIF) - Technical Specification * RFC3045: Storing Vendor Information in the LDAP root DSE * RFC3062: LDAP Password Modify Extended Operation * RFC4525: Modify-Increment Extension * RFC4530: entryUUID Operational Attribute * RFC4532: "Who am I?" Operation * RFC5020: entryDN Operational Attribute 2. Platform independent (tested on Linux and Windows) architecture: * The library **runs on Windows, Linux, FreeBSD, OpenBSD, and Mac OSX** and (possibly) on other systems where it can gain access to the network via Python and its Standard Library. 3. Based on **pure Python code**: * No need to install binaries or non Python code. The very same code works on Windows, Linux, Mac OS X, FreeBSD, OpenBSD and other systems, either in Python 2 or Python 3. * ldap3 **doesn't need a C compiler neither the OpenLDAP library**. * The library is self-contained and its installation is the same on any supported platform. * Socket and thread programming is appropriate for the platform in use, no change is needed in the configuration and in the exposed API. * The ldap3 library depends on the standard Python library and the pyasn1 package only. If you need Kerberos support you must install the *gssapi* package. ldap3 includes a backport (from Python 3.4.3) of ``ssl.check_hostnames`` to be used on older (version < 2.7.10) Python versions. If you want to use a more up to date version of the check_hostnames feature you can install the *backports.ssl_check_hostnames* package that should be kept updated with the Standard Library of the latest Python release by its maintainers. 4. Compatible with Python 2 and Python 3: * A **single codebase** for Python 2 and Python 3 * Developed in **Python 3 code** that works in Python 2 too. * The library is **compatible with Python 2** (2.6 and 2.7) without the need of any code compatibility parser/converter. * Testing is done in Python 3 (3.6) Python 2 (2.6, 2.7), PyPy and PyPy3 * Unicode strings are properly managed in each Python version. 5. Multiple *connection strategies* to choose from, either synchronous or asynchronous: * The library has different ways to connect to the LDAP server (single-threaded, multi-threaded). This is achieved with **pluggable communication strategies** that can be changed on a per-connection basis. * SYNC, ASYNC, LDIF, RESTARTABLE (fault-tolerant), REUSABLE (fault-tolerant and pooled), are currently defined. * MOCK_SYNC and MOCK_ASYNC strategies to emulate an LDAP server without connecting to a real server. Useful for testing your application * SAFE_SYNC, SAFE_RESTARTABLE: thread safe synchronous strategies (for multi threads programming) 6. Abstraction Layer: * The library includes an optional **Abstraction Layer** for performing LDAP operations. With the Abstraction Layer you describe LDAP objects using the ObjectDef and AttrDef classes and access the LDAP server via a *Cursor* in read-only or read-write mode. No need to directly issue any LDAP operation. Optionally you can use a Simplified Query Language to read the Entries from the DIT. 7. Clear or secured access * ldap3 allows plaintext (**ldap:**), secure (**ldaps:**) and UNIX socket (**ldapi:**) access to the LDAP server. * The **NTLM** access method is available to connect to Active Directory servers using NTLM v2 authentication. * You can use the **SASL** method to access an LDAP server with the PLAIN, EXTERNAL, MD5 and KERBEROS mechanisms.