ldap3 Features
ldap3 strictly conforms to the current RFCs for the version 3 of the LDAP protocol (from 4510 to 4519):
RFC4510: Technical Specification Road Map
RFC4511: The Protocol
RFC4512: Directory Information Models
RFC4513: Authentication Methods and Security Mechanisms
RFC4514: String Representation of Distinguished Names
RFC4515: String Representation of Search Filters
RFC4516: Uniform Resource Locator
RFC4517: Syntaxes and Matching Rules
RFC4518: Internationalized String Preparation
RFC4519: Schema for User Applications
The following RFCs, describing additional functionalities of the LDAP3 protocol, are also followed:
RFC2696: LDAP Control Extension for Simple Paged Results Manipulation
RFC2849: The LDAP Data Interchange Format (LDIF) - Technical Specification
RFC3045: Storing Vendor Information in the LDAP root DSE
RFC3062: LDAP Password Modify Extended Operation
RFC4525: Modify-Increment Extension
RFC4530: entryUUID Operational Attribute
RFC4532: “Who am I?” Operation
RFC5020: entryDN Operational Attribute
Platform independent (tested on Linux and Windows) architecture:
The library runs on Windows, Linux, FreeBSD, OpenBSD, and Mac OSX and (possibly) on other systems where it can gain access to the network via Python and its Standard Library.
Based on pure Python code:
No need to install binaries or non Python code. The very same code works on Windows, Linux, Mac OS X, FreeBSD, OpenBSD and other systems, either in Python 2 or Python 3.
ldap3 doesn’t need a C compiler neither the OpenLDAP library.
The library is self-contained and its installation is the same on any supported platform.
Socket and thread programming is appropriate for the platform in use, no change is needed in the configuration and in the exposed API.
The ldap3 library depends on the standard Python library and the pyasn1 package only. If you need Kerberos support you must install the gssapi package. ldap3 includes a backport (from Python 3.4.3) of
ssl.check_hostnames
to be used on older (version < 2.7.10) Python versions. If you want to use a more up to date version of the check_hostnames feature you can install the backports.ssl_check_hostnames package that should be kept updated with the Standard Library of the latest Python release by its maintainers.
Compatible with Python 2 and Python 3:
A single codebase for Python 2 and Python 3
Developed in Python 3 code that works in Python 2 too.
The library is compatible with Python 2 (2.6 and 2.7) without the need of any code compatibility parser/converter.
Testing is done in Python 3 (3.6) Python 2 (2.6, 2.7), PyPy and PyPy3
Unicode strings are properly managed in each Python version.
Multiple connection strategies to choose from, either synchronous or asynchronous:
The library has different ways to connect to the LDAP server (single-threaded, multi-threaded). This is achieved with pluggable communication strategies that can be changed on a per-connection basis.
SYNC, ASYNC, LDIF, RESTARTABLE (fault-tolerant), REUSABLE (fault-tolerant and pooled), are currently defined.
MOCK_SYNC and MOCK_ASYNC strategies to emulate an LDAP server without connecting to a real server. Useful for testing your application
SAFE_SYNC, SAFE_RESTARTABLE: thread safe synchronous strategies (for multi threads programming)
Abstraction Layer:
The library includes an optional Abstraction Layer for performing LDAP operations. With the Abstraction Layer you describe LDAP objects using the ObjectDef and AttrDef classes and access the LDAP server via a Cursor in read-only or read-write mode. No need to directly issue any LDAP operation. Optionally you can use a Simplified Query Language to read the Entries from the DIT.
Clear or secured access
ldap3 allows plaintext (ldap:), secure (ldaps:) and UNIX socket (ldapi:) access to the LDAP server.
The NTLM access method is available to connect to Active Directory servers using NTLM v2 authentication.
You can use the SASL method to access an LDAP server with the PLAIN, EXTERNAL, MD5 and KERBEROS mechanisms.