Package: python3-ldap3 Version: 2.4.1-1 Severity: normal Tags: patch Dear Maintainer, My usecase is the creation of new accounts within a windows active directory enviroment. The new account gets a one-time password which has to be changed on first login. To use this functionality, the "pwdLastSet" attribut of the account has to be set to 0, but the validation functionality of ldap3 only permits the value -1.
The problem is in the file "/usr/lib/python3/dist-packages/ldap3/protocol/formatters/validators.py" and I fixed it with this patch: 69c69 < """Accept -1 only (used by pwdLastSet in AD) --- > """Accept -1 or 0 only (used by pwdLastSet in AD) 72c72 < if input_value == -1 or input_value == '-1': --- > if input_value == -1 or input_value == '-1' or input_value == 0 or > input_value == "0": 76c76,77 < if len(input_value) == 1 and input_value == -1 or input_value == '-1': --- > if (len(input_value) == 1 and input_value == -1 or input_value == > '-1' or > input_value == 0 or input_value == "0"): -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-ldap3 depends on: ii python3 3.7.3-1 ii python3-pyasn1 0.4.2-3 python3-ldap3 recommends no packages. python3-ldap3 suggests no packages. -- no debconf information
69c69 < """Accept -1 only (used by pwdLastSet in AD) --- > """Accept -1 or 0 only (used by pwdLastSet in AD) 72c72 < if input_value == -1 or input_value == '-1': --- > if input_value == -1 or input_value == '-1' or input_value == 0 or > input_value == "0": 76c76,77 < if len(input_value) == 1 and input_value == -1 or input_value == '-1': --- > if (len(input_value) == 1 and input_value == -1 or input_value == > '-1' or > input_value == 0 or input_value == "0"):
69c69 < """Accept -1 only (used by pwdLastSet in AD) --- > """Accept -1 or 0 only (used by pwdLastSet in AD) 72c72 < if input_value == -1 or input_value == '-1': --- > if input_value == -1 or input_value == '-1' or input_value == 0 or > input_value == "0": 76c76,77 < if len(input_value) == 1 and input_value == -1 or input_value == '-1': --- > if (len(input_value) == 1 and input_value == -1 or input_value == > '-1' or > input_value == 0 or input_value == "0"):
