[Python-modules-team] Bug#935985: python3-ldap3: Value "0" not accepted for "pwdLastSet" attribute

[Lorenz Kaestle]

Package: python3-ldap3
Version: 2.4.1-1
Severity: normal
Tags: patch

Dear Maintainer,
My usecase is the creation of new accounts within a windows active directory enviroment.
The new account gets a one-time password which has to be changed on first login.
To use this functionality, the "pwdLastSet" attribut of the account has to be set to 0,
but the validation functionality of ldap3 only permits the value -1.

The problem is in the file
"/usr/lib/python3/dist-packages/ldap3/protocol/formatters/validators.py" and I
fixed it with this patch:

69c69
<     """Accept -1 only (used by pwdLastSet in AD)
---
>     """Accept -1 or 0 only (used by pwdLastSet in AD)
72c72
<         if input_value == -1 or input_value == '-1':
---
>         if input_value == -1 or input_value == '-1' or input_value == 0 or input_value == "0":
76c76,77
<         if len(input_value) == 1 and input_value == -1 or input_value == '-1':
---
>         if (len(input_value) == 1 and input_value == -1 or input_value == '-1' or
>             input_value == 0 or input_value == "0"):


-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-ldap3 depends on:
ii  python3         3.7.3-1
ii  python3-pyasn1  0.4.2-3

python3-ldap3 recommends no packages.

python3-ldap3 suggests no packages.

-- no debconf information
-------------- next part --------------
69c69
<     """Accept -1 only (used by pwdLastSet in AD)
---
>     """Accept -1 or 0 only (used by pwdLastSet in AD)
72c72
<         if input_value == -1 or input_value == '-1':
---
>         if input_value == -1 or input_value == '-1' or input_value == 0 or input_value == "0":
76c76,77
<         if len(input_value) == 1 and input_value == -1 or input_value == '-1':
---
>         if (len(input_value) == 1 and input_value == -1 or input_value == '-1' or
>             input_value == 0 or input_value == "0"):
-------------- next part --------------
69c69
<     """Accept -1 only (used by pwdLastSet in AD)
---
>     """Accept -1 or 0 only (used by pwdLastSet in AD)
72c72
<         if input_value == -1 or input_value == '-1':
---
>         if input_value == -1 or input_value == '-1' or input_value == 0 or input_value == "0":
76c76,77
<         if len(input_value) == 1 and input_value == -1 or input_value == '-1':
---
>         if (len(input_value) == 1 and input_value == -1 or input_value == '-1' or
>             input_value == 0 or input_value == "0"):