@mistotebe I'm thinking about python-ldap 4.0 release.
Do you think this PR is ready for review? We can include it earlier (as a tech preview or something like that). And while it's being improved and handled as an experimental feature, we can stabilize it for python-ldap 5.0 in the future.
Does it sound good to you?

Any feedback is welcome, yes. I've been using this branch elsewhere with some success and the tools added here certainly make porting some of my tools (e.g. syncmonitor) from python-ldap0 an to some extent pldap easier. Don't think I'll be abandoning pldap any time soon (there is no replacement to its stub server implementation for protocol level testing) but definitely closer to dropping python-ldap0 after we get something like this in.

There's still a little bit of a kludge in how e.g. searches are represented, so the API might still evolve, and it's only a stepping stone towards:

• a more ergonomic async-friendly API
• a proper overhaul of the request side

But it's definitely useful already so happy to start cleaning up or breaking it up starting with bits you consider less contentious and go from there.

a more ergonomic async-friendly API
a proper overhaul of the request side

Maybe my project is suitable for this. I am supporting a nice user-friendly API with sync and async, hiding the _s and _ext details but providing all functionality LDAP clients supports (on top of python-ldap) and especially focusing on correctness for example regarding DN and filter escape handling:
See https://docs.freeiam.org/ and https://github.com/Free-IAM/freeiam.

a more ergonomic async-friendly API
a proper overhaul of the request side

Maybe my project is suitable for this. I am supporting a nice user-friendly API with sync and async, hiding the _s and _ext details but providing all functionality LDAP clients supports (on top of python-ldap) and especially focusing on correctness for example regarding DN and filter escape handling: See https://docs.freeiam.org/ and https://github.com/Free-IAM/freeiam.

You should definitely be able to make use of the new interfaces and response classes added here to make your own life easier.

In terms of request API (and async), yes yours looks somewhat similar to what I wanted, but there is one important difference: any request (not just search) can return any amount of "intermediate" responses (search entry, referral entry, intermediate) and then a final response or exception so a request object should (always?) be iterable. A caller might be able to say they (don't) expect those, they still have a choice to let the whole request finish or they can receive messages one by one and pattern match on the type (SearchResultEntry, SyncInfoNewCookie, generic IntermediateResponse, ...) etc.

There is a partial draft of how the async side could look, what you get is a Future and optionally an iterable for the intermediate responses.

We can definitely see how to converge those two APIs because in some ways your take is close to what I had in mind and a lot of things I can see there should simplify to "syntactic sugar"/shorthand over the new API.

Thanks for the explanation.
I already use provide iterated search results via all=1 , but that seems to be a lot slower, so i renamed it to search_iter().
For the referrals, I thought that wouldn't be a intermediate result but a final result. My plan was to add a connection pool, which also handles referrals.
So I will change my API that the result can be a future and a nice way to decide whether you want a iterable or not.
I also need to find out how I can trigger these intermediate responses with openldap, so I still can get realistic 100% test coverage.

Thanks for the explanation. I already use provide iterated search results via all=1 , but that seems to be a lot slower, so i renamed it to search_iter().

Slower? Are we both talking about ldap_result() with all=MSG_ONE (and if async, having a select() there)?

For the referrals, I thought that wouldn't be a intermediate result but a final result. My plan was to add a connection pool, which also handles referrals.

I mean SearchReference, not Result.result == LDAP_REFERRAL. Opting to handle referrals is an option, sure, but the client should have an option to return them (and sometimes that makes sense?).

So I will change my API that the result can be a future and a nice way to decide whether you want a iterable or not. I also need to find out how I can trigger these intermediate responses with openldap, so I still can get realistic 100% test coverage.

Often syncrepl control (mode=refreshAndPersist) is the easiest one, or LDAP TXN (RFC 5805). Both exist in OpenLDAP, syncrepl needs the syncprov overlay configured, TXNs need a compatible backend (e.g. back-mdb).

Okay, I took some time to review the code. This is impressive work and I like it a lot!

As discussed, we probably should split breaking and non-breaking code between releases.

• 4.0 should include non-breaking stuff and with some documentation and release notes we can encourage others to use the tools.
• 5.0 may switch to the new API as default (when it's thoroughly tested and used by the community), while keeping the possibility to switch to the old approach.
• 6.0 can completely remove the old way of processing (it won't be any time soon, of course).

For python-ldap 4.0 (as experimental/tech preview), I believe we could include the following stable components that provide immediate value without breaking existing code. We should clearly mark these as experimental in the documentation:

1. The new response classes hierarchy (ldap.response.*) - These are well-designed and provide a much cleaner object-oriented interface. The raise_for_result() pattern is particularly nice.
2. Control and ExtOp subclass registration - The automatic OID registration via init_subclass hooks? (if I understand correctly)
3. The improved C-level message parsing (l_ldap_result), though we need to ensure backward compatibility for existing code.
4. Enhanced Syncrepl support? I don't have much experience with tech though...

For python-ldap 5.0 (full stable release):

1. Connection class - This is the bigger API change that would benefit from user feedback during 4.x series.
2. Full async-friendly request API - As you mentioned, this is still evolving and should mature in 5.0.
3. Breaking changes to existing APIs - Any deprecation of result4() and similar methods should wait for 5.0, IMO.

What do you think about the idea/split?
And which components you want to include in the following 4.0 release?

Thanks for looking at it. Broadly I agree with the plan except that delaying Connection to 5.0 makes all the 4.0 additions moot because it leaves no way of reaching all the new code/classes.

How about this?

• 4.0 adds Connection class with a note that the API is experimental and will evolve during 4.x in incompatible ways (e.g. request side of the API, async support)
• 5.0 when we consider the Connection API stable and we can mark LDAPObject as deprecated (might even reimplement it as a wrapper of Connection while preserving behaviour)
• 6.0 LDAPObject and old APIs in the C module that aren't needed by Connection can disappear

Does all the mucking with __new__ to redirect to the appropriate subclass feel like a hack? Is there a better scheme to achieve something similar? I think I tried using factories to do this, not sure why I abandoned that approach or if I just never finished hashing it out.