From 7399286ec96ea4699b1d5908ab36f18f3782c339 Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Sun, 23 Mar 2025 18:04:53 +0100
Subject: [PATCH 01/11] Update ldap.py

timestamp hack
---
 radicale/auth/ldap.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index a4c73808..be2c2fe8 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -56,6 +56,7 @@ class Auth(auth.BaseAuth):
         try:
             import ldap3
             self.ldap3 = ldap3
+ 
         except ImportError:
             try:
                 import ldap
@@ -63,6 +64,12 @@ class Auth(auth.BaseAuth):
                 self.ldap = ldap
             except ImportError as e:
                 raise RuntimeError("LDAP authentication requires the ldap3 module") from e
+       
+        self._ldap_authentik_timestamp_hack = configuration.get("auth", "ldap_authentik_timestamp_hack")
+        if self._ldap_authentik_timestamp_hack:
+           self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp','modifyTimestamp'])
+           logger.info("auth.ldap_authentik_timestamp_hack applied")
+
         self._ldap_uri = configuration.get("auth", "ldap_uri")
         self._ldap_base = configuration.get("auth", "ldap_base")
         self._ldap_reader_dn = configuration.get("auth", "ldap_reader_dn")

From 94ad295124851096c07aef4a399e52233836f04c Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Sun, 23 Mar 2025 18:08:00 +0100
Subject: [PATCH 02/11] Update config.py

added ldap_authentik_timestamp_hack to config file
---
 radicale/config.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/radicale/config.py b/radicale/config.py
index e683cb5b..66c276de 100644
--- a/radicale/config.py
+++ b/radicale/config.py
@@ -213,7 +213,7 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
         ("cache_logins", {
             "value": "false",
             "help": "cache successful/failed logins for until expiration time",
-            "type": bool}),
+            "type": bool}),      
         ("cache_successful_logins_expiry", {
             "value": "15",
             "help": "expiration time for caching successful logins in seconds",
@@ -259,6 +259,10 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
             "value": "1",
             "help": "incorrect authentication delay",
             "type": positive_float}),
+        ("ldap_authentik_timestamp_hack", {
+            "value": "false",
+            "help": "Ignore modifyTimestamp and createTimestamp attributes. Need if Authentik LDAP server is used",
+            "type": bool}),
         ("ldap_uri", {
             "value": "ldap://localhost",
             "help": "URI to the ldap server",

From 34f51033b782b585ae67aabd8c1d121c330122f4 Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Sun, 23 Mar 2025 18:10:27 +0100
Subject: [PATCH 03/11] Update config

added in default config file
---
 config | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config b/config
index 6df01d9f..5e88e9e3 100644
--- a/config
+++ b/config
@@ -74,6 +74,9 @@
 ## Expiration time of caching failed logins in seconds
 #cache_failed_logins_expiry = 90
 
+# Ignore modifyTimestamp and createTimestamp attributes. Needed if Authentik LDAP server is used. Uncomment then.
+#ldap_authentik_timestamp_hack = true  
+
 # URI to the LDAP server
 #ldap_uri = ldap://localhost
 

From 633dfbc8756feb437db254c3c6ddfbbdf2de9f82 Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Mon, 24 Mar 2025 20:09:35 +0100
Subject: [PATCH 04/11] Update config.py

---
 radicale/config.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/radicale/config.py b/radicale/config.py
index 66c276de..8adcaed8 100644
--- a/radicale/config.py
+++ b/radicale/config.py
@@ -259,9 +259,9 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
             "value": "1",
             "help": "incorrect authentication delay",
             "type": positive_float}),
-        ("ldap_authentik_timestamp_hack", {
+        ("ldap_ignore_attribute_create_modify_timestamp", {
             "value": "false",
-            "help": "Ignore modifyTimestamp and createTimestamp attributes. Need if Authentik LDAP server is used",
+            "help": "Ignore modifyTimestamp and createTimestamp attributes. Need if Authentik LDAP server is used.",
             "type": bool}),
         ("ldap_uri", {
             "value": "ldap://localhost",

From f40c4d6e9b4a708ac3d266e41cb10bdb100029e2 Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Mon, 24 Mar 2025 20:10:10 +0100
Subject: [PATCH 05/11] Update config.py

---
 radicale/config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/radicale/config.py b/radicale/config.py
index 8adcaed8..e74832cd 100644
--- a/radicale/config.py
+++ b/radicale/config.py
@@ -213,7 +213,7 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
         ("cache_logins", {
             "value": "false",
             "help": "cache successful/failed logins for until expiration time",
-            "type": bool}),      
+            "type": bool}),
         ("cache_successful_logins_expiry", {
             "value": "15",
             "help": "expiration time for caching successful logins in seconds",

From bcbf0918a94d3bdc11087f3b977062b2f21997cd Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Mon, 24 Mar 2025 20:10:53 +0100
Subject: [PATCH 06/11] Update ldap.py

---
 radicale/auth/ldap.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index be2c2fe8..7ebeef9e 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -65,8 +65,8 @@ class Auth(auth.BaseAuth):
             except ImportError as e:
                 raise RuntimeError("LDAP authentication requires the ldap3 module") from e
        
-        self._ldap_authentik_timestamp_hack = configuration.get("auth", "ldap_authentik_timestamp_hack")
-        if self._ldap_authentik_timestamp_hack:
+        self._ldap_ignore_attribute_create_modify_timestamp = configuration.get("auth", "ldap_ignore_attribute_create_modify_timestamp")
+        if self._ldap_ignore_attribute_create_modify_timestamp:
            self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp','modifyTimestamp'])
            logger.info("auth.ldap_authentik_timestamp_hack applied")
 

From 98152062df63ccaeb8248a4e82e9dff4b91f0615 Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Mon, 24 Mar 2025 20:11:40 +0100
Subject: [PATCH 07/11] Update ldap.py

---
 radicale/auth/ldap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index 7ebeef9e..18f22c6b 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -68,7 +68,7 @@ class Auth(auth.BaseAuth):
         self._ldap_ignore_attribute_create_modify_timestamp = configuration.get("auth", "ldap_ignore_attribute_create_modify_timestamp")
         if self._ldap_ignore_attribute_create_modify_timestamp:
            self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp','modifyTimestamp'])
-           logger.info("auth.ldap_authentik_timestamp_hack applied")
+           logger.info("auth.ldap_ignore_attribute_create_modify_timestamp applied")
 
         self._ldap_uri = configuration.get("auth", "ldap_uri")
         self._ldap_base = configuration.get("auth", "ldap_base")

From 0d1dcec61a089d5304d51b0d0245b428b223a0e3 Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Mon, 24 Mar 2025 20:12:45 +0100
Subject: [PATCH 08/11] Update config

---
 config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config b/config
index 5e88e9e3..273763de 100644
--- a/config
+++ b/config
@@ -75,7 +75,7 @@
 #cache_failed_logins_expiry = 90
 
 # Ignore modifyTimestamp and createTimestamp attributes. Needed if Authentik LDAP server is used. Uncomment then.
-#ldap_authentik_timestamp_hack = true  
+#ldap_ignore_attribute_create_modify_timestamp = true  
 
 # URI to the LDAP server
 #ldap_uri = ldap://localhost

From 3af690fcb64fbe97c9dde00cb8c39f135ecde884 Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Mon, 24 Mar 2025 20:13:38 +0100
Subject: [PATCH 09/11] Update ldap.py

---
 radicale/auth/ldap.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index 18f22c6b..c58acd0b 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -56,7 +56,6 @@ class Auth(auth.BaseAuth):
         try:
             import ldap3
             self.ldap3 = ldap3
- 
         except ImportError:
             try:
                 import ldap

From 9f7941d4280e8846e40c23dc7f7e156bbb0898f2 Mon Sep 17 00:00:00 2001
From: BastelBaus <44684710+BastelBaus@users.noreply.github.com>
Date: Mon, 24 Mar 2025 20:19:28 +0100
Subject: [PATCH 10/11] Update DOCUMENTATION.md

---
 DOCUMENTATION.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md
index a5334ba6..717c9e9d 100644
--- a/DOCUMENTATION.md
+++ b/DOCUMENTATION.md
@@ -1060,6 +1060,16 @@ The path to the CA file in pem format which is used to certificate the server ce
 
 Default:
 
+##### ldap_ignore_attribute_create_modify_timestamp
+
+_(>= 3.6.0)_
+
+Add modifyTimestamp and createTimestamp to the exclusion list of internal ldap3 client
+so that these schema attributes are not checked. This is needed for Authentik since
+Authentik does not provide these both attributes.
+
+Default: false
+
 ##### dovecot_connection_type = AF_UNIX
 
 _(>= 3.4.1)_

From 5d5b12c12448af8bb1e23b3f80511e045b33b8d0 Mon Sep 17 00:00:00 2001
From: "BastelBaus@gmail.com" <44684710+BastelBaus@users.noreply.github.com>
Date: Mon, 24 Mar 2025 22:14:29 +0100
Subject: [PATCH 11/11] fixed flake8 errors

---
 DOCUMENTATION.md      | 2 +-
 radicale/auth/ldap.py | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md
index 717c9e9d..16b4518b 100644
--- a/DOCUMENTATION.md
+++ b/DOCUMENTATION.md
@@ -1062,7 +1062,7 @@ Default:
 
 ##### ldap_ignore_attribute_create_modify_timestamp
 
-_(>= 3.6.0)_
+_(>= 3.5.1)_
 
 Add modifyTimestamp and createTimestamp to the exclusion list of internal ldap3 client
 so that these schema attributes are not checked. This is needed for Authentik since
diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index c58acd0b..da84225f 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -63,11 +63,11 @@ class Auth(auth.BaseAuth):
                 self.ldap = ldap
             except ImportError as e:
                 raise RuntimeError("LDAP authentication requires the ldap3 module") from e
-       
+
         self._ldap_ignore_attribute_create_modify_timestamp = configuration.get("auth", "ldap_ignore_attribute_create_modify_timestamp")
         if self._ldap_ignore_attribute_create_modify_timestamp:
-           self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp','modifyTimestamp'])
-           logger.info("auth.ldap_ignore_attribute_create_modify_timestamp applied")
+            self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp', 'modifyTimestamp'])
+            logger.info("auth.ldap_ignore_attribute_create_modify_timestamp applied")
 
         self._ldap_uri = configuration.get("auth", "ldap_uri")
         self._ldap_base = configuration.get("auth", "ldap_base")