ldaptool 0.8-1

debian/changelog

@@ -1,3 +1,12 @@
+ldaptool (0.8-1) unstable; urgency=medium
+
+  * keyringer backend: handle 'Nothing matches' output, keyringer
+    doesn't fail properly
+  * use only first line from multi-line password entries (and strip
+    whitespace)
+
+ -- Stefan Bühler <stefan.buehler@tik.uni-stuttgart.de>  Wed, 21 Jan 2026 14:25:02 +0100
+
 ldaptool (0.7-1) unstable; urgency=medium
 
   * decode groupType

src/ldaptool/search/_search.py

@@ -26,7 +26,10 @@ def search(*, config: Config, arguments: Arguments) -> typing.Iterable[Result]:
     if arguments.krb:
         ldap_con.sasl_gssapi_bind_s()
     else:
-        ldap_con.simple_bind_s(realm.account, config.get_password(realm))
+        password = config.get_password(realm)
+        # use only first line (and without whitespace); assume remaining lines are comments/...
+        password = password.splitlines()[0].strip()
+        ldap_con.simple_bind_s(realm.account, password)
 
     assert arguments.base
     assert arguments.filter

src/ldaptool/search/config.py

@@ -121,7 +121,10 @@ class Keyringer(PasswordManager):
             check=True,
             encoding="utf-8",
         )
-        return result.stdout.strip()
+        password = result.stdout.strip()
+        if "Nothing matches , try again." in password:
+            raise SystemExit(f"No password stored for {secretname}")
+        return password
 
 
 @dataclasses.dataclass