diff -r 5d1568572895 -r dadbd4148a44 cubicweb/server/sources/ldapfeed.py
--- a/cubicweb/server/sources/ldapfeed.py	Thu Dec 19 00:59:27 2019 +0100
+++ b/cubicweb/server/sources/ldapfeed.py	Thu Dec 19 10:31:49 2019 +0100
@@ -65,48 +65,48 @@
 
     options = (
         ('auth-mode',
-         {'type' : 'choice',
+         {'type': 'choice',
           'default': 'simple',
           'choices': ('simple', 'digest_md5', 'gssapi'),
           'help': 'authentication mode used to authenticate user to the ldap.',
           'group': 'ldap-source', 'level': 3,
           }),
         ('auth-realm',
-         {'type' : 'string',
+         {'type': 'string',
           'default': None,
           'help': 'realm to use when using gssapi/kerberos authentication.',
           'group': 'ldap-source', 'level': 3,
           }),
 
         ('data-cnx-dn',
-         {'type' : 'string',
+         {'type': 'string',
           'default': '',
           'help': 'user dn to use to open data connection to the ldap (eg used \
 to respond to rql queries). Leave empty for anonymous bind',
           'group': 'ldap-source', 'level': 1,
           }),
         ('data-cnx-password',
-         {'type' : 'string',
+         {'type': 'string',
           'default': '',
           'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.',
           'group': 'ldap-source', 'level': 1,
           }),
 
         ('user-base-dn',
-         {'type' : 'string',
+         {'type': 'string',
           'default': '',
           'help': 'base DN to lookup for users; disable user importation mechanism if unset',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-scope',
-         {'type' : 'choice',
+         {'type': 'choice',
           'default': 'ONELEVEL',
           'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
           'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-classes',
-         {'type' : 'csv',
+         {'type': 'csv',
           'default': ('top', 'posixAccount'),
           'help': 'classes of user (with Active Directory, you want to say "user" here)',
           'group': 'ldap-source', 'level': 1,
@@ -118,39 +118,39 @@
           'group': 'ldap-source', 'level': 2,
           }),
         ('user-login-attr',
-         {'type' : 'string',
+         {'type': 'string',
           'default': 'uid',
           'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-default-group',
-         {'type' : 'csv',
+         {'type': 'csv',
           'default': ('users',),
           'help': 'name of a group in which ldap users will be by default. \
 You can set multiple groups by separating them by a comma.',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-attrs-map',
-         {'type' : 'named',
+         {'type': 'named',
           'default': {'uid': 'login'},
           'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)',
           'group': 'ldap-source', 'level': 1,
           }),
         ('group-base-dn',
-         {'type' : 'string',
+         {'type': 'string',
           'default': '',
           'help': 'base DN to lookup for groups; disable group importation mechanism if unset',
           'group': 'ldap-source', 'level': 1,
           }),
         ('group-scope',
-         {'type' : 'choice',
+         {'type': 'choice',
           'default': 'ONELEVEL',
           'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
           'help': 'group search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
           'group': 'ldap-source', 'level': 1,
           }),
         ('group-classes',
-         {'type' : 'csv',
+         {'type': 'csv',
           'default': ('top', 'posixGroup'),
           'help': 'classes of group',
           'group': 'ldap-source', 'level': 1,
@@ -162,7 +162,7 @@
           'group': 'ldap-source', 'level': 2,
           }),
         ('group-attrs-map',
-         {'type' : 'named',
+         {'type': 'named',
           'default': {'cn': 'name', 'memberUid': 'member'},
           'help': 'map from ldap group attributes to cubicweb attributes',
           'group': 'ldap-source', 'level': 1,
@@ -273,7 +273,10 @@
         self.info('connecting %s://%s:%s as %s', protocol, host, port,
                   user and user['dn'] or 'anonymous')
         server = ldap3.Server(host, port=int(port))
-        conn = ldap3.Connection(server, user=user and user['dn'], client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE, auto_referrals=False)
+        conn = ldap3.Connection(
+            server, user=user and user['dn'],
+            client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE,
+            auto_referrals=False)
         # Now bind with the credentials given. Let exceptions propagate out.
         if user is None:
             # XXX always use simple bind for data connection
@@ -330,7 +333,7 @@
         """Turn an ldap received item into a proper dict."""
         itemdict = {'dn': dn}
         for key, value in iterator:
-            if self.user_attrs.get(key) == 'upassword': # XXx better password detection
+            if self.user_attrs.get(key) == 'upassword':  # XXx better password detection
                 value = value[0].encode('utf-8')
                 # we only support ldap_salted_sha1 for ldap sources, see: server/utils.py
                 if not value.startswith(b'{SSHA}'):