Spring LDAP CHANGELOG
=====================
http://www.springframework.org/ldap

http://www.ietf.org/rfc/rfc1960.txt
http://www.ietf.org/rfc/rfc2251.txt
http://www.ietf.org/rfc/rfc2252.txt
http://www.ietf.org/rfc/rfc2253.txt
http://www.ietf.org/rfc/rfc2254.txt
http://www.ietf.org/rfc/rfc2255.txt
http://www.ietf.org/rfc/rfc2256.txt
http://www.ietf.org/rfc/rfc2696.txt
http://www.ietf.org/rfc/rfc2829.txt

Changes in version 1.3.1 (November 2010)
-------------------------------------------
* Added an object-directory mapping framework (ODM). Contributed by Paul
  Harvey.

* Added an LDIF parsing framework. Contributed by Keith Barlow.

* Added an extension to ContextMapperCallbackHandler that can provide the
  associated mapper with an indication that the response is different for
  each search result. (LDAP-185)

* AbstractTlsDirContextAuthenticationStrategy now provides a setter for
  customizing SSLSocketFactory used for TLS negotiation. (LDAP-180)

* DirContextAdapter.getObjectAttribute now returns null if the attribute
  exists but with no value. Added method attributeExists for cases where
  it has to be detected whether it was one or the other. (LDAP-215)

* Added LookupAttemptingCallback for performing operation in authenticated
  context. (LDAP-203)

* Added utility methods for converting a Windows security identifier (SID)
  between a binary format and a slightly more readable string format.
  http://msdn.microsoft.com/en-us/library/aa379571%28VS.85%29.aspx
  (LDAP-187)

* Added authentication methods that provide a possible authentication
  exception through an AuthenticationErrorCallback. (LDAP-192)

* Authentication methods now treat a search result of more than one user as
  an error and throw IncorrectResultSizeDataAccessException. (LDAP-170)
  
* Authentication methods now log problems at level INFO rather than ERROR.
  (LDAP-170)
  
* It's now possible to control the case folding of attribute keys in
  DistinguishedName by setting the system property
  DistinguishedName.KEY_CASE_FOLD_PROPERTY to one of "lower", "upper", or
  "none". (LDAP-188)

* DIGEST-MD5 SASL authentication mechanism is now supported, as specified by
  RFC 2829 (see http://www.ietf.org/rfc/rfc2829.txt, section 4). (LDAP-173)
  Contributed by Marvin S. Addison.

* DefaultDirObjectFactory calls a Java5 version of the IllegalArgumentException
  constructor. (LDAP 196)

* DirContextAdapter JavaDoc now states clearly that several methods are not
  implemented on purpose. (LDAP-208)

* Class-level JavaDoc for OrFilter no longer uses AndFilter in sample code. (LDAP-217)

* Upgraded Spring to 2.5.6.SEC02 and 3.0.3.RELEASE. (LDAP-210)

* Upgraded Spring to 2.5.6.SEC01. (LDAP-194)

* Build is no longer using the default platform encoding, but UTF-8. (LDAP-201)

Changes in version 1.3.0 (Jan 2009)
-------------------------------------------
* Added methods for simple LDAP 'bind' authentication in LdapOperations and
  SimpleLdapOperations. The methods will perform a search given a supplied
  filter, call ContextSource#getContext(dn, password), and optionally callback
  to a supplied instance to perform an LDAP operation on the context.
 
* Re-used the same fix for LDAP-109 and LDAP-50 that was used in
  DefaultDirObjectFactory to secure the DirContextAdapter constructors from
  invalid CompositeNames.

* Made sure DirContextOperations#addAttributeValue(String, Object) does not add
  any duplicate values per default; added alternate method:
  DirContextOperations#addAttributeValue(String, Object, boolean) to enable
  behavior other than the default (i.e. allowing duplicates).

* Made sure that DirContextAdapter#setDn() throws exception if in update mode
  (The value is not set anyway, and this was previously silently ignored).
  
* Improved more search methods that take handlers so that they will work
  with handlers that use ContextMappers, e.g. ContextMapperCallbackHandler.
  (LDAP-162)

* Made sure article sample tests are possible to run without running web
  application (i.e. tests automatically start internal LDAP server). (LDAP-143)
  
* SortControlDirContextProcessor no longer has hard dependencies to controls in
  LDAP Booster Pack. (LDAP-159)
  
* Common code in DirContextProcessor implementations has been pulled up to a
  base class called AbstractFallbackRequestAndResponseControlDirContextProcessor.
  (LDAP-161)

* PagedResultsRequestControl has been deprecated in favor of
  PagedResultsDirContextProcessor, which takes advantage of the new
  AbstractFallbackRequestAndResponseControlDirContextProcessor. (LDAP-160)

* Added spring-tx as required dependency (the DataAccessExceptions require
  this). 
  
* Added demo projects to simplify refactoring demonstrations. (LDAP-154)

* Added LdapEntryIdentification, a simple bean containing the DNs of an LDAP
  entry, relative to the base context as well as absolute. Also added
  special ContextMapper implementation producing these entries;
  LdapEntryIdentificationContextMapper. (LDAP-149)
  
* Added LdapTemplate#searchForObject(base, filter, mapper) and 
  SimpleLdapTemplate#searchForObject(base, filter, mapper); methods 
  to search for a single object, analogous to JdbcTemplate#queryForObject().
  (LDAP-150)
  
* DistinguishedName (LdapRdnComponent really) now correctly calculates the
  hashCode for names where case differs, and now correctly adheres to the
  equals/hashCode contract. (LDAP-151)
  
* Various improvements to immutability of DistinguishedNames throughout the
  framework. DistinguishedName#immutableDistinguishedName now produces a truly
  immutable copy of the original. Also made sure that it is not possible to
  accidentally alter the internal state of e.g. DirContextAdapter by modifying
  its DistinguishedName - copies are now returned in DirContextAdapter#getDn() 
  and DirContextAdapter#getBase(). (LDAP-146)
  
* Added LdapTemplate#rebind(DirContextOperations). (LDAP-144)
  
* Added PresentFilter and NotPresentFilter to simplify searching for presence 
  or absence of an attribute. (LDAP-152)
  
* Added DirContextAdapter constructor that takes its DN as a String. (LDAP-145)

Changes in version 1.3.0.RC1 (Oct 2008)
-------------------------------------------
* TLS connections are now supported using the DefaultTlsDirContextAuthenticationStrategy
  and ExternalTlsDirContextAuthenticationStrategy. (LDAP-8)

* NameNotFound is no longer silently ignored in searches. It is possible
  to use the old behavior by setting the ignoreNameNotFoundException property
  to true in LdapTemplate. (LDAP-134)
  
* Referrals can now be handled by setting the property 'Context.REFERRAL' 
  to 'follow' in the base context supplied to AbstractContextSource, provided
  that name servers are set up properly. Any DirContextAdapter instances
  resulting from referrals will provide the URL of the referred server in
  getReferralUrl(). (LDAP-136, LDAP-9)
  
* The hard dependency on LDAP Booster Pack has now been completely removed,
  preventing NoClassDefFoundErrors when using Paged Results without that
  library on the classpath. (LDAP-110, LDAP-118)
  
* The dreaded problem with '\' in Distinguished Names is now resolved.
  (LDAP-50, LDAP-109) 

* Added bind method that takes a DirContextOperations instance as parameter,
  performing the bind using the DN and Attributes from the DirContextOperations
  instance. (LDAP-140)

* DistinguishedName now returns compactly formatted String representations
  from toString, e.g.:
  cn=John Doe,ou=Company,c=Sweden
  rather than
  cn=John Doe, ou=Company, c=Sweden
  To keep using the old formatting (for backward compatibility) set the
  system property org.springframework.ldap.core.spacedDnFormat to true.
  (LDAP-138, LDAP-112, LDAP-91) 

* Changed default of 'pooling' flag in AbstractContextSource.
  This now defaults to false; consider the Spring LDAP PoolingContextSource
  as the preferred alternative to using the built-in Java Connection Pooling.

* Added configuration property to AbstractContextSource to specify referral
  behavior. Setting this property to 'follow' will enable referrals to be
  automatically followed, provided that the name server environment is properly
  set up.
  
* Now using Maven for building internally. (LDAP-80, LDAP-82, LDAP-95)
  
* Added HardcodedFilter class and corresponding PropertyEditor FilterEditor,
  to allow for easily working with pre-encoded search filters 
  e.g. in configuration files. (LDAP-28)
  
* Added ContextSourceAndHibernateTransactionManager to enable integration
  of client-side LDAP Transactions in a Hibernate environment. (LDAP-115)

* Added append method to BinaryLogicalFilter allowing client code to use
  and/or filters from the same code. (LDAP-116)

* Introduced DirContextAuthenticationStrategy to AbstractContextSource
  to enable more flexible context authentication strategies, e.g.
  TLS and Proxy Auth. (LDAP-124)
  
* Corrected reference doc claiming DataAccessException hierarchy. (LDAP-106)

* Probably the most requested feature of all - a plain method for simple 
  authentication is now provided in the ContextSource interface.
  (LDAP-39, LDAP-103) 

* The order of multi-valued attributes is now properly preserved by
  DirContextAdapter#getModificationItems(). (LDAP-96)
  
* ContextSourceTransactionManager now properly throws a 
  CannotCreateTransactionException if anything goes wrong in doBegin(). (LDAP-122)
  
* It is now possible to set the criticality on PagedResultsControl.
  (LDAP-126)
  
* DirContextAdapter now has a getObjectAttributes method, as stated in
  reference docs. (LDAP-137)

* DirContextAdapter#getStringAttributes, getObjectAttributes, and
  getAttributeSortedStringSet now all return null if the requested Attribute
  is not present, and an empty result (array or set) if present but empty.
  (LDAP-130)

* SimpleLdapOperations/SimpleLdapTemplate now has mirrored methods that take
  Name parameters. (LDAP-139)
  
* Fixed documentation glitch regarding ContextSourceAndDataSourceTransactionManager.
  (LDAP-99)
  
* Added the possibility to configure the search scope on DefaultDirContextValidator.
  Changed the default to OBJECT_SCOPE. (LDAP-121)

* Fixed DistinguishedName parsing error; \r is now allowed in Distinguished Names,
  complying with LDAP v3 DN RFC. (LDAP-97)

* Moved SingleContextSource from an obscure inner class to a top-level
  class. This class doesn't close the DirContext, but reuses the same.
  Useful for scenarios like Paged Results. (LDAP-114)

* Removed deprecated method setUserName() in AbstractContextSource.

* Added a method DistinguishedName.toCompactString that returns a more
  compact String representation without blanks. (LDAP-91)

* Improved search methods that take handlers so that they will work
  with handlers that use ContextMappers, eg ContextMapperCallbackHandler.
  (LDAP-107)

* Fixed a problem where the narrowest possible exception subclass was
  not always found in the exception translation. (LDAP-100)

* Made changes required for paged results to work when using Spring LDAP
  connection pool with a single connection. (LDAP-114)

* Removed AcegiAuthenticationSource - use SpringSecurityAuthenticationSource
  (included with Spring Security) instead.

* Upgraded commons-lang to 2.3.

* Upgraded Spring to 2.5.6. (LDAP-125)

Changes in version 1.2.1 (Dec 2007)
-------------------------------------------
* Added pooling library which features flexible connection validation
  and better configuration than the built-in pooling. (LDAP-85)

* Fixed a problem in AbstractContextSource which led to an unnecessary
  reference to the LDAP Booster Pack (ldapbp). (LDAP-88, LDAP-89)

* Added missing package description and updated copyright. (LDAP-92)

* Added build instructions. (LDAP-27)

* Fixed bug in SimpleLdapTemplate where the wrong target method was being
  called. (LDAP-93)

* Made createContext in AbstractContextSource protected rather than
  package private. (LDAP-94)

Changes in version 1.2 (Oct 2007)
-------------------------------------------
A number of API-breaking changes have been made in the 1.2 release compared to version 1.1.2.
Consequently this is NOT a drop-in replacement for Spring LDAP 1.1.2,
though upgrading should not present all that much work. Please see
the supplied upgrade guide for details.

* Added getContextSource on LdapTemplate.

* The following getters on AbstractContextSource have been added:
    getContextFactory
    getDirObjectFactory
    getAuthenticationSource
    getUrls (was protected)
    isPooled
    isAnonymousReadOnly

* Upgraded to Spring 2.0.6 internally. Spring 1.2.x is still supported.

* Reviewed all javadoc.

* Revised reference manual.

* AbstractConnection source now actively removes pooling flag from context environment
  if pooling is set to 'false'. (LDAP-83)

* AcegiAuthenticationSource now supports anonymous authentication. (LDAP-67)

* Added BaseLdapPathSource, BaseLdapPathAware and BaseLdapNameBeanPostProcessor to be used 
  if the ContextSource base path is needed by beans. There is now also a DistinguishedNameEditor 
  available for directly injecting DistinguishedName instances to beans. (LDAP-86)

* Added immutableDistinguishedName() method in DistinguishedName to get an immutable
  copy of the instance. (LDAP-87)
  
* Added easier access methods for RDN attributes and values. (LDAP-71)

* Added lookupContext() and alternate modifyAttributes() in LdapOperations/LdapTemplate
  to simplify updates. (LDAP-78)
  
* Modified append() method in DistinguishedName. This method now returns the instance, to
  enable more fluent building of DistinguishedNames. (LDAP-74)
  
* Added SimpleLdapTemplate providing Java 5 generics support. (LDAP-72)

* Added AbstractContextMapper implementation. (LDAP-76)

Changes in version 1.2-RC1 (5.12.2007)
-------------------------------------------
A number of API-breaking changes have been made in this release,
mainly package restructuring stuff (LDAP-33). Consequently this is
NOT a drop-in replacement for Spring LDAP 1.1.2, though upgrading
should not present all that much work. Please see the supplied
upgrade guide for details.

* Restructured packages (LDAP-33):
  - Moved the core classes into the package ldap.core.
  - Moved subpackages of ldap.support to top level.
  - Moved most classes in ldap.support to ldap.core or ldap.core.support.
  - Moved classes in ldap.utils to ldap.support and removed ldap.utils.

* Changed the exception hierarchy to be an unchecked mirror of the JNDI
  NamingException hierarchy (LDAP-4).

* Deprecated the userName property in AbstractContextSource and changed
  it to the more correct userDn (LDAP-18).

* Fixed bug causing PagedResultsRequestControl processing to fail against AD 
  in the case of a PartialResultsException (LDAP-32).

* Fixed bug causing NullPointerException in some environments when performing
  PagedResultsRequestControl search (LDAP-37).

* Implemented client-side transaction support for Spring LDAP. See reference
  documentation for further information (LDAP-29).

* DirContextAdapter.setAttribute() now properly updates updatedAttrs in update mode
  (resulting in ModificationItems if applicable) (LDAP-15).
  
* Exceptions thrown by Spring LDAP are now always Serializable, regardless of whether
  the wrapped NamingException is (which is not always the case) (LDAP-14).
  
* LdapRdnComponent now implements Serializable (LDAP-45).

* Rewrote LdapEncoder.nameDecode() to solve problem with national characters and
  remove regular expression used in parsing, drastically improving Distinguished Name
  parsing performance as a bonus (LDAP-30).

* The DefaultDirObjectFactory.JNDI_ENV_BASE_PATH_KEY has been deprecated. If the base
  property needs to be accessed from a subclass to AbstractContextSource, use the new
  protected method getBase (LDAP-55).
  
* LdapContextSource.getAnonymousEnv no longer sets a broken ResponseControlFactory in
  the environment (LDAP-64).
  
* Upgraded ApacheDS to 1.0.0 (LDAP-32).

* Upgraded to Acegi Security 1.0.3 (LDAP-61).

* Upgraded to ApacheDS 1.0.0 (LDAP-32).

* Upgraded to Spring 2.0.4 internally. Spring 1.2.x is still supported (LDAP-35, LDAP-51).

* Upgraded to Spring WebFlow 1.0.2 in the Person sample (LDAP-60).

* Fixed a number of documentation errors and typos (LDAP-41, LDAP-40, LDAP-47, LDAP-48).
  
* Extracted useful inner classes from LdapTemplate to top-level classes (LDAP-42).

* Implemented addAttributeValue and removeAttributeValue in DirContextAdapter (LDAP-5).

* Modified DirContextOperations interface so that getNameInNamespace doesn't throw NamingException.

* Fixed NullPointerException when getting PagedResultsRequestControl response (LDAP-66).

* Rewrote logic i DirContextAdapter.getModificationItems(). The JNDI provider's Attribute
  comparison logic is now used internally. Also, REMOVE_ATTRIBUTE items are placed
  first in the ModificationItem array, in order to prevent ATTRIBUTE_ALREADY_EXIST errors
  (LDAP-13, LDAP-46).
  
* In internal integration tests, each test now runs on a clean LDAP database (LDAP-43).

* DirContextProcessor#postProcess() is now called in searches regardless of whether an 
  exception is thrown (LDAP-26).
  
* Moved SortControlDirContextProcessor to spring-ldap from sandbox (LDAP-68).


Changes in version 1.1.2 (1.12.2006)
-------------------------------------------
* Fixed problem with DirContextAdapter.getNameInNameSpace. Now it really
  returns the full DN.

* There is now a wrapper class called PagedResult, which can be used to
  wrap the resulting list and the PagedResultsCookie after using
  PagedResultsRequestControl.

* The actual cookie in PagedResultsCookie is now immutable.

* The person sample is now a Spring WebFlow application, where the user
  can manage persons and standard LDAP access groups.

* Improved javadoc for DefaultDirObjectFactory and DistinguishedName.

* Upgraded Spring to 2.0.1 internally. Spring 1.2.8 is still supported.

Changes in version 1.1.1 (18.11.2006)
-------------------------------------------
* Added capability to use server-side controls in search by leveraging
  DirContextProcessor.

* Added generic DirContextProcessor that is run before and after a search.

* Added paged search result functionality in PagedResultsRequestControl,
  which is an implementation of DirContextProcessor.

* Fixed problem with DirContextAdapter, where the wrong change was applied
  when a change was followed by a reset to the original values.

* DirContextAdapter.getNameInNamespace() now returns the full DN, as per the
  documentation for javax.naming.Context.

* The parsing of DistinguishedName has been changed from using regexp to
  a JavaCC parser, which means improved performance (5-6 times faster) and
  better error messages.

* DistinguishedName now supports multi-valued RDNs separated by a '+' sign,
  like "cn=Rod+sn=Johnson", for example. All according to spec 2253.

* LdapRdn is now Serializable.

* Added lookup methods that take an array of return attribute names.

* Made DistinguishedName.EMPTY_NAME an immutable DistinguishedName instance.

* Separated integration tests that require OpenLDAP from the other integration
  tests that run the in-JVM Apache DS server.

* Changed the spring-ldap-person sample application to authenticate and
  authorize against groups rather than role attributes.

* Upgraded Spring to 2.0 internally. Spring 1.2.8 is still supported.

Changes in version 1.1 (28.8.2006)
-------------------------------------------
* Changed base package from net.sf.ldaptemplate to org.springframework.ldap

* Changed package ...support.acegi to ...support.authentication

* Replaced SearchResultCallbackHandler with NameClassCallbackHandler
  to enable its use in all search operations (search, list, listBindings).
  Changed all references and implementing classes accordingly, 
  including name changes where applicable:
  ** CollectingSearchResultCallbackHandler was replaced by CollectingNameClassPairCallbackHandler.
  ** CountSearchResultCallbackHandler was replaced by CountNameClassPairCallbackHandler

* Added NameClassPairMapper for use with list operations

* Added DefaultNameClassPairCallbackHandler.

* Added DefaultValuesAuthenticationSourceDecorator to enable default authentication
  information when AuthenticationSource returns empty values.

* ContextSource implementations now creates authenticated Contexts by default,
  since the previous behaviour has proven to be confusing.
  The authenticatedReadOnly flag was replaced by an anonymousReadOnly flag.
  
* AbstractContextSource now defaults the dirObjectFactory property to DefaultDirObjectFactory.

* Added search methods to LdapTemplate for specifying return attributes.

* Added list and listBindings methods to LdapTemplate.

* Fixed bug in AbstractContextSource regarding java version number and base path.

* Improved javadocs.

* Upgraded Spring to 2.0-rc3.

* Added full reference documentation.

Changes in version 1.0.2 (LdapTemplate) (26.6.2006)
------------------------------------
* Added methods in LdapTemplate to unbind recursively.

* Added rename() method to LdapTemplate.

* Fixed bug in getPrefix() of DistinguishedName.

* Fixed bug in getModificationItems() of DirContextAdapter.
  The method now correctly handles changes of individual vales in
  multi-value attributes.
  
* Introduced AbstractContextSource, moved the code from LdapContextSource there
  and made LdapContextSource and DirContextSource inherit from this.
  
* Upgraded to Acegi 1.0.0. Removed classes no longer needed:
  LdapTemplateLdapAuthenticationProvider
  LdapTemplateUserDetails
  *NOTE*:
     This means that configuration needs to be changed if using Acegi,
     since the API and package structure has changed in Acegi between
     versions 1.0.0-RC2 and 1.0.0 final.
  

Changes in version 1.0.1 (LdapTemplate) (5.5.2006)
-----------------------------------
* Now checking whether the first argument to getObjectInstance in
  DefaultDirObjectFactory is a Context, and if so, closing it properly.

* Fixed reference to non-existent ContextSourceImpl in ldaptemplate-person.

* Upgraded Spring to 2.0-m4.

* Upgraded DDSteps to 1.1-rc1 and EasyMock to 1.2.

Changes in version 1.0 (LdapTemplate) (24.4.2006)
----------------------------------
* Introduced the AuthenticationSource interface to enable other strategies for
  retrieving principal and credentials than a hard-coded username/password.

* Added the AcegiAuthenticationSource implementation for retrieving a previously
  authenticated principal and credentials using Acegi.

* Added a 'cacheEnvironmentProperties' property that enables the user to choose
  whether to cache the environment HashMap or to re-create it each time a new
  Context is created.

* Added an ignorePartialResultException to LdapTemplate which causes all
  PartialResultExceptions to be ignored during searches, for use when working
  against Active Directory, which cannot handle referrals correctly.

* Added search methods in LdapOperations (and LdapTemplate) that take a
  parameter for SearchControls.

* The methods getNamesOfModifiedAttributes, update, and getAttributeSortedStringSet
  in DirContextOperations (and DirContextAdapter) no longer throw NamingException.
  Instead, they throw unchecked DataAccessExceptions.

* The method getModificationItems in AttributeModificationsAware no longer throws
  NamingException. Instead, it throws unchecked DataAccessExceptions.

* Removed the (unused) 'task' parameter to NamingExceptionTranslator.translate.

* Removed the deprecated ContextSourceImpl class.

* Integration tests now run using an in-memory version of Apache Directory Server,
  rather than requiring a working installation of a directory server.

* Integration tests now run together with pure unit tests under the 'tests' Ant target.

* The ldaptemplate-person sample web application now uses an in-memory version of Apache
  Directory Server, rather than requiring a working installation of a directory server.

* Upgraded Spring to 2.0-m3.

* The build now uses Ivy 1.3.1.

Changes in version 1.0-RC2 (LdapTemplate) (22.2.2006)
--------------------------------------
* LdapV2 is now supported. 
  ContextSourceImpl has been deprecated. In stead the new 
  LdapContextSource should be used for LdapV3 and a DirContextSource 
  has been added for LdapV2 compatibility.
  
* Ability has been added in LdapContextSource and DirContextSource 
  to specify that an authenticated context should be used for 
  read-only operations as well. Use property 'authenticatedReadOnly'
  in LdapContextSource/DirContextSource.
  
* The Filter classes have been cleaned up.

* DirContextAdapter has been cleaned up. Most important to note is that
  in this operation the 'setStringAttribute/setStringAttributes' methods 
  have been removed and replaced by 'setAttributeValue/setAttributeValues'.
  
* Base DNs are now correctly URL encoded when building the connection String.
  This means that spaces and other 'unsafe' characters in base DNs should no
  longer be manually URL encoded.

* An AttributesIntegrityViolationException has been added and is thrown when
  an InvalidAttributesException is encountered.
  
* More unit tests have been added.

Changes in version 1.0-RC1 (LdapTemplate) (27.1.2006)
--------------------------------------
* First public release candidate.