1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
|
HISTORY.txt for the LDAPUserFolder
This file contains change information for the LDAPUserFolder product
for revisions before the current version.
2.1
No significant changes between 2.1 beta3 and 2.1
2.1beta3
Bugs fixed:
* Fixed a LDAP server misbehavior where a bind operation with
a valid user DN but empty password would seemingly succeed.
This behavior was only obvious in 2.1beta2 because I removed
code I considered obsolete. Also added unittests for
authentication and extended the FakeLDAP module to emulate
LDAP server binding behavior. (Tracker issue 257, my thanks
go to Jan-Wijbrand Kolman)
2.1beta2
Bugs fixed:
* Apparently there are situations when a call to getGroups
returns a tuple. Code in the LDAPUserSatallite expected it
to be a list (Tracker issue 244).
* If the LDAPUserFolder was configured to always bind using
the Manager DN it was possible to log in with the wrong
password (Tracker issues 246 and 248, thanks go to Michael
Lindig).
* Found a problem deleting all values for a user attribute
from the ZMI which would throw an error. Discovered while
looking at the (unrelated?) issue 251 in the tracker, which
also dealt with a problem when clearing an attribute.
2.1beta1
Bugs fixed:
* Cleaned up a mismatch between the delegate edit method and
signature expected by the LDAPUserFolder code that talks to
it (Tracker Issue 224 pointed out by Albert Chin-A-Young
and others)
* More cleanup in the way a LDAPUserFolder authenticates to the
LDAP server. The setting specified under "Manager DN usage"
is now respected for all record modifications and deletions
as well.
* Michail Bachmann pointed out some code errors in the
LDAPUserSatellite code that had crept in when switching to
using the LDAPDelegate (tracker issue 233).
Features added:
* Finally added a full suite of unit tests for most components
in the package.
* If your LDAP server hands out referrals during an attempted
write operation (add, modify or delete a user record) then
this is now handled correctly, at least if you run OpenLDAP
and python-ldap versions 2.0 or higher.
* Implemented read-only mode where any writes to the LDAP
server are disabled (Tracker issue 228 filed by Tom Deprez).
Features removed:
* Officially removed compatibility with python-ldap 1.x
versions. Due to an oversight on my part some incompatible
code was already in the 2.0-series, but now I am finally
dropping any pretenses about supporting that old version.
2.0
Bugs fixed:
* Made encoding tasks a little cheaper if you set the encoding
to UTF-8 in the utils.py "encoding" settings (Tracker issue
203, thanks go to Artur Zaprzala for suggesting a good way
of handling this)
2.0beta3
Bugs fixed:
* Changing a password would result in an error (Tracker issue
204 posted by Massimiliano Russo)
* If no results were returned from a user record search inside
getUserDetails then a faulty check for the length of the
returned result set would make it error out. Tracker issue
206, posted by William Carrel.
* Make sure that rebinding in _lookupuser will really fulfill
the promise of "uses the DN and password of the currently
logged-in user" in case the selected Manager DN usage calls
for it. (Tracker issue 210 by Oliver Pabst)
Features added:
* "clear" has been added as a choice for password encryption
mechanism. The password will be stored unencrypted in LDAP
in that case. (Tracker issue 209 by Oliver Pabst)
2.0beta2
Features added:
* Thanks to a patch from Artur Zaprzala the default encoding
that gets applied to results from the LDAP servers can now be
changed in the utils module, whereas before it was hardcoded
to be "Latin-1" in all places.
* The getUserDetails method API was extended to allow passing
in a sequence of desired attributes. This is helpful when
certain attributes (e.g. binary pictures) are not needed and
would unnecessarily slow down the request. This feature
suggested by Artur Zaprzala.
Bugs fixed:
* The module reorganization broke the decoding of UTF-8 values
which meant non-ASCII characters appeared as garbage
characters. Artur Zaprzala posted a set of patches in Tracker
issue 198 to fix the issue and simplify/improve the unicode
handling in general.
2.0beta1
Version 2.0 represents a major code base refactoring. The main
goals were code simplification, cruft removal and improving
maintainability for me. While this meant putting the axe to
some features it also enabled me to implement some other
functionality that would have been much harder to do using the
old code.
Features removed:
* ZBabel support has been discontinued.
I have received very little (meaning No) feedback on it and
even before it was offered only very few people requested it.
I myself did not have an environment set up where I could
maintain the translation dictionaries, mainly because the way
they are updated is (in my opionion) a huge PITA. I got tired of
lugging code along that got more stale with every update I did
to the main cod. Since I have been on a simplification spree for
version 2.0 it was one of the first items to go.
My apologies to Dirk Datzert who performed the most of the ZBabel
integration work last year.
* Cookie support is no longer built into the product. If you need
cookie-based authentication I recommend installing the
CookieCrumbler product alongside the LDAPUserFolder. It performs
all functionalities of the built-in cookie support. See
http://www.zope.org/Members/hathawsh/CookieCrumbler for
information and download.
Features added:
* You can now specify multiple LDAP servers to be used by the
LDAPUserFolder. Servers are used in a failover fashion. If the
first server in the list is down the next one is contacted, etc.
This assumes that the LDAP data structure on both servers is
identical, e.g. the users search base is the same.
* The LDAPUserSatellite can now be used in recursive fashion. This
means it can go out and consult all LDAPUserSatellites in its
acquisition path and have them make any role manipulations before
doing its own work, thereby getting a cumulative effect. Please
use caution with this feature because it is potentially very
expensive.
1.6
That's it, folks... this is the end of the 1.x line of
LDAPUserFolders. The new version, LDAPUserFolder 2.x,
is out by now and I encourage everyone to give it a try. It
has many added features and, above all, a refactored code
base that makes it easier for me to maintain and improve.
From this point on no new features will be added to the
1.x series, and only urgent bug fixes. All development will
concentrate on the 2.x series.
1.6beta3
Bugs fixed:
* Fixed a bug that could allow access with an invalid password
(Tracker issues 185, 188)
Features added:
* Some more small logging improvements
1.6beta2
Features added:
* A brand new object can now be instantiated after upgrading
to this version. It's called "LDAPUserSatellite" and is
used to manipulate roles for a user based on the context
the user is in if a LDAPUserSatellite is around.
Roles can be manipulated by applying a mapping from
LDAP group to additional Zope role and/or performing
a group record lookup in an additional groups search
path on your LDAP server.
The LDAPUserSatellite does not directly change global roles
on the user object like the LDAPRoleTwiddler and
LDAPRoleExtender did, it uses internal Zope security
mechanisms to compute roles based on context.
This new object replaces both the LDAPRoleTwiddler and
the LDAPRoleExtender, which are hereby deprecated.
Thanks go to Dirk Datzert who did some extensive testing
and helped me hunt down a lot of bugs.
* Better logging for using cached users
* Caches ZMI tab more informative by presenting both
authenticated and anonymous cache contents
Bugs fixed:
* Update some outdated help files for the LDAPUserFolder
1.6beta1
Features added:
* Group type accessGroup added to the list of group records
recognized and usable within the LDAPUserFolder. Michael
Stroeder spotted this type of group on a IBM SecureWay
directory server.
* More efficient groups search filter for specific user
record, suggested by Michael Stroeder.
* Logging and caching are factored out into instance-level
objects
* The security model has seen a complete change to make
it simpler and to respect access controls placed on the
LDAP server itself more:
- providing a Manager DN and password is optional
- if a Manager DN has been provided in the configuration
then that DN will be used to bind for every single
LDAP operation
- if no Manager DN has been provided then the current
user's DN will be used for binding.
- if no Manager DN has been provided and a user who
authenticated against another user folder is
attempting to perform LDAP operations it will
be performed with an anonymous bind.
This all implies that if you want to make changes in LDAP that
require specific rights you must either log in as a user with
those specific rights or use the less security-conscious
workaround of providing a Manager DN in the LDAPUserFolder
configuration.
If you attempt to make changes with a Manager user
authenticated against another user folder you might not be able
to, which might be a source of confusion for some Zope admins.
Bugs fixed:
* Catch ldap.PARTIAL_RESULTS after issuing a search request
to the server, something the Micro$haft "Active Directory"
server seems to like doing. Thanks go to Brad Powell for
reporting this nonstandard server behavior.
* Reclassified and clarified some logging calls and their
message output.
* A lot of "whitespace normalization" (hate that expression!)
and fixes to overly long lines of code.
* Handling of multi-valued attributes has been cleaned up and
changed slightly. If an attribute value contains semicolon
(;) characters it will be assumed to contain a semicolon-
separated list of values. The ZMI "Users" tab will also
display semicolon-separated values for all multi-valued
attributes when you view the record.
* A misconfigured Users base DN setting is now less likely to
lead to complete blowups upon trying to connect to the
LDAP server so that access to the container will always remain
intact and the LDAPUserFolder can be reconfigured or deleted
if needed.
* No blowups from getUser if the name passed in is not a string,
just returns None instead now. (Tracker issue 166 filed by
Romain Eliot)
1.5
Bugs fixed:
* Due to the way user object caching was implemented local
role lookup would break for those users who have logins
that are not all lowercase. This has been fixed.
(Tracker issue 163, my thanks go to John Hohm who did
a lot of the detective work for this one himself)
* Using a better search filter in case getGroups is asked
to return all groups available to the LDAPUserFolder.
Improved the doc string for getGroups to clarify its
usage. Michael Stroeder suggested the better search filter.
1.5beta3
Features added:
* New method getLocalUsers added to allow for retrieving
all user DNs and their roles that have roles stored
locally. If user roles are stored locally this method is
now used on the Users ZMI tab to show a list of all
users with locally stored roles. This is more or less a
convenience so that the admin does not have to search
for a specific record and go into the detail screen to
find out about a user's roles.
* The implementation for getGroupDetails was incomplete
for locally stored groups. It is now fully implemented.
* New method "getGroupedUsers" will return a sequence of
user objects for the groups you pass as argument. If no
groups are passed then user objects from all groups
that are visible to the LDAPUserFolder are returned.
* Make unwrapped LDAPUser objects a little more useful
by ensuring __getattr__ can now find the DN attribute.
Trying to call getUserDN on a unwrapped user object
will always raise an error due to the nature of wrapping
and security declarations. __getattr__ does not raise
this error.
* manage_setUserProperty is now more useful by allowing
set set empty properties, which it did not before.
(Tracker Issue 158, thanks to Sven Thomsen)
Bugs fixed:
* The manage_editUser method will no longer blow up if the
specific user's RDN attribute is not part of the values
passed in. It will now simply take the old record's RDN
value instead.
1.5beta2
Bugs fixed:
* The latest versions of OpenLDAP seem to complain about
the LDAP protocol in use if it is not LDAPv3. Added a
workaround that catches the complaint and explicitly
sets the protocol.
* Corrected some faulty default arguments that could have
caused errors in certain cases.
* The group search scope was mis-applied to a search that
takes a group DN and returns its objectClass. This would
cause errors if SCOPE_ONELEVEL is the groups search scope
because that scope does not include the object pointed to
by the group DN. Changed to always use SCOPE_BASE (this
scope searches the current object only) instead (Tracker
issue 141, thanks go to Philippe May).
* A similar bug as the one above afflicted the _lookupuser
method. Changed search scope to SCOPE_BASE as well. Derrick
Hudson spotted the problem.
* Added workaround for a (supposed) shortcoming in python-ldap
where a DN is not part of the search results dictionary even
if asked for it explicitly. Also found by Derrick Hudson.
1.5beta1
Bugs fixed:
* Small fix on add form to ensure form element naming is
consistent (Tracker issue 139 by David Riggs).
* Instead of adding a workaround for the (faulty) ability
to create and have empty group records on Netscape
directory server products (which then won't show up on
the LDAPUserFolder "Groups" tab) I have added a paragraph
in the README that addresses why it happens and what to do.
* A stupid syntax error on my part prevented the "SERVER_DOWN"
exception that was used to determine the freshness of a
reused connection object to ever be caught correctly. Brad
Powell pushed my nose into that and made me fix it.
1.4
Bugs fixed:
* All actions performed on the management tabs with the
lone exception of the "Custom Forms" tab will now go
back to the same tab, with the correct tab highlighted.
(Tracker issue 127, thanks to David Riggs)
* Expiring users out of the caches when the record got
changed was not working in all cases. The expiration is
now more explicit and involves manipulating the caches
directly instead of changing the expiration time on the
user object (Tracker item 128).
* IE on windoze misbehaves when setting a cookie where
expiration is set to an empty string. All other browsers
(surprise surprise!) behave correctly, but IE will foil
any login attempts when using cookie mode. Added a
workaround (Tracker issue 129).
1.4beta3
Bugs fixed:
* The code used to format exceptions in the utils method
was called the wrong way and failed when it was called
to format an exception (Tracker issue 125, thanks to
David Riggs).
* A juxtaposition in arguments to manage_edit led to
segfaults in some applications (spotted by Tres
Seaver).
Features added:
* Logging is extracted into its own module (SimpleLog),
thereby making it easier to extend later.
1.4beta2
Bugs fixed:
* A small bug crept in while making the user cache case-
insensitive (Tracker # 123 from Jan Idzikowski).
Features added:
* The LDAPUserFolder will now use the LDAP database
connection on a more persistent basis. A connection
gets stored away and reused until it breaks or until the
object is ghosted by Zope. This should speed up LDAP
accesses in many situations.
1.4beta1
Bugs fixed:
* The unicode verification in utils.py could not deal with
non-ascii characters (Tracker issue 122, thanks to Jan
Idzikowski).
* The setting for encryption scheme was never set with the
selection from the add form (thanks Dirk Datzert).
* The redirection after calling the constructor method has
been changed to use RESPONSE.redirect to get over the
idiosyncrasies of returning something from a self that
is a factory dispatcher and not a container. (thanks
to Dirk Datzert)
* Internal cache is no longer case-sensitive (suggested
by Dirk Datzert)
Features added:
* The list of available LDAP groups to map to Zope roles
on the Groups tab is now sorted alphabetically (suggestion
from Dirk Datzert).
1.3
Bugs fixed:
* Added workaround for the missing "crypt" module problem
that only appears on a so-called OS from Redmond. (Tracker
issues 119 and 120)
* Simplified package structure somewhat by adding a utils
module that defines methods or constants used in the
other modules.
Features added:
* As a step to better unicode handling the LDAPUser now
stores all attribute strings as unicode strings.
1.3beta1
Bugs fixed:
* Small bug in user object caching code that could lead to
duplicate user objects being cached which only differ in
capitalization.
* Added a couple small improvements and fixes as suggested
by Dieter Maurer.
Features added:
* Added workaround for the buggy windoze ldap.pyd that does
not have a meaningful __version__ string (Tracker issue
118).
* Added the ability to map a LDAP group name to a Zope role
name. In a nutshell, if LDAP group "Employee" is mapped to
Zope role "Member" then anyone who authenticates through
LDAP and is in LDAP group "Employee" will have "Employee"
and "Member" in the list of roles for the user.
1.2
Features added:
* Dirk Datzert sent me a module that can encrypt strings
using the SSHA encryption scheme. This prompted me to
make user password encryption schemes selectable in the
LDAPUserFolder configuration. Thanks Dirk!
* Added a new configuration toggle to set the use of SSL
for the LDAP server connection. This option will be
ignored and appear greyed-out on the Configure tab if
the python-ldap module version is lower than 2.0.
* The detailed user data view on the Users tab will now
show the full DN for every group that is listed as
possible roles for a user. This will help everyone who
has roles with the same name defined several times
underneath their groups search base (Tracker item
107, thanks go to David Rideau).
1.2beta3
Bugs fixed:
* Not only did the importing semantics for the latest
python-ldap modules change, some fundamental method
signatures changed as well. This fixes the call to
ldap.open which led to uncontrollable debugging
output on the command line since 1.2beta2 (Tracker
issue 106 - thanks to David Rideau).
1.2beta2
Features added:
* Ensure compatibility with the latest python-ldap releases
which introduced an underdocumented and spurious change
that mandates a different way of importing the ldap
module. (Tracker issues 102 and 105)
The recommended python-ldap module to use remains
1.10alpha3 which seems to work more reliably and has
less bugs.
1.2beta1
Bugs fixed:
* If the authentication information was incorrect, the
_searchResults method would raise the Unauthorized
exception, which would make basic HTTP authentication boxes
pop up even in cookie mode. It now returns an empty string
and users will get the login page when in cookie mode.
Tracker issue 87 - thanks to Eric Brun.
* Some browsers would not display the LDAP server port in the
configuration tab due to a line break in the DTML for the
form. The line break has been removed. (Tracker issue 103,
thanks once again to Florent Guillaume)
Features added:
* A little more extended debug logging in the _lookupuser
method (suggested by Marc-Aurele Darche of IDEALX, Tracker
issue 101)
* The RDN Attribute dropdown in the Configure tab now lists
all attributes defined on the LDAP Schema tab. This allows
the administrator to select any attribute if the LDAP setup
violates RFC 2377. Suggestion and patch (thanks!) from
Marc-Aurele Darche of IDEALX, Tracker issue 101.
1.1
Features added:
* Exclusively use direct string method invocation as opposed
to using the string module
Bugs fixed:
* Mistakenly cached the superuser account upon successful
authentication. This would break the "Caches" tab because
it tries to call a method on each cached user object that
is not supported by the superuser API.
* A spurious "/" in the "Add Object" widget of the "Contents"
tab broke rendering of the dropdown list in some browsers.
* Updated all help screens, some were outdated
* Updated the API help files
1.1beta3
Bugs fixed:
* Typo inside the method that adds user records led to an
obscure error message and user roles would not be set
(Tracker issue 95, submitted by M. A. Darche if IDEALX)
* The targets of some MessageDialog error screens for the
management interface pointed to the wrong method name
and caused a traceback.
1.1beta2
Features added:
* The administrator can now choose between reading group
information from the LDAP server or storing it inside
the LDAP User Folder itself. This feature has been added
in response to Tracker issue 94. Thanks go to Colin Smith
for bringing this configuration option to my attention.
Bugs fixed:
* The Users tab in the ZMI would show tracebacks if the
connection to the LDAP server produced an error. Now the
real error is shown (Tracker Issue 93)
* Some details of the ZBabel transition did not work
correctly, in particular the add screen blew up.
1.1beta1
Features added:
* ZBabel support, thanks go to Dirk Datzert.
1.0
Bugs fixed:
* Failed authentication in LDAP during a search operation
will not simply re-raise the ldap.INVALID_CREDENTIALS
anymore, but raise "Unauthorized", which will cause the
browser to pop up an authentication dialog (Tracker issue
82 by Igor Stroh).
* Adding of users was broken because of a faulty invocation
for translating record attributes into UTF-8 (Tracker
issue 83, thanks go to Magnus Heino)
* Changing some attribute names led to the main management
screen bombing out (Tracker Issue 84, thanks go to
Magnus Heino)
* The way in which caches were used in getUser was broken
since the last few betas and cache records with a fake
passwords were sometimes used in a real validation context.
Features added:
* LDAP User objects now have a __getattr__ that will look
into the internal properties dictionary, meaning direct
attribute access is now possible without the need to
use getProperty(). The "Public User Attribute" machinery
has been renamed to explain its new meaning in this
context: It is used to map an attribute name from LDAP
to another name that will also appear on the user object.
1.0 beta5
Bugs fixed:
* Default roles were no longer applied (Tracker issue 73,
thanks go to Eric Brun)
* Passwords can now contain colon (:) characters. This
would break reading the authentication cookie in cookie
mode before (Tracker issue 74, thanks to Eric Brun)
* Added logging to cache lookup successes and decided to
simplify getUserById at the same time (Tracker issue
75, thanks to Eric Brun)
* The user ID as seen by zope is now guaranteed to be the
same every time a user logs in, regardless of name
capitalization (which LDAP ignores upon searching).
Tracker issue 77, thanks go to Eric Brun.
1.0 beta4
Bugs fixed:
* Some missing imports related to the Cookie authentication
and a tweak to the add screen so that the authentication
mechanism choice gets applied correctly.
1.0 beta3
Features added:
* Added compatibility with WebDAV and FTP when in cookie mode
* Basic Auth is used as "last resort" when authenticating
a user, meaning if you change to cookie mode from basic
auth mode there will be no login screen if you were
logged in.
* An attempt is made, while in cookie mode, to hand off
authentication to the next user folder above if a user
cannot be identified but might be valid in the user folder
above.
* The life span of the authentication cookie (if cookie mode
is in use) can now be set by the administrator.
Bug fixed:
* Vast amounts of code were removed by integrating the
validate/authenticate/identify machinery better into the
machinery provided by the BasicUserFolder base class.
1.0 beta2
**WARNING**
As of this point the product is not API-compatible with the
LDAPUserManager or LDAPLoginAdapter anymore. The API will change
even more before the final 1.0-release.
Please experiment but don't use in production unless you really
know what you are doing.
Features added:
* The LDAP User Folder is much more flexible with the groups
it reads and writes. Administrators can select the type of
group upon creation and any code that manipulates group
membership will do the "right thing". Any code retrieving
group information can work with varying kinds of groups now.
This should ease integration with M$ Active Directory.
* The user id shown in the "Cache" tab is now a link that will
bring up the user data for the specific user.
* The "Configuration" tab has been refactored to be more visually
pleasing and less space consuming.
* The "LDAP Schema" tab has been completely revamped. The fields
for inputting a mapped public name that will show up on the user
object to an LDAP attribute has been integrated into the main
display and can be triggered by adding attributes with the
optional "Public name" value filled in.
* The "log verbosity" setting has been moved onto the "Log" tab.
Features removed:
* The horribly kludgy "getGroupsWithInconsistentRecords" method,
introduced in LDAPLoginAdapter 1.3beta4, was dropped.
* Any attempt to be backwards-compatible with Python 1.5.x was
removed. This product needs Zope 2.4.x, which in turn depends
on Python 2.1.x or higher.
* The "Advanced" configuration tab has been removed after
consolidating its functionality into other screens.
LDAPUserFolder 1.0 beta1 : The Beginning
This product combines the LDAPLoginAdapter and LDAPUserManager
products into a single package. It is designed to supplant both
of them and further development, apart from urgent bug fixes, will
be limited to this product.
**Important Note** : This product is compatible with Zope versions
2.4 and up, which necessitates Python 2.0 and up. Older Zope sites
should continue to use the LDAPLoginAdapter/LDAPUserManager combo.
This first version is simply a combination of all contents from
all classes used in the LDAPLoginAdapter and LDAPUserManager
code. Future plans (probably version 2.0 and up) will include
a complete refactoring with class separation of
o Storage backend operations
o User Folder API and setting of properties on the LDAPUserFolder
Other cleanups in this first cut involve the following:
o throwing out of code that tried to compensate for cases where
a user record's DN had spacing different from its reference
inside a group record
o throwing out of code that tried to fake unicode support for
Python versions prior to 1.6
o Some refactoring of ZMI screens, there will undoubtedly be
more in the future.
|
