CHANGES.txt for the LDAPUserFolder This file contains change information for the LDAPUserFolder product. To see changes made to revisions prior to the latest version see HISTORY.txt. 2.6beta3 (2005/09/22) Other: * Folded the CMFLDAP product into the LDAPUserFolder package * Revamped the unit tests to share test fixture creation code and to work in both Zope 2.7 and 2.8 without problems. * The LDAPUserFolder factory method and the initialization code were massively simplified. A lot of duplicated code was removed. When adding a LDAPUserFolder, there is no longer a separate Add view. The user folder will be created straight away and the admin will be redirected to the Configure tab of the new instance. **Note**: If you have code that programmatically instantiates LDAPUserFolder instances then you must change it. See the unit test files "setUp" method for an example how to do it from this point on. Bugs fixed: * Fixed a serious bug that crept into version 2.6beta1 and which led to users being able to log in with a wrong password or no password. * The getId method on the LDAPUser class neglected to encode the user ID to an encoded string and handed back unicode, which could lead to strange failures elsewhere. Most code handling IDs is not equipped to deal with unicode. * A bug had crept into the logging subsystem that could cause spurious error messages. (http://www.dataflake.org/tracker/issue_00462) * The user records found via the Users tab search were not consistent with the users that can actually log in because the search on the Users tab did not filter out records that do not match the user object classes as defined on the Configure tab. (http://www.dataflake.org/tracker/issue_00260 and http://www.dataflake.org/tracker/issue_00445) 2.6beta2 (2005/07/28) Bugs fixed: * Previous changes in how the LDAPUserFolder handles the conversion of LDAP group memberships to Zope roles (it was made explicit as opposed to automatic and implicit) made the LDAPUserSatellite less useful for users who expected LDAP group names to automatically show on the user object. Now the LDAP User will carry a hidden field for all current LDAP group memberships, which can then be consulted by the LDAPUserSatellite to determine what additional roles to hand out. (Suggestion by Dirk Datzert) * The LDAPUserSatellite configuration screen would blow up trying to determine the logging level, which has been removed. * Before returning a new connection in the internal LDAPDelegate connection methods the Manage DSA IT control was enabled. This was the result of misunderstanding the control - it really is only needed to directly access and manipulate a referral or alias entry without having the server send you to the referred or aliased server. Features added: * The old behavior of mapping every LDAP group name a user is member of to a Zope role of the same name can now be reactivated using a new configuration option named "Group mapping" on the Configuration tab. Many thanks to Dirk Bergstrom for a set of patches and unit tests. (http://www.dataflake.org/tracker/issue_00459) 2.6beta1 (2005/07/05) Others: * Spell out how to safely upgrade in README.txt by using the emergency user to delete/recreate the instances. Bugs fixed: * Made the getAttributesOfAllObjects method more resilient by always providing a key per queried attribute in the resultset (http://www.dataflake.org/tracker/issue_00456 by Pierre-Julien Grizel) * Applied a similar fix to getUserIds and getUserIdsAndNames that was applied for Tracker issue 441 to make sure empty resultsets don't lead to catastrophic failures (http://www.dataflake.org/tracker/issue_00446 by Pierre-Julien Grizel) * An earlier special-casing applied by Chris McDonough to correctly handle AD objectGUID values has been applied in a second place, in the findUser method (patch by Mark Hammond). * Deleting a user record would be short-circuited if the user record itself was not in the DIT anymore, e.g. because someone manipulated the DIT without the user folder knowing about it. This prevented cleanups for group memberships to be performed. (http://www.dataflake.org/tracker/issue_00439 by Hans-Juergen Sell) * The getUserNames function did not react correctly in the face of an empty resultset from getAttributesOfAllObjects and would prevent admins from using the ZMI local role management view. getUserNames now also raises a OverflowError if no results have been returned in order to show a simple text input widget on the local role management view instead of the multiple choice select box. (http://www.dataflake.org/tracker/issue_00442 by Andrew Veitch and http://www.dataflake.org/tracker/issue_00441 by Hans-Juergen Sell) Features added: * Added the new logging machinery to the LDAPDelegate class which improves lower-level LDAP problem discovery. * Moved away from the current way of logging to a purely zLOG-based mechanism. This will make sure that all logging for Zope is in one and the same place and that more information can be passed along to the logging mechanism, such as tracebacks. (http://www.dataflake.org/tracker/issue_00438 by Mark Hammond) * Refactored the code that has python-ldap dependencies so that only the LDAPDelegate instance now holds all the cards. This enables plugging in different delegate implementations because subclassing LDAPDelegate and overriding implementation details has become easier. (http://www.dataflake.org/tracker/issue_00438 by Mark Hammond) * Added a registry for delegate implementations so that other delegate classes can register themselves with this registry and become available to the LDAPUserFolder during instantiation.