Changes 1.0.x
History of released versions
1.1|
1.0|
0.16.x|
0.15.x|
0.14.x|
0.13.x|
0.12.x|
0.11.x|
0.10.x|
0.9.x|
0.8.x|
0.7.x|
Ancient|
Overview
Release Date: 2009-08-07
-
Note: This is the last release guaranteed to support
Python 2.3!
For various reasons you should seriously consider to upgrade your local
Python installation.
-
Various code-cleaning regarding a more consequent distinction of
UnicodeType and StringType data.
-
Multiple space characters in DNs and attribute values are now correctly displayed.
-
Added a fall-back behaviour for older Python versions when registering
T.61 codecs.
-
In expert search form the HTML attribute maxlength is now set
to the same values like specified for form parameters
search_filterstr and search_attrs.
-
If no values are entered into the advanced search form no search
request with invalid filter is sent to the LDAP server anymore. Instead
an error message is displayed.
-
Fix for the group administration: Caching is now disabled when
searching group entries the current entry is member of.
-
When generating the assertion filter for detecting intermediate
changes to edited entries all NON-ASCII chars are now quoted.
E.g. with eDirectory cross-checking with binary attribute GUID
falsely prevented an entry to be modified.
-
If the template file for a login form could be be read (exception
IOError) an error message is displayed to the user.
-
Improvements to plug-in modules/classes:
-
New base class NullTerminatedDirectoryString and
registered eDirectory attribute type extensionInfo with that.
-
New class for eDirectory attribute type indexDefinition.
-
Tabs in XML data are now expanded so it looks much nicer.
-
Registered more DirXML-related attribute types with plugin class
XmlValue.
Release Date: 2009-07-29
-
The content of LDAPSession.rootDSE is now written to the error log
as LDIF in case of unhandled exceptions.
-
Corrected bug causing an UnicodeError exception when switching
from table to template input form.
-
Changes to footer of table input form:
-
Table HTML tags have title attributes for describing the
input fields.
-
The select lists for additional values are skipped when there are
no more textual and/or binary multi-valued attributes.
-
Attribute type objectClass is not added to select lists
of additional values since it always has to be changed through the
object class select form.
Release Date: 2009-07-25
-
Plugin classes now consistently have an instance of class
ldaputil.schema.Entry in class attribute _entry.
-
Fix in syntax class DynamicValueSelectList: Fixed handling
a KeyError exception in case the option value also
cannot be read (e.g. because of insufficient access).
-
New plugin class for configuration attribute type
nspmPasswordPolicyDN used in Novell eDirectory.
-
No unnecessary LDAP search done by plugin class
w2lapp.schema.plugins.nis.GidNumber
if the entry is posixGroup entry.
-
The select lists in the group administration now show the full DN of
group entries as option text if the naming attribute of the group entry
could not be read (e.g. because of insufficient access) in case the group
search root was an empty DN.
Release Date: 2009-07-23
-
The fix for attribute type name aliasing issue when displaying the table
input form during modifying an entry was errornous. Only existing attributes
were shown in the table input form. This is fixed now.
-
Lots of clean-ups, corrections and additions in file
etc/web2ldap/ldapoidreg.py
.
Release Date: 2009-07-18
-
Serious security fix:
After another bind operation StartTLS was disabled. Uumpf!
-
Some small fixes/improvements for plugin classes for Novell eDirectory.
Release Date: 2009-07-17
Release Date: 2009-07-14
-
Cache hit ratio is displayed in [ConnInfo].
-
Added plugin class for OpenLDAP's accesslog attribute reqResult.
-
The global default in the source distribution for
tls_cacertfile
is now set to <web2ldap-root-dir>/etc/web2ldap/ssl/crt/trusted-certs.crt.
There you can put all trusted ASCII-armored CA certificate files (so-called PEM format).
-
The LDAP URLs used QUERY_STRING or in
ldap_uri_list
can now have the extension x-starttls which indicates
that StartTLS extended operation should be used.
For security reasons the maximum value of host-/backend-specific parameter
starttls and x-starttls
is used.
-
Fixed an attribute type name aliasing issue when displaying the table input form
during modifying an entry.
-
Optional usage of
StartTLS ext.op.
is more gracefully handled if the LDAP server does not support but it.
Release Date: 2009-07-02
-
Removed debug print statement.
Release Date: 2009-06-30
-
More robust conversion of ldap.LDAPError exceptions to error message texts.
-
Peter Gutmann's
dumpasn1.cfg was updated and the new format is supported now.
-
Improvements to handling of DIT structure rules and name forms:
-
Small improvements for determining the governing structure rule of an
entry at client-side if attribute governingStructureRule is
not available. Still not perfect I suspect...
-
Fixed searching and displaying DIT structure rules (which have no class
attribute oid) in the schema viewer.
-
If several name forms result in a single RDN template string then
this particular RDN template is only shown once in the RDN select list.
-
Improvements to plug-in modules/classes:
-
AD-specific plug-in class for attribute types objectSID and
sIDHistory now accepts SDDL representation as user input
instead of hex-dump data.
-
Added more well-known SID to AD-specific plugin class OtherSID.
-
New AD-specific plugin classes for attribute types domainRID
and objectClassCategory.
-
New base plugin class DumpASN1CfgOID for OIDs registered in
Peter Gutmann's dumpasn1.cfg.
-
New plugin module pkcschema for
draft-ietf-pkix-ldap-pkc-schema.
-
New plugin class for attribute type authorizedService
which implements a select list for
IANA GSSAPI/Kerberos/SASL Service names.
-
New base plugin class for XML data (requires Python 2.5+).
-
New plugin class for attribute type XmlData used in
eDirectory/DirXML.
Release Date: 2009-04-21
-
When displaying information for an OID in rootDSE the values
are now properly HTML-escaped.
-
New plug-in module for MS SFU with a class for attribute type msSFU30NisDomain.
-
Small change to search result caching.
-
Slightly better work-around for the non-compliant multiple values in attribute
structuralObjectClass in W2K8 MS AD.
-
The schema viewer now correctly passes the current DN around no matter
whether there's a MS AD schema entry to reference or not.
-
New base plug-in class for SCHAC URNs.
Release Date: 2009-04-11
-
If sanitizing the user input data for an OctetString
attribute value fails because of illegal characters a LDAPSyntaxValueError
is now raised which leads to an error message being displayed.
-
During DNS SRV lookups the Unicode domain name string is now encoded as IDNA.
Release Date: 2009-04-09
-
Attribute objectClass is never ignored when generating
modification list even if a misbehaving DSA (e.g. W2K8 MS AD) declares this attribute as
NO-USER-MODIFICATION.
-
Object class top is filtered from attribute structuralObjectClass
if a misbehaving DSA (e.g. W2K8 MS AD) falsely added it.
-
Several updates for AD-specific plug-in classes for W2K8 AD.
-
Function ldaputil.modlist2.modifyModlist() now catches KeyError
exception if an attribute type was not found in subschema and treats
this attribute type like one without an equality matching rule.
-
During a long-lasting recursive delete there's an empty string written
to the outgoing data stream for keeping the connection to the user's
web browser open. Otherwise e.g. Apache's mod_fcgid (or mod_fastcgi)
reported an internal server error 500.
-
The time needed for a recursive delete is displayed.
-
Simple select-list plug-in base class YesNoIntegerFlag
where 0 means No and 1 means Yes.
-
Domino-specific plug-in classes for the following attribute types:
- AvailableForDirSync
- EncryptIncomingMail
- CheckPassword
- MailServer
-
Fixed regex pattern for Domino attribute types dominoCertificate etc.
Release Date: 2009-03-30
-
New AD-specific plug-in classes for attribute types objectSID
and tokenGroups*. The latter displays a search link for searching
the accompanying group entry by SID or displays the name of e.g. BUILTIN
groups (well-known SIDs).
-
New/improved Samba-specific plug-in classes:
Attribute type | Additional functionality |
sambaGroupType | static select field |
sambaForceLogoff | static select field |
sambaAcctFlags | decoded display, regex checking |
sambaSID | regex checking |
sambaSIDList | displays a search link |
-
Many corrections in HTML output for errors found with tidy.
-
Update of LDIF file with local fall-back schema.
Release Date: 2009-03-27
-
w2lapp.schema.syntaxes.DynamicValueSelectList._doSearch() catches
exception ldap.NO_SUCH_OBJECT.
-
New AD-specific plug-in class for attribute type sAMAccountName
which limits the length of the attribute value(s) to 20.
-
Security fix: If an invalid command was sent and is displayed it's
correctly escaped now.
Release Date: 2009-03-21
-
Registered MS AD attribute types wWWHomePage and url
with syntax class Uri.
-
Registered MS AD attribute type userParameters with syntax
class OctetString.
-
Fixed and documented handling of host-/backend-specific parameter
modify_constant_attrs.
Added this parameter to default section in sample configuration.
-
Form parameter in_assertion is now required. This prevents
an incomplete input form to be processed when submitting the input form
to modify the edited entry too fast (due to slow browser or network connection).
-
plug-in class Select (and all derived classes) now display a normal
input field if the select options dictionary attr_value_dict
is empty (e.g. in case no LDAP search results were found in class
DynamicValueSelectList).
-
New plug-in class for attribute type gidNumber which has
a special behaviour depending on the entry's object class:
- posixAccount or shadowAccount
-
-
Displays a link to search for the group entry when displaying the entry.
-
Displays a select list with all group entries found of object class
posixGroup when editing the entry. Option text in the select
field is the attribute cn of the group entry.
- posixGroup
-
-
Displays a link to search group members when displaying the entry.
-
Displays a normal input field when editing the entry.
Release Date: 2009-03-20
-
Corrected bug causing an UnicodeError exception in the object
class select form in case the parent DN contains a NON-ASCII character.
Release Date: 2009-03-19
-
plug-in classes now have access to the whole LDAP entry an attribute is
part of. This enables plug-in classes to be much smarter since they can
filter the action performed based on e.g. object class and other attributes.
-
New plug-in module schac for
SCHAC
(SCHema for ACademia).
Attribute type | Type of plug-in class |
schacCountryOfCitizenship | select field |
schacCountryOfResidence | select field |
schacGender | select field |
schacDateOfBirth | input field with regex checking |
schacYearOfBirth | input field with regex checking |
schacMotherTongue | input field with regex checking |
schacHomeOrganization | input field with regex checking |
-
Synchronously retrieved search results are now directly cached for
5.0 seconds in ldapsession.LDAPObject.search_ext_s(). This
speeds up retrieving options for dynamically generated select lists
(in plug-in classes derived from base class DynamicValueSelectList).
-
New plug-in class for attribute type memberUID which
displays a link to search for the user entry of a particular group member.
-
Added new base plug-in class w2lapp.schema.syntaxes.DNSDomain
and registered the following attribute types with it:
- dhcpDomainName
- nisDomain
- associatedDomain
-
Added new base plug-in class w2lapp.schema.syntaxes.DomainComponent
and registered the following attribute types with it:
- dc (alias domainComponent)
-
Select lists generated for multi-valued attributes now only show other
possible values which are not already in the set of current attribute
values.
Release Date: 2009-03-05
-
Corrected bug causing an UnicodeError exception when switching
input forms.
-
Registered plug-in class SecondsSinceEpoch for various
timestamp attributes defined in the Samba 3.0 schema.
Release Date: 2009-02-21
-
Fixed identiation bug in DynamicValueSelectList
which caused wrong select list when two attribute names were given
in DynamicValueSelectList.ldap_url.
Release Date: 2009-02-19
-
Work-around for a
bug in OpenLDAP 2.4 which prevents values for attribute objectClass
to be deleted explicitly.
Release Date: 2009-02-13
-
Fixed MS AD plug-in class: If attribute logonHours is
not present in entry it does not get accidently set.
-
Registered MS AD plug-in class LogonHours
also for Samba attribute sambaLogonHours.
Release Date: 2009-02-07
-
Code cleaning: Removed tabs from source code.
-
New plug-in class for MS AD attribute type
pwdProperties.
Release Date: 2009-01-02
-
Plus sign is now allowed in local part in values of attribute mail.
-
New plug-in module x500dsa for X.500 DSAs.
-
Some servers require to read the subschema subentry explicitly
by using filter
(objectClass=subschema)
in the search request.
So this is now done when displaying the link to the subschema subentry
in the context menu of the schema viewer.
-
Regex-checking for timestamps was relaxed to accept timezone parts.
-
The
+
(All Operational Attributes,
RFC 3673)
is not used in the attribute list when reading an entry to be modified
for generating the modification input form.
Release Date: 2008-12-20
-
Improvements to plug-in modules/classes:
-
New plug-in class for attribute type krbSearchScope.
-
Removed import of non-public plug-in module not shipped with download file.
-
Fixed broken modification list when removing an attribute completely
which has an EQUALITY matching rule.
Release Date: 2008-10-13
-
Improvements to plug-in modules/classes:
-
New plug-in module lotusdomino for LDAP interface of
Lotus Domino server.
-
New plug-in class for attribute types found in schema of MIT Kerberos LDAP backend:
krbTicketFlags, krbPrincipalType and krbTicketPolicyReference.
-
New plug-in class for LDAP syntax UUID.
-
Fix in BitArrayInteger.formValue for adding new values.
-
Case-insensitive sorting for...
-
attributes in table view when displaying or editing entries
-
object classes in object class input select lists
-
lists of schema links in schema viewer
-
Fixed SyntaxError only occuring with
Python 2.3.
-
Several updates to the country code configuration file including
a fix NON-ASCII encoding of country names.
Release Date: 2008-09-23
-
The basic searchform is displayed now when the server to connect
to is chosen from the select list of [Connect] page. This avoids
the annoying message "no search results found" when
connecting without specifying a base DN.
-
Corrected HTML templates for object class organization.
-
Values for form parameter search_attrs can now be 1000 chars long.
Release Date: 2008-09-06
-
Fix in schema viewer: When doing a wildcard search schema elements
with several NAMEs are not listed more than once anymore.
-
New plug-in module eduperson and HTML templates for
eduPerson.
-
Exception ldap.NO_SUCH_OBJECT is ignored when adding a new entry
and therefore reading the parent entry (for determining the governing structure rule).
This happens when adding the root entry in a naming context.
-
Documentation update:
Update to python-ldap 2.3.5+
is required if the LDAP server's subschema contains name forms.
-
Fixed a regression when adding a new entry if the structural object class of the superior
entry cannot be determined (e.g. a rootDSE without objectClass attribute).
Release Date: 2008-09-04
-
Fixed more regressions in case the subschema subentry
cannot be read (e.g. because of access control).
-
Fixed a regression when trying to modify the rootDSE...
Release Date: 2008-09-03
-
Fixed regression in SubSchema.get_applicable_name_form_objs()
which raised an exception when trying to add a new entry (choosing [New Entry])
in root naming context (empty DN).
-
Fixed regression when generating context menu in schema viewer in case
the subschema subentry cannot be read (e.g. because of access control).
Release Date: 2008-09-03
-
It is now possible to specify a set of named templates for basic search forms
with parameter searchform_template
which appear in the context menu when displaying a search form.
-
When renaming an entry the new superior DN can be searched. The possible
candidates are then displayed als select list. Also see new
host-/backend-specific parameter
rename_supsearchurl
which is a named set of LDAP URLs to specify how to search for a new superior DN.
-
Support for DIT structures rules and nameforms:
-
When adding a new entry the DIT structures rules applicable to the parent entry
are used to determine the set of possible structural object classes
for the new entry when displaying the object class select form.
-
Possible name forms are displayed as RDN template strings in the [Rename]
input form if there are any defined for the structural object class of the entry.
-
When renaming an entry the filter for searching the new superior DN
is suggested according to the governing structure rule for the entry to be
renamed.
-
Improvements to plug-in modules/classes:
-
Placeholders can now be appended at the end of the DN portion of
DynamicValueSelectList.ldap_url and are substituted by
entry's current DN, entry's parent or the best matching naming context.
-
New plug-in module dhcp for
draft-ietf-dhc-ldap-schema.
-
Improvements in schema browser:
-
A certain type of schema elements can be selected in the context menu.
-
Simple wildcard search is supported on OIDs and NAMEs
with asterisk (*) being placed at the begin and/or end of the search string.
-
Better error handling in the schema viewer when displaying a matching
rule in case an attribute type is referenced in an attribute type
description as SUP which is not present in the subschema.
-
Adding another attribute value in the entry input form for a textual attribute
is now done with an additional submit button [+] which results in an
additional input field being displayed for the chosen attribute type.
The advantage is that the additional input field is generated by an
accompanying plug-in class if possible.
-
The monitor page can now be restricted by source IP. See new parameter
access_allowed
in the monitor configuration module.
-
In the monitor page the number of all web sessions initialized since
start up is displayed.
-
A warning message is displayed (instead of exception being raised)
if the user did not choose a STRUCTURAL object class when adding a new entry.
-
Small improvements in cert/CRL viewer:
-
If the subject- or issuer DN of a cert/CRL contains characters not valid
for the given ASN.1 string type the viewer now falls back to
display the invalid characters in hex-escaped form (instead of raising
UnicodeError).
-
The OIDs of attribute types used in subject and issuer names are displayed.