LDAPLoginAdapter 1.1, a user folder replacement that authenticates against an LDAP server, has been released. You can view some of the documentation and download the software at http://www.dataflake.org/software/ldaploginadapter/ A Tracker at that same address allows you to easily file bug reports or feature requests for this product. Improvements and bugfixes since the last announcement include: **LDAPLoginAdapter 1.1** Features Added: * Instead of hardcoding fixed publicly available attributes onto the LDAPUser object you can now take full control of the mapping from LDAP attribute to public user object attribute. A public user object attribute is an attribute that is directly accessible on the user object. DTML code like "AUTHENTICATED_USER.email" is an example of accessing a directly accessible attribute on the user object. A lot of legacy DTML code relies on such attributes. Bugs fixed: * finduser() now lowercases all DN records from valid groups and compares it to a lowercased DN from any search results among user records. This fixes records not showing up if the capitalization in the group and on the user record is different. * When a user object was created the code expected a "mail" attribute on the LDAP record to set the email attribute used for compatibility with the Tracker. This has been repaired and will just default to an empty string. * Users who use tools like PADL's migration script end up with records that do not have the expected "sn" attribute. This is not set to a default value in finduser() to avoid errors in case it is not there. This will make the LDAPLoginAdapter compatible with user records of type posixAccount. **LDAPLoginAdapter 1.0** Bugs fixed: * Due to a bug in checking the return values from an LDAP search the cache can be polluted by invalid records for failed logins. This did not constitue a security breach, just more processing than necessary. **LDAPLoginAdapter 1.0beta3** Bugs Fixed: * Moved the LDAP search scope translation list from a volatile attribute on the LDAPLoginAdapter to a module-level attribute. This avoids any re-initialization calls. * Eliminated the extra attribute _v_loglines that counted the length of the log. A simple call to len(self._v_log) replaces it where log length info is needed. * Created one centralized method that handles connecting to and searching the LDAP server. This allows centralized error handling and makes for less and cleaner code. So far finduser, getUserDetails, getGroups, getUserNames and _lookupuser have been converted to use it instead of having their own connection code. * Rooted out error that would put a known user into the cache even though the password was not matched. This was not a security error since the broken user had the wrong password and failed any tests in validate() * Rigorous pruning of overly long lines of code to pare everything down to 80 chars width max * Avoiding unnecessary calls to the logging routine by checking for the correct log level *before* the call and not in the logging method. * Added a file, SAMPLE_RECORDS.txt, that shows a sample group- and user record. This will hopefully make it easier to understand the types of LDAP records needed. Features added: * Nicer Search screen adopted from the LDAPUserManager _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )