LDAPLoginAdapter 1.1, a user folder replacement that authenticates against
an LDAP server, has been released.

You can view some of the documentation and download the software at

A Tracker at that same address allows you to easily file bug reports or
feature requests for this product.

  Improvements and bugfixes since the last announcement include:

    **LDAPLoginAdapter 1.1**

      Features Added:

        * Instead of hardcoding fixed publicly available attributes
          onto the LDAPUser object you can now take full control
          of the mapping from LDAP attribute to public user object
          A public user object attribute is an attribute that is
          directly accessible on the user object. DTML code like
          "AUTHENTICATED_USER.email" is an example of accessing
          a directly accessible attribute on the user object. A lot
          of legacy DTML code relies on such attributes.

      Bugs fixed:

        * finduser() now lowercases all DN records from valid groups
          and compares it to a lowercased DN from any search results
          among user records. This fixes records not showing up if
          the capitalization in the group and on the user record
          is different.

        * When a user object was created the code expected a "mail"
          attribute on the LDAP record to set the email attribute
          used for compatibility with the Tracker. This has been
          repaired and will just default to an empty string.

        * Users who use tools like PADL's migration script end up
          with records that do not have the expected "sn" attribute.
          This is not set to a default value in finduser() to avoid
          errors in case it is not there.
          This will make the LDAPLoginAdapter compatible with
          user records of type posixAccount.

    **LDAPLoginAdapter 1.0**

      Bugs fixed:

        * Due to a bug in checking the return values from an LDAP search
          the cache can be polluted by invalid records for failed
          logins. This did not constitue a security breach, just more
          processing than necessary.

    **LDAPLoginAdapter 1.0beta3**

      Bugs Fixed:

        * Moved the LDAP search scope translation list from a volatile
          attribute on the LDAPLoginAdapter to a module-level attribute.
          This avoids any re-initialization calls.

        * Eliminated the extra attribute _v_loglines that counted the
          length of the log. A simple call to len(self._v_log) replaces
          it where log length info is needed.

        * Created one centralized method that handles connecting to and
          searching the LDAP server. This allows centralized error
          handling and makes for less and cleaner code. So far finduser,
          getUserDetails, getGroups, getUserNames and _lookupuser have
          been converted to use it instead of having their own connection

       * Rooted out error that would put a known user into the cache
         even though the password was not matched. This was not a
         security error since the broken user had the wrong password
         and failed any tests in validate()

       * Rigorous pruning of overly long lines of code to pare everything
         down to 80 chars width max

       * Avoiding unnecessary calls to the logging routine by checking
         for the correct log level *before* the call and not in the
         logging method.

       * Added a file, SAMPLE_RECORDS.txt, that shows a sample group-
         and user record. This will hopefully make it easier to
         understand the types of LDAP records needed.

     Features added:

       * Nicer Search screen adopted from the LDAPUserManager 

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to