Changes 0.10.x

History of released versions

1.8 / 1.7 / 1.6 / 1.5 / 1.4 / 1.3 / 1.2 / 1.1 / 1.0 / 0.16 / 0.15 / 0.14 / 0.13 / 0.12 / 0.11 / 0.10 / 0.9 / 0.8 / 0.7 / Ancient / Overview


Release Date: 2002-07-20

  • Module DNS was always imported since web2ldap 0.10.6. This mandantory dependency has been removed.


Release Date: 2002-07-17

  • AttributeError exception is caught and ignored in case OpenLDAP client libs were built with configuration option --disable-cache.
  • Fixed another new bug with NON-ASCII chars in DNs in ldaputil.base.match_dnlist().


Release Date: 2002-07-13

New features
  • Now all commands in PATH_INFO can be used with LDAP URLs. If it is not possible to do something useful hopefully an reasonable error message is displayed. This makes it possible to directly point to an entry to be modified or construct a URL to immediately jump to the password form for a specific entry.
  • A descriptive list of all group entries is displayed in [groupadm] with [Read] link to each group.
  • Reconnecting was broken when catching ldap.SERVER_DOWN. A configuration option could not be read because of missing class attribute
  • Distinguished names are treated completely as opaque to avoid problems with using OpenLDAP 2.1 client libs for python-ldap but older OpenLDAP server versions. Now let's see how that works...


Release Date: 2002-07-08


Release Date: 2002-07-04


Release Date: 2002-06-28


Release Date: 2002-06-28


Release Date: 2002-06-24

Bug fixes
  • Not really a bug fix: Display the RDN in the group select list if the attribute cn was not found in the entry.
  • Removed debug print statements in pylib/w2lapp/


Release Date: 2002-06-22

New features
  • Introduced new host-/backend-specific parameter requested_attrs which defines a list of attributes explicitly requested when doing a search, read or modify operations.
Changes in UI
  • [Read] in main menu enforces the entry to be flushed from cache and read freshly. A new form input parameter read_nocache was introduced for that.
Bug fixes
  • The DN Unicode object was not properly encoded when calling DelTree() in w2lapp.delete which caused an exception when doing a recursive delete with a base DN containing NON-ASCII chars.


Release Date: 2002-05-28

Changes in UI
  • [groupadm] has new form parameter group_search_root. A select list with the possible search root DNs for the group search is shown.
Bug fixes
  • Module DNS is import in w2lapp.locate to catch DNS.Error exception.
  • Properly display DNSError exception string.
  • Display attribute description for supportedFeatures also with the help of the OID registry.
  • The [Group] feature did not show any groups at all under some circumstances. Also the implementation is faster now.
  • On X.500 servers (e.g. Critical Path InJoin) a one-level root search really returns the first level which might be also in the namingContexts attribute of RootDSE. Now the appended pseudo search results based on namingContexts are filtered to avoid displaying a DN twice.
  • Checking if attribute values are used in characteristic attributes is now done case-insensitive (and hopefully faster).
  • Displaying DNS.Error exception messages in locate fixed.


Release Date: 2002-04-02


Release Date: 2002-03-01


Release Date: 2002-02-17


Release Date: 2002-02-06


Release Date: 2002-02-04


Release Date: 2002-02-01

Important notices
  • A new python-ldap is required which MUST be build with the OpenLDAP 2 libs.
  • The config file format for the host-/backend-specific parameters has been changed! A base Python class Web2LDAPConfig was defined. All configuration host-/backend-configurations are instances of this class. This hopefully simplifies the syntax.
  • PyWebLib 1.1.0+ required!
  • Preliminary support for StartTLS extension (see RFC 2830). New host-/backend-specific parameter starttls defined.
  • Process LDAP URL extensions bindname and X-BINDPW when executing command ldapurl. Use with care! Especially it is not recommended to add passwords to URLs!
  • URLs in LDIF input are evaluated now (see RFC 2849). One can directly include an binary data blob loadable via FTP or HTTP into an attribute of a LDAP entry (e.g. handy for adding jpegPhoto attributes). Global configuration parameter web2ldapcnf.ldif_url_schemes specifies which URL schemes are processed.
    Think twice when setting this since it is a security nightmare in most cases!!!
  • Command button [Modify RDN] was renamed to command [Rename]. The new superior DN can be set if LDAPv3 is in use.
  • Added signal handler for SIGHUP which reloads configuration module web2ldapcnf.
  • Write PID of main thread to file. See new parameters web2ldapcnf.standalone.pid_file and web2ldapcnf.fastcgi.pid_file.
  • Enabling/disabling manage DSA IT mode in [ConnInfo] (see draft-zeilenga-ldap-namedref).
User Interface
  • Also display OIDs in supportedFeatures of RootDSE with description and reference to literature.
  • Default number of search results per page can be set in configuration module web2ldapcnf.hosts with new parameter search_resultsperpage.
  • Login form presents select list for specifying the search root for search requests done with smart login (new form parameter login_search_root). This enables smart login to search for user entries outside the scope of the current backend.
  • Added a generic handler for exception ldap.NO_SUCH_OBJECT which does a DNS SRV lookup for dc-style DNs. A login form for confirming the reconnect is presented to the user.
  • Output mode can be chosen in [Read] button of main menu. "Raw table" does not use HTML templates at all.
  • Hopefully improved HTML output to be more compliant to HTML 4.01 transitional =>.
  • Delete operation has three selectable modes of operation now:
    • Only this entry
    • All entries below this entry (recursive)
    • All entries including this entry (recursive)
  • Added support for deleting single binary attributes. For binary attributes a [Delete] button is shown in the raw display table of [Read]. All values are deleted at once. There is no option to delete only certain attribute values of multi-values attributes.
  • Command buttons are not generated by using <form> tags anymore. Instead most command buttons are simple links. This saves around 40% of HTML text in the search result table and is rendered much faster in common web browser. It is also more friendly to be styled by CSS definitions and saves space in the menu bars.
  • Search results are displayed as descriptive list <dl> instead as <table>.
  • In the search result list the attributes hasSubordinates (see X.501) and subordinateCount (implemented in Novell eDirectory) are used if available to determine if it does make sense to display a [Down] link.
  • The distinguished name (form parameter dn) is passed in every link. The result is a more robust behaviour when the user presses the browser's back button or opens links in new windows.
  • Removed [Password] link from main menu. User can change the password of the entry of current bind DN in [ConnInfo].
  • [ConnInfo] displays LDAP server vendor information as described in RFC 3045.
  • Attribute values used in characteristic attributes of RDN are set to read-only in the entry input form since modifying these attributes results in either an error or undefined behaviour on broken servers. They are resubmitted though to prevent the differential update deleting them.
Code cleaning and performance enhancements
  • Use os.path.join(..) instead of os.sep.join([..]).
  • Simplified getting the operational attributes by checking the presence of OID in list of attribute values of attribute supportedFeatures of the server's root DSE.
  • Rewrote building the group search filters of the [groupadm] feature.
  • Displaying attribute types with known syntax is much faster now.
  • LDAPError exceptions are now converted to human-readable HTML form by a single function.
  • Module ldaputil.ldapurl is no longer shipped with web2ldap since it was contributed to python-ldap. and renamed to ldap.ldapurl.
  • Module ldaputil.modlist is no longer shipped with web2ldap since it was contributed to python-ldap and renamed to ldap.modlist.
  • Big clean-up in w2lapp.handler regarding redundant code for LDAP connects and binds (either coming the way via LDAP URL or form input).
  • The handling of LDAP URLs and form parameters was harmonized. The extra command ldapurl is still accepted for backwards compatibility but is not necessary anymore. If the query string of the URL is a LDAP URL it is automagically processed that way and the parameters are derived from the LDAP URL.
  • HTTP Accept-headers are now all processed by basically the same same class pyweblib.helper.AcceptHeaderDict.
  • Hopefully simplified handling of search form parameters.
  • Recursive deletes should be much faster since unnecessary search operations are avoided if possible. It also does not consume much memory anymore since there are no list manipulations necessary anymore. Recursive deletes also honors the attributes hasSubordinates and subordinateCount if available. The new parameter delete_scope is handled exactly like search scope.
  • Cleaned up module by writing a base class for doing e.g. stream processing and pseudo-paging of LDAP entries with async searches. This module ldap.async is part of python-ldap.
  • Form input parameter in_ldif is now handled by new class w2lapp.gui.LDIFTextArea.
  • New functions w2lapp.gui.TopSection() and w2lapp.gui.SimpleMessage() used for most output of the status bar, main and context menus.
  • Cleaned up parameter mess of w2lapp.gui.CommandButton().
  • Consequently import symbols from web2ldapcnf.misc through common mechanism.
  • The distinguished name is consequently passed around to overcome inconsistencies if the user works with more than one browser window but with one session ID.
  • Negation filter (!()) is not used in [GroupAdm] anymore since negation assertions are usually very slow on most LDAP servers.
Bug fixes and work arounds
  • Explicitly request special attribute types of sub schema sub entry (necessary since e.g. OpenLDAP 2 does not return the attributes by default).
  • If a bind was not successful at all [ConnInfo] does not fail anymore. Instead a note about no proper binding occurs.
  • Exception handler for displaying known but malformed certificate extensions with a generic parsing output.
  • Send Pragma: no-cache in HTTP header and the equivalent in section <head> of HTML page to avoid browsers reusing old HTML pages with old session IDs.
  • Reimplemented caching in ldapsession.LDAPSession to fix a nasty bug with entries being not properly uncached by calling method LDAPSession.uncacheEntry(). The hierarchical cache structure with DN as first and attribute list as second level makes uncaching of an entry much easier.
  • DSML output correctly substitutes occurrences of & and < with the character entities.