Changes 0.11.x

History of released versions

1.8 / 1.7 / 1.6 / 1.5 / 1.4 / 1.3 / 1.2 / 1.1 / 1.0 / 0.16 / 0.15 / 0.14 / 0.13 / 0.12 / 0.11 / 0.10 / 0.9 / 0.8 / 0.7 / Ancient / Overview


Release Date: 2003-06-02


Release Date: 2003-05-26


Release Date: 2003-05-19


Release Date: 2003-05-18


Release Date: 2003-05-09


Release Date: 2003-05-04

New features/enhancements
  • Reformatted start log message in stand-alone mode and added time-stamp.
  • New output format "Raw" for search result list.
Configuration changes
  • New FastCGI configuration options web2ldapcnf.fastcgi.error_log and web2ldapcnf.fastcgi.debug_log allow to specify separate log files. If non-zero error messages (e.g. exception tracebacks and such) is redirected to error log instead of web server's error log and debug messages are sent to debug log instead sys.stdout.
  • New FastCGI configuration option web2ldapcnf.fastcgi.base_url.
  • New stand-alone configuration option web2ldapcnf.standalone.base_url.
  • Dropped global configuration parameters web2ldapcnf.misc.ldap_binaryattrkeys and web2ldapcnf.misc.ldap_browsermimetypes.
  • Abandoned outdated work-around dictionary w2lapp.core.ldap_binaryattrkeys.
  • Properly determine syntax of SUP'ed attribute types.
  • Fixed link text for syntaxes in schema browser.
  • Switched off automatic detection of attribute values with DN syntax.
  • Fixed some compatibility issues with upcoming Python 2.3.
  • Added work-around for broken web servers which adds SCRIPT_NAME to PATH_INFO in CGI-BIN environment vars.
  • Deliver static content (e.g. CSS files) with HTTP header line Pragma: cache in stand-alone mode.
  • Hard-coded an anonymous bind after falling back to LDAPv2.
  • Handle exceptions ldap.INVALID_CREDENTIALS and ldap.INAPPROPRIATE_AUTH equally.
  • Fixed output of GZIP-encoded HTTP body. Also works with mod_fastcgi now.


Release Date: 2003-04-18

Modifications requiring configuration changes
  • Removed some static content from generation of <head> section in w2lapp.gui.PrintHeader() (Pragma: no-cache and robot setting). This can be configured in web2ldapcnf.html_head.
  • Moved templates/ to etc/web2ldap/templates/.
  • Added new configuration parameter web2ldapcnf.standalone.reverse_lookups for enabling/disabling reverse lookups of client address in stand-alone mode.
New features/enhancements
  • Schema browser shows which matching rules are applicable for attribute types by evaluating matchingRuleUse.
  • Separate exception handler for ldap.TIMEOUT in w2lapp.handler.
  • More user-friendly behaviour when wrong user input was received in w2lapp.passwd: The input form is displayed together with an error message.
  • Display inherited syntax for attribute type.
  • When modifying the entry the attributes which were not read when building the input form are ignored (mainly are not deleted). This leads to a more robust behaviour regarding different access control levels and concurrent data manipulation.
  • Fixed displaying of single string-typed schema element attributes.
Code cleaning
  • Moved all form-related code into new class w2lapp.form.Web2LDAPForm and several command-specific sub-classes.
  • Some clean-ups in class msHTTPHandler.HTTPHandlerClass.


Release Date: 2003-04-04


Release Date: 2003-04-03


Release Date: 2003-03-18


Release Date: 2003-03-12


Release Date: 2003-03-06


Release Date: 2003-03-01


Release Date: 2003-02-22


Release Date: 2003-02-18


Release Date: 2003-01-07


Release Date: 2002-11-21


Release Date: 2002-11-20


Release Date: 2002-11-01


Release Date: 2002-10-20


Release Date: 2002-10-17


Release Date: 2002-10-04


Release Date: 2002-10-03


Release Date: 2002-09-27


Release Date: 2002-09-24

New features
  • Full LDAPv3 schema handling as complete as it can be with all those LDAP servers out there violating the LDAPv3 standard.
    Note: This makes an upgrade to python-ldap 2.0.0pre06+ necessary!
    For LDAPv2 servers or if sub schema sub entry is not accessible schema is read from locally stored LDIF file which you can specify with new host-/backend parameter schema_uri.
  • Built-in schema browser!
  • A new parameter web2ldapcnf.session_limit lets one set a maximum number of currently persistent web sessions.
    Note: This makes an upgrade to PyWebLib 1.2.0 necessary!
  • Support for LDAP over SSL (ldaps://) and LDAP over Unix domain socket (ldapi:///).
  • New host-/backend-specific parameters for certificate validation: tls_cacertdir, tls_cacertfile, tls_certfile and tls_keyfile.
  • Attributes to be requested can now be explicitly defined in expert search form.
  • New run-mode SCGI server.
Incompatible configuration changes
  • Parameter web2ldapcnf.hosts.ldap_host_list removed and substituted by web2ldapcnf.hosts.ldap_uri_list containing a list of LDAP URLs.
  • Dropped support for host-/backend-specific parameter dit. Code was kludgy and it did not help much. Using the quick-link list defined with addform_oc_list is much more convenient.
  • Dropped support for host-/backend-specific parameter hiddenattrs since this only lead to a false sense of security.
Changes in UI
  • Descriptive list of group entries in [groupadm] is more pretty now. The descriptive title matches the name listed in the group select lists.
  • If more than one possible user entry is found with smart login a [Show] link is displayed which starts a search with search parameters of smart login. This might aid users to pick the right user entry.
  • If a search is done with scope ldap.SCOPE_SUBTREE search continuations are displayed solely with one link named [Continue search] which reuses the search scope and filter string.
  • UnicodeError exceptions are caught. An appropriate error message is displayed.
  • A HTML template can be defined for the login form with host-/backend-specific parameter login_template.
  • The control ManageDsaIT is only displayed and tweaked in [ConnInfo] if LDAP protocol version is LDAPv3. Otherwise "not available" is displayed.
  • [ConnInfo] displays "Secured Connection: yes" in case StartTLS ext op., LDAP over SSL or LDAP over Unix domain socket was used successfully to connect.
  • Only descriptions are displayed in LDAP URL select list.
  • web2ldapcnf.hosts.ldap_uri_list may contain a mixed list of strings (LDAP URLs) or 2-tuples of strings containing LDAP URL and description.
  • Input fields are generated according to the LDAP syntax. w2lapp.schema.syntaxes.LDAPSyntax.formField() returns instance of input field for that purpose.
  • The context menu for single entries is displayed in more situations (e.g. [modifyform], [delete], [rename], etc.).
Small changes
  • No unneeded web sessions are stored anymore in case connecting to a host was not successful or solely the entry page was accessed. This was necessary to make session_limit work in a reasonable way.
  • sbin/ no longer shipped since error-prone and outdated.
  • ldap.STRONG_AUTH_REQUIRED is handled exactly like ldap.INSUFFICIENT_ACCESS.
  • socket.gaierror is handled exactly like socket.error.
  • Malformed host:port parameters with colon but without port number like e.g. "localhost:" are handled more tolerant.
  • Updated example start/stop script in etc/init.d/web2ldap.
  • ldapsession.LDAPSession.isLeafEntry() first tries to read the operational attributes hasSubordinates and subordinateCount before starting a one-level search below.
  • Warning and error messages are displayed instead of unhandled exception raised if user name specified by parameter web2ldapcnf.standalone.run_username or command-line option -u does not exist.
  • To avoid UnicodeError being raised in case the directory data contains malformed characters .encode() method and unicode() function are called with argument error='replace'.
  • Unfortunately implementation of the parameter requested_attrs did not work with LDAP servers which do not implement wildcard search correctly (e.g. Lotus Domino R5 and R6beta2). With these servers only the attributes mentioned in requested_attrs were read. This is fixed with a caveat: Command [Read] can take up to three search requests and in some situations less data is pulled from server.
  • If started in multi-threaded stand-alone mode by user root the built-in HTTP server did not respond although started single-threaded worked. This was caused by dropping privileges with calling os.setuid() after forking. That was fixed by calling os.setuid() before detaching from console.
  • Probing for existing configuration entries in [ConnInfo] does not choke on any LDAPError exceptions anymore.
  • Solved name alias problems with HTML templates in with the help of schema information. No matter which alias or OID is used in an HTML template the attribute should be displayed correctly.
  • Solved problem with login form not passing around the scope defined in an LDAP URL.
Code cleaning
  • Many code changes were necessary due to schema-aware handling of attribute types. Still not all issues are solved.
  • Searching in displaying missing parent entries in w2lapp.add is done in separate functions SearchMissingParentEntries() and DisplayMissingParentEntries().
  • LDAP syntaxes are modeled by separate Python classes in new module w2lapp.schema.syntaxes.
  • Moved outputting input form for chasing SRV RRs into separate module w2lapp.srvrr.
  • Removed parameter web2ldapcnf.misc.ldap_knownattr since inconstistent with LDAPv3 schema support.
  • Removed web2ldapcnf.misc.search_attrs since the matching host-/backend specific parameter web2ldapcnf.web2ldapcnf_hosts.search_attrs is used to build the Advanced Search Form.
  • Simplified ldapsession.LDAPSession.renameEntry() since we mandate use of newer python-ldap anyway.
  • Removed w2lapp.core.iso2display() and w2lapp.core.input2utf().
  • Huge clean-ups in w2lapp.addmodifyform.
  • Form parameter ldap_oc not used in w2lapp.add and w2lapp.modify anymore. Instead objectClass attribute type and values are part of normal input.
  • w2lapp.gui.ErrorExitClass renamed to w2lapp.gui.ErrorExit. ls and dn were removed from argument list of w2lapp.gui.ErrorExit__init__().
  • Avoid mutable types and object instances as defaults for key-word arguments. Substituted many key-word arguments with normal arguments.
  • Incompatible clean-ups in module msHTTPServer:
    • Dropped support for SSL with module M2Crypto. This was experimental and far from being as complete as running with Apache and mod_ssl.
    • Removed all unused code and symbols for starting as forking HTTP server.