Changes 0.11.x
History of released versions
1.8 / 1.7 / 1.6 / 1.5 / 1.4 / 1.3 / 1.2 / 1.1 / 1.0 / 0.16 / 0.15 / 0.14 / 0.13 / 0.12 / 0.11 / 0.10 / 0.9 / 0.8 / 0.7 / Ancient / Overview
0.11.24
Release Date: 2003-06-02
- When displaying object class attribute values it is shown which kind (STRUCTURAL, AUXILIARY or ABSTRACT) the object class is.
- New connection to new server is only tried if hostport part in LDAP URL is not empty.
- More fixes for schema elements without NAME (needs also fixes in python-ldap 2.0.0pre13+ for correct function).
- Select field displayed as input field for attributes of Boolean syntax.
0.11.23
Release Date: 2003-05-26
- w2lapp.addmodifyform: Additional free from input field pair for specifying attribute type and attribute value.
- w2lapp.core.groupadm: Again fixed administration of group entries with NON-ASCII characters in DN.
- Added support for X.509v3 extension PolicyConstraints in certificate parser.
- Removed invalid note about NON-ASCII chars not allowed in LDIF input form.
- Display allowed URL schemes as note near LDIF input form.
- w2lapp.conninfo: User can specify in [ConnInfo] how aliases dereferencing is done.
0.11.22
Release Date: 2003-05-19
- Fixed displaying application anchors in w2lapp.viewer.
0.11.21
Release Date: 2003-05-18
- Added BMPString support and preliminary T.61 support for X.500 DNs in certificate parser.
- Current dn is always displayed in title message.
- More fine-grained signal handling for the different running modes.
- CleanUpThread instance created solely in w2lapp.core instead of start-up scripts.
- Fixed login when found Bind-DN contains NON-ASCII chars.
- Added new function w2lapp.core.guessClientAddr() which looks also at proxy-related CGI-BIN env vars to determine the web client's address.
- Select box for choosing export format is displayed with search results.
- w2lapp.core.groupadm: Fixed administration of group entries with NON-ASCII characters in DN.
0.11.20
Release Date: 2003-05-09
- New stand-alone configuration option web2ldapcnf.standalone.bind_address which is equivalent to command-line option -l.
- Exception ldap.INVALID_DN_SYNTAX caught in w2lapp.add and input form for correcting the RDN input is displayed to user.
0.11.19
Release Date: 2003-05-04
- New features/enhancements
-
- Reformatted start log message in stand-alone mode and added time-stamp.
- New output format "Raw" for search result list.
- Configuration changes
-
- New FastCGI configuration options web2ldapcnf.fastcgi.error_log and web2ldapcnf.fastcgi.debug_log allow to specify separate log files. If non-zero error messages (e.g. exception tracebacks and such) is redirected to error log instead of web server's error log and debug messages are sent to debug log instead sys.stdout.
- New FastCGI configuration option web2ldapcnf.fastcgi.base_url.
- New stand-alone configuration option web2ldapcnf.standalone.base_url.
- Dropped global configuration parameters web2ldapcnf.misc.ldap_binaryattrkeys and web2ldapcnf.misc.ldap_browsermimetypes.
- Abandoned outdated work-around dictionary w2lapp.core.ldap_binaryattrkeys.
- Fixes
-
- Properly determine syntax of SUP'ed attribute types.
- Fixed link text for syntaxes in schema browser.
- Switched off automatic detection of attribute values with DN syntax.
- Fixed some compatibility issues with upcoming Python 2.3.
- Added work-around for broken web servers which adds SCRIPT_NAME to PATH_INFO in CGI-BIN environment vars.
-
Deliver static content (e.g. CSS files) with HTTP header line
Pragma: cache
in stand-alone mode. - Hard-coded an anonymous bind after falling back to LDAPv2.
- Handle exceptions ldap.INVALID_CREDENTIALS and ldap.INAPPROPRIATE_AUTH equally.
- Fixed output of GZIP-encoded HTTP body. Also works with mod_fastcgi now.
0.11.18
Release Date: 2003-04-18
- Modifications requiring configuration changes
-
- Removed some static content from generation of <head> section in w2lapp.gui.PrintHeader() (Pragma: no-cache and robot setting). This can be configured in web2ldapcnf.html_head.
- Moved templates/ to etc/web2ldap/templates/.
- Added new configuration parameter web2ldapcnf.standalone.reverse_lookups for enabling/disabling reverse lookups of client address in stand-alone mode.
- New features/enhancements
-
- Schema browser shows which matching rules are applicable for attribute types by evaluating matchingRuleUse.
- Separate exception handler for ldap.TIMEOUT in w2lapp.handler.
- More user-friendly behaviour when wrong user input was received in w2lapp.passwd: The input form is displayed together with an error message.
- Display inherited syntax for attribute type.
- Fixes
-
- When modifying the entry the attributes which were not read when building the input form are ignored (mainly are not deleted). This leads to a more robust behaviour regarding different access control levels and concurrent data manipulation.
- Fixed displaying of single string-typed schema element attributes.
- Code cleaning
-
- Moved all form-related code into new class w2lapp.form.Web2LDAPForm and several command-specific sub-classes.
- Some clean-ups in class msHTTPHandler.HTTPHandlerClass.
0.11.17
Release Date: 2003-04-04
- Fixed setting attribute shadowLastChange in w2lapp.passwd.
- Attribute lastPwdSet set in w2lapp.passwd if Samba password is synced.
- Check box for synced Samba password is also display if object class is smbPasswordEntry.
0.11.16
Release Date: 2003-04-03
- Abandoned use of rarely needed class attributes and methods in ldapsession.LDAPSession: valid(), hasRootDSE, supportedLDAPVersion and currentLDAPVersion.
- Pass configuration value to timeout parameter when calling ldap.async.AsyncSearchHandler.processResults().
- Added experimental CSS style-sheet for printer output.
- The label and the URL of attribute labeledURI is displayed if the label is present.
- Send correct MIME type image/jpeg for inline images read from in attribute jpegPhoto.
- Fixed Unicode issue in NO_SUCH_OBJECT handler of w2lapp.handler.
- Fixed Unicode issue in ldapsession.LDAPSession.renameEntry().
- When displaying a single schema element a link to Alvestrand's Object Identifier Registry for this particular OID is shown.
- Sparse use of target attribute in links.
- Use method ldap.schema.subentry.Subschema.get_obj() instead directly accessing schema dictionary simply by OID. This solves a backward-compatibility problem for a schema fix introduced in upcoming python-ldap.
- New form parameter oid_class for command oid.
- Fixed UnicodeError with LDAP URL in w2lapp.search.
- Disabled signal handler for SIGUSR1 since it causes troubles on Linux 2.0 boxes.
- If something is wrong with input data and/or RDN for a new entry the input form for modifying input is always displayed directly.
0.11.15
Release Date: 2003-03-18
- Fixed handling of object classes without NAME.
- Fixed signal handling for FastCGI and SCGI.
- Added cgi-bin/web2ldap.fcgi for running via cgi-fcgi wrapper.
- Fixed w2lapp.groupadm for group entries where the membership entry is not the DN of the member entry (e.g. posixGroup).
-
Even more HTML clean-ups and enhancements:
- No more use of <table> for internal link lists.
- Attribute values are enclosed in <span class="nameoroid">.
-
Use
class="CommandTable"
with every internal link list.
0.11.14
Release Date: 2003-03-12
- Fixed default value handling of form parameter login_filterstr.
- Use operational attribute numSubordinates to determine whether an entry is a leaf entry during recursive delete.
- Cleaned up some HTML/CSS mess. Hide some CSS rules from Netscape Navigator 4.x and old MS IE. Stylesheets are not backward-compatible! You have to upgrade the CSS files.
- Dropped support for host-/backend-specific parameters cache_maxmem and cache_timeout since caching support was removed from python-ldap anyway.
- Moved CSS files into separate sub-directory.
- Some documentation clean-ups.
0.11.13
Release Date: 2003-03-06
- [vCard] link is only shown if there is a vCard template defined for at least one of the entry's object classes.
- Export links for single entries in context menu are only displayed when displaying the single entry with [Read].
- Search scope base (0) was not properly used in w2lapp.search.
0.11.12
Release Date: 2003-03-01
- A small fix to w2lapp.schema.no_userapp_attr() for being tolerant if an attribute type is not listed in the schema.
0.11.11
Release Date: 2003-02-22
- Display the DESC attribute available in schema element declaration of e.g. OpenLDAP as link text for LDAPSyntaxes.
- Much code-cleaning in w2lapp.addmodifyform.
- Single-valued attributes are not added to attribute type select list in entry input form.
- Attribute shadowLastChange set in w2lapp.passwd if entry has object class shadowAccount.
- Avoid adding simpleSecurityObject to entry twice in w2lapp.passwd.
0.11.10
Release Date: 2003-02-18
- Extra check in w2lapp.handler.HandleHTTPRequest() for valid LDAP connection to provide reasonable error message instead of logging exception in case user is playing with manually generated URLs.
- When displaying attribute jpegPhoto the comment about number of bytes is written to (invisible) alt attribute of <img> tag. This looks more friendly when using jpegPhoto in HTML templates.
- vCard output made schema aware. E.g. this fixes alias problem with attribute street alias streetAddress.
- Simulate KeyboardInterrupt when receiving SIGTERM.
- Correctly remove PID file when receiving SIGTERM.
0.11.9
Release Date: 2003-01-07
- Fixed displaying the search LDAP URL.
- Fixed UnicodeError raised in case of LDAP filter contains a NON-ASCII character and [Refine Filter] is chosen.
- Additional checking for invalid commands with URL redirect instead of handled exception.
- LDAPSession.unbind() is explicitly called to immediately close the LDAP connection if [Disconnect] was chosen by the user.
- The URL generated for [Disconnect] link does not contain a // (empty double slash) anymore to avoid compatibility problems with Apache 2.x.
- Corrected names of SSL-related configuration options in module w2lapp.conninfo and example configuration file web2ldapcnf.hosts.
0.11.8
Release Date: 2002-11-21
- Fixed argument list when calling w2lapp.schema.no_humanreadable_attr() during vCard export.
0.11.7
Release Date: 2002-11-20
-
w2lapp.passwd:
If the schema does not allow userPassword attribute to exist within the object classes of an entry the class simpleSecurityObject if present in sub schema is automagically added when the password is set. -
w2lapp.read:
Fixed suppression of displaying attributes which are already display through HTML template in a correct schema-aware way. - Reactived code for displaying attributes of syntax PostalAddress as multiple lines.
- Keys of the configuration dictionary web2ldapcnf.hosts.ldap_def are handled as case-insensitive.
-
w2lapp.addmodifyform:
Separate select fields are displayed for structural and auxiliary object classes when adding or modifying an entry. -
w2lapp.addmodifyform:
If form parameter add_rdn is not given and there is only one required attribute (except objectClass) the default for the RDN input field (for choosing characteristic attribute) is automagically chosen to be this attribute. The input field is still editable though. - Avoid erroneously displaying an input field for attributes with transfer type ;binary.
- Cleaned up the mess of using w2lapp.schema.no_humanreadable_attr() and w2lapp.schema.no_userapp_attr().
0.11.6
Release Date: 2002-11-01
- The input field for searching schema elements by OID or name is displayed each time a schema element is displayed.
- When querying for SRV RRs other record types in the DNS response other than SRV are ignored.
- Added certificate and CRL attribute types to w2lapp.schema.syntaxes.syntax_registry for LDAP servers which do not announce the proper syntax.
- Dictionary defined with search_tdtemplate is handled through ldap.cidict.cidict (case-insensitive).
- Cleaned up code for handling search_tablistattrs in w2lapp.search.
0.11.5
Release Date: 2002-10-20
- Fixed argument list for login template string when handling referrals.
0.11.4
Release Date: 2002-10-17
- New form parameter login_filterstr in login form for specifying the filter template used for searching the user's entry. The default is set to the value of binddnsearch. Providing an empty string switches off the user entry search.
- Placed handling of command monitor, locate and connect into try-except-block for gracefully error handling.
- Fix: In case of command locate method form.getInputFields() was not called. Therefore input was always empty.
- Produce better results when displaying LDAP URLs if scope and/or filterstr of LDAP URL are None.
0.11.3
Release Date: 2002-10-04
- ValueError is raised in utctime.strptime() if the length of the time string is wrong.
- Unicode DN of subschema subentry is encoded to StringType before passing it to LDAPObject.read_subschemasubentry_s().
0.11.2
Release Date: 2002-10-03
- Enable synced setting of ntPassword and userPassword in w2lapp.passwd if entry has object class sambaAccount.
- w2lapp.addmodifyform.InputFormEntry.__getitem__() more robust against empty attribute value lists.
- Fixed argument list when calling w2lapp.core.log_exception() from w2lapp.handler in debug mode.
-
Improvements, fixes and code-cleaning in module
w2lapp.groupadm:
- Substituted constant in w2lapp.groupadm with new parameter groupadm_defs.
- Fixed displaying the listing of all groups screwed up in 0.11.1.
- Avoid sorting all group entry DNs a second time.
- LDAPv3 sub schema is used for user_entry.
- Corrected/simplified Unicode handling when setting user_entry_attrvalue.
- Removed need for importing deprecated module msbase.
- Robuster handling if a group entry was deleted in the mean time.
- Case insensitive handling of group entry object class names.
0.11.1
Release Date: 2002-09-27
- Solved backward-compatibility issue with Python 2.1- caused by referring to exception socket.gaierror.
- Solved backward-compatibility issue with Python 2.1- caused by nested scope in ldapsession.LDAPSession.open().
- Distinguished names of group entries are handled case-insensitive in w2lapp.groupadm.
- Replaced hard-coded path value for parameter schema_uri in packaged configuration module with constructed relative path name.
- Added (samAccountName=%s) to parameter binddnsearch in packaged default configuration.
- Template file login.html was missing in package.
-
Some minor clean-ups in module ldapsession:
No import of module socket, dropped unused key-word argument useThreadLock for ldapsession.LDAPSession.__init__() and default of key-word argument traceFile is None. - If fake schema could not loaded the I/O exception is caught and a log message is written to stderr. Will continue to start web2ldap service. Currently writing the log message does not work when running as FastCGI server...
- Stripped configuration example for Apache/mod_fastcgi to what's really needed.
0.11.0
Release Date: 2002-09-24
- New features
-
-
Full LDAPv3 schema handling as complete as it can be with
all those LDAP servers out there violating the LDAPv3 standard.
Note: This makes an upgrade to python-ldap 2.0.0pre06+ necessary!
For LDAPv2 servers or if sub schema sub entry is not accessible schema is read from locally stored LDIF file which you can specify with new host-/backend parameter schema_uri. - Built-in schema browser!
-
A new parameter
web2ldapcnf.session_limit lets one
set a maximum number of currently persistent web sessions.
Note: This makes an upgrade to PyWebLib 1.2.0 necessary! - Support for LDAP over SSL (ldaps://) and LDAP over Unix domain socket (ldapi:///).
- New host-/backend-specific parameters for certificate validation: tls_cacertdir, tls_cacertfile, tls_certfile and tls_keyfile.
- Attributes to be requested can now be explicitly defined in expert search form.
- New run-mode SCGI server.
-
Full LDAPv3 schema handling as complete as it can be with
all those LDAP servers out there violating the LDAPv3 standard.
- Incompatible configuration changes
-
- Parameter web2ldapcnf.hosts.ldap_host_list removed and substituted by web2ldapcnf.hosts.ldap_uri_list containing a list of LDAP URLs.
- Dropped support for host-/backend-specific parameter dit. Code was kludgy and it did not help much. Using the quick-link list defined with addform_oc_list is much more convenient.
- Dropped support for host-/backend-specific parameter hiddenattrs since this only lead to a false sense of security.
- Changes in UI
-
- Descriptive list of group entries in [groupadm] is more pretty now. The descriptive title matches the name listed in the group select lists.
- If more than one possible user entry is found with smart login a [Show] link is displayed which starts a search with search parameters of smart login. This might aid users to pick the right user entry.
- If a search is done with scope ldap.SCOPE_SUBTREE search continuations are displayed solely with one link named [Continue search] which reuses the search scope and filter string.
- UnicodeError exceptions are caught. An appropriate error message is displayed.
- A HTML template can be defined for the login form with host-/backend-specific parameter login_template.
- The control ManageDsaIT is only displayed and tweaked in [ConnInfo] if LDAP protocol version is LDAPv3. Otherwise "not available" is displayed.
- [ConnInfo] displays "Secured Connection: yes" in case StartTLS ext op., LDAP over SSL or LDAP over Unix domain socket was used successfully to connect.
- Only descriptions are displayed in LDAP URL select list.
- web2ldapcnf.hosts.ldap_uri_list may contain a mixed list of strings (LDAP URLs) or 2-tuples of strings containing LDAP URL and description.
- Input fields are generated according to the LDAP syntax. w2lapp.schema.syntaxes.LDAPSyntax.formField() returns instance of input field for that purpose.
- The context menu for single entries is displayed in more situations (e.g. [modifyform], [delete], [rename], etc.).
- Small changes
-
- No unneeded web sessions are stored anymore in case connecting to a host was not successful or solely the entry page was accessed. This was necessary to make session_limit work in a reasonable way.
- sbin/occonf2ldapoc.py no longer shipped since error-prone and outdated.
- ldap.STRONG_AUTH_REQUIRED is handled exactly like ldap.INSUFFICIENT_ACCESS.
- socket.gaierror is handled exactly like socket.error.
- Malformed host:port parameters with colon but without port number like e.g. "localhost:" are handled more tolerant.
- Updated example start/stop script in etc/init.d/web2ldap.
- ldapsession.LDAPSession.isLeafEntry() first tries to read the operational attributes hasSubordinates and subordinateCount before starting a one-level search below.
- Warning and error messages are displayed instead of unhandled exception raised if user name specified by parameter web2ldapcnf.standalone.run_username or command-line option -u does not exist.
-
To avoid UnicodeError being raised in case the directory data
contains malformed characters .encode() method and
unicode() function are called with argument
error='replace'
.
- Fixes
-
- Unfortunately implementation of the parameter requested_attrs did not work with LDAP servers which do not implement wildcard search correctly (e.g. Lotus Domino R5 and R6beta2). With these servers only the attributes mentioned in requested_attrs were read. This is fixed with a caveat: Command [Read] can take up to three search requests and in some situations less data is pulled from server.
- If started in multi-threaded stand-alone mode by user root the built-in HTTP server did not respond although started single-threaded worked. This was caused by dropping privileges with calling os.setuid() after forking. That was fixed by calling os.setuid() before detaching from console.
- Probing for existing configuration entries in [ConnInfo] does not choke on any LDAPError exceptions anymore.
- Solved name alias problems with HTML templates in w2lapp.read with the help of schema information. No matter which alias or OID is used in an HTML template the attribute should be displayed correctly.
- Solved problem with login form not passing around the scope defined in an LDAP URL.
- Code cleaning
-
- Many code changes were necessary due to schema-aware handling of attribute types. Still not all issues are solved.
- Searching in displaying missing parent entries in w2lapp.add is done in separate functions SearchMissingParentEntries() and DisplayMissingParentEntries().
- LDAP syntaxes are modeled by separate Python classes in new module w2lapp.schema.syntaxes.
- Moved outputting input form for chasing SRV RRs into separate module w2lapp.srvrr.
- Removed parameter web2ldapcnf.misc.ldap_knownattr since inconstistent with LDAPv3 schema support.
- Removed web2ldapcnf.misc.search_attrs since the matching host-/backend specific parameter web2ldapcnf.web2ldapcnf_hosts.search_attrs is used to build the Advanced Search Form.
- Simplified ldapsession.LDAPSession.renameEntry() since we mandate use of newer python-ldap anyway.
- Removed w2lapp.core.iso2display() and w2lapp.core.input2utf().
- Huge clean-ups in w2lapp.addmodifyform.
- Form parameter ldap_oc not used in w2lapp.add and w2lapp.modify anymore. Instead objectClass attribute type and values are part of normal input.
- w2lapp.gui.ErrorExitClass renamed to w2lapp.gui.ErrorExit. ls and dn were removed from argument list of w2lapp.gui.ErrorExit__init__().
- Avoid mutable types and object instances as defaults for key-word arguments. Substituted many key-word arguments with normal arguments.
-
Incompatible clean-ups in module msHTTPServer:
- Dropped support for SSL with module M2Crypto. This was experimental and far from being as complete as running with Apache and mod_ssl.
- Removed all unused code and symbols for starting as forking HTTP server.