Changes 0.15.x
History of released versions
1.8 / 1.7 / 1.6 / 1.5 / 1.4 / 1.3 / 1.2 / 1.1 / 1.0 / 0.16 / 0.15 / 0.14 / 0.13 / 0.12 / 0.11 / 0.10 / 0.9 / 0.8 / 0.7 / Ancient / Overview
0.15.22
Release Date: 2005-10-17
- Corrected the titles of some links.
- HTTP header Content-Disposition is sent as inline instead of attachment. E.g. this enables the browser to directly display e.g. LDIF exports instead of asking for helper application.
- Spec file for building RPMs contributed by Dieter Klünter.
0.15.21
Release Date: 2005-10-13
- When starting in stand-alone mode stdout and stdin are closed to completely detach from console. Unfortunately some start-up messages are written to the web2ldapHTTPHandlerClass.debug_log now.
- Added HTML class attributes used when displaying attribute table of a single entry. HTML attribute rowspan is used for attribute type column in the table.
- If a schema element was manually searched and is not found the input form is re-displayed with the given name or OID for manual correction by the user.
- In the search result list the attribute numAllSubordinates is used if available to determine if it does make sense to display a [Down] link.
- When performing a recursive delete the attribute numAllSubordinates is used if available to determine whether an entry is a non-leaf.
- The number of direct and total subordinate entries is displayed before deleting an entry which has subordinate entries.
- Collective attributes are no longer displayed in input form when editing an entry.
- Collective Attributes are listed separately when displaying a single entry.
0.15.20
Release Date: 2005-10-09
- Fixed displaying a search continuation if the search filter contains non-ASCII characters.
- The number of direct and total subordinate entries is displayed in the title of a [Down] link when displaying search result list and the appropriate operational attributes exist.
- w2lapp.gui.PrintFooter(): outf.flush() is called for sending the data to the browser immediately which speeds up displaying the page.
0.15.19
Release Date: 2005-09-29
Credits go to Claudia D. for her proposals improving the user interface.
- Once again: Fixed LDAPSyntax.displayValue()...
- Searching group entries and changing the group membership of an entry is now divided into separate forms. Hopefully this is more obvious to the user than the former UI.
- A <table> is used instead of a <dt> for listing the attributes not covered by template when displaying a single entry. This saves much space in the browser window.
- The object class select lists are 20 items long now.
- When modifying the object classes of an entry the existing object classes are listed first in the select fields. Hopefully it is more obvious to the user now what these select fields are all about.
0.15.18
Release Date: 2005-09-26
- Fixed exception logging handler.
0.15.17
Release Date: 2005-09-25
- The search size limit is set when retrieving partial results. This avoids sending abandon request (in ldap.async.AsyncSearchHandler) if not necessary.
- socket.error is handled just like IOError.
- Reactivated the special attribute value testing in LDAPSyntax.displayValue() with a corrected regex for timestamps. This fixes a infinite loop in regex-matching.
0.15.16
Release Date: 2005-09-21
- A serious bug was introduced in 0.15.14 affecting input forms. The change was backed out. Therefore web2ldap does not correctly support editing entries with language sub-types until I spent more time fixing this. :-(
- Error ldap.INSUFFICIENT_ACCESS is now ignored when subsequently reading the operational attributes of an entry while displaying a single entry (caused because of brain-dead access control ;-).
- Deactivated the special attribute value testing in LDAPSyntax.displayValue() which is used when no registered syntax class is found.
0.15.15
Release Date: 2005-09-20
- When connecting to a LDAP server which completely disallows anonymous bind the login form is correctly displayed now.
- More fine-grained error handling when connecting and probing the LDAP version.
- Relaxed syntax checking for telephone and FAX numbers when processing input data.
0.15.14
Release Date: 2005-09-17
- Collective attributes are no longer displayed in input form when editing an entry.
- Fixed attribute values with language sub-types not being displayed when a template is used for displaying entry or the entry modification input form.
- The URL redirector (command urldirect) now ignores LDAP URLs. The LDAP URL in the query string is then processed by web2ldap as usual. Especially this effect LDAP URLs in certificates.
0.15.13
Release Date: 2005-08-30
- If modifying password fails with ldap.CONSTRAINT_VIOLATION the LDAPError message is displayed together with the password entry fields to re-enter another password. This is a more graceful handling when password quality checking is in effect.
-
Added even more restrictions for HTTP header Cache-Control.
The complete list:
private, no-store, no-cache, max-age=0, must-revalidate
- Fixed displaying attribute values of vendorName and vendorVersion when showing connection information.
0.15.12
Release Date: 2005-06-26
- Fixed handling of missing rootDSE data when connecting to an LDAPv2 server.
- Fixed exporting search results as printable HTML table.
- Added plug-in module for ppolicy overlay of OpenLDAP (see draft-behera-ldap-password-policy).
0.15.11
Release Date: 2005-06-21
- Installation and Configuration changes
-
- List of ISO 3166-2, numeric country codes and country names defined in new configuration sub-module web2ldapcnf.countries.
- New features/enhancements
-
- Added general configuration parameter web2ldapcnf.ldap_opt_debug_level for setting debug level of OpenLDAP libs.
- Implemented eDirectory-specific plug-in class TaggedNameAndString.
- Added plug-in module for OpenLDAP.
- Added plug-in classes CountryCode and LogonHours for MS AD.
- When modifying an entry the DIT content rule which governs the structural object class is displayed with a link to this rule in the schema browser.
- In the search result list the attribute msDS-Approx-Immed-Subordinates is used if available to determine if it does make sense to display a [Down] link.
- LDAP URLs in query strings (e.g. used for web2ldap-bookmarks) can now have the following LDAP URL extensions for specifying the SASL login parameters: x-saslmech, x-saslauthzid and x-saslrealm.
- When displaying connection information all possible rootDSE attributes are taken into account instead of dumb probing all known monitor and configuration DNs.
- Bug Fixes and Work-Arounds
-
- Exception ldap.INSUFFICIENT_ACCESS is ignored in getUmichConfig() to avoid this exception being raised to user.
- Recursive delete is hopefully more resistant against being caught in an end-less loop when working a buggy LDAP server.
- Fixed handling of non-existing or empty namingContexts attribute in RootDSE.
-
The operational attribute structuralObjectClass is supposed
to be SINGLE-VALUE but some broken LDAPv3 server implementations
(e.g. Active Directory) return all the superior structural object classes
as attribute values.
There was a work-around added for that which fixes determining the correct DIT content in rule in effect on those broken servers. - Fixed input of bind DN with NON-ASCII chars in login form.
- LDAP URLs with standard port numbers used as keys in cascaded configuration are matched with our without the port number.
- Code cleaning
-
- Some modifications in the syntax / attribute type class implementation which also clean-ups the plug-in implementations. Many syntaxes added.
0.15.10
Release Date: 2005-04-29
- Two small fixes for the SIGHUP handler.
- The ManageDSAITMode control is always set to critical to make it fail if not supported by the LDAP server
0.15.9
Release Date: 2005-02-15
- Added new syntax class PosixTimestamp.
- Added new plug-in module for Samba.
- Better message formatting after renaming entry.
- Fixed missing symbol mail_pattern.
0.15.8
Release Date: 2005-02-07
-
Added new plug-in class for syntax Interval
on MS Active Directory. This nicely displays timestamp
values in the following attributes:
- accountExpires
- badPasswordTime
- lastLogon
- lastLogonTimestamp
- lastLogoff
- pwdLastSet
- Added new plug-in class for attribute instanceType on MS Active Directory.
0.15.7
Release Date: 2005-02-05
- Added new plug-in class for attribute type sAMAccountType on MS Active Directory.
-
The SIGPIPE handler now simply ignores SIGPIPE instead of
raising mssignals.SigPipeException. This fixes
some strange effects when running in FastCGI mode and one
hits [ Disconnect ] after reconnecting to the LDAP
server of the current session (e.g. because of server restart).
So this is for you if your web server's error log shows something like:
Exception exceptions.AttributeError: "FCGI instance has no attribute 'err'" in <bound method FCGI.__del__ of <fcgi.FCGI insta nce at 0x42f0db6c>> ignored
- Allow IPv6 addresses to be passed as parameter values in LDAP URLs and input fields.
0.15.6
Release Date: 2004-12-02
- Fixed displaying LDAP connection information when attributes vendorName and vendorVersion are not present in the root DSE.
- Python 2.4 compatibility fix for displaying time stamps in certificates and CRLs.
0.15.5
Release Date: 2004-11-18
- Added new plug-in class for attribute type userAccountControl on MS Active Directory.
- Fixed checking for attribute type dc in DN parts when converting dc-style DNs to DNS domains during SRV lookup. It is now case-insensitive.
0.15.4
Release Date: 2004-11-11
- Fixed displaying search filters in schema viewer for searching object classes or attribute types without NAME in schema element declaration.
- Added plug-in class for MS Exchange 5.x.
0.15.3
Release Date: 2004-10-26
- Compatibility fix for python-ldap built without support for SSL/TLS.
- Small fix or better work-around for handling attribute types where syntax is not set.
- Fixed validation of jpegPhoto attribute values.
0.15.2
Release Date: 2004-08-21
- Fixed a bug introduced in 0.15.1 which occurred when invoking exception method ErrorExit.html().
0.15.1
Release Date: 2004-08-05
- Security fixes!
-
- Fixed error handling where client-generated parameters displayed in various error messages could be exploited for cross-site scripting (XSS) attacks. All web2ldap versions prior to this version are considered vulnerable.
- Bug fixes
-
- Fixed backward-compatibility issue with Python 2.0 by avoiding use of function inspect.isclass().
0.15.0
Release Date: 2004-07-29
- Installation and Configuration changes
-
- The host:port form in the cascaded configuration was abandoned. All string-keys MUST be valid LDAP URLs except the single underscore for the default section. Additionally one can group configuration parameters around a common base DN (AKA as search root AKA naming context) by specifying a LDAP URL with empty hostport part. (see section Cascaded configuration).
- Note: This release requires upgrading to python-ldap 2.0.1 which contains an important bug fix.
- Performance optimization module psyco is imported if available.
- New features/enhancements
-
- Sort of a rudimental plug-in interface for syntax and attribute-type classes. Added plug-in example module for attribute types c and gender.
-
Added plug-in classes for vendor-specific syntaxes and/or attribute types:
- MS Active Directory (see draft-armijo-ldap-syntax)
- Novell eDirectory (see draft-sermersheim-nds-ldap-schema)
- Entrust PKI (see Entrust Directory Schema Requirements for Entrust 6.0)
- posixAccount (see RFC 2307)
- New host-specific parameter link_css allows to set different style sheets (CSS URL) for different servers / naming contexts.
- A multi-select field is also displayed for abstract object classes when adding or modifying entries. E.g. this preserves object class top in an existing entry.
- If attribute schemaNamingContext is present in RootDSE (e.g. with MS AD) a link is displayed in the schema viewer to the relating schema element entry found under the schema naming context.
- Attribute values of syntax OctetString can now be edited in hex-dump format.
- Support for SASL mechanism NTLM.
- LDAP URLs as string keys for configuration dictionary are now normalized before building w2lapp.cnf.ldap_def. This should lead to a more robust configuration behaviour.
- Bug Fixes
-
- Fixed displaying anonymous login in case a username or bind-DN was given without password.
- Equals sign added as allowed character to regex pattern for PrintableString.
- urllib.quote() is used instead of urllib_plus.quote() which fixes some strange errors with DNs passed around in URLs.
- Added additional check whether to explicitly add object class attribute to set of required attributes in input form. This is a work-around for LDAP servers which mark the objectClass attribute as not user-modifiable (e.g. MS Active Directory)
- Properly fall-back to binary download if there is no special handler for viewing a single binary attribute.
- Imports of sndhdr and StringIO were missing for w2lapp.schema.syntaxes.Audio.
- Code cleaning
-
- Got rid of calling eval() in pisces.asn1 to be more friendly to psyco.
- Removed some of the special attribute value detections in w2lapp.schema.syntaxes.LDAPSyntax.displayValue().