Changes 0.16.x
History of released versions
1.8 / 1.7 / 1.6 / 1.5 / 1.4 / 1.3 / 1.2 / 1.1 / 1.0 / 0.16 / 0.15 / 0.14 / 0.13 / 0.12 / 0.11 / 0.10 / 0.9 / 0.8 / 0.7 / Ancient / Overview
0.16.41
Release Date: 2008-08-03
- Security fix! Redirects to arbitrary URLs are only allowed with valid session ID.
- plug-in class DynamicValueSelectList now also reads a simple select list from a multi-valued attribute of a certain entry (when search scope in LDAP URL is base).
- Detected browser class and browser version and HTTP header User-Agent are displayed in [ConnInfo] now.
- plug-in class BitArrayInteger now displays a multi-line input field for each bits. This is more handy for manipulating the single bits like in MS AD's attribute userAccountControl.
- Fixed displaying the value for binary fields (e.g. OctetString) when outputting a hidden field (disabled input field).
0.16.40
Release Date: 2008-07-26
- Fixed error handling for objectClassViolation when adding a new entry.
- Added doc page about improving usability by configuration.
- Improved docs.
- Schema browser now accepts semicolon subtype in form parameter oid.
0.16.39
Release Date: 2008-07-17
- Support for tree delete control (see draft-armijo-ldap-treedelete).
- Cosmetic changes to output of [ConnInfo].
0.16.38
Release Date: 2008-07-15
- Fixed a regression in [Password] (module w2lapp.passwd) when the entry's DN contains NON-ASCII chars.
0.16.37
Release Date: 2008-07-15
- Fixed changing the password in MS AD (attribute unicodePwd).
- Fixed more regressions in [Password] (module w2lapp.passwd).
0.16.36
Release Date: 2008-07-14
- Changed the internal setting of TLS options: If OpenLDAP libs 2.4 or newer are detected the TLS options are only set for the current connection.
- Fixed a regression in [Password] (module w2lapp.passwd).
0.16.35
Release Date: 2008-07-14
- Certificates and CRLs are automagically converted from ASCII-armored format (often called PEM) to binary DER format if needed before being added to attributes of syntax Certificate or CertificateRevocationList.
-
The DN portion of DynamicValueSelectList.ldap_url has the following
special values (placeholders) now for defining the search DN based on the current
DN of the entry:
_ underscore use the best matching naming context . single dot use current DN .. two dots use parent DN - Added simple Select-based plug-in class for attribute type pwdAttribute.
-
New features if
Python Imaging Library (PIL)
is (optionally) installed:
- Images are now automagically converted to JPEG format for attributes of syntax JPEGImage (e.g. attribute jpegPhoto).
- Attributes width and height always set for <img> tag.
- width and height set to maximum values keeping the original aspect ratio of the image.
-
Changes when setting passwords:
- Support for Password Modify Extended Operation for server-side password setting (see RFC 3062).
- Generated salts for client-hashed password are eight bytes long.
- New global configuration parameter session_paranoid enables generating a new session ID for each hit. While slightly more secure this makes the browser's back button unusable though.
0.16.34
Release Date: 2008-07-11
- When displaying search results the title attributes of links contain multiple lines now.
- Select list of LDIF templates only displayed when adding new entries.
- Multiple lines for syntax Postal Address are joined with " $ " instead of "$". Whitespaces are stripped from begin and end of the lines.
- All attributes declared with NO-USER-MODIFICATION set are silently ignored when modifying entries even if provided in user input.
- Fixed handling of NON-ASCII chars in multi-line text input fields (e.g. for attribute postalAddress).
- Fixed handling of delta-modification in case an attribute having no EQUALITY matching rule defined for it.
0.16.33
Release Date: 2008-07-11
- When adding an entry an exception ldap.UNWILLING_TO_PERFORM also leads to the input form for modifying entry data.
- When re-displaying the entry input form in case of an error binary attribute are dropped since at the moment there is no appropriate way to deal with them in hidden input fields.
-
Improved object class selection form:
- A select list for object classes without kind ("Misc.") is only displayed if needed.
- To save space the LDIF template list is now added as a select input field of the object class selection form. This also makes it possible to select a different input form type when using LDIF templates.
- All input fields have a title attribute now.
- Descriptions of input fields have <label for="id"> now.
0.16.32
Release Date: 2008-07-10
- In case of an attribute having an EQUALITY matching rule defined which is not implemented (announced in subschema) the delta-modification now deletes the whole attribute value. E.g. this avoids problems with attribute postalAddress on OpenLDAP.
0.16.31
Release Date: 2008-07-07
- Support for name forms when adding new entries: If name forms are associated with the structural object class of the new entry to be added then a select list of all possible name forms is displayed.
- New base class MultilineText for implementing attribute plug-in classes for multi-line text fields.
- A multi-line text field is displayed as input field for attributes of syntax postal address (1.3.6.1.4.1.1466.115.121.1.41).
- New plug-in module for LDAP-based PGP key servers.
0.16.30
Release Date: 2008-06-30
- New parameter web2ldapcnf.hosts.restricted_ldap_uri_list allows to restrict the LDAP servers to be accessible to the ones listed in web2ldapcnf.hosts.ldap_uri_list.
0.16.29
Release Date: 2008-06-27
-
Better handling of multi-valued RDN when adding a new entry:
- Auto-completion with attribute values from the input entry.
- Attributes passed in with the RDN are automatically added to the entry if attribute is completely absent.
- Graceful handling for absent schema element referenced with key-word SUP.
- If using a non-DN name for a simple bind without a filter-template for searching the user entry then the user entry is searched after successful bind with the user's rights. This is handy e.g. when using userPrincipalName for simple bind with MS AD.
- If search root used for searching a user entry is empty then defaultNamingContext from rootDSE is used as search root if present.
- New AD-specific plug-in classes for domainControllerFunctionality, domainFunctionality and forestFunctionality.
- Code cleaning in schema viewer and added a work-around for buggy class ldap.schema.models.NameForm in older versions of python-ldap.
0.16.28
Release Date: 2008-06-22
- If the LDAP server returns strange empty lists as attribute value lists (e.g. OpenDS does this for attribute isMemberOf) then these are ignored when modifying an entry.
- Also in case of an attribute getting completely deleted the delta-modification now explicitly deletes the old attribute values if an EQUALITY matching rule is defined in subschema for the attribute type.
0.16.27
Release Date: 2008-06-18
- Delta-modification now explicitly deletes the old attribute values if an EQUALITY matching rule is defined in subschema for the attribute type. This is an additional cross-check to detect whether the entry to be modified was removed or changed in between.
- Simplified referral chasing: The DN is simply extracted from referral URL (in compliance with the note in RFC 3296 about empty referral DN).
0.16.26
Release Date: 2008-06-16
- Fixed a regression when enabling tree delete control for recursive tree deletion.
- An assertion filter is passed along in form parameter in_assertion from the input form to the modify page which is used to cross-check whether the entry to be modified was removed or changed in between. Still this is not using the assertion control. But it's safer than before.
0.16.25
Release Date: 2008-06-14
- Fixed a regression when adding entries.
0.16.24
Release Date: 2008-06-14
- HTTP header Cache-Control is set very strictly for every HTTP response (e.g. also when producing LDIF and vCard exports and display single binary attributes like jpegPhoto).
-
Some socket exceptions are now correctly ignored.
These are typically caused by a user getting impatient
and the connection to the browser gets lost.
Examples:-
error: (104, 'Connection reset by peer')
-
error: (32, 'Broken pipe')
-
-
Attribute auditContext is now correctly handled:
- Additional menu items in the context menu for searching the complete or the write audit trail for the single entry displayed.
- When displaying the attribute auditContext itself the plug-in class now links to complete or write audit trail for current database.
- [ConnInfo] also displays link into audit database.
- Added new plug-in class for attribute type administrativeRole (see also RFC 3672).
- Deprecation warnings under Python 2.6 for modules md5 and sha are avoided by trying an import of module hashlib first.
- Syntax checking for LDAP syntax Numeric String was relaxed to also accept space characters (see also section 3.3.23 RFC 4517).
- Renamed plug-in module for RFC 2307 schema elements from posixaccount to nis.
- T.61 related codec modules are now correctly registered and used when displaying certificates and CRLs.
- Again the entry input form handling and delta-modification was partially rewritten. This should fix several issues in former releases.
0.16.23
Release Date: 2008-02-29
-
Added new plug-in classes for attribute types:
- dateOfBirth defined for object class msPerson (see also schema file).
- pwdPolicySubentry
- If self.maxLen is set for a syntax handler class then the HTML attribute maxLen of the input field is set to the minimum of self.maxLen and 50.
- Improved plug-in base class DynamicDNSelectList: If the DN portion in the LDAP URL (see class attribute ldap_url) is a single dot then the naming context of the current DN is used when searching possible attribute value/description pairs for the select list.
-
Fixed/improved schema browser:
- Added link to OID registry at oid-info.com.
- Fixed listing the referencing attribute types when displaying a matching rule.
- Added listing the referencing matching rules when displaying a LDAP syntax.
0.16.22
Release Date: 2008-02-14
- Fixed a regression in plug-in module for MS AD.
- Fixed a regression in and slightly improved plug-in class for attribute auditContext.
0.16.21
Release Date: 2007-12-09
- Fixed a regression in exporting printable output of search result list.
0.16.20
Release Date: 2007-10-17
- Fixed passing around attribute values of syntax OctetString as hidden parameters in template-based input form.
- Fixed displaying the LDIF after a successful modify if the DN contains NON-ASCII characters.
0.16.19
Release Date: 2007-10-07
- Fixed displaying the search results as a raw list of DNs.
0.16.18
Release Date: 2007-09-21
- Fixed handling of host-specific parameter search_tdtemplate when displaying search result list.
0.16.17
Release Date: 2007-09-17
- Import of ldap.sasl not mandantory anymore.
- New form parameter groupadm_view for command groupadm enables the use to choose which group entris to list in the group list legend.
- Invalid DN given in a LDAP URL is caught as exception.
- Leading zeros in user input are stripped for attribute values of LDAP syntax Integer.
- Changes in the plug-in class API now allows full access to subschema information and LDAP connection objects within a plug-in class.
- New base plug-in classes DynamicValuesSelectList and DynamicDNSelectList for dynamically searching <option> values/texts for a <select> list.
- Modifications to single entries are now displayed as LDIF change records.
- Input form can now be switched between the modes Template, Table and LDIF without losing the changes made to the input data.
- Parameter link_css now must contain a complete HTML snippet for specifying CSS files for various media.
- The print style sheet is not imported in CSS files anymore. MS IE choked on that.
0.16.16
Release Date: 2007-03-22
- Added direct link to auditContext in [ConnInfo].
- Stripped down HTML output in [Locate] to one <div> of class Main to correct wrong display with fixed-style CSS.
- Added plug-in classes for MS AD attribute types groupType and searchFlags.
- Fixed displaying error message for ldap.TIMEOUT exception.
- Slightly changed text of submit button in login form.
- Grab attribute monitoredInfo from OpenLDAP's monitor entry if attribute monitorContext is present in rootDSE to display it instead vendor info in [ConnInfo].
0.16.15
Release Date: 2006-12-07
- If no group entries are found a clear error message gives a hint to select another group search root.
- Search requests for LDIF/DSML export add * to requested attributes. This fixes limited export if configuration parameter requested_attrs is set.
0.16.14
Release Date: 2006-11-30
- More graceful handling during connect when the server disallows anon bind and restricts access to root DSE.
- Function escape_filter_chars() from ldap.filter instead of ldaputil.base is used.
0.16.13
Release Date: 2006-11-03
- Multiple attribute values are not sorted in input forms anymore.
- In the login form only the available SASL mechs are displayed now in the select field for choosing authentication mechanism.
- If scope is not specified in LDAP URL the search form properly sets default of search scope to sub.
- Simplified displaying error messages by deleting backward-compatible code for older versions of python-ldap.
0.16.12
Release Date: 2006-09-27
- When displaying a select field for choosing the groups to add to or delete from the title attribute contains the first value of attribute description or the DN of the group entry (for bubble help in browser).
- Some updates to configuration data.
0.16.11
Release Date: 2006-04-26
- Added title attribute for [Read] links when displaying search result list (for bubble help in browser). The text contains attributes description and structuralObjectClass if present in the entry.
- Default values set in utctime.strptime() and mspki.utctime.__strptime__() are now exactly like that of time.strptime().
0.16.10
Release Date: 2006-03-23
- Changed behaviour when displaying input form for entries with object class extensibleObject since it was unhandy for many available attribute types: There are only input fields displayed for the MUST and MAY attributes of other object classes. But the select lists for additional attribute values now contain all existing attribute types.
- Recursive deletion now continues if server-side administrative limits (ldap.ADMINLIMIT_EXCEEDED exception) are in effect.
- When adding / editing an entry the input form can now be switched from table- to template-based and vice versa without loss of data input so far.
0.16.9
Release Date: 2006-03-04
- Brought usage of manage DIT control in line with draft-zeilenga-ldap-managedit-00.txt
- DIT content rules marked as OBSOLETE are now correctly ignored in object class selection form.
0.16.8
Release Date: 2006-02-23
- Special treatment for an empty attribute value list when displaying a table view of a single LDAP entry in [Read].
- Attributes countImmSubordinates and countTotSubordinates are now used to determine number of direct and total subordinate entries.
- Fix for displaying a search continuation received for one-level search from root naming context.
0.16.7
Release Date: 2006-01-08
- Relaxed error handling when ldap.INSUFFICIENT_ACCESS is raised during connecting to an ill-configured server.
- Again the DIT navigation menu changed.
- Some more small fixes.
- Better detection whether subschema is accessible on LDAP server or when to display the local schema.
- Number of cached subschema DN mappings displayed in [ConnInfo].
- Added plug-in module for Kerberos V schema.
- Fixed syntax class NameAndOptionalUID.
0.16.6
Release Date: 2005-11-18
- Follow SUP references when displaying DIT structure rules.
- Fixed detailed view of name forms.
0.16.5
Release Date: 2005-11-18
- Schema browser displays DIT structure rules and name forms with all forward and backward references to attribute types and object classes.
- Again fixed error handling when setting userPassword in case simpleSecurityObject is defined as STRUCTURAL in a broken schema.
0.16.4
Release Date: 2005-11-18
- Fixed ldapsession.LDAPSession.subOrdinates() to return correct results also when the server does not return the operational attributes used to determine that.
- Corrected title message of monitor and locate.
- The link [Display all] is only displayed if only partial search results are displayed.
- In the object class selection form the classes currently not selected are sorted.
- Fixed relogin when referral is received.
- When setting the password for an entry for which the attribute userPassword is not allowed in the schema one of the object classes simpleSecurityObject or simpleAuthObject is added if present in the schema and declared as AUXILIARY.
0.16.3
Release Date: 2005-11-14
- Added missing plug-in for DirX (which has no function at the moment).
- Setting the TLS-related options does not care about old python-ldap versions anymore.
0.16.2
Release Date: 2005-11-11
- Stripped all formatting attributes from HTML templates and slightly modified default.css to be nicer to MS IE.
- If an attribute has more than two values the number of attribute values is displayed in the table view when displaying a single entry (in [Read]).
0.16.1
Release Date: 2005-11-11
- New features/enhancements
-
- Major overhaul of web layout also affecting HTML generated. Finally implemented three column layout with CSS which hopefully is more user-friendly.
- Added DIT navigation list to status bar which allows quick access to upper DIT entries.
- Reordered and hopefully cleaned up login form.
- Flipped order of links [Down] and [Up] in main menu to better reflect function in three column CSS layout.
- Bug Fixes
-
- Fixed Unicode error in [ConnInfo] if the current DN is NON-ASCII.
0.16.0
Release Date: 2005-11-07
- Installation and Configuration changes
-
- Note: This release requires upgrading to Python 2.3.x or newer.
- Note: This release requires upgrading to python-ldap 2.0.10 which supports LDAPv3 extended controls.
- New features/enhancements
-
-
Support for controls which are handled exactly like ManageDSAIT
in the user interface (see [ConnInfo]):
- ManageDIT (1.3.6.1.4.1.4203.666.5.12)
- Two different controls for searching subentries (see RFC 3672 and draft-ietf-ldup-subentry-07.txt)
- When displaying entries or an input form with the help of HTML templates the templates are applied in the order of the kind of the object classes. Order is STRUCTURAL, AUXILIARY, ABSTRACT.
- Added plug-in class for pilotPerson (see RFC 1274).
- All cached LDAP information (entries and sub schema) can be flushed (see [ConnInfo]).
- Transfer subtype ;binary is used when creating input fields for attributes which needs this transfer type.
-
Support for controls which are handled exactly like ManageDSAIT
in the user interface (see [ConnInfo]):
- Bug Fixes
-
- The letter small x is now allowed in the syntax classes for telephone and FAX numbers.
- If an error causes the input form to be re-displayed the values entered for binary attributes are omitted.
- Setting TLS-related options is more robust now.