Changes 1.0.x
History of released versions
1.8 / 1.7 / 1.6 / 1.5 / 1.4 / 1.3 / 1.2 / 1.1 / 1.0 / 0.16 / 0.15 / 0.14 / 0.13 / 0.12 / 0.11 / 0.10 / 0.9 / 0.8 / 0.7 / Ancient / Overview
1.0.29
Release Date: 2009-08-07
-
Note: This is the last release guaranteed to support
Python 2.3!
For various reasons you should seriously consider to upgrade your local Python installation. - Various code-cleaning regarding a more consequent distinction of UnicodeType and StringType data.
- Multiple space characters in DNs and attribute values are now correctly displayed.
- Added a fall-back behaviour for older Python versions when registering T.61 codecs.
- In expert search form the HTML attribute maxlength is now set to the same values like specified for form parameters search_filterstr and search_attrs.
- If no values are entered into the advanced search form no search request with invalid filter is sent to the LDAP server anymore. Instead an error message is displayed.
- Fix for the group administration: Caching is now disabled when searching group entries the current entry is member of.
- When generating the assertion filter for detecting intermediate changes to edited entries all NON-ASCII chars are now quoted. E.g. with eDirectory cross-checking with binary attribute GUID falsely prevented an entry to be modified.
- If the template file for a login form could be be read (exception IOError) an error message is displayed to the user.
-
Improvements to plug-in modules/classes:
- New base class NullTerminatedDirectoryString and registered eDirectory attribute type extensionInfo with that.
- New class for eDirectory attribute type indexDefinition.
- Tabs in XML data are now expanded so it looks much nicer.
- Registered more DirXML-related attribute types with plugin class XmlValue.
1.0.28
Release Date: 2009-07-29
- The content of LDAPSession.rootDSE is now written to the error log as LDIF in case of unhandled exceptions.
- Corrected bug causing an UnicodeError exception when switching from table to template input form.
-
Changes to footer of table input form:
- Table HTML tags have title attributes for describing the input fields.
- The select lists for additional values are skipped when there are no more textual and/or binary multi-valued attributes.
- Attribute type objectClass is not added to select lists of additional values since it always has to be changed through the object class select form.
1.0.27
Release Date: 2009-07-25
- Plugin classes now consistently have an instance of class ldaputil.schema.Entry in class attribute _entry.
- Fix in syntax class DynamicValueSelectList: Fixed handling a KeyError exception in case the option value also cannot be read (e.g. because of insufficient access).
- New plugin class for configuration attribute type nspmPasswordPolicyDN used in Novell eDirectory.
- No unnecessary LDAP search done by plugin class w2lapp.schema.plugins.nis.GidNumber if the entry is posixGroup entry.
- The select lists in the group administration now show the full DN of group entries as option text if the naming attribute of the group entry could not be read (e.g. because of insufficient access) in case the group search root was an empty DN.
1.0.26
Release Date: 2009-07-23
- The fix for attribute type name aliasing issue when displaying the table input form during modifying an entry was erroneous. Only existing attributes were shown in the table input form. This is fixed now.
-
Lots of clean-ups, corrections and additions in file
etc/web2ldap/ldapoidreg.py
.
1.0.25
Release Date: 2009-07-18
-
Serious security fix:
After another bind operation StartTLS was disabled. Uumpf! - Some small fixes/improvements for plugin classes for Novell eDirectory.
1.0.24
Release Date: 2009-07-17
- New base plugin class OnOffFlag.
- New plugin module for OpenDS (mainly some configuration attributes).
- New plugin module for ACP 133 based on draft-dally-acp133-and-ldap mainly with simple select lists and not tested.
- New plugin module for attribute types defined in draft-vchu-ldap-pwd-policy.
1.0.23
Release Date: 2009-07-14
- Cache hit ratio is displayed in [ConnInfo].
- Added plugin class for OpenLDAP's accesslog attribute reqResult.
- The global default in the source distribution for tls_cacertfile is now set to <web2ldap-root-dir>/etc/web2ldap/ssl/crt/trusted-certs.crt. There you can put all trusted ASCII-armored CA certificate files (so-called PEM format).
- The LDAP URLs used QUERY_STRING or in ldap_uri_list can now have the extension x-starttls which indicates that StartTLS extended operation should be used. For security reasons the maximum value of host-/backend-specific parameter starttls and x-starttls is used.
- Fixed an attribute type name aliasing issue when displaying the table input form during modifying an entry.
- Optional usage of StartTLS ext.op. is more gracefully handled if the LDAP server does not support but it.
1.0.22
Release Date: 2009-07-02
- Removed debug print statement.
1.0.21
Release Date: 2009-06-30
- More robust conversion of ldap.LDAPError exceptions to error message texts.
- Peter Gutmann's dumpasn1.cfg was updated and the new format is supported now.
-
Improvements to handling of DIT structure rules and name forms:
- Small improvements for determining the governing structure rule of an entry at client-side if attribute governingStructureRule is not available. Still not perfect I suspect...
- Fixed searching and displaying DIT structure rules (which have no class attribute oid) in the schema viewer.
- If several name forms result in a single RDN template string then this particular RDN template is only shown once in the RDN select list.
-
Improvements to plug-in modules/classes:
- AD-specific plug-in class for attribute types objectSID and sIDHistory now accepts SDDL representation as user input instead of hex-dump data.
- Added more well-known SID to AD-specific plugin class OtherSID.
- New AD-specific plugin classes for attribute types domainRID and objectClassCategory.
- New base plugin class DumpASN1CfgOID for OIDs registered in Peter Gutmann's dumpasn1.cfg.
- New plugin module pkcschema for draft-ietf-pkix-ldap-pkc-schema.
- New plugin class for attribute type authorizedService which implements a select list for IANA GSSAPI/Kerberos/SASL Service names.
- New base plugin class for XML data (requires Python 2.5+).
- New plugin class for attribute type XmlData used in eDirectory/DirXML.
1.0.20
Release Date: 2009-04-21
- When displaying information for an OID in rootDSE the values are now properly HTML-escaped.
- New plug-in module for MS SFU with a class for attribute type msSFU30NisDomain.
- Small change to search result caching.
- Slightly better work-around for the non-compliant multiple values in attribute structuralObjectClass in W2K8 MS AD.
- The schema viewer now correctly passes the current DN around no matter whether there's a MS AD schema entry to reference or not.
- New base plug-in class for SCHAC URNs.
1.0.19
Release Date: 2009-04-11
- If sanitizing the user input data for an OctetString attribute value fails because of illegal characters a LDAPSyntaxValueError is now raised which leads to an error message being displayed.
- During DNS SRV lookups the Unicode domain name string is now encoded as IDNA.
1.0.18
Release Date: 2009-04-09
- Attribute objectClass is never ignored when generating modification list even if a misbehaving DSA (e.g. W2K8 MS AD) declares this attribute as NO-USER-MODIFICATION.
- Object class top is filtered from attribute structuralObjectClass if a misbehaving DSA (e.g. W2K8 MS AD) falsely added it.
- Several updates for AD-specific plug-in classes for W2K8 AD.
- Function ldaputil.modlist2.modifyModlist() now catches KeyError exception if an attribute type was not found in subschema and treats this attribute type like one without an equality matching rule.
- During a long-lasting recursive delete there's an empty string written to the outgoing data stream for keeping the connection to the user's web browser open. Otherwise e.g. Apache's mod_fcgid (or mod_fastcgi) reported an internal server error 500.
- The time needed for a recursive delete is displayed.
- Simple select-list plug-in base class YesNoIntegerFlag where 0 means No and 1 means Yes.
-
Domino-specific plug-in classes for the following attribute types:
- AvailableForDirSync
- EncryptIncomingMail
- CheckPassword
- MailServer
- Fixed regex pattern for Domino attribute types dominoCertificate etc.
1.0.17
Release Date: 2009-03-30
- New AD-specific plug-in classes for attribute types objectSID and tokenGroups*. The latter displays a search link for searching the accompanying group entry by SID or displays the name of e.g. BUILTIN groups (well-known SIDs).
-
New/improved Samba-specific plug-in classes:
Attribute type Additional functionality sambaGroupType static select field sambaForceLogoff static select field sambaAcctFlags decoded display, regex checking sambaSID regex checking sambaSIDList displays a search link - Many corrections in HTML output for errors found with tidy.
- Update of LDIF file with local fall-back schema.
1.0.16
Release Date: 2009-03-27
- w2lapp.schema.syntaxes.DynamicValueSelectList._doSearch() catches exception ldap.NO_SUCH_OBJECT.
- New AD-specific plug-in class for attribute type sAMAccountName which limits the length of the attribute value(s) to 20.
- Security fix: If an invalid command was sent and is displayed it's correctly escaped now.
1.0.15
Release Date: 2009-03-21
- Registered MS AD attribute types wWWHomePage and url with syntax class Uri.
- Registered MS AD attribute type userParameters with syntax class OctetString.
- Fixed and documented handling of host-/backend-specific parameter modify_constant_attrs. Added this parameter to default section in sample configuration.
- Form parameter in_assertion is now required. This prevents an incomplete input form to be processed when submitting the input form to modify the edited entry too fast (due to slow browser or network connection).
- plug-in class Select (and all derived classes) now display a normal input field if the select options dictionary attr_value_dict is empty (e.g. in case no LDAP search results were found in class DynamicValueSelectList).
-
New plug-in class for attribute type gidNumber which has
a special behaviour depending on the entry's object class:
- posixAccount or shadowAccount
-
- Displays a link to search for the group entry when displaying the entry.
- Displays a select list with all group entries found of object class posixGroup when editing the entry. Option text in the select field is the attribute cn of the group entry.
- posixGroup
-
- Displays a link to search group members when displaying the entry.
- Displays a normal input field when editing the entry.
1.0.14
Release Date: 2009-03-20
- Corrected bug causing an UnicodeError exception in the object class select form in case the parent DN contains a NON-ASCII character.
1.0.13
Release Date: 2009-03-19
- plug-in classes now have access to the whole LDAP entry an attribute is part of. This enables plug-in classes to be much smarter since they can filter the action performed based on e.g. object class and other attributes.
-
New plug-in module schac for
SCHAC
(SCHema for ACademia).
Attribute type Type of plug-in class schacCountryOfCitizenship select field schacCountryOfResidence select field schacGender select field schacDateOfBirth input field with regex checking schacYearOfBirth input field with regex checking schacMotherTongue input field with regex checking schacHomeOrganization input field with regex checking - Synchronously retrieved search results are now directly cached for 5.0 seconds in ldapsession.LDAPObject.search_ext_s(). This speeds up retrieving options for dynamically generated select lists (in plug-in classes derived from base class DynamicValueSelectList).
- New plug-in class for attribute type memberUid which displays a link to search for the user entry of a particular group member.
-
Added new base plug-in class w2lapp.schema.syntaxes.DNSDomain
and registered the following attribute types with it:
- dhcpDomainName
- nisDomain
- associatedDomain
-
Added new base plug-in class w2lapp.schema.syntaxes.DomainComponent
and registered the following attribute types with it:
- dc (alias domainComponent)
- Select lists generated for multi-valued attributes now only show other possible values which are not already in the set of current attribute values.
1.0.12
Release Date: 2009-03-05
- Corrected bug causing an UnicodeError exception when switching input forms.
- Registered plug-in class SecondsSinceEpoch for various timestamp attributes defined in the Samba 3.0 schema.
1.0.11
Release Date: 2009-02-21
- Fixed identiation bug in DynamicValueSelectList which caused wrong select list when two attribute names were given in DynamicValueSelectList.ldap_url.
1.0.10
Release Date: 2009-02-19
- Work-around for a bug in OpenLDAP 2.4 which prevents values for attribute objectClass to be deleted explicitly.
1.0.9
Release Date: 2009-02-13
- Fixed MS AD plug-in class: If attribute logonHours is not present in entry it does not get accidentally set.
- Registered MS AD plug-in class LogonHours also for Samba attribute sambaLogonHours.
1.0.8
Release Date: 2009-02-07
- Code cleaning: Removed tabs from source code.
- New plug-in class for MS AD attribute type pwdProperties.
1.0.7
Release Date: 2009-01-02
- Plus sign is now allowed in local part in values of attribute mail.
- New plug-in module x500dsa for X.500 DSAs.
-
Some servers require to read the subschema subentry explicitly
by using filter
(objectClass=subschema)
in the search request. So this is now done when displaying the link to the subschema subentry in the context menu of the schema viewer. - Regex-checking for timestamps was relaxed to accept timezone parts.
-
The
+
(All Operational Attributes, RFC 3673) is not used in the attribute list when reading an entry to be modified for generating the modification input form.
1.0.6
Release Date: 2008-12-20
-
Improvements to plug-in modules/classes:
- New plug-in class for attribute type krbSearchScope.
- Removed import of non-public plug-in module not shipped with download file.
- Fixed broken modification list when removing an attribute completely which has an EQUALITY matching rule.
1.0.5
Release Date: 2008-10-13
-
Improvements to plug-in modules/classes:
- New plug-in module lotusdomino for LDAP interface of Lotus Domino server.
- New plug-in class for attribute types found in schema of MIT Kerberos LDAP backend: krbTicketFlags, krbPrincipalType and krbTicketPolicyReference.
- New plug-in class for LDAP syntax UUID.
- Fix in BitArrayInteger.formValue for adding new values.
-
Case-insensitive sorting for...
- attributes in table view when displaying or editing entries
- object classes in object class input select lists
- lists of schema links in schema viewer
- Fixed SyntaxError only occurring with Python 2.3.
- Several updates to the country code configuration file including a fix NON-ASCII encoding of country names.
1.0.4
Release Date: 2008-09-23
- The basic searchform is displayed now when the server to connect to is chosen from the select list of [Connect] page. This avoids the annoying message "no search results found" when connecting without specifying a base DN.
- Corrected HTML templates for object class organization.
- Values for form parameter search_attrs can now be 1000 chars long.
1.0.3
Release Date: 2008-09-06
- Fix in schema viewer: When doing a wildcard search schema elements with several NAMEs are not listed more than once anymore.
- New plug-in module eduperson and HTML templates for eduPerson.
- Exception ldap.NO_SUCH_OBJECT is ignored when adding a new entry and therefore reading the parent entry (for determining the governing structure rule). This happens when adding the root entry in a naming context.
-
Documentation update:
Update to python-ldap 2.3.5+ is required if the LDAP server's subschema contains name forms. - Fixed a regression when adding a new entry if the structural object class of the superior entry cannot be determined (e.g. a rootDSE without objectClass attribute).
1.0.2
Release Date: 2008-09-04
- Fixed more regressions in case the subschema subentry cannot be read (e.g. because of access control).
- Fixed a regression when trying to modify the rootDSE...
1.0.1
Release Date: 2008-09-03
- Fixed regression in SubSchema.get_applicable_name_form_objs() which raised an exception when trying to add a new entry (choosing [New Entry]) in root naming context (empty DN).
- Fixed regression when generating context menu in schema viewer in case the subschema subentry cannot be read (e.g. because of access control).
1.0.0
Release Date: 2008-09-03
- It is now possible to specify a set of named templates for basic search forms with parameter searchform_template which appear in the context menu when displaying a search form.
- When renaming an entry the new superior DN can be searched. The possible candidates are then displayed as select list. Also see new host-/backend-specific parameter rename_supsearchurl which is a named set of LDAP URLs to specify how to search for a new superior DN.
-
Support for DIT structures rules and nameforms:
- When adding a new entry the DIT structures rules applicable to the parent entry are used to determine the set of possible structural object classes for the new entry when displaying the object class select form.
- Possible name forms are displayed as RDN template strings in the [Rename] input form if there are any defined for the structural object class of the entry.
- When renaming an entry the filter for searching the new superior DN is suggested according to the governing structure rule for the entry to be renamed.
-
Improvements to plug-in modules/classes:
- Placeholders can now be appended at the end of the DN portion of DynamicValueSelectList.ldap_url and are substituted by entry's current DN, entry's parent or the best matching naming context.
- New plug-in module dhcp for draft-ietf-dhc-ldap-schema.
-
Improvements in schema browser:
- A certain type of schema elements can be selected in the context menu.
- Simple wildcard search is supported on OIDs and NAMEs with asterisk (*) being placed at the begin and/or end of the search string.
- Better error handling in the schema viewer when displaying a matching rule in case an attribute type is referenced in an attribute type description as SUP which is not present in the subschema.
- Adding another attribute value in the entry input form for a textual attribute is now done with an additional submit button [+] which results in an additional input field being displayed for the chosen attribute type. The advantage is that the additional input field is generated by an accompanying plug-in class if possible.
- The monitor page can now be restricted by source IP.
- In the monitor page the number of all web sessions initialized since start up is displayed.
- A warning message is displayed (instead of exception being raised) if the user did not choose a STRUCTURAL object class when adding a new entry.
-
Small improvements in cert/CRL viewer:
- If the subject- or issuer DN of a cert/CRL contains characters not valid for the given ASN.1 string type the viewer now falls back to display the invalid characters in hex-escaped form (instead of raising UnicodeError).
- The OIDs of attribute types used in subject and issuer names are displayed.