- Started February 2018 mainly for reducing technial depths and stable deployment dependencies (see also 1.3.x changes).
- Reimplement logging in a thread-safe and consistent manner for all run modes with module logging.
HTTP-LDAP login bindings:
Define binding conditions between HTTP connection parameters (REMOTE_ADDR, REMOTE_USER, etc.) and a LDAP authz-DN entry which is result of a LDAP bind.
- Use dnspython instead of pydns for looking up SRV RRs and checking DNS attribute values.
Planned as medium rewrite starting end of 2018.
Will require software updates / different installation:
- Handle LDIF change records
- pyweblib 1.4.0+ for HTML5 features
- Use module passlib for generating client-side password hashes.
New unified access control model for all running modes for the
different PATH_INFO URLs:
- classic IP address/network matching
- regex-matching of arbitrary environment vars
- Make use of HTML 5 features like <datalist> etc.
- More password hashing/crypting schemes.
- <optgroup> markup in all dynamic select lists for grouping options along their superior DNs.
- Drop-down menu structure with all possible context menu items reachable by one click.
- Reimplement certificate/CRL viewer based on asn1crypto to get rid of Pisces license.
More powerful handling of attribute input fields:
- Multi-select fields for multiple attribute values.
- Multiple check boxes for setting bits in an Integer.
- Attribute values composed of multiple accompanying input fields.
- Multi-line input fields for attributes X-ORDERED set.
- LDAP transaction support (see RFC 5805) for bulk write operations (group administration and bulk modify/renaming)
- Search extensions:
- CSS style chooser.
- Time zone chooser.
Planned as complete rewrite in rather far future especially regarding HTML generation and input form handling:
- Based on Python 3.6+.
- Rewrite of user interface with a template-based web framework following MVC design principle.
- User interface in multiple languages, better localization.
- Support for language tags and ranges when displaying LDAP entries via HTML templates.
Redesign of plug-in API:
- Plug-in classes for pre-input, post-input actions at entry level which makes it possible to implement attribute actions which depend on other entry data (e.g. autogeneration/composition of attribute values).
- Plug-in classes will be limited to a certain scope by configuration (e.g. by matching LDAP URL).
- HTML-based help system.