What's new in web2ldap 1.2.36
Jul 27, 2015
- [Read] links are always displayed in the middle area after adding/modifying an entry.
- Fixed regression with missing last entry when displaying all entries.
New in web2ldap 1.2.11 (Jan 16, 2015)
- Fixed unhandled exception when displaying dhcpStatement value with no space-separated value.
- Fixed generating input form values for associatedDomain.
- Fixed/improved some HTML search form templates.
- Added plugin class for mXRecord.
- Added additional safety check for invalid key string in HTML template dictionary.
- Added example configuration snippet for accessing web2ldap running as external FastCGI responder via lighttpd.
- Added script sbin/web2ldap_postinstall.sh which adds demon user/group, creates directories and fixes ownership/permissions.
- Added select list plugin class for NIS attribute ipServiceProtocol.
- Added inputform template for dNSDomain2.
- Updated fallback schema file localschema.ldif.
- HTTPS links are used for all IETF docs, PyPI and Google code links.
- Added HTML templates for object classes namedObject and namedPolicy (defined in draft-stroeder-namedobject)
- Added HTML templates for object class groupOfNames.
New in web2ldap 1.1.49 (Dec 16, 2013)
- New features/enhancements:
- Group administration UI now generates tags with enclosed tags with parent DN of group DN as label. This is very helpful if same group names are used in different subtrees.
- Security fixes:
- Fixed possible XSS flaw when displaying group DN and entry data in group administration UI.
- Bugs fixed:
- More robust attribute value auto-generation in plugin class w2lapp.schema.plugins.posixautogen.HomeDirectory.homeDirectoryTemplate.
- More robust parsing of attribute olcSyncrepl.
New in web2ldap 1.1.48 (Nov 26, 2013)
- New features/enhancements:
- Added/registered plugin classes for the following MIT Kerberos attributes:
- krbPwdPolicyReference
- krbPwdLockoutDuration
- krbMinPwdLife
- krbMaxPwdLife
- Bugs fixed:
- Fixed LDAP filter in plugin class for krbTicketPolicyReference.
- Cache for auditContext attribute not flushed.
- Gracefully handle server explicitly not allowing simple bind requests.
New in web2ldap 1.1.47 (Oct 28, 2013)
- Fixed Python 2.6 compability issued in checkinst.py.
- Registered more MS AD attributes with plugin class Binary.
- Exception ldap.STRONG_AUTH_REQUIRED is ignored when reading rootDSE.
New in web2ldap 1.1.43 (Sep 2, 2013)
- New features/enhancements:
- Improved HTML layout when displaying certificate/CRL.
- Certificate/CRL viewer now displays OID names also for deeply nested X.500 Name (DNs).
- CRL viewer now displays CRLReason extension.
- New plugin module w2lapp.schema.plugins.x509 now contains all the cert/CRL plugin classes and new stub classes for all the LDAP syntaxes defined in RFC 4523.
- Bugs fixed:
- Fixed using module pisces.asn1 really optionally (regression introduced in 1.1.42).
- Fixed Unicode issue in plugin class for Lotus Domino/LDAP attribute dominoCertificate.
- Added work-around for UnicodeDecodeError if buggy LDAP server (Lotus Domino/LDAP 7.x) returns diagnosticMessage with non-ASCII characters as ISO-8859-1 (Latin1).
- Code cleaning:
- New syntax class w2lapp.schema.syntaxes.CSN registered for OpenLDAP attribute types contextCSN, entryCSN and namingCSN.
New in web2ldap 1.1.37 (Jun 25, 2013)
- New features/enhancements:
- New class attrs LDAPSyntax.searchSep/readSep/fieldSep used consequently everywhere through class w2lapp.read.DisplayEntry. This enables plugin classes to control how multiple attribute values are separated.
- Search form parameter filterstr can now be multi-valued and its values are always evaluated along with the other form parameters from basic/advanced search form. This allows to define search form templates with arbitrary additional filters to be combined with user's input in the search form.
- OpenLDAP's no-op search control is now sent with tight timeout (5 sec) to not overwhelm the server in case many entries have to be checked.
- Bugs fixed:
- Corrected determining server name in standalone mode.
- Fixed Unicode handling of attribute type names when displaying password attributes after changing them.
- Fixed issue with multiple delsid form parameter sent after re-login.
New in web2ldap 1.1.33 (May 21, 2013)
- New features/enhancements:
- All group modifications are displayed.
- New plugin classes for MS AD attributes:
- GUIDs (objectGUID, parentGUID, rightsGuid, siteGUID)
- msDS-SupportedEncryptionTypes
- New plugin classes for pwdExpireWarning and pwdMaxAge display search links.
- It's now possible to search for arbitrary OctetString values.
- If host-specific parameter search_attrs is not set or an empty list all attribute types are displayed in attribute select list in advanced search form.
- Bugs fixed:
- If a only a single char * or + is given as attribute list this is no longer treated as a real single attribute when reading an entry.
New in web2ldap 1.1.32 (May 11, 2013)
- New features/enhancements:
- New plugin class w2lapp.schema.syntaxes.Timespan displays time spans as hours, minutes, seconds used for:
- pwdMinAge
- pwdMaxAge
- pwdExpireWarning
- entryTTL
- Time before password expiration displayed as hours, minutes, seconds.
- When submitting several group modifications all failed attempts are collected and displayed with LDAP error information after processing all group modifications.
- Bugs fixed:
- Better handling of LDAPError exceptions in case the LDAP server does not support "Who am I?". Especially occured as problem with SASL/GSSAPI bind.
- Plugin class DNSDomain lower-cases input values before applying the IDNA encoding.
New in web2ldap 1.1.31 (Feb 18, 2013)
- New features/enhancements:
- The number of revoked certs is displayed when displaying a CRL.
- New plugin class for NIS attribute macAddress which sanitizes user input and does reg-ex checking.
- New plugin module for sudo-ldap.
- Plugin class for memberURL now strips white-spaces from input values.
- Bugs fixed:
- Small fix for displaying LDAP error messages.
- Fixed handling of class attributes valuePrefix and valueSuffix in plugin class DynamicValueSelectList.
- Work-around for LDAP URLs with bad search filter passed in as QUERY_STRING in the URL.
New in web2ldap 1.1.30 (Jan 21, 2013)
- New features/enhancements:
- The "Who am I?" extended operation is now always used to detect bind-DN rewriting also in case of simple bind.
- Some more plugin classes in module w2lapp.schema.plugins.pgpkeysrv.
- Bugs fixed:
- More liberal regex pattern for sambaAcctFlags.
- Fixed an exception caused by empty strings in an attribute list when reading an entry.
New in web2ldap 1.1.28 (Dec 28, 2012)
- Installation and Configuration changes:
- Python module netaddr can be used as alternate implementation of required classes IPAddress and IPNetwork.
- New features/enhancements:
- Error message is displayed in HTML output if there is an string format error in HTML template which caused TypeError internally.
- New HTML templates for Samba3 LDAP schema.
- Values for attributes sambaSID are auto-generated if empty.
- New or existing plugin classes registered for attribute types in Samba3 LDAP schema:
- sambaDomainName
- sambaHomeDrive
- sambaLogonToChgPwd
- sambaPrimaryGroupSID
- Bugs fixed:
- Work-around for missing form field if ldapsession.PasswordPolicyException is caught and w2lapp.passwd.PasswdForm() is invoked directly.
- @ character is now allowed in form parameter search_attrs to correctly support RFC 4529.
New in web2ldap 1.1.26 (Dec 8, 2012)
- New features/enhancements:
- Declared new plugin class for attribute type x509keyUsage
- Bugs fixed:
- Fixed Unicode issue in w2lapp.schema.syntaxes.SelectList which affected all classes derived from that.
- Added dummy value for attribute LDAPSyntax.oid to various base plugin classes to avoid false registration under some circumstances.
New in web2ldap 1.1.22 (Jun 23, 2012)
- Using the tree delete control is no longer the default when OpenLDAP is detected as the LDAP server. A new plugin class was added for attribute type memberUrl, which checks various values in the LDAP URL.
- LDAP URLs are now displayed with better links when there is an empty hostport part. Better error handling was provided for cases of invalid subschema subentries.
- Some enhancements and fixes were made regarding DNS SRV lookups for internationalized domains.
New in web2ldap 1.1.16 (May 7, 2012)
- This version adds several plugin classes for OpenDS/OpenDJ servers, adds support for session tracking control, adds workarounds for buggy LDAP server versions, and fixes some plugin classes for MS AD.
New in web2ldap 1.1.10 (Mar 28, 2012)
- Fixes for validating uniqueMember attribute values.
- Registers various attribute types of OpenLDAP's cn=config with the plugin class MultilineText.
- Some small fixes for plugin classes and referral handling.
New in web2ldap 1.1.8 (Mar 22, 2012)
- More templates for OpenLDAP's cn=config and OpenDJ's changelog.
- Some other small fixes.
New in web2ldap 1.1.5 (Mar 10, 2012)
- A regression regarding setting SSL/TLS options has been fixed.
- Several fixes and more translations for HTML templates have been added.
New in web2ldap 1.1.2 (Feb 27, 2012)
- Search assertion values are normalized via plugin classes if the accompanying search_mode is not a substring search.
- This release fixes a regression bug that accidentally deleted binary/non-human-readable attributes (e.g. jpegPhoto or userCertificate;binary) when modifying an entry.
- There is a stricter regex pattern for checking values of LDAP syntax OID.
New in web2ldap 1.1.0 (Feb 17, 2012)
- This is a final release containing a few fixes for certificate upload and LDAP SRV RR lookups.
New in web2ldap 1.1.0 RC2 (Feb 4, 2012)
- This version fixes a NAME alias problem for AUX classes in DIT content rules.
- It has a more robust implementation of the dynamic select plugin class, and better validation of time and date inputs using the module datetime.
New in web2ldap 1.1.0 RC1 (Jan 30, 2012)
- This is the first release candidate, with several fixes.
New in web2ldap 1.1.0 Alpha 54 (Nov 17, 2011)
- The search root is now an independent form parameter.
- Additional LDAPv3 ext. controls can be also used when deleting entries and attributes, which is used for specific use-cases like account unlocking.
- The password change UI has a new input field for enforcing a password change after reset.
- There are more improvements and fixes.
New in web2ldap 1.1.0 Alpha 48 (Oct 26, 2011)
- The pre-configured section for OpenLDAP's cn=Monitor displays search results more nicely now.
- More consequent handling is made of search attributes when searching entries for various output formats and generating the LDAP URL of the search.
- The new plugin base class PropertiesSelectList lets you define option value-text pairs for select lists in simple property files.
- There are more user-friendly error messages in the connect dialogue.
- Improvements to group administration allow handling many groups and searching for groups.
- More CSS themes and various small fixes have been added.
New in web2ldap 1.1.0 Alpha 41 (Oct 3, 2011)
- Improved HTML templates.
- Many small fixes and improvements.
New in web2ldap 1.1.0 Alpha 33 (Jun 24, 2011)
- This version adds experimental CSV export.
- If the new password field is empty in the password change input form, the new password is randomly generated and displayed.
- More Unicode-related code cleaning.
- An attribute value in the user input is now preserved when re-displaying the input form in case of a syntax error.
- Attribute lists in LDAP URLs are now preserved in case of re-login.
New in web2ldap 1.1.0 Alpha 30 (Jun 5, 2011)
- Many fixes and improvements.
New in web2ldap 1.1.0 Alpha 28 (Feb 21, 2011)
New in web2ldap 1.1.0 Alpha 25 (Sep 29, 2010)
- Even more fixes were made for non-obvious XSS attacks.
New in web2ldap 1.0.29 (Aug 9, 2009)
- Note: This is the last release guaranteed to support Python 2.3!
- For various reasons you should seriously consider to upgrade your local Python installation.
- Various code-cleaning regarding a more consequent distinction of UnicodeType and StringType data.
- Multiple space characters in DNs and attribute values are now correctly displayed.
- Added a fall-back behaviour for older Python versions when registering T.61 codecs.
- In expert search form the HTML attribute maxlength is now set to the same values like specified for form parameters search_filterstr and search_attrs.
- If no values are entered into the advanced search form no search request with invalid filter is sent to the LDAP server anymore. Instead an error message is displayed.
- Fix for the group administration: Caching is now disabled when searching group entries the current entry is member of.
- When generating the assertion filter for detecting intermediate changes to edited entries all NON-ASCII chars are now quoted. E.g. with eDirectory cross-checking with binary attribute GUID falsely prevented an entry to be modified.
- If the template file for a login form could be be read (exception IOError) an error message is displayed to the user.
- Improvements to plug-in modules/classes:
- New base class NullTerminatedDirectoryString and registered eDirectory attribute type extensionInfo with that.
- New class for eDirectory attribute type indexDefinition.
- Tabs in XML data are now expanded so it looks much nicer.
- Registered more DirXML-related attribute types with plugin class XmlValue.
New in web2ldap 1.0.25 (Jul 19, 2009)
- Serious security fix: After another bind operation StartTLS was disabled. Uumpf!
- Some small fixes/improvements for plugin classes for Novell eDirectory.
New in web2ldap 1.0.23 (Jul 15, 2009)
- Cache hit ratio is displayed in [ConnInfo].
- Added plugin class for OpenLDAP's accesslog attribute reqResult.
- The global default in the source distribution for tls_cacertfile is now set to < web2ldap-root-dir >/etc/web2ldap/ssl/crt/trusted-certs.crt. There you can put all trusted ASCII-armored CA certificate files (so-called PEM format).
- The LDAP URLs used QUERY_STRING or in ldap_uri_list can now have the extension x-starttls which indicates that StartTLS extended operation should be used. For security reasons the maximum value of host-/backend-specific parameter starttls and x-starttls is used.
- Fixed an attribute type name aliasing issue when displaying the table input form during modifying an entry.
- Optional usage of StartTLS ext.op. is more gracefully handled if the LDAP server does not support but it.
New in web2ldap 1.0.22 (Jul 2, 2009)
- Removed debug print statement.
New in web2ldap 1.0.21 (Jun 30, 2009)
- More robust conversion of ldap.LDAPError exceptions to error message texts.
- Peter Gutmann's dumpasn1.cfg was updated and the new format is supported now.
- Improvements to handling of DIT structure rules and name forms:
- Small improvements for determining the governing structure rule of an entry at client-side if attribute governingStructureRule is not available. Still not perfect I suspect...
- Fixed searching and displaying DIT structure rules (which have no class attribute oid) in the schema viewer.
- If several name forms result in a single RDN template string then this particular RDN template is only shown once in the RDN select list.
- Improvements to plug-in modules/classes:
- AD-specific plug-in class for attribute types objectSID and sIDHistory now accepts SDDL representation as user input instead of hex-dump data.
- Added more well-known SID to AD-specific plugin class OtherSID.
- New AD-specific plugin classes for attribute types domainRID and objectClassCategory.
- New base plugin class DumpASN1CfgOID for OIDs registered in Peter Gutmann's dumpasn1.cfg.
- New plugin module pkcschema for draft-ietf-pkix-ldap-pkc-schema.
- New plugin class for attribute type authorizedService which implements a select list for IANA GSSAPI/Kerberos/SASL Service names.
- New base plugin class for XML data (requires Python 2.5+).
- New plugin class for attribute type XmlData used in eDirectory/DirXML.
New in web2ldap 1.0.20 (Apr 22, 2009)
- When displaying information for an OID in rootDSE the values are now properly HTML-escaped.
- New plug-in module for MS SFU with a class for attribute type msSFU30NisDomain.
- Small change to search result caching.
- Slightly better work-around for the non-compliant multiple values in attribute structuralObjectClass in W2K8 MS AD.
- The schema viewer now correctly passes the current DN around no matter whether there's a MS AD schema entry to reference or not.
- New base plug-in class for SCHAC URNs.
New in web2ldap 1.0.18 (Apr 9, 2009)
- Attribute objectClass is never ignored when generating modification list even if a misbehaving DSA (e.g. W2K8 MS AD) declares this attribute as NO-USER-MODIFICATION.
- Object class top is filtered from attribute structuralObjectClass if a misbehaving DSA (e.g. W2K8 MS AD) falsely added it.
- Several updates for AD-specific plugin classes for W2K8 AD.
- Function ldaputil.modlist2.modifyModlist() now catches KeyError exception if an attribute type was not found in subschema and treats this attribute type like one without an equality matching rule.
- During a long-lasting recursive delete there's an empty string written to the outgoing data stream for keeping the connection to the user's web browser open. Otherwise e.g. Apache's mod_fcgid (or mod_fastcgi) reported an internal server error 500.
- The time needed for a recursive delete is displayed.
- Simple select-list plug-in base class YesNoIntegerFlag where 0 means No and 1 means Yes.
- Domino-specific plugin classes for the following attribute types:
- AvailableForDirSync
- EncryptIncomingMail
- CheckPassword
- MailServer
- Fixed regex pattern for Domino attribute types dominoCertificate etc.
New in web2ldap 1.0.17 (Mar 31, 2009)
- New AD-specific plugin classes for attribute types objectSID and tokenGroups*. The latter displays a search link for searching the accompanying group entry by SID or displays the name of e.g. BUILTIN groups (well-known SIDs).
- New/improved Samba-specific plugin classes:
- sambaGroupType static select field
- sambaForceLogoff static select field
- sambaAcctFlags decoded display, regex checking
- sambaSID regex checking
- sambaSIDList displays a search link
- Many corrections in HTML output for errors found with tidy.
- Update of LDIF file with local fall-back schema.
New in web2ldap 1.0.16 (Mar 27, 2009)
- w2lapp.schema.syntaxes.DynamicValueSelectList._doSearch() catches exception ldap.NO_SUCH_OBJECT.
- New AD-specific plugin class for attribute type sAMAccountName which limits the length of the attribute value(s) to 20.
- Security fix: If an invalid command was sent and is displayed it's correctly escaped now.
New in web2ldap 1.0.11 (Feb 22, 2009)
- A fix was made in the plugin-class DynamicValueSelectList.
- A work-around was made for a bug in OpenLDAP when generating a diff for the object class list.
New in web2ldap 1.0.9 (Feb 15, 2009)
- A fix was made for the plugin class LogonHours, which is now also registered for the attribute sambaLogonHours.
New in web2ldap 1.0.8 (Feb 7, 2009)
- This release adds more plugin classes and fixes minor interop issues.
New in web2ldap 1.0.5 (Oct 13, 2008)
- A new plugin module for Lotus Domino.
- New plugin classes for MIT Kerberos schema.
- A fix for a syntax error in Python 2.3.
- Updated country codes.
New in web2ldap 1.0.0 (Sep 3, 2008)
- Support for DIT structure rules when adding and renaming entries was added.
- The user can now let web2ldap search for a new superior entry when renaming or moving an entry.
- Named templates can be defined for basic search forms.
- Wildcard search for schema elements was added.
- A plugin-module for the draft-ietf-dhc-ldap-schema was added.
- Several more small enhancements and fixes were made.