[Zope-dev] [ ANN ] LDAPLoginAdapter 1.1 released
Jens Vagelpohl
jens@digicool.com
Wed, 21 Mar 2001 18:10:07 -0500
LDAPLoginAdapter 1.1, a user folder replacement that authenticates against
an LDAP server, has been released.
You can view some of the documentation and download the software at
http://www.dataflake.org/software/ldaploginadapter/
A Tracker at that same address allows you to easily file bug reports or
feature requests for this product.
Improvements and bugfixes since the last announcement include:
**LDAPLoginAdapter 1.1**
Features Added:
* Instead of hardcoding fixed publicly available attributes
onto the LDAPUser object you can now take full control
of the mapping from LDAP attribute to public user object
attribute.
A public user object attribute is an attribute that is
directly accessible on the user object. DTML code like
"AUTHENTICATED_USER.email" is an example of accessing
a directly accessible attribute on the user object. A lot
of legacy DTML code relies on such attributes.
Bugs fixed:
* finduser() now lowercases all DN records from valid groups
and compares it to a lowercased DN from any search results
among user records. This fixes records not showing up if
the capitalization in the group and on the user record
is different.
* When a user object was created the code expected a "mail"
attribute on the LDAP record to set the email attribute
used for compatibility with the Tracker. This has been
repaired and will just default to an empty string.
* Users who use tools like PADL's migration script end up
with records that do not have the expected "sn" attribute.
This is not set to a default value in finduser() to avoid
errors in case it is not there.
This will make the LDAPLoginAdapter compatible with
user records of type posixAccount.
**LDAPLoginAdapter 1.0**
Bugs fixed:
* Due to a bug in checking the return values from an LDAP search
the cache can be polluted by invalid records for failed
logins. This did not constitue a security breach, just more
processing than necessary.
**LDAPLoginAdapter 1.0beta3**
Bugs Fixed:
* Moved the LDAP search scope translation list from a volatile
attribute on the LDAPLoginAdapter to a module-level attribute.
This avoids any re-initialization calls.
* Eliminated the extra attribute _v_loglines that counted the
length of the log. A simple call to len(self._v_log) replaces
it where log length info is needed.
* Created one centralized method that handles connecting to and
searching the LDAP server. This allows centralized error
handling and makes for less and cleaner code. So far finduser,
getUserDetails, getGroups, getUserNames and _lookupuser have
been converted to use it instead of having their own connection
code.
* Rooted out error that would put a known user into the cache
even though the password was not matched. This was not a
security error since the broken user had the wrong password
and failed any tests in validate()
* Rigorous pruning of overly long lines of code to pare everything
down to 80 chars width max
* Avoiding unnecessary calls to the logging routine by checking
for the correct log level *before* the call and not in the
logging method.
* Added a file, SAMPLE_RECORDS.txt, that shows a sample group-
and user record. This will hopefully make it easier to
understand the types of LDAP records needed.
Features added:
* Nicer Search screen adopted from the LDAPUserManager