CHANGES.txt for the LDAPUserFolder

  This file contains change information for the LDAPUserFolder product.
  To see changes made to revisions prior to the latest version see
  HISTORY.txt.

    2.6 (2005/10/29)

      Features added:

        * Expanded findUser with an argument "exact_match" to signal
          whether a search term passed in should only return exact
          matches or wildcard matches. This is also exposed on the Users
          tab in the ZMI as a selection widget for the search form.
          (Inspired by a suggestion from Sidnei da Silva)


    2.6beta3 (2005/09/22)

      Other:

        * Folded the CMFLDAP product into the LDAPUserFolder package

        * Revamped the unit tests to share test fixture creation code and
          to work in both Zope 2.7 and 2.8 without problems.

        * The LDAPUserFolder factory method and the initialization code were
          massively simplified. A lot of duplicated code was removed. When
          adding a LDAPUserFolder, there is no longer a separate Add view.
          The user folder will be created straight away and the admin will 
          be redirected to the Configure tab of the new instance.

          **Note**: If you have code that programmatically instantiates
                    LDAPUserFolder instances then you must change it. See
                    the unit test files "setUp" method for an example how
                    to do it from this point on.

      Bugs fixed:

        * Fixed a serious bug that crept into version 2.6beta1 and which
          led to users being able to log in with a wrong password or no
          password.

        * The getId method on the LDAPUser class neglected to encode the
          user ID to an encoded string and handed back unicode, which could
          lead to strange failures elsewhere. Most code handling IDs is not
          equipped to deal with unicode.

        * A bug had crept into the logging subsystem that could cause
          spurious error messages.
          (http://www.dataflake.org/tracker/issue_00462)

        * The user records found via the Users tab search were not 
          consistent with the users that can actually log in because the
          search on the Users tab did not filter out records that do not
          match the user object classes as defined on the Configure tab.
          (http://www.dataflake.org/tracker/issue_00260 and 
          http://www.dataflake.org/tracker/issue_00445)
  

    2.6beta2 (2005/07/28)

      Bugs fixed:

        * Previous changes in how the LDAPUserFolder handles the
          conversion of LDAP group memberships to Zope roles (it was made
          explicit as opposed to automatic and implicit) made the
          LDAPUserSatellite less useful for users who expected LDAP
          group names to automatically show on the user object. Now the
          LDAP User will carry a hidden field for all current LDAP group
          memberships, which can then be consulted by the LDAPUserSatellite
          to determine what additional roles to hand out. (Suggestion by
          Dirk Datzert)
          
        * The LDAPUserSatellite configuration screen would blow up trying
          to determine the logging level, which has been removed.

        * Before returning a new connection in the internal LDAPDelegate
          connection methods the Manage DSA IT control was enabled. This
          was the result of misunderstanding the control - it really is
          only needed to directly access and manipulate a referral or 
          alias entry without having the server send you to the referred
          or aliased server.

      Features added:

        * The old behavior of mapping every LDAP group name a user is member
          of to a Zope role of the same name can now be reactivated using 
          a new configuration option named "Group mapping" on the
          Configuration tab. Many thanks to Dirk Bergstrom for a set of 
          patches and unit tests.
          (http://www.dataflake.org/tracker/issue_00459)


    2.6beta1 (2005/07/05)

      Others:

        * Spell out how to safely upgrade in README.txt by using the
          emergency user to delete/recreate the instances.

      Bugs fixed:

        * Made the getAttributesOfAllObjects method more resilient by
          always providing a key per queried attribute in the resultset
          (http://www.dataflake.org/tracker/issue_00456 by Pierre-Julien
          Grizel)

        * Applied a similar fix to getUserIds and getUserIdsAndNames that
          was applied for Tracker issue 441 to make sure empty resultsets
          don't lead to catastrophic failures
          (http://www.dataflake.org/tracker/issue_00446 by Pierre-Julien
          Grizel)

        * An earlier special-casing applied by Chris McDonough to
          correctly handle AD objectGUID values has been applied in a 
          second place, in the findUser method (patch by Mark Hammond).

        * Deleting a user record would be short-circuited if the user
          record itself was not in the DIT anymore, e.g. because someone
          manipulated the DIT without the user folder knowing about it. 
          This prevented cleanups for group memberships to be performed.
          (http://www.dataflake.org/tracker/issue_00439 by Hans-Juergen
          Sell)

        * The getUserNames function did not react correctly in the face of
          an empty resultset from getAttributesOfAllObjects and would
          prevent admins from using the ZMI local role management view.
          getUserNames now also raises a OverflowError if no results have
          been returned in order to show a simple text input widget on the
          local role management view instead of the multiple choice select
          box. (http://www.dataflake.org/tracker/issue_00442 by Andrew 
          Veitch and http://www.dataflake.org/tracker/issue_00441 by 
          Hans-Juergen Sell)

      Features added:

        * Added the new logging machinery to the LDAPDelegate class which
          improves lower-level LDAP problem discovery.

        * Moved away from the current way of logging to a purely zLOG-based
          mechanism. This will make sure that all logging for Zope is in 
          one and the same place and that more information can be passed
          along to the logging mechanism, such as tracebacks.
          (http://www.dataflake.org/tracker/issue_00438 by Mark Hammond)

        * Refactored the code that has python-ldap dependencies so that
          only the LDAPDelegate instance now holds all the cards. This
          enables plugging in different delegate implementations because
          subclassing LDAPDelegate and overriding implementation details
          has become easier.
          (http://www.dataflake.org/tracker/issue_00438 by Mark Hammond)

        * Added a registry for delegate implementations so that other 
          delegate classes can register themselves with this registry and
          become available to the LDAPUserFolder during instantiation.

