CHANGES.txt for the LDAPUserFolder

  This file contains change information for the LDAPUserFolder product.
  To see changes made to revisions prior to the latest version see
  HISTORY.txt.

    2.5

      Others:

        * Make the error message that gets created when a connection to the
          LDAP server fails a tick more verbose

      Bugs fixed:

        * Remove an optimization that would cache unsuccessful lookups in
          order to prevent undue strain on the LDAP server. The cached 
          records would prevent a LDAP server lookup for a pretermined
          time. This turns into a problem where code tried to check for
          the existence of a user before adding it and then trying to
          retrieve the new user to operate on it. Since the first lookup
          will have created an entry in the cache the second lookup to
          retrieve the user will always return None, even though the user
          might have been added successfully.


    2.5beta3

      Bugs fixed:

        * Using the full DN as the user's ID was broken since the AD-related
          "objectGUID" changes in 2.5beta1 due to a broken "if" statement.

        * Replace deprecated usage of ldap.is_ldap_url, thanks to Sebastien
          Munch (http://www.dataflake.org/tracker/issue_00419)

        * Add caching to getUserById and getUserByDN, it got "lost" during the
          cache changes introduced for version 2.4
          (http://www.dataflake.org/tracker/issue_00402)

      Others:

        * Removed the test_all.py helper script - the only supported way to
          run the unit tests is using "zopectl test" under Zope 2.7.x and up


    2.5beta2

      Bugs fixed:

        * Expiring users from the cache did not work correctly when a user
          password was changed or when the roles were edited and the user's
          DN contained non-ASCII characters, reported by Helge Tesdal.
          (http://www.dataflake.org/tracker/issue_00409)

      Features added:

        * In addition to the network-related timeout feature introduced on
          2.5beta1 there is now a operations timeout, which is useful if you
          have to live with strange network conditions that drop the 
          connection between the LDAPUserFolder and the LDAP server without
          the LDAPUserFolder knowing about it.

        * The LDAP over IPC protocol can now be used to communicate with
          the LDAP server through a file socket. Please see the README for
          additional notes on LDAP over IPC.


    2.5beta1

      Bugs fixed:

        * The setting for groups storage was not carried over from the Add
          screen when instantiating a new LDAPUserFolder.
          http://www.dataflake.org/tracker/issue_00387 by Pierre-Julien
          Grizel.

        * The getAttributesOfAllObjects method promised to return a mapping
          but returned an empty list in case of errors.

        * Ignore "DN" when passed in as an attribute to modify within
          LDAPDelegate.modify (it is not possible to modify a user's DN
          this way).

        * When changing user record attributes the "multivalued" flag from
          the LDAP Schema configuration was never consulted and if the
          new value contained a semicolon (;), it would automatically be
          considered multivalued. This made it impossible to have 
          single-valued attributes with semicolons in it.
          (http://www.dataflake.org/tracker/issue_00395)

      Features added:

        * Revamp tests so that they can be run comfortably using the Zope
          2.7.3+ idiom of running via "zopectl test".

        * Deal transparently with marshalling ActiveDirectory "objectGUID"
          values.  These are binary values, so they can't be sent without
          marshalling across the network.  This makes it possible to use
          an AD objectGUID a User Id attribute, 

        * Added a new "Network Timeout" setting to the LDAP server
          configuration. The Network Timeout prevents the LDAP connection
          from hanging indefinitely if the network connection cannot be
          established and connection attempts do not raise an immediate
          connection error. Important note: It is possible that during
          a request several attempts at connecting to the LDAP server
          are made. The time it takes for the LDAPUserFolder to return
          control to Zope will be the sum of the connection attempts 
          multiplied by the chosen Timeout value.
