Michael Ströder
2014-10-03 19:28:02 UTC
HI!
There's the final release of web2ldap 1.2.0 available.
It's considered to be the best web2ldap release so everybody's encouraged to
upgrade to this version. See detailed changes below.
Download here:
http://www.web2ldap.de/download.html
Features:
http://www.web2ldap.de/features.html
sha256sum web2ldap-1.2.0.tar.gz
8cb1ae12c58d98ff1f531c3890339988e2a0ff63e2106032482eb91b55ebd97d
Ciao, Michael.
-------------------------------------------------------------------
1.2.0
Release Date: 2014-10-03
Installation and configuration changes
The following changes to local system installation/
configuration are required:
* Update will break your existing_installation/
configuration!
* Upgrade to Python_2.7.0_or_newer.
* Upgrade to python-ldap_2.4.14_or_newer.
* Old separate TLS configuration parameters were obsoleted
by new parameter tls_options.
New features/enhancements
* Implemented multi-session cookie handling with cross-
checking against web2ldap's session ID to prevent attacks
in case web server's access logs is not kept confidential.
Cookie usage is enabled by setting cookie_length to a non-
zero cookie value length.
* Now more TLS options can be set by using the more flexible
host-/backend-specific parameter tls_options.
* Input form entry data now processed in different steps to
give plugin classes access to more attributes in the
different stages. Especially there's a new method
LDAPSyntax.transmute() which has guaranteed access to the
whole entry and will be called several times if needed to
make composing attributes values possible.
* The sequence of keys used to determine HTML templates from
input_template and read_template is now first the single
STRUCTURAL object class followed by all non-STRUCTURAL
object classes.
* New context menu item [Clone] when displaying a single
entry leads to add form being displayed with the old entry
used as template.
* HTTP headers pre-configured with http_headers are now
consequently used for every HTTP response generated.
* Bulk modification/moving of entries derived from search
results. New context menu item [Bulk modify] is shown when
displaying search results.
* Bulk deleting of entries derived from search results. New
context menu item [Delete] is shown when displaying search
results.
* New host-/backend-specific configuration parameter
schema_supplement allows to extend the subschema with the
content of a locally installed LDIF file.
* New host-/backend-specific configuration parameter
schema_strictcheck to deal with buggy subschema in some
LDAP servers (e.g. issue_#47811_in_389-DS).
* Monitor page now shows maximum of concurrent sessions and
how many sessions were removed after timeout in the
session counter table.
* New host-/backend-specific configuration parameter
naming_contexts allows to set list of fake namingContexts
values.
* When starting in stand-alone mode the hostname in command-
line option -l is now fully honored to determine
SERVER_NAME and thus the cookie domain.
This works around a cookie issue with Google Chrome etc.
when listening just on 127.0.0.1. You can now add e.g.
localhost.localdomain to your /etc/hosts and set the
hostname with -l.
* Plugin classes SelectList and friends now support
additional option title. In particular
DynamicValueSelectList looks for attributes description or
info to determine the option title.
* Former configuration template files/snippets defined with
status_template, html_begin_template and link_css are now
all consolidated in one HTML template top_template.
* The redirect page can also be defined with a HTML template
file referenced by redirect_template.
* Added OpenSearch example file.
* "Don't Use Copy" control is used if readable in
rootDSE attribute supportedControl when reading an entry
before presenting modification input form. OIDs from RFC
6171 and OpenLDAP experimental are supported.
Dropped features
* Support for normally unused parameter
web2ldapcnf.misc.sec_expire was removed also due to
security issues with setting it to non-zero value.
* Host-/backend-specific parameter now login_default_mech
obsolete. You can specify a default login mechanism in the
HTML template referenced by login_template.
Changes in the UI
* Full bookmark links are now generated and added as link to
<head> section and in the displayed status area.
* When choosing [Modify] from the context menu the entry
input form is shown directly.
* The entry input form now provides [+] and [-] buttons for
easier input handling of multi-valued attributes.
* The entry input form now provides a button [Classes] for
changing the set of chosen object classes.
* New plugin class AuthzDN additionally displays a
description of the referenced entry. Registered for the
following attribute types:
o creatorsName
o modifiersName
o reqAuthzID
o monitorConnectionAuthzDN
* If the user submitted a search form without assertion
values the same search form is re-displayed now.
* When displaying search results the context menu now has a
new menu item [Modify Search] which allows to edit the
search input in an advanced search form if base or
advanced search form was used before.
* No context menu anymore displayed along with input form
for new entry.
* When adding a new entry two different forms are available
for choosing the object classes:
o Templates:
Displays a radio button list to choose from pre-
configured LDIF_templates
o Expert:
Displays multi-select lists for choosing the object
classes manually.
* mailto: links only displayed along with search results if
not only partial results were retrieved. Adding a mail
address more than once is avoided.
Bugs fixed
* Better error handling when exporting data to e.g. avoid
HTML error messages appearing in LDIF export.
* More graceful handling of errors when accessing a LDAP
server with very paranoid security settings (no anon bind,
explicit bind required, etc.).
Security
* Whereever possible the class random.SystemRandom is now
used for generating random stuff.
There's the final release of web2ldap 1.2.0 available.
It's considered to be the best web2ldap release so everybody's encouraged to
upgrade to this version. See detailed changes below.
From now on web2ldap 1.1.x is considered historic and will not be maintained
anymore.Download here:
http://www.web2ldap.de/download.html
Features:
http://www.web2ldap.de/features.html
sha256sum web2ldap-1.2.0.tar.gz
8cb1ae12c58d98ff1f531c3890339988e2a0ff63e2106032482eb91b55ebd97d
Ciao, Michael.
-------------------------------------------------------------------
1.2.0
Release Date: 2014-10-03
Installation and configuration changes
The following changes to local system installation/
configuration are required:
* Update will break your existing_installation/
configuration!
* Upgrade to Python_2.7.0_or_newer.
* Upgrade to python-ldap_2.4.14_or_newer.
* Old separate TLS configuration parameters were obsoleted
by new parameter tls_options.
New features/enhancements
* Implemented multi-session cookie handling with cross-
checking against web2ldap's session ID to prevent attacks
in case web server's access logs is not kept confidential.
Cookie usage is enabled by setting cookie_length to a non-
zero cookie value length.
* Now more TLS options can be set by using the more flexible
host-/backend-specific parameter tls_options.
* Input form entry data now processed in different steps to
give plugin classes access to more attributes in the
different stages. Especially there's a new method
LDAPSyntax.transmute() which has guaranteed access to the
whole entry and will be called several times if needed to
make composing attributes values possible.
* The sequence of keys used to determine HTML templates from
input_template and read_template is now first the single
STRUCTURAL object class followed by all non-STRUCTURAL
object classes.
* New context menu item [Clone] when displaying a single
entry leads to add form being displayed with the old entry
used as template.
* HTTP headers pre-configured with http_headers are now
consequently used for every HTTP response generated.
* Bulk modification/moving of entries derived from search
results. New context menu item [Bulk modify] is shown when
displaying search results.
* Bulk deleting of entries derived from search results. New
context menu item [Delete] is shown when displaying search
results.
* New host-/backend-specific configuration parameter
schema_supplement allows to extend the subschema with the
content of a locally installed LDIF file.
* New host-/backend-specific configuration parameter
schema_strictcheck to deal with buggy subschema in some
LDAP servers (e.g. issue_#47811_in_389-DS).
* Monitor page now shows maximum of concurrent sessions and
how many sessions were removed after timeout in the
session counter table.
* New host-/backend-specific configuration parameter
naming_contexts allows to set list of fake namingContexts
values.
* When starting in stand-alone mode the hostname in command-
line option -l is now fully honored to determine
SERVER_NAME and thus the cookie domain.
This works around a cookie issue with Google Chrome etc.
when listening just on 127.0.0.1. You can now add e.g.
localhost.localdomain to your /etc/hosts and set the
hostname with -l.
* Plugin classes SelectList and friends now support
additional option title. In particular
DynamicValueSelectList looks for attributes description or
info to determine the option title.
* Former configuration template files/snippets defined with
status_template, html_begin_template and link_css are now
all consolidated in one HTML template top_template.
* The redirect page can also be defined with a HTML template
file referenced by redirect_template.
* Added OpenSearch example file.
* "Don't Use Copy" control is used if readable in
rootDSE attribute supportedControl when reading an entry
before presenting modification input form. OIDs from RFC
6171 and OpenLDAP experimental are supported.
Dropped features
* Support for normally unused parameter
web2ldapcnf.misc.sec_expire was removed also due to
security issues with setting it to non-zero value.
* Host-/backend-specific parameter now login_default_mech
obsolete. You can specify a default login mechanism in the
HTML template referenced by login_template.
Changes in the UI
* Full bookmark links are now generated and added as link to
<head> section and in the displayed status area.
* When choosing [Modify] from the context menu the entry
input form is shown directly.
* The entry input form now provides [+] and [-] buttons for
easier input handling of multi-valued attributes.
* The entry input form now provides a button [Classes] for
changing the set of chosen object classes.
* New plugin class AuthzDN additionally displays a
description of the referenced entry. Registered for the
following attribute types:
o creatorsName
o modifiersName
o reqAuthzID
o monitorConnectionAuthzDN
* If the user submitted a search form without assertion
values the same search form is re-displayed now.
* When displaying search results the context menu now has a
new menu item [Modify Search] which allows to edit the
search input in an advanced search form if base or
advanced search form was used before.
* No context menu anymore displayed along with input form
for new entry.
* When adding a new entry two different forms are available
for choosing the object classes:
o Templates:
Displays a radio button list to choose from pre-
configured LDIF_templates
o Expert:
Displays multi-select lists for choosing the object
classes manually.
* mailto: links only displayed along with search results if
not only partial results were retrieved. Adding a mail
address more than once is avoided.
Bugs fixed
* Better error handling when exporting data to e.g. avoid
HTML error messages appearing in LDIF export.
* More graceful handling of errors when accessing a LDAP
server with very paranoid security settings (no anon bind,
explicit bind required, etc.).
Security
* Whereever possible the class random.SystemRandom is now
used for generating random stuff.