Products.ldapmultiplugins

----------------

- The ActiveDirectoryMultiPlugin did not ensure to correctly
escape search filters it constructed internally.
(http://www.dataflake.org/tracker/issue_00507)

- The add form selection whether or not to use SSL for the LDAP
server connection was not handed through correctly, identified
by Olivier Nicole (http://www.dataflake.org/tracker/issue_00526)

- Revamped the way recursive group memberships are found and applied,
not sure if the previous implementation was a bug or not. Many thanks
to John Hannon for a patch. This change includes the ability to
specify a nesting depth to which the recursive search will go.
(http://www.dataflake.org/tracker/issue_00513)

- Added some notes on how to enable caching using the ZCacheable
mechanism

----------------

- Update the enumerateGroups method to use the new LDAPUserFolder
method "searchGroups". This changes the LDAPUserFolder dependency
to version 2.7. Patch provided by Leonardo Rochael Almeida.

- The ActiveDirectoryMultiPlugin enumerateUsers method would only
search correctly if login or id were explicitly specified
(thanks to Sidnei da Silva for the patch).

- Make sure to apply the same checks for user existence in
getRolesForPrincipal that are used by getPropertiesForUser
(http://www.dataflake.org/tracker/issue_00503 by Riccardo Lemmi)

- Fixed the enumerateUsers implementation to be more efficient and
use the new searchUsers method on the LDAPUserFolder (thanks to
Wichert Akkerman for the problem description and solution)

- Added simple caching of groups information, provided by
Leonardo Rochael Almeida.

- Software dependencies are now documented in a separate
DEPENDENCIES.txt file. Please note that the packages mentioned
in DEPENDENCIES.txt may have their own dependencies that must be
satisfied as well.

- Replaced all zLOG usage with equivalent calls into the Python
logging module, and reducing the chattiness coded into the
ActiveDirectoryMultiPlugin (INFO -> DEBUG)

- Started on a test suite

----------------

- In order to avoid duplicate search results, the enumerateUsers
method used a simple dictionary to store DNs for records that
were already processed. However, the keys put into this dictionary
were munged and really could not be compared to raw search
result DNs anymore. Thanks go to Wichert Akkerman for spotting this
obvious error (http://www.dataflake.org/tracker/issue_00485).

- Speed up enumerateGroups by letting the LDAP server do more of
the filtering (thanks to Wichert Akkerman,
http://www.dataflake.org/tracker/issue_00483)

- Applied a performance fix to the ActiveDirectoryPlugin's
_recurseGroups method (thanks got to Mark Hammond for the patch,
http://www.dataflake.org/tracker/issue_00476)

----------------

- The LDAPMultiPlugins ignored default roles configured on the
LDAPUserFolder and would not add it to the set of roles
computed (seen by Sidnei da Silva).

- enumerateUsers now allows you to do exact-match searches on
attributes other than just the user ID and login (patch
by Sidnei da Silva). **Note**: This code now requires
LDAPUserFolder versions 2.6 or higher, which support exact
match searches using LDAPUserFolder.findUsers.

----------------

- The interface machinery expected by the PluggableAuthService has
been changed to use Zope 3-style interfaces. Thanks go to Leonardo
Rochael Almeida who provided a patch to fix the resulting breakage.

- Changed the initialization code for the plugins to conform to the
changed initialization code in the LDAPUserFolder product versions
2.6beta3 and up.

--------

- Changes to the way the user IDs are mangled/unmangled to be in line
with the changes in the latest PluggableAuthService code
(Patch provided by Mark Hammond)