Products.ldapuserfolder

----------------

**NOTE**: In order to use the LDAP-based CMF membership components
you need CMF version 1.6 or higher.

- ensure CMF tool unit tests run against CMF 1.6 and up
- cmfldap skins: Replace the non-working skin scripts with a set
based on CMF 1.6.
- LDAPUserFolder/LDAPDelegate: Change the hash key generation which
produces the keys used for caching to use random numbers instead
of time-based hashes. LDAPUserFolder will also generate a new hash
key whenever Zope is restarted.
(http://www.dataflake.org/tracker/issue_00535)
- LDAPDelegate._connect: We now check to see if a new requested
connection is known to our configuration by checking the
connection string against the saved server information in order to
prevent reusing connections instantiated while handling
ldap.REFERRAL exceptions, spotted by Riccardo Lemmi.
(http://www.dataflake.org/tracker/issue_00548)
- utils: _verifyUnicode was faulty and would return non-unicode
if the input was not simple ascii or a unicode object. Kudos for
the discovery to Godefroid Chapelle.
- LDAPUserFolder.searchUsers: Faulty code would cause an exception
if the LDAP delegate returned a failed search with exception
information, discovered by Andreas Gabriel.
- LDAPUserFolder.getGroupDetails: Removed a hardcoded list of possible
group member attributes and replaced it with utils.GROUP_MEMBER_MAP,
which is used anywhere else. Good spot from Helge Tesdal.
(http://www.dataflake.org/tracker/issue_00560)
- LDAPUserSatellite.getGroups and LDAPUserSatellite.getAdditionalRoles:
Replace occurrences of hardcoded group member attributes with usage
of utils.GROUP_MEMBER_MAP, also suggested by Helge Tesdal.
- Removed Zope 2.7 compatibility code and cleaned up imports
- Removed compatibility code for CMF < 1.6

---------------------

**NOTE**: The python-ldap requirement is now version 2.0.6 or higher

- Fixed a broken security declaration for searchGroups and a
left-over form tag in the Users tab (thanks to Klaus Barthelmann)
- LDAPDelegate.modify would attempt to modify a LDAP record even
if the list of modifications was empty. This is now logged without
any further call to python-ldap to prevent some servers from
throwing UNWILLING_TO_PERFOM.
(http://www.dataflake.org/tracker/issue_00528)
- DNs were not properly escaped for such edge cases that needed
escaping, like values starting with "".
(http://www.dataflake.org/tracker/issue_00507)
- Changes in GenericSetup meant attempting to register the extension
profile for installing the CMFLDAP tools would fail in CMF >= 1.6.
- Group deletion for groups with non-ASCII and non-UTF8 characters
was broken, discovered by Eric Brun
(http://www.dataflake.org/tracker/issue_00527)
- Unforeseen software combinations, such as CMF < 1.6 in combination
with GenericSetup could prevent Zope from starting up because the
LDAPUserFolder initialization module would throw an error.

----------------
- Sidnei da Silva took the time to root out any use of mutable
variables in method argument lists.
- Completely refactored the way searches are handled by the
FakeLDAP testing fixture. The new code uses intelligent parsing
to make sense of a query and apply it in a generic way instead
of trying to sniff a filter to guess where the query came from
and what the query was attempting to do. Kudos for a whole
bunch of time spent go to Sidnei da Silva.
- Added a more powerful groups search method named searchGroups
to improve group searching capabilities for e.g. Plone and
PlonePAS. Wichert Akkerman provided code and tests.
- Added a more powerful user search method named searchUsers.
Unlike findUser, searchUsers allows for more than one attribute
to be searched on. findUser has been reduced to a simple wrapper
around searchUsers. My thanks for inspiration and an initial
implementation suggestion go to Wichert Akkerman.
- Enabled utils.to_utf8 to handle unicode (continuing work on
http://www.dataflake.org/tracker/issue_00480)
- The use of zLOG, and the SimpleLog module, have been removed
in favor of using the Python logging module throughout.
- Software dependencies are now listed concisely in one place,
a new DEPENDENCIES.txt file.

---------------------
- Harden SimpleLog against cases where the log message included
strings like %s, caught by Wichert Akkerman.
(http://www.dataflake.org/tracker/issue_00491)
- In ActiveDirectory, it is possible to have records (specifically
internal system accounts) that have the correct objectClasses to
qualify as user records, but they lack the attribute designated as
the chosen UID attribute. Thanks to Wichert Akkerman, these are now
disregarded. (http://www.dataflake.org/tracker/issue_00484)
- Make sure objectGUID, when set on the LDAPUser as a property,
gets treated specially (discovered by Wichert Akkerman in the
course of clarifying http://www.dataflake.org/tracker/issue_00480)
- The SimpleLog.zLOGLogger log method ignored the ``args`` parameter
(http://www.dataflake.org/tracker/issue_00474, thanks go to
Mark Hammond)
- Repaired warings appearing in Zope 2.8.5 due to a couple typos
in security declarations.
- Fix breakage when local groups storage is used and no groups are
assigned to a user: When roles are changed to another empty value
an error occurred (http://www.dataflake.org/tracker/issue_00478 by
Junyong Pan)

----------------
- Expanded findUser with an argument "exact_match" to signal
whether a search term passed in should only return exact
matches or wildcard matches. This is also exposed on the Users
tab in the ZMI as a selection widget for the search form.
(Inspired by a suggestion from Sidnei da Silva)

---------------------
- Folded the CMFLDAP product into the LDAPUserFolder package
- Revamped the unit tests to share test fixture creation code and
to work in both Zope 2.7 and 2.8 without problems.
- The LDAPUserFolder factory method and the initialization code were
massively simplified. A lot of duplicated code was removed. When
adding a LDAPUserFolder, there is no longer a separate Add view.
The user folder will be created straight away and the admin will
be redirected to the Configure tab of the new instance.
**Note**: If you have code that programmatically instantiates
LDAPUserFolder instances then you must change it. See
the unit test files "setUp" method for an example how
to do it from this point on.
- Fixed a serious bug that crept into version 2.6beta1 and which
led to users being able to log in with a wrong password or no
password.
- The getId method on the LDAPUser class neglected to encode the
user ID to an encoded string and handed back unicode, which could
lead to strange failures elsewhere. Most code handling IDs is not
equipped to deal with unicode.
- A bug had crept into the logging subsystem that could cause
spurious error messages.
(http://www.dataflake.org/tracker/issue_00462)
- The user records found via the Users tab search were not
consistent with the users that can actually log in because the
search on the Users tab did not filter out records that do not
match the user object classes as defined on the Configure tab.
(http://www.dataflake.org/tracker/issue_00260 and
http://www.dataflake.org/tracker/issue_00445)