CHANGES.txt for the LDAPUserGroupsFolder

  This file contains change information for the LDAPUserGroupsFolder product.
  To see changes made to revisions prior to the latest version see
  HISTORY.txt.

    LDAPUserGroupsFolder

      Features added:

        * Implement group support, to work with NuxUserGroups. Contact
          Nuxeo (http://www.nuxeo.com/) about this, not the original
          author.

    2.3

      Bugs fixed:

        * Noticed that sometimes "empty" authentication credentials lead
          to unnecessary lookups for non-existing users. Relaxed a 
          specific authentication check so this is prevented.

        * The unicode changes had possible disabling consequences for
          group-to-role mappings defined on the Groups tab. Thanks go
          to Helge Tesdal for pointing that one out.


    2.3beta3

      Bugs fixed:

        * Fixed a couple buglets found by Florent Guillaume (JTracker
          issue 333).

        * Florent also noticed code that would trigger unnecessary 
          MODRDN calls when a user record was updated. This extra call
          did not damage the record, it was just unnecessary work
          (issue 334).

        * Dieter Maurer provided the explanation for a recursion error
          in the __getattr__ method on the LDAPUser object that a 
          few people had run into (JTracker issue 338 by Michael
          Crawford).

        * The getGroupedUsers method was not working if the groups are
          stored in the user folder itself (JTracker issue 342, thanks
          Florent Guillaume again).

        * Spurred by Helge Tesdal and Nate Aune I spent a little more 
          time on the unicode-ability. Now a user that has non-ASCII
          characters not just in arbitrary attributes but also in
          attributes that form part of the full DN are processed
          correctly. This required quite a few changes, so any feedback
          is very welcome.


    2.3beta2

      Bugs fixed:

        * Cut down on the number of LDAP lookups in cases where the
          user lookup happens "anonymously", meaning not as part of a 
          normal authenticated request but from the Zope security
          machinery for things like ownership-related security checks.
          Thanks to Kyler Laird for bringing this one up.

      Features added:

        * All user lookups are now limited to those object classed 
          defined in the "User object classes" configuration setting
          on the "Configure" tab. Previously the lookup policy was
          much more lenient and accepted every record where the login
          matched - now the object classes have to match as well.

          ***WARNING - THIS MIGHT BREAK YOUR SITE IF YOU WERE SLOPPY
          WITH THE OBJECT CLASSES SETTING AND USAGE!***

          Due to the possible breakage I had been sitting on Tracker
          issue 294, filed by Andy Dustman, for quite a while before
          going with it. Thanks for keeping te pressure on - it is 
          "the right thing" to do.

       * The "Users" tab will now show a little more information on
         the user record detail view by default, namely the DN and
         the object classes.

       * The unit tests have been changed to work with the latest
         and greatest (Zope 2.7 and Python 2.3.2), which is now the
         default platform used to test and develop this product.
  

    2.3beta1

      Bugs fixed:

        * Use of the distinguished name as login attribute was broken
          in version 2.2 - thanks to Ralf Herold for the information
          (JTracker issue 312)

        * The API documentation for manage_addUser in the Zope Help
          System was slightly off, thanks go to Eugene Prigorodov for
          pointing that out (Issue 319).

        * Cleaned up LDAP filter strings used by the product to have
          surrounding parentheses.

        * Enable correct handling of DN elements that contain bad
          characters, such as backslash-escaped commas (Bug report 
          by Stephen Kirby)

