Important
The releases are now tracked using the GitHub releases. The following remains for historical purposes.
- The signal
ldap_error
now has an additionalrequest
keyword argument. - Added support for Python 3.10.
- Added support for Django 4.0.
- Dropped support for Django 3.0.
- Dropped deprecated setting
AUTH_LDAP_CACHE_GROUPS
. - Callables passed to
AUTH_LDAP_SERVER_URI
must now take arequest
positional argument.
- Added support for Django 3.2.
- Removed support for end of life Django 1.11. django-auth-ldap now requires Django 2.2+.
- Removed support for end of life Python 3.5.
- Added support for Django 3.1.
- Added support for Python 3.9.
- Removed
dev-requirements.txt
in favor oftox <tox:index>
.
- Added support for the escape argument in
LDAPSearchUnion.execute()
.
2.1.1 - 2020-03-26
- Removed drepecated
providing_args
fromSignal
instances.
- Reject authentication requests without a username.
- Added support for Django 3.0 and Python 3.8.
- Removed support for end of life Django 2.1.
- Removed support for Python 2 and 3.4.
- Removed support for end of life Django 2.0.
- Added support for Django 2.2.
- Add testing and support for Python 3.7 with Django 1.11 and 2.1.
- When
AUTH_LDAP_SERVER_URI
is set to a callable, it is now passed a positionalrequest
argument. Support for no arguments will continue for backwards compatibility but will be removed in a future version. - Added new
AUTH_LDAP_NO_NEW_USERS
to prevent the creation of new users during authentication. Any users not already in the Django user database will not be able to login.
- Renamed
requirements.txt
todev-requirements.txt
to fix Read the Docs build.
- Updated
LDAPBackend.authenticate()
signature to match Django's documentation. - Fixed group membership queries with DNs containing non-ascii characters on Python 2.7.
- The setting
AUTH_LDAP_CACHE_TIMEOUT
now replaces deprecated AUTH_LDAP_CACHE_GROUPS and AUTH_LDAP_GROUP_CACHE_TIMEOUT. In addition to caching groups, it also controls caching of distinguished names (which were previously cached by default). A compatibility shim is provided so the deprecated settings will continue to work.
- django-auth-ldap is now hosted at https://github.com/django-auth-ldap/django-auth-ldap.
- Removed NISGroupType class. It searched by attribute nisNetgroupTriple, which has no defined EQAULITY rule.
- The python-ldap library is now initialized with
bytes_mode=False
, requiring all LDAP values to be handled as Unicode text (str
in Python 3 andunicode
in Python 2), not bytes. For additional information, see the python-ldap documentation onbytes mode <text-bytes>
. - Removed deprecated function
LDAPBackend.get_or_create_user()
. Use~django_auth_ldap.backend.LDAPBackend.get_or_build_user
instead.
- Honor the attrlist argument to
AUTH_LDAP_GROUP_SEARCH
- Backwards incompatible: Removed support for Django < 1.11.
- Support for Python 2.7 and 3.4+ now handled by the same dependency, python-ldap >= 3.0.
- Backwards incompatible: Removed support for obsolete versions of Django (<=1.7, plus 1.9).
Delay saving new users as long as possible. This will allow
AUTH_LDAP_USER_ATTR_MAP
to populate required fields before creating a new Django user.LDAPBackend.get_or_create_user()
is now~django_auth_ldap.backend.LDAPBackend.get_or_build_user
to avoid confusion. The old name may still be overridden for now.- Support querying by a field other than the username field with
AUTH_LDAP_USER_QUERY_FIELD
. - New method
~django_auth_ldap.backend.LDAPBackend.authenticate_ldap_user
to provide pre- and post-authentication hooks. - Add support for Django 2.0.
- Better cache key sanitizing.
- Improved handling of LDAPError. A case existed where the error would not get caught while loading group permissions.
- Improved documentation for finding the official repository and contributing.
- Under search/bind mode, the user's DN will now be cached for performance.
- Support selective group mirroring with
AUTH_LDAP_MIRROR_GROUPS
andAUTH_LDAP_MIRROR_GROUPS_EXCEPT
. - Work around Django 1.11 bug with multiple authentication backends.
- Support for complex group queries via
~django_auth_ldap.config.LDAPGroupQuery
.
- Some more descriptive object representations.
- Improved tox.ini organization.
- Ignore python-ldap documentation and accept
ldap.RES_SEARCH_ENTRY
fromldap.LDAPObject.result
.
- Add
AUTH_LDAP_USER_ATTRLIST
to override the set of attributes requested from the LDAP server.
- Support Python 3 with pyldap.
- Performance improvements to group mirroring (from Denver Janke).
- Add
django_auth_ldap.backend.ldap_error
signal for custom handling of~ldap.LDAPError
exceptions. - Add
django_auth_ldap.backend.LDAPBackend.default_settings
for per-subclass default settings.
- Fix interaction between
AUTH_LDAP_AUTHORIZE_ALL_USERS
andAUTH_LDAP_USER_SEARCH
.
- Add support for nisNetgroup groups (thanks to Christopher Bartz).
- Improved escaping for filter strings.
- Accept (and ignore) arbitrary keyword arguments to
LDAPBackend.authenticate
.
- Include test harness in source distribution. Some package maintainers find this helpful.
- More verbose log messages for authentication failures.
django-auth-ldap now provides experimental Python 3 support. Python 2.5 was dropped.
To sum up, django-auth-ldap works with Python 2.6, 2.7, 3.3 and 3.4.
Since python-ldap isn't making progress toward Python 3, if you're using Python 3, you need to install a fork:
$ pip install git+https://github.com/rbarrois/python-ldap.git@py3
Thanks to Aymeric Augustin for making this happen.
- Update
~django_auth_ldap.config.LDAPSearchUnion
to work for group searches in addition to user searches. - Tox no longer supports Python 2.5, so our tests now run on 2.6 and 2.7 only.
- Bug fix:
AUTH_LDAP_GLOBAL_OPTIONS
could be ignored in some cases (such as~django_auth_ldap.backend.LDAPBackend.populate_user
).
- Support POSIX group permissions with no gidNumber attribute.
- Support multiple group DNs for *_FLAGS_BY_GROUP.
- Add support for Django 1.5's custom user models.
Reject empty passwords by default.
Unless
AUTH_LDAP_PERMIT_EMPTY_PASSWORD
is set to True, LDAPBackend.authenticate() will immediately return None if the password is empty. This is technically backwards-incompatible, but it's a more secure default for those LDAP servers that are configured such that binds without passwords always succeed.- Add support for pickling LDAP-authenticated users.