- [OPENUCB-2712] Use supported version of LDAP module.
- Update field labels and help text.
- Use D7 Security module version.
- [OPENUCB-2720] Use supported version of CAS library.
- Use apereo package.
- [OPENUCB-2685] Slow down GRLN updates.
- Add variables to track last-run.
- [OPENUCB-2671] Periodic updates of Display Name to meet GRLN requirements.
- Implement a cron using Queue API to update usernames from LDAP.
- Implement drush ldap-update-username.
- [OPENUCB-2671] Prepare for periodic updates of Display Name to meet GRLN requirements.
- Change the token for field_display_name to
[cas:ldap:displayname].
- Change the token for field_display_name to
- [OPENUCB-2529] Realname PHP Warnings and CAS version 1.8
- [OPENUCB-2621] Update to phpCAS 1.6.0
- Addresses: https://nvd.nist.gov/vuln/detail/CVE-2022-39369
- Apply patch: https://git.drupalcode.org/project/cas/-/merge_requests/19.diff
- Sites must set $base_url to address the vulnerability.
- rebuild.sh now uses compser instead of
drush maketo install phpCAS. - rebuild.sh adds a custom CAS.php entry point to resolve the phpCAS warning:
User deprecated function: phpCAS autoloader is deprecated. Install phpCAS using composer instead. in require_once()
- Minor clean-up of release 5.1.4
- Remove inconsequential .orig file from tarball.
- Correct branches and tags in makefiles.
- [OPENUCB-2580] PHP 8.1 compatibility
- Resolve: Deprecated: Required parameter $flatten follows optional parameter $type in /code/profiles/openberkeley/modules/ucb/ucberkeley_cas/ldap/ldap_servers/ldap_servers.module on line 584
- Remove
each()function in ucberkeley_cas.module.
- [OPENUCB-2421] Update to ldap 7.x-2.6.
- [OPENUCB-2352] Decode HTML entities in CAS display names
- Improvement on OPENUCB-1987.
- [OPENUCB-2297] Update LDAP module for PHP 7.4 compatibility
- Update documentation regarding CAS failover.
- [OPENUCB-2142] - Update UC Berkeley CAS modules
- Update phpCAS to 1.3.8
- Update ldap to 7.x-2.5 and remove patch 2907312 which was previously needed for PHP 7.2 compatibility. That patch has been merged.
- Update ldap-7.x-2.5-key-integration.patch needed for key.module (and Lockr.io) compatibility.
- Update realname.module to 7.x-1.4
- Add ucberkeley_cas_update_7510() to resubmit the LDAP Servers admin form as specified by ldap_servers_update_7209()
- [OPENUCB-1987] - Usernames like O'Brein result in display of names with HTML-encoded characters.
- [OPENUCB-2014] - Update ucberkeley_cas for PHP 7.2
- Update to phpCAS 1.3.6
- Update to cas-7.x-1.7
- Update to ldap-7.x-2.4
- A patch has been applied that removes support for the PHP mcrypt extension (deprecated in PHP 7.1 and removed in PHP 7.2), which was in use by the ldap module bundled with UC Berkeley CAS. Specifically this means the option “Encrypt Stored LDAP Passwords?” at
admin/config/people/ldaphas been removed. If you rely on this setting, you should review this LDAP drupal.org issue for the LDAP module project before updating to version 5.0.0. This information on protecting your bind password (binddn) may also be of use.
- A patch has been applied that removes support for the PHP mcrypt extension (deprecated in PHP 7.1 and removed in PHP 7.2), which was in use by the ldap module bundled with UC Berkeley CAS. Specifically this means the option “Encrypt Stored LDAP Passwords?” at
- Add rudimentary Behat tests.
- [OPENUCB-1819] - features-diff results in PHP warnings. Column and
filter order arrays were not being applyed to the altered control_users view.
- Applies to sites using Total Control module.
- [OPENUCB-1787] - VBO field to bulk change content author should display username, not UID.
- Applies to sites using Admin Views.
- [OPENUCB-1797] - Username autocomplete only matches beginning of name, should use "contains."
- Applies to sites using Admin Views.
- [OPENUCB-1748] - UC Berkeley CAS: Update documentation to mention dependency on entity
- [OPENUCB-1794] - UC Berkeley CAS: Clean up superfluous paths in cas_pages in existing sites
- The featurized configuration added "web-hosting" paths to the Redirection settings on all sites. This was not a problem, but let's clean it up.
- [OPENUCB-1083] - Remove mentions of drupal-apps.berkeley.edu from UC Berkeley CAS
- [OPENUCB-1802] - Display name is not set for ucbadmin on new site installations. Fix that.
- OPENUCB-1768: Username autocomplete is broken in Views
- Applies https://www.drupal.org/files/issues/realname-views-autocomplete-2926684-2.patch, which in conjuntion with https://www.drupal.org/files/issues/views-ajax-autocomplete-1264794-21-3.18.patch fixes the autocomplete in the Admin Views view admin_views_node.
- OPENUCB-1747: Remove a test on
empty()which was causing update.php to fail on sites using PHP < 5.5. (Those PHP versions are out of support and not receiving security updates!) - OPENUCB-1746: Remove superfluous paths in cas_pages
- "web-hosting" paths crept into our default config. (admin/config/people/cas > Redirection). These paths will not be installed on any new sites. They must be manually removed from existing sites.
- OPENUCB-1720: Watchdog error causes dblog page to break.
- Corrected arguments to watchdog calls in ucberkeley_cas.install and scripts/realname_update.php.
- OPENUCB-1546: Use cas.uid for users.name value and moves the user name to a custom field
- Prevents the error
PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'Jane Smith' for key 'name': UPDATE {users} SET name=:db_update_placeholder_0, pass=:db_update_placehold - Facilitates integration with CalGroups using ldap_authorization.module.
- Adds Real Name module.
- No updates to other modules or libraries.
- Release Notes.
- Prevents the error
- Update the ldap module version in the installation requirements.
- OPENUCB-1575: Upgrade to ldap-7.x-2.2 per LDAP - Critical - Data Injection -SA-CONTRIB-2017-052
- ldap updated 7.x-1.0-beta12 -> 7.x-2.2
- Fixes issues listed at https://www.drupal.org/project/ldap/releases/7.x-2.2
- Fixes issues listed at https://www.drupal.org/project/ldap/releases/7.x-2.1
- ldap updated 7.x-1.0-beta12 -> 7.x-2.2
- OPENUCB-1540: Update included modules
- cas updated 7.x-1.3 --> 7.x-1.5
- Bugfixes
- Fixes issues listed at https://www.drupal.org/project/cas/releases/7.x-1.4
- Fixes issues listed at https://www.drupal.org/project/cas/releases/7.x-1.5
- Makes it possible to login at /cas or /CAS or /cAs etc.
- Fixes error 'Call to undefined function _drush_user_print_info()' when using
drush cas-user-create
- New features
- Ability to add multiple CAS users at /admin/people/cas/create. Must specify CAS UIDs.
- Ability to add role to multiple users via
drush cas-user-add-role builder 212373,212374. (Specify comma separated CAS UIDs.) - Config: admin/config/people/cas: Use "CAS Server 3.0 or higher."
- Config: admin/config/people/cas: Redirect unauthorized user to CAS if they attempt to visit "node edit" or "node add" paths.
- Bugfixes
- cas_attributes updated 7.x-1.0-beta2 --> 7.x-1.0-rc3
- Fixes issues listed at https://www.drupal.org/project/cas_attributes/releases/7.x-1.0-rc1
- Note: https://www.drupal.org/node/1399304 only applies to
cas:attributestokens. We are currently usingcas:ldaptokens, and none of the tokens that we need are multivalued.
- Note: https://www.drupal.org/node/1399304 only applies to
- Fixes issues listed at https://www.drupal.org/project/cas_attributes/releases/7.x-1.0-rc2
- Fixes issues listed at https://www.drupal.org/project/cas_attributes/releases/7.x-1.0-rc3
- Fixes issues listed at https://www.drupal.org/project/cas_attributes/releases/7.x-1.0-rc1
- ldap updated 7.x-1.0-beta12 -> 7.x-2.0
- Fixes issues listed at https://www.drupal.org/project/ldap/releases/7.x-2.0
- Applied patch fixing watchdog bug.
- Applied patch fixing update warning.
- cas updated 7.x-1.3 --> 7.x-1.5
New Features in the ucberkeley_cas configuration
- Start TLS is enabled on the LDAP connection.
- If the site is hosted on Pantheon set "Certificate Authority PEM Certificate" to
/etc/ssl/certs/ca-bundle.crtto enable certificate verification.
Removed functionality:
- Removed Apps integration.
- OPENUCB-1542: Update phpCAS to version 1.3.5. This is a security release for phpCAS, but the vulnerability is mitigated on UC Berkeley CAS servers.
- Begin using semantic version numbers.
- OPENUCB-768: Move cas_attributes from defaultconfig to strongarm. Add update hook to revert the feature. This compliments the ucberkeley_envconf 2.2 which no does no management of cas_attributes. This change resovles a bug in version 2.1 which yeilded blank cas_attributes for CAS administrators added during 'drush site-install'.
- OPENUCB-768 remove ldap-test.berkeley.edu configuration. Ldap-test is sporadically unavailable. CalNet team approves us using production LDAP server in Dev and Test environments.
- OPENUCB-473 ** Upgrade to phpCAS 1.3.3. https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html
- OPENUCB-106 ** Prevent activation emails sent when accounts are unblocked
- Improve rebuild.sh: Parse version from .info and create tarball
- Makefiles changed to use github.com/bwood. (Will change back to ucb-ist-drupal after open source petition.)
- OPENUCB-355 ** Remove ucberkeley_cas.make to prevent openberkeley.make from building this project.
- OPENUCB-273 ** Apply https://www.drupal.org/node/2057881 which prevents an Ajax error during the install_profile_modules task of openberkeley.profile
- OPENUCB-328 ** Disable the "Gateway" option in CAS 1.3 (Redirection > "Check with the CAS server to see if the user is already logged in?"). Using this in combination with "Automatically create Drupal accounts" can result in random user accounts being created when a user with a valid CAS ticket visits a page on a site with Drupal's CAS module configured this way. ** Do not require "access content" permission to visit the administrator backdoor. Some sites may deny that permission to anonymous. ** Refactor build script and makefiles.
- OPENUCB-280 ** Update to cas-7.x-1.3 ** Improve help
- OPENUCB-254 ** Fix this php warning: Notice: Undefined index: messages in ucberkeley_cas_init() (line 19 of /Users/bwood/code/drupal/bwood/ucberkeley_cas-7/ucberkeley_cas.module). ** Improve make/rebuild.sh and makefiles
- OPENUCB-254 ** 5822ad8: Fix the overlay problem with drupal_set_message info created in hook_install.
-
OPENUCB-105 ** Rewrite this module using Features and Default Config ** Re-namespace from ucb_ to ucberkeley_. (Less likely to result in conflicts.) ** Improve user messages. Improve Readme.
-
OPENUCB-254 ** Add an explicit dependency on features. Makes it clearer what the deps are for people enabling ucberkeley_cas from admin/modules UI. ** Require overlay.module disabled for install ** Prevent admins from trying to change passwords for CAS users on the user edit form. ** Prevent error when CAS-authenticated admin tries to change their password
- DUPCODE-47: clean up auto_assigned roles. If you created a new role after installing ucb_cas newly added users were automatically assigned the new role in some situations. Take a look at /admin/config/people/cas > User Accounts and ensure that the correct roles are selected there.
- Improve conflict checking during installation
- Backup (rename) sites ldap servers, if they exist, at installation
- DUPCODE-2: user/logout was not redirecting to caslogout. Fixed.
- update modules ** cas 7.x-x-1.2 ** ldap 7.x-x-1.0-beta10
- update phpCAS 1.3.1
- CAS will play nicely with libraries.module
- phpCAS 1.3.0 update
- Apps configure form
- Apps compatibility
- Friendly messages with links added to hook_install
DUPCODE-2: logout defaults to /caslogout DUPCODE-8: UCB CAS admin page: Reommendations about login blocks DUPCODE-1: Admin back door to prevent user1 lockouts DUPCODE-7: remove https://net-auth.berkeley.edu/cgi-bin/krbcpw as logout location.
- Remove $sub_modules variable_get/set and use a PHP constant. Required for Pantheon install profile compatibility.