The license.txt file has been replaced with LICENSE for quite a while
now. INAL but it didn't seem accurate to say "hey, checkout license.txt
although there's no such file". Apart from this, there were
inconsistencies in the headers altogether...this change brings
consistency.
If the user selects 'Custom' LDAP Directory, when they hit save, validate the additional required fields ('ldap_group_objectclass' and 'ldap_group_member_attribute') for this selection to function.
Issue #13738
Created unit tests for integration LDAP. These tests are designed to confirm that LDAP will continue to work after changes are made to frappe.
PR-#13777
Function requires attributes to be of type x, validate to ensure any changes will break function and to prevent further exceptions. Only output to console as it's only a developer who will generate this error.
PR-#13777
As the user provides some of the ldap attributes, validate those entries when the 'LDAP Settings' editor clicks save. Provide an error message if validation fails stating what is incorrect.
issue #13738 PR-#13777
ldap search string is user input. validate to ensure is enclosed in '()', has the '{0}' placeholder and has the same number of brackets as used in complex ldap search strings.
issue #13738
to confirm user credentials, use 'rebind' instead of re-connecting to ldap. This also enables unit testing of all functions except the connection to ldap.
issue #13738
Validate the LDAP search filter including enclosing in '()'. Note: if a user has a complex filter that misses the last ')' it will not be added. i.e. (&(objectclass=posixgroup)(uid={0}) is invalid but will pass validation.
issue #13738
User needs to be able to conduct complex filtering. As long as the placeholder '{0}' for the username is included in the ldap search filter, the user can customize as required. searches must be enclosed in '()' i.e '(uid={0}) or '(&(objecttype=posixaccount)(uid={0}))' etc.
issue #13738closefrappe/frappe#6037
All LDAP operations should be done by ldap base dn user. This allows an administrator to lock down their directory to the user the LDAP operations are being conducted by.
issue #13738
New method to search for user group membership. Replaces old logic of using an ldap users attribute memberof which is not supported by all LDAP implementations
issue #13738
* Remove six for PY2 compatability since our dependencies are not, PY2
is legacy.
* Removed usages of utils from future/past libraries since they are
deprecated. This includes 'from __future__ ...' and 'from past...'
statements.
* Removed compatibility imports for PY2, switched from six imports to
standard library imports.
* Removed utils code blocks that handle operations depending on PY2/3
versions.
* Removed 'from __future__ ...' lines from templates/code generators
* Used PY3 syntaxes in place of PY2 compatible blocks. eg: metaclass
- remove several unnecessary comprehensions from functions that accept a generator.
- Using `[x for x in iter]` causes a list to be built first then passed to the outer function.
- `any` and `all` can take generator instead. This makes memory usage O(1) and actually makes these functions short-circuiting. E.g. if the first condition fails then `all` will immediately return false instead of evaluating all the entries.
- `sum`, `min`, `max` => memory usage become O(1)
- `list`, `set`, `.join()` => roughly halves memory usage, as list is not required to be built.
- lastly, it's two fewer characters to read/think about.
