From b88ca17f83ef1495b655df3be4be67e8dae43329 Mon Sep 17 00:00:00 2001 From: Jarett DeAngelis Date: Mon, 18 Apr 2022 13:40:12 -0400 Subject: [PATCH 1/2] updated ldap org id description includes note about how org must already exist --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 47d6dc0..bc5dddb 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,7 @@ Name|Description|Options|Default `ckanext.ldap.auth.mechanism`|SASL mechanism to use, if auth.method is set to SASL.|| `ckanext.ldap.fullname`|The LDAP attribute to map to the user's full name.|| `ckanext.ldap.about`|The LDAP attribute to map to the user's description.|| -`ckanext.ldap.organization.id`|If this is set, users that log in using LDAP will automatically get added to the given organization. **Warning**: Changing this parameter will only affect users that have not yet logged on. It will not modify the organization of users who have already logged on.|| +`ckanext.ldap.organization.id`|If this is set, users that log in using LDAP will automatically get added to the given organization. **Warning**: Changing this parameter will only affect users that have not yet logged on. It will not modify the organization of users who have already logged on. **Warning**: The organization to which to add LDAP users must already exist; the first user logging in will not automatically create it and instead you will see a "500 Server Error" returned.|| `ckanext.ldap.organization.role`|The role given to users added in the given organization ('admin', 'editor' or 'member'). **Warning**: Changing this parameter will only affect users that have not yet logged on. It will not modify the role of users who have already logged on. This is only used if `ckanext.ldap.organization.id` is set. There is currently no functionality for mapping LDAP groups to CKAN roles, so this just assigns the same role to _every_ new LDAP user.|member, editor, admin|'member' `ckanext.ldap.search.alt`|An alternative search string for the LDAP filter. If this is present and the search using `ckanext.ldap.search.filter` returns exactly 0 results, then a search using this filter will be performed. If this search returns exactly one result, then it will be accepted. You can use this for example in Active Directory to match against both username and fullname by setting `ckanext.ldap.search.filter` to 'sAMAccountName={login}' and `ckanext.ldap.search.alt` to 'name={login}'. The approach of using two separate filter strings (rather than one with an or statement) ensures that priority will always be given to the unique id match. `ckanext.ldap.search.alt` however can be used to match against more than one field. For example you could match against either the full name or the email address by setting `ckanext.ldap.search.alt` to '(\|(name={login})(mail={login}))'.|| `ckanext.ldap.search.alt_msg`|A message that is output to the user when the search on `ckanext.ldap.search.filter` returns 0 results, and the search on `ckanext.ldap.search.alt` returns more than one result. Example: 'Please use your short account name instead'.|| From e7fcd32bd8c77f000266ca1b47a3892f2d812688 Mon Sep 17 00:00:00 2001 From: ginger Date: Mon, 25 Apr 2022 10:03:06 +0100 Subject: [PATCH 2/2] Update version --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 30c8ab7..58dc96c 100644 --- a/setup.py +++ b/setup.py @@ -6,7 +6,7 @@ from setuptools import find_packages, setup -__version__ = '3.1.0' +__version__ = '3.1.1' with open('README.md', 'r') as f: __long_description__ = f.read()