Releases: adobe-apiplatform/user-sync.py
Second release candidate for v2.2.2
These notes apply to v2.2.2rc2 of 2017-10-29.
New Features
#294: Show statistics about users added to secondaries.
Bug Fixes
#283: Don't import keyring unless needed.
#286: Allow specifying attributes for Adobe IDs.
#288: Escape special characters in user input to LDAP queries.
#293: Don't crash when existing users are added to secondaries.
Compatibility with Prior Versions
There are no interface changes from prior versions.
Known Issues
The nosetests are broken in this release candidate.
Because the release on Windows is built with a pre-compiled version of pyldap, we have to specify a specific version to be used in each release. This may not always be the latest version.
On the Win64 platform, there are very long pathnames embedded in the released build artifact user-sync.pex, which will cause problems unless you are on Windows 10 and are either running Python 3.6 or have enabled long pathnames system-wide (as described in this Microsoft Dev Center article). To work around this issue on older platforms, set the PEX_ROOT environment variable (as described in the docs here) to be a very short path (e.g., set PEX_ROOT=C:\pex).
Each release on each platform is built with a specific version of Python. Typically this is the latest available (from the OS vendor, if they provide one) for that platform. In general, and especially on Windows, you should use the same Python to run User Sync as it was built with.
First release candidate for v2.2.2
These notes apply to v2.2.2rc1 of 2017-10-25.
New Features
None.
Bug Fixes
#283: Don't import keyring unless needed.
#286: Allow specifying attributes for Adobe IDs.
#288: Escape special characters in user input to LDAP queries.
Compatibility with Prior Versions
There are no interface changes from prior versions.
Known Issues
Because the release on Windows is built with a pre-compiled version of pyldap, we have to specify a specific version to be used in each release. This may not always be the latest version.
On the Win64 platform, there are very long pathnames embedded in the released build artifact user-sync.pex, which will cause problems unless you are on Windows 10 and are either running Python 3.6 or have enabled long pathnames system-wide (as described in this Microsoft Dev Center article). To work around this issue on older platforms, set the PEX_ROOT environment variable (as described in the docs here) to be a very short path (e.g., set PEX_ROOT=C:\pex).
Each release on each platform is built with a specific version of Python. Typically this is the latest available (from the OS vendor, if they provide one) for that platform. In general, and especially on Windows, you should use the same Python to run User Sync as it was built with.
User Sync v2.2.1 - bug fix release
These notes apply to v2.2.1 of 2017-08-30.
New Features
#266: Extended attribute values (defined in extensions) can now be multi-valued. The type of the attribute value in the source_attributes dictionary will be:
Noneif the attribute has no value;- a
str(orunicodein py2) if the attribute has one value; - a
listofstr(orunicodein py2) if the attribute has multiple values.
#268: To make sure users get all the right overlapping entitlements associated with mapped user groups, --strategy push now does group removals before group adds.
Bug Fixes
#257: Catch exceptions thrown by umapi-client when creating actions.
#258: Correctly decrypt private keys in py3.
#260: Make sure the requests library is loaded when using pex on Windows.
#265: Extended attributes in extensions couldn't be fetched unless they had non-ascii names.
#269: When using --strategy sync, new users created in secondary organizations were not being added to any groups.
Compatibility with Prior Versions
There are no functional changes from prior versions.
Known Issues
Because the release on Windows is built with a pre-compiled version of pyldap, we have to specify a specific version to be used in each release. This not always be the latest version.
On the Win64 platform, there are very long pathnames embedded in the released build artifact user-sync.pex, which will cause problems unless you are on Windows 10 and are either running Python 3.6 or have enabled long pathnames system-wide (as described in this Microsoft Dev Center article). To work around this issue on older platforms, set the PEX_ROOT environment variable (as described in the docs here) to be a very short path (e.g., set PEX_ROOT=C:\pex).
On Win64, this release was built with and is only guaranteed to work with Python Win64 2.7.13. We have had reports that it will not work with Python Win64 2.7.14, recently released. Earlier Win64 versions of Python have been observed to work (in particular, 2.7.9 and 2.7.12).
First release candidate for User Sync 2.2.1
Release Notes for User Sync Tool Version 2.2.1
These notes apply to v2.2.1rc1 of 2017-08-28.
New Features
#266: Extended attribute values (defined in extensions) can now be multi-valued. The type of the attribute value in the source_attributes dictionary will be:
Noneif the attribute has no value;- a
str(orunicodein py2) if the attribute has one value; - a
listofstr(orunicodein py2) if the attribute has multiple values.
Bug Fixes
#257: Catch exceptions thrown by umapi-client when creating actions.
#258: Correctly decrypt private keys in py3.
#260: Make sure the requests library is loaded when using pex on Windows.
#265: Extended attributes in extensions couldn't be fetched unless they had non-ascii names.
Compatibility with Prior Versions
There are no functional changes from prior versions.
Known Issues
Because the release on Windows is built with a pre-compiled version of pyldap, we have to specify a specific version to be used in each release. This not always be the latest version.
On the Win64 platform, there are very long pathnames embedded in the released build artifact user-sync.pex, which will cause problems unless you are on Windows 10 and are either running Python 3.6 or have enabled long pathnames system-wide (as described in this Microsoft Dev Center article). To work around this issue on older platforms, set the PEX_ROOT environment variable (as described in the docs here) to be a very short path (e.g., set PEX_ROOT=C:\pex).
User Sync v2.2
Release Notes for User Sync Version 2.2
These notes apply to the User Sync Tool (UST) v2.2 of 2017-07-13.
New Features
#52: This release runs on both Python 2 and Python 3 (2.7, 3.4, 3.5, and 3.6 to be precise)!
#182: At long last, you can select users in nested groups. The new implementation for determining group members also allows us to avoid fetching the entire directory when the users are only supposed to come from specific groups, as with --users mapped (#129). There is a new LDAP configuration setting group_member_filter_format which controls how users are selected for groups (default is "immediate members only", which is backward compatible with prior releases).
#236: Directory users can now be pushed directly to Adobe, rather than synchronized with a fetch of Adobe users. A new command-line argument --strategy push (as opposed to the default --strategy sync) controls this.
#234: There are new UMAPI configuration settings (timeout and retries in the server section) to control the network behavior when talking to the UMAPI server. The default timeout of 120 seconds and the default retry count of 3 are unchanged.
#237: The default encoding for all inputs (config files, CSV files, LDAP attribute values) is now assumed to be utf8 rather than ASCII. This is a backward-compatible change that makes it unnecessary (but still allowed) to specify utf8 explicitly.
Bug Fixes
#227: Fixed crashes due to bad user keys.
#233: Exceptions in LDAP connections are handled gracefully, as are keyboard interrupts.
#235: Fixed a crash that occurred if an Adobe ID user had no username or domain info.
#240: When using the LDAP connector, the domain of each user is now correctly defaulted to the email domain.
#244: Build instructions are now provided for all platforms, and the default Makefile allows for the use of pre-compiled, platform-specific wheels.
#247: There is no more use of the uid attribute in LDAP directories.
#254: Update windows libraries, reduce use of custom builds.
Compatibility with Prior Versions
This version is fully backwards-compatible with version 2.1.1. As mentioned above, there are new configuration settings for filtering group members and controlling network behavior, and there is a new command-line option for controlling the update strategy. See the docs for full details about configuration.
LDAP usage change: Prior releases of User Sync did not run LDAP queries to get the members of groups. With the release of version 2.2's support for nested groups, we now run LDAP queries for group membership (both direct and nested). This requires that the LDAP account used by the tool to have a security profile that allows use of memberOf queries.
Known Issues
If prior versions of User Sync were correctly returning the right members of LDAP groups, but the current version returns no members for those groups, you are probably using an LDAP account that is not enabled for memberOf queries. See the note above about LDAP usage change.
Because the release on Windows is built with a pre-compiled version of pyldap, we have to specify a specific version to be used in each release. This may not always be the latest version.
On the Win64 platform, there are very long pathnames embedded in the released build artifact user-sync.pex, which will cause problems unless you are on Windows 10 and are either running Python 3.6 or have enabled long pathnames system-wide (as described in this Microsoft Dev Center article). To work around this issue on older platforms, set the PEX_ROOT environment variable (as described in the docs here) to be a very short path (e.g., set PEX_ROOT=C:\pex).
Second release candidate for v2.2
These notes apply to v2.2rc2 of 2017-06-26.
New Features
#52: This release runs on both Python 2 and Python 3 (2.7, 3.4, 3.5, and 3.6 to be precise)!
#182: At long last, you can select users in nested groups. The new implementation for determining group members also allows us to avoid fetching the entire directory when the users are only supposed to come from specific groups, as with --users mapped (#129). There is a new LDAP configuration setting group_member_filter_format which controls how users are selected for groups (default is "immediate members only", which is backward compatible with prior releases).
#236: Directory users can now be pushed directly to Adobe, rather than synchronized with a fetch of Adobe users. A new command-line argument --strategy push (as opposed to the default --strategy sync) controls this.
#234: There are new UMAPI configuration settings (timeout and retries in the server section) to control the network behavior when talking to the UMAPI server. The default timeout of 120 seconds and the default retry count of 3 are unchanged.
#237: The default encoding for all inputs (config files, CSV files, LDAP attribute values) is now assumed to be utf8 rather than ASCII. This is a backward-compatible change that makes it unnecessary (but still allowed) to specify utf8 explicitly.
Bug Fixes
#227: Fixed crashes due to bad user keys.
#233: Exceptions in LDAP connections are handled gracefully, as are keyboard interrupts.
#235: Fixed a crash that occurred if an Adobe ID user had no username or domain info.
#240: When using the LDAP connector, the domain of each user is now correctly defaulted to the email domain.
#244: Build instructions are now provided for all platforms, and the default Makefile allows for the use of pre-compiled, platform-specific wheels.
#247: There is no more use of the uid attribute in LDAP directories.
Compatibility with Prior Versions
This version is fully backwards-compatible with version 2.1.1. As mentioned above, there are new configuration settings for filtering group members and controlling network behavior, and there is a new command-line option for controlling the update strategy. See the docs for full details about configuration.
Known Issues
Because the releases on Windows are built with pre-compiled dependencies, we have to lock down the versions of pycryptodome and PyYAML used in each release. Thus they may not always be the latest version (as, for example, with this release, which uses pycryptodome 2.4.35.1 rather than 2.4.36).
On the Win64 platform, there are very long pathnames embedded in the released build artifact user-sync.pex, which will cause problems unless you are on Windows 10 and are either running Python 3.6 or have enabled long pathnames system-wide (as described in this Microsoft Dev Center article). To work around this issue on older platforms, set the PEX_ROOT environment variable (as described in the docs here) to be a very short path (e.g., set PEX_ROOT=C:\pex).
First candidate build for v2.2
These notes apply to v2.2rc1 of 2017-06-20.
New Features
#52: This release runs on both Python 2 and Python 3 (2.7, 3.4, 3.5, and 3.6 to be precise)!
#234: There are new UMAPI configuration settings (timeout and retries in the server section) to control the network behavior when talking to the UMAPI server. The default timeout of 120 seconds and the default retry count of 3 are unchanged.
#182: At long last, you can select users in nested groups. The new implementation also allows us to avoid fetching the entire directory when the users are only supposed to come from specific groups, as with --users mapped (#129).
#236: Directory users can now be pushed directly to Adobe, rather than synchronized with a fetch of Adobe users. A new command-line argument --strategy push (as opposed to the default --strategy sync) controls this.
#237: The default encoding for all inputs (config files, CSV files, LDAP attribute values) is now assumed to be utf8 rather than ASCII. This is a backward-compatible change that makes it unnecessary (but still allowed) to specify utf8 explicitly.
Bug Fixes
This release contains bug fixes for:
- #227: crashes due to bad user keys.
- #235: crash if Adobe ID user has no username or domain info.
- #233: exceptions in LDAP connections are handled gracefully, as are keyboard interrupts.
Compatibility with Prior Versions
This version is fully backwards-compatible with version 2.1.1. As mentioned above, there are new configuration settings for controlling network behavior and update strategy.
Known Issues
On the Win64 platform, there are very long pathnames embedded in the released build artifact user-sync.pex, which will cause problems unless you are on Windows 10 and are either running Python 3.6 or have enabled long pathnames system-wide (as described in this Microsoft Dev Center article). To work around this issue on older platforms, set the PEX_ROOT environment variable (as described in the docs here) to be a very short path (e.g., set PEX_ROOT=C:\pex).
Builds
Premade builds for this release may be a little slow in appearing, as we figure out exactly which set of builds we are going to make for which platforms.
User Sync version 2.1.1
These release notes apply to v2.1.1 of 2017-06-09.
New Features
To address Issue 198, we have added support for private key encryption in both PKCS#5 and PKCS#8 formats, and allowed the passphrase for an encrypted private key to be stored in the platform secure credential store. See the docs for details on the new feature.
Bug Fixes
There is one fix for some obscure Unicode edge cases (that were found only by code inspection): Issue 167.
User Sync no longer crashes if a user's LDAP email address is present but empty: Issue 201.
The proper packages were not present for secure credential storage on Linux platforms: Issue 199.
Compatibility with Prior Versions
This version is fully backwards-compatible with version 2.1.
There are new UMAPI config file settings in this release to enable the use of encrypted keys, see this section of the docs for full details.
Known Issues
On the Win64 platform, due to a change in the encryption support library used by User Sync, there are very long pathnames embedded in the released build artifact user-sync.pex. It will likely be necessary to set the PEX_ROOT environment variable on Windows (as described in the docs here) to be a very short path (e.g., env:$PEX_ROOT="C:\pex") in order to launch User Sync successfully. We hope to avoid the need for this workaround in a future release.
second release candidate of v2.1.1
This release should be code-complete for v2.1.1, and includes a live push of the docs.
BUILD NOTE: If you build this release yourself, you will need a fresh python environment that doesn't include pycrypto (which we used to use). We have moved to pycryptodome which is a more modern, well-maintained plug-compatible module.
Release Notes for User Sync Tool Version 2.1.1
These notes apply to v2.1.1rc2 of 2017-06-07.
New Features
To address Issue 198, we have added support for private key encryption in both PKCS#5 and PKCS#8 formats, and allowed the passphrase for an encrypted private key to be stored in the platform secure credential store. See the docs for details on the new feature.
Bug Fixes
There is one fix for some obscure Unicode edge cases (that were found only by code inspection): Issue 167.
User Sync no longer crashes if a user's LDAP email address is present but empty: Issue 201.
The proper packages were not present for secure credential storage on Linux platforms: Issue 199.
Compatibility with Prior Versions
This version is fully backwards-compatible with version 2.1.
First release candidate for 2.1.1rc1
v2.1.1 is planned as a bug-fix release. This is the first release candidate.