This release contains a security bugfix for users of register_globals. Most configuration options in the extension did not have default values; this release sets defaults for all configuration globals. Users are recommended to update to this version, or disable register_globals. If you do not have register_globals enabled, you are not affected.

The following has changed since 1.2a:

• Fixed issue with group synchronization and nested groups
• Added support for exclusion groups in addition to required groups
  • Configured via $wgLDAPExcludedGroups; syntax the same as $wgLDAPRequiredGroups
• Fixed check for returns with no entries
• Added memberOf support
• Added patch for getting user’s primary group when using memberOf
• Fixed group synchronization issue with memberOf support (patch by Teddy Reed)
• Fixed problem with usernames containing parenthesis
• Fixed warnings in PHP 5.2.10 when some entries weren’t returned
• Fixed issue with $wgLDAPGroupsPrevail
• Fixed issue with mail temporary password button when email me a password support was enabled
• Added support for non-standard ports
  • Configured via $wgLDAPPort – see options documentation
• Changed debug to output to a file
  • Configured via $wgDebugLogGroups["ldap"] – see options documentation
• Added support for modifying LDAP options when connecting
  • Configured via $wgLDAPOptions – see options documentation
• Added a security fix for register_globals users (seriously, turn register_globals off, if you have it on)

To download this version, please use the extension distributor, select “Development version (trunk)”, and click “Continue”.

Related posts:

1. LdapAuthentication 1.2c released
2. JSBreadCrumbs 0.4 released
3. SmoothGallery extension 1.1h released
4. OpenStackManager version 1.2 released
5. OpenStackManager version 1.3 released