This release contains a security bugfix for users of register_globals. Most configuration options in the extension did not have default values; this release sets defaults for all configuration globals. Users are recommended to update to this version, or disable register_globals. If you do not have register_globals enabled, you are not affected.
The following has changed since 1.2a:
* Fixed issue with group synchronization and nested groups * Added support for exclusion groups in addition to required groups ** Configured via $wgLDAPExcludedGroups; syntax the same as $wgLDAPRequiredGroups * Fixed check for returns with no entries * Added memberOf support * Added patch for getting user's primary group when using memberOf * Fixed group synchronization issue with memberOf support (patch by Teddy Reed) * Fixed problem with usernames containing parenthesis * Fixed warnings in PHP 5.2.10 when some entries weren't returned * Fixed issue with $wgLDAPGroupsPrevail * Fixed issue with mail temporary password button when email me a password support was enabled * Added support for non-standard ports ** Configured via $wgLDAPPort - see options documentation * Changed debug to output to a file ** Configured via $wgDebugLogGroups["ldap"] - see options documentation * Added support for modifying LDAP options when connecting ** Configured via $wgLDAPOptions - see options documentation * Added a security fix for register_globals users (seriously, turn register_globals off, if you have it on)
To download this version, please use the extension distributor (http://www.mediawiki.org/wiki/Special:ExtensionDistributor/LdapAuthenticatio...), select "Development version (trunk)", and click "Continue".
Respectfully,
Ryan Lane