3.0.0 — 2021-07-19
------------------

- Dropped support for Django 3.0.

Breaking changes
^^^^^^^^^^^^^^^^

- Dropped deprecated setting ``AUTH_LDAP_CACHE_GROUPS``.
- Callables passed to ``AUTH_LDAP_SERVER_URI`` must now take a ``request`` positional argument.

2.4.0 - 2021-04-06
------------------

- Added support for Django 3.2.

2.3.0 - 2021-02-15
------------------

- Removed support for end of life Django 1.11. django-auth-ldap now requires
  Django 2.2+.
- Removed support for end of life Python 3.5.
- Added support for Django 3.1.
- Added support for Python 3.9.
- Removed ``dev-requirements.txt`` in favor of :doc:`tox <tox:index>`.

2.2.0 - 2020-06-02
------------------

- Added support for the escape argument in ``LDAPSearchUnion.execute()``.

2.1.1 - 2020-03-26

- Removed drepecated ``providing_args`` from ``Signal`` instances.

2.1.0 - 2019-12-03
------------------

- Reject authentication requests without a username.
- Added support for Django 3.0 and Python 3.8.
- Removed support for end of life Django 2.1.

2.0.0 - 2019-06-05
------------------

- Removed support for Python 2 and 3.4.
- Removed support for end of life Django 2.0.
- Added support for Django 2.2.
- Add testing and support for Python 3.7 with Django 1.11 and 2.1.
- When :setting:`AUTH_LDAP_SERVER_URI` is set to a callable, it is now passed a
  positional ``request`` argument. Support for no arguments will continue for
  backwards compatibility but will be removed in a future version.
- Added new :setting:`AUTH_LDAP_NO_NEW_USERS` to prevent the creation of new
  users during authentication. Any users not already in the Django user
  database will not be able to login.

1.6.1 - 2018-06-02
------------------

- Renamed ``requirements.txt`` to ``dev-requirements.txt`` to fix Read the Docs
  build.

1.6.0 - 2018-06-02
------------------

- Updated ``LDAPBackend.authenticate()`` signature to match Django's
  documentation.
- Fixed group membership queries with DNs containing non-ascii characters on
  Python 2.7.
- The setting :setting:`AUTH_LDAP_CACHE_TIMEOUT` now replaces deprecated
  `AUTH_LDAP_CACHE_GROUPS` and `AUTH_LDAP_GROUP_CACHE_TIMEOUT`. In addition to
  caching groups, it also controls caching of distinguished names (which were
  previously cached by default). A compatibility shim is provided so the
  deprecated settings will continue to work.

1.5.0 - 2018-04-18
------------------

- django-auth-ldap is now hosted at
  https://github.com/django-auth-ldap/django-auth-ldap.

- Removed NISGroupType class. It searched by attribute nisNetgroupTriple, which
  has no defined EQAULITY rule.

- The python-ldap library is now initialized with ``bytes_mode=False``,
  requiring all LDAP values to be handled as Unicode text (``str`` in Python 3
  and ``unicode`` in Python 2), not bytes. For additional information, see the
  python-ldap documentation on :ref:`bytes mode <text-bytes>`.

- Removed deprecated function ``LDAPBackend.get_or_create_user()``. Use
  :meth:`~django_auth_ldap.backend.LDAPBackend.get_or_build_user` instead.


1.4.0 - 2018-03-22
------------------

- Honor the attrlist argument to :setting:`AUTH_LDAP_GROUP_SEARCH`

- **Backwards incompatible**: Removed support for Django < 1.11.

- Support for Python 2.7 and 3.4+ now handled by the same dependency,
  `python-ldap >= 3.0 <https://pypi.org/project/python-ldap/>`_.


1.3.0 - 2017-11-20
------------------

- **Backwards incompatible**: Removed support for obsolete versions of
  Django (<=1.7, plus 1.9).

- Delay saving new users as long as possible. This will allow
  :setting:`AUTH_LDAP_USER_ATTR_MAP` to populate required fields before creating
  a new Django user.

  ``LDAPBackend.get_or_create_user()`` is now
  :meth:`~django_auth_ldap.backend.LDAPBackend.get_or_build_user` to avoid
  confusion. The old name may still be overridden for now.

- Support querying by a field other than the username field with
  :setting:`AUTH_LDAP_USER_QUERY_FIELD`.

- New method
  :meth:`~django_auth_ldap.backend.LDAPBackend.authenticate_ldap_user` to
  provide pre- and post-authentication hooks.

- Add support for Django 2.0.


1.2.16 - 2017-09-30
-------------------

- Better cache key sanitizing.

- Improved handling of LDAPError. A case existed where the error would not get
  caught while loading group permissions.


1.2.15 - 2017-08-17
-------------------

- Improved documentation for finding the official repository and contributing.


1.2.14 - 2017-07-24
-------------------

- Under search/bind mode, the user's DN will now be cached for
  performance.


1.2.13 - 2017-06-19
-------------------

- Support selective group mirroring with :setting:`AUTH_LDAP_MIRROR_GROUPS` and
  :setting:`AUTH_LDAP_MIRROR_GROUPS_EXCEPT`.

- Work around Django 1.11 bug with multiple authentication backends.


1.2.12 - 2017-05-20
-------------------

- Support for complex group queries via
  :class:`~django_auth_ldap.config.LDAPGroupQuery`.


1.2.11 - 2017-04-22
-------------------

- Some more descriptive object representations.

- Improved tox.ini organization.


1.2.9 - 2017-02-14
------------------

- Ignore python-ldap documentation and accept ``ldap.RES_SEARCH_ENTRY`` from
  :meth:`ldap.LDAPObject.result`.


1.2.8 - 2016-04-18
------------------

- Add :setting:`AUTH_LDAP_USER_ATTRLIST` to override the set of attributes
  requested from the LDAP server.


1.2.7 - 2015-09-29
------------------

- Support Python 3 with `pyldap <https://pypi.org/project/pyldap/>`_.


1.2.6 - 2015-03-29
------------------

- Performance improvements to group mirroring (from
  `Denver Janke <https://bitbucket.org/denverjanke>`_).

- Add :data:`django_auth_ldap.backend.ldap_error` signal for custom handling of
  :exc:`~ldap.LDAPError` exceptions.

- Add :data:`django_auth_ldap.backend.LDAPBackend.default_settings` for
  per-subclass default settings.


1.2.5 - 2015-01-30
------------------

- Fix interaction between :setting:`AUTH_LDAP_AUTHORIZE_ALL_USERS` and
  :setting:`AUTH_LDAP_USER_SEARCH`.


1.2.4 - 2014-12-28
------------------

- Add support for nisNetgroup groups (thanks to Christopher Bartz).


1.2.3 - 2014-11-18
------------------

- Improved escaping for filter strings.

- Accept (and ignore) arbitrary keyword arguments to
  ``LDAPBackend.authenticate``.


1.2.2 - 2014-09-22
------------------

- Include test harness in source distribution. Some package maintainers find
  this helpful.


1.2.1 - 2014-08-24
------------------

- More verbose log messages for authentication failures.


1.2.0 - 2014-04-10
------------------

- django-auth-ldap now provides experimental Python 3 support. Python 2.5 was
  dropped.

  To sum up, django-auth-ldap works with Python 2.6, 2.7, 3.3 and 3.4.

  Since python-ldap isn't making progress toward Python 3, if you're using
  Python 3, you need to install a fork:

  .. code-block:: bash

      $ pip install git+https://github.com/rbarrois/python-ldap.git@py3

  Thanks to `Aymeric Augustin <https://myks.org/en/>`_ for making this happen.


1.1.8 - 2014-02-01
------------------

* Update :class:`~django_auth_ldap.config.LDAPSearchUnion` to work for group
  searches in addition to user searches.

* Tox no longer supports Python 2.5, so our tests now run on 2.6 and 2.7 only.


1.1.7 - 2013-11-19
------------------

* Bug fix: :setting:`AUTH_LDAP_GLOBAL_OPTIONS` could be ignored in some cases
  (such as :func:`~django_auth_ldap.backend.LDAPBackend.populate_user`).


1.1.5 - 2013-10-25
------------------

* Support POSIX group permissions with no gidNumber attribute.

* Support multiple group DNs for \*_FLAGS_BY_GROUP.


1.1.4 - 2013-03-09
------------------

* Add support for Django 1.5's custom user models.


1.1.3 - 2013-01-05
------------------

* Reject empty passwords by default.

  Unless :setting:`AUTH_LDAP_PERMIT_EMPTY_PASSWORD` is set to True,
  LDAPBackend.authenticate() will immediately return None if the password is
  empty. This is technically backwards-incompatible, but it's a more secure
  default for those LDAP servers that are configured such that binds without
  passwords always succeed.

* Add support for pickling LDAP-authenticated users.