Hotfix 301-005
Changes
==============

All changes related to the LDAP ldap.properties configuration file.

1. ta.uid may now be different from rdn. This is particularly useful
   for Active Directory servers.
2. There is a new optional container attribute login.attribute. This
   specifies the attribute used for login. The default is the attribute
   mapped to the T.A. uid. login.attribute may be different from rdn and
   need not be mapped to any ta  attribute, that is, it need not be part
   of the ta user profile. This is also particularly useful for Active
   Directory servers.
3. Search.User and Search.Password are now supported as alternatives to
   AttributeSearch.User and AttributeSearch.Password. The latter are
   deprecated.
4. It is no longer necessary that the concatenation of rdn and base for
   a container constitute a full dn. If not, you must use authenticated
   search or anonymous search. If a login results in a search with
   multiple hits, the login is rejected simply with "invalid username
   and/or password". The ldap and session logs will provide the detail
   to the sysadmin.
5. Validation has been improved, for constraints documented in the sample
   ldap.properties, and in the LDAP System Administrator's  Guide.
6. The sample ldap.properties file has been updated to reflect (1) - (3),
   and to correct some errors in the original. The revised sample
   ldap.properties is included in this hotfix package as documentation
   only. It is not installed in the Maple T.A. installation. That is,
   the active ldap.properties file is not overwritten by this hotfix install.



Maple T.A
January 2008
