Blocker bugs

 - None

Major missing functionality

 - Password reset (conditional on capability)

 - Caching of users seems to fail

 - again with the failure of member property sets to take

Robustness and productization

 - determine between AD and regular LDAP in install (see Install.py
   bottom)

 - disabled plone text boxes don't look disabled
   either fix this, or change disabled action to be hidden + the text

 - LDAPMultiPlugin doesn't provide getGroupMembers; only matters when Group plugins
   of LDAPMulti are on. they're off by default.

Other todo items

 - add note about group listing to groups overview page, like on member overview

 - security declarations on new memberdata methods

 - Verify why user records just created are marked as "orphaned" in
   portal_memberdata. It could just be that they never logged in.

 - PlonePAS groups tool: assure API implementation

 - Should probably define group factory plugin

 - PAS.plugins.ZODBGroupManager.removeGroup tries to remove every user
   from group. Probably bad!

 - membership tool wrapUser stupidly uses roles attribute. we want it to
   use methods. until this is fixed, role mapping is broken

 - User and group deletion should zero out roles and properties and such.

 - LDAP

   * implement IUserIntrospection interface

   * default property mappings? at least for AD some should be possible.
     on intranet is 'mail' -> 'email'

Wishlist

 - a more PAS-centric Plone UI might be a good idea.

 - when LDAP (or any other non-mutable) and ZODB props installed, LDAP is higher priority.
   When trying to set non-mutable (LDAP-provided) properties, we do a no-op to prevent shadowing.
   Previously this was an error. However, this is not entirely satisfactory, as there is no
   notice to the user that a value is immutable; even worse, the value would appear to change, since
   personalize_form will display the value from the request.

 - better framework for non-envisioned-by-author migrations.
   see notes at bottom of Install.py

 - handle LDAPGroupFolder?
   see notes at bottom of Install.py

 - get GRUFMultiPlugin working for complex upgrades. Or is that too ugly?

 - seems LDAPMP doesn't provide properties on groups

Stuff to go upstream

 - PAS.searchUsers (and/or LDAP enumerateUsers) allows duplicates returned.

 - PlonePAS groups tool: move GRUF/PAS common bits into Plone
   GroupsTool, also interface

 - Plone should include GroupData in its GroupDataTool.py. After this,
   our GroupData or monkey-patch can use the Plone one.  Relatedly,
   wrapUsers and wrapGroups should have a way of specifying the wrapping
   object so it's easier to over-ride.

 - plugins.user.UserManager.addUser changes should go into PAS

 - PAS: listAssignedPrincipals doesn't properly fall back on None title.
   (using get with default isn't quite enough.)

 - need to not list too many members: either search only, or max results/list on low count

Questions

 - PAS role manager doesn't initially manage Owner. Why? And should we make it do so?
 
 - should getUsers abort if list is too long?

 - Should groups.getGroupById use new acl_users.getGroup?

 - do we want another schema-setting mechanism for properties plugin? (see note)
   related: sheet.py has the MutablePropertySheet schema coded in for
   several basic types. is this all we need?

 - does title not get to wrapped group?

 - MemberDataTool.searchFulltextForMembers need to be fixed? Nothing uses it.

 - install: 'setupRoles' needed? It's commented out and seems to be fine.

 - how does member.getRoles work in GRUF? what permission should it be
   in PlonePAS?
   (jcc note: I don't remember the original motivation behind this item.)

Notes

 - prefs_group_details and prefs_group_edit don't need to be
   customized for Plone 2.1 versions after 29 Apr 2005

 - I don't like where prefs_group_details form ends up. Should go back to
   prefs_group_members or itself. But, this is not a regression.

 - We're dependent on GRUF for groups tools. This isn't a problem for now,
   and GRUF will be around for a while. But Plone should provide the base
   for groups tools, not GRUF. See items above.

 - _doChangeGroup ignores groups to add. This doesn't bother Plone.

 - LDAP: property managers plugins are moved to top, and group plugins disabled
   I think this is sufficient, but are there more order changes needed?

 - hooked up ZODBMutableProperties plugin schema to MemberData
   properties as default, though it can support its own schema.
   Should probably note that other plugins may not do this.

 - schema changes with ZODBMutableProperties (as through
   MemberData) may not take place on all existing users unless the server
   is restarted. (we could clear the ZCache to fix this.)

 - join_form manages to call addPropertySheet (probably through
   _findUser, through getUserById) like six times.  may be for Anonymous.

 - I've seen some strange lag on property updates on
   ZOGBMutablePropertyManager. Haven't seen it recently. A caching thing?

Outstanding Tests

 - NOTE: I'm not entirely up with the status of tests. Some of these
   might be done.

 - adding, setting, deleting properties on users.

 - checking function of global roles (users and groups) and
   local roles (users and groups).

 - make sure we're not using a name mangling version.
