If application provide one, use it. If application doesn't
provide one, use best of server advertised.
Fix SASL/ANONYMOUS (not normally used, but should work)
PLAIN is not currently working... might be local to me as my
Cyrus installation is a bit hosted.
the presence of a certain value in some other attribute. Used to
implement mailForwardingAddress both in addition to normal delivery
and excluding normal delivery, selectable entry by entry. The model
is mailDeliveryOption in Netscape MS. The implementation aims to
become more general, though. Affects "search-with-filter", any
entry can potentially use a parameter, introduced with "param=".
Optimize the case where we have to copy the message to an address that
is served by the directory. Formerly, we would have the MTA deal with
it and invoke mail500 again later. This has necessitated loading the
list of domains that are solved by us with "domain". A new definition,
"host", takes the role of the old "domain" that was the FQDN of our
host for routing loop avoidance.
part into something to check against the cn of entries. It is
supported again thorugh the selector %s in the search.
Explicitly initialize some pointers in automatic storage.
anyway. A new syntax is defined, "present", that indicates that
values of an attribute type are not used, only presence is
significant. To do routing at the MTA, define both mailHost and
mailRoutingAddress with syntax "present". Otherwise, use "host" and
"rfc822" and mail500 will try to do routing by itself, if possible.
Read the comments in the code for the ugly details.
Added a new configuration line "own-address" that describes the FQDN of
our host to compare with mailHost. The line can be repeated.
nested groups or the laser mail routing draft. Mostly, this is
because a flag saying the attribute type is 'final' is not flexible
enough. The old 'final' flag is gone and replaced by a priority
level.
Change 'forward' to 'route' to be consistent with the laser wording.
Add new 'domain' spec in the configuration file to describe what are
the local domains so that we do not loop when doing the laser thing.
We were escaping asterisks in filters. This seems incorrect. Removed.
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
extremely broken and I can only wonder how I got some much mileage out
of it. The problem is that we deal with pointers to the groups
themselves, either in current_group or current_to and current_nto.
These pointers would break on reallocs. So now the the basic togroups
is an array to pointers to Group. Since the array can be resized at
any time, what we actually pass around is pointer to an array of
pointers to Group or Group ***.
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
frontend to complete parsing of extended op reqdata.
Modify password extended operation to allow optional id (DN)
entry to change (not tested). Also, provide room to allow
server side password generation (not implemented). Added optional old
password field to support proxying (not implemented).
Need to implement replog() support.
user password. Likely to be modified to use bind control
instead. Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
