mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
2003 lines
54 KiB
Plaintext
2003 lines
54 KiB
Plaintext
changes form 0.6.1 to 0.6.2
|
|
---------------------------
|
|
|
|
* all user and group names are now checked for validity are specified in the
|
|
POSIX Portable Filename Character Set
|
|
* support retrieval of ranged attribute values as sometimes returned by Active
|
|
Directory
|
|
* added the threads keyword to configure the number of threads that should be
|
|
started in nslcd
|
|
* handle empty netgroups properly
|
|
* change the time out and retry mechanism for connecting to the LDAP server to
|
|
return an error quickly if the LDAP server is known to be unavailable for a
|
|
long time (this removed the reconnect_tries option and changes the meaning
|
|
of the reconnect_sleeptime and reconnect_maxsleeptime options)
|
|
* increased the time out values between the NSS module and nslcd because of
|
|
new retry mechanism
|
|
* implement new dict and set modules that use a hashtable to map keys
|
|
efficiently
|
|
* use the new set to store group membership to simplify memory management and
|
|
eliminate duplicate members
|
|
* the uniqueMember attribute now only supports DN values
|
|
* implement a cache for DN to user name lookups (15 minute timeout) used for
|
|
the uniqueMember attribute to save on doing LDAP searches for groups with a
|
|
lot of members, based on a patch by Petter Reinholdtsen
|
|
* improvements to the tests
|
|
* if any of the ldap calls return LDAP_UNAVAILABLE or LDAP_SERVER_DOWN the
|
|
connection is closed
|
|
* improve dependencies in LSB init script header to improve dependency based
|
|
booting
|
|
|
|
|
|
changes from 0.6 to 0.6.1
|
|
-------------------------
|
|
|
|
* numerous small fixes and compatibility improvements
|
|
* the I/O buffers between nslcd and NSS module are now dynamically sized and
|
|
tuned for common requests
|
|
* correctly follow referrals
|
|
* add StartTLS support by Ralf Haferkamp of SuSE
|
|
* miscellaneous documentation improvements
|
|
* remove code for handling rootbinddn/pw because it is unlikely to be
|
|
supported any time soon
|
|
* fix a problem with realloc()ed memory that was not referenced
|
|
* fix for a crash in group membership buffer growing code thanks to Petter
|
|
Reinholdtsen
|
|
* some improvements to the Active Directory sample configuration
|
|
* fix init script exit code with stop while not running
|
|
* fixes to the _nss_ldap_initgroups_dyn() function to properly handle the
|
|
buffer and limits passed by Glibc
|
|
* fixes to the member to groups search functions to correctly handle
|
|
uniqueMember attributes
|
|
* only return shadow entries to root users
|
|
* miscellaneous Debian packaging improvements
|
|
|
|
|
|
changes from 0.5 to 0.6
|
|
-----------------------
|
|
|
|
* fix parsing of map option in nss-ldapd.conf
|
|
* fix bug in handling of userPassword values
|
|
* remove warning about missing loginShell attribute
|
|
* support the uniqueMember LDAP attribute that holds DN values
|
|
* support ldap as a compat service in /etc/nsswitch.conf
|
|
* implement _nss_ldap_initgroups_dyn() to allow username->groups searches
|
|
* fix retry mechanism with get*ent() functions where a too small buffer was
|
|
passed by libc (to support groups with a lot of members)
|
|
* fix a bug in reporting of communications problems between nslcd and the NSS
|
|
library
|
|
* test and log failures of all LDAP library calls
|
|
* improved tests
|
|
* miscellaneous compatibility improvements to try to support more LDAP
|
|
libraries and platforms
|
|
* support compilation with OpenLDAP 2.4 and newer
|
|
* some configure script improvements
|
|
* Debian packaging improvements
|
|
|
|
|
|
changes from 0.4.1 to 0.5
|
|
-------------------------
|
|
|
|
* major structural changes in the LDAP lookup code using a newly implemented
|
|
module that does memory management, session handling, paging and all other
|
|
painful things with a simple interface
|
|
* rewritten LDAP query and result handling code, now generating warnings
|
|
about incorrect entries in the LDAP directory
|
|
* IPv6 addresses in host lookups are now supported
|
|
* added Kerberos ccname support (with the krb5_ccname option) thanks to
|
|
Andreas Schneider and Ralf Haferkamp from SuSE and remove --with-gssapi-dir,
|
|
--enable-configurable-krb5-ccname-gssapi and
|
|
--enable-configurable-krb5-ccname-env configure options and having automatic
|
|
detection instead
|
|
* added support for DNS SRV record lookups by specifying DNS as uri thanks to
|
|
Ralf Haferkamp and Michael Calmer from SuSE
|
|
* added support for DOMAIN as base DN which uses the host's domain to
|
|
construct a DN
|
|
* removed nss_connect_policy, bind_policy and sizelimit options
|
|
* cleaned up and documented reconnect logic with reconnect_tries,
|
|
reconnect_sleeptime and reconnect_maxsleeptime options
|
|
* configuration values with spaces in them (e.g. distinguished names) are now
|
|
handled properly
|
|
* fix a small memory leak in the I/O module
|
|
* miscellaneous code improvements (better source code comments, more
|
|
consistent logging, portability improvements, more tests, etc)
|
|
* improvements to documentation
|
|
|
|
|
|
changes from 0.4 to 0.4.1
|
|
-------------------------
|
|
|
|
* added French debconf translation by Cyril Brulebois
|
|
* added Japanese debconf translation by Kenshi Muto
|
|
* fix a problem with network name lookups where the lookup would result
|
|
in the wrong call to nslcd
|
|
* fix wrong default filter for rpc lookups
|
|
* fix a number of memory leaks (thanks valgrind)
|
|
(all memory leaks during normal operation should be fixed now)
|
|
|
|
|
|
changes from 0.3 to 0.4
|
|
-----------------------
|
|
|
|
* remove nss_schema configfile option
|
|
* temporary remove support for uniqueMember group membership attributes (will
|
|
be re-added in a later release)
|
|
* removed support for nested groups, if this is really needed (please ask or
|
|
file a bug if you want it) it can be re-added later on
|
|
* added missing docbook sources for manual pages to tarball
|
|
* major cleanups and simplifications in the core LDAP query code (we don't
|
|
need to worry about SIGPIPE because nslcd does that globally, locking
|
|
because a connection is only used by one thread) and more simplifications in
|
|
the the LDAP connection and query state
|
|
* get base, scope, filter and map configfile directives properly working
|
|
* simplifications in LDAP reconnect logic (some work remains to be done in
|
|
this area)
|
|
* issue warnings or errors for untested or unsupported configuration options
|
|
* properly handle multiple URIs in Debian configuration
|
|
* documentation improvements
|
|
|
|
|
|
changes from 0.2.1 to 0.3
|
|
-------------------------
|
|
|
|
* a bug in the communication buffer handling code was fixed
|
|
* a bug in the dictionary code was fixed (code not yet in use)
|
|
* a fix for the init script that used a wrong pidfile
|
|
* configuration file handling code was rewritten to be better maintainable
|
|
* some configuration file options have changed which means that compatibility
|
|
with the nss_ldap configuration file is lost
|
|
* configuration syntax is now documented in the nss-ldapd.conf(5) manual page
|
|
* support for dnsconfig was removed
|
|
* the configuration file no longer supports using multiple search bases
|
|
* removed nss_initgroups and nss_initgroups_ignoreusers options
|
|
* removed --enable-paged-results configure option and use pagesize
|
|
configuration file option to specify usage of paging at runtime
|
|
* added Portuguese debconf translation by Américo Monteiro
|
|
* Debian package configuration improvements and simplifications
|
|
* use docbook2x-man for generating manual pages
|
|
* miscellaneous documentation improvements including improved manual pages
|
|
* general code reorganisation and clean-ups to achieve another 9% code
|
|
reduction relative to 0.2.1 release (more than 40% relative to nss_ldap)
|
|
* SASL, Kerberos and SSL/TLS support remain untested
|
|
|
|
|
|
changes from 0.2 to 0.2.1
|
|
-------------------------
|
|
|
|
* fix permissions of server socket (this fixes a problem where non-root users
|
|
were unable to do lookups)
|
|
* fix configure script to properly check for pthread support
|
|
* small code improvements
|
|
* general build system cleanups
|
|
|
|
|
|
changes from 0.1 to 0.2
|
|
-----------------------
|
|
|
|
* fixes to the netgroup lookup code
|
|
* more simplifications and improvements in the code almost 5% code reduction
|
|
(compared to release 0.1) and 37% reduction in gcc warnings (from 443 in 251
|
|
to 389 in 0.1 and 244 in 0.2)
|
|
* a lot of code improvements thanks to flawfinder, more gcc warnings, splint
|
|
and rats
|
|
* license change from GNU Library General Public License to GNU Lesser General
|
|
Public License (with the permission of Luke Howard)
|
|
* fix logging code to be cleaner and always use our own logging module
|
|
* a start has been made to make the code more testable and initial work to set
|
|
up a testing framework has been done
|
|
* implemented a timeout mechanism in the communication between the NSS part
|
|
and the nslcd server part
|
|
|
|
|
|
changes from nss_ldap 251 to nss-ldapd 0.1
|
|
------------------------------------------
|
|
|
|
* initial release of nss-ldapd (should be functional but not yet stable enough
|
|
for production use)
|
|
* fork from the nss_ldap which was originally written by Luke Howard of PADL
|
|
Software Pty Ltd. changing package name to nss-ldapd and versioning scheme
|
|
* the functionality was split into a thin NSS library and a simple daemon
|
|
proxying the requests to the LDAP server (see README for rationale)
|
|
* a lot of dead and old compatibility code was removed (about 25% of the code
|
|
was removed) (more simplifications to come)
|
|
* the test code was rewritten
|
|
* build script simplifications
|
|
* default configuration file has been changed to /etc/nss-ldapd.conf
|
|
* most documentation has been updated and rewritten
|
|
* dropped support for non-glibc NSS interfaces and assumed OpenLDAP compatible
|
|
library
|
|
|
|
|
|
changes from 250 to 251
|
|
-----------------------
|
|
|
|
* remove doc/rfc2307.txt, it is available from
|
|
http://www.ietf.org/rfc/rfc2307.txt
|
|
* make objectClass a mappable attribute
|
|
|
|
|
|
changes from 249 to 250
|
|
-----------------------
|
|
|
|
* don't use static _nss_ldap_no_members buffer, causes crash when nss_ldap is
|
|
unloaded and memory is still referenced
|
|
* fix for BUG#249: tcsh closes file descriptors, confuses nss_ldap and hangs
|
|
(from David Houlder)
|
|
* fix for BUG#257: initgroups() broken in RFC2307bis support disabled
|
|
* fix for BUG#261: sslpath example wrong
|
|
* fix for BUG#263: compile do_triple_permutations() when IRS enabled
|
|
|
|
|
|
changes from 248 to 249
|
|
-----------------------
|
|
|
|
* fix for BUG#253: build broken on AIX
|
|
* fix for BUG#255: deadlock in initgroups
|
|
|
|
|
|
changes from 247 to 248
|
|
-----------------------
|
|
|
|
* fix regression in per-objectclass attribute mapping introduced in
|
|
nss_ldap-246
|
|
|
|
|
|
changes from 246 to 247
|
|
-----------------------
|
|
|
|
* double-check *ld != NULL even if mapped eror return from ldap_initialize()
|
|
returns NSS_SUCCESS
|
|
|
|
|
|
changes from 245 to 246
|
|
-----------------------
|
|
|
|
* paged results and RFC2307bis support are now always compiled in; they are by
|
|
default disabled unless you configured with --enable-paged-results and
|
|
--enable-rfc2307bis, respectively. See nss_ldap(5) for configuration
|
|
options.
|
|
* fix for BUG#219: paged results delivers wrong results
|
|
* fix for BUG#222: use asynchronous start TLS if available, using bind_timeout
|
|
value
|
|
* fix for BUG#235: make DNS SRV lookup domain configurable (nss_srv_domain)
|
|
* fix for BUG#240: return "*" rather than "x" for userPassword if not present
|
|
* fix for BUG#245: paged results broken since nss_ldap-241
|
|
* patch from Ralf Haferkamp <rhafer@suse.de>: compile fix for IPv6
|
|
* compile for Solaris
|
|
* schema mapping is always enabled, cleanup schema mapping code
|
|
* allow for map-specific objectclass mapping
|
|
* partial implementation of Solaris Simplified LDAP API, allows automountd
|
|
support on Solaris via nss_ldap
|
|
* for Linux automounter, always close connection after endautomntent() to
|
|
avoid persistent connection
|
|
* add nss_connect_policy argument to ldap.conf
|
|
|
|
|
|
changes from 244 to 245
|
|
-----------------------
|
|
|
|
* don't leak LDAP connection if do_bind() failed or descriptor owner had
|
|
changed. If do_bind() failed the underlying descriptor would also be leaked,
|
|
causing a large number of sockets to be consumed during failover
|
|
* add nss_initgroups_ignoreusers parameter to ldap.conf, returns NOTFOUND if
|
|
nss_ldap's initgroups() is called for users (comma separated)
|
|
* try to deal with systems that have headers for both versions of the SASL
|
|
library installed
|
|
* better logging of failed connections and reconnections
|
|
* patch from Dean Michaels <dean@interdynamix.com>: build with Netscape 5
|
|
library on Solaris
|
|
* patch from Ralf Haferkamp <rhafer@suse.de>: manual page fix to bind_policy
|
|
|
|
|
|
changes from 243 to 244
|
|
-----------------------
|
|
|
|
* patch from Ralf Haferkamp <rhafer@suse.de>: enusre bytesleft macro does not
|
|
return values < 0
|
|
* include <sys/param.h> in ldap-nss.c
|
|
|
|
|
|
changes from 242 to 243
|
|
-----------------------
|
|
|
|
* fix for BUG#225: invalid pointer dereferencing when reading rootpw
|
|
|
|
|
|
changes from 241 to 242
|
|
-----------------------
|
|
|
|
* fixes for compiling on Solaris 10
|
|
|
|
|
|
changes from 240 to 241
|
|
-----------------------
|
|
|
|
* new, more robust reconnection logic
|
|
* both "host" and "uri" directives can be used in ldap.conf
|
|
* new (undocumented) nss_reconnect_tries, nss_reconnect_sleeptime,
|
|
nss_reconnect_maxsleeptime, nss_reconnect_maxconntries directives
|
|
* reload configuration file if changed
|
|
|
|
|
|
changes from 239 to 240
|
|
-----------------------
|
|
|
|
* new API for resolving automounts (requires custom autofs plugin for Linux at
|
|
present): _nss_ldap_setautomntent(), _nss_ldap_getautomntent(),
|
|
_nss_ldap_endautomntent(), _nss_ldap_getautomntbyname_r()
|
|
* fix for BUG#200: rename SOCKLEN_T as it conflicts on AIX
|
|
* fix for BUG#205: accept line feeds in ldap.conf
|
|
* fix for BUG#211: nss_ldap fails to start TLS on referred connections
|
|
* fix for BUG#213: initgroups crash if RFC2307bis undefined
|
|
* turn down reconnection logging volume
|
|
|
|
|
|
changes from 238 to 239
|
|
-----------------------
|
|
|
|
* support for initgroups using backlinks (selectable at runtime if RFC2307bis
|
|
support is enabled, using the nss_initgroups backlink configuration
|
|
directive)
|
|
* support for dynamically expanding filter sizes
|
|
* from Peter Marschall <peter@adpm.de>: revert the deletion of blanks/tabs in
|
|
ldap.conf that happened between 235 and 238
|
|
* from Peter Marschall <peter@adpm.de>: This patch changes configure.in and
|
|
Makefile.am so that ldap.conf gets installed in the place and with the name
|
|
that is given to the configure option --with-ldap-conf-file. In addition to
|
|
that it fixes a long standing bug in Makefile.am that tries to install a
|
|
file before the destination directory is guaranteed to be created (hunk #3),
|
|
and uses $(mkinstalldirs) for AIX (hunk #2).
|
|
|
|
|
|
changes from 237 to 238
|
|
-----------------------
|
|
|
|
* more manual page updates
|
|
|
|
|
|
changes from 236 to 237
|
|
-----------------------
|
|
|
|
* more manual page updates
|
|
|
|
|
|
changes from 235 to 236
|
|
-----------------------
|
|
|
|
* fix for BUG#201: typo in ldap-schema.c causing build to fail
|
|
* add manual page for nss_ldap
|
|
|
|
|
|
changes from 234 to 235
|
|
-----------------------
|
|
|
|
* fix for BUG#198: make pagesize configurable
|
|
* fix for BUG#199: correct fix for BUG#138 (blind last char remove in
|
|
ldap.secret)
|
|
|
|
|
|
changes from 233 to 234
|
|
-----------------------
|
|
|
|
* don't reacquire global lock in do_next_page()
|
|
* restore old "bind_policy hard" behaviour (don't try to reconnect if
|
|
initialization failed). The behaviour introduced in nss_ldap-227 can be
|
|
enabled with "bind_policy hard_init".
|
|
|
|
|
|
changes from 232 to 233
|
|
-----------------------
|
|
|
|
* if do_open() returns NSS_UNAVAIL, don't try to do server reconnect; only do
|
|
it if NSS_TRYAGAIN is returned This should fix the problems introduced by
|
|
the fixes in nss_ldap-227 (delayed binding)
|
|
|
|
|
|
changes from 231 to 232
|
|
-----------------------
|
|
|
|
* fix for BUG#138 (blind last char remove in ldap.secret)
|
|
|
|
|
|
changes from 229 to 230
|
|
-----------------------
|
|
|
|
* don't free gss_krb5_ccache_name() output (Heimdal)
|
|
|
|
|
|
changes from 228 to 229
|
|
-----------------------
|
|
|
|
* more debugging in initgroups and _nss_ldap_getentry()
|
|
* fix _nss_ldap_getentry() enumeration behaviour, and optimize by not
|
|
searching if the requested attribute cannot be mapped
|
|
|
|
|
|
changes from 227 to 228
|
|
-----------------------
|
|
|
|
* fix for BUG#188: better documentation for OpenLDAP SSL options
|
|
* fix for BUG#189: do not configure tls_checkpeer unless it is explicitly
|
|
specifier in ldap.conf
|
|
* fix for BUG#190: set ls_state to LS_UNINITIALIZED after fork
|
|
|
|
|
|
changes from 226 to 227
|
|
-----------------------
|
|
|
|
* separate initializing LDAP session with actually connecting to the DSA, so
|
|
that we don't try to bind until we actually need to search (which allows the
|
|
retry logic in the search function to also apply to binding). NB: this will
|
|
only provide improved behavior for LDAP client libraries that support
|
|
ldap_init() or ldap_initialize() rather than ldap_open
|
|
* fix for BUG#183: support pw_change and pw_expire on BSD
|
|
* fix for BUG#187: NSS_BUFLEN_DEFAULT causing problems on IRS platforms
|
|
* fix for glibc 2.1 from Alexander Spannagel
|
|
|
|
|
|
changes from 225 to 226
|
|
-----------------------
|
|
|
|
* make LDAP_NSS_NGROUPS configurable with --with-ngroups (experts only) option
|
|
|
|
|
|
changes from 224 to 225
|
|
-----------------------
|
|
|
|
* make LDAP_NSS_NGROUPS 64 - better choice for small directories
|
|
|
|
|
|
changes from 223 to 224
|
|
-----------------------
|
|
|
|
* don't double-free on realloc() failure in do_parse_group_members()
|
|
* don't pass LDAP session as an argument, as it may refer to a stale LDAP
|
|
handle. If this does not work we will need to replace LDAPMessage pointers
|
|
with pointers to a structure that contains a reference-counted LDAP handle
|
|
as well as the message
|
|
* fix crasher when internal group membership buffer was reallocated
|
|
(introduced with nested group expansion code)
|
|
* immediately return NSS_TRYAGAIN and errno=ERANGE if there is not enough
|
|
buffer space to handle LDAP_NSS_NGROUPS groups; this prevents getgrXXX()
|
|
from expensive repeated directory searches when there is a priori knowledge
|
|
that group memberships are large
|
|
|
|
|
|
changes from 222 to 223
|
|
-----------------------
|
|
|
|
* allow empty lines in /etc/ldap.conf
|
|
* do loop detection in nested groups
|
|
* fixes for building with IRS on FreeBSD 4.10
|
|
|
|
|
|
changes from 221 to 222
|
|
-----------------------
|
|
|
|
* fix deadlock in _nss_ldap_getentry()
|
|
* support more AIX usersec attributes
|
|
* more AIX porting fixes
|
|
* support Heimdal as well as MIT Kerberos
|
|
|
|
|
|
changes from 220 to 221
|
|
-----------------------
|
|
|
|
* AIX fix from <carlos.celso@embraer.com.br> Recall #169033
|
|
* support for expansion of nested RFC2307bis groups
|
|
* support for searching using range retrieval
|
|
* fix memory leak with private contexts
|
|
* fix memory leak in do_result()
|
|
* implement _nss_ldap_getentry for AIX enumeration
|
|
* implement netgroups for IRS/AIX
|
|
* remove dependency on Berkeley DB - schema mapping and RFC2307bis no longer
|
|
requires DB
|
|
* remove old NeXT cruft in resolve.c
|
|
|
|
|
|
changes from 218 to 220
|
|
-----------------------
|
|
|
|
* fix for BUG#169: getntohost() on Solaris
|
|
* fix for BUG#170: _nss_ldap_getgroupsbymember_r fails to return all groups
|
|
when NSCD is running and attribute mapping is enabled on Solaris
|
|
* fix for BUG#173: reinstate use of sigaction() (XXX what is the correct fix
|
|
here?)
|
|
* fix for BUG#174: innetgr() depth checking
|
|
|
|
|
|
changes from 217 to 218
|
|
-----------------------
|
|
|
|
* fix for BUG#168: set errnop to ENOENT if not found
|
|
* check for -lgssapi before -lgssapi_krb5
|
|
|
|
|
|
changes from 216 to 217
|
|
-----------------------
|
|
|
|
* fix for BUG#167: compilation fails on Solaris
|
|
|
|
|
|
changes from 215 to 216
|
|
-----------------------
|
|
|
|
* patch from Thorsten Kukuk to avoid overwriting sockaddr storage for IPv6;
|
|
use struct sockaddr_storage if available
|
|
* fix for BUG#153: use asynchronous search API in initgroups()
|
|
* fix for BUG#157: check for __pthread_once rather than __pthread_atfork on
|
|
glibc, as the latter is no longer exported
|
|
* fix for BUG#158: escape netgroup search filters correctly
|
|
* fix for BUG#161: remove redundant lock in _nss_ldap_innetgr()
|
|
* fix for BUG#164: set schema element array size to LM_NONE + 1 not LM_NONE
|
|
* fix for BUG#165: make _nss_ldap_result() private
|
|
* fix for BUG#166: chase all nested netgroups in innetgr()
|
|
* fix deadlock if getXXXent() called without first calling setXXXent()
|
|
* only request gidNumber attribute when initgroups() (avoids sending back rest
|
|
of a group's entry)
|
|
* don't request any attributes when mapping a user to a DN (we want the DN
|
|
only)
|
|
|
|
|
|
changes from 214 to 215
|
|
-----------------------
|
|
|
|
* choose between using native GSS-API and putenv() for setting ccache path
|
|
* per-map attribute mapping for attributes that appear in multiple maps
|
|
|
|
|
|
changes from 213 to 214
|
|
-----------------------
|
|
|
|
* define LDAP_DEPRECATED for compiling against OpenLDAP 2.2
|
|
|
|
|
|
changes from 212 to 213
|
|
-----------------------
|
|
|
|
* fix netgroup compilation error when debugging is enabled
|
|
* support GSS-API for setting ccache name
|
|
* initgroups() should require user to be a POSIX account
|
|
* define LOGNAME_MAX for HP-UX
|
|
* do not use sigprocmask() - this blocks rather than disabling signals
|
|
* SASL version check fix from Howard Chu
|
|
|
|
|
|
changes from 211 to 212
|
|
-----------------------
|
|
|
|
* Solaris netgroup support test release
|
|
* fix crasher in do_sasl_interact()
|
|
* do_sasl_interact() needs to strdup() result for Cyrus SASL 1.x but not 2.x
|
|
* merge in LDAP debug patch from Howard Chu
|
|
* try alternate search descriptors on NSS_NOTFOUND as well as NSS_SUCCESS
|
|
|
|
|
|
changes from 210 to 211
|
|
-----------------------
|
|
|
|
* do AT_OC_MAP cache initialization at config init
|
|
* BSD build fixes
|
|
* replace [h]errno2nssstat lookup tables with switch statement; should help
|
|
building on AIX!
|
|
|
|
|
|
changes from 209 to 210
|
|
-----------------------
|
|
|
|
* initialize DBT structures
|
|
* fix SASL crasher
|
|
|
|
|
|
changes from 208 to 209
|
|
-----------------------
|
|
|
|
* fix SASL breakage
|
|
|
|
|
|
changes from 207 to 208
|
|
-----------------------
|
|
|
|
* use socklen_t not int
|
|
* remove OpenLDAP SASL code
|
|
* incorporated patches from (see below) Geert Jansen
|
|
* add the "sasl_secprops" option to configure SASL security layers (usage as
|
|
for OpenLDAP ldap.conf)
|
|
* add the "krb5_ccname" option to specify the location of the Kerberos ticket
|
|
cache (requires --enable-configurable-krb5-ccname for now as it is a fairly
|
|
coarse solution to a lack of appropriate API in the Kerberos libraries)
|
|
* add support for native Active Directory password policy attributes (enabled
|
|
if shadowLastChange is mapped to pwdLastSet)
|
|
* add "nss_override_attribute_value" and "nss_default_attribute_value"
|
|
keywords for over- riding and setting default attribute values, respectively
|
|
|
|
|
|
changes from 205 to 207
|
|
-----------------------
|
|
|
|
* work without LDAP_OPT_X_TLS_RANDOM_FILE
|
|
* fix schema mapping regression from nss_ldap-205; attribute mapping now works
|
|
again
|
|
|
|
|
|
changes from 204 to 205
|
|
-----------------------
|
|
|
|
* build with Sleepycat DB without db185 compat layer (tested with 4.x; needs
|
|
testing on 3.x)
|
|
|
|
|
|
changes from 203 to 204
|
|
-----------------------
|
|
|
|
* Linux netgroup implementation from Larry Lile
|
|
* Multiple service search descriptor support from Symas
|
|
* IPv6 patch from Thorsten Kukuk at SuSE
|
|
|
|
|
|
changes from 202 to 203
|
|
-----------------------
|
|
|
|
* fix for BUG#115
|
|
* fix for BUG#121
|
|
|
|
|
|
changes from 201 to 202
|
|
-----------------------
|
|
|
|
* getsockname() fixes from Howard Chu
|
|
* configuration parser crasher fix
|
|
|
|
|
|
changes from 200 to 201
|
|
-----------------------
|
|
|
|
* Berkeley DB fixes from Howard Chu
|
|
* Netscape client library build fix
|
|
|
|
|
|
changes from 199 to 200
|
|
-----------------------
|
|
|
|
* use sigprocmask() if available to block SIGPIPE
|
|
* fix build breakage with OpenLDAP HEAD
|
|
|
|
|
|
changes from 198 to 199
|
|
-----------------------
|
|
|
|
* HP-UX port
|
|
* BUG#111: incorrect debugging statement in _nss_ldap_enter()
|
|
* export required symbols only on Linux
|
|
* corrected symbol names for glibc alias enumeration functions
|
|
* the DNS response parser doesn't stop after parsing the right number of
|
|
records, and doesn't handle long responses (Nalin at RedHat)
|
|
|
|
|
|
changes from 197 to 198
|
|
-----------------------
|
|
|
|
* BUG#108: fix potential buffer overflow in dnsconfig.c (could be triggered if
|
|
no flat file configuration for nss_ldap and large DNS SRV data for domain;
|
|
because nss_ldap in SRV mode trusts DNS we do not believe this to be
|
|
exploitable to elevate privilege in the default configuration)
|
|
* do not malloc() configuration structure; use buffer
|
|
|
|
|
|
changes from 196 to 197
|
|
-----------------------
|
|
|
|
* improved AIX documentation from Dejan Muhamedagic
|
|
* define LDAP_OPT_SSL for Solaris 9
|
|
|
|
|
|
changes from 195 to 196
|
|
-----------------------
|
|
|
|
* return NSS_TRYAGAIN not NSS_NOTFOUND for insufficient buffer space in
|
|
dn2uid_cache_get()
|
|
* support automake 1.5 and friends
|
|
* out of box build on AIX 4.3.3
|
|
* fixed BUG#104: do_ssl_options() return code ignored
|
|
|
|
|
|
changes from 194 to 195
|
|
-----------------------
|
|
|
|
* fixed BUG#98: large groups cause buffer length wraparound with rfc2307bis
|
|
|
|
|
|
changes from 193 to 194
|
|
-----------------------
|
|
|
|
* bugfix for Debian Bug report #147553: lack of global mutex use in
|
|
initgroups()
|
|
|
|
|
|
changes from 192 to 193
|
|
-----------------------
|
|
|
|
* support for PADL GSS-SASL client library
|
|
|
|
|
|
changes from 191 to 192
|
|
-----------------------
|
|
|
|
* more carefully compare cached socket and peer addresses
|
|
|
|
|
|
changes from 190 to 191
|
|
-----------------------
|
|
|
|
* added configurable [hard|soft] reconnect, see the bind_policy parameter in
|
|
ldap.conf.
|
|
|
|
|
|
changes from 189 to 190
|
|
-----------------------
|
|
|
|
* check for Netscape 4 SDK without SSL; don't require pthreads for these
|
|
|
|
|
|
changes from 188 to 189
|
|
-----------------------
|
|
|
|
* patch for building on OpenLDAP 1.x from Nalin at RedHat
|
|
|
|
|
|
changes from 187 to 188
|
|
-----------------------
|
|
|
|
* specify runtime path for LDAP library correctly to native Solaris linker
|
|
* check for gcc correctly
|
|
* use native linker on Solaris and AIX
|
|
|
|
|
|
changes from 186 to 187
|
|
-----------------------
|
|
|
|
* make bogusSd in ldap-nss.c conditional on !HAVE_LDAP_LD_FREE
|
|
* merge in paged result support from Max Caines
|
|
* bugfixes for Debian Bug report #140854
|
|
|
|
|
|
changes from 185 to 186
|
|
-----------------------
|
|
|
|
* incorporated patch for Debian Bug report #140854, where nss_ldap could in
|
|
some cases close a descriptor it did not own. Patch was provided by Luca
|
|
Filipozzi.
|
|
|
|
|
|
changes from 184 to 185
|
|
-----------------------
|
|
|
|
* updated copyrights
|
|
* fix for BUG#82: set close on exec (Debian bug 136953)
|
|
|
|
|
|
changes from 183 to 184
|
|
-----------------------
|
|
|
|
* return NSS_TRYAGAIN if no buffer space in ldap-grp.c
|
|
|
|
|
|
changes from 181 to 183
|
|
-----------------------
|
|
|
|
* return error strings in AIX authentication routine
|
|
* initialize schema in getgroupsbymember()
|
|
* fix for tls_checkpeer; pass NULL session in to set global option
|
|
* BUG#77: configurable config file locations
|
|
|
|
|
|
changes from 181 to 181
|
|
-----------------------
|
|
|
|
* ignore SIGPIPE whilst inside nss_ldap library routines to prevent crashing
|
|
on down LDAP server; possible fix for Debian bug 130006
|
|
* removed --enable-no-so-keepalive; always try to disable SO_KEEPALIVE on
|
|
underlying socket to LDAP server
|
|
* include local copy of irs.h under AIX
|
|
* general cleanup of locking code
|
|
* _nss_ldap_no_members appears to only need defining for when RFC2307bis is
|
|
enabled
|
|
|
|
|
|
changes from 179 to 180
|
|
-----------------------
|
|
|
|
* pull in libpthreads on AIX
|
|
|
|
|
|
changes from 178 to 179
|
|
-----------------------
|
|
|
|
* a couple more patches for AIX
|
|
|
|
|
|
changes from 177 to 178
|
|
-----------------------
|
|
|
|
* patch from Gabor Gombas for AIX support
|
|
* Makefile.am: sasl.o needed by NSS_LDAP
|
|
* aix_authmeth.c: method_passwordexpired is really method_passwdexpired; but
|
|
since the struct was bzero()ed no need to set it to NULL
|
|
* configure.in: support both gcc and xlc_r
|
|
* exports.aix: sv_byport was not exported
|
|
* ldap-grp.c: getgrset() returned group names instead of gid numbers
|
|
|
|
|
|
changes from 176 to 177
|
|
-----------------------
|
|
|
|
* patch for building on AIX from IBM
|
|
* added simple authentication support for AIX
|
|
* cleaned up SASL patch to not break if Cyrus SASL is not installed
|
|
|
|
|
|
changes from 175 to 176
|
|
-----------------------
|
|
|
|
* fixed bug in SASL patch which had required OpenLDAP headers
|
|
|
|
|
|
changes from 174 to 175
|
|
-----------------------
|
|
|
|
* incorporated GSS-API SASL patches
|
|
* rebind to server on LDAP_LOCAL_ERROR
|
|
|
|
|
|
changes from 173 to 174
|
|
-----------------------
|
|
|
|
* added patches from Maxim Batourine for compiling with Sun workshop compiler
|
|
* added notes re: 64-bit compile on Solaris from above source
|
|
|
|
|
|
changes from 172 to 173
|
|
-----------------------
|
|
|
|
* notes on IRS in doc/README.IRS
|
|
* added irs.h for AIX compat
|
|
* patch from Bob Guo for stripping trailing spaces in ldap.conf.
|
|
|
|
|
|
changes from 171 to 172
|
|
-----------------------
|
|
|
|
* fixed schema mapping bug by storing a copy of the mapped schema in the
|
|
Berkeley DB rather than the element itself. Because the DB library returns
|
|
static storage, this was causing problems where the schema mapping calls
|
|
were used to build the attribute table in ldap-schema.c. This bugfix was
|
|
sponsored by n2h2.com; thanks!
|
|
|
|
|
|
changes from 170 to 171
|
|
-----------------------
|
|
|
|
* added ldap.conf stanza for AIX
|
|
* workaround for schema mapping bug.
|
|
|
|
|
|
changes from 169 to 170
|
|
-----------------------
|
|
|
|
* use _nss_ldap_getrdnvalue() for determining canonical group name
|
|
|
|
|
|
changes from 168 to 169
|
|
-----------------------
|
|
|
|
* fixed typo in ldap-service.c; prefix filters now with _nss_ldap
|
|
|
|
|
|
changes from 167 to 168
|
|
-----------------------
|
|
|
|
* initialize old_handler to SIG_DFL
|
|
* incorporate Stephan Cremer's mapping patches, a big thanks to Stephan for
|
|
these!
|
|
* use LDAP_OPT_NETWORK_TIMEOUT if available for network connect timeout
|
|
* removed hard-coded schema mapping for authPassword, NDS and MSSFU
|
|
|
|
|
|
changes from 166 to 167
|
|
-----------------------
|
|
|
|
* support for new OpenLDAP rebind proc prototype
|
|
* in rebind function, respect timeout
|
|
* fix for PADL Release Control
|
|
|
|
|
|
changes from 165 to 166
|
|
-----------------------
|
|
|
|
* corrected small typos
|
|
|
|
|
|
changes from 164 to 165
|
|
-----------------------
|
|
|
|
* posixMember is a distinguished name, don't pretend it is a login name
|
|
* cleaned up code referencing different member syntaxes
|
|
|
|
|
|
changes from 163 to 164
|
|
-----------------------
|
|
|
|
* removed IDS_UID code, never worked properly
|
|
|
|
|
|
changes from 162 to 163
|
|
-----------------------
|
|
|
|
* removed context_free function, usage confusing
|
|
|
|
|
|
changes from 161 to 162
|
|
-----------------------
|
|
|
|
* in reconnect harness, do not treat entry not found errors as requiring a
|
|
reconnect
|
|
|
|
|
|
changes from 160 to 161
|
|
-----------------------
|
|
|
|
* hopefully fixed use of synchronous searches in _nss_ldap_getbyname()
|
|
|
|
|
|
changes from 159 to 160
|
|
-----------------------
|
|
|
|
* patch from RedHat to check for DB3, override install user/group optionally
|
|
* use synchronous searches for _nss_ldap_getbyname()
|
|
* only set SSL options if we have values for those options
|
|
|
|
|
|
changes from 158 to 159
|
|
-----------------------
|
|
|
|
* make do_ssl_options() take a config parameter; avoid segfault with SSL?
|
|
|
|
|
|
changes from 157 to 158
|
|
-----------------------
|
|
|
|
* in the distinguished name to login cache (dn2uid) make sure we use the
|
|
AT(uid) macro for the uid attribute rather than the hard-coded value of
|
|
"uid" This should enable the cache for MSSFU support.
|
|
|
|
|
|
changes from 156 to 157
|
|
-----------------------
|
|
|
|
* for MSSFU, use posixMember for group memberships rather than member
|
|
(reported by Andy Rechenberg)
|
|
* ignore SIGPIPE before calling do_close() for idle_timeout
|
|
|
|
|
|
changes from 155 to 156
|
|
-----------------------
|
|
|
|
* logic was around the wrong way in do_search(), all searches were broken!
|
|
* --disable-ssl option for configure
|
|
* removed "Obsoletes: pam_ldap" from spec file
|
|
|
|
|
|
changes from 154 to 155
|
|
-----------------------
|
|
|
|
* do not use private API when setting OpenLDAP TLS options (do_ssl_options())
|
|
|
|
|
|
changes from 153 to 154
|
|
-----------------------
|
|
|
|
* notes from Scott M. Stone <sstone@foo3.com>
|
|
* idle timeout patch from Steve Barrus
|
|
|
|
|
|
changes from 152 to 153
|
|
-----------------------
|
|
|
|
* SSL fix
|
|
|
|
|
|
changes from 151 to 152
|
|
-----------------------
|
|
|
|
* further patch from Jarkko for TLS/SSL auth: support for LDAPS/cipher suite
|
|
selection/ client key/cert authentication
|
|
|
|
|
|
changes from 150 to 151
|
|
-----------------------
|
|
|
|
* patch from Andrew Rechenberg for Active Directory schema support
|
|
* patch from Jarkko Turkulainen <jt@wapit.com> for peer certificate support
|
|
with OpenLDAP
|
|
|
|
|
|
changes from 149 to 150
|
|
-----------------------
|
|
|
|
* patch from Anselm Kruis for URI support
|
|
|
|
|
|
changes from 148 to 149
|
|
-----------------------
|
|
|
|
* fixed compile on Solaris, broken in 145 by malformed Linux patch
|
|
|
|
|
|
changes from 147 to 148
|
|
-----------------------
|
|
|
|
* check for HAVE_LDAP_SET_OPTION always
|
|
|
|
|
|
changes from 146 to 147
|
|
-----------------------
|
|
|
|
* check for ldap_set_option(), as LDAP_OPT_REFERRALS is defined for OpenLDAP
|
|
1.x but without the ldap_set_option() function
|
|
|
|
|
|
changes from 145 to 146
|
|
-----------------------
|
|
|
|
* mass re-indentation, GNU style
|
|
* patch from Simon Wilkinson <sxw@sxw.org.uk> for compatibility with old
|
|
initgroups entry point
|
|
* request authPassword attribute if --enable-authpassword
|
|
* authPassword support in ldap-spwd.c (shadow)
|
|
|
|
|
|
changes from 144 to 145
|
|
-----------------------
|
|
|
|
* preliminary support for authPassword attribute
|
|
* updated COPYING
|
|
* patch from Szymon Juraszczyk to suppot _nss_ldap_initgroups_dyn prototype
|
|
|
|
|
|
changes from 143 to 144
|
|
-----------------------
|
|
|
|
* when specifying filters with nss_base_XXX, only escape the filter argument
|
|
not the entire filter
|
|
|
|
|
|
changes from 142 to 143
|
|
-----------------------
|
|
|
|
* patch from nalin@redhat.com to avoid corrupting the heap when the
|
|
configuration file exists but has no host and base values.
|
|
_nss_ldap_readconfigfromdns() will write to the region which was already
|
|
freed.
|
|
|
|
|
|
changes from 141 to 142
|
|
-----------------------
|
|
|
|
* patch from Simon Wilkinson <sxw@sxw.org.uk> for memory leak in
|
|
ldap-service.c
|
|
|
|
|
|
changes from 140 to 141
|
|
-----------------------
|
|
|
|
* fix for BUG#54 (AIX detection broken)
|
|
* use -rpath on all platforms except Solaris,
|
|
not just Linux
|
|
|
|
|
|
changes from 139 to 140
|
|
-----------------------
|
|
|
|
* fix configure bug for DISABLE_SO_KEEPALIVE
|
|
* fix alignment bug in util.c; this was causing Solaris to crash whenever
|
|
per-map search descriptors were specified in ldap.conf
|
|
|
|
|
|
changes from 138 to 139
|
|
-----------------------
|
|
|
|
* updated INSTALL file with boilerplate
|
|
* fixed pointer error in ldap-nss.c
|
|
|
|
|
|
changes from 137.1 to 138
|
|
-------------------------
|
|
|
|
* close config file FILE * if out of buffer space for parsing search
|
|
descriptor
|
|
* fixed bug where non-recognized directives in ldap.conf would cause the
|
|
configuration file to not be parsed at all, if they were the last entries in
|
|
the config file.
|
|
|
|
|
|
changes from 137 to 137.1
|
|
-------------------------
|
|
|
|
* patch from nalin@redhat.com; return { NULL } not NULL for no group members
|
|
* cleaned up usage of libc-lock.h weak aliases to pthreads API; use in ltf.c
|
|
also
|
|
* use __libc_atfork() or pthread_atfork() to close off connection on fork,
|
|
rather than checking PIDs; this is expensive and breaks on Linux where each
|
|
thread may have a different PID.
|
|
|
|
|
|
changes from 136 to 137
|
|
-----------------------
|
|
|
|
* build nss_ldap as a loadable module on AIX
|
|
* doco on AIX
|
|
|
|
|
|
changes from 135 to 136
|
|
-----------------------
|
|
|
|
* define -DPIC for FreeBSD
|
|
* link with -shared not --shared
|
|
* fixes for AIX
|
|
|
|
|
|
changes from 134 to 135
|
|
-----------------------
|
|
|
|
* merged ldap.conf
|
|
* fixed bug in concatenating relative search bases in ldap-nss.c (profile
|
|
support)
|
|
|
|
|
|
changes from 133 to 134
|
|
-----------------------
|
|
|
|
* fixed Makefile.am
|
|
* reordered DB search order in util.c
|
|
|
|
|
|
changes from 132 to 133
|
|
-----------------------
|
|
|
|
* make /usr/lib directory in Makefile.am
|
|
* new spec file from Joe Little
|
|
|
|
|
|
changes from 131 to 132
|
|
-----------------------
|
|
|
|
* fixed rebind preprocessor logic
|
|
|
|
|
|
changes from 130 to 131
|
|
-----------------------
|
|
|
|
* created files for automake happiness
|
|
|
|
|
|
changes from 129 to 130
|
|
-----------------------
|
|
|
|
* fixed typo preventing build with Netscape client library
|
|
|
|
|
|
changes from 128 to 129
|
|
-----------------------
|
|
|
|
* updated version number
|
|
* fixed build bug on Solaris
|
|
|
|
|
|
changes from 127 to 128
|
|
-----------------------
|
|
|
|
* fixed logic bug in util.c introduced in nss_ldap-127
|
|
|
|
|
|
changes from 126 to 127
|
|
-----------------------
|
|
|
|
* updating copyright notices
|
|
* autoconf support; IRIX and OSF/1 support has been dropped (dl-*.[ch]) as no
|
|
one really used this, the implementation was a hack, and these operating
|
|
systems have their own LDAP implementations now
|
|
* added support for "referrals" and "restart" options to ldap.conf
|
|
* use OpenLDAP 2.x rebind proc with correct arguments
|
|
* added "timelimit" and "bind_timelimit" directives to ldap.conf
|
|
* fixed bug with dereferencing aliases
|
|
* preliminary support for profiles; recognise profile semantics in
|
|
ldap-nss.c/util.c
|
|
* parity with pam_ldap; "ssl" directive in ldap.conf can now specify "yes" or
|
|
"start_tls" for Start TLS
|
|
* hopefully fixed Berkeley DB include mess in util.c
|
|
* fixed potential buffer overflow in util.c
|
|
* default to LDAP protocol version 3
|
|
* fixed leaks in util.c, dnsconfig.c
|
|
* accept on/yes/true for boolean configuration values
|
|
* tested building on FreeBSD, Solaris 8, Linux
|
|
* tested functionality on RedHat 6.2
|
|
|
|
|
|
changes from 124 to 126
|
|
-----------------------
|
|
|
|
* fixed up Linux Makefiles to build libnss_ldap
|
|
|
|
|
|
changes from 123 to 124
|
|
-----------------------
|
|
|
|
* patch from nalin@redhat.com for StartTLS
|
|
* fixed up indenting
|
|
|
|
|
|
changes from 122.BZ52.2 to 123
|
|
------------------------------
|
|
|
|
* rolled in BUG#52 branch with fixes for AIX
|
|
|
|
|
|
changes from 122.BZ52.1 to 122.BZ52.2
|
|
-------------------------------------
|
|
|
|
* included ldap-schema.c; omitted from previous checkpoint
|
|
|
|
|
|
changes from 122 to 122.BZ52.1
|
|
------------------------------
|
|
|
|
* preliminary fix for BUG#52 (support for different naming contexts for each
|
|
map)
|
|
* fixed bug in enumerating services map
|
|
|
|
|
|
changes from 121 to 122
|
|
-----------------------
|
|
|
|
* fixed BUG#50 (check return value of ldap_simple_bind())
|
|
|
|
|
|
changes from 120 to 121
|
|
-----------------------
|
|
|
|
* fixed BUG#49 (fix acknowledged race condition)
|
|
|
|
|
|
changes from 119 to 120
|
|
-----------------------
|
|
|
|
* added Makefile.aix and exports.aix (forgot)
|
|
|
|
|
|
changes from 118 to 119
|
|
-----------------------
|
|
|
|
* patch from Gabor Gombas <gombasg@inf.elte.hu> to support AIX implementation
|
|
of BIND IRS
|
|
|
|
|
|
changes from 117 to 118
|
|
-----------------------
|
|
|
|
* Makefile.RPM.openldap2 from Joe Little
|
|
|
|
|
|
changes from 116 to 117
|
|
-----------------------
|
|
|
|
* permanently ignore SIGPIPE when using SSL. This bug should be fixed
|
|
properly.
|
|
|
|
|
|
changes from 115 to 116
|
|
-----------------------
|
|
|
|
* added irs-nss.diff and README.IRS from Emile Heitor
|
|
|
|
|
|
changes from 113 to 115
|
|
-----------------------
|
|
|
|
* fixed filter escaping
|
|
* call ldapssl_client_init() once only
|
|
* include db_185.h not db.h for dn2uid cache
|
|
* fixes for FreeBSD (IRS) support from Emile Heitor
|
|
|
|
|
|
changes from 110 to 113
|
|
-----------------------
|
|
|
|
* patch from Ben Collins to escape '*' in filters
|
|
|
|
|
|
changes from 109 to 110
|
|
-----------------------
|
|
|
|
* patch from Phlilip Liu for async binds
|
|
|
|
|
|
changes from 108 to 109
|
|
-----------------------
|
|
|
|
* omit socket check for -DSSL; it doesn't work
|
|
* updated CONTRIBUTORS
|
|
* updated README re HAVE_LDAP_LD_FREE
|
|
|
|
|
|
changes from 107 to 108
|
|
-----------------------
|
|
|
|
* included "deref" option in /etc/ldap.conf, compatible with OpenLDAP syntax.
|
|
Patch from Michael Mattice.
|
|
|
|
|
|
changes from 106.2 to 107
|
|
-------------------------
|
|
|
|
* fixed argument to _nss_ldap_getent() in ldap-ethers.c
|
|
|
|
|
|
changes from 106.1 to 106.2
|
|
---------------------------
|
|
|
|
* if root, use rootbinddn/rootbindpw in rebind proc
|
|
* include objectClass in pwd required attributes
|
|
|
|
|
|
changes from 105 to 106.1
|
|
-------------------------
|
|
|
|
* if user is a shadowAccount, then don't return password in getpwent(),
|
|
getpwuid() or getpwnam()
|
|
* incorporated patch (from Doug Nazar):
|
|
* allow getgrent() to be called without setgrent(); note arguments to
|
|
_nss_ldap_getent() have changed.
|
|
* return NSS_NOTFOUND instead of NSS_UNAVAIL at the end of a search
|
|
* initialize len for getpeername()
|
|
|
|
|
|
changes from 104 to 105
|
|
-----------------------
|
|
|
|
* incorporated patch for deadlock under Solaris (from Dave Begley)
|
|
|
|
|
|
changes from 103 to 104
|
|
-----------------------
|
|
|
|
* new spec file
|
|
|
|
|
|
changes from 102 to 103
|
|
-----------------------
|
|
|
|
* don't call ldap_parse_result() with V2 API
|
|
|
|
|
|
changes from 101 to 102
|
|
-----------------------
|
|
|
|
* added defines for LDAP_MSG_ONE et al if not in ldap.h
|
|
* removed LDAP_MORE_RESULTS_TO_RETURN test
|
|
|
|
|
|
changes from 100 to 101
|
|
-----------------------
|
|
|
|
* fixed spec file
|
|
|
|
|
|
changes from 99 to 100
|
|
----------------------
|
|
|
|
* support for asynchronous search API!
|
|
* added some contributors
|
|
* notes about ldap_ld_free()
|
|
* merged in ChangeLog
|
|
|
|
|
|
changes from 98 to 99
|
|
---------------------
|
|
|
|
* added some netgroup implementation tips
|
|
* do_close_no_unbind() cleanup
|
|
|
|
|
|
changes from 97 to 98
|
|
---------------------
|
|
|
|
* /etc/nss_ldap.secret -> /etc/ldap.secret (sorry, Doug!)
|
|
* deleted crypt-mechanism code. Junk.
|
|
* fixed call to _nss_ldap_read() after changing prototypes in nss_ldap-88
|
|
|
|
|
|
changes from 96 to 97
|
|
---------------------
|
|
|
|
* #ifndef HAVE_LDAP_LD_FREE, still call ldap_unbind(), but having closed the
|
|
descriptor.
|
|
|
|
|
|
changes from 95 to 96
|
|
---------------------
|
|
|
|
* re-orged
|
|
|
|
|
|
changes from 94 to 95
|
|
---------------------
|
|
|
|
* disable SO_KEEPALIVE on socket rather than blocking SIGPIPE. Need to figure
|
|
out the right way to do this.
|
|
|
|
|
|
changes from 93 to 94
|
|
---------------------
|
|
|
|
* committed some changes for the parent/child close problem. It relies on
|
|
internal libldap APIs so it may be non-portable but should work with
|
|
OpenLDAP and Netscape client libraries, and perhaps most UMich- derived
|
|
client libraries. There's a possible workaround for client libraries without
|
|
this; undefine HAVE_LDAP_LD_FREE to test this.
|
|
|
|
|
|
changes from 92 to 93
|
|
---------------------
|
|
|
|
* important fix: make sure return status is reset after do_open() ==
|
|
NSS_SUCCESS, just in case no entries are returned. This bug was introduced
|
|
in nss_ldap-88 and could potentially cause a security hole.
|
|
|
|
|
|
changes from 91 to 92
|
|
---------------------
|
|
|
|
* signal handling fix: don't restore handler unnecessarily.
|
|
* don't open nss_ldap.secret unless a root pw is specified in ldap.conf
|
|
|
|
|
|
changes from 90 to 91
|
|
---------------------
|
|
|
|
* reorganized SIGPIPE blocking code
|
|
* added SSL support
|
|
|
|
|
|
changes from 89 to 90
|
|
---------------------
|
|
|
|
* only reconnect if we've changed to/from root
|
|
|
|
|
|
changes from 88 to 89
|
|
---------------------
|
|
|
|
* cleaned up a few things
|
|
|
|
|
|
changes from 87 to 88
|
|
---------------------
|
|
|
|
* added breaks to switch in _nss_ldap_lookup (thanks to Nathan.Hawkins@FMR.COM
|
|
for pointing this out)
|
|
* save signal handler and ignore SIGPIPE for appropriate sections of do_open()
|
|
and confirm connection is still active (patch from rpatel@globix.com)
|
|
* allow root users to bind as a different user, to provide quasi-shadow
|
|
password support (patch from nazard@dragoninc.on.ca)
|
|
* under Linux, make Makefile look at last libc version (patch from
|
|
nazard@dragoninc.on.ca)
|
|
* never clobber nsswitch.ldap/ldap.conf when making install (patch from
|
|
nazard@dragoninc.on.ca)
|
|
* change do_open() to not unbind the parent ldap connection when the pid
|
|
changes but simply open a new connection (patch from nazard@dragoninc.on.ca)
|
|
* changed _nss_ldap_lookup() and _nss_ldap_read() prototypes to return
|
|
NSS_STATUS error codes, so that NSS_UNAVAIL percolates as appropriate.
|
|
|
|
|
|
changes from 86 to 87
|
|
---------------------
|
|
|
|
* fixed looking up DN-membered groups by member. Thanks to Jeff Mandel for
|
|
spotting this hard to find bug.
|
|
|
|
|
|
changes from 85 to 86
|
|
---------------------
|
|
|
|
* member for NDS vs uniqueMember (needs further investigation; -DNDS)
|
|
|
|
|
|
changes from 84 to 85
|
|
---------------------
|
|
|
|
* check non-NULLity of userdn before freeing
|
|
* use AT(uid) for groupsbymember filter
|
|
|
|
|
|
changes from 81 to 84
|
|
---------------------
|
|
|
|
* implemented _nss_ldap_initgroups()
|
|
|
|
|
|
changes from 80 to 81
|
|
---------------------
|
|
|
|
* removed extraneous do_sleep() code
|
|
* updated spec file
|
|
|
|
|
|
changes from 2.79 to 80
|
|
-----------------------
|
|
|
|
* (really 2.80) changed version number a la Solaris 7!
|
|
* cleaned up schema stuff into ldap-schema.h
|
|
|
|
|
|
changes from 2.78 to 2.79
|
|
-------------------------
|
|
|
|
* implemented exponential backoff reconnect logic
|
|
|
|
|
|
changes from 2.76 to 2.78
|
|
-------------------------
|
|
|
|
* removed ldap.conf.ragenet from lineup
|
|
* removed spurious do_close()
|
|
|
|
|
|
changes from 2.75 to 2.76
|
|
-------------------------
|
|
|
|
* added -lresolv to Solaris makefiles
|
|
|
|
|
|
changes from 2.72 to 2.75
|
|
-------------------------
|
|
|
|
* incorporated RPM patches from stein@terminator.net
|
|
|
|
|
|
changes from 2.71 to 2.72
|
|
-------------------------
|
|
|
|
* implemented getgroupsbymember() for Solaris. Supplementary groups should be
|
|
initialized now. (NB: doesn't appear to be quite working for RFC2307bis
|
|
yet.)
|
|
* GNU indent-ified
|
|
|
|
|
|
changes from 2.70 to 2.71
|
|
-------------------------
|
|
|
|
* removed -DDEBUG as default build flag
|
|
|
|
|
|
changes from 2.69 to 2.70
|
|
-------------------------
|
|
|
|
* put /usr/ucblib back into linker search path for Solaris.
|
|
|
|
|
|
changes from 2.68 to 2.69
|
|
-------------------------
|
|
|
|
* added timeout, unavailable, and server busy conditions to rebind logic
|
|
* indent -gnu all source files
|
|
|
|
|
|
changes from 2.65 to 2.68
|
|
-------------------------
|
|
|
|
* mods for glibc 2.1 (__set_errno is obselete it seems)
|
|
|
|
|
|
changes from 2.64 to 2.65
|
|
-------------------------
|
|
|
|
* mods to compile with OpenLDAP 2
|
|
|
|
|
|
changes from 2.63 to 2.64
|
|
-------------------------
|
|
|
|
* changed alias schema to Sun SDS nisMailAlias schema
|
|
* updated TODO list to reflect Bugzilla entries
|
|
* restored capitalization of attributes for "niceness"
|
|
|
|
|
|
changes from 2.62 to 2.63
|
|
-------------------------
|
|
|
|
* added patch from gero@faveve.uni-stuttgart.de for parsing of ldap.conf with
|
|
tabs
|
|
* some fixes for BSDI BSD/OS IRS
|
|
|
|
|
|
changes from 2.61 to 2.62
|
|
-------------------------
|
|
|
|
* added experimental support for DN-membered groups; to enable, define
|
|
RFC2307BIS
|
|
* fixed align bug (where buflen wasn't being decremented after pointer
|
|
alignment)
|
|
|
|
|
|
changes from 2.60 to 2.61
|
|
-------------------------
|
|
|
|
* added warning about compiling with DS 4.1 LDAP SDK
|
|
|
|
|
|
changes from 2.59 to 2.60
|
|
-------------------------
|
|
|
|
* fixed missing close brace
|
|
|
|
|
|
changes from 2.56 to 2.59
|
|
-------------------------
|
|
|
|
* pw_comment field defaults to pw_gecos (Solaris only)
|
|
|
|
|
|
changes from 2.55 to 2.56
|
|
-------------------------
|
|
|
|
* fixed Makefile.linux.mozilla NSSLIBVER
|
|
|
|
|
|
changes from 2.54.6 to 2.55
|
|
---------------------------
|
|
|
|
* merged in glibc-2.1 branch
|
|
|
|
|
|
changes from 2.54.5 to 2.54.6
|
|
-----------------------------
|
|
|
|
* misc fixes.
|
|
|
|
|
|
changes from 2.54.4 to 2.54.5
|
|
-----------------------------
|
|
|
|
* misc fixes.
|
|
|
|
|
|
changes from 2.54.3 to 2.54.4
|
|
-----------------------------
|
|
|
|
* glibc-2.1 patches from bcollins@debian.org
|
|
|
|
|
|
changes from 2.51 to 2.54.3
|
|
---------------------------
|
|
|
|
* glibc-2.1 support. (Recall #93)
|
|
* set erange correctly on Solaris (related to above)
|
|
* added rebind function
|
|
|
|
|
|
changes from 2.49 to 2.51
|
|
-------------------------
|
|
|
|
* added stuff for RC
|
|
|
|
|
|
changes from 2.47 to 2.49
|
|
-------------------------
|
|
|
|
* configuration file is now case insensitive
|
|
|
|
|
|
changes from 2.45 to 2.47
|
|
-------------------------
|
|
|
|
* RFC2052BIS (_ldap._tcp) support
|
|
|
|
|
|
changes from 2.44 to 2.45
|
|
-------------------------
|
|
|
|
* added #include <stdlib.h> to globals.c
|
|
|
|
|
|
changes from 2.42 to 2.44
|
|
-------------------------
|
|
|
|
* NULL search base allowed (omit basedn from config file)
|
|
|
|
|
|
changes from 2.39 to 2.42
|
|
-------------------------
|
|
|
|
* fixed potential crasher in dnsconfig.c
|
|
* LDAP session is now persistent for performance reasons. Removed references
|
|
to the session anywhere outside ldap-nss.c. The process ID is cached and the
|
|
session reopened after a fork().
|
|
|
|
|
|
changes from 2.38 to 2.39
|
|
-------------------------
|
|
|
|
* fixed warning in ldap-ethers.c (removed const from struct ether)
|
|
* added ldap_version keyword to ldap.conf for parity with pam_ldap
|
|
|
|
|
|
changes from 2.37 to 2.38
|
|
-------------------------
|
|
|
|
* debugged ldap_explode_rdn() code
|
|
* added support for Mozilla LDAP client library; see Makefile.linux.mozilla
|
|
and ltf.c for more information. Thanks to Netscape for making their library
|
|
available.
|
|
|
|
|
|
changes from 2.36 to 2.37
|
|
-------------------------
|
|
|
|
* moved to CVS repository and Linux as development environment
|
|
* incorporated ldap-service.c fix from Greg
|
|
|
|
|
|
changes from 2.35 to 2.36
|
|
-------------------------
|
|
|
|
* util.c: will use ldap_explode_rdn() if it exists
|
|
|
|
|
|
changes from 2.34 to 2.35
|
|
-------------------------
|
|
|
|
* made util.c compile again. Silly me.
|
|
|
|
|
|
changes from 2.33 to 2.34
|
|
-------------------------
|
|
|
|
* fixed #endif in testpw.c
|
|
* fixed another DN freeing leak in util.c
|
|
* added RFC 2307 to distribution (fixed the two typos in it:
|
|
* fixed bug in ...getrdnvalue() (thanks, Greg)
|
|
* diff rfc2307.txt ~/rfc2307.txt
|
|
480c480
|
|
< MUST ( cn $ ipProtocolNumber )
|
|
---
|
|
> MUST ( cn $ ipProtocolNumber $ description )
|
|
1038c1038
|
|
< lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/csh
|
|
---
|
|
> lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/sh
|
|
|
|
|
|
changes from 2.32 to 2.33
|
|
-------------------------
|
|
|
|
* rolled in more patches from greg@rage.net:
|
|
* removed _r from setXXXent and endXXXent functions for GNU_NSS
|
|
* cleaned up testpw.c to use pthreads and protos
|
|
* fixed prototype for gethostbyaddr_r on GNU_NSS
|
|
* braced conditional in getservbyname_r
|
|
* merged in Makefile.linux and README.LINUX diffs
|
|
* added htons(port) in getservbyport_r
|
|
* added nsswitch.test
|
|
* added ldaptest.pl
|
|
* added ldap.conf.ragenet
|
|
|
|
|
|
changes from 2.31 to 2.32
|
|
-------------------------
|
|
|
|
* moved Makefile to Makefile.solaris
|
|
* cleaned up mutex code for Linux, hopefully
|
|
|
|
|
|
changes from 2.30 to 2.31
|
|
-------------------------
|
|
|
|
* fixed leak in util.c (need to free dn)
|
|
* rolled in patches from greg@rage.net:
|
|
* fixed ldap-ethers.c to use struct ether
|
|
* fixed bracing in ldap-hosts.c (?)
|
|
* added SSLEAY patch to ldap-nss.h
|
|
* fixed locking in ldap-nss.h
|
|
* Makefile changes incorporated into Makefile.linux
|
|
|
|
|
|
changes from 2.29e to 2.30
|
|
--------------------------
|
|
|
|
* synced into DevMan repository again
|
|
* RFC 2307 is the one!
|
|
|
|
|
|
changes from 2.29d to 2.29e
|
|
---------------------------
|
|
|
|
* util.c: fixed memory leak (call to ldap_value_free())
|
|
|
|
|
|
changes from 2.29c to 2.29d
|
|
---------------------------
|
|
|
|
* ldap-ethers.c: fixed to use HOSTNAME attribute
|
|
|
|
|
|
changes from 2.29b to 2.29c
|
|
---------------------------
|
|
|
|
* ieee8022Device -> ieee802Device
|
|
|
|
|
|
changes from 2.29a to 2.29b
|
|
---------------------------
|
|
|
|
* added ieee8022Device and bootableDevice classes,
|
|
at Sun's request.
|
|
|
|
|
|
changes from 2.29 to 2.29a
|
|
--------------------------
|
|
|
|
* dc -> cn
|
|
|
|
|
|
changes from 2.28 to 2.29
|
|
-------------------------
|
|
|
|
* changed host/network/ethers naming schema see the -02 draft revision for
|
|
more info
|
|
|
|
|
|
changes from 2.27 to 2.28
|
|
-------------------------
|
|
|
|
* ldap-pwd.c, ldap-spwd.c: fixed tmpbuf stuff. Yuck.
|
|
|
|
|
|
changes from 2.26 to 2.27
|
|
-------------------------
|
|
|
|
* ANNOUNCE: reflected draft-howard-nis-schema-01.txt
|
|
* ldap-spwd.c: default for shadow integer values is -1, not 0 and fixed
|
|
crasher (thanks to dj@gregor.com)
|
|
|
|
|
|
changes from 2.25 to 2.26
|
|
-------------------------
|
|
|
|
* globals.c: added offset stuff back for mapping errnumbers. Weird: this stuff
|
|
*was* in an earlier version of the work area. I have no idea where it went.
|
|
Scary.
|
|
|
|
|
|
changes from 2.24 to 2.25
|
|
-------------------------
|
|
|
|
* irs-nss.h: added prototype for irs_ldap_acc()
|
|
* ldap-*.[ch]: removed redundent PARSER macro
|
|
* unbroke for GNU NSS (context_key_t changed to context_handle_t)
|
|
|
|
|
|
changes from 2.23 to 2.24
|
|
-------------------------
|
|
|
|
* irs-nss.c: added dispatch table for IRS library
|
|
* testpw5.c: added additional test program
|
|
* ldap-nss.c: removed spurious debug statement
|
|
* ldap-nss.c, util.c, dnsconfig.c: cleaned up memory allocation for config.
|
|
(This could be improved, but there is no longer a static ldap_config_t
|
|
structure.)
|
|
* Makefile: general cleanup
|
|
|
|
|
|
changes from 2.22 to 2.23
|
|
-------------------------
|
|
|
|
* default destructor is now simply wrapped around by individual backend
|
|
destructors
|
|
* __EXTENSIONS__ defined for Solaris 2.6 to import strncasecmp()
|
|
* getbyname: fixed crasher in ldap-nss.c due to uninitialized variable
|
|
* ldap-parse.h, assorted others: tidied up resolver calls to use NSS_ARGS()
|
|
macro and not to interfere with the previous backend's status (bad thing!)
|
|
* ldap-service.c: cleaned up potential uninitialized var in parser
|
|
* ldap-nss.c: no valued arrays are now { NULL } instead of NULL.
|
|
|
|
|
|
changes from 2.21 to 2.22
|
|
-------------------------
|
|
|
|
* testpw.c: XXX problem. dies with segfault, but gdb doesn't give me enough
|
|
information; it's definitely within nss_ldap.so though. I just can't see the
|
|
symbols. (Maybe dbx would be better...) However, testpw doesn't work at
|
|
*all* under 2.5.1, and technically it shouldn't as it's not linked against
|
|
liblthread. I haven't been able to duplicate this with testpw2, which is the
|
|
same code linked with the thread library.
|
|
* backported to NeXT
|
|
|
|
|
|
changes from 2.20 to 2.21
|
|
-------------------------
|
|
|
|
* resolve.h: renamed functions so as to keep namespace clean
|
|
* snprintf.h: tidied up for systems which already have snprintf() and renamed
|
|
anyway to keep namespace clean (_nss_ldap_snprintf)
|
|
* ldap-*.h: made character constants const to avoid nasty warnings
|
|
* globals.[ch]: as above
|
|
* README, TODO, ANNOUNCE: general documentation updates
|
|
* ldap-nss.c, et al: general work on Solaris 2.6 port, to get nscd working.
|
|
Lots of fiddling with the locking.
|
|
* Major architectural changes to Solaris NSS implementation. Thread specific
|
|
data is now stored in the backend, where it should be: just like it is in
|
|
IRS. Locking is a little more coarse now, but it will do for the moment.
|
|
* Paul Henson's DCE module gave me the inspiration to do the backend stuff the
|
|
"right" way -- thanks, Paul!
|
|
* As a result, a lot of the bugs listed in TODO have mysteriously fixed
|
|
themselves. :-)
|
|
|
|
|
|
changes from 2.19 to 2.20
|
|
-------------------------
|
|
|
|
* Makefile.*: ensured resolve.[ch] and dnsconfig.[ch] were there.
|
|
* Makefile: should link now with gcc -shared instead of requiring cc.
|
|
|
|
|
|
changes from 2.18 to 2.19
|
|
-------------------------
|
|
|
|
* testpw4.c: added irs hostbyname() test
|
|
* Makefile: added correct flags to build position indepdenent code with Sun's
|
|
compiler (thanks, Bill). Added SRV sources.
|
|
* testpw.c: works under NeXT, cleaned up a bit.
|
|
* ldap.conf: documented what this file does
|
|
* util.c: ignore blank lines in ldap.conf properly
|
|
* resolve.h: fixed up for Solaris
|
|
|
|
|
|
changes from 2.17 to 2.18
|
|
-------------------------
|
|
|
|
* ldap-network.c: fixed infinite loop in getnetbyname()
|
|
* util.c: goto out causes a compiler warning under Solaris. Documented this.
|
|
Should fix this, I suppose, but we need to break out of two blocks. (We
|
|
could remove the code that handles multivalued DNs, as it's fairly unlikely
|
|
that someone will use a DN of o=Xedoc+dc=xedoc,c=US+dc=com, but who knows?)
|
|
* ldap-ethers.c: line 215, result was not assigned to an lvalue (should have
|
|
been args->status, not args). Fixed.
|
|
|
|
|
|
changes from 2.16 to 2.17
|
|
-------------------------
|
|
|
|
* Cleaned up documentation and testpw4.c
|
|
* dnsconfig.c: Fixed strtok() bug which was clobbering domain
|
|
|
|
|
|
changes from 2.15 to 2.16
|
|
-------------------------
|
|
|
|
* util.c (_nss_ldap_readconfig) fixed strtok() typo
|
|
|
|
|
|
changes from 2.2 to 2.15
|
|
------------------------
|
|
|
|
* dnsconfig.c: got DNS SRV support working under NEXTSTEP
|
|
* util.c: (_nss_ldap_getdomainname) made host and network DN parsing compliant
|
|
with current draft
|
|
|
|
|
|
changes from 2.1 to 2.2
|
|
-----------------------
|
|
|
|
* I'll get around to merging in the RCS log here one day. Nothing very
|
|
exciting happened, I just backported the code to NEXTSTEP and compiled it.
|