← Back to branch summary

~ubuntu-branches/ubuntu/natty/nss-pam-ldapd/natty

~ubuntu-branches/ubuntu/natty/nss-pam-ldapd/natty

« back to all changes in this revision

Viewing changes to nslcd/cfg.h

Committer: Bazaar Package Importer
Author(s): Arthur de Jong
Date: 2010-05-08 12:00:00 UTC
Revision ID: james.westby@ubuntu.com-20100508120000-7hue9o7rqox4ih4q

Tags: 0.7.4

http://bugs.debian.org/577593

http://bugs.debian.org/579574

http://bugs.debian.org/483795

* fix a buffer overflow that should have no security consequences
* perform proper fail-over when authenticating in the PAM module
  (closes: #577593)
* add an nss_initgroups_ignoreusers option to ignore user name to group
  lookups for the specified users
* add an pam_authz_search option to perform a flexible authorisation check
  on login (e.g. to restrict which users can login to which hosts, etc)
* implement a minimum_uid option for the PAM module to ignore users that
  have a lower numeric user id and make 1000 the default value for Debian
  (closes: #579574)
* change the way retries are done to error out quicker if the LDAP server
  is down for some time (this should make the system more responsive when
  the LDAP server is unavailable) and rename the reconnect_maxsleeptime
  option to reconnect_retrytime to better describe the behaviour
* only log "connected to LDAP server" if the previous connection failed
  (closes: #483795)
* documentation improvements
* debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS
  and PAM configuration there

files modified:
ChangeLog

NEWS

TODO

compat/pam_compat.h

config.guess

config.h.in

config.sub

configure

configure.ac

debian/changelog

debian/libpam-ldapd.pam-auth-update

debian/nslcd.config

debian/nslcd.postinst

man/Makefile.am

man/Makefile.in

man/nslcd.8

man/nslcd.8.xml

man/nslcd.conf.5

man/nslcd.conf.5.xml

man/pam_ldap.8

man/pam_ldap.8.xml

nslcd/alias.c

nslcd/cfg.c

nslcd/cfg.h

nslcd/common.h

nslcd/ether.c

nslcd/group.c

nslcd/host.c

nslcd/myldap.c

nslcd/myldap.h

nslcd/netgroup.c

nslcd/network.c

nslcd/pam.c

nslcd/passwd.c

nslcd/protocol.c

nslcd/rpc.c

nslcd/service.c

nslcd/shadow.c

pam/pam.c

tests/README

tests/nslcd-test.conf

tests/test_myldap.c

tests/test_nsscmds.sh

Show diffs side-by-side

added added

removed removed

32

32

#include <ldap.h>

33

33

34

34

#include "compat/attrs.h"

35

#include "common/set.h"

35

36

36

37

/* values for uid and gid */

37

38

#define NOUID ((gid_t)-1)

70

71

struct myldap_uri

71

72

{

72

73

char *uri;

73

/* time of last successful operation */

74

time_t lastok;

74

/* time of first failed operation */

75

time_t firstfail;

75

76

/* time of last failed operation */

76

77

time_t lastfail;

77

78

};

123

124

/* seconds to sleep; doubled until max */

124

125

int ldc_reconnect_sleeptime;

125

126

/* maximum seconds to sleep */

126

int ldc_reconnect_maxsleeptime;

127

int ldc_reconnect_retrytime;

127

128

#ifdef LDAP_OPT_X_TLS

128

129

/* SSL enabled */

129

130

enum ldap_ssl_options ldc_ssl_on;

132

133

int ldc_restart;

133

134

/* set to a greater than 0 to enable handling of paged results with the specified size */

134

135

int ldc_pagesize;

136

/* the users for which no initgroups() searches should be done

137

Note: because we use a set here comparisons will be case-insensitive */

138

SET *ldc_nss_initgroups_ignoreusers;

139

/* the search that should be performed to do autorisation checks */

140

char *ldc_pam_authz_search;

135

141

};

136

142

137

143

/* this is a pointer to the global configuration, it should be available

Older »