3
* [r1358] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
4
man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
5
files ready for 0.8.0 release
6
* [r1357] README, debian/copyright: update copyright information
7
* [r1356] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
8
debian/po/de.po, debian/po/es.po, debian/po/fi.po,
9
debian/po/fr.po, debian/po/gl.po, debian/po/it.po,
10
debian/po/ja.po, debian/po/nb.po, debian/po/nl.po,
11
debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po,
12
debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po,
13
debian/po/zh_CN.po: run debconf-updatepo (new and updated
15
* [r1355] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
16
debian/po/de.po, debian/po/es.po, debian/po/fi.po,
17
debian/po/fr.po, debian/po/gl.po, debian/po/it.po,
18
debian/po/ja.po, debian/po/nb.po, debian/po/nl.po,
19
debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po,
20
debian/po/sv.po, debian/po/vi.po, debian/po/zh_CN.po: put headers
21
of .po files in a consistent format
22
* [r1354] ., AUTHORS, HACKING, README, configure.ac,
23
debian/copyright, nss/Makefile.am, nss/common.h, nss/ethers.c,
24
nss/exports.solaris, nss/group.c, nss/hosts.c, nss/netgroup.c,
25
nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h,
26
nss/rpc.c, nss/services.c, nss/shadow.c, nss/solnss.c: integrate
27
Solaris support developed by Ted C. Cheng of Symas Corporation
28
that was developed on the -solaris branch
32
* [r1348] Makefile.am, pam/Makefile.am: fix distcheck by passing
33
--with-pam-seclib-dir to configure and remove unneeded slashes
34
* [r1347] Makefile.am, configure.ac, py-compile, pynslcd,
35
pynslcd/Makefile.am, pynslcd/alias.py, pynslcd/cfg.py,
36
pynslcd/common.py, pynslcd/config.py.in, pynslcd/debugio.py,
37
pynslcd/ether.py, pynslcd/group.py, pynslcd/mypidfile.py,
38
pynslcd/pam.py, pynslcd/passwd.py, pynslcd/pynslcd.py,
39
pynslcd/shadow.py, pynslcd/tio.py: add an experimental (currently
40
partial) Python implementation of nslcd to see if we can get the
41
same features with easier to maintain code
45
* [r1346] man/nslcd.conf.5.xml, nslcd/attmap.c, nslcd/common.c,
46
nslcd/common.h, nslcd/group.c, nslcd/passwd.c, nslcd/shadow.c:
47
allow attribute mapping with an expression for the userPassword
48
attribute for passwd, group and shadow entries and by default map
49
it to the unmatchable password ("*") to avoid accidentally
50
leaking password information
54
* [r1345] nslcd/common.h, nslcd/myldap.c, nslcd/myldap.h,
55
nslcd/pam.c, nslcd/shadow.c: try to update the shadowLastChange
56
attribute of a user on password change (the update is only tried
57
if the attribute is present to begin with)
58
* [r1344] common/tio.c: return connection reset when connection was
59
closed by the other end
60
* [r1343] tests/nslcd-test.conf: paging isn't supported by OpenLDAP
61
when chasing referrals
62
* [r1342] nslcd/cfg.c: also support the tls_cacert option as an
63
alias for tls_cacertfile
64
* [r1341] man/nslcd.conf.5.xml: add notes on ignored options when
65
using GnuTLS (based on #513270 which was reported against the
66
openldap package by Peter Palfrader)
70
* [r1340] nslcd/common.c: also support tilde (~) in user and group
71
names, except as first character
72
* [r1339] nslcd/common.c: make logic of character tests easier to
77
* [r1338] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
78
nslcd/group.c, nslcd/passwd.c: implement a nss_min_uid option to
79
filter user entries returned by LDAP
83
* [r1337] tests/test_nsscmds.sh: sort group members by alphabet to
84
not be dependant on the order of attributes returned and the
85
internal softing of the set
86
* [r1336] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh:
87
update tests with current test set-up (with chasing a referral
88
and some other minor changes)
92
* [r1328] nslcd/myldap.c: pass the ld to do_bind() instead of the
93
session to use the correct ld from do_rebind()
94
* [r1327] nslcd/pam.c: always return a positive authorisation
95
result during authentication because we don't do any
96
authorisation checks during authentication and this may confuse
97
the PAM module if it's only used for authorisation
98
* [r1326] pam/pam.c: fallback to standard PAM error message if one
99
wasn't returned by nslcd
100
* [r1325] nslcd/myldap.c: fix comment
104
* [r1322] tests/test_myldap.c: include extra assertion checks
108
* [r1319] nslcd/myldap.c, nslcd/myldap.h, nslcd/nslcd.c: in each
109
worker wake up once in a while to check whether any existing LDAP
110
connections should be closed
114
* [r1318] nslcd/pam.c: in try_bind(), perform the search ourselves
115
instead of using lookup_dn2uid() to also be able to match
116
administrator DNs (thanks to Thaddeus J. Kollar for spotting
118
* [r1317] nslcd/pam.c: fix handling of try_bind() result code in
119
nslcd_pam_authc() (patch by Thaddeus J. Kollar)
123
* [r1316] nslcd/nslcd.c: close all open file descriptors on start
127
* [r1315] nslcd/common.h, nslcd/pam.c, nslcd/passwd.c: return
128
correct PAM status code for when LDAP server is unavailable
129
(based on a patch by Pierre Gambarotto)
130
* [r1314] nslcd/pam.c: switch all internal functions to return an
132
* [r1313] nslcd/pam.c: return correct kind of error code from
137
* [r1312] debian/nslcd.config, debian/nslcd.postinst,
138
debian/nslcd.templates: implement configuring SASL authentication
139
using Debconf, based on a patch by Daniel Dehennin
140
* [r1311] debian/nslcd.config: fix for problem with undefined
141
values in read_config() function
145
* [r1310] debian/nslcd.config: split reading values from a
146
configfile into a separate function and also ensure that
147
tls_reqcert is correctly read
148
* [r1309] debian/nslcd.postinst: add comment describing function
149
* [r1308] debian/nslcd.postinst: split updating configuration file
150
based on debconf value to separate function and make config
151
option renaming consistent
152
* [r1307] pam/Makefile.am: fix installation directory for PAM
153
module (was broken in r1239)
154
* [r1306] debian/nslcd.postinst: move special casing of handling
155
bindpw removal to cfg_disable() function
156
* [r1305] debian/nslcd.config, debian/nslcd.postinst: handle
157
tls_reqcert option consistently with other options
158
* [r1304] debian/nslcd.config: remove extra slash character
159
* [r1303] configure.ac: guess NSS SONAME on freebsd
160
* [r1302] configure.ac: use NSS flavour to determine which exports
162
* [r1301] nslcd/alias.c, nslcd/common.h, nslcd/ether.c,
163
nslcd/group.c, nslcd/host.c, nslcd/log.c, nslcd/log.h,
164
nslcd/netgroup.c, nslcd/network.c, nslcd/pam.c, nslcd/passwd.c,
165
nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c:
166
log the request with any logged messages
167
* [r1300] compat/ldap_compat.h: SASL compatibility definition
171
* [r1298] nslcd/nslcd.c: move acceptconnection() function body
172
inside the worker() so we can more easily break out of the
173
connection handling thread, close the server socket inside the
174
signal handler to cause all threads waiting on accept() to fail
175
and ensure that signals are handled in the main thread by
176
blocking them in the worker threads (r1290 from -solaris branch)
177
* [r1297] nslcd/common.h, nslcd/pam.c, nslcd/passwd.c: avoid
178
unneeded strdup()s by using a passed buffer to lookup_dn2uid()
179
and using strcmp() in dn2uid() to see if the existing cached
181
* [r1296] nslcd/passwd.c: fix race condition that could cause a
183
* [r1295] common/nslcd-prot.c, nslcd/nslcd.c: pass the actual size
184
of the address family and the path length to bind() and connect()
189
* [r1294] nslcd/myldap.c: call myldap_session_check() before adding
190
a new search to the session so the connection actually gets
191
closed on timeout (the connection isn't closed when there are
196
* [r1288] configure.ac: chage test for compiling with gcc to be
197
simpler and not use deprecated ac_cv_prog_gcc
198
* [r1287] nslcd/nslcd.c: fix log message
199
* [r1286] nslcd/cfg.h: remove obsolete note
203
* [r1279] common/dict.c, common/dict.h, common/set.c, common/set.h,
204
tests/test_set.c: implement dict_getany() and set_pop() functions
205
to be able to pick and remove entries
206
* [r1278] common/dict.c, common/dict.h, common/set.h,
207
tests/test_dict.c, tests/test_set.c: make DICTs and SETs
209
* [r1277] nss/common.h: split out checking of NSS module
210
availability and buffer correctness to separate macros (taken
211
from the -solaris branch)
212
* [r1276] nslcd/myldap.c: set a longer socket timout for the normal
213
connection (just in case mostly) and a short one to use when
214
shutting down the connection (also see
215
http://www.openldap.org/its/index.cgi?selectid=6673)
219
* [r1274] configure.ac: set {nss,pam}_ldap_so_LINK from configure
220
to allow custom linker properties for Solaris (r1261 and r1263
221
from -solaris branch)
222
* [r1273] configure.ac: also include sys/types.h for
223
ethernet-related tests (same as in compat/ether.h) (r1259 from
225
* [r1272] nss/group.c: move _nss_ldap_initgroups_dyn() definition
226
to the end to have more logical order
227
* [r1271] nslcd/myldap.c: simplify SASL includes
231
* [r1270] nss/Makefile.am: link local modules before .a files from
232
common directory to pick symbols up in correct order
233
* [r1269] configure.ac: move ethernet function checks outside
234
nslcd-specific tests to also compile without warnings when only
236
* [r1267] nslcd/pam.c: make buffer sizes for PAM requests
237
consistent (and large enough for most situations)
238
* [r1266] configure.ac: rename --with-nss-ldap-maps to
240
* [r1265] compat/ldap_passwd_s.c: small fix
244
* [r1264] nslcd/myldap.c: set timeout options on LDAP socket to
245
avoid problems when the LDAP library hangs on a read() (e.g. at
250
* [r1256] nslcd/myldap.c, nss/netgroup.c, pam/pam.c: make use of
251
UNUSED() consistent throughout the code
252
* [r1255] nss/rpc.c: correctly name shared file handle
253
* [r1254] ChangeLog: undo changes to ChangeLog accidentally checked
255
* [r1253] ChangeLog, configure.ac, nss/Makefile.am,
256
nss/exports.glibc, nss/exports.solaris, nss/nss_ldap.map,
257
pam/Makefile.am: put all logic on how to run linker for NSS and
258
PAM components in configure script (remove stuff from
259
Makefile.ams) and add Solaris version script (renaming version
260
scripts as needed) (r1250 from -solaris branch)
261
* [r1252] compat/ether.c, compat/ether.h: move missing declarations
262
of ether_ntoa() and ether_aton() to header file so they are
263
available for other sources also (r1243 from -solaris branch)
264
* [r1251] configure.ac: fix test of returnlen struct member check
265
(r1244 from -solaris branch)
269
* [r1245] nss/services.c: correctly name shared file handle
273
* [r1240] nss/Makefile.am, nss/aliases.c, nss/ethers.c,
274
nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c,
275
nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c,
276
nss/shadow.c, pam/Makefile.am: improve consistency of code layout
277
* [r1239] compat/nss_compat.h, configure.ac, nss/Makefile.am,
278
nss/common.h, nss/hosts.c, nss/networks.c, nss/prototypes.h,
279
pam/Makefile.am: merge some of the changes for Solaris
280
portability to ease merging, adding --with-pam-seclib-dir,
281
--with-pam-ldap-soname and --with-nss-flavour options and having
282
some auto-detection for SONAMEs and NSS flavour
286
* [r1235] .: ignore configure.lineno
290
* [r1233] compat/ether.c, compat/ldap_passwd_s.c, configure.ac: use
291
AC_CHECK_DECLS to check for definitions of functions we provide a
292
replacement definition for
296
* [r1229] debian/po/vi.po: updated Vietnamese (vi) translation of
297
debconf templates by Clytie Siddall
298
* [r1228] configure.ac: fix test quoting
302
* [r1227] compat/ether.c, configure.ac: only provide definitions
303
for ether_aton() and ether_ntoa() for platforms missing a
305
* [r1226] compat/ether.c: fix definitions of ether_aton() and
310
* [r1225] compat/nss_compat.h, compat/pam_get_authtok.c,
311
configure.ac: begin merging some of the compatibility
312
improvements from Ted C. Cheng of Symas Corporation
313
* [r1224] compat/nss_compat.h: no need to provide a enum nss_status
314
replacement because we don't use it
315
* [r1223] tests/test_aliases.c, tests/test_ethers.c,
316
tests/test_group.c, tests/test_hosts.c, tests/test_netgroup.c,
317
tests/test_networks.c, tests/test_passwd.c,
318
tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c,
319
tests/test_shadow.c: also switch to nss_status_t for test code
320
* [r1222] configure.ac: simplify appending OBJEXT sed expression
324
* [r1221] nslcd/myldap.c: remove variables which are no longer
325
necessary due to r1220
326
* [r1220] nslcd/myldap.c: remove disabling keepalives since we
327
handle SIGPIPE anyway
331
* [r1219] nslcd/myldap.c: remove ugly empty line
332
* [r1218] configure.ac: properly define PACKAGE_URL
333
* [r1217] nslcd/group.c: update description of group schema
335
* [r1216] Makefile.am: switch to nicer mechanism to specify
336
subdirectories to build
340
* [r1215] configure.ac, nss/Makefile.am: have a way to limit which
341
NSS maps should be built
345
* [r1214] compat/nss_compat.h, nss/aliases.c, nss/common.h,
346
nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c,
347
nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h,
348
nss/rpc.c, nss/services.c, nss/shadow.c: switch to using
349
nss_status_t throughout the code and provide compatibility code
350
to use whatever nss_status type is used on the system
354
* [r1208] nslcd/myldap.c: add some more error cases which should
359
* [r1207] nslcd/myldap.c: handle errors from ldap_result()
360
consistently and also retry in case it times out
364
* [r1206] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
365
nslcd/common.h, nslcd/nslcd.c, nslcd/pam.c, pam/pam.c: implement
366
a rootpwmodpw option that allows root users to change user
367
passwords without a password prompt
371
* [r1204] ChangeLog, NEWS, configure.ac, debian/changelog,
372
man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
373
files ready for 0.7.9 release
374
* [r1203] debian/po/nl.po: unfuzzy a few Dutch translations and
376
* [r1202] debian/po/it.po: fix package name
377
* [r1201] debian/po/es.po: updated Spanish (es) translation of
378
debconf templates by Francisco Javier Cuadrado
379
* [r1200] debian/libpam-ldapd.templates, debian/po/ca.po,
380
debian/po/cs.po, debian/po/da.po, debian/po/de.po,
381
debian/po/es.po, debian/po/fi.po, debian/po/fr.po,
382
debian/po/gl.po, debian/po/it.po, debian/po/ja.po,
383
debian/po/nb.po, debian/po/nl.po, debian/po/pt.po,
384
debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po,
385
debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po: fix
386
incorrect reference from /etc/nsswitch to /etc/nsswitch.conf
387
* [r1199] debian/po/da.po, debian/po/de.po, debian/po/it.po,
388
debian/po/ja.po, debian/po/nb.po, debian/po/ru.po,
389
debian/po/sv.po: fix wrapping of po files
390
* [r1198] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
391
debian/po/de.po, debian/po/fr.po, debian/po/it.po,
392
debian/po/ja.po, debian/po/nb.po, debian/po/pt.po,
393
debian/po/ru.po, debian/po/sv.po, debian/po/zh_CN.po: correct
394
references to package name for up-to-date translations
395
* [r1197] debian/po/es.po, debian/po/fr.po, debian/po/gl.po,
396
debian/po/ja.po: fix translations that had a reference to the old
397
location of the configuration file
398
* [r1196] debian/po/sv.po: updated Swedish (sv) translation of
399
debconf templates by Martin Ågren
400
* [r1195] debian/po/ca.po: unfuzzy translated string (confirmed OK
405
* [r1194] debian/po/ca.po: updated Catalan (ca) translation of
406
debconf templates by Agusti Grau
410
* [r1193] debian/po/de.po: updated German (de) translation of
411
debconf templates by Chris Leick
415
* [r1192] debian/po/fr.po: updated French (fr) translation of
416
debconf templates by Christian Perrier
420
* [r1191] debian/po/da.po: updated Danish (da) translation of
421
debconf templates by Joe Hansen
425
* [r1190] debian/po/ja.po: updated Japanese (ja) translation of
426
debconf templates by Kenshi Muto
430
* [r1189] debian/nslcd.templates, debian/po/ca.po, debian/po/cs.po,
431
debian/po/da.po, debian/po/de.po, debian/po/es.po,
432
debian/po/fi.po, debian/po/fr.po, debian/po/gl.po,
433
debian/po/it.po, debian/po/ja.po, debian/po/nb.po,
434
debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po,
435
debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot,
436
debian/po/vi.po, debian/po/zh_CN.po: fix double "be" in English
437
template thanks to Christian PERRIER
438
* [r1188] debian/po/it.po: updated Italian (it) translation of
439
debconf templates by Vincenzo Campanella
440
* [r1187] debian/po/zh_CN.po: updated Simplified Chinese (zh_CN)
441
translation of debconf templates by zym
442
* [r1186] debian/po/cs.po: updated Czech (cs) translation of
443
debconf templates by Miroslav Kure
444
* [r1185] configure.ac: fix for --with-nss-ldap-soname option by
449
* [r1183] ChangeLog, NEWS, configure.ac, debian/changelog,
450
man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
451
files ready for 0.7.8 release
452
* [r1182] debian/po/nb.po: added Norwegian Bokmål (nb) translation
453
of debconf templates by Bjørn Steensrud
454
* [r1181] debian/po/ru.po: updated Russian (ru) translation of
455
debconf templates by Yuri Kozlov
456
* [r1180] debian/po/pt.po: updated Portuguese (pt) translation of
457
debconf templates by Américo Monteir
461
* [r1179] debian/po/da.po, debian/po/vi.po, debian/po/zh_CN.po:
462
remove invalid and bouncing addresses
463
* [r1178] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
464
debian/po/de.po, debian/po/es.po, debian/po/fi.po,
465
debian/po/fr.po, debian/po/gl.po, debian/po/it.po,
466
debian/po/ja.po, debian/po/nl.po, debian/po/pt.po,
467
debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po,
468
debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po:
469
update debian/po files with modified template
470
* [r1177] debian/libpam-ldapd.postinst: only offer to fix
471
nsswitch.conf if PAM has been converted with pam-auth-update
472
* [r1176] debian/libpam-ldapd.templates: updated debconf template
473
thanks to Justin B Rye
477
* [r1175] debian/po/POTFILES.in, debian/po/ca.po, debian/po/cs.po,
478
debian/po/da.po, debian/po/de.po, debian/po/es.po,
479
debian/po/fi.po, debian/po/fr.po, debian/po/gl.po,
480
debian/po/it.po, debian/po/ja.po, debian/po/nl.po,
481
debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po,
482
debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po,
483
debian/po/zh_CN.po: update debian/po files with added template
487
* [r1174] debian/control: upgrade to standards-version 3.9.1
488
* [r1173] debian/control: add libpam-sss as an alternative to
490
* [r1172] debian/control: merge the recommends from libnss-ldapd
491
and libpam-ldapd into those of nslcd so we can track all the PAM
492
alternatives in one place
493
* [r1171] Makefile.am, debian/libnss-ldapd.postinst,
494
debian/libnss-ldapd.postrm,
495
debian/libpam-ldapd.lintian-overrides,
496
debian/libpam-ldapd.postinst, debian/libpam-ldapd.templates:
497
offer to add ldap to shadow in nsswitch.conf if a potential
498
broken configuration is found
499
* [r1170] ChangeLog, ChangeLog-2006, ChangeLog-2007,
500
ChangeLog-2008, Makefile.am: archive older ChangeLog entries in
502
* [r1169] common/expr.c: also don't expand variables in rest of
503
${var:+rest} expressions if var is not set or empty
504
* [r1168] common/expr.c: do not expand variables in rest of
505
${var:-rest} expressions if var is not blank or empty
509
* [r1167] nss/services.c: use htons() instead of ntohs() (thanks
514
* [r1166] compat/nss_compat.h, configure.ac: compatibility
515
improvement: also check for nss_common.h and see if enum
517
* [r1165] nslcd/pam.c: fix comment
518
* [r1164] nss/Makefile.am: use -h linker flag instead of -soname
519
which seems more portable
520
* [r1163] compat/pam_compat.h: define pam_info(), pam_error() and
521
pam_syslog() compatibility macros to allow no arguments for
526
* [r1162] debian/nslcd.config: only go back one step on Debconf
531
* [r1161] configure.ac, nslcd/nslcd.c, nss/Makefile.am: allow
532
configuring NSS module's SONAME from configure and use this in
533
nslcd to dlopen() the correct library (thanks to Alexander V.
534
Chernikov for the idea)
538
* [r1159] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
539
man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
540
files ready for 0.7.7 release
541
* [r1158] debian/control: upgrade to standards-version 3.9.0
542
* [r1157] debian/libnss-ldapd.config, debian/nslcd.config: don't
543
use dh_title to set the Debconf title, the default should be fine
544
* [r1156] debian/control: use Replaces/Breaks instead of Conflicts
545
for introduction of nslcd package (as per policy 3.9.0)
549
* [r1155] Makefile.am, debian/libpam-ldapd.manpages,
550
debian/nslcd.install, debian/nslcd.manpages: make sure the
551
pam_ldap manual page is in the libpam-ldapd package
555
* [r1154] nslcd/myldap.c: add logging to SASL interaction function
556
* [r1153] nslcd/myldap.c: improve debug logging of SASL bind calls
557
* [r1152] debian/nslcd.default: updated based on comments by Daniel
558
Dehennin <daniel.dehennin@baby-gnu.org>
562
* [r1151] AUTHORS, Makefile.am, debian/control,
563
debian/nslcd.conffile, debian/nslcd.default, debian/nslcd.init:
564
start k5start from the init script to keep the Kerberos ticket
565
active if nslcd is configured for SASL GSSAPI kerberos
566
authentication, based on a patch by Daniel Dehennin
567
<daniel.dehennin@baby-gnu.org>
568
* [r1150] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h: remove
569
warning messages from parsing the sasl_* options and document
570
them in the nslcd.conf(5) manual page (they should be functional)
571
* [r1149] nslcd/myldap.c: make SASL binding code a little earier to
573
* [r1148] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
574
nslcd/myldap.c: remove the use_sasl option and instead rely on
575
sasl_mech being specified
576
* [r1147] debian/nslcd.init: group options more
580
* [r1146] compat/Makefile.am, compat/nss_compat.h, configure.ac,
581
nss/common.h, nss/prototypes.h: have more compatibility code for
582
NSS module and move compatibility code to compat directory
586
* [r1145] debian/nslcd.init: ensure that nslcd is started after
587
hostname lookups are available so getting to the LDAP server via
588
DNS lookups will work (patch by Petter Reinholdtsen)
589
* [r1144] nslcd/nslcd.c: use RTLD_NODELETE during dlopen() instead
590
of not using dlclose()
594
* [r1143] configure.ac, nss/Makefile.am, nss/exports.linux,
595
nss/nss_ldap.map, pam/Makefile.am, pam/exports.linux,
596
pam/pam_ldap.map: rename symbol map files and check for the
597
linker option to specify the file with
598
* [r1142] configure.ac, nslcd/Makefile.am: pass pthread flags
599
correctly to nslcd Makefile and rename save_ vars to not conflict
604
* [r1141] configure.ac, nslcd/nslcd.c, nss/Makefile.am,
605
nss/common.c, nss/common.h, nss/exports.linux, nss/netgroup.c,
606
nss/prototypes.h, tests/Makefile.am: implement a global symbol
607
inside the NSS module to allow applications to disable NSS
608
lookups over LDAP and use it in nslcd to avoid deadlocks
609
* [r1140] common/dict.h, common/expr.h, common/nslcd-prot.h,
610
common/set.h, common/tio.h, compat/attrs.h, compat/daemon.h,
611
compat/ether.h, compat/getopt_long.h, compat/getpeercred.h,
612
compat/ldap_compat.h, compat/pam_compat.h, nslcd/attmap.h,
613
nslcd/cfg.h, nslcd/common.h, nslcd/log.h, nslcd/myldap.h,
614
nss/common.h, nss/prototypes.h, pam/common.h: make include guard
615
names consistent throughout the source and avoid conflicts with
617
* [r1139] nss/aliases.c, nss/ethers.c, nss/group.c, nss/hosts.c,
618
nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c,
619
nss/rpc.c, nss/services.c, nss/shadow.c: remove some unused
624
* [r1138] README, common/tio.c, nslcd/attmap.c, nslcd/attmap.h,
625
nslcd/group.c, nslcd/network.c: remove commented out memberOf and
626
ipNetmaskNumber attributes and small cleanups
627
* [r1137] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
628
debian/po/de.po, debian/po/es.po, debian/po/fi.po,
629
debian/po/fr.po, debian/po/gl.po, debian/po/it.po,
630
debian/po/ja.po, debian/po/nl.po, debian/po/pt.po,
631
debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po,
632
debian/po/vi.po, debian/po/zh_CN.po: run translations through
637
* [r1136] nslcd/nslcd.c: fix and remove source code comments
641
* [r1135] ChangeLog, debian/changelog: revert part of r1134 that
642
was accidentally commited
643
* [r1134] ChangeLog, debian/changelog, pam/pam.c: fix nullok test
644
for password modification
648
* [r1133] debian/libpam-ldapd.pam-auth-update: also ignore other
649
ignorable PAM return codes
653
* [r1132] compat/pam_get_authtok.c: add a warning to the limitation
654
of our pam_get_authtok() implementation
655
* [r1131] pam/pam.c: simplify PAM module splitting remapping for
656
ignore_* options to a separate function, parsing of
657
try_first_pass and use_first_pass is done by pam_get_authtok(),
658
don't report session errors to the user and make error handling
663
* [r1130] nslcd/pam.c: fix bug in test (r1127)
664
* [r1129] man/pam_ldap.8.xml, pam/pam.c: implement an nullok PAM
665
option and disable empty passwords by default
666
* [r1128] pam/pam.c: don't log failure to do nslcd request to user
667
and log authentication errors during password change
668
* [r1127] nslcd/pam.c: add a debug log message when user
669
authentication was successful
670
* [r1126] debian/libpam-ldapd.pam-auth-update: don't use
671
use_authtok for password modification by default
675
* [r1125] pam/pam.c: fix typo
679
* [r1123] AUTHORS, ChangeLog, NEWS, configure.ac, debian/changelog,
680
man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
681
files ready for 0.7.6 release
685
* [r1122] debian/control: drop extra parts of package descriptions
686
that should no longer be really relevant and update libpam-ldapd
691
* [r1121] debian/libpam-ldapd.pam-auth-update: update
692
pam-auth-update configuration to always perform LDAP
693
autorisation, also pass use_authtok on password modification and
694
spell out session result handling
695
* [r1120] pam/pam.c: make code more consistent
696
* [r1119] man/pam_ldap.8.xml: fix typo
697
* [r1118] pam/pam.c: don't store use_authtok because
698
pam_get_authtok() looks at the arguments itself
702
* [r1117] HACKING, README, man/nslcd.8.xml, man/nslcd.conf.5.xml:
704
* [r1116] nslcd.conf: include uid and gid options in default
706
* [r1115] configure.ac, m4/acx_pthread.m4, m4/ax_pthread.m4: update
707
AC?X_PTHREAD macro and update configure script to be simpler and
709
* [r1114] debian/nslcd.init: use nslcd --check in init script's
714
* [r1113] nslcd/pam.c: make debug logging for pam_authz_search
715
option a little more readable
719
* [r1112] debian/control: add libpam-heimdal as an alternative
720
recommends for libnss-ldapd
724
* [r1111] nslcd/attmap.c, nslcd/attmap.h: always clear returned
725
buffer when performing attribute mapping (based on a patch by
726
Nalin Dahyabhai <nalin@redhat.com>)
730
* [r1109] ChangeLog, NEWS, configure.ac, debian/changelog,
731
man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
732
files ready for 0.7.5 release
733
* [r1108] Makefile.am, debian/source, debian/source/format: switch
734
to source format 3.0 (native)
735
* [r1107] pam/pam.c: print uid as a long
736
* [r1106] compat/pam_compat.h, configure.ac, man/pam_ldap.8.xml,
737
pam/common.h, pam/pam.c: perform logging from PAM module to
738
syslog and support the debug option to log debugging information
742
* [r1105] pam/pam.c: centralise initialising functions needed for
743
every PAM call into one function
744
* [r1104] common/nslcd-prot.h, nslcd/common.h: make logging of
745
buffer checks consistent
746
* [r1103] pam/pam.c: also use PAM username instead of one from
747
context for session open and close
748
* [r1102] pam/pam.c: replace my_pam_get_authtok() with standard
749
pam_get_authtok() function, get rid of get_old_password() and
750
general cleanups and simplifications
754
* [r1101] pam/pam.c: make parsing configuration options global,
755
reorganise a bit and make code more consistent and easier to read
756
* [r1100] compat/pam_compat.h, nslcd/pam.c: small compatibility
761
* [r1099] pam/pam.c: only log "LDAP session failed" if we actually
763
* [r1098] compat/Makefile.am, compat/pam_compat.h,
764
compat/pam_get_authtok.c, compat/pam_prompt.c, configure.ac,
765
pam/pam.c: replace my_pam_warn() with pam_info() and pam_error()
766
and provide replacement for pam_prompt() also using it in our
767
pam_get_authtok() replacement
771
* [r1096] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
772
man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
773
files ready for 0.7.4 release
774
* [r1095] nslcd/myldap.c: only log "connected to LDAP server" if
775
the previous connect failed or we are failing over to a different
777
* [r1094] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd/cfg.c,
778
nslcd/cfg.h, nslcd/myldap.c, tests/README, tests/nslcd-test.conf:
779
rename reconnect_maxsleeptime option to reconnect_retrytime
780
* [r1093] nslcd/myldap.c: don't log errno if it is not set (make
781
error less confusing)
782
* [r1092] nslcd/myldap.c: handle authentication searches a little
783
differently (only try once if an authentication error is
785
* [r1091] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
786
nslcd/myldap.c: refactor retry timing mechanism to use time
787
between first and last error to determin when to rerty and only
788
try once (and don't sleep) when we have been failing for a long
793
* [r1090] man/nslcd.conf.5.xml: fix wrapping of long line (thanks
795
* [r1089] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
796
nslcd/pam.c: rename authz_search option to pam_authz_search
800
* [r1088] man/nslcd.conf.5.xml, man/pam_ldap.8.xml, nslcd/cfg.c,
801
nslcd/cfg.h, nslcd/pam.c: implement an authz_search option to
802
test whether the user is authorised
803
* [r1087] nslcd/alias.c, nslcd/ether.c, nslcd/group.c,
804
nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c,
805
nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c:
806
tune some buffer sizes and small cleanups
807
* [r1086] tests/test_myldap.c: implement test for buffer overflow
808
* [r1085] nslcd/myldap.c: fix buffer overflow
809
* [r1084] man, man/Makefile.am: have the possibility to generate
810
HTML for manual pages (not done by default)
811
* [r1083] man/nslcd.conf.5.xml, man/pam_ldap.8.xml: use docbook
812
elements where possible
816
* [r1082] compat/pam_compat.h, configure.ac,
817
debian/libpam-ldapd.pam-auth-update, man/pam_ldap.8.xml,
818
pam/pam.c: implement a minimum_uid option for the PAM module to
819
ignore users that have a lower numeric user id
823
* [r1081] config.guess, config.sub: include updated files
827
* [r1080] debian/nslcd.config: also parse /etc/ldap.conf for
828
systems that use that for NSS and PAM configuration
832
* [r1079] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c: don't have
833
myldap_set_credentials() try to open a connection but have the
834
PAM code perform a search with the new credentials so we re-use
835
the fail-over mechanism in myldap_search()
836
* [r1078] nslcd/cfg.c, nslcd/common.h, nslcd/myldap.c,
837
nslcd/myldap.h, nslcd/passwd.c, tests/test_myldap.c: also have
838
myldap_search() return an LDAP status code
842
* [r1077] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh:
843
small improvements to the test setup
847
* [r1076] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
848
nslcd/group.c: add an nss_initgroups_ignoreusers option to ignore
849
username to group lookups for the specified users
853
* [r1075] man/nslcd.conf.5.xml: remove commented-oud default option
854
because it is not implemented and we have a better mechanism now
858
* [r1074] nslcd/myldap.c: have less warnings when LDAP_OPT_X_TLS
860
* [r1073] man/nslcd.conf.5.xml: document which attributes may be
861
mapped with an expression
865
* [r1071] ChangeLog, NEWS, configure.ac, debian/changelog,
866
man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
867
files ready for 0.7.3 release
868
* [r1070] debian/NEWS: add blank line for apt-listchanges
869
* [r1069] debian/control: upgrade to standards-version 3.8.4 (no
871
* [r1068] common/dict.h: fix typo
872
* [r1067] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd.conf,
873
nslcd.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: rename admindn
874
option to rootpwmoddn
875
* [r1066] INSTALL, compile: update from latest automake
876
* [r1065] HACKING, tests/README: small updates to documentation
880
* [r1064] nslcd/myldap.c: first try password modification without
881
the old password and if that fails with the old password
882
* [r1063] compat/ldap_passwd_s.c: add pointer to RFC 3062
886
* [r1062] man/nslcd.8.xml, nslcd/nslcd.c: patch by Jan Schampera to
887
implement a --check option
891
* [r1061] nslcd/myldap.c: fix for type mismatch (thanks to Jan
896
* [r1060] configure.ac, nslcd/cfg.c: add --with-bindpw-file
897
configure option to enable reading the bindpw option from a file
898
* [r1059] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd.conf,
899
nslcd.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c, pam/pam.c: add
900
admindn configuration file option that is used when modifying
901
another user's password
902
* [r1058] man/nslcd.conf.5.xml: fix example
903
* [r1057] nslcd/myldap.c: make logging of passwords consistent and
904
support a NULL oldpassword value in myldap_passwd()
905
* [r1056] nslcd/myldap.c: free data returned from ldap_passwd_s()
906
call if needed and add missing casts
907
* [r1055] HACKING: general updates and add PAM module information
911
* [r1054] nss/prototypes.h: simple improvement for FreeBSD
912
* [r1053] nslcd/nslcd.c: lock the pidfile at start-up to ensure
913
only one nslcd process is running (based on a patch by Jan
914
Schampera <jan.schampera@web.de>)
918
* [r1052] debian/nslcd.init: start nslcd before apache for systems
919
that use LDAP users to run virtual hosts
920
* [r1051] HACKING, README, configure.ac: set contact address to
922
* [r1050] debian/NEWS: change format of NEWS entry based on
923
Developer's Reference
924
* [r1049] debian/rules: install lintian overrides with dh_lintian
928
* [r1048] nslcd/cfg.c: improve getting of domain name by also
929
checking hostname aliases (based on patch by Jan Schampera
930
<jan.schampera@web.de>)
931
* [r1047] AUTHORS: improve getting of domain name by also checking
932
hostname aliases (based on patch by Jan Schampera
933
<jan.schampera@web.de>)