Arthur de Jong

+2013-04-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * ChangeLog, NEWS, TODO, configure.ac, man/getent.ldap.1.xml,

+ man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml,

+ man/pynslcd.8.xml: Get files ready for 0.9.0 release

+

+2013-04-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/Makefile.am: Include the usermod.py file in the

+ distribution

+

+2013-04-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/chsh.ldap.1.xml: Fix docbook validation

+

+2013-04-03 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac: Ignore missing Python in initial test

+

+2013-04-03 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/nslcd.c: Fix comment

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py: Update the shadowLastChange on password change in

+ pynslcd

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py: Implement password modification in pynslcd

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * : Implement used modification functionality This adds user information modification functionality to nslcd and

+ pynslcd and implements a chsh.ldap utility that can be used to

+ change the login shell of a user (similar to the normal chsh

+ command). The user modification functionality should allow for generic

+ modifications of user information. More utility commands to perform

+ modifications remain to be implemented.

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pynslcd.py, pynslcd/usermod.py: Handle user modification

+ requests in pynslcd Similar to the nslcd implementation, this currently only covers

+ modifying the homeDirectory and loginShell attributes.

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/Makefile.am, nslcd/common.h, nslcd/nslcd.c, nslcd/usermod.c:

+ Handle user modification requests in nslcd This is currently limited to supporting modification of the

+ homeDirectory and loginShell attributes. Modifications as root currently use the rootpwmoddn and rootpwmodpw

+ options.

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd.h: Define a NSLCD_ACTION_USERMOD request The modification can either be requested by root or by the user

+ itself. Modifications by the user should be done by connecting to the LDAP

+ server with the user-supplied credentials. It is expected that

+ access controls in the LDAP server prevent unwanted modifications.

+ The nslcd process is expected to check whether supplied values are

+ sensible.

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py: Rename authentication function and return

+ connection

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac: Fix test for absence of Python

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/cfg.py: Mark unsupported pynslcd configuration options

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac: Preset default configure values consistently

+

+2013-03-30 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac: Give an error when the Python interpreter is missing

+

+2013-03-29 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac: Build command-line utilities by default if Python is

+ available

+

+2013-03-29 Arthur de Jong <arthur@arthurdejong.org>

+

+ * : Implement clearing of nscd cache in pynslcd

+

+2013-03-29 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pynslcd.py: Start the nscd invalidator process if needed

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/cfg.py: Parse the nscd_invalidate option

+

+2013-03-29 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/Makefile.am, pynslcd/nscd.py: Functionality for clearing

+ the nscd cache in pynslcd

+

+2013-03-29 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pynslcd.py: Switch to using os.environ instead of

+ os.putenv() The os.putenv() call doesn't update os.environ and Python

+ documentation recommends using os.environ.

+

+2013-03-29 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py: Rename validate_request to validate

+

+2013-03-29 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py: Also perform authentication search using

+ LDAPSearch class

+

+2013-03-28 Arthur de Jong <arthur@arthurdejong.org>

+

+ * tests/test_nsscmds.sh: Make the NSS tests dependant on the

+ configuration of nsswitch.conf

+

+2013-03-28 Arthur de Jong <arthur@arthurdejong.org>

+

+ * tests/test_myldap.c: Do not rely on printf() being able to print

+ NULL strings

+

+2013-03-24 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/nslcd.conf.5.xml: Fix manual page generation

+

+2013-03-24 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/cfg.h: Fix comment for nss_nested_groups config option

+

+2013-03-24 Arthur de Jong <arthur@arthurdejong.org>

+

+ * : Implement support for nested groups

+

+2013-03-24 Arthur de Jong <arthur@arthurdejong.org>

+

+ * README, man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,

+ nslcd/group.c, pynslcd/cfg.py, pynslcd/group.py: Implement a

+ nss_nested_groups configuration option This option can be used in both nslcd and pynslcd to enable

+ recursive group member lookups. By default the functionality is

+ disabled. This also updates the documentation.

+

+2013-03-24 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/common.py, pynslcd/group.py: Implement support for nested

+ groups in pynslcd

+

+2013-03-24 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/group.c: Implement support for nested groups in nslcd This differs from the code provided by Steve Hill in that it avoids (recursively) performing parallel LDAP searches by queueing groups

+ and check for extra members per queued group (in the forward lookup)

+ or check for extra parents (for the user to groups lookup). For the reverse lookup handling the NSLCD_HANDLE macro could no

+ longer be used because extra care should be taken to free the sets

+ before returning and two search phases are needed.

+

+2013-03-20 Steve Hill <steve@opendium.com>

+

+ * AUTHORS, nslcd/group.c: Implement a mkfilter_group_bymemberdn()

+ function This was part of a bigger change to implement nested groups, however

+ most of the other parts were re-implemented differently. For the original changes, see:

+ http://lists.arthurdejong.org/nss-pam-ldapd-users/2013/msg00034.html

+

+2013-03-24 Arthur de Jong <arthur@arthurdejong.org>

+

+ * tests/test.ldif: Unpack the LDIF file to make diffs clearer

+

+2013-03-24 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/cfg.h, nslcd/myldap.c: spelling fixes

+

+2013-03-22 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/service.c: fix service request logging

+

+2013-03-19 Jakub Hrozek <jhrozek@redhat.com>

+

+ * nss/common.h: NSS: Return TRYAGAIN on zero-length buffer One of our customers was running into a situation where glibc

+ provided a zero buffer, which is a condition that is retriable and

+ the nss module should return NSS_STATUS_TRYAGAIN not

+ NSS_STATUS_UNAVAIL.

+

+2013-03-11 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nss/shadow.c: fix the text representation of shadow information

+ for nscd on Solaris

+

+2013-03-11 Arthur de Jong <arthur@arthurdejong.org>

+

+ * .gitignore, tests/Makefile.am, tests/lookup_shadow.c: implement a

+ lookup_shadow test command for use on systems that don't allow

+ querying shadow via getent

+

+2013-03-10 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/cfg.c, nslcd/nscd.c: fix a few compiler warnings

+

+2013-03-10 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac: guess the value for --with-pam-seclib-dir if it is

+ not specified

+

+2013-03-10 Arthur de Jong <arthur@arthurdejong.org>

+

+ * tests/test_pamcmds.sh: small portability fix in test_pamcmds.sh

+

+2013-03-10 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/service.c: only log protocol name if it is present

+

+2013-03-10 Arthur de Jong <arthur@arthurdejong.org>

+

+ * compat/ldap_parse_passwordpolicy_control.c, configure.ac: also

+ support systems without bet_get_enum()

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pynslcd.py: log hex value of action id to make debugging

+ easier

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py: ensure consistent naming of DN variables

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/attmap.py, pynslcd/group.py, pynslcd/netgroup.py,

+ pynslcd/pam.py, pynslcd/search.py, pynslcd/service.py,

+ pynslcd/shadow.py: clean up imports and use

+ ldap.filter.escape_filter_chars() directly

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py, pynslcd/pynslcd.py, pynslcd/search.py: move

+ get_connection function to search module as Connection class as

+ subclass of ReconnectLDAPObject to automatically reconnect to the

+ LDAP server

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/Makefile.am, pynslcd/alias.py, pynslcd/common.py,

+ pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py,

+ pynslcd/netgroup.py, pynslcd/network.py, pynslcd/pam.py,

+ pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py,

+ pynslcd/search.py, pynslcd/service.py, pynslcd/shadow.py: move

+ Search class to search module

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/cfg.py: fix default logging configuration setting in

+ pynslcd

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * common/tio.c: fix the description of the tio_time_remaining()

+ function

+

+2013-03-08 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/nslcd.conf.5.xml: document the nscd_invalidate option

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c, nslcd/nscd.c, nslcd/nslcd.c: start the nscd

+ invalidator and invalidate the nscd cache after reconnecting to the

+ LDAP server after failure

+

+2013-03-08 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/cfg.c, nslcd/cfg.h: implement parsing of the nscd_invalidate

+ option

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac, nslcd/Makefile.am, nslcd/common.h, nslcd/nscd.c,

+ tests/Makefile.am: implement functionality to send a cache

+ invalidation signal to nscd

+

+2013-03-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/common.c, nslcd/common.h, nslcd/nslcd.c: move signame()

+ function to common.c to make it available to all modules

+

+2013-03-03 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/nslcd.conf.5.xml: document the trimming expressions in the

+ nslcd.conf(5) manual page

+

+2013-03-03 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/expr.py: support trimming expressions with full shell glob

+ matching in pynslcd

+

+2013-03-03 Arthur de Jong <arthur@arthurdejong.org>

+

+ * tests/test_expr.c: add tests for trimming expressions

+

+2013-01-04 Arthur de Jong <arthur@arthurdejong.org>

+

+ * common/expr.c: update the trimming expressions code to follow the

+ new coding style

+

+2012-12-03 Thorsten Glaser <t.glaser@tarent.de>

+

+ * AUTHORS, common/expr.c: allow trimming expressions with ${foo#bar}

+ syntax in nslcd

+

+2013-03-01 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c: return the password

+ policy bind information via PAM

+

+2013-01-04 Arthur de Jong <arthur@arthurdejong.org>

+

+ * compat/Makefile.am, compat/ldap_compat.h,

+ compat/ldap_passwordpolicy_err2txt.c, configure.ac: provide a basic

+ replacement implementation of ldap_passwordpolicy_err2txt() for

+ systems that don't have it

+

+2013-01-04 Arthur de Jong <arthur@arthurdejong.org>

+

+ * compat/Makefile.am, compat/ldap_compat.h,

+ compat/ldap_parse_passwordpolicy_control.c, configure.ac: provide a

+ replacement implementation of ldap_parse_passwordpolicy_control()

+ for systems that don't have it

+

+2013-03-01 Arthur de Jong <arthur@arthurdejong.org>

+

+ * compat/ldap_compat.h, configure.ac, nslcd/myldap.c: request and

+ parse password policy controls when doing user authentication in

+ nslcd

+

+2013-01-18 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c: pass the session along to the do_bind() function

+

+2013-03-03 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac: add some missing checks to the configure script

+

+2013-03-01 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/pam.c: log a more meaningful error in nslcd when trying to

+ authenticate as administrator when rootpwmoddn is not set

+

+2013-03-01 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/common.h, nslcd/pam.c, nslcd/shadow.c: move

+ update_lastchange() function from shadow to pam code

+

+2013-03-01 Arthur de Jong <arthur@arthurdejong.org>

+

+ * utils/getent.py: move parsing to command line arguments to main

+ body

+

+2013-02-28 Arthur de Jong <arthur@arthurdejong.org>

+

+ * TODO: update TODO (setnetgrent() returns an error since r1874)

+

+2013-02-27 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/nslcd.conf.5.xml: include information about when some of the

+ options were added

+

+2013-02-27 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nss/common.c: add missing include statement for NULL definition

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/nslcd.c, pynslcd/pynslcd.py: log version information from

+ the NSS module

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nss/common.c, nss/exports.freebsd, nss/exports.glibc,

+ nss/exports.solaris: define and export an _nss_ldap_version symbol

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/ether.py: also search for alternative macAddress

+ representation in pynslcd

+

+2013-02-12 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/nslcd.c: extra sanity check to ensure not too many file

+ descriptors are open

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd.h: clarify NSLCD_ACTION_SERVICE_* request parameter

+ description

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/nslcd.conf.5.xml, nslcd/cfg.c, tests/test_common.c: allow

+ names with one character in default validnames option and allow

+ parentheses (taken from Fedora packages)

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/nslcd.conf.5.xml: document the log option

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/cfg.py, pynslcd/pynslcd.py: handle the log configuration

+ option in pynslcd

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/cfg.c, nslcd/log.c, nslcd/log.h, nslcd/nslcd.c: handle the

+ log configuration option in nslcd

+

+2013-02-23 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/log.c, nslcd/log.h: implement functions for configuring

+ alternative logging

+

+2013-02-12 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/getent.ldap.1.xml: fix docbook tag for file name

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * Makefile.am: generate ChangeLog with git2cl

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * ChangeLog, ChangeLog-2012: archive 2012 changelog messages into a

+ year file including the change from Subversion

+

+2013-01-28 Arthur de Jong <arthur@arthurdejong.org>

+

+ * .gitignore, man/Makefile.am, man/getent.ldap.1.xml: add

+ getent.ldap(1) manual page

+

+2013-01-28 Arthur de Jong <arthur@arthurdejong.org>

+

+ * utils/Makefile.am, utils/cmdline.py, utils/getent.py,

+ utils/nslcd.py: implement a getent command to query nslcd while

+ bypassing NSS stack

+

+2013-01-26 Arthur de Jong <arthur@arthurdejong.org>

+

+ * .gitignore, Makefile.am, configure.ac, utils/Makefile.am: add an

+ --enable-utils option to configure to build command-line utilities

+

+2013-01-09 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/cache.py, pynslcd/common.py: disable pynslcd cache for now

+

+2013-01-27 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd.h, nslcd/common.h, nslcd/netgroup.c, nslcd/nslcd.c,

+ pynslcd/netgroup.py: implement a netgroup_all request

+

+2013-01-18 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/nslcd.c: make checking dlsym() result a little safer

+

+2013-01-18 Arthur de Jong <arthur@arthurdejong.org>

+

+ * compat/ldap_passwd_s.c: fix copyright year

+

+2013-01-18 Arthur de Jong <arthur@arthurdejong.org>

+

+ * common/tio.c: restructure timeout calculation in tio to reduce the

+ number of times gettimeofday() is called

+

+2013-01-18 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/log.c: use pthreads thread-local storage as fallback

+ mechanism if compiler doesn't provide a keyword for TLS

+

+2013-01-18 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac, m4/ax_tls.m4, nslcd/log.c, nss/aliases.c,

+ nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c,

+ nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c,

+ nss/services.c, nss/shadow.c: use the AX_TLS macro to find correct

+ thread-local storage class compiler directive

+

+2013-01-18 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/cfg.c, nslcd/cfg.h: dump full nslcd configuration at debug

+ level on start-up

+

+2013-01-16 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/Makefile.am: fix the way manual pages are generated and

+ distributed

+

+2013-01-14 Arthur de Jong <arthur@arthurdejong.org>

+

+ * man/nslcd.conf.5.xml, nslcd/cfg.c, pynslcd/cfg.py,

+ tests/test_cfg.c: support children search scope for systems that

+ have it

+

+2013-01-14 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/cfg.py: fix parsing of scope option in pynslcd

+

+2013-01-14 Arthur de Jong <arthur@arthurdejong.org>

+

+ * tests/test_tio.c: support systems without ETIME

+

+2013-01-14 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac, tests/lookup_netgroup.c: check whether setnetgrent()

+ returns int or void (for FreeBSD)

+

+2013-01-12 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/cfg.c, tests/test_cfg.c: reorganise configuration file

+ parsing code

+

+2013-01-12 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c: have myldap_get_ranged_values() return a list of

+ values instead of a set

+

+2013-01-12 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/cfg.c, nslcd/group.c, nslcd/passwd.c, nslcd/shadow.c: check

+ result of set_tolist() to ensure that memory allocation problems are

+ logged

+

+2013-01-12 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c: fix memory leak in myldap_get_values_len() when

+ using ranged attributes (very unlikely to occur)

+

+2013-01-12 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c: fix a problem in memory handling in

+ myldap_get_values_len() if malloc() would fail

+

+2013-01-12 Arthur de Jong <arthur@arthurdejong.org>

+

+ * configure.ac: drop -Wcase-qual when using --enable-warnings

+ because it was causing too much noise

+

+2013-01-10 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c: fix typo in comment

+

+2013-01-06 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py: request and parse password policy controls when

+ doing user authentication in pynslcd

+

+2013-01-06 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pam/pam.c: do not recheck the user password in first password

+ phase if it was stored in the authentication phase

+

+2013-01-06 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/pam.c: perform search for pam_authz_search on all search

+ bases

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pynslcd/pam.py: some simplifications in the current pynslcd PAM

+ request handling

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c, tests/test_cfg.c: update FIXMEs

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/ether.c: change ethernet address formatting from FIXME to

+ note

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * pam/pam.c: save the old password if either the authentication or

+ the authorisation response is NEW_AUTHTOK_REQD

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c: inline most is_valid_...() functions

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * compat/ldap_initialize.c: remove not needed define

+

+2013-01-05 Arthur de Jong <arthur@arthurdejong.org>

+

+ * common/nslcd-prot.h: log hex values when debugging the protocol

+

+2013-01-01 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c: log and return a

+ diagnostic message instead of just the LDAP error on password change

+ failure

+

+2013-01-01 Arthur de Jong <arthur@arthurdejong.org>

+

+ * nslcd/pam.c: retry updating the lastChange attribute with the

+ normal nslcd LDAP connection if the update with the user's

+ connection failed

+

+2013-01-01 Arthur de Jong <arthur@arthurdejong.org>

+

+ * update pynslcd PAM protocol handling to be in line with r1865

+

+changes from 0.8.13 to 0.9.0

+----------------------------

+

+* backwards incompatible change to the communications protocol between nslcd

+ and NSS and PAM modules to use network byte order to be able to work on

+ mixed endian multiarch systems

+* netgroup lookups now makes a distinction between empty netgroups and

+ non-existing netgroups

+* the PAM protocol is now more consistent (cleaner support for password

+ modification by root, have all request parameters in the same order and

+ limit the information returned from the call)

+* request and handle password policy controls on LDAP authentication

+* implement support for nested groups which can be enabled with the

+ nss_nested_groups option (thanks Steve Hill)

+* add a log option to configure log level and logging to plain files

+* add an nscd_invalidate option to invalidate the nscd cache after recovering

+ from LDAP connection problems (to clear any negative cache entries)

+* allow trimming expressions with ${foo#bar} syntax in attribute mapping

+ expressions (thanks Thorsten Glaser)

+* pynslcd supports trimming expressions with full shell glob matching

+* support password modification in pynslcd

+* support children search scope for systems that have it

+* add a getent.ldap utility to perform nslcd queries bypassing the libc NSS

+ stack

+* implement functionality for changing user information and provide a

+ chsh.ldap utility to allow users to change their login shell

+* remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and

+ tls_checkpeer options which have been replaced long ago

+* allow names with one character in default validnames option and allow

+ parentheses (taken from Fedora packages)

+* fall back to updating the lastChange attribute with the normal LDAP

+ connection

+* dump full nslcd configuration at debug level on start-up

+* export an _nss_ldap_version symbol in the NSS module to make finding version

+ mismatches easier (the NSS module version is logged from nslcd)

+* documentation improvements

+* update the coding style for the C source code to follow a more modern and

+ commonly used coding convention

+* some parts of the code were refactored or rewritten to take into account the

+ changes within the software (e.g. configuration file handling, reduction in

+ the number of system calls for normal communication)

+* numerous smaller fixes

+* portability and robustness improvements to the tests

+* implement lookup_netgroup and lookup_shadow test commands for systems that

+ cannot use getent to query these

+* guess the value for --with-pam-seclib-dir configure option if it is not

+ specified

+* temporary disable the caching functionality of pynslcd

+* usability improvements in the pynslcd implementation

+* various fixes for Solaris

+

+

+* implement chfn functionality in nslcd and make chfn.ldap binary

+ [0.9.0],

+RELEASE_MONTH="Apr 2013"

+ <refmiscinfo class="version">Version 0.9.0</refmiscinfo>

+ <refmiscinfo class="date">Apr 2013</refmiscinfo>

+ Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong

+ <refmiscinfo class="version">Version 0.9.0</refmiscinfo>

+ <refmiscinfo class="date">Apr 2013</refmiscinfo>

+ <refmiscinfo class="version">Version 0.9.0</refmiscinfo>

+ <refmiscinfo class="date">Apr 2013</refmiscinfo>

+ Copyright (C) 2009, 2010, 2011, 2012, 2013 Arthur de Jong

+ <refmiscinfo class="version">Version 0.9.0</refmiscinfo>

+ <refmiscinfo class="date">Apr 2013</refmiscinfo>

+ Copyright (C) 2012, 2013 Arthur de Jong

+ <refmiscinfo class="version">Version 0.9.0</refmiscinfo>

+ <refmiscinfo class="date">Apr 2013</refmiscinfo>