get files ready for 0.5 release0.5

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@539 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2007-12-27 11:42:01 +0100
committer: Arthur de Jong <arthur@arthurdejong.org> 2007-12-27 11:42:01 +0100
commit: 37a678151640f150e4d654fc1a9fdcc553810413 (patch)
tree: cbde404982d42957a7a5751f8abd29130db9da1d
parent: 1998c5cfbdab8131dc84ec9f99ae27663afa3089 (diff)
7 files changed, 599 insertions, 33 deletions
diff --git a/ChangeLog b/ChangeLog
index 1274a84..ccafb24 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,503 @@
+2007-12-26 22:35  arthur
+
+	* [r538] tests/test_cfg.c: remove temporary file to make distcheck
+	  succeed
+
+2007-12-26 21:55  arthur
+
+	* [r537] README, debian/copyright: some documentation cleanups
+
+2007-12-26 20:36  arthur
+
+	* [r536] tests/test_nsscmds.sh: ignore erros in nss commands
+
+2007-12-26 20:35  arthur
+
+	* [r535] nslcd/myldap.c: only log "connected to LDAP server" if it
+	  is a new connection
+
+2007-12-26 17:58  arthur
+
+	* [r534] nslcd/cfg.c, nslcd/cfg.h, tests, tests/test_cfg.c:
+	  properly handle spaces in some configuration options (major
+	  change in code in cfg module)
+
+2007-12-26 10:54  arthur
+
+	* [r533] tests/test_myldap.c: in test_two_searches() test that we
+	  can read from the second search if the first search as abandoned
+
+2007-12-26 10:52  arthur
+
+	* [r532] nslcd/myldap.c: properly flag running searches as invalid
+	  if the connection to the LDAP server is reset
+
+2007-12-25 17:10  arthur
+
+	* [r531] nslcd/common.h, nslcd/myldap.c, nslcd/myldap.h,
+	  tests/test_myldap.c: have myldap_get_entry() return an LDAP
+	  status code that can signal errors in the lookup
+
+2007-12-25 17:02  arthur
+
+	* [r530] nslcd.h, nslcd/common.h, nss/common.c, nss/group.c: remove
+	  NSLCD_RESULT_UNAVAIL because it's not needed anymore (the
+	  connection is broken when an error occurs) and rename
+	  NSLCD_RESULT_NOTFOUND into NSLCD_RESULT_END to better match its
+	  meaning
+
+2007-12-25 16:53  arthur
+
+	* [r529] nslcd/common.h: no need for us to flush the buffer since
+	  our caller closes the stream immediatly (or could otherwise pass
+	  the flushing to another thread)
+
+2007-12-24 23:29  arthur
+
+	* [r528] man/nss-ldapd.conf.5.xml: some general cleanups and
+	  document the krb5_ccname option
+
+2007-12-24 21:50  arthur
+
+	* [r527] debian/libnss-ldapd.config: disable rootbinddn and
+	  rootbindpw questions for now because they are not supported
+
+2007-12-24 17:11  arthur
+
+	* [r526] man/nss-ldapd.conf.5.xml: document current timing and
+	  reconnect options
+
+2007-12-24 16:58  arthur
+
+	* [r525] nslcd/myldap.c: merge the do_map_error(),
+	  do_with_reconnect() into the myldap_search() and do_try_search()
+	  functions having more understandable reconnect and retry logic
+
+2007-12-24 16:41  arthur
+
+	* [r524] nslcd/myldap.h: add some more documentation for using the
+	  myldap module
+
+2007-12-22 21:05  arthur
+
+	* [r523] tests/nss-ldapd-test.conf, tests/test_myldap.c: add
+	  limited test for reconnect logic
+
+2007-12-22 21:02  arthur
+
+	* [r522] nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: remove
+	  bind_policy option because the same effect is achieved by setting
+	  reconnect_tries to 1
+
+2007-12-22 20:52  arthur
+
+	* [r521] nslcd/cfg.c, nslcd/cfg.h: reorder timing and reconnect
+	  options to be more logical and remove nss_ prefix from reconnect
+	  options
+
+2007-12-22 20:38  arthur
+
+	* [r520] tests/test_myldap.c: limit printing of results in test to
+	  just 10
+
+2007-12-22 20:35  arthur
+
+	* [r519] tests/test_myldap.sh: include script name in messages and
+	  have srcdir default to .
+
+2007-12-22 20:32  arthur
+
+	* [r518] nslcd/myldap.c: integrate do_result() into
+	  myldap_get_entry() reducing complexity and improving error
+	  handling
+
+2007-12-22 13:36  arthur
+
+	* [r517] nslcd/myldap.c: remove duplicate comment
+
+2007-12-22 13:34  arthur
+
+	* [r516] nslcd/cfg.c, nslcd/cfg.h: remove some unused configuration
+	  file options
+
+2007-12-22 13:21  arthur
+
+	* [r515] nslcd/myldap.c: bring more uniformity to log messages
+
+2007-12-22 13:09  arthur
+
+	* [r514] nslcd/myldap.c: give struct myldap_session members more
+	  logical names
+
+2007-12-21 09:48  arthur
+
+	* [r513] tests/test_myldap.sh, tests/test_nsscmds.sh: only test the
+	  first URI in the configfile
+
+2007-12-20 19:30  arthur
+
+	* [r512] tests/Makefile.am, tests/test_myldap.c,
+	  tests/test_myldap.sh: pass configfile to use as a command-line
+	  paramter to test_myldap, use the myldap_session_close() function,
+	  print a limited number of results, add a wrapper script to test
+	  whether the LDAP server is available for the test and ship all
+	  needed files in the tarball
+
+2007-12-20 19:25  arthur
+
+	* [r511] tests/test_nsscmds.sh: fail on any command and specify
+	  configfile separately
+
+2007-12-20 17:00  arthur
+
+	* [r510] debian/copyright: remove FSF copyright since we no longer
+	  use their code
+
+2007-12-20 16:58  arthur
+
+	* [r509] nslcd/myldap.c, nslcd/myldap.h: refactor myldap code to
+	  get rid of most of the old nss status codes, properly handle
+	  failures of ldap function calls and improve sourcecode comments
+
+2007-12-20 16:57  arthur
+
+	* [r508] nslcd/myldap.c, nslcd/myldap.h: add myldap_session_close()
+	  function (mainly for testing purposes)
+
+2007-12-20 16:53  arthur
+
+	* [r507] nslcd/myldap.c: move checks of validity of passed entries
+	  to separate functions
+
+2007-12-20 16:46  arthur
+
+	* [r506] nslcd/myldap.c: remove msg member from struct myldap_entry
+	  and just reference the same message in the search
+
+2007-12-20 15:29  arthur
+
+	* [r505] nslcd/shadow.c: rewrite GET_OPTIONAL_DATE() as an
+	  extension to GET_OPTIONAL_LONG()
+
+2007-12-20 15:28  arthur
+
+	* [r504] configure.ac: add/change some tests for currently used
+	  functions, relayout some complexer tests and use AC_CHECK_TYPE
+	  instead of custom test
+
+2007-12-20 15:25  arthur
+
+	* [r503] nslcd/ether.c: use ether_ntoa_r() instead of ether_ntoa()
+
+2007-12-20 15:17  arthur
+
+	* [r502] compat/ldap.h, configure.ac: remove unused tests and
+	  compatibility code
+
+2007-12-20 15:08  arthur
+
+	* [r501] tests/nss-ldapd-test.conf: set pagesize to some more
+	  reasonable value
+
+2007-12-20 13:55  arthur
+
+	* [r500] tests/test_myldap.c: have assertion on correct search
+
+2007-12-16 16:43  arthur
+
+	* [r498] nss-ldapd.conf: fix typo in description
+
+2007-12-14 16:41  arthur
+
+	* [r497] nslcd/myldap.c: potential fix for double free() bug like
+	  in nss_ldap (Debian bug #366172)
+
+2007-12-14 16:19  arthur
+
+	* [r496] nslcd/myldap.h: improve description of myldap interface in
+	  comments
+
+2007-12-14 16:12  arthur
+
+	* [r495] nslcd/common.c: explain why we write an invalid address
+	  (in comment) and add TODO to describe we need to change the log
+	  format
+
+2007-12-14 16:07  arthur
+
+	* [r494] tests/test_myldap.c: fix typo in comment
+
+2007-12-09 22:13  arthur
+
+	* [r493] debian/control: update package description
+
+2007-12-09 16:24  arthur
+
+	* [r492] tests/Makefile.am: fix objects that are needed to get
+	  tests linkable (due to namechange from ldap-nss to myldap)
+
+2007-12-09 15:50  arthur
+
+	* [r491] compat/ldap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c:
+	  some small layout changes
+
+2007-12-09 15:32  arthur
+
+	* [r490] tests/test_nsscmds.sh: remove ugly space
+
+2007-12-09 15:23  arthur
+
+	* [r489] nslcd-common.h, nslcd/Makefile.am, nslcd/alias.c,
+	  nslcd/attmap.h, nslcd/cfg.c, nslcd/common.h, nslcd/group.c,
+	  nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/myldap.c,
+	  nslcd/myldap.h: get rid of some old code and rename ldap-nss to
+	  myldap since there is no more NSS-related code in there
+
+2007-12-09 14:49  arthur
+
+	* [r488] nslcd-common.h, nslcd/alias.c, nslcd/common.c,
+	  nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c,
+	  nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c,
+	  nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c:
+	  switch to new LDAP entry parsing code that is much simpler and
+	  more readable
+
+2007-12-09 14:36  arthur
+
+	* [r487] tests/test_nsscmds.sh: add some comments to tests, enable
+	  netgroup tests and extend ether and services tests
+
+2007-12-09 14:34  arthur
+
+	* [r486] nslcd/ldap-nss.c: ignore decoding errors from
+	  ldap_get_values() as they are just nonexisting attribute values
+
+2007-12-07 16:49  arthur
+
+	* [r485] debian/control: fix Vcs-* links to point to the trunk
+
+2007-12-07 16:49  arthur
+
+	* [r484] debian/control: upgrade to standards-version 3.7.3 (no
+	  changes needed)
+
+2007-12-07 13:10  arthur
+
+	* [r483] nslcd/nslcd.c: don't use backticks as quote mark
+
+2007-12-01 22:03  arthur
+
+	* [r482] common/dict.c: simple check for validity of key value in
+	  dict_put()
+
+2007-11-26 22:38  arthur
+
+	* [r481] configure.ac, man/nss-ldapd.conf.5.xml, nslcd/cfg.c,
+	  nslcd/cfg.h, nslcd/ldap-nss.c: clean up Kerberos ccname code,
+	  moving it to cfg.c, fixing some bugs in the putenv() code, making
+	  the gss_krb5_ccache_name() automatically used if the function is
+	  available and removing the --with-gssapi-dir,
+	  --enable-configurable-krb5-ccname-gssapi and
+	  --enable-configurable-krb5-ccname-env configure options
+
+2007-11-25 15:21  arthur
+
+	* [r480] AUTHORS, README, configure.ac, man/nss-ldapd.conf.5.xml,
+	  nslcd/cfg.c: implement LDAP server discovery through DNS, based
+	  on a patch by Ralf Haferkamp <rhafer@suse.de> and Michael Calmer
+	  <mc@suse.de>
+
+2007-11-24 15:26  arthur
+
+	* [r479] HACKING: update versions of used tools
+
+2007-11-20 21:53  arthur
+
+	* [r478] debian/control: remove XS- prefix from version control
+	  fields
+
+2007-11-20 21:49  arthur
+
+	* [r477] debian/control: put Homepage field in source stanza
+
+2007-11-16 11:43  arthur
+
+	* [r476] AUTHORS, nslcd/ldap-nss.c: patch from Andreas Schneider
+	  <anschneider@suse.de> to get krb5_ccname option working
+
+2007-10-31 22:12  arthur
+
+	* [r475] nslcd.h: improve comments about protocol, also describing
+	  the final NSLCD_RESULT_NOTFOUND
+
+2007-10-28 14:50  arthur
+
+	* [r474] nslcd/ldap-nss.c: some smaller cleanups and
+	  simplifications to the code (getting rid of the is_connected flag
+
+2007-10-28 13:33  arthur
+
+	* [r473] nslcd/ldap-nss.c: remove sizelimit parameter
+
+2007-10-28 13:17  arthur
+
+	* [r472] nslcd/ldap-nss.c: integrate ent_context attributes into
+	  ldap_search
+
+2007-10-28 12:54  arthur
+
+	* [r471] nslcd/ldap-nss.c: remove session from context and remove
+	  sycnhronous search functions
+
+2007-10-28 12:37  arthur
+
+	* [r470] nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c,
+	  nslcd/service.c: replace calls to _nss_ldap_get_values() by
+	  myldap_get_values(), remove unused functions, remove struct
+	  ldap_state and replace remaining references to context to use
+	  search instead
+
+2007-10-28 11:39  arthur
+
+	* [r469] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+	  nslcd/ldap-nss.c: remove support for nss_connect_policy
+	  configfile option and remove some supporting code for it
+
+2007-10-28 10:57  arthur
+
+	* [r468] nslcd/alias.c, nslcd/common.h, nslcd/ether.c,
+	  nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h,
+	  nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c,
+	  nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c:
+	  first step to use the new myldap interface
+
+2007-10-28 10:56  arthur
+
+	* [r467] tests/test_nsscmds.sh: script to run a number of NSS
+	  commands (mainly getent) and check the result (this requires an
+	  LDAP setup that is yet to be documented)
+
+2007-10-27 16:54  arthur
+
+	* [r466] man/nss-ldapd.conf.5.xml: include pagesize option in
+	  manual page since this is tested now
+
+2007-10-27 16:53  arthur
+
+	* [r465] nss-ldapd.conf: add pointer to pagesize in AD section of
+	  sample configfile
+
+2007-10-27 16:28  arthur
+
+	* [r464] nslcd/nslcd.c: clean up myldap session after each request
+
+2007-10-27 15:56  arthur
+
+	* [r463] nslcd/cfg.c: make cfg_init() only callable once and add
+	  note about not free()ing memory
+
+2007-10-27 15:48  arthur
+
+	* [r462] common/tio.c: fix memory leak in I/O module not free()ing
+	  allocated storage for file info on file close
+
+2007-10-27 15:36  arthur
+
+	* [r461] common/tio.c: portability improvement to fall back to
+	  ETIMEDOUT when ETIME is unavailable
+
+2007-10-26 08:46  arthur
+
+	* [r460] NEWS, TODO, configure.ac, debian/changelog,
+	  man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: integrate changes from
+	  0.4.1 release
+
+2007-10-25 21:55  arthur
+
+	* [r455] nslcd/rpc.c: fix rpc filter and remove unused objectClass
+	  attmap entry
+
+2007-10-25 21:19  arthur
+
+	* [r454] nslcd/ldap-nss.c: clean up any messages after abandoning
+	  the search because that returns a new message (fix memory leak)
+
+2007-10-25 20:25  arthur
+
+	* [r453] nslcd/ldap-nss.c: fix a memory leak, not storing search
+	  entries so they could be freed later on
+
+2007-10-25 20:18  arthur
+
+	* [r452] nslcd/ldap-nss.c: fix using unassigned status
+
+2007-10-25 20:17  arthur
+
+	* [r451] nslcd/ldap-nss.c: fix memory leak
+
+2007-10-25 09:02  arthur
+
+	* [r450] debian/libnss-ldapd.nslcd.init: remove S runlevel from
+	  Default-Stop in init script
+
+2007-10-21 07:43  arthur
+
+	* [r449] nss/networks.c: correct calls to
+	  NSLCD_ACTION_NETWORK_BYNAME and NSLCD_ACTION_NETWORK_BYADDR and
+	  get address in correct byte order with the last call
+
+2007-10-20 19:25  arthur
+
+	* [r448] nslcd/passwd.c, nslcd/protocol.c: call mysnprintf()
+	  instead of snprintf() where needed (bugfix)
+
+2007-10-19 22:04  arthur
+
+	* [r444] nslcd/ldap-nss.c: make a replacement for
+	  _nss_ldap_getbyname() which uses the myldap calls internally
+
+2007-10-19 10:35  arthur
+
+	* [r443] nslcd/Makefile.am, nslcd/ldap-nss.c, nslcd/ldap-nss.h,
+	  nslcd/myldap.h, tests, tests/Makefile.am,
+	  tests/nss-ldapd-test.conf, tests/test_myldap.c: integrate basic
+	  myldap interface (partially merged from dev-myldap branch)
+
+2007-10-19 09:39  arthur
+
+	* [r442] tests/Makefile.am: include debugging information in object
+	  files
+
+2007-10-19 09:36  arthur
+
+	* [r441] tests/Makefile.am: move most C[PP]FLAGS options to
+	  AM_C[PP]FLAGS and clean up a little
+
+2007-10-19 09:30  arthur
+
+	* [r440] common/tio.c: fix usage of DEBUG_TIO_STATS
+
+2007-10-14 07:59  arthur
+
+	* [r438] AUTHORS: add translator to Japanese of templates
+
+2007-10-14 07:57  arthur
+
+	* [r437] debian/po/ja.po: update Japanese (ja) translation of
+	  debconf templates by Kenshi Muto <kmuto@debian.org>
+
+2007-10-08 20:11  arthur
+
+	* [r436] debian/copyright, debian/po/fr.po: update French (fr)
+	  translation of debconf templates by Cyril Brulebois
+	  <cyril.brulebois@enst-bretagne.fr>
+
+2007-10-05 20:52  arthur
+
+	* [r434] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
+	  man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for
+	  0.4 release
+
 2007-10-04 19:52  arthur
 
 	* [r433] .: ignore tarballs
diff --git a/NEWS b/NEWS
index 6408516..010bd07 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,32 @@
+changes from 0.4.1 to 0.5
+-------------------------
+
+* major structural changes in the LDAP lookup code using a newly implemented
+  module that does memory management, session handling, paging and all other
+  painful things with a simple interface
+* rewritten LDAP query and result handling code, now generating warnings
+  about incorrect entries in the LDAP directory
+* IPv6 addresses in host lookups are now supported
+* added Kerberos ccname support (with the krb5_ccname option) thanks to
+  Andreas Schneider and Ralf Haferkamp from SuSE and remove --with-gssapi-dir,
+  --enable-configurable-krb5-ccname-gssapi and
+  --enable-configurable-krb5-ccname-env configure options and having automatic
+  detection instead
+* added support for DNS SRV record lookups by specifying DNS as uri thanks to
+  Ralf Haferkamp and Michael Calmer from SuSE
+* added support for DOMAIN as base DN which uses the host's domain to
+  construct a DN
+* removed nss_connect_policy, bind_policy and sizelimit options
+* cleaned up and documented reconnect logic with reconnect_tries,
+  reconnect_sleeptime and reconnect_maxsleeptime options
+* configuration values with spaces in them (e.g. distinguished names) are now
+  handled properly
+* fix a small memory leak in the I/O module
+* miscellaneous code improvements (better source code comments, more
+  consistent logging, portability improvements, more tests, etc)
+* improvements to documentation
+
+
 changes from 0.4 to 0.4.1
 -------------------------
 
@@ -21,8 +50,8 @@ changes from 0.3 to 0.4
 * added missing docbook sources for manual pages to tarball
 * major cleanups and simplifications in the core LDAP query code (we don't
   need to worry about SIGPIPE because nslcd does that globally, locking
-  because a connection is only used by one thread and simplifications the the
-  LDAP connection and query state)
+  because a connection is only used by one thread) and more simplifications in
+  the the LDAP connection and query state
 * get base, scope, filter and map configfile directives properly working
 * simplifications in LDAP reconnect logic (some work remains to be done in
   this area)
diff --git a/TODO b/TODO
index 793680b..9694f65 100644
--- a/TODO
+++ b/TODO
@@ -1,20 +1,19 @@
 probably before we can call this stable
 ---------------------------------------
 * implement _nss_ldap_initgroups_dyn()
-* clean up and refactor ldap server code
 * fix usage of strerror() as it is not thread safe
 * error out quickly when the LDAP server is down
 * fix race condition when setting signal mask in common/tio.c
+  (using pthread_sigmask() adds a dependency on the pthread library,
+  maybe we should switch back to stdio)
 * find problem with reachability of LDAP server
-* get root/nonroot connections working properly
-* fix a problem with spaces in DNs in configfile (base and binddn keywors)
+* get root/nonroot connections working
 
 other items
 -----------
 * set up (test) connection to LDAP server before creating socket
 * Debian packaging: maybe remove stuff from /etc/nsswitch.conf on remove or
   purge (maybe prompt?)
-* support IPv6 in name (host address) lookups
 * probably document that you should use libpam-ldap for authentication without
   exposing the passwords through NSS
 * make a test suite (instructions for setting up environment (server), LDIF
@@ -25,6 +24,8 @@ other items
 * maybe support netmasks (check README also)
 * reserve some threads in the server for root users (probably set up
   connection pools) (we currently have a connection per thread)
+* maybe implement a connection object in the myldap module that is shared
+  by different sessions (sessions need to be cleaned up)
 * add sanity checking code (e.g. not too large buffer allocation and checking
   that host, user, etc do not contain funky characters) in all server modules
 * implement running under a different uid/gid (maybe chroot jail)
@@ -36,16 +37,23 @@ other items
 * reconfigure or upgrade of Debian package should restart nslcd instead of
   stop and later on start
 * tune the filter and parameter buffer sizes
-* in mkfilter_*() functions: add some check to see if the filter fits and log
-  an error (also see to it that the caller exists (e.g. declare return value
-  as must use))
 * maybe document how to set up automounting in LDAP (Linux and Solaris)
 * make sure to translate timelimit 0 into timelimit -1 where needed
 * split out idle checking into separate function so we may be able to call it
   periodically from elsewhere (e.g. the main loop)
 * add an option to create an extra socket somewhere (so it may be used with
   chroot jails)
-* make number of thread configurable in config
-* make I/O timeout between NSS lib and daemon configurable at configure
-* document the timout mechanism between client and server and document some
-  cases where this may cause problems
+* make number of threads/connections configurable in config
+* make I/O timeout between NSS lib and daemon configurable with configure
+* ethers: also look in ipHostNumber attribute to look up an IPv4 (IPv6)
+  address and return it as an alternative entry
+* protocols/rpc: the description attribute should be used as an alias?
+* do more checks with failing LDAP connections (e.g. killing connections)
+* maybe make myldap code thread-safe (use locking)
+* review changes in nss_ldap and merge any useful changes
+* maybe rate-limit LDAP entry warnings
+* consider returning the canonical value as it is stored in LDAP, not
+  the requested value (they can differ in case)
+* test non-ASCII characters in fields (mostly cn)
+* implement attribute defaults (for when they're missing from the directory)
+* implement attribute overrides (to always return a specific value, not matter what the directory says)
diff --git a/configure.ac b/configure.ac
index 8437222..5813e6a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,8 +32,8 @@ version 2.1 of the License, or (at your option) any later version. See the
 configure.ac file for more details.])
 
 # initialize and set version and bugreport address
-AC_INIT([nss-ldapd],[0.4.1],[arthur@ch.tudelft.nl])
-RELEASE_MONTH="Oct 2007"
+AC_INIT([nss-ldapd],[0.5],[arthur@ch.tudelft.nl])
+RELEASE_MONTH="Dec 2007"
 AC_SUBST(RELEASE_MONTH)
 AC_CONFIG_SRCDIR([nslcd.h])
 
diff --git a/debian/changelog b/debian/changelog
index a266e6b..1bed60e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,32 @@
+nss-ldapd (0.5) unstable; urgency=low
+
+  * major structural changes in the LDAP lookup code using a newly implemented
+    module that does memory management, session handling, paging and all other
+    painful things with a simple interface
+  * rewritten LDAP query and result handling code, now generating warnings
+    about incorrect entries in the LDAP directory
+  * IPv6 addresses in host lookups are now supported
+  * added Kerberos ccname support (with the krb5_ccname option) thanks to
+    Andreas Schneider and Ralf Haferkamp from SuSE and remove
+    --with-gssapi-dir, --enable-configurable-krb5-ccname-gssapi and
+    --enable-configurable-krb5-ccname-env configure options and having
+    automatic detection instead
+  * added support for DNS SRV record lookups by specifying DNS as uri thanks
+    to Ralf Haferkamp and Michael Calmer from SuSE
+  * added support for DOMAIN as base DN which uses the host's domain to
+    construct a DN
+  * removed nss_connect_policy, bind_policy and sizelimit options
+  * cleaned up and documented reconnect logic with reconnect_tries,
+    reconnect_sleeptime and reconnect_maxsleeptime options
+  * configuration values with spaces in them (e.g. distinguished names) are
+    now handled properly
+  * fix a small memory leak in the I/O module
+  * miscellaneous code improvements (better source code comments, more
+    consistent logging, portability improvements, more tests, etc)
+  * improvements to documentation
+
+ -- Arthur de Jong <adejong@debian.org>  Wed, 27 Dec 2007 11:00:00 +0100
+
 nss-ldapd (0.4.1) unstable; urgency=low
 
   * updated French debconf translation by Cyril Brulebois (closes: #433248)
@@ -21,8 +50,8 @@ nss-ldapd (0.4) unstable; urgency=low
   * added missing docbook sources for manual pages to tarball (closes: #442688)
   * major cleanups and simplifications in the core LDAP query code (we don't
     need to worry about SIGPIPE because nslcd does that globally, locking
-    because a connection is only used by one thread  and simplifications the
-    the LDAP connection and query state)
+    because a connection is only used by one thread) and more simplifications
+    in the the LDAP connection and query state
   * get base, scope, filter and map configfile directives properly working
   * simplifications in LDAP reconnect logic (some work remains to be done in
     this area)
diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml
index 3bc7892..587a34c 100644
--- a/man/nslcd.8.xml
+++ b/man/nslcd.8.xml
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.4.1</refmiscinfo>
+  <refmiscinfo class="version">Version 0.5</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Oct 2007</refmiscinfo>
+  <refmiscinfo class="date">Dec 2007</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
@@ -82,9 +82,9 @@
     </term>
     <listitem>
      <para>
-      Enable debugging mode. 
+      Enable debugging mode.
       <command>nslcd</command> will not put itself in the background and sends
-      verbose debugging info to stderr. 
+      verbose debugging info to stderr.
       <command>nslcd</command> will handle connections as usual.
       This option is for debugging purposes only.
      </para>
diff --git a/man/nss-ldapd.conf.5.xml b/man/nss-ldapd.conf.5.xml
index 3fe1ee9..593b283 100644
--- a/man/nss-ldapd.conf.5.xml
+++ b/man/nss-ldapd.conf.5.xml
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nss-ldapd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.4.1</refmiscinfo>
+  <refmiscinfo class="version">Version 0.5</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Oct 2007</refmiscinfo>
+  <refmiscinfo class="date">Dec 2007</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
@@ -56,11 +56,11 @@
    <acronym>NIS</acronym>.)
   </para>
   <para>
-    The file <filename>nss-ldapd.conf</filename> contains the 
-    configuration information for running <command>nslcd</command> (see 
+    The file <filename>nss-ldapd.conf</filename> contains the
+    configuration information for running <command>nslcd</command> (see
     <citerefentry><refentrytitle>nslcd</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
-    The file contains options, one on each line, defining the way 
-    <acronym>NSS</acronym> lookups are mapped onto 
+    The file contains options, one on each line, defining the way
+    <acronym>NSS</acronym> lookups are mapped onto
     <acronym>LDAP</acronym> lookups.
   </para>
  </refsect1>
@@ -563,8 +563,8 @@
      <term><option>pagesize</option> <emphasis remap="I">NUMBER</emphasis></term>
      <listitem>
       <para>
-       Set this to a number greater than 0 to request paged results from 
-       the <acronym>LDAP</acronym> server in accordance with RFC2696. 
+       Set this to a number greater than 0 to request paged results from
+       the <acronym>LDAP</acronym> server in accordance with RFC2696.
        The default (0) is to not request paged results.
       </para>
      </listitem>
@@ -586,8 +586,8 @@
     <term>alias<optional>es</optional></term>
     <listitem><para>
      Mail aliases.
-     Note that most mail servers do not use the <acronym>NSS</acronym> 
-     interface for requesting mail aliases and parse 
+     Note that most mail servers do not use the <acronym>NSS</acronym>
+     interface for requesting mail aliases and parse
      <filename>/etc/aliases</filename> on their own.
     </para></listitem>
    </varlistentry>
@@ -667,9 +667,9 @@
  <refsect1 id="known_bugs">
   <title>Known Bugs</title>
   <para>
-   This manual page may be outdated and inaccurate and will be improved 
+   This manual page may be outdated and inaccurate and will be improved
    in upcoming releases.
-   The features of <emphasis>nss-ldapd</emphasis> are still under 
+   The features of <emphasis>nss-ldapd</emphasis> are still under
    development so these options may change in a future release.
   </para>
  </refsect1>
author	Arthur de Jong <arthur@arthurdejong.org>	2007-12-27 11:42:01 +0100
committer	Arthur de Jong <arthur@arthurdejong.org>	2007-12-27 11:42:01 +0100
commit	37a678151640f150e4d654fc1a9fdcc553810413 (patch)
tree	cbde404982d42957a7a5751f8abd29130db9da1d
parent	1998c5cfbdab8131dc84ec9f99ae27663afa3089 (diff)