| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This tries to make it a little clearer how expressions in the map
statement may be used.
|
|
|
|
|
| |
This also updates the autogen.sh script to just use the latest version
of automake (tested with automake 1.16).
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
musl libc doesn't define ```NETDB_INTERNAL```. Add that definition when it's missing.
Thanks Cristian Othón Martínez Vera.
Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/60
|
| |
|
|
|
|
|
| |
Some options do not appear to be present in Pylint 2.16.2 but this used
to work in version 1.9.4 (this config works with both versions).
|
|
|
|
| |
Fixes da63099
|
|
|
|
|
|
| |
One some systems _SC_OPEN_MAX can be *very* large.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/53
|
|
|
|
|
| |
This could leave file descriptor 3 open from the parent process starting
nslcd.
|
|
|
|
|
|
|
| |
This allows passwords to contain up to 255 characters even though they
are most likely don't add any meaningful password security.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/52
|
|
|
|
|
|
|
|
|
|
| |
Change the configuration of the password policy in the test suite to not
set pwdMustChange to TRUE. Between OpenLDAP 2.4 and 2.5 the behaviour of
the LDAP server was changed to force a password change whenever the
administrator changed a user's password. This change ensures that the
old behaviour is maintained.
See https://bugs.openldap.org/show_bug.cgi?id=7084
|
|
|
|
|
| |
Apparently newer versions of pylint parse the evaluation option
differently.
|
|
|
|
| |
https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/
|
| |
|
|
|
|
|
|
| |
This supports both `uri DNSLDAPS` and `uri DNSLDAPS:some.domain`
variants alongside the pre-existing `uri DNS` that was already supported
generating ldaps URIs for all SRV records found.
|
| |
|
| |
|
|
|
|
|
| |
This makes it more complicated to run the tests on an environment where
a local user arthur exists.
|
|
|
|
| |
Fixes 65695aa
|
|
|
|
|
| |
- Change database backend to LMDB
- Load external ppolicy schema conditionally
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows putting `base ""` in nslcd.conf to specify an empty search
base.
Note that the LDAP server needs to support this. With slapd this
requires setting up an olcDefaultSearchBase attribute in the
olcFrontendConfig object under cn=config or have the database have an
empty suffix.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/50
|
|
|
|
|
| |
This requires the attribute name is contained within a ${var-name}
expression.
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures that a connection to the first URI listed in the config
file will be re-established once the connection is closed cleanly after
the idle time.
This ensures that the listed URIs are handled more in a primary/fallback
manner if an idle time is configured.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/46
|
|
|
|
|
| |
This includes a few tweaks to the test scripts to make debugging easier
and to avoid issues on Github action runners.
|
|
|
|
| |
This option is passed to the LDAP library if it is supported.
|
|
|
|
| |
This option is passed to the LDAP library if it is supported.
|
|
|
|
|
|
| |
This option is passed to the LDAP library if it is supported.
Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/41
|
|
|
|
|
|
| |
This ensures that if a Python interpreter was previously supplied to
configure it is also used for subsequent calls to run a distribution
check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check the result of the BIND operation instead of that of the
ldap_result() call when pam_authc_ppolicy is set to "no".
This could have resulted in successful authentication if the BIND
operation to the LDAP server timed out and pam_authc_ppolicy was set to
"no" but should not result in successful authentication otherwise so it
is unlikely that setting pam_authc_ppolicy to "no" ever worked as
intended. The timeout also would have to occur on the BIND operation,
not on setting up the connection.
Fixes 31cd2cf
|
|
|
|
|
|
| |
Thanks Filip Dvorak
See https://bugzilla.redhat.com/show_bug.cgi?id=1825240
|
|
|
|
|
|
|
| |
Thanks Benedict Reuschling for pointing this out.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/39
Fixes b93838d
|
|
|
|
|
|
| |
This fixes logging of the LDAP_OPT_TIMEOUT, LDAP_OPT_NETWORK_TIMEOUT and
LDAP_X_OPT_CONNECT_TIMEOUT options to actually log the value of the
bind_timelimit option instead of the timelimit option.
|
|
|
|
| |
See https://bugs.debian.org/900253
|
| |
|
| |
|
|
|
|
| |
Fixes 644bc62
|
|
|
|
|
| |
Some test systems have more local users and some systems prefer IPv4
addresses over IPv6 addresses.
|
| |
|
|
|
|
|
| |
Apparently some environments provide certain Python executables which
are not working Python interpreters.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Ensure that the Python interpreter that is passed to configure ends up
in the shebang of the Python scripts.
This allows one to pass PYTHON=python3 to configure to install the
scripts using the Python 3 interpreter.
|
|
|
|
|
|
| |
This also adds a flake8 test that checks code style. Note that this test
is not run by default because it requires network access to create the
virtualenv with the test software.
|
|
|
|
|
|
|
|
|
| |
This ensures that both pynslcd and the command-line utilities work with
Python3 as interpreter and runs some tests with all installed Python
interpreters.
This drops support for Python 2.6 and extends 5a84be2 to perform more
testing with Python 3.
|
|
|
|
|
| |
This avoids logging the client PID when the underlying socker layer
cannot provide the relevant information.
|
|
|
|
|
|
| |
Specify result type of getusershell.
Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/31
|
| |
|