2007-12-27 release 0.5 of nss-ldapd
This release brings a number of major structural internal changes.
The code is now in a state that features may be re-added.
This release is well-tested and should be stable, although it introduces
a lot of changed code so there may be issues that are overlooked
(see the README and TODO files for missing and unsupported features).
changes since 0.4.1:
major structural changes in the LDAP lookup code using a newly implemented
module that does memory management, session handling, paging and all other
painful things with a simple interface
rewritten LDAP query and result handling code, now generating warnings
about incorrect entries in the LDAP directory
IPv6 addresses in host lookups are now supported
added Kerberos ccname support (with the krb5_ccname option) thanks to
Andreas Schneider and Ralf Haferkamp from SuSE and remove --with-gssapi-dir,
--enable-configurable-krb5-ccname-gssapi and
--enable-configurable-krb5-ccname-env configure options and having automatic
detection instead
added support for DNS SRV record lookups by specifying DNS as uri thanks to
Ralf Haferkamp and Michael Calmer from SuSE
added support for DOMAIN as base DN which uses the host's domain to
construct a DN
removed nss_connect_policy, bind_policy and sizelimit options
cleaned up and documented reconnect logic with reconnect_tries,
reconnect_sleeptime and reconnect_maxsleeptime options
configuration values with spaces in them (e.g. distinguished names) are now
handled properly
fix a small memory leak in the I/O module
miscellaneous code improvements (better source code comments, more
consistent logging, portability improvements, more tests, etc)
2007-11-20 about race condition in nss_ldap
A race condition
(CVE-2007-5794)
in nss_ldap was found that, under certain circumstances, could cause
NSS functions to return incorrect data which may in turn have security
implications.
nss-ldapd is not affected by this problem.
Although nss-ldapd shares quite a bit of code with nss_ldap
no persistent connections exist within the NSS module because the connection
to the LDAP server is only persistent in the local nslcd daemon.
2007-10-26 release 0.4.1 of nss-ldapd
This release fixes some bugs in the 0.4 release. This release does not
introduce major code changes.
changes since 0.4:
added French debconf translation by Cyril Brulebois
added Japanese debconf translation by Kenshi Muto
fix a problem with network name lookups where the lookup would result
in the wrong call to nslcd
fix wrong default filter for rpc lookups
fix a number of memory leaks (thanks valgrind)
(all memory leaks during normal operation should be fixed now)
2007-10-05 release 0.4 of nss-ldapd
This is another release of nss-ldapd with some major changes.
This release has undergone code cleanup mostly in the LDAP query
and connection parts.
Development on nss-ldapd is still ongoing and may see several
major changes before a first stable release. This release removes around
25% of the code (relative to 0.3) and some quick tests show that NSS
lookups are much faster than with nss_ldap (a simple shell script that
spawned getent queries was 4 times as fast). It should be noted that
small lookups are especially faster, probably due to removed complexity
in locking.
This release also removes some features that were present in the original
nss_ldap module. The focus is still on improving the codebase. If important
features are missing, these can be added later on upon request.
changes since 0.3:
remove nss_schema configfile option
temporary remove support for uniqueMember group membership attributes
(will be re-added in a later release)
removed support for nested groups, if this is really needed (please
ask or file a bug if you want it) it can be re-added later on
added missing docbook sources for manual pages to tarball
major cleanups and simplifications in the core LDAP query code (we
don't need to worry about SIGPIPE because nslcd does that globally,
locking because a connection is only used by one thread) and
more simplifications the the LDAP connection and query state
get base, scope, filter and map configfile directives properly
working
simplifications in LDAP reconnect logic (some work remains to be
done in this area)
issue warnings or errors for untested or unsupported configuration
options
properly handle multiple URIs in Debian configuration
documentation improvements
Get this release from the downloads section.
Any bug reports or success stories are more than welcome.
2007-08-26 release 0.3 of nss-ldapd
This is another release of nss-ldapd with some major changes.
This release has undergone code cleanup mostly in the configuration
and attribute mapping parts. These changes should pave the way for
simplifications to the LDAP query core.
This release should be usable for most common environments, although
handling of unavailability of the LDAP server is still not very elegant.
Development on nss-ldapd is still ongoing and may see several
major changes before a first stable release.
This release also removes some features that were present in the original
nss_ldap module. The focus is still on improving the codebase. If important
features are missing, these can be added later on upon request.
changes since 0.2.1:
a bug in the communication buffer handling code was fixed
a bug in the dictionary code was fixed (code not yet in use)
a fix for the init script that used a wrong pidfile
configuration file handling code was rewritten to better
maintainable
some configuration file options have changed which means that
compatibility with the nss_ldap configuration file is lost
configuration syntax is now documented in the
nss-ldapd.conf(5) manual page
support for dnsconfig was removed
the configuration file no longer supports using multiple search
bases
removed nss_initgroups and
nss_initgroups_ignoreusers options
removed --enable-paged-results configure option and use
pagesize configuration file option to specify usage of paging at
runtime
Debian package configuration improvements and simplifications
use docbook2x-man for generating manual pages
miscellaneous documentation improvements including improved manual
pages
general code reorganisation and clean-ups to achieve another 9%
code reduction relative to 0.2.1 release (more than 40% relative to
nss_ldap)
SASL, Kerberos and SSL/TLS support remain untested
Get this release from the downloads section.
Any bug reports or success stories are more than welcome.
2007-06-17 release 0.2.1 of nss-ldapd
This is a quick update to the earlier 0.2 release that of nss-ldapd.
This release fixes a number of build and runtime problems
and does not include any new features or new code.
changes since 0.2:
fix permissions of server socket (this fixes a problem where non-root users
were unable to do lookups)
fix configure script to properly check for pthread support
2007-06-11 release 0.2 of nss-ldapd
This is the second public release of nss-ldapd.
It is developed as a drop-in replacement for
nss_ldap.
This release has undergone several improvements and should be
usable (it is in use in several smaller production environments
without any problems).
Development on nss-ldapd is however still ongoing
and may see several major changes before a first stable release.
changes since 0.1:
fixes in the netgroup lookup code
more simplifications and improvements in the code almost 5% code
reduction (compared to release 0.1) and 37% reduction in gcc warnings
(from 443 in 251 to 389 in 0.1 and 244 in 0.2)
a lot of code improvements thanks to flawfinder, more gcc warnings,
splint and rats
license change from GNU Library General Public License to GNU Lesser
General Public License (with the permission of Luke Howard)
fix logging code to be cleaner and always use our own logging
module
a start has been made to make the code more testable and initial work
to set up a testing framework has been done
implemented a time out mechanism in the communication between the NSS
part and the nslcd server part
Get this release from the downloads section.
Work is under way in a separate development branch to completely rewrite
the LDAP interface code.