Arthur de Jong

Open Source / Free Software developer

Release 0.9.12 of nss-pam-ldapd

2021-11-20

This is an update for the 0.9 development branch of nss-pam-ldapd that includes the collected smaller improvements and bugfixes over the last two years. This release should be considered stable.

The pynslcd implementation still is not considered as stable as nslcd.

A summary of the changes since 0.9.11:

  • allow explicitly configuring an empty search base (for LDAP servers that support that)
  • support LDAP attributes with minus characters in attribute mapping expressions
  • add tls_reqsan, tls_crlfile and tls_crlcheck options (thanks Sebastien Blavier)
  • support generating ldaps:// URIs from DNS SRV records for port 389 by using DNSLDAPS in the uri option
  • prefer the first URI listed in nslcd.conf after reconnecting after idle_timelimit
  • fix handling of pam_authc_ppolicy no
  • fix debug logging of ldap timeout values
  • documentation improvements (thanks Filip Dvorak and Benedict Reuschling)
  • add pam_authc_ppolicy support to pynslcd
  • fix Python 3 compatibility in chsh.ldap
  • fix for running pynslcd without the uid option
  • partial support for running tests with slapd 2.5 (thanks Ryan Tandy)
  • miscellaneous test suite improvements
  • test suite fixes for Solaris

This will be the last release that will be tested on Solaris as it is increasingly difficult to do so. Existing support for building on Solaris will be retained for now.

Get this release from the downloads section.

Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have.