Arthur de Jong

Open Source / Free Software developer

Release 0.9.3 of nss-pam-ldapd


This is an update for the 0.9 development branch of nss-pam-ldapd that includes a number of improvements. This branch will see more development and features added, although it does seem to stabilise somewhat.

However, this isn't the most stable version and should be used with care. The 0.8 branch will remain to be supported with bug and security fixes for some time.

A summary of the changes since 0.9.2:

  • make the dn2uid cache lifetime configurable with the cache configuration option
  • have the nslcd process only exit after the service is completely available to avoid race conditions in the init script
  • the nslcd daemon now properly daemonises (double fork)
  • support mapping the member attribute to an empty string to disable the functionality to do extra lookups for member DN to member uid translations
  • implement deref control handling to request the LDAP server to dereference group member attribute values to uid values
  • support getting built-in groups from Active Directory (thanks Davy Defaud)
  • fix for pwdLastSet attribute value handling (thanks Joshua Shire)
  • fix a possible crash in the NSS module when retrieving large networks entries (thanks Lukas Slebodnik)
  • correct NSS h_errnop return value to indicate buffer too small (thanks Nalin Dahyabhai)
  • fix a bug with shadow values on 64-bit architectures (only present in 0.9 series)
  • automatically detect DragonFly as using the FreeBSD NSS interface (thanks Francois Tigeot)
  • add a build-time test to see if krb5 is thread-safe
  • various minor bug fixes

Get this release from the downloads section.

Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have.