lp:ubuntu/maverick/nss-pam-ldapd

Created by James Westby on 2010-04-30 and last modified on 2010-05-27
Get this branch:
bzr branch lp:ubuntu/maverick/nss-pam-ldapd
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

7. By Arthur de Jong on 2010-05-27

* include libpam-heimdal in libnss-ldapd recommends list of PAM
  implementations (closes: #582407)
* fix a problem with empty attributes if expression-based attribute
  mapping is used (patch by Nalin Dahyabhai)
* make debug logging for pam_authz_search option a little more informative
* documentation improvements
* update pam-auth-update configuration to always perform LDAP autorisation
  for LDAP users

6. By Arthur de Jong on 2010-05-13

* fix a problem in the session handling of the PAM module if the minimum_uid
  option was used (Debian package default)
* refactor the PAM module code to be simpler and better maintainable
* perform logging from PAM module to syslog and support the debug option to
  log more information
* Switch to "3.0 (native)" format.

5. By Arthur de Jong on 2010-05-08

* fix a buffer overflow that should have no security consequences
* perform proper fail-over when authenticating in the PAM module
  (closes: #577593)
* add an nss_initgroups_ignoreusers option to ignore user name to group
  lookups for the specified users
* add an pam_authz_search option to perform a flexible authorisation check
  on login (e.g. to restrict which users can login to which hosts, etc)
* implement a minimum_uid option for the PAM module to ignore users that
  have a lower numeric user id and make 1000 the default value for Debian
  (closes: #579574)
* change the way retries are done to error out quicker if the LDAP server
  is down for some time (this should make the system more responsive when
  the LDAP server is unavailable) and rename the reconnect_maxsleeptime
  option to reconnect_retrytime to better describe the behaviour
* only log "connected to LDAP server" if the previous connection failed
  (closes: #483795)
* documentation improvements
* debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS
  and PAM configuration there

4. By Arthur de Jong on 2010-02-27

* allow password modification by root using the rootpwmoddn configuration
  file option (the user will be prompted for the password for rootpwmoddn
  instead of the user's password)
* the LDAP password modify EXOP is first tried without the old password and
  if that fails retried with the old password
* when determining the domain name (used for some value of the base and uri
  options) also try to use the hostname aliases to build the domain name
  (patch by Jan Schampera)
* perform locking on the pidfile on start-up to ensure that only one nslcd
  process is running and implement a --check option (patch by Jan Schampera)
* documentation improvements
* upgrade to standards-version 3.8.4 (no changes needed)
* start nslcd before apache for systems that use LDAP users to run virtual
  hosts (closes: #565971)

3. By Arthur de Jong on 2009-12-28

* some attributes may be mapped to a shell-like expression that expand
  attributes from LDAP entries; this allows attributes overrides, defaults
  and much more (as a result the passwd cn attribute mapping has been
  removed because the gecos mapping is now "${gecos:-$cn}" by default)
* update the NSS module to follow the change in Glibc where the addr
  parameter of getnetbyaddr_r() was changed from network-byte-order to
  host-byte-order
* properly escape searches for uniqueMember attributes for DN with a comma
  in an attribute value
* miscellaneous improvements to the configure script implementing better
  (and simpler) library detection
* some general refactoring and other miscellaneous improvements
* make configure check if we need to explicitly link to -llber
  (closes: #555779)
* libnss-ldapd: recommend libpam-krb5 as an alternative to libpam-ldapd for
  Kerberos environments
* updated Italian debconf translation by Vincenzo Campanella
  (closes: #556107)
* fix nslcd postrm to remove old config file (thanks piuparts)

2. By Arthur de Jong on 2009-10-20

* implement password changing by performing an LDAP password modify EXOP
  request (closes: #550836)
* fix return of authorisation check in PAM module (patch by Howard Chu)
* fix "Use StartTLS?" debconf question when no ssl option is defined in the
  config
* fix for problem when authenticating to LDAP entries without a uid
  attribute in the DN
* general code clean-up and portability improvements and include all
  needed header files (closes: #547206)
* provide more information with communication error messages
* updated German debconf translation by Erik Schanze (closes: #546244)
* updated Vietnamese debconf translation by Clytie Siddall (closes: #548037)

1. By Arthur de Jong on 2009-09-01

* rename software to nss-pam-ldapd to indicate that PAM module is now a
  standard part of the software
* split into the binary packages libnss-ldapd, libpam-ldapd and nslcd
  (libpam-ldapd packaging used a patch for libpam-ldap by Steve Langasek)
  (closes: #535505)
* the configuration file name has been changed to /etc/nslcd.conf (package
  upgrade should migrate the configuration)
* updated Galician debconf translation by Marce Villarino (closes: #537424)
* patch by Petter Reinholdtsen to fix init script to start before autofs
  (closes: #544093)
* the default values for bind_timelimit and reconnect_maxsleeptime were
  lowered from 30 to 10 seconds (closes: #532874)
* upgrade to standards-version 3.8.3 (no changes needed)
* password hashes are no longer returned to non-root users (based on a patch
  by Alexander V. Chernikov)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/nss-pam-ldapd
This branch contains Public information 
Everyone can see this information.