Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/natty/nss-pam-ldapd
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

14. By Arthur de Jong

* fix handling of idle_timelimit option
* fix error code for problem while doing password modification

13. By Arthur de Jong

set a short socket timeout when shutting down the connection to the LDAP
server to avoid disconnect problems when using TLS
(addresses part of #596983)

12. By Arthur de Jong

* updated Vietnamese debconf translation by Clytie Siddall (closes: #598500)
* grow the buffer for the PAM ruser to not reject logins for users with
  a ruser including a domain part (closes: #600065)

11. By Arthur de Jong

handle errors from ldap_result() better and disconnect (and reconnect)
in more cases (closes: #596983)

10. By Arthur de Jong

* fix for --with-nss-ldap-soname configure option by Julien Cristau
* fix double "be" in English template thanks to Christian Perrier
  (closes: #593646)
* updated Czech debconf translation by Miroslav Kure (closes: #593510)
* updated Simplified Chinese debconf translation by zym
* updated Italian debconf translation by Vincenzo Campanella
* updated Japanese debconf translation by Kenshi Muto (closes: #593692)
* updated Danish debconf translation by Joe Hansen (closes: #594205)
* updated French debconf translation by Christian Perrier (closes: #594311)
* updated German debconf translation by Chris Leick (closes: #594456)
* updated Catalan debconf translation by Agusti Grau
* updated Swedish debconf translation by Martin Ågren (closes: #594679)
* updated Spanish debconf translation by Francisco Javier Cuadrado
  (closes: #594723)

9. By Arthur de Jong

* minor portability improvements and clean-ups (thanks Alexander V.
  Chernikov and Ted C. Cheng)
* don't expand variables in rest of ${var:-rest} and ${var:+rest}
  expressions if it is not needed (closes: #592320)
* libpam-ldapd.postinst: offer to add ldap to shadow in nsswitch.conf if
  a potential broken configuration is found (closes: #592104)
  (thanks to Justin B Rye for the template review)
* merge the suggests of libnss-ldapd and libpam-ldapd into those of the
  nslcd package to have a single consistent list of PAM alternatives
  (closes: #591773)
* add libpam-sss as an alternative to libpam-ldapd (closes: #591773)
* upgrade to standards-version 3.9.1 (no changes needed)
* updated Portuguese debconf translation by Américo Monteir
  (closes: #593404)
* updated Russian debconf translation by Yuri Kozlov (closes: #593491)
* added Norwegian Bokmål debconf translation by Bjørn Steensrud
  (closes: #593501)

8. By Arthur de Jong

* don't use use_authtok for password modification by default
* fine-tune pam-auth-update configuration after discussion with Steve
  Langasek (see: #583492)
  Note that this currently requires that shadow information is also provided
  by LDAP (in /etc/nsswitch.conf).
* ensure that nslcd is started after hostname lookups are available so
  getting to the LDAP server via DNS will work (patch by Petter
  Reinholdtsen) (closes: #585968)
* start k5start from the init script to keep the Kerberos ticket active if
  nslcd is configured for SASL GSSAPI Kerberos authentication, based on a
  patch by Daniel Dehennin (closes: #585639)
* upgrade to standards-version 3.9.0 (switch to Breaks/Replaces instead of
* refactoring and simplification of PAM module which also improves logging
* implement a nullok PAM option and disable empty passwords by default
* portability improvements and other minor code improvements
* the mechanism to disable name lookups through LDAP from within the nslcd
  process has been improved
* the undocumented use_sasl option has been removed (specifying sasl_mech
  now implies use_sasl)
* the sasl_mech, sasl_realm, sasl_authcid, sasl_authzid and sasl_secprops
  configuration options are now documented

7. By Arthur de Jong

* include libpam-heimdal in libnss-ldapd recommends list of PAM
  implementations (closes: #582407)
* fix a problem with empty attributes if expression-based attribute
  mapping is used (patch by Nalin Dahyabhai)
* make debug logging for pam_authz_search option a little more informative
* documentation improvements
* update pam-auth-update configuration to always perform LDAP autorisation
  for LDAP users

6. By Arthur de Jong

* fix a problem in the session handling of the PAM module if the minimum_uid
  option was used (Debian package default)
* refactor the PAM module code to be simpler and better maintainable
* perform logging from PAM module to syslog and support the debug option to
  log more information
* Switch to "3.0 (native)" format.

5. By Arthur de Jong

* fix a buffer overflow that should have no security consequences
* perform proper fail-over when authenticating in the PAM module
  (closes: #577593)
* add an nss_initgroups_ignoreusers option to ignore user name to group
  lookups for the specified users
* add an pam_authz_search option to perform a flexible authorisation check
  on login (e.g. to restrict which users can login to which hosts, etc)
* implement a minimum_uid option for the PAM module to ignore users that
  have a lower numeric user id and make 1000 the default value for Debian
  (closes: #579574)
* change the way retries are done to error out quicker if the LDAP server
  is down for some time (this should make the system more responsive when
  the LDAP server is unavailable) and rename the reconnect_maxsleeptime
  option to reconnect_retrytime to better describe the behaviour
* only log "connected to LDAP server" if the previous connection failed
  (closes: #483795)
* documentation improvements
* debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS
  and PAM configuration there

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.