lp:ubuntu/quantal/nss-pam-ldapd

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/quantal/nss-pam-ldapd
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

24. By Arthur de Jong

* fix typo in comment (thanks Caleb Callaway)
* install a ldapns.ldif in nslcd doc directory (closes: #674591)
* ensure that time is set before starting k5start to ensure that Kerberos
  ticket is granted (closes: #659227)
* properly parse and write configuration options with an optional map
  parameter during debconf configuration (LP: #1029062)

23. By Arthur de Jong

* New upstream release:
  - documentation improvements
  - fix a problem that causes the PAM module to prompt for a new password
    even though the old one was wrong
  - log successful password change in nslcd

22. By Arthur de Jong

* new upstream release:
  - allow the pam_authz_search option to be specified multiple times
  - implement extra range checking of all numeric values
  - make documentation up-to-date
  - compatibility improvements

21. By Arthur de Jong

don't clear the tls_reqcert option when using ssl without the
start_tls option or an ldaps:// URL (closes: #672301)

20. By Arthur de Jong

switch PAM config back to additional because if shadow information is
provided pam_unix accepts the user and causes pam_ldap to be skipped

19. By Arthur de Jong

* new upstream release:
  - fix a problem in the handling of PAM requests in nslcd (closes: #670419)
  - install the ldapns.schema in nslcd docs (closes: #669680)
* use the configuration file contents to determine the authentication
  type, not the debconf database (closes: #670133)
* switch PAM account type to primary because it now does all the
  authorisation checks that pam_unix also does
* drop functionality to check whether shadow information is exposed
  in /etc/nsswitch.conf, it was no longer needed sine 0.8.4
* ensure that /var/run/nslcd is not removed during upgrades

18. By Arthur de Jong

* new upstream release:
  - log the first 10 search results in debug mode to make debugging
    easier (patch by Matthijs Kooijman)
  - provide more detailed logging information for LDAP errors, this
    should especially help for TLS related problems (based on a patch by
    Mel Flynn)
  - fix logging of invalid pam_authz_search value (LP: #951343)
  - when doing DNS queries for SRV records recognise default ldap and
    ldaps ports (closes: #661955)
  - make whether or not to do case-sensitive filtering configurable
    (patch by Matthew L. Dailey)
  - document the fact that each thread opens it's own connection (patch
    by Chris Hiestand)
  - some small portability improvements
  - try to prevent some of the Broken pipe messages in nslcd
  - increase buffer used for pam_authz_search as suggested by Chris J Arges
* update the X-Start-Before header in the init script to ensure that nslcd
  is started before the display managers
* update debhelper dependency and remove lintian override
* mark nslcd as multi-arch foreign to allow it to satisfy dependencies
  on any arch
* drop no-symbols-control-file lintian override which is no longer needed
* upgrade to standards-version 3.9.3 (no changes needed)

17. By Arthur de Jong

* new upstream release:
  - a number of code improvements by Jakub Hrozek
* switch to non-native packaging
  - add debian/watch file
  - update Vcs-Svn and Vcs-Browser control fields
* updated Norwegian Bokmål debconf translation by Bjørn Steensrud
  (closes: #654273)
* updated Simplified Chinese debconf translation by zym (closes: #654679)
* automatically comment out mapping of uniqueMember to member on upgrades
  because member is default now
* debian/copyright: copyright year updates

16. By Arthur de Jong

* support larger gecos values (closes: #640781)
* updated Swedish debconf translation by Martin Bagge (closes: #640623)
* consistently handle whitespace in configuration file during package
  configuration (thanks Nick) (closes: #641619)
* add a versioned dependency on libpam0g to ensure the PAM libraries are
  multiarch-aware
* in debconf, treat the "hard" value for tls_reqcert as if it was "demand"
  (closes: #642347)
* reduce loglevel of user not found messages to avoid spamming the logs
  with useless information (thanks Wakko Warner) (closes: #641820)
* other logging improvements
* keep nslcd running during package upgrades (closes: #644892)
* explicitly parse numbers as base 10 (thanks Jakub Hrozek)
* implement FreeBSD group membership NSS function (thanks Tom Judge)
* fix an issue where changes in /etc/nsswitch.conf were not correctly
  picked up and could lead to lookups being disabled on upgrade
  (closes: #645599)
* fix an issue with detecting the uid of the calling process and log
  denied shadow requests in debug mode
* fix a typo in the disconnect logic code (thanks Martin Poole)
* enable hardening options during build
* implement configuration file handling in pynslcd and other pynslcd
  improvements (pynslcd is not in a Debian package yet)
* update debian/copyright

15. By Arthur de Jong

* Upload to unstable
* switch to using the member attribute by default instead of
  uniqueMember (backwards incompatible change)
* only return "x" as a password hash when the object has the shadowAccount
  objectClass and nsswitch.conf is configured to do shadow lookups using
  LDAP (this avoids some problems with pam_unix)
* fix problem with partial attribute name matches in DN (thanks Timothy
  White)
* fix a problem with objectSid mappings with recent versions of OpenLDAP
  (patch by Wesley Mason)
* set the socket timeout in a connection callback to avoid timeout
  issues during the SSL handshake (patch by Stefan Völkel)
* check for unknown variables in pam_authz_search
* only check password expiration when authenticating, only check account
  expiration when doing authorisation
* make buffer sizes consistent and grow all buffers holding string
  representations of numbers to be able to hold 64-bit numbers
* update AX_PTHREAD from autoconf-archive
* support querying DNS SRV records from a different domain than the current
  one (based on a patch by James M. Leddy)
* fix a problem with uninitialised memory while parsing the tls_ciphers
  option (closes: #638872) (but doesn't work yet due to #640384)
* implement bounds checking of numeric values read from LDAP (patch by
  Jakub Hrozek)
* correctly support large uid and gid values from LDAP (patch by Jakub
  Hrozek)
* improvements to the configure script (patch by Jakub Hrozek)
* switch to dh for debian/rules and bump debhelper compatibility to 8
* build Debian packages with multiarch support
* ship shlibs (but still no symbol files) for libnss-ldapd since that was
  the easiest way to support multiarch
* fix output in init script when restarting nslcd (closes: #637132)
* correctly handle leading and trailing spaces in preseeded debconf uri
  option (patch by Andreas B. Mundt) (closes: #637863)
* support spaces around database names in /etc/nsswitch.conf while
  configuring package (closes: #640185)
* updated Russian debconf translation by Yuri Kozlov (closes: #637751)
* updated French debconf translation by Christian Perrier (closes: #637756)
* added Slovak debconf translation by Slavko (closes: #637759)
* updated Danish debconf translation by Joe Hansen (closes :#637763)
* updated Brazilian Portuguese debconf translation by Denis Doria
* updated Portuguese debconf translation by Américo Monteiro
* updated Japanese debconf translation by Kenshi Muto (closes: #638195)
* updated Czech debconf translation by Miroslav Kure (closes: #639026)
* updated German debconf translation by Chris Leick (closes: #639107)
* updated Spanish debconf translation by Francisco Javier Cuadrado
  (closes: #639236)
* updated Dutch debconf translation by Arthur de Jong with help from Paul
  Gevers and Jeroen Schot

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/raring/nss-pam-ldapd
This branch contains Public information 
Everyone can see this information.

Subscribers