Created by James Westby on 2012-04-26 and last modified on 2012-08-31
Get this branch:
bzr branch lp:ubuntu/quantal/nss-pam-ldapd
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

24. By Arthur de Jong on 2012-08-31

* fix typo in comment (thanks Caleb Callaway)
* install a ldapns.ldif in nslcd doc directory (closes: #674591)
* ensure that time is set before starting k5start to ensure that Kerberos
  ticket is granted (closes: #659227)
* properly parse and write configuration options with an optional map
  parameter during debconf configuration (LP: #1029062)

23. By Arthur de Jong on 2012-06-29

* New upstream release:
  - documentation improvements
  - fix a problem that causes the PAM module to prompt for a new password
    even though the old one was wrong
  - log successful password change in nslcd

22. By Arthur de Jong on 2012-05-20

* new upstream release:
  - allow the pam_authz_search option to be specified multiple times
  - implement extra range checking of all numeric values
  - make documentation up-to-date
  - compatibility improvements

21. By Arthur de Jong on 2012-05-17

don't clear the tls_reqcert option when using ssl without the
start_tls option or an ldaps:// URL (closes: #672301)

20. By Arthur de Jong on 2012-05-02

switch PAM config back to additional because if shadow information is
provided pam_unix accepts the user and causes pam_ldap to be skipped

19. By Arthur de Jong on 2012-04-27

* new upstream release:
  - fix a problem in the handling of PAM requests in nslcd (closes: #670419)
  - install the ldapns.schema in nslcd docs (closes: #669680)
* use the configuration file contents to determine the authentication
  type, not the debconf database (closes: #670133)
* switch PAM account type to primary because it now does all the
  authorisation checks that pam_unix also does
* drop functionality to check whether shadow information is exposed
  in /etc/nsswitch.conf, it was no longer needed sine 0.8.4
* ensure that /var/run/nslcd is not removed during upgrades

18. By Arthur de Jong on 2012-04-22

* new upstream release:
  - log the first 10 search results in debug mode to make debugging
    easier (patch by Matthijs Kooijman)
  - provide more detailed logging information for LDAP errors, this
    should especially help for TLS related problems (based on a patch by
    Mel Flynn)
  - fix logging of invalid pam_authz_search value (LP: #951343)
  - when doing DNS queries for SRV records recognise default ldap and
    ldaps ports (closes: #661955)
  - make whether or not to do case-sensitive filtering configurable
    (patch by Matthew L. Dailey)
  - document the fact that each thread opens it's own connection (patch
    by Chris Hiestand)
  - some small portability improvements
  - try to prevent some of the Broken pipe messages in nslcd
  - increase buffer used for pam_authz_search as suggested by Chris J Arges
* update the X-Start-Before header in the init script to ensure that nslcd
  is started before the display managers
* update debhelper dependency and remove lintian override
* mark nslcd as multi-arch foreign to allow it to satisfy dependencies
  on any arch
* drop no-symbols-control-file lintian override which is no longer needed
* upgrade to standards-version 3.9.3 (no changes needed)

17. By Arthur de Jong on 2012-01-29

* new upstream release:
  - a number of code improvements by Jakub Hrozek
* switch to non-native packaging
  - add debian/watch file
  - update Vcs-Svn and Vcs-Browser control fields
* updated Norwegian Bokmål debconf translation by Bjørn Steensrud
  (closes: #654273)
* updated Simplified Chinese debconf translation by zym (closes: #654679)
* automatically comment out mapping of uniqueMember to member on upgrades
  because member is default now
* debian/copyright: copyright year updates

16. By Arthur de Jong on 2011-12-31

* support larger gecos values (closes: #640781)
* updated Swedish debconf translation by Martin Bagge (closes: #640623)
* consistently handle whitespace in configuration file during package
  configuration (thanks Nick) (closes: #641619)
* add a versioned dependency on libpam0g to ensure the PAM libraries are
* in debconf, treat the "hard" value for tls_reqcert as if it was "demand"
  (closes: #642347)
* reduce loglevel of user not found messages to avoid spamming the logs
  with useless information (thanks Wakko Warner) (closes: #641820)
* other logging improvements
* keep nslcd running during package upgrades (closes: #644892)
* explicitly parse numbers as base 10 (thanks Jakub Hrozek)
* implement FreeBSD group membership NSS function (thanks Tom Judge)
* fix an issue where changes in /etc/nsswitch.conf were not correctly
  picked up and could lead to lookups being disabled on upgrade
  (closes: #645599)
* fix an issue with detecting the uid of the calling process and log
  denied shadow requests in debug mode
* fix a typo in the disconnect logic code (thanks Martin Poole)
* enable hardening options during build
* implement configuration file handling in pynslcd and other pynslcd
  improvements (pynslcd is not in a Debian package yet)
* update debian/copyright

15. By Arthur de Jong on 2011-09-04

* Upload to unstable
* switch to using the member attribute by default instead of
  uniqueMember (backwards incompatible change)
* only return "x" as a password hash when the object has the shadowAccount
  objectClass and nsswitch.conf is configured to do shadow lookups using
  LDAP (this avoids some problems with pam_unix)
* fix problem with partial attribute name matches in DN (thanks Timothy
* fix a problem with objectSid mappings with recent versions of OpenLDAP
  (patch by Wesley Mason)
* set the socket timeout in a connection callback to avoid timeout
  issues during the SSL handshake (patch by Stefan Völkel)
* check for unknown variables in pam_authz_search
* only check password expiration when authenticating, only check account
  expiration when doing authorisation
* make buffer sizes consistent and grow all buffers holding string
  representations of numbers to be able to hold 64-bit numbers
* update AX_PTHREAD from autoconf-archive
* support querying DNS SRV records from a different domain than the current
  one (based on a patch by James M. Leddy)
* fix a problem with uninitialised memory while parsing the tls_ciphers
  option (closes: #638872) (but doesn't work yet due to #640384)
* implement bounds checking of numeric values read from LDAP (patch by
  Jakub Hrozek)
* correctly support large uid and gid values from LDAP (patch by Jakub
* improvements to the configure script (patch by Jakub Hrozek)
* switch to dh for debian/rules and bump debhelper compatibility to 8
* build Debian packages with multiarch support
* ship shlibs (but still no symbol files) for libnss-ldapd since that was
  the easiest way to support multiarch
* fix output in init script when restarting nslcd (closes: #637132)
* correctly handle leading and trailing spaces in preseeded debconf uri
  option (patch by Andreas B. Mundt) (closes: #637863)
* support spaces around database names in /etc/nsswitch.conf while
  configuring package (closes: #640185)
* updated Russian debconf translation by Yuri Kozlov (closes: #637751)
* updated French debconf translation by Christian Perrier (closes: #637756)
* added Slovak debconf translation by Slavko (closes: #637759)
* updated Danish debconf translation by Joe Hansen (closes :#637763)
* updated Brazilian Portuguese debconf translation by Denis Doria
* updated Portuguese debconf translation by Américo Monteiro
* updated Japanese debconf translation by Kenshi Muto (closes: #638195)
* updated Czech debconf translation by Miroslav Kure (closes: #639026)
* updated German debconf translation by Chris Leick (closes: #639107)
* updated Spanish debconf translation by Francisco Javier Cuadrado
  (closes: #639236)
* updated Dutch debconf translation by Arthur de Jong with help from Paul
  Gevers and Jeroen Schot

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.