nss-pam-ldapd Changelog

New in version 0.9.2

December 10th, 2013
  • Increase password value buffer size (by Bersl)
  • Avoid more broken pipe errors by using a low timeout when aborting reading requested Information from nslcd (thanks John Sullivan)
  • Only log broken pipe errors in debugging mode
  • Fix buffer overflow on interrupted read that is hard to trigger (thanks John Sullivan)
  • Use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to avoid clock adjustments errors (thanks John Sullivan)
  • Extend test suite to test for CLOCK_MONOTONIC and timed IO timeout calculations
  • Increase the maximum number of base statements per map to 31
  • Use larger nslcd send buffers to reduce the number of write operations in nslcd and consequently the number of reads in the NSS and PAM modules (thanks John Sullivan)
  • Also run invalidators after first successful search
  • Various clean-ups, portability improvements and fixes for compiler warnings
  • Import configure checks of Python modules
  • Provide a script for setting up slapd in a test environment, automatically loaded with the required test data
  • Add script for evaluating test environment availability
  • Portability improvements in the test scripts and test environment

New in version 0.7.19 (December 9th, 2013)

  • Use the more portable EBADF instead of EBADFD (thanks Steven Chamberlain)
  • Fix buffer overflow on interrupted read that is hard to trigger (thanks John Sullivan)
  • Extra sanity check to ensure not too many file descriptors are open

New in version 0.7.18 (December 15th, 2012)

  • This update for the 0.7 series fixes two issues related to file descriptor handling.

New in version 0.8.12 (November 19th, 2012)

  • This version fixes a problem on FreeBSD, fixes a problem with the sasl_canonicalize option, and has improvements for Solaris.
  • A few other smaller improvements have been made.

New in version 0.8.11 (October 15th, 2012)

  • This version fixes a few bugs, introduces the pam_password_prohibit_message and sasl_canonicalize options, loads the nslcd user's supplementary groups, and runs correctly in processes that have a high number of file descriptors open.

New in version 0.8.10 (June 30th, 2012)

  • This version marks the 0.8 series as stable and includes a number of documentation improvements, a bugfix, and a few other smaller changes.

New in version 0.8.8 (April 28th, 2012)

  • This is a quick update to fix a regression in the handling of PAM requests in the 0.8.7 release.

New in version 0.8.7 (April 23rd, 2012)

  • log the first 10 search results in debug mode to make debugging easier (patch by Matthijs Kooijman)
  • provide more detailed logging information for LDAP errors, this should especially help for TLS related problems (based on a patch by Mel Flynn)
  • fix logging of invalid pam_authz_search value
  • when doing DNS queries for SRV records recognise default ldap and ldaps ports
  • make whether or not to do case-sensitive filtering configurable (patch by Matthew L. Dailey)
  • document the fact that each thread opens it's own connection (patch by Chris Hiestand)
  • some small portability improvements
  • try to prevent some of the Broken pipe messages in nslcd
  • increase buffer used for pam_authz_search as suggested by Chris J Arges
  • pynslcd now handles privileged requests correctly
  • pynslcd now supports attribute mapping using the lower() and upper() functions

New in version 0.8.6 (January 31st, 2012)

  • This version includes a number of code improvements and some work being done on pynslcd, the Python implementation of nslcd, including an initial offline cache implementation.