nss-pam-ldapd

This is an update for the 0.9 development branch of nss-pam-ldapd that includes the collected smaller improvements and bugfixes over the last two years. This release should be considered stable. The pynslcd implementation still is not considered as ... [More] stable as nslcd. A summary of the changes since 0.9.11: * allow explicitly configuring an empty search base (for LDAP servers that support that) * support LDAP attributes with minus characters in attribute mapping expressions * add tls_reqsan, tls_crlfile and tls_crlcheck options (thanks Sebastien Blavier) * support generating ldaps:// URIs from DNS SRV records for port 389 by using DNSLDAPS in the uri option * prefer the first URI listed in nslcd.conf after reconnecting after idle_timelimit * fix handling of pam_authc_ppolicy no * fix debug logging of ldap timeout values * documentation improvements (thanks Filip Dvorak and Benedict Reuschling) * add pam_authc_ppolicy support to pynslcd * fix Python 3 compatibility in chsh.ldap * fix for running pynslcd without the uid option * partial support for running tests with slapd 2.5 (thanks Ryan Tandy) * miscellaneous test suite improvements * test suite fixes for Solaris This will be the last release that will be tested on Solaris as it is increasingly difficult to do so. Existing support for building on Solaris will be retained for now. More information can be found at:   https://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

This is an update for the 0.9 development branch of nss-pam-ldapd that includes a few minor improvements and bugfixes. This release should be considered stable. The pynslcd implementation still is not considered as stable as nslcd. A summary of the ... [More] changes since 0.9.10: * add support for Python 3 in pynslcd and utilities * fix crash in chsh.ldap (thanks Mizunashi Mana) * test suite improvements More information can be found at: https://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

Because the latest 0.8 release is now well over 5 years stable and the 0.9 series is stable for about 3 years, from this point forward the 0.7 series of nss-pam-ldapd will no longer be supported. The 0.8 series will remain supported for some time ... [More] with security fixes and major bug fixes as needed. The 0.9 series will also receive other bug fixes and enhancements. Users are encouraged to upgrade to the latest 0.9 release because stability is at least comparable to 0.8 and a lot more useful features were added such as tunable logging, nested groups, password policy support, invalidating caches and more powerful attribute mapping expressions. More information can be found at: https://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

This is an update for the 0.9 development branch of nss-pam-ldapd that includes a few minor improvements and bugfixes. This release should be considered stable. The pynslcd implementation still is not considered as stable as nslcd. A summary of the ... [More] changes since 0.9.9: * add FreeBSD netgroup support (thanks HWLin and Mango Yen) * make password expiry messages correct and consistent (thanks Têko Mihinto) * add domain variable for use in pam_authz_search * allow logging longer lines * create nslcd socket after dropping privileges to avoid slow start-ups More information can be found at: https://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

This is an update for the 0.9 development branch of nss-pam-ldapd that includes a few minor improvements and bugfixes. This release should be considered stable. The pynslcd implementation still is not considered as stable as nslcd. A summary of the ... [More] changes since 0.9.8: * support spaces in attribute mapping expressions * allow parsing longer lines in the configuration file * allow for longer host names More information can be found at: https://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

This is an update for the 0.9 development branch of nss-pam-ldapd that includes a few improvements and bugfixes. This release should be considered stable. The pynslcd implementation still is not considered as stable as nslcd. A summary of the ... [More] changes since 0.9.7: * add a pam_authc_search option that can be used to configure the search operation that is performed after authentication * add nss_uid_offset and nss_gid_offset options that can be used to   change returned numeric user and group ids from LDAP (thanks Seth Wright) * do not retry failed user password on second LDAP server * fix a crash in the PAM module on FreeBSD when showing password expiration messages * the validnames option now also applies to shadow lookups * support ethernet addresses in LDAP in compact and long formats * improvements to getent.ldap command (a few minor bug fixes and preparations for Python 3 support) * log entries and lookups failing nss_min_uid at debug level * improvements to the test suite (including tests for getent.ldap) More information can be found at:   https://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

This is an update for the 0.9 development branch of nss-pam-ldapd that includes a few improvements and bugfixes. This release should be considered stable. The pynslcd implementation still is not considered as stable as nslcd. A summary of the ... [More] changes since 0.9.6: * check existence of TLS certificate and key files on start-up * fix password policy expiration handling when password was about to   expire (thanks Mathieu Baeumler for tracking this down) * fix updating of shadowLastChange attribute when chasing referrals   (thanks Vasilis Tsiligiannis) * add an pam_authc_ppolicy option to allows completely disabling   ppolicy handling (thanks Mathieu Baeumler) * fix handling of nss_disable_enumeration (thanks Andrew W Elble for   pointing this out) * display human readable password expiry messages (thanks Mathieu   Baeumler) * fix error when changing PAM user name (thanks 依云) * support substring expressions ${var:offset:length} in attribute   mapping (thanks Giovanni Mascellani) * also honor the ignorecase option in PAM More information can be found at:   http://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

This is an update for the 0.9 development branch of nss-pam-ldapd that includes a few improvements and bugfixes. This release should be considered stable. The pynslcd implementation still is not considered as stable as nslcd. A summary of the ... [More] changes since 0.9.6: * check existence of TLS certificate and key files on start-up * fix password policy expiration handling when password was about to   expire (thanks Mathieu Baeumler for tracking this down) * fix updating of shadowLastChange attribute when chasing referrals   (thanks Vasilis Tsiligiannis) * add an pam_authc_ppolicy option to allows completely disabling   ppolicy handling (thanks Mathieu Baeumler) * fix handling of nss_disable_enumeration (thanks Andrew W Elble for   pointing this out) * display human readable password expiry messages (thanks Mathieu   Baeumler) * fix error when changing PAM user name (thanks 依云) * support substring expressions ${var:offset:length} in attribute   mapping (thanks Giovanni Mascellani) * also honor the ignorecase option in PAM More information can be found at:   http://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

This is an update for the 0.9 development branch of nss-pam-ldapd that includes a few improvements. The branch has stabilised a bit and the current release should be reasonably stable. The pynslcd implementation still is not considered as stable as ... [More] nslcd. A summary of the changes since 0.9.5: * fix a race condition in signal handling during start-up that would cause nslcd to exit if a signal (such as SIGUSR1 that can be sent when network status changes) is received * fix signed integer overflow on 32bit systems when using objectSid (thanks Geoffrey McRae) * allow longer configuration values (thanks Jed Liu) * add an nss_getgrent_skipmembers option to disable retrieving group members to improve performance in specific environments * add an nss_disable_enumeration option to disable full listing of all users and groups to improve performance in specific environments (thanks Andrew Elble) * implement an innetgr function in the Solaris NSS module More information can be found at: http://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]

This is an update for the 0.9 development branch of nss-pam-ldapd that includes a few improvements. The branch has stabilised a bit and the current release should be reasonably stable. The pynslcd implementation still is not considered as stable as ... [More] nslcd. A summary of the changes since 0.9.5: * fix a race condition in signal handling during start-up that would cause nslcd to exit if a signal (such as SIGUSR1 that can be sent when network status changes) is received * fix signed integer overflow on 32bit systems when using objectSid (thanks Geoffrey McRae) * allow longer configuration values (thanks Jed Liu) * add an nss_getgrent_skipmembers option to disable retrieving group members to improve performance in specific environments * add an nss_disable_enumeration option to disable full listing of all users and groups to improve performance in specific environments (thanks Andrew Elble) * implement an innetgr function in the Solaris NSS module More information can be found at: http://arthurdejong.org/nss-pam-ldapd/ Ideas, comments and patches for functionality are more than welcome. Please drop a note on the nss-pam-ldapd-users mailing list with any ideas or patches you may have. [Less]