"Fossies" - the Fresh Open Source Software Archive

Member "nss_ldap-265/ChangeLog" (6 Nov 2009, 47412 Bytes) of package /linux/privat/old/nss_ldap-265.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 $Id: ChangeLog,v 2.415 2009/11/06 10:26:22 lukeh Exp $
    2 ===============================================================
    3 
    4 265	Luke Howard <lukeh@padl.com>
    5 
    6 	* fix for BUG#132: add versioning information to binary
    7 	* fix for BUG#403: add AM_MAINTAINER_MODE
    8 	* fix for BUG#388: bad LDAP query for ether lookups
    9 	* fix for BUG#391: clarify bind timelimit defaults
   10 	  in ldap.conf
   11 	* fix for BUG#392: call do_close() if ldap_result()
   12 	  or ldap_parse_result() fails (before returning
   13 	  NSS_UNAVAIL)
   14 	* fix for BUG#401: FreeBSD thread library check
   15 	* fix for BUG#409: deallocate context in
   16 	  _nss_ldap_ent_context_release() to avoid bad usage
   17 	* fix for BUG#410: don't leak file descriptors in
   18 	  _nss_ldap_readconfig
   19 
   20 264	Luke Howard <lukeh@padl.com>
   21 
   22 	* fix for BUG#378: MAP_H_ERRNO() should map NSS_TRYAGAIN
   23 	  to NETDB_INTERNAL not TRY_AGAIN
   24 	* fix for BUG#379: ldaps:// URIs only work if "ssl on"
   25 	  is set
   26 	* fix for BUG#248: nss_ldap exposes malformed entries
   27 	  to the system
   28 
   29 263	Luke Howard <lukeh@padl.com>
   30 
   31 	* fix for BUG#374: nss_ldap returns success from
   32 	  setnetgrent() when the requested netgroup doesn't
   33 	  exist
   34 	* fix for BUG#376: getXXent() only returns NULL once
   35 	  before implicitly calling setXXent(), whereas other
   36 	  backends continue to return NULL (Red Hat BUG#466794)
   37 
   38 262	Luke Howard <lukeh@padl.com>
   39 
   40 	* fix for BUG#370: nss_ldap fails to work on Solaris
   41 	  without that patch applied
   42 
   43 261	Luke Howard <lukeh@padl.com>
   44 
   45 	* fix for Debian BUG#486778: ldap.conf template is
   46 	  missing a comment in the first line
   47 
   48 260	Luke Howard <lukeh@padl.com>
   49 
   50 	* patch from Ralf Haferkamp <rhafer@suse.de>:
   51 	  only set errno for NSS_TRYAGAIN
   52 
   53 259	Luke Howard <lukeh@padl.com>
   54 
   55 	* fix for BUG#348: fix memory leak
   56 	* fix for BUG#349: nss_ldap crashes after START_TLS timeout
   57 	  (assertion failure in libldap)
   58 	* fix for BUG#350: assertion failure in ldap_result (called
   59 	  from do_result()) 
   60 	* fix for BUG#351: double ldap_msgfree()
   61 
   62 258	Luke Howard <lukeh@padl.com>
   63 
   64 	* fix for BUG#343: nss_srv_domain should take a domain
   65 	  not a record
   66 	* fix for BUG#339: replacement code for Kerbeors
   67 	  SASL operations
   68 	* fix for BUG#338: nss_ldap constructs LDAP URIs
   69 	  incorrectly
   70 	* fix for BUG#337: configure fails to detect resolver
   71 	  functions
   72 	* fix for BUG#332: --enable-schema-mapping incorrectly
   73 	  maps pw_change
   74 	* fix for BUG#293: add nss_getgrent_skipmembers
   75 	  parameter to ldap.conf, if enabled will not request
   76 	  member attributes for group lookups, greatly increasing
   77 	  performance for large groups
   78 	* fix for BUG#272: nss_ldap's install target doesn't
   79 	  always create the right solink for x86_64 glibc
   80 	* fix for BUG#284: an error occurs during bulding with
   81 	  cyrus-sasl2 when the compiler option 'as-needed' is used 
   82 
   83 257	Luke Howard <lukeh@padl.com>
   84 
   85 	* patch from Ralf Haferkamp <rhafer@suse.de>:
   86 	  block SIGPIPE in atfork handler
   87 
   88 256	Luke Howard <lukeh@padl.com>
   89 
   90 	* patch from Tomas Janousek <tjanouse@redhat.com>
   91 	  to check for pthread_once(); __pthread_once does
   92 	  not imply __pthread_atfork being non-NULL
   93 	* fix for BUG#315: memory corruption/crash in
   94 	  initgroups parsing
   95 
   96 255	Luke Howard <lukeh@padl.com>
   97 
   98 	* fix for BUG#303: SSL port behavior change since
   99 	  version 241
  100 	* fix for BUG#304: fd leak in do_close_no_unbind
  101 	* fix for BUG#313: assertion in do_init() when no
  102 	  host/uri is configured
  103 	* patch from Adrian Bridgett <adrian@smop.co.uk>
  104 	  for Debian BUG#375533: Assertion failure in
  105 	  libnss-ldap
  106 
  107 254	Luke Howard <lukeh@padl.com>
  108 
  109 	* fix for BUG#292: array bounds check in ldap-network.c
  110 	* fix for BUG#296: fix stack buffer optimization
  111 	* fix for BUG#297: gethostbyname2 queried with AF_INET6
  112 	  returns OK with IPv4 address
  113 	* fix for Novell BUG#215911: crasher parsing nested
  114 	  groups
  115 
  116 253	Luke Howard <lukeh@padl.com>
  117 
  118 	* fix crasher if an empty buffer is passed to
  119 	  initgroups (glibc NSS only)
  120 	* fix for BUG#283: netgroup assertion failure in
  121 	  Solaris mountd
  122 
  123 252	Luke Howard <lukeh@padl.com>
  124 
  125 	* doc/lookup_nssldap.c: rewrite for autofs-4.1.3
  126 
  127 251	Luke Howard <lukeh@padl.com>
  128 
  129 	* remove doc/rfc2307.txt, it is available from
  130 	  http://www.ietf.org/rfc/rfc2307.txt
  131 	* make objectClass a mappable attribute
  132 
  133 250	Luke Howard <lukeh@padl.com>
  134 
  135 	* don't use static _nss_ldap_no_members buffer,
  136 	  causes crash when nss_ldap is unloaded and memory
  137 	  is still referenced
  138 	* fix for BUG#249: tcsh closes file descriptors,
  139 	  confuses nss_ldap and hangs (from David Houlder)
  140 	* fix for BUG#257: initgroups() broken in RFC2307bis
  141 	  support disabled
  142 	* fix for BUG#261: sslpath example wrong
  143 	* fix for BUG#263: compile do_triple_permutations()
  144 	  when IRS enabled
  145 
  146 249	Luke Howard <lukeh@padl.com>
  147 
  148 	* fix for BUG#253: build broken on AIX
  149 	* fix for BUG#255: deadlock in initgroups
  150 
  151 248	Luke Howard <lukeh@padl.com>
  152 
  153 	* fix regression in per-objectclass attribute mapping
  154 	  introduced in nss_ldap-246
  155 
  156 247	Luke Howard <lukeh@padl.com>
  157 
  158 	* double-check *ld != NULL even if mapped eror return
  159 	  from ldap_initialize() returns NSS_SUCCESS
  160 
  161 246	Luke Howard <lukeh@padl.com>
  162 
  163 	* paged results and RFC2307bis support are now always
  164 	  compiled in; they are by default disabled unless
  165 	  you configured with --enable-paged-results and
  166 	  --enable-rfc2307bis, respectively. See nss_ldap(5)
  167 	  for configuration options.
  168 	* fix for BUG#219: paged results delivers wrong results
  169 	* fix for BUG#222: use asynchronous start TLS if
  170 	  available, using bind_timeout value
  171 	* fix for BUG#235: make DNS SRV lookup domain
  172 	  configurable (nss_srv_domain)
  173 	* fix for BUG#240: return "*" rather than "x" for
  174 	  userPassword if not present
  175 	* fix for BUG#245: paged results broken since nss_ldap-241
  176 	* patch from Ralf Haferkamp <rhafer@suse.de>:
  177 	  compile fix for IPv6
  178 	* compile for Solaris
  179 	* schema mapping is always enabled, cleanup schema
  180 	  mapping code
  181 	* allow for map-specific objectclass mapping
  182 	* partial implementation of Solaris Simplified LDAP
  183 	  API, allows automountd support on Solaris via nss_ldap
  184 	* for Linux automounter, always close connection after
  185 	  endautomntent() to avoid persistent connection
  186 	* add nss_connect_policy argument to ldap.conf
  187 
  188 245	Luke Howard <lukeh@padl.com>
  189 
  190 	* don't leak LDAP connection if do_bind() failed or
  191 	  descriptor owner had changed. If do_bind() failed the
  192 	  underlying descriptor would also be leaked, causing a
  193 	  large number of sockets to be consumed during failover
  194 	* add nss_initgroups_ignoreusers parameter to ldap.conf,
  195 	  returns NOTFOUND if nss_ldap's initgroups() is called
  196 	  for users (comma separated)
  197 	* try to deal with systems that have headers for both
  198 	  versions of the SASL library installed
  199 	* better logging of failed connections and reconnections
  200 	* patch from Dean Michaels <dean@interdynamix.com>:
  201 	  build with Netscape 5 library on Solaris
  202 	* patch from Ralf Haferkamp <rhafer@suse.de>:
  203 	  manual page fix to bind_policy
  204 
  205 244	Luke Howard <lukeh@padl.com>
  206 
  207 	* patch from Ralf Haferkamp <rhafer@suse.de>:
  208 	  enusre bytesleft macro does not return values < 0
  209 	* include <sys/param.h> in ldap-nss.c
  210 
  211 243	Luke Howard <lukeh@padl.com>
  212 
  213 	* fix for BUG#225: invalid pointer dereferencing when
  214 	  reading rootpw
  215 
  216 242	Luke Howard <lukeh@padl.com>
  217 
  218 	* fixes for compiling on Solaris 10
  219 
  220 241	Luke Howard <lukeh@padl.com>
  221 
  222 	* new, more robust reconnection logic
  223 	* both "host" and "uri" directives can be used in
  224 	  ldap.conf
  225 	* new (undocumented) nss_reconnect_tries,
  226 	  nss_reconnect_sleeptime, nss_reconnect_maxsleeptime,
  227 	  nss_reconnect_maxconntries directives
  228 	* reload configuration file if changed
  229 
  230 240	Luke Howard <lukeh@padl.com>
  231 
  232 	* new API for resolving automounts (requires custom
  233 	  autofs plugin for Linux at present):
  234 	  _nss_ldap_setautomntent(), _nss_ldap_getautomntent(),
  235 	  _nss_ldap_endautomntent(), _nss_ldap_getautomntbyname_r()
  236 	* fix for BUG#200: rename SOCKLEN_T as it conflicts on AIX
  237 	* fix for BUG#205: accept line feeds in ldap.conf
  238 	* fix for BUG#211: nss_ldap fails to start TLS on referred
  239 	  connections
  240 	* fix for BUG#213: initgroups crash if RFC2307bis undefined
  241 	* turn down reconnection logging volume
  242 
  243 239	Luke Howard <lukeh@padl.com>
  244 
  245 	* support for initgroups using backlinks (selectable
  246 	  at runtime if RFC2307bis support is enabled, using
  247 	  the nss_initgroups backlink configuration directive)
  248 	* support for dynamically expanding filter sizes
  249 	* from Peter Marschall <peter@adpm.de>:
  250 	  revert the deletion of blanks/tabs in ldap.conf that
  251 	  happened between 235 and 238
  252 	* from Peter Marschall <peter@adpm.de>:
  253 	  This patch changes configure.in and Makefile.am so that
  254 	  ldap.conf gets installed in the place and with the name
  255 	  that is given to the configure option --with-ldap-conf-file.
  256 	  In addition to that it fixes a long standing bug in
  257 	  Makefile.am that tries to install a file before the
  258 	  destination directory is guaranteed to be created (hunk #3),
  259 	  and uses $(mkinstalldirs) for AIX (hunk #2).
  260 
  261 238	Luke Howard <lukeh@padl.com>
  262 
  263 	* more manual page updates
  264 
  265 237	Luke Howard <lukeh@padl.com>
  266 
  267 	* more manual page updates
  268 
  269 236	Luke Howard <lukeh@padl.com>
  270 
  271 	* fix for BUG#201: typo in ldap-schema.c causing build
  272 	  to fail
  273 	* add manual page for nss_ldap
  274 
  275 235	Luke Howard <lukeh@padl.com>
  276 
  277 	* fix for BUG#198: make pagesize configurable
  278 	* fix for BUG#199: correct fix for BUG#138
  279 	  (blind last char remove in ldap.secret)
  280 
  281 234	Luke Howard <lukeh@padl.com>
  282 
  283 	* don't reacquire global lock in do_next_page()
  284 	* restore old "bind_policy hard" behaviour (don't try to
  285 	  reconnect if initialization failed). The behaviour
  286 	  introduced in nss_ldap-227 can be enabled with
  287 	  "bind_policy hard_init".
  288 
  289 233	Luke Howard <lukeh@padl.com>
  290 
  291 	* if do_open() returns NSS_UNAVAIL, don't try to do
  292 	  server reconnect; only do it if NSS_TRYAGAIN is returned
  293 	  This should fix the problems introduced by the fixes in
  294 	  nss_ldap-227 (delayed binding)
  295 
  296 232	Luke Howard <lukeh@padl.com>
  297 
  298 	* fix for BUG#138 (blind last char remove in ldap.secret)
  299 
  300 230	Luke Howard <lukeh@padl.com>
  301 
  302 	* don't free gss_krb5_ccache_name() output (Heimdal)
  303 
  304 229	Luke Howard <lukeh@padl.com>
  305 
  306 	* more debugging in initgroups and _nss_ldap_getentry()
  307 	* fix _nss_ldap_getentry() enumeration behaviour, and
  308 	  optimize by not searching if the requested attribute
  309 	  cannot be mapped
  310 
  311 228	Luke Howard <lukeh@padl.com>
  312 
  313 	* fix for BUG#188: better documentation for OpenLDAP
  314 	  SSL options
  315 	* fix for BUG#189: do not configure tls_checkpeer
  316 	  unless it is explicitly specifier in ldap.conf
  317 	* fix for BUG#190: set ls_state to LS_UNINITIALIZED
  318 	  after fork
  319 
  320 227	Luke Howard <lukeh@padl.com>
  321 
  322 	* separate initializing LDAP session with actually
  323 	  connecting to the DSA, so that we don't try to
  324 	  bind until we actually need to search (which allows
  325 	  the retry logic in the search function to also apply
  326 	  to binding). NB: this will only provide improved
  327 	  behaviour for LDAP client libraries that support
  328 	  ldap_init() or ldap_initialize() rather than ldap_open
  329 	* fix for BUG#183: support pw_change and pw_expire
  330 	  on BSD
  331 	* fix for BUG#187: NSS_BUFLEN_DEFAULT causing problems
  332 	  on IRS platforms
  333 	* fix for glibc 2.1 from Alexander Spannagel
  334 
  335 226	Luke Howard <lukeh@padl.com>
  336 
  337 	* make LDAP_NSS_NGROUPS configurable with
  338 	  --with-ngroups (experts only) option
  339 
  340 225	Luke Howard <lukeh@padl.com>
  341 
  342 	* make LDAP_NSS_NGROUPS 64 - better choice for
  343 	  small directories
  344 
  345 224	Luke Howard <lukeh@padl.com>
  346 
  347 	* don't double-free on realloc() failure in
  348 	  do_parse_group_members()
  349 	* don't pass LDAP session as an argument, as
  350 	  it may refer to a stale LDAP handle. If this
  351 	  does not work we will need to replace LDAPMessage
  352 	  pointers with pointers to a structure that
  353 	  contains a reference-counted LDAP handle as well
  354 	  as the message
  355 	* fix crasher when internal group membership
  356 	  buffer was reallocated (introduced with nested
  357 	  group expansion code)
  358 	* immediately return NSS_TRYAGAIN and errno=ERANGE
  359 	  if there is not enough buffer space to handle
  360 	  LDAP_NSS_NGROUPS groups; this prevents getgrXXX()
  361 	  from expensive repeated directory searches when
  362 	  there is a priori knowledge that group memberships
  363 	  are large
  364 
  365 223	Luke Howard <lukeh@padl.com>
  366 
  367 	* allow empty lines in /etc/ldap.conf
  368 	* do loop detection in nested groups
  369 	* fixes for building with IRS on FreeBSD 4.10
  370 
  371 222	Luke Howard <lukeh@padl.com>
  372 
  373 	* fix deadlock in _nss_ldap_getentry()
  374 	* support more AIX usersec attributes
  375 	* more AIX porting fixes
  376 	* support Heimdal as well as MIT Kerberos
  377 
  378 221	Luke Howard <lukeh@padl.com>
  379 
  380 	* AIX fix from <carlos.celso@embraer.com.br>
  381 	  Recall #169033
  382 	* support for expansion of nested RFC2307bis groups
  383 	* support for searching using range retrieval
  384 	* fix memory leak with private contexts
  385 	* fix memory leak in do_result()
  386 	* implement _nss_ldap_getentry for AIX enumeration
  387 	* implement netgroups for IRS/AIX
  388 	* remove dependency on Berkeley DB - schema mapping
  389 	  and RFC2307bis no longer requires DB
  390 	* remove old NeXT cruft in resolve.c
  391 
  392 220	Luke Howard <lukeh@padl.com>
  393 
  394 	* fix for BUG#169: getntohost() on Solaris
  395 	* fix for BUG#170: _nss_ldap_getgroupsbymember_r fails
  396 	  to return all groups when NSCD is running and
  397 	  attribute mapping is enabled on Solaris
  398 	* fix for BUG#173: reinstate use of sigaction()
  399 	  (XXX what is the correct fix here?)
  400 	* fix for BUG#174: innetgr() depth checking
  401 
  402 218	Luke Howard <lukeh@padl.com>
  403 
  404 	* fix for BUG#168: set errnop to ENOENT if not found
  405 	* check for -lgssapi before -lgssapi_krb5
  406 
  407 217	Luke Howard <lukeh@padl.com>
  408 	
  409 	* fix for BUG#167: compilation fails on Solaris
  410 
  411 216	Luke Howard <lukeh@padl.com>
  412 
  413 	* patch from Thorsten Kukuk to avoid overwriting
  414 	  sockaddr storage for IPv6; use struct
  415 	  sockaddr_storage if available
  416 	* fix for BUG#153: use asynchronous search API
  417 	  in initgroups()
  418 	* fix for BUG#157: check for __pthread_once rather
  419 	  than __pthread_atfork on glibc, as the latter is
  420 	  no longer exported
  421 	* fix for BUG#158: escape netgroup search filters
  422 	  correctly
  423 	* fix for BUG#161: remove redundant lock in
  424 	  _nss_ldap_innetgr()
  425 	* fix for BUG#164: set schema element array size
  426 	  to LM_NONE + 1 not LM_NONE
  427 	* fix for BUG#165: make _nss_ldap_result() private
  428 	* fix for BUG#166: chase all nested netgroups in
  429 	  innetgr()
  430 	* fix deadlock if getXXXent() called without first
  431 	  calling setXXXent()
  432 	* only request gidNumber attribute when initgroups()
  433 	  (avoids sending back rest of a group's entry)
  434 	* don't request any attributes when mapping a user
  435 	  to a DN (we want the DN only)
  436 
  437 215	Luke Howard <lukeh@padl.com>
  438 
  439 	* choose between using native GSS-API and putenv()
  440 	  for setting ccache path
  441 	* per-map attribute mapping for attributes that
  442 	  appear in multiple maps
  443 
  444 214	Luke Howard <lukeh@padl.com>
  445 
  446 	* define LDAP_DEPRECATED for compiling against
  447 	  OpenLDAP 2.2
  448 
  449 213	Luke Howard <lukeh@padl.com>
  450 
  451 	* fix netgroup compilation error when debugging is
  452 	  enabled
  453 	* support GSS-API for setting ccache name
  454 	* initgroups() should require user to be a POSIX
  455 	  account	
  456 	* define LOGNAME_MAX for HP-UX
  457 	* do not use sigprocmask() - this blocks rather
  458 	  than disabling signals
  459 	* SASL version check fix from Howard Chu
  460 
  461 212	Luke Howard <lukeh@padl.com>
  462 
  463 	* Solaris netgroup support test release
  464 	* fix crasher in do_sasl_interact()
  465 	* do_sasl_interact() needs to strdup() result for
  466 	  Cyrus SASL 1.x but not 2.x
  467 	* merge in LDAP debug patch from Howard Chu
  468 	* try alternate search descriptors on NSS_NOTFOUND
  469 	  as well as NSS_SUCCESS
  470 
  471 211	Luke Howard <lukeh@padl.com>
  472 
  473 	* do AT_OC_MAP cache initialization at config init
  474 	* BSD build fixes
  475 	* replace [h]errno2nssstat lookup tables with switch
  476 	  statement; should help building on AIX!
  477 
  478 210	Luke Howard <lukeh@padl.com>
  479 
  480 	* initialize DBT structures
  481 	* fix SASL crasher
  482 
  483 209	Luke Howard <lukeh@padl.com>
  484 
  485 	* fix SASL breakage
  486 
  487 208	Luke Howard <lukeh@padl.com>
  488 
  489 	* use socklen_t not int
  490 	* remove OpenLDAP SASL code
  491 	* incorporated patches from (see below) Geert Jansen
  492 	* add the "sasl_secprops" option to configure SASL
  493 	  security layers (usage as for OpenLDAP ldap.conf)
  494 	* add the "krb5_ccname" option to specify the 
  495 	  location of the Kerberos ticket cache
  496 	  (requires --enable-configurable-krb5-ccname for
  497 	  now as it is a fairly coarse solution to a lack
  498 	  of appropriate API in the Kerberos libraries)
  499 	* add support for native Active Directory password
  500 	  policy attributes (enabled if shadowLastChange is
  501 	  mapped to pwdLastSet)
  502 	* add "nss_override_attribute_value" and
  503 	  "nss_default_attribute_value" keywords for over-
  504 	  riding and setting default attribute values,
  505 	  respectively
  506 
  507 207	Luke Howard <lukeh@padl.com>
  508 
  509 	* work without LDAP_OPT_X_TLS_RANDOM_FILE
  510 	* fix schema mapping regression from nss_ldap-205;
  511 	  attribute mapping now works again
  512 
  513 205	Luke Howard <lukeh@padl.com>
  514 
  515 	* build with Sleepycat DB without db185 compat layer
  516 	  (tested with 4.x; needs testing on 3.x)
  517 
  518 204	Luke Howard <lukeh@padl.com>
  519 
  520 	* Linux netgroup implementation from Larry Lile
  521 	* Multiple service search descriptor support from
  522 	  Symas
  523 	* IPv6 patch from Thorsten Kukuk at SuSE
  524 
  525 203	Luke Howard <lukeh@padl.com>
  526 
  527 	* fix for BUG#115
  528 	* fix for BUG#121
  529 
  530 202	Luke Howard <lukeh@padl.com>
  531 
  532 	* getsockname() fixes from Howard Chu
  533 	* configuration parser crasher fix
  534 
  535 201	Luke Howard <lukeh@padl.com>
  536 
  537 	* Berkeley DB fixes from Howard Chu
  538 	* Netscape client library build fix
  539 
  540 200	Luke Howard <lukeh@padl.com>
  541 
  542 	* use sigprocmask() if available to block SIGPIPE
  543 	* fix build breakage with OpenLDAP HEAD
  544 
  545 199	Luke Howard <lukeh@padl.com>
  546 
  547 	* HP-UX port
  548 	* BUG#111: incorrect debugging statement in
  549 	  _nss_ldap_enter()
  550 	* export required symbols only on Linux
  551 	* corrected symbol names for glibc alias enumeration
  552 	  functions
  553 	* the DNS response parser doesn't stop after parsing the
  554 	  right number of records, and doesn't handle long responses
  555 	  (Nalin at RedHat)
  556 
  557 198	 Luke Howard <lukeh@padl.com>
  558 
  559 	* BUG#108: fix potential buffer overflow in dnsconfig.c
  560 	  (could be triggered if no flat file configuration
  561 	  for nss_ldap and large DNS SRV data for domain;
  562 	  because nss_ldap in SRV mode trusts DNS we do
  563 	  not believe this to be exploitable to elevate
  564 	  privilege in the default configuration)
  565 	* do not malloc() configuration structure; use 
  566 	  buffer
  567 
  568 197	Luke Howard <lukeh@padl.com>
  569 
  570 	* improved AIX documentation from Dejan Muhamedagic
  571 	* define LDAP_OPT_SSL for Solaris 9
  572 
  573 196	Luke Howard <lukeh@padl.com>
  574 
  575 	* return NSS_TRYAGAIN not NSS_NOTFOUND for insufficient
  576 	  buffer space in dn2uid_cache_get()
  577 	* support automake 1.5 and friends
  578 	* out of box build on AIX 4.3.3
  579 	* fixed BUG#104: do_ssl_options() return code ignored
  580 
  581 195	Luke Howard <lukeh@padl.com>
  582 
  583 	* fixed BUG#98: large groups cause buffer length
  584 	  wraparound with rfc2307bis
  585 
  586 194	Luke Howard <lukeh@padl.com>
  587 
  588 	* bugfix for Debian Bug report #147553: lack of global
  589 	  mutex use in initgroups()
  590 
  591 193	Luke Howard <lukeh@padl.com>
  592 
  593 	* support for PADL GSS-SASL client library
  594 
  595 192	Luke Howard <lukeh@padl.com>
  596 
  597 	* more carefully compare cached socket and peer
  598 	  addresses
  599 
  600 191	Luke Howard <lukeh@padl.com>
  601 
  602 	* added configurable [hard|soft] reconnect, see the
  603 	  bind_policy parameter in ldap.conf.
  604 
  605 190	Luke Howard <lukeh@padl.com>
  606 
  607 	* check for Netscape 4 SDK without SSL; don't require
  608 	  pthreads for these
  609 
  610 189	Luke Howard <lukeh@padl.com>
  611 
  612 	* patch for building on OpenLDAP 1.x from Nalin
  613 	  at RedHat
  614 
  615 188	Luke Howard <lukeh@padl.com>
  616 
  617 	* specify runtime path for LDAP library correctly to
  618 	  native Solaris linker
  619 	* check for gcc correctly
  620 	* use native linker on Solaris and AIX
  621 
  622 187	Luke Howard <lukeh@padl.com>
  623 
  624 	* make bogusSd in ldap-nss.c conditional on
  625 	  !HAVE_LDAP_LD_FREE
  626 	* merge in paged result support from Max Caines
  627 	* bugfixes for Debian Bug report #140854
  628 
  629 186	Luke Howard <lukeh@padl.com>
  630 
  631 	* incorporated patch for Debian Bug report #140854,
  632 	  where nss_ldap could in some cases close a
  633 	  descriptor it did not own. Patch was provided
  634 	  by Luca Filipozzi.
  635 
  636 185	Luke Howard <lukeh@padl.com>
  637 
  638 	* updated copyrights
  639 	* fix for BUG#82: set close on exec (Debian bug 136953)
  640 
  641 184	Luke Howard <lukeh@padl.com>
  642 
  643 	* return NSS_TRYAGAIN if no buffer space in ldap-grp.c
  644 
  645 183	Luke Howard <lukeh@padl.com>
  646 
  647 	* return error strings in AIX authentication routine
  648 	* initialise schema in getgroupsbymember()
  649 	* fix for tls_checkpeer; pass NULL session in to
  650 	  set global option
  651 	* BUG#77: configurable config file locations
  652 
  653 181	Luke Howard <lukeh@padl.com>
  654 
  655 	* ignore SIGPIPE whilst inside nss_ldap library routines
  656 	  to prevent crashing on down LDAP server; possible fix
  657 	  for Debian bug 130006
  658 	* removed --enable-no-so-keepalive; always try to
  659 	  disable SO_KEEPALIVE on underlying socket to LDAP
  660 	  server
  661 	* include local copy of irs.h under AIX
  662 	* general cleanup of locking code
  663 	* _nss_ldap_no_members appears to only need defining for
  664 	  when RFC2307bis is enabled
  665 
  666 180	Luke Howard <lukeh@padl.com>
  667 
  668 	* pull in libpthreads on AIX 
  669 
  670 179	Luke Howard <lukeh@padl.com>
  671 
  672 	* a couple more patches for AIX
  673 
  674 178	Luke Howard <lukeh@padl.com>
  675 
  676 	* patch from Gabor Gombas for AIX support
  677 	* Makefile.am: sasl.o needed by NSS_LDAP
  678 	* aix_authmeth.c: method_passwordexpired is
  679 	  really method_passwdexpired; but since the struct
  680 	  was bzero()ed no need to set it to NULL
  681 	* configure.in: support both gcc and xlc_r
  682 	* exports.aix: sv_byport was not exported
  683 	* ldap-grp.c: getgrset() returned group names instead of
  684 	  gid numbers
  685 
  686 177	Luke Howard <lukeh@padl.com>
  687 
  688 	* patch for building on AIX from IBM
  689 	* added simple authentication support for AIX
  690 	* cleaned up SASL patch to not break if Cyrus
  691 	  SASL is not installed
  692 
  693 176	Luke Howard <lukeh@padl.com>
  694 
  695 	* fixed bug in SASL patch which had required
  696 	  OpenLDAP headers
  697 	
  698 175	Luke Howard <lukeh@padl.com>
  699 
  700 	* incorporated GSS-API SASL patches
  701 	* rebind to server on LDAP_LOCAL_ERROR
  702 
  703 174	Luke Howard <lukeh@padl.com>
  704 
  705 	* added patches from Maxim Batourine for compiling
  706 	  with Sun workshop compiler
  707 	* added notes re: 64-bit compile on Solaris from
  708 	  above source
  709 
  710 173	Luke Howard <lukeh@padl.com>
  711 
  712 	* notes on IRS in doc/README.IRS
  713 	* added irs.h for AIX compat
  714 	* patch from Bob Guo for stripping trailing
  715 	  spaces in ldap.conf.
  716 
  717 172	Luke Howard <lukeh@padl.com>
  718 
  719 	* fixed schema mapping bug by storing a copy of the
  720 	  mapped schema in the Berkeley DB rather than the
  721 	  element itself. Because the DB library returns
  722 	  static storage, this was causing problems where
  723 	  the schema mapping calls were used to build the
  724 	  attribute table in ldap-schema.c. This bugfix was
  725 	  sponsored by n2h2.com; thanks!
  726 
  727 171	Luke Howard <lukeh@padl.com>
  728 
  729 	* added ldap.conf stanza for AIX
  730 	* workaround for schema mapping bug.
  731 
  732 170	Luke Howard <lukeh@padl.com>
  733 
  734 	* use _nss_ldap_getrdnvalue() for determining canonical	
  735 	  group name
  736 
  737 169	Luke Howard <lukeh@padl.com>
  738 
  739 	* fixed typo in ldap-service.c; prefix filters now
  740 	  with _nss_ldap
  741 
  742 168	Luke Howard <lukeh@padl.com>
  743 
  744 	* initialize old_handler to SIG_DFL
  745 	* incorporate Stephan Cremer's mapping patches,
  746 	  a big thanks to Stephan for these!
  747 	* use LDAP_OPT_NETWORK_TIMEOUT if available for
  748 	  network connect timeout
  749 	* removed hard-coded schema mapping for 
  750 	  authPassword, NDS and MSSFU
  751 
  752 167	Luke Howard <lukeh@padl.com>
  753 
  754 	* support for new OpenLDAP rebind proc prototype
  755 	* in rebind function, respect timeout
  756 	* fix for PADL Release Control
  757 
  758 166	Luke Howard <lukeh@padl.com>
  759 
  760 	* corrected small typos 
  761 
  762 165	Luke Howard <lukeh@padl.com>
  763 
  764 	* posixMember is a distinguished name, don't pretend it
  765 	  is a login name
  766 	* cleaned up code referencing different member syntaxes
  767 
  768 164	Luke Howard <lukeh@padl.com>
  769 
  770 	* removed IDS_UID code, never worked properly
  771 
  772 163	Luke Howard <lukeh@padl.com>
  773 
  774 	* removed context_free function, usage confusing
  775 
  776 162	Luke Howard <lukeh@padl.com>
  777 
  778 	* in reconnect harness, do not treat entry not found
  779 	  errors as requiring a reconnect
  780 
  781 161	Luke Howard <lukeh@padl.com>
  782 
  783 	* hopefully fixed use of synchronous searches in
  784 	  _nss_ldap_getbyname()
  785 
  786 160	Luke Howard <lukeh@padl.com>
  787 
  788 	* patch from RedHat to check for DB3, override
  789 	  install user/group optionally
  790 	* use synchoronous searches for _nss_ldap_getbyname()
  791 	* only set SSL options if we have values for those
  792 	  options
  793 
  794 159	Luke Howard <lukeh@padl.com>
  795 
  796 	* make do_ssl_options() take a config parameter;
  797 	  avoid segfault with SSL?
  798 
  799 158	Luke Howard <lukeh@padl.com>
  800 
  801 	* in the distinguished name to login cache (dn2uid)
  802 	  make sure we use the AT(uid) macro for the uid 
  803 	  attribute rather than the hard-coded value of "uid"
  804 	  This should enable the cache for MSSFU support.
  805 
  806 157	Luke Howard <lukeh@padl.com>
  807 
  808 	* for MSSFU, use posixMember for group memberships
  809 	  rather than member (reported by Andy Rechenberg)
  810 	* ignore SIGPIPE before calling do_close() for
  811 	  idle_timeout
  812 
  813 156	Luke Howard <lukeh@padl.com>
  814 
  815 	* logic was around the wrong way in do_search(), 
  816 	  all searches were broken!
  817 	* --disable-ssl option for configure
  818 	* removed "Obsoletes: pam_ldap" from spec file
  819 
  820 155	Luke Howard <lukeh@padl.com>
  821 
  822 	* do not use private API when setting OpenLDAP TLS
  823 	  options (do_ssl_options())
  824 	
  825 154	Luke Howard <lukeh@padl.com>
  826 
  827 	* notes from Scott M. Stone <sstone@foo3.com>
  828 	* idle timeout patch from Steve Barrus
  829 
  830 153	Luke Howard <lukeh@padl.com>
  831 
  832 	* SSL fix
  833 
  834 152	Luke Howard <lukeh@padl.com>
  835 
  836 	* further patch from Jarkko for TLS/SSL auth:
  837 	  support for LDAPS/cipher suite selection/
  838 	  client key/cert authentication
  839 
  840 151	Luke Howard <lukeh@padl.com>
  841 
  842 	* patch from Andrew Rechenberg for Active
  843 	  Directory schema support
  844 	* patch from Jarkko Turkulainen <jt@wapit.com> for
  845 	  peer certificate support with OpenLDAP
  846 
  847 150	Luke Howard <lukeh@padl.com>
  848 
  849 	* patch from Anselm Kruis for URI support
  850 
  851 149	Luke Howard <lukeh@padl.com>
  852 
  853 	* fixed compile on Solaris, broken in 145 by
  854 	  malformed Linux patch
  855 	 
  856 148	Luke Howard <lukeh@padl.com>
  857 
  858 	* check for HAVE_LDAP_SET_OPTION always
  859 
  860 147	Luke Howard <lukeh@padl.com>
  861 
  862 	* check for ldap_set_option(), as LDAP_OPT_REFERRALS
  863 	  is defined for OpenLDAP 1.x but without the
  864 	  ldap_set_option() function
  865 
  866 146	Luke Howard <lukeh@padl.com>
  867 
  868 	* mass reindentation, GNU style
  869 	* patch from Simon Wilkinson <sxw@sxw.org.uk>
  870 	  for compatibility with old initgroups entry
  871 	  point
  872 	* request authPassword attribute if 
  873 	  --enable-authpassword
  874 	* authPassword support in ldap-spwd.c (shadow)
  875 
  876 145	Luke Howard <lukeh@padl.com>
  877 
  878 	* preliminary support for authPassword attribute
  879 	* updated COPYING
  880 	* patch from Szymon Juraszczyk to suppot
  881 	  _nss_ldap_initgroups_dyn prototype
  882 
  883 144	Luke Howard <lukeh@padl.com>
  884 
  885 	* when specifying filters with nss_base_XXX,
  886 	  only escape the filter argument not the entire
  887 	  filter
  888 
  889 143	Luke Howard <lukeh@padl.com>
  890 
  891 	* patch from nalin@redhat.com to avoid 
  892 	  corrupting the heap when the configuration
  893 	  file exists but has no host and base values.
  894 	  _nss_ldap_readconfigfromdns() will write to
  895 	  the region which was already freed.
  896 
  897 142	Luke Howard <lukeh@padl.com>
  898 
  899 	* patch from Simon Wilkinson <sxw@sxw.org.uk>
  900 	  for memory leak in ldap-service.c
  901 
  902 141	Luke Howard <lukeh@padl.com>
  903 
  904 	* fix for BUG#54 (AIX detection broken)
  905 	* use -rpath on all platforms except Solaris,
  906 	  not just Linux
  907 
  908 140	Luke Howard <lukeh@padl.com>
  909 
  910 	* fix configure bug for DISABLE_SO_KEEPALIVE
  911 	* fix alignment bug in util.c; this was causing
  912 	  Solaris to crash whenever per-map search
  913 	  descriptors were specified in ldap.conf
  914 
  915 139	Luke Howard <lukeh@padl.com>
  916 
  917 	* updated INSTALL file with boilerplate 
  918 	* fixed pointer error in ldap-nss.c
  919 
  920 138	Luke Howard <lukeh@padl.com>
  921 
  922 	* close config file FILE * if out of buffer space
  923 	  for parsing search descriptor
  924 	* fixed bug where non-recognized directives in
  925 	  ldap.conf would cause the configuration file to
  926 	  not be parsed at all, if they were the last
  927 	  entries in the config file.
  928 	  
  929 137.1	Luke Howard <lukeh@padl.com>
  930 
  931 	* patch from nalin@redhat.com; return { NULL } not
  932 	  NULL for no group members
  933 	* cleaned up usage of libc-lock.h weak aliases
  934 	  to pthreads API; use in ltf.c also
  935 	* use __libc_atfork() or pthread_atfork() to
  936 	  close off connection on fork, rather than
  937 	  checking PIDs; this is expensive and breaks
  938 	  on Linux where each thread may have a 
  939 	  different PID.
  940 
  941 137	Gabor Gombas <gombasg@inf.elte.hu>
  942 
  943 	* build nss_ldap as a loadable module on AIX
  944 	* doco on AIX
  945 
  946 136	Luke Howard <lukeh@padl.com>
  947 
  948 	* define -DPIC for FreeBSD
  949 	* link with -shared not --shared
  950 	* fixes for AIX
  951 
  952 135	Luke Howard <lukeh@padl.com>
  953 
  954 	* merged ldap.conf
  955 	* fixed bug in concatenating relative search
  956 	  bases in ldap-nss.c (profile support)
  957 
  958 134	Luke Howard <lukeh@padl.com>
  959 
  960 	* fixed Makefile.am
  961 	* reordered DB search order in util.c
  962 
  963 133	Luke Howard <lukeh@padl.com>
  964 
  965 	* make /usr/lib directory in Makefile.am
  966 	* new spec file from Joe Little
  967 
  968 132	Luke Howard <lukeh@padl.com>
  969 
  970 	* fixed rebind preprocessor logic
  971 
  972 131	Luke Howard <lukeh@padl.com>
  973 
  974 	* created files for automake happiness
  975 
  976 130	Luke Howard <lukeh@padl.com>
  977 
  978 	* fixed typo preventing build with Netscape
  979 	  client library
  980 
  981 129	Luke Howard <lukeh@padl.com>
  982 
  983 	* updated version number
  984 	* fixed build bug on Solaris
  985 
  986 128	Luke Howard <lukeh@padl.com>
  987 
  988 	* fixed logic bug in util.c introduced in
  989 	  nss_ldap-127
  990 
  991 127	Luke Howard <lukeh@padl.com>
  992 
  993 	* updating copyright notices
  994 	* autoconf support; IRIX and OSF/1 support has
  995 	  been dropped (dl-*.[ch]) as no one really
  996 	  used this, the implementation was a hack,
  997 	  and these operating systems have their
  998 	  own LDAP implementations now
  999 	* added support for "referrals" and "restart"
 1000 	  options to ldap.conf
 1001 	* use OpenLDAP 2.x rebind proc with correct
 1002 	  arguments
 1003 	* added "timelimit" and "bind_timelimit"
 1004 	  directives to ldap.conf
 1005 	* fixed bug with dereferencing aliases
 1006 	* preliminary support for profiles; recognise
 1007 	  profile semantics in ldap-nss.c/util.c
 1008 	* parity with pam_ldap; "ssl" directive in
 1009 	  ldap.conf can now specify "yes" or
 1010 	  "start_tls" for Start TLS
 1011 	* hopefully fixed Berkeley DB include 
 1012 	  mess in util.c
 1013 	* fixed potential buffer overflow in util.c
 1014 	* default to LDAP protocol version 3
 1015 	* fixed leaks in util.c, dnsconfig.c
 1016 	* accept on/yes/true for boolean configuration
 1017 	  values
 1018 	* tested building on FreeBSD, Solaris 8, Linux
 1019 	* tested functionality on RedHat 6.2
 1020 
 1021 126	Luke Howard <lukeh@padl.com>
 1022 
 1023 125	Luke Howard <lukeh@padl.com>
 1024 
 1025 	* fixed up Linux Makefiles to build libnss_ldap
 1026 
 1027 124	Luke Howard <lukeh@padl.com>
 1028 
 1029 	* patch from nalin@redhat.com for StartTLS
 1030 	* fixed up indenting
 1031 
 1032 123	Luke Howard <lukeh@padl.com>
 1033 
 1034 	* rolled in BUG#52 branch with fixes for AIX
 1035 
 1036 122.BZ52.2	Luke Howard <lukeh@padl.com>
 1037 
 1038 	* included ldap-schema.c; omitted from previous
 1039 	  checkpoint
 1040 
 1041 122.BZ52.1	Luke Howard <lukeh@padl.com>
 1042 
 1043 	* preliminary fix for BUG#52 (support for different
 1044 	  naming contexts for each map)
 1045 	* fixed bug in enumerating services map
 1046 
 1047 122	Luke Howard <lukeh@padl.com>
 1048 
 1049 	* fixed BUG#50 (check return value of ldap_simple_bind())
 1050 
 1051 121	Luke Howard <lukeh@padl.com>
 1052 
 1053 	* fixed BUG#49 (fix acknowledged race condition)
 1054 
 1055 120	Luke Howard <lukeh@padl.com>
 1056 
 1057 	* added Makefile.aix and exports.aix (forgot)
 1058 
 1059 119	Luke Howard <lukeh@padl.com>
 1060 
 1061 	* patch from Gabor Gombas <gombasg@inf.elte.hu>
 1062 	  to support AIX implementation of BIND IRS
 1063 
 1064 118	Luke Howard <lukeh@padl.com>
 1065 
 1066 	* Makefile.RPM.openldap2 from Joe Little
 1067 
 1068 117	Luke Howard <lukeh@padl.com>
 1069 
 1070 	* permanently ignore SIGPIPE when using SSL. This
 1071 	  bug should be fixed properly.
 1072 
 1073 116	Luke Howard <lukeh@padl.com>
 1074 
 1075 	* added irs-nss.diff and README.IRS from Emile
 1076 	  Heitor
 1077 
 1078 115	Luke Howard <lukeh@padl.com>
 1079 
 1080 	* fixed filter escaping
 1081 	* call ldapssl_client_init() once only
 1082 	* include db_185.h not db.h for dn2uid cache
 1083 	* fixes for FreeBSD (IRS) support from Emile
 1084 	  Heitor
 1085 
 1086 113	Luke Howard <lukeh@padl.com>
 1087 
 1088 	* patch from Ben Collins to escape '*' in filters
 1089 
 1090 110	Luke Howrad <lukeh@padl.com>
 1091 
 1092 	* patch from Phlilip Liu for async binds
 1093 
 1094 109	Luke Howard <lukeh@padl.com>
 1095 
 1096 	* omit socket check for -DSSL; it doesn't work
 1097 	* updated CONTRIBUTORS
 1098 	* updated README re HAVE_LDAP_LD_FREE
 1099 
 1100 108	Luke Howard <lukeh@padl.com>
 1101 
 1102 	* included "deref" option in /etc/ldap.conf, compatible
 1103 	  with OpenLDAP syntax. Patch from Michael Mattice.
 1104 
 1105 107	Luke Howard <lukeh@padl.com>
 1106 
 1107 	* fixed argument to _nss_ldap_getent() in ldap-ethers.c
 1108 
 1109 106.2	Luke Howard <lukeh@padl.com>
 1110 
 1111 	* if root, use rootbinddn/rootbindpw in rebind proc
 1112 	* include objectClass in pwd required attributes
 1113 
 1114 106.1	Luke Howard <lukeh@padl.com>
 1115 
 1116 	* if user is a shadowAccount, then don't return password
 1117 	  in getpwent(), getpwuid() or getpwnam()
 1118 	* incorporated patch (from Doug Nazar):
 1119 	* allow getgrent() to be called without setgrent();
 1120 	  note arguments to _nss_ldap_getent() have changed.
 1121 	* return NSS_NOTFOUND instead of NSS_UNAVAIL at the
 1122 	  end of a search
 1123 	* initialize len for getpeername()
 1124 
 1125 105	Luke Howard <lukeh@padl.com>
 1126 
 1127 	* incorporated patch for deadlock under Solaris (from
 1128 	  Dave Begley)
 1129 
 1130 104	Luke Howard <lukeh@padl.com>
 1131 
 1132 	* new spec file
 1133 
 1134 103	Luke Howard <lukeh@padl.com>
 1135 
 1136 	* don't call ldap_parse_result() with V2 API
 1137 
 1138 102	Luke Howard <lukeh@padl.com>
 1139 
 1140 	* added defines for LDAP_MSG_ONE et al if not in ldap.h
 1141 	* removed LDAP_MORE_RESULTS_TO_RETURN test 
 1142 
 1143 101	Luke Howard <lukeh@padl.com>
 1144 
 1145 	* fixed spec file
 1146 
 1147 100	Luke Howard <lukeh@padl.com>
 1148 
 1149 	* support for asynchronous search API!
 1150 	* added some contributors
 1151 	* notes about ldap_ld_free()
 1152 	* merged in ChangeLog
 1153 
 1154 99	Luke Howard <lukeh@padl.com>
 1155 
 1156 	* added some netgroup implementation tips
 1157 	* do_close_no_unbind() cleanup
 1158 
 1159 98	Luke Howard <lukeh@padl.com>
 1160 
 1161 	* /etc/nss_ldap.secret -> /etc/ldap.secret (sorry,
 1162 	  Doug!)
 1163 	* deleted crypt-mechanism code. Junk.
 1164 	* fixed call to _nss_ldap_read() after changing
 1165 	  prototypes in nss_ldap-88
 1166 
 1167 97	Luke Howard <lukeh@padl.com>
 1168 
 1169 	* #ifndef HAVE_LDAP_LD_FREE, still call ldap_unbind(),
 1170 	  but having closed the descriptor.
 1171 
 1172 96	Luke Howard <lukeh@padl.com>
 1173 
 1174 	* re-orged
 1175 
 1176 95	Luke Howard <lukeh@padl.com>
 1177 
 1178 	* disable SO_KEEPALIVE on socket rather than blocking
 1179 	  SIGPIPE. Need to figure out the right way to do this.
 1180 
 1181 94	Luke Howard <lukeh@padl.com>
 1182 
 1183 	* committed some changes for the parent/child close
 1184 	  problem. It relies on internal libldap APIs so
 1185 	  it may be non-portable but should work with OpenLDAP
 1186 	  and Netscape client libraries, and perhaps most UMich-
 1187 	  derived client libraries. There's a possible workaround
 1188 	  for client libraries without this; undefine
 1189 	  HAVE_LDAP_LD_FREE to test this.
 1190 
 1191 93	Luke Howard <lukeh@padl.com>
 1192 
 1193 	* important fix: make sure return status is reset
 1194 	  after do_open() == NSS_SUCCESS, just in case
 1195 	  no entries are returned. This bug was introduced
 1196 	  in nss_ldap-88 and could potentially cause a
 1197 	  security hole.
 1198 
 1199 92	Luke Howard <lukeh@padl.com>
 1200 
 1201 	* signal handling fix: don't restore handler
 1202 	  unnecessarily. 
 1203 	* don't open nss_ldap.secret unless a root pw
 1204 	  is specified in ldap.conf
 1205 
 1206 91	Luke Howard <lukeh@padl.com>
 1207 
 1208 	* reorganized SIGPIPE blocking code
 1209 	* added SSL support
 1210 
 1211 90	Luke Howard <lukeh@padl.com>
 1212 
 1213 	* only reconnect if we've changed to/from root
 1214 
 1215 89	Luke Howard <lukeh@padl.com>
 1216 
 1217 	* cleaned up a few things
 1218 
 1219 88	Luke Howard <lukeh@padl.com>
 1220 
 1221 	* added breaks to switch in _nss_ldap_lookup
 1222 	  (thanks to Nathan.Hawkins@FMR.COM for pointing
 1223 	   this out)
 1224 	* save signal handler and ignore SIGPIPE for
 1225 	  appropriate sections of do_open() and confirm
 1226 	  connection is still active (patch from
 1227 	  rpatel@globix.com)
 1228 	* allow root users to bind as a different user,
 1229 	  to provide quasi-shadow password support (patch
 1230 	  from nazard@dragoninc.on.ca)
 1231 	* under Linux, make Makefile look at last libc
 1232 	  version (patch from nazard@dragoninc.on.ca)
 1233 	* never clobber nsswitch.ldap/ldap.conf when
 1234 	  making install (patch from nazard@dragoninc.on.ca)
 1235 	* change do_open() to not unbind the parent ldap
 1236 	  connection when the pid changes but simply open a
 1237 	  new connection (patch from nazard@dragoninc.on.ca)
 1238 	* changed _nss_ldap_lookup() and _nss_ldap_read()
 1239 	  prototypes to return NSS_STATUS error codes,
 1240 	  so that NSS_UNAVAIL percolates as appropriate.
 1241 	
 1242 87	Luke Howard <lukeh@padl.com>
 1243 
 1244 	* fixed looking up DN-membered groups by member. Thanks
 1245 	  to Jeff Mandel for spotting this hard to find bug.
 1246 
 1247 86	Luke Howard <lukeh@padl.com>
 1248 
 1249 	* member for NDS vs uniqueMember (needs further
 1250 	  investigation; -DNDS)
 1251 
 1252 85	Luke Howard <lukeh@padl.com>
 1253 
 1254 	* check non-NULLity of userdn before freeing
 1255 	* use AT(uid) for groupsbymember filter
 1256 
 1257 84	Luke Howard <lukeh@padl.com>
 1258 
 1259 	* implemented _nss_ldap_initgroups()
 1260 
 1261 81	Luke Howard <lukeh@padl.com>
 1262 
 1263 	* removed extraneous do_sleep() code
 1264 	* updated spec file
 1265 
 1266 80	Luke Howard <lukeh@padl.com>
 1267 
 1268 	* (really 2.80) changed version number a la Solaris 7!
 1269 	* cleaned up schema stuff into ldap-schema.h
 1270 
 1271 2.79	Luke Howard <lukeh@padl.com>
 1272 
 1273 	* implemented exponential backoff reconnect logic
 1274 
 1275 2.78	Luke Howard <lukeh@padl.com>
 1276 
 1277 	* removed ldap.conf.ragenet from lineup
 1278 	* removed spurious do_close()
 1279 
 1280 2.76	Luke Howard <lukeh@padl.com>
 1281 
 1282 	* added -lresolv to Solaris makefiles
 1283 
 1284 2.75	Luke Howard <lukeh@padl.com>
 1285 
 1286 	* incorporated RPM patches from stein@terminator.net
 1287 
 1288 2.72	Luke Howard <lukeh@padl.com>
 1289 
 1290 	* implemented getgroupsbymember() for Solaris.
 1291 	  Supplementary groups should be initialized now.
 1292 	  (NB: doesn't appear to be quite working for
 1293 	  RFC2307bis yet.)
 1294  	* GNU indent-ified
 1295 
 1296 2.71	Luke Howard <lukeh@padl.com>
 1297 
 1298 	* removed -DDEBUG as default build flag
 1299 
 1300 2.70	Luke Howard <lukeh@padl.com>
 1301 
 1302 	* put /usr/ucblib back into linker search path for
 1303 	  Solaris. 
 1304 
 1305 2.69	Luke Howard <lukeh@padl.com>
 1306 
 1307 	* added timeout, unavailable, and server busy 
 1308 	  conditions to rebind logic
 1309 	* indent -gnu all source files
 1310 
 1311 2.68	Luke Howard <lukeh@padl.com>
 1312 
 1313 	* mods for glibc 2.1 (__set_errno is obselete it seems)
 1314 
 1315 2.65	Luke Howard <lukeh@padl.com>
 1316 
 1317 	* mods to compile with OpenLDAP 2
 1318 
 1319 2.64	Luke Howard <lukeh@padl.com>
 1320 
 1321 	* changed alias schema to Sun SDS nisMailAlias schema
 1322 	* updated TODO list to reflect Bugzilla entries
 1323 	* restored capitalization of attributes for "niceness"
 1324 
 1325 2.63	Luke Howard <lukeh@padl.com>
 1326 
 1327 	* added patch from gero@faveve.uni-stuttgart.de for
 1328 	  parsing of ldap.conf with tabs
 1329 	* some fixes for BSDI BSD/OS IRS
 1330 
 1331 2.62 	Luke Howard <lukeh@padl.com>
 1332 
 1333 	* added experimental support for DN-membered groups;
 1334 	  to enable, define RFC2307BIS
 1335 	* fixed align bug (where buflen wasn't being
 1336 	  decremented after pointer alignment)
 1337 
 1338 2.61	Luke Howard <lukeh@padl.com>
 1339 
 1340 	* added warning about compiling with DS 4.1 LDAP SDK
 1341 
 1342 2.60	Luke Howard <lukeh@padl.com>
 1343 
 1344 	* fixed missing close brace
 1345 
 1346 2.59	Luke Howard <lukeh@padl.com>
 1347 
 1348 	* pw_comment field defaults to pw_gecos (Solaris only)
 1349 
 1350 2.56	Luke Howard <lukeh@padl.com>
 1351 
 1352 	* fixed Makefile.linux.mozilla NSSLIBVER
 1353 
 1354 2.55	Luke Howard <lukeh@padl.com>
 1355 
 1356 	* merged in glibc-2.1 branch
 1357 
 1358 2.54.6	Luke Howard <lukeh@padl.com>
 1359 
 1360 	* misc fixes.
 1361 
 1362 2.54.5	Luke Howard <lukeh@padl.com>
 1363 
 1364 	* misc fixes.
 1365 
 1366 2.54.4	Luke Howard <lukeh@padl.com>
 1367 
 1368 	* glibc-2.1 patches from bcollins@debian.org
 1369 
 1370 2.54.3	Luke Howard <lukeh@padl.com>
 1371 
 1372 	* glibc-2.1 support. (Recall #93)
 1373 	* set erange correctly on Solaris (related to above)
 1374 
 1375 2.51	Luke Howaed <lukeh@padl.com>
 1376 
 1377 	* added rebind function
 1378 
 1379 2.51	Luke Howard <lukeh@padl.com>
 1380 
 1381 	* added stuff for RC
 1382 
 1383 2.49	Luke Howard <lukeh@padl.com>
 1384 
 1385 	* configuration file is now case insensitive
 1386 
 1387 2.47  Luke Howard <lukeh@xedoc.com>
 1388 
 1389 	* RFC2052BIS (_ldap._tcp) support
 1390 
 1391 2.45	Luke Howard <lukeh@xedoc.com>
 1392 
 1393 	* added #include <stdlib.h> to globals.c
 1394 
 1395 2.44	Luke Howard <lukeh@xedoc.com>
 1396 
 1397 	* NULL search base allowed (omit basedn from config file)
 1398 
 1399 2.42	Luke Howard <lukeh@xedoc.com>
 1400 
 1401 	* fixed potential crasher in dnsconfig.c
 1402 	* LDAP session is now persistent for performance reasons.
 1403 	  Removed references to the session anywhere outside
 1404 	  ldap-nss.c. The process ID is cached and the session
 1405 	  reopened after a fork().
 1406 
 1407 2.39	Luke Howard <lukeh@xedoc.com>
 1408 
 1409 	* fixed warning in ldap-ethers.c (removed const from 
 1410 	  struct ether)
 1411 	* added ldap_version keyword to ldap.conf for parity with
 1412 	  pam_ldap
 1413 
 1414 2.38	Luke Howard <lukeh@xedoc.com>
 1415 
 1416 	* debugged ldap_explode_rdn() code
 1417 	* added support for Mozilla LDAP client library; see
 1418 	  Makefile.linux.mozilla and ltf.c for more information.
 1419 	  Thanks to Netscape for making their library 
 1420 	  available.
 1421 
 1422 2.37	Luke Howard <lukeh@xedoc.com>
 1423 
 1424 	* moved to CVS repository and Linux as development
 1425 	  environment 
 1426 	* incorporated ldap-service.c fix from Greg
 1427 
 1428 2.36	Luke Howard <lukeh@xedoc.com>
 1429 
 1430 	* util.c: will use ldap_explode_rdn() if it exists
 1431 
 1432 2.35	Luke Howard <lukeh@xedoc.com>
 1433 
 1434 	* made util.c compile again. Silly me.
 1435 
 1436 2.34	Luke Howard <lukeh@xedoc.com>
 1437 
 1438 	* fixed #endif in testpw.c 
 1439 	* fixed another DN freeing leak in util.c
 1440 	* added RFC 2307 to distribution (fixed the two
 1441 	  typos in it:
 1442 	* fixed bug in ...getrdnvalue() (thanks, Greg)
 1443 
 1444 % diff rfc2307.txt ~/rfc2307.txt
 1445 480c480
 1446 <           MUST ( cn $ ipProtocolNumber )
 1447 ---
 1448 >           MUST ( cn $ ipProtocolNumber $ description )
 1449 1038c1038
 1450 <         lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/csh
 1451 ---
 1452 >         lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/sh
 1453 
 1454 2.33	Luke Howard <lukeh@xedoc.com>
 1455 
 1456 	* rolled in more patches from greg@rage.net:
 1457 	* removed _r from setXXXent and endXXXent functions
 1458 	  for GNU_NSS
 1459 	* cleaned up testpw.c to use pthreads and protos
 1460 	* fixed prototype for gethostbyaddr_r on GNU_NSS
 1461 	* braced conditional in getservbyname_r
 1462 	* merged in Makefile.linux and README.LINUX diffs 
 1463 	* added htons(port) in getservbyport_r
 1464 	* added nsswitch.test
 1465 	* added ldaptest.pl
 1466 	* added ldap.conf.ragenet
 1467 
 1468 2.32	Luke Howard <lukeh@xedoc.com>
 1469 
 1470 	* moved Makefile to Makefile.solaris
 1471 	* cleaned up mutex code for Linux, hopefully
 1472 
 1473 2.31	Luke Howard <lukeh@xedoc.com>
 1474 
 1475 	* fixed leak in util.c (need to free dn)
 1476 	* rolled in patches from greg@rage.net:
 1477 	* fixed ldap-ethers.c to use struct ether
 1478 	* fixed bracing in ldap-hosts.c (?)
 1479 	* added SSLEAY patch to ldap-nss.h
 1480 	* fixed locking in ldap-nss.h
 1481 	* Makefile changes incorporated into Makefile.linux
 1482 
 1483 2.30	Luke Howard <lukeh@xedoc.com>
 1484 
 1485 	* synced into DevMan repository again
 1486 	* RFC 2307 is the one!
 1487 
 1488 2.29e	Luke Howard <lhoward@apple.com>
 1489 
 1490 	* util.c: fixed memory leak (call to ldap_value_free())
 1491 
 1492 2.29d	Luke Howard <lhoward@apple.com>
 1493 
 1494 	* ldap-ethers.c: fixed to use HOSTNAME attribute
 1495 
 1496 2.29c	Luke Howard <lhoward@apple.com>
 1497 
 1498 	* ieee8022Device -> ieee802Device
 1499 
 1500 2.29b	Luke Howard <lhoward@apple.com>
 1501 
 1502 	* added ieee8022Device and bootableDevice classes,
 1503 	  at Sun's request.
 1504 
 1505 2.29a	Luke Howard <lhoward@apple.com>
 1506 
 1507 	* dc -> cn
 1508 
 1509 2.29	Luke Howard <lukeh@xedoc.com>
 1510 
 1511 	* changed host/network/ethers naming schema
 1512 	  see the -02 draft revision for more info
 1513 
 1514 2.28	Luke Howard <lukeh@xedoc.com>
 1515 
 1516 	* ldap-pwd.c, ldap-spwd.c: fixed tmpbuf stuff. Yuck.
 1517 
 1518 2.27	Luke Howard <lukeh@xedoc.com>
 1519 
 1520 	* ANNOUNCE: reflected draft-howard-nis-schema-01.txt
 1521 	* ldap-spwd.c: default for shadow integer values is -1, not 0
 1522 	  and fixed crasher (thanks to dj@gregor.com)
 1523 
 1524 2.26	Luke Howard <lukeh@xedoc.com>
 1525 
 1526 	* globals.c: added offset stuff back for mapping errnumbers.
 1527 	  Weird: this stuff *was* in an earlier version of the work
 1528 	  area. I have no idea where it went. Scary.
 1529 
 1530 2.25	Luke Howard <lukeh@xedoc.com>
 1531 
 1532 	* irs-nss.h: added prototype for irs_ldap_acc()
 1533 	* ldap-*.[ch]: removed redundent PARSER macro
 1534 	* unbroke for GNU NSS (context_key_t changed to context_handle_t)
 1535 
 1536 2.24	Luke Howard <lukeh@xedoc.com>
 1537 
 1538 	* irs-nss.c: added dispatch table for IRS library
 1539 	* testpw5.c: added additional test program
 1540 	* ldap-nss.c: removed spurious debug statement
 1541 	* ldap-nss.c, util.c, dnsconfig.c: cleaned up memory
 1542 	  allocation for config. (This could be improved, but
 1543 	  there is no longer a static ldap_config_t structure.)
 1544 	* Makefile: general cleanup
 1545 
 1546 2.23	Luke Howard <lukeh@xedoc.com>
 1547 
 1548 	* default destructor is now simply wrapped around by individual backend
 1549 	  destructors
 1550 	* __EXTENSIONS__ defined for Solaris 2.6 to import strncasecmp()
 1551 	* getbyname: fixed crasher in ldap-nss.c due to uninitialized variable
 1552 	* ldap-parse.h, assorted others: tidied up resolver calls to use
 1553 	  NSS_ARGS() macro and not to interfere with the previous backend's
 1554 	  status (bad thing!)
 1555 	* ldap-service.c: cleaned up potential uninitialized var in parser
 1556 	* ldap-nss.c: no valued arrays are now { NULL } instead of NULL.
 1557 
 1558 2.22	Luke Howard <lukeh@xedoc.com>
 1559 
 1560 	* testpw.c: XXX problem. dies with segfault, but gdb doesn't give
 1561 	  me enough information; it's definitely within nss_ldap.so though.
 1562 	  I just can't see the symbols. (Maybe dbx would be better...)
 1563 	  However, testpw doesn't work at *all* under 2.5.1, and technically
 1564 	  it shouldn't as it's not linked against liblthread. I haven't been
 1565 	  able to duplicate this with testpw2, which is the same code linked
 1566 	  with the thread library.
 1567 	* backported to NeXT
 1568 
 1569 2.21	Luke Howard <lukeh@xedoc.com>
 1570 
 1571 	* resolve.h: renamed functions so as to keep namespace clean
 1572 	* snprintf.h: tidied up for systems which already have snprintf()
 1573 	  and renamed anyway to keep namespace clean (_nss_ldap_snprintf)
 1574 	* ldap-*.h: made character constants const to avoid nasty warnings
 1575 	* globals.[ch]: as above
 1576 	* README, TODO, ANNOUNCE: general documentation updates
 1577 	* ldap-nss.c, et al: general work on Solaris 2.6 port, to get
 1578 	  nscd working. Lots of fiddling with the locking.
 1579 	* Major architectural changes to Solaris NSS implementation.
 1580 	  Thread specific data is now stored in the backend, where it
 1581 	  should be: just like it is in IRS. Locking is a little more
 1582 	  coarse now, but it will do for the moment.
 1583 	* Paul Henson's DCE module gave me the inspiration to do the
 1584 	  backend stuff the "right" way -- thanks, Paul!
 1585 	* As a result, a lot of the bugs listed in TODO have mysteriously
 1586 	  fixed themselves. :-)
 1587 
 1588 2.20	Luke Howard <lukeh@xedoc.com>
 1589 
 1590 	* Makefile.*: ensured resolve.[ch] and dnsconfig.[ch] were there.
 1591 	* Makefile: should link now with gcc -shared instead of requiring
 1592 	  cc.
 1593 
 1594 2.19	Luke Howard <lukeh@xedoc.com>
 1595 
 1596 	* testpw4.c: added irs hostbyname() test
 1597 	* Makefile: added correct flags to build position indepdenent
 1598 	  code with Sun's compiler (thanks, Bill). Added SRV sources.
 1599 	* testpw.c: works under NeXT, cleaned up a bit.
 1600 	* ldap.conf: documented what this file does
 1601 	* util.c: ignore blank lines in ldap.conf properly
 1602 	* resolve.h: fixed up for Solaris
 1603 
 1604 2.18	Luke Howard <lukeh@xedoc.com>
 1605 
 1606 	* ldap-network.c: fixed infinite loop in getnetbyname()
 1607 	* util.c: goto out causes a compiler warning under Solaris.
 1608 	  Documented this. Should fix this, I suppose, but we need
 1609 	  to break out of two blocks. (We could remove the code that
 1610 	  handles multivalued DNs, as it's fairly unlikely that someone
 1611 	  will use a DN of o=Xedoc+dc=xedoc,c=US+dc=com, but who knows?)
 1612 	* ldap-ethers.c: line 215, result was not assigned to an
 1613 	  lvalue (should have been args->status, not args). Fixed.
 1614 
 1615 2.17	Luke Howard <lukeh@xedoc.com>
 1616 
 1617 	* Cleaned up documentation and testpw4.c
 1618 	* dnsconfig.c: Fixed strtok() bug which was clobbering domain
 1619 
 1620 2.16	Luke Howard <lukeh@xedoc.com>
 1621 
 1622 	* util.c (_nss_ldap_readconfig) fixed strtok() typo
 1623 
 1624 2.15	Luke Howard <lukeh@xedoc.com>
 1625 
 1626 	* dnsconfig.c: got DNS SRV support working under NEXTSTEP 
 1627 	* util.c: (_nss_ldap_getdomainname) made host and network DN parsing
 1628           compliant with current draft 
 1629 
 1630 2.2 - 2.14	Luke Howard <lukeh@xedoc.com>
 1631 
 1632 	* I'll get around to merging in the RCS log here one day.
 1633 	  Nothing very exciting happened, I just backported the code to
 1634 	  NEXTSTEP and compiled it.
 1635 
 1636 2.1 	Luke Howard <lukeh@xedoc.com>
 1637 
 1638 	* merged in old RCS tree (now nss_ldap 0.2)
 1639 
 1640 1.x	Luke Howard <lukeh@xedoc.com>
 1641 
 1642 	* old RCS repository (corresponds to nss_ldap 0.1)
 1643