$Header: /home/project/cvs/nss_ldap/ChangeLog,v 2.91 2000/10/21 06:51:55 lukeh Exp $
===============================================================

122	Luke Howard <lukeh@padl.com>

	* fixed BUG#50 (check return value of ldap_simple_bind())

121	Luke Howard <lukeh@padl.com>

	* fixed BUG#49 (fix acknowledged race condition)

120	Luke Howard <lukeh@padl.com>

	* added Makefile.aix and exports.aix (forgot)

119	Luke Howard <lukeh@padl.com>

	* patch from Gabor Gombas <gombasg@inf.elte.hu>
	  to support AIX implementation of BIND IRS

118	Luke Howard <lukeh@padl.com>

	* Makefile.RPM.openldap2 from Joe Little

117	Luke Howard <lukeh@padl.com>

	* permanently ignore SIGPIPE when using SSL. This
	  bug should be fixed properly.

116	Luke Howard <lukeh@padl.com>

	* added irs-nss.diff and README.IRS from Emile
	  Heitor

115	Luke Howard <lukeh@padl.com>

	* fixed filter escaping
	* call ldapssl_client_init() once only
	* include db_185.h not db.h for dn2uid cache
	* fixes for FreeBSD (IRS) support from Emile
	  Heitor

113	Luke Howard <lukeh@padl.com>

	* patch from Ben Collins to escape '*' in filters

110	Luke Howrad <lukeh@padl.com>

	* patch from Phlilip Liu for async binds

109	Luke Howard <lukeh@padl.com>

	* omit socket check for -DSSL; it doesn't work
	* updated CONTRIBUTORS
	* updated README re HAVE_LDAP_LD_FREE

108	Luke Howard <lukeh@padl.com>

	* included "deref" option in /etc/ldap.conf, compatible
	  with OpenLDAP syntax. Patch from Michael Mattice.

107	Luke Howard <lukeh@padl.com>

	* fixed argument to _nss_ldap_getent() in ldap-ethers.c

106.2	Luke Howard <lukeh@padl.com>

	* if root, use rootbinddn/rootbindpw in rebind proc
	* include objectClass in pwd required attributes

106.1	Luke Howard <lukeh@padl.com>

	* if user is a shadowAccount, then don't return password
	  in getpwent(), getpwuid() or getpwnam()
	* incorporated patch (from Doug Nazar):
	* allow getgrent() to be called without setgrent();
	  note arguments to _nss_ldap_getent() have changed.
	* return NSS_NOTFOUND instead of NSS_UNAVAIL at the
	  end of a search
	* initialize len for getpeername()

105	Luke Howard <lukeh@padl.com>

	* incorporated patch for deadlock under Solaris (from
	  Dave Begley)

104	Luke Howard <lukeh@padl.com>

	* new spec file

103	Luke Howard <lukeh@padl.com>

	* don't call ldap_parse_result() with V2 API

102	Luke Howard <lukeh@padl.com>

	* added defines for LDAP_MSG_ONE et al if not in ldap.h
	* removed LDAP_MORE_RESULTS_TO_RETURN test 

101	Luke Howard <lukeh@padl.com>

	* fixed spec file

100	Luke Howard <lukeh@padl.com>

	* support for asynchronous search API!
	* added some contributors
	* notes about ldap_ld_free()
	* merged in ChangeLog

99	Luke Howard <lukeh@padl.com>

	* added some netgroup implementation tips
	* do_close_no_unbind() cleanup

98	Luke Howard <lukeh@padl.com>

	* /etc/nss_ldap.secret -> /etc/ldap.secret (sorry,
	  Doug!)
	* deleted crypt-mechanism code. Junk.
	* fixed call to _nss_ldap_read() after changing
	  prototypes in nss_ldap-88

97	Luke Howard <lukeh@padl.com>

	* #ifndef HAVE_LDAP_LD_FREE, still call ldap_unbind(),
	  but having closed the descriptor.

96	Luke Howard <lukeh@padl.com>

	* re-orged

95	Luke Howard <lukeh@padl.com>

	* disable SO_KEEPALIVE on socket rather than blocking
	  SIGPIPE. Need to figure out the right way to do this.

94	Luke Howard <lukeh@padl.com>

	* committed some changes for the parent/child close
	  problem. It relies on internal libldap APIs so
	  it may be non-portable but should work with OpenLDAP
	  and Netscape client libraries, and perhaps most UMich-
	  derived client libraries. There's a possible workaround
	  for client libraries without this; undefine
	  HAVE_LDAP_LD_FREE to test this.

93	Luke Howard <lukeh@padl.com>

	* important fix: make sure return status is reset
	  after do_open() == NSS_SUCCESS, just in case
	  no entries are returned. This bug was introduced
	  in nss_ldap-88 and could potentially cause a
	  security hole.

92	Luke Howard <lukeh@padl.com>

	* signal handling fix: don't restore handler
	  unnecessarily. 
	* don't open nss_ldap.secret unless a root pw
	  is specified in ldap.conf

91	Luke Howard <lukeh@padl.com>

	* reorganized SIGPIPE blocking code
	* added SSL support

90	Luke Howard <lukeh@padl.com>

	* only reconnect if we've changed to/from root

89	Luke Howard <lukeh@padl.com>

	* cleaned up a few things

88	Luke Howard <lukeh@padl.com>

	* added breaks to switch in _nss_ldap_lookup
	  (thanks to Nathan.Hawkins@FMR.COM for pointing
	   this out)
	* save signal handler and ignore SIGPIPE for
	  appropriate sections of do_open() and confirm
	  connection is still active (patch from
	  rpatel@globix.com)
	* allow root users to bind as a different user,
	  to provide quasi-shadow password support (patch
	  from nazard@dragoninc.on.ca)
	* under Linux, make Makefile look at last libc
	  version (patch from nazard@dragoninc.on.ca)
	* never clobber nsswitch.ldap/ldap.conf when
	  making install (patch from nazard@dragoninc.on.ca)
	* change do_open() to not unbind the parent ldap
	  connection when the pid changes but simply open a
	  new connection (patch from nazard@dragoninc.on.ca)
	* changed _nss_ldap_lookup() and _nss_ldap_read()
	  prototypes to return NSS_STATUS error codes,
	  so that NSS_UNAVAIL percolates as appropriate.
	
87	Luke Howard <lukeh@padl.com>

	* fixed looking up DN-membered groups by member. Thanks
	  to Jeff Mandel for spotting this hard to find bug.

86	Luke Howard <lukeh@padl.com>

	* member for NDS vs uniqueMember (needs further
	  investigation; -DNDS)

85	Luke Howard <lukeh@padl.com>

	* check non-NULLity of userdn before freeing
	* use AT(uid) for groupsbymember filter

84	Luke Howard <lukeh@padl.com>

	* implemented _nss_ldap_initgroups()

81	Luke Howard <lukeh@padl.com>

	* removed extraneous do_sleep() code
	* updated spec file

80	Luke Howard <lukeh@padl.com>

	* (really 2.80) changed version number a la Solaris 7!
	* cleaned up schema stuff into ldap-schema.h

2.79	Luke Howard <lukeh@padl.com>

	* implemented exponential backoff reconnect logic

2.78	Luke Howard <lukeh@padl.com>

	* removed ldap.conf.ragenet from lineup
	* removed spurious do_close()

2.76	Luke Howard <lukeh@padl.com>

	* added -lresolv to Solaris makefiles

2.75	Luke Howard <lukeh@padl.com>

	* incorporated RPM patches from stein@terminator.net

2.72	Luke Howard <lukeh@padl.com>

	* implemented getgroupsbymember() for Solaris.
	  Supplementary groups should be initialized now.
	  (NB: doesn't appear to be quite working for
	  RFC2307bis yet.)
 	* GNU indent-ified

2.71	Luke Howard <lukeh@padl.com>

	* removed -DDEBUG as default build flag

2.70	Luke Howard <lukeh@padl.com>

	* put /usr/ucblib back into linker search path for
	  Solaris. 

2.69	Luke Howard <lukeh@padl.com>

	* added timeout, unavailable, and server busy 
	  conditions to rebind logic
	* indent -gnu all source files

2.68	Luke Howard <lukeh@padl.com>

	* mods for glibc 2.1 (__set_errno is obselete it seems)

2.65	Luke Howard <lukeh@padl.com>

	* mods to compile with OpenLDAP 2

2.64	Luke Howard <lukeh@padl.com>

	* changed alias schema to Sun SDS nisMailAlias schema
	* updated TODO list to reflect Bugzilla entries
	* restored capitalization of attributes for "niceness"

2.63	Luke Howard <lukeh@padl.com>

	* added patch from gero@faveve.uni-stuttgart.de for
	  parsing of ldap.conf with tabs
	* some fixes for BSDI BSD/OS IRS

2.62 	Luke Howard <lukeh@padl.com>

	* added experimental support for DN-membered groups;
	  to enable, define RFC2307BIS
	* fixed align bug (where buflen wasn't being
	  decremented after pointer alignment)

2.61	Luke Howard <lukeh@padl.com>

	* added warning about compiling with DS 4.1 LDAP SDK

2.60	Luke Howard <lukeh@padl.com>

	* fixed missing close brace

2.59	Luke Howard <lukeh@padl.com>

	* pw_comment field defaults to pw_gecos (Solaris only)

2.56	Luke Howard <lukeh@padl.com>

	* fixed Makefile.linux.mozilla NSSLIBVER

2.55	Luke Howard <lukeh@padl.com>

	* merged in glibc-2.1 branch

2.54.6	Luke Howard <lukeh@padl.com>

	* misc fixes.

2.54.5	Luke Howard <lukeh@padl.com>

	* misc fixes.

2.54.4	Luke Howard <lukeh@padl.com>

	* glibc-2.1 patches from bcollins@debian.org

2.54.3	Luke Howard <lukeh@padl.com>

	* glibc-2.1 support. (Recall #93)
	* set erange correctly on Solaris (related to above)

2.51	Luke Howaed <lukeh@padl.com>

	* added rebind function

2.51	Luke Howard <lukeh@padl.com>

	* added stuff for RC

2.49	Luke Howard <lukeh@padl.com>

	* configuration file is now case insensitive

2.47  Luke Howard <lukeh@xedoc.com>

	* RFC2052BIS (_ldap._tcp) support

2.45	Luke Howard <lukeh@xedoc.com>

	* added #include <stdlib.h> to globals.c

2.44	Luke Howard <lukeh@xedoc.com>

	* NULL search base allowed (omit basedn from config file)

2.42	Luke Howard <lukeh@xedoc.com>

	* fixed potential crasher in dnsconfig.c
	* LDAP session is now persistent for performance reasons.
	  Removed references to the session anywhere outside
	  ldap-nss.c. The process ID is cached and the session
	  reopened after a fork().

2.39	Luke Howard <lukeh@xedoc.com>

	* fixed warning in ldap-ethers.c (removed const from 
	  struct ether)
	* added ldap_version keyword to ldap.conf for parity with
	  pam_ldap

2.38	Luke Howard <lukeh@xedoc.com>

	* debugged ldap_explode_rdn() code
	* added support for Mozilla LDAP client library; see
	  Makefile.linux.mozilla and ltf.c for more information.
	  Thanks to Netscape for making their library 
	  available.

2.37	Luke Howard <lukeh@xedoc.com>

	* moved to CVS repository and Linux as development
	  environment 
	* incorporated ldap-service.c fix from Greg

2.36	Luke Howard <lukeh@xedoc.com>

	* util.c: will use ldap_explode_rdn() if it exists

2.35	Luke Howard <lukeh@xedoc.com>

	* made util.c compile again. Silly me.

2.34	Luke Howard <lukeh@xedoc.com>

	* fixed #endif in testpw.c 
	* fixed another DN freeing leak in util.c
	* added RFC 2307 to distribution (fixed the two
	  typos in it:
	* fixed bug in ...getrdnvalue() (thanks, Greg)

% diff rfc2307.txt ~/rfc2307.txt
480c480
<           MUST ( cn $ ipProtocolNumber )
---
>           MUST ( cn $ ipProtocolNumber $ description )
1038c1038
<         lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/csh
---
>         lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/sh

2.33	Luke Howard <lukeh@xedoc.com>

	* rolled in more patches from greg@rage.net:
	* removed _r from setXXXent and endXXXent functions
	  for GNU_NSS
	* cleaned up testpw.c to use pthreads and protos
	* fixed prototype for gethostbyaddr_r on GNU_NSS
	* braced conditional in getservbyname_r
	* merged in Makefile.linux and README.LINUX diffs 
	* added htons(port) in getservbyport_r
	* added nsswitch.test
	* added ldaptest.pl
	* added ldap.conf.ragenet

2.32	Luke Howard <lukeh@xedoc.com>

	* moved Makefile to Makefile.solaris
	* cleaned up mutex code for Linux, hopefully

2.31	Luke Howard <lukeh@xedoc.com>

	* fixed leak in util.c (need to free dn)
	* rolled in patches from greg@rage.net:
	* fixed ldap-ethers.c to use struct ether
	* fixed bracing in ldap-hosts.c (?)
	* added SSLEAY patch to ldap-nss.h
	* fixed locking in ldap-nss.h
	* Makefile changes incorporated into Makefile.linux

2.30	Luke Howard <lukeh@xedoc.com>

	* synced into DevMan repository again
	* RFC 2307 is the one!

2.29e	Luke Howard <lhoward@apple.com>

	* util.c: fixed memory leak (call to ldap_value_free())

2.29d	Luke Howard <lhoward@apple.com>

	* ldap-ethers.c: fixed to use HOSTNAME attribute

2.29c	Luke Howard <lhoward@apple.com>

	* ieee8022Device -> ieee802Device

2.29b	Luke Howard <lhoward@apple.com>

	* added ieee8022Device and bootableDevice classes,
	  at Sun's request.

2.29a	Luke Howard <lhoward@apple.com>

	* dc -> cn

2.29	Luke Howard <lukeh@xedoc.com>

	* changed host/network/ethers naming schema
	  see the -02 draft revision for more info

2.28	Luke Howard <lukeh@xedoc.com>

	* ldap-pwd.c, ldap-spwd.c: fixed tmpbuf stuff. Yuck.

2.27	Luke Howard <lukeh@xedoc.com>

	* ANNOUNCE: reflected draft-howard-nis-schema-01.txt
	* ldap-spwd.c: default for shadow integer values is -1, not 0
	  and fixed crasher (thanks to dj@gregor.com)

2.26	Luke Howard <lukeh@xedoc.com>

	* globals.c: added offset stuff back for mapping errnumbers.
	  Weird: this stuff *was* in an earlier version of the work
	  area. I have no idea where it went. Scary.

2.25	Luke Howard <lukeh@xedoc.com>

	* irs-nss.h: added prototype for irs_ldap_acc()
	* ldap-*.[ch]: removed redundent PARSER macro
	* unbroke for GNU NSS (context_key_t changed to context_handle_t)

2.24	Luke Howard <lukeh@xedoc.com>

	* irs-nss.c: added dispatch table for IRS library
	* testpw5.c: added additional test program
	* ldap-nss.c: removed spurious debug statement
	* ldap-nss.c, util.c, dnsconfig.c: cleaned up memory
	  allocation for config. (This could be improved, but
	  there is no longer a static ldap_config_t structure.)
	* Makefile: general cleanup

2.23	Luke Howard <lukeh@xedoc.com>

	* default destructor is now simply wrapped around by individual backend
	  destructors
	* __EXTENSIONS__ defined for Solaris 2.6 to import strncasecmp()
	* getbyname: fixed crasher in ldap-nss.c due to uninitialized variable
	* ldap-parse.h, assorted others: tidied up resolver calls to use
	  NSS_ARGS() macro and not to interfere with the previous backend's
	  status (bad thing!)
	* ldap-service.c: cleaned up potential uninitialized var in parser
	* ldap-nss.c: no valued arrays are now { NULL } instead of NULL.

2.22	Luke Howard <lukeh@xedoc.com>

	* testpw.c: XXX problem. dies with segfault, but gdb doesn't give
	  me enough information; it's definitely within nss_ldap.so though.
	  I just can't see the symbols. (Maybe dbx would be better...)
	  However, testpw doesn't work at *all* under 2.5.1, and technically
	  it shouldn't as it's not linked against liblthread. I haven't been
	  able to duplicate this with testpw2, which is the same code linked
	  with the thread library.
	* backported to NeXT

2.21	Luke Howard <lukeh@xedoc.com>

	* resolve.h: renamed functions so as to keep namespace clean
	* snprintf.h: tidied up for systems which already have snprintf()
	  and renamed anyway to keep namespace clean (_nss_ldap_snprintf)
	* ldap-*.h: made character constants const to avoid nasty warnings
	* globals.[ch]: as above
	* README, TODO, ANNOUNCE: general documentation updates
	* ldap-nss.c, et al: general work on Solaris 2.6 port, to get
	  nscd working. Lots of fiddling with the locking.
	* Major architectural changes to Solaris NSS implementation.
	  Thread specific data is now stored in the backend, where it
	  should be: just like it is in IRS. Locking is a little more
	  coarse now, but it will do for the moment.
	* Paul Henson's DCE module gave me the inspiration to do the
	  backend stuff the "right" way -- thanks, Paul!
	* As a result, a lot of the bugs listed in TODO have mysteriously
	  fixed themselves. :-)

2.20	Luke Howard <lukeh@xedoc.com>

	* Makefile.*: ensured resolve.[ch] and dnsconfig.[ch] were there.
	* Makefile: should link now with gcc -shared instead of requiring
	  cc.

2.19	Luke Howard <lukeh@xedoc.com>

	* testpw4.c: added irs hostbyname() test
	* Makefile: added correct flags to build position indepdenent
	  code with Sun's compiler (thanks, Bill). Added SRV sources.
	* testpw.c: works under NeXT, cleaned up a bit.
	* ldap.conf: documented what this file does
	* util.c: ignore blank lines in ldap.conf properly
	* resolve.h: fixed up for Solaris

2.18	Luke Howard <lukeh@xedoc.com>

	* ldap-network.c: fixed infinite loop in getnetbyname()
	* util.c: goto out causes a compiler warning under Solaris.
	  Documented this. Should fix this, I suppose, but we need
	  to break out of two blocks. (We could remove the code that
	  handles multivalued DNs, as it's fairly unlikely that someone
	  will use a DN of o=Xedoc+dc=xedoc,c=US+dc=com, but who knows?)
	* ldap-ethers.c: line 215, result was not assigned to an
	  lvalue (should have been args->status, not args). Fixed.

2.17	Luke Howard <lukeh@xedoc.com>

	* Cleaned up documentation and testpw4.c
	* dnsconfig.c: Fixed strtok() bug which was clobbering domain

2.16	Luke Howard <lukeh@xedoc.com>

	* util.c (_nss_ldap_readconfig) fixed strtok() typo

2.15	Luke Howard <lukeh@xedoc.com>

	* dnsconfig.c: got DNS SRV support working under NEXTSTEP 
	* util.c: (_nss_ldap_getdomainname) made host and network DN parsing
          compliant with current draft 

2.2 - 2.14	Luke Howard <lukeh@xedoc.com>

	* I'll get around to merging in the RCS log here one day.
	  Nothing very exciting happened, I just backported the code to
	  NEXTSTEP and compiled it.

2.1 	Luke Howard <lukeh@xedoc.com>

	* merged in old RCS tree (now nss_ldap 0.2)

1.x	Luke Howard <lukeh@xedoc.com>

	* old RCS repository (corresponds to nss_ldap 0.1)

