| Line | Revision | Contents |
| 1 | 87 | vNEXT: |
| 2 | * Emit correct LDAP timeout in debug message, accounting for the default if |
|
| 3 | none was specified. Reported by Nikos Voutsinas <nvoutsin@noc.uoa.gr>. |
|
| 4 | 89 | * Fix segfaults in debug logging on platforms whose printf() does not |
| 5 | gracefully handle NULL string pointers. (Bug #3346) |
|
| 6 | 90 | * Add support for quota profiles. If a user entry doesn't have an ftpQuota |
| 7 | attribute, search for the DN contained in the user's ftpQuotaProfileDN |
|
| 8 | attribute (if present) and use the ftpQuota attribute present on that DN. |
|
| 9 | (Bug #2617) |
|
| 10 | 87 | |
| 11 | 83 | v2.8.21: |
| 12 | * Implement an internal failover mechanism instead of relying on the LDAP |
|
| 13 | SDK's built-in failover (if any). Fixes failover regression introduced |
|
| 14 | in v2.8.19 when ldap_initialize() was first used. |
|
| 15 | * Multiple LDAP URL arguments may now be passed to LDAPServer: |
|
| 16 | ||
| 17 | LDAPServer ldap://127.0.0.1/??sub ldap://172.16.0.1/??sub |
|
| 18 | * When setting whether to dereference LDAP aliases after connecting to |
|
| 19 | the LDAP server, treat failure as a hard failure and refuse to continue |
|
| 20 | with that LDAP server. Previously, failure when specifying whether to |
|
| 21 | dereference aliases would be logged but the connection to that server |
|
| 22 | would continue. |
|
| 23 | ||
| 24 | 57 | v2.8.20: |
| 25 | * Prevent the use of LDAPSearchScope or LDAPUseSSL when LDAPServer specifies |
|
| 26 | a URL. Instead, the desired search scope and SSL setting should be |
|
| 27 | specified by the URL. |
|
| 28 | 61 | * When using OpenSSL for local password verification (as opposed to |
| 29 | 'LDAPAuthBinds on'), make the Base64 encoding buffer larger to ensure |
|
| 30 | we account for expansion resulting from the encoding. |
|
| 31 | 62 | * Retrieve all LDAP attributes when calling pr_ldap_user_lookup() since |
| 32 | it will need various attributes (to perform home directory generation, |
|
| 33 | for one). Thanks to Nikos Voutsinas <nvoutsin@noc.uoa.gr>. |
|
| 34 | http://forums.proftpd.org/smf/index.php/topic,3562.0.html |
|
| 35 | 66 | * Portability fix: don't use ldap_initialize() and ldap_unbind_ext_s() |
| 36 | unless we're building against the corresponding versions of the OpenLDAP |
|
| 37 | SDK. |
|
| 38 | 57 | |
| 39 | 47 | v2.8.19: |
| 40 | * Fix compilation with old LDAP SDKs (LDAP_API_VERSION < 2000). Thanks to |
|
| 41 | Saju Paul <saju.paul@messageway.com>. |
|
| 42 | 48 | * Define LDAP_SCOPE_DEFAULT if not defined by the SDK, fixing compilation |
| 43 | with (recent?) Sun LDAP headers. |
|
| 44 | 52 | * Use the configured ldap_port in "connected..." debug message, not |
| 45 | LDAP_PORT. |
|
| 46 | * Fix segfaults on client connect when an LDAP URL is used as an argument |
|
| 47 | to the LDAPServer directive. (Bug #3097) |
|
| 48 | * Automatically enable LDAP TLS support based on a best guess as to whether |
|
| 49 | the installed LDAP SDK supports it. |
|
| 50 | 53 | * Fixed missing ldap_init() -> ldap_initialize() when updating for latest |
| 51 | LDAP C API. Fixes segfaults on (some?) 64-bit systems. (Bug #3046) |
|
| 52 | 47 | |
| 53 | 45 | v2.8.18: |
| 54 | * Remove all local caching code in favor of the recently added caching in |
|
| 55 | the ProFTPD Auth layer. |
|
| 56 | * Silence some compiler warnings. |
|
| 57 | 46 | * To verify non-crypt() password hashes locally with OpenSSL, it is no |
| 58 | longer necessary to edit mod_ldap.c to enable HAVE_OPENSSL. Instead, |
|
| 59 | build ProFTPD with the --enable-openssl argument to configure. |
|
| 60 | 45 | |
| 61 | 36 | v2.8.17: |
| 62 | * Use non-deprecated LDAP API functions if the LDAP SDK is new enough to |
|
| 63 | comply with draft-ietf-ldapext-ldap-c-api-04. |
|
| 64 | ||
| 65 | 23 | v2.8.16: |
| 66 | * Add 'LDAPAliasDereference never|search|find|always' directive, which |
|
| 67 | defaults to never. This default is compatible with previous versions, |
|
| 68 | which did not support alias dereferencing. |
|
| 69 | * Fix LDAPAttr support when more than one LDAPAttr directive is used. |
|
| 70 | * Sync with ProFTPD API: set session.auth_mech to indicate that we've |
|
| 71 | successfully authenticated the user. |
|
| 72 | 22 | * Eliminate segfaults when group information for an LDAP user is available |
| 73 | from other sources (such as mod_auth_unix). Thanks to Erick Briere |
|
| 74 | <Erick.Briere@afp.com>. |
|
| 75 | 23 | * Make sure to count %u escapes as well as %v escapes when determining |
| 76 | filter length. |
|
| 77 | * Fix parenthesizing in connection code. |
|
| 78 | ||
| 79 | v2.8.15: |
|
| 80 | * Erroneous release; contained 2.8.14 by mistake. |
|
| 81 | 22 | |
| 82 | 21 | v2.8.14: |
| 83 | * Fix authentication when LDAPAuthBinds is enabled, which broke in 2.8.13. |
|
| 84 | * Fix a typo in the group-by-name filter. |
|
| 85 | ||
| 86 | 20 | v2.8.13: |
| 87 | * This release REQUIRES ProFTPD 1.2.11rc1 or later. |
|
| 88 | * mod_ldap now uses ProFTPD's CreateHome to create home directories. Some |
|
| 89 | LDAPHomedirOnDemand directives have been removed in favor of CreateHome. |
|
| 90 | The directives that apply to home directory path name generation still |
|
| 91 | exist, but have been renamed to LDAPGenerateHomedir. |
|
| 92 | * The LDAP protocol version now defaults to LDAPv3. If you need to use |
|
| 93 | LDAPv2, say 'LDAPProtocolVersion 2' in your proftpd.conf. (Bug #2443) |
|
| 94 | * LDAP attribute names are now configurable via proftpd.conf. For example, |
|
| 95 | if you want to change the uid attribute name, say 'LDAPAttr uid myUidAttr' |
|
| 96 | in your proftpd.conf. |
|
| 97 | * The define to enable TLS support has been renamed to USE_LDAP_TLS. |
|
| 98 | * The '%u' escape is now supported in all cases where '%v' is. |
|
| 99 | * ProFTPD's UserPassword directive now works with LDAPAuthBinds enabled. |
|
| 100 | (Bug #2482) |
|
| 101 | * Changed ldap_quota_lookup CMD to a HOOK. |
|
| 102 | * Fixed a few compiler type warnings. |
|
| 103 | ||
| 104 | 19 | v2.8.12: |
| 105 | * Group code memory manipulation fixes (Phil Oester (phil at theoesters dot |
|
| 106 | com)) |
|
| 107 | * Default quota support |
|
| 108 | * LDAP connections created for authenticated binds now honor the LDAPUseTLS |
|
| 109 | directive. |
|
| 110 | ||
| 111 | 18 | v2.8.11: |
| 112 | * mod_quotatab limit support |
|
| 113 | * Allow ATTR_* compiler defines to be overridden on the build command line, |
|
| 114 | e.g.: CFLAGS="-DUID_ATTR=foo" ./configure |
|
| 115 | * The canonical username from the LDAP directory is now used in directory |
|
| 116 | creation. |
|
| 117 | * LDAPForceHomedirOnDemand to force the use of the generated home directory |
|
| 118 | instead of the directory provided by the LDAP directory. |
|
| 119 | * Support for permissions on LDAPHomedirOnDemand suffixes. You can say: |
|
| 120 | ||
| 121 | LDAPHomedirOnDemandSuffix foo:755 bar:700 |
|
| 122 | ||
| 123 | in your proftpd.conf. |
|
| 124 | * Support for %v escapes in LDAPDoAuth directive to allow fetching the |
|
| 125 | user's entry directly, without performing a search first. For example, |
|
| 126 | ||
| 127 | LDAPDoAuth on uid=%v,dc=example,dc=com |
|
| 128 | ||
| 129 | will fetch the entry uid=[username],dc=example,dc=com directly when a user |
|
| 130 | logs in, saving some effort on the part of the LDAP directory. |
|
| 131 | * Leading directories are now checked for and creation is no longer |
|
| 132 | attempted if they already exist. |
|
| 133 | * Miscellaneous pedanticism & cleanup in error messages and the code itself. |
|
| 134 | ||
| 135 | 17 | v2.8.10: |
| 136 | * Ditch ldap_build_filter() (non-portable and/or deprecated) in favor of |
|
| 137 | our own translation function. This should make mod_ldap build against |
|
| 138 | OpenLDAP 2.1.x and Novell eDirectory, among others. |
|
| 139 | ||
| 140 | v2.8.9: |
|
| 141 | * Added explicit OpenSSL link exception to the license. |
|
| 142 | ||
| 143 | v2.8.8: |
|
| 144 | * ProFTPD Bug 1659 - LDAP config handlers should use c->pool instead of |
|
| 145 | permanent_pool |
|
| 146 | ||
| 147 | v2.8.7: |
|
| 148 | * Properly drop root privs in the LDAPHomedirOnDemand code if we're |
|
| 149 | returning prematurely due to an error condition. |
|
| 150 | * Small cleanup of the LDAPHomedirOnDemand directory creation code. |
|
| 151 | ||
| 152 | v2.8.6: |
|
| 153 | * Fix to the user-caching code that now prevents the cache from |
|
| 154 | returning an empty password struct in certain situations. |
|
| 155 | ||
| 156 | v2.8.5: |
|
| 157 | * Small fix in the group handlers - group lookups would sometimes be |
|
| 158 | attempted even if they were disabled. |
|
| 159 | ||
| 160 | v2.8.4: |
|
| 161 | * Fix for segfaults when optional arguments are omitted from |
|
| 162 | LDAPDoGIDLookups directive |
|
| 163 | ||
| 164 | 16 | v2.8.3: |
| 165 | * Secondary group support (thanks to Andreas Strodl for providing patches) |
|
| 166 | * LDAPHomedirOnDemand modes are now absolute; they are no longer subject |
|
| 167 | to ProFTPD's umask. |
|
| 168 | * LDAPDefault[UG]ID directives should now support the full range of |
|
| 169 | 32-bit UIDs. |
|
| 170 | * Sanity checking is now done on LDAPDefault[UG]ID arguments to ensure |
|
| 171 | they're numeric. |
|
| 172 | * LDAPDoGIDLookups now takes an extra argument. Its arguments are now: |
|
| 173 | ||
| 174 | LDAPDoGIDLookups on|off group-base-dn by-name-filter by-uid-filter |
|
| 175 | ||
| 176 | by-name-filter defaults to (&(cn=%v)(objectclass=posixGroup)) and |
|
| 177 | by-uid-filter defaults to (&(gidNumber=%v)(objectclass=posixGroup)). |
|
| 178 | ||
| 179 | 15 | v2.8.2: |
| 180 | * Fixed a privilege escalation bug. If LDAPHomedirOnDemand is enabled and |
|
| 181 | creation of the user's home directory fails, the server does not |
|
| 182 | relinquish root privileges. There shouldn't be exploitable, but all |
|
| 183 | users with LDAPHomedirOnDemand enabled are encouraged to upgrade. |
|
| 184 | ||
| 185 | v2.8.1: |
|
| 186 | * Fixed a bug that prevented proper permissions being applied to home |
|
| 187 | directories created on demand. |
|
| 188 | * Fixed an issue that would prevent per-VirtualHost configuration directives |
|
| 189 | from being properly recognized. |
|
| 190 | ||
| 191 | 13 | v2.8: |
| 192 | * The username escape sequence in search filter templates has changed. |
|
| 193 | You must now use %v instead of %u as the escape for the username. For |
|
| 194 | example, if you had: |
|
| 195 | ||
| 196 | LDAPDoAuth on dc=example,dc=com (uid=%u) |
|
| 197 | ||
| 198 | in your proftpd.conf with a previous version of mod_ldap, you will need |
|
| 199 | to change this to: |
|
| 200 | ||
| 201 | LDAPDoAuth on dc=example,dc=com (uid=%v) |
|
| 202 | ||
| 203 | * LDAPAuthBinds is now enabled by default. I'm sick of hearing "Your |
|
| 204 | mod_ldap is broken; it won't talk to my LDAP server and I've ignored the |
|
| 205 | convenient error message about userPassword that mod_ldap logs." |
|
| 206 | ||
| 207 | * The full path to user home directories is now created. Directories leading |
|
| 208 | up to the user's home directory are created root-owned and mode 755 (i.e., |
|
| 209 | they are not subject to the mode argument to LDAPHomedirOnDemand). Home |
|
| 210 | directory creation now works for all users, not just users with the same |
|
| 211 | UID/GID as the main ProFTPD server. Lastly, the mode argument to |
|
| 212 | LDAPHomedirOnDemand is no longer subject to ProFTPD's Umask. |
|
| 213 | ||
| 214 | * TLS support (You'll need to edit mod_ldap.c to define USE_LDAPV3_TLS and |
|
| 215 | recompile proftpd, then say 'LDAPUseTLS on' in your proftpd.conf). This |
|
| 216 | may or may not work with non-OpenLDAP SDKs; I'd love to hear if anyone has |
|
| 217 | it working with the Mozilla LDAP SDK or any others. |
|
| 218 | ||
| 219 | * The LDAP search sizelimit is now set to prevent LDAP server thrashing with |
|
| 220 | wildcarded usernames. |
|
| 221 | ||
| 222 | * Basic caching support has been added. This should cut down on the number |
|
| 223 | of queries made to the directory server. In addition, negative caching |
|
| 224 | is now enabled by default. |
|
| 225 | ||
| 226 | * LDAPHomedirOnDemandSuffix can now take multiple arguments (multiple |
|
| 227 | directories to create) and can be activated independently of |
|
| 228 | LDAPHomedirOnDemand. |
|
| 229 | ||
| 230 | * With the addition of LDAPHomedirOnDemandPrefix, home directories can now |
|
| 231 | be completely autogenerated, removing the need for a homeDirectory |
|
| 232 | attribute in each user's LDAP entry. Say: |
|
| 233 | ||
| 234 | LDAPHomedirOnDemandPrefix /home |
|
| 235 | ||
| 236 | in your proftpd.conf to give users a home directory with the format |
|
| 237 | /home/username. In this example, the user joe would be given the home |
|
| 238 | directory /home/joe. |
|
| 239 | ||
| 240 | * Attribute names are now #defines at the top of mod_ldap.c. You can now |
|
| 241 | change attribute names by editing mod_ldap.c and recompiling. |
|
| 242 | ||
| 243 | * The LDAPDefaultUID and LDAPDefaultGID directives can now be forced; |
|
| 244 | enabling LDAPForceDefaultUID or LDAPForceDefaultGID will apply the |
|
| 245 | default UID or GID (respectively) even if a user has a different UID/GID |
|
| 246 | in his uidNumber or gidNumber attribute. |
|
| 247 | ||
| 248 | * Fairly extensive code cleanup and comment syncing. |
|
| 249 | ||
| 250 | 12 | v2.7.6: |
| 251 | * Fixing the OpenLDAP 2 fixes. |
|
| 252 | ||
| 253 | v2.7.5: |
|
| 254 | * Fixes for OpenLDAP 2 support. |
|
| 255 | * Fix LDAP authentication filter use; previously, the user-specified search |
|
| 256 | filter would not be used in the second stage of authenticating a user. |
|
| 257 | ||
| 258 | v2.7.4: |
|
| 259 | * The LDAPDefaultAuthScheme directive should function properly now. |
|
| 260 | ||
| 261 | v2.7.3: |
|
| 262 | * Removed some old, useless code. |
|
| 263 | ||
| 264 | v2.7.2: |
|
| 265 | * LDAPQueryTimeout fix. In mod_ldap v2.7.1, in some situations, the query |
|
| 266 | timeout could be set to -1, which would cause all LDAP lookups to fail. |
|
| 267 | ||
| 268 | v2.7.1: |
|
| 269 | * Ported MacGyver's portable UID/GID code to mod_ldap |
|
| 270 | * The value passed to LDAPQueryTimeout is now honored (the timeout isn't |
|
| 271 | simply set to 1 second) |
|
| 272 | ||
| 273 | 10 | v2.7: |
| 274 | * Added a fix for picky LDAP servers like Sun Directory Services; using |
|
| 275 | 17 | AuthBinds with those LDAP servers would break in previous mod_ldap |
| 276 | versions. See the comments in the code for more details (search for "Sun |
|
| 277 | Directory Services"). |
|
| 278 | 10 | * You can now pass a file mode to LDAPHomedirOnDemand to create home |
| 279 | 17 | directories with that mode. |
| 280 | 10 | * Improved group support; mod_ldap now supports multiple memberUid |
| 281 | 17 | attributes for a group object. |
| 282 | 10 | * Miscellaneous neatening/tightening of high-level auth/lookup handler |
| 283 | 17 | functions. |
| 284 | 10 | * You can now specify custom LDAP search filters at runtime. See the |
| 285 | 17 | configuration guide (doc/Configuration.html) entries for LDAPDo* for more |
| 286 | details. |
|
| 287 | 10 | * Objectclass is now enforced. You *must* have an objectclass attribute for |
| 288 | 17 | each of your LDAP objects. This attribute must have a value of |
| 289 | 'posixAccount' ("objectclass: posixAccount"). For groups, this attribute
|
|
| 290 | must have the value 'posixGroup' ("objectclass: posixGroup"). If you wish
|
|
| 291 | to disable this objectclass enforcement, use the the LDAP filter |
|
| 292 | "(uid=%u)" for Auth and UID lookups (see doc/Configuration.html for how to |
|
| 293 | specify a custom LDAP search filter). |
|
| 294 | 10 | * Removed allowedServices code. The functionality that allowedServices |
| 295 | 17 | provided can now be duplicated with a modified LDAP search filter. |
| 296 | ||
| 297 | For example, to replicate basic allowedServices checking, pass this LDAP |
|
| 298 | search filter to LDAPDoAuth: |
|
| 299 | (&(uid=%u)(|(allowedServices=*FTP*)(!(allowedService=*)))) |
|
| 300 | ||
| 301 | To emulate deniedServices checking, use this search filter: |
|
| 302 | (&(uid=%u)(!(deniedServices=*FTP*))) |
|
| 303 | ||
| 304 | To emulate *both* allowedServices and deniedServices checking, use this |
|
| 305 | filter (beware line wrap): |
|
| 306 | (&(uid=%u)(|(allowedServices=*FTP*)(!(allowedService=*)))(!(deniedServices=*FTP*))) |
|
| 307 | 10 | |
| 308 | 9 | v2.6.1: |
| 309 | * Fixed a bug that would prevent proper search scope selection. |
|
| 310 | ||
| 311 | 8 | v2.6: |
| 312 | * HomedirOnDemandSuffix - create an additional subdirectory in a user's home |
|
| 313 | directory (/home/user/anotherdirectory) on demand |
|
| 314 | * Minor group fixes/cleanups - supplementary groups now work properly |
|
| 315 | * Password {scheme}s are now treated in a case-insensitive manner.
|
|
| 316 | * Password-hash support for any crypto method OpenSSL supports |
|
| 317 | To enable extended OpenSSL password hash support, edit mod_ldap.c and |
|
| 318 | uncomment #define HAVE_OPENSSL. You'll also need to edit Make.rules to |
|
| 319 | link against OpenSSL. Further details are provided in mod_ldap.c. |
|
| 320 | * Runtime search scope selection; one-level or subtree searches can be |
|
| 321 | selected from proftpd.conf. |
|
| 322 | ||
| 323 | 7 | v2.5.2: |
| 324 | * Fixed a bug that would allow unauthorized users to log in when mod_ldap |
|
| 325 | is used with other authentication modules and LDAPAuthBinds is set to on. |
|
| 326 | ||
| 327 | 6 | v2.5.1: |
| 328 | * Fixed a one-line bug that broke password authentication when AuthBinds |
|
| 329 | weren't being used. |
|
| 330 | ||
| 331 | 5 | v2.5: |
| 332 | * Authenticated bind support added. mod_ldap now fetches all user information |
|
| 333 | except for userPassword as the DN specified in LDAPDNInfo and then re-binds |
|
| 334 | to the LDAP server as the connecting user with the user-supplied password. |
|
| 335 | If the bind succeeds, the user is allowed to log in. This also has the |
|
| 336 | added advantage of allowing mod_ldap to support any password encryption |
|
| 337 | scheme that your LDAP server supports. Also, a privileged DN is no longer |
|
| 338 | needed to read the userPassword attribute from the LDAP server. |
|
| 339 | * Realized I wasn't checking the return value of find_config() for NULL |
|
| 340 | values, this would cause ProFTPD to segfault if certain config file |
|
| 341 | entries were not present. |
|
| 342 | * Removed debugging code that might contain NULL values; passing a NULL |
|
| 343 | value to printf() and friends under Solaris causes a segfault. |
|
| 344 | * Miscellaneous cleanups, code neatening. |
|
| 345 | ||
| 346 | 4 | v2.0: |
| 347 | 5 | * Config file syntax revamped: |
| 348 | 4 | LDAPServer localhost |
| 349 | LDAPDNInfo cn=your-dn,dc=horde,dc=net dnpass |
|
| 350 | LDAPQueryTimeout 5 |
|
| 351 | 5 | LDAPDoAuth on "dc=users,dc=horde,dc=net" |
| 352 | LDAPDoUIDLookups on "dc=users,dc=horde,dc=net" |
|
| 353 | LDAPDoGIDLookups on "dc=groups,dc=horde,dc=net" |
|
| 354 | 4 | LDAPDefaultUID 35000 |
| 355 | LDAPDefaultGID 1000 |
|
| 356 | LDAPNegativeCache on |
|
| 357 | LDAPHomedirOnDemand on |
|
| 358 | LDAPDefaultAuthScheme clear |
|
| 359 | 5 | * Configurable LDAP query timeout [Peter Deacon <peterd@iea-software.com>] |
| 360 | * Cleartext password "encryption" scheme ("{clear}mypass")
|
|
| 361 | * UID-to-name and GID-to-name lookups in directory listings |
|
| 362 | * Separate prefixes for user and group lookups |
|
| 363 | * Can turn on/off UID-to-name and GID-to-name lookups independently |
|
| 364 | * Default [UG]IDs. Say you want to have a web-toaster type of deal, with |
|
| 365 | all users having the same [UG]IDs. Just don't put [ug]idNumber attrs in |
|
| 366 | your LDAP database for those users, and set these configuration |
|
| 367 | directives. Any user that doesn't have a [UG]ID in the LDAP database will |
|
| 368 | have that info filled in with the default [UG]ID. |
|
| 369 | * mod_ldap is now able to function in a pure virtual-user environment; |
|
| 370 | please note, however, that the loginShell LDAP attr still must be a |
|
| 371 | valid shell. You can turn this check off by saying RequireValidShell off |
|
| 372 | in your proftpd.conf |
|
| 373 | * allowedServices attr: (I broke with objectclass here, couldn't find |
|
| 374 | something that seemed to fit this.) This attribute contains a |
|
| 375 | comma-deliminated list of services to allow this particular user. The |
|
| 376 | string "FTP" corresponds to FTP service. If no allowedServices attr is |
|
| 377 | present, all services will be allowed. |
|
| 378 | * You can have alternate LDAP servers; just specify LDAPServer "host1 |
|
| 379 | host2"; [Peter Deacon <peterd@iea-software.com>] |
|
| 380 | * LDAPHomedirOnDemand to automatically create home directories in a |
|
| 381 | virtual-user environment. [patch: Bert Vermeulen <bert@be.easynet.net>] |
|
| 382 | * LDAPDefaultAuthScheme to select the authentication scheme to use when |
|
| 383 | no {prefix} is present in a user's userPassword LDAP attr.
|
|
| 384 | [patch: Bert Vermeulen <bert@be.easynet.net>] |
|
| 385 | * Virtual hosting support may or may not work okay; theoretically, I think |
|
| 386 | adding LDAP configuration directives to a <VirtualHost> block will work, |
|
| 387 | but this hasn't been tested. |
|
| 388 | ||
| 389 | New Tested Platforms: |
|
| 390 | ||
| 391 | * Solaris 2.6 with Netscape Directory Server and the Mozilla LDAP C SDK, |
|
| 392 | available at http://www.mozilla.org/directory/csdk.html. |
|
| 393 | Peter Fabian <fabian@staff.matavnet.hu> |
|
| 394 | * Solaris 7 with gcc 2.95.1 and OpenLDAP 1.2.7 |
|
| 395 | Ralf Kruedewagen <Ralf.Kruedewagen@meocom.de> |
|
| 396 | 4 | |
| 397 | 3 | v1.2: |
| 398 | 4 | * made the variables for the config entries static |
| 399 | * moved the meat of the ldap querying code to a separate function, this |
|
| 400 | gets the individual getpw*() handlers down to about 15-20 lines each. |
|
| 401 | also paves the way for easy LDAP group lookups too. |
|
| 402 | * explicitly set ld = NULL in p_endpwent(), looks like ldap_unbind() |
|
| 403 | doesn't always set it to NULL, and bad things happen later. |
|
| 404 | * fixed a showstopper: if there's a user/group directive in proftpd.conf, |
|
| 405 | mod_ldap:getpwnam() will be called to look up the user. since the |
|
| 406 | LDAP config variables aren't initialized yet, the LDAP libraries crash |
|
| 407 | and burn upon encountering a NULL ldap_prefix. put some checks in |
|
| 408 | p_setpwent() to check for this and disable LDAP lookups before the |
|
| 409 | parent forks and the config is initialized. thanks to Sean Murphy |
|
| 410 | <smurphy@berbee.com> for sending me on this path. |
|
| 411 | * modified pw_auth() so that it will assume crypt() if there's no leading |
|
| 412 | {scheme} in the password returned by the LDAP query.
|
|
| 413 | * pw_auth() turned off logging of unidentifiable password encryption |
|
| 414 | schemes; this would syslog the encrypted password returned by the ldap |
|
| 415 | server. many people have their logs tightened, but not all. |
|
| 416 | * a few miscellaneous changes & cleanups |
|
| 417 | 3 | |
| 418 | 2 | v1.1: |
| 419 | 4 | * Added $Libraries$ directive to mod_ldap so the module is now entirely |
| 420 | self-contained. |
|
| 421 | * Changed one reference to sprintf() to snprintf() and changed uidstr |
|
| 422 | in p_getpwuid() to have a length of BUFSIZ. |
|
| 423 | * Added config option (LDAPNegativeCache) to turn LDAP negative caching |
|
| 424 | on and off. The default is off (don't do LDAP negative caching). |
|
| 425 | * Added entries to doc/Configuration.html for all the LDAP configuration |
|
| 426 | directives. |
|
| 427 | * MacGyver added mod_ldap to the ProFTPD CVS tree; proftpd-ldap-1.1 |
|
| 428 | is now in sync with ProFTPD CVS. |
|
| 429 | 2 | |
| 430 | v1.0: |
|
| 431 | 4 | * Initial release of proftpd-ldap |
Loggerhead 1.17 is a web-based interface for Bazaar branches