RSS feed

nss-pam-ldapd branch master updated. 0.9.0-18-ge17730f

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd branch master updated. 0.9.0-18-ge17730f

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  e17730f5bd2ad179dbac47a11d56f86a0ea42f07 (commit)
      from  30ffdb205971bf9c2c0c376d24b081ff2964e739 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------

commit e17730f5bd2ad179dbac47a11d56f86a0ea42f07
Author: Arthur de Jong <>
Date:   Sat Jul 27 16:21:43 2013 +0200

    Dcoumentation updates
    This fixes a typo, clarifies the section on the LDAP schema values that
    are supported and updates the differences between nss-pam-ldapd and
    nss_ldap and pam_ldap.

diff --git a/README b/README
index ad906a5..9c58ad3 100644
--- a/README
+++ b/README
@@ -76,7 +76,7 @@ The fork from nss_ldap was done to implement some major 
design changes to fix
 some structural problems in the library.
 One of those problems were host name lookups through LDAP which could cause
-deadlocks. Another is that nss_ldpa loaded an SSL library into an executable
+deadlocks. Another is that nss_ldap loaded an SSL library into an executable
 that may not be designed to load it (e.g. problem with suid applications).
 A number of refactoring steps were done to simplify the code and improve
@@ -119,18 +119,18 @@ Currently the following name databases are supported:
   aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc,
   services and shadow
-Note that for when using IPv6 hosts entries, the addresses in the LDAP
-directory must be in their preferred form. The same is true for mac addresses
-for the ethers database. Otherwise the address to entry lookups will not work.
-For more details on the preferred form see
+When using IPv6 ipHostNumber attributes, the address must be in the preferred
+form as defined in section 2.2 of RFC1884, specifically the format as returned
+by inet_ntop(3). All leading zeros should be omitted and the longest range of
+zeroes should be replaced with :: (e.g. fe80::218:bff:fe55:c9f).
-automounter map lookups (which are also defined in /etc/nsswitch.conf) are not
-supported because the NSS interface is not used for these. The common autofs
-implementation (on GNU/Linux) currently uses it's own method for getting the
-maps from LDAP.
+MAC addresses in the macAddress attribute should be in maximal, colon
+separated hex notation (e.g. 00:00:92:90:ee:e2).
+automounter map lookups (which are also defined in /etc/nsswitch.conf) are
+currently not supported because the NSS interface is not used for these. The
+common autofs implementation (on GNU/Linux) currently uses it's own method for
+getting the maps from LDAP.
 Although mail aliases are exposed through NSS, most mail servers parse
 /etc/aliases by themselves and getting aliases from LDAP requires some
@@ -159,11 +159,12 @@ Since nss-pam-ldapd was forked from nss_ldap most of the 
features that came
 with nss_ldap are available. The most important differences:
 - the configuration file formats are not fully compatible
 - rootbinddn/rootbindpw support is removed and is not likely to return
+  (the rootpwmoddn and rootpwmodpw work differently but accomplish the same
+  thing)
 For the PAM module some functionality is missing. Comparing it to pam_ldap:
 - only BIND authentication is supported
 - only LDAP password modify EXOP is supported as password changing mechanism
-- LDAP password policy is currently unsupported
 Some things work a little different in nss-pam-ldapd. For instance the
 attribute defaults and overrides of nss_ldap are implemented with mapping


Summary of changes:
 README |   27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

To unsubscribe send an email to or see