ryan@nardis.ca wrote:

Full_Name: Ryan Tandy Version: master, 2.4 OS: Debian URL: Submission from: (NULL) (24.68.37.4)

Thanks, pushed to git master.

updating the copied nss-pam-ldapd files:

ftp://ftp.openldap.org/incoming/20150405_rtandy_nssov-update-nss-pam-ldapd-files-to-0.9.4.patch

updating nssov for those changes, see commit msg for details:

ftp://ftp.openldap.org/incoming/20150405_rtandy_nssov-update-to-protocol-version-2.patch

while I'm in the code anyway, cleaning up a few compiler warnings (that were already there, I didn't introduce them :P). Cosmetic stuff: unused variables, return-type (void/non-void) mismatches, a couple of undeclared prototypes.

ftp://ftp.openldap.org/incoming/20150405_rtandy_nssov-clean-up-some-compiler-warnings.patch

Please note, the protocol change breaks backwards compat with older versions of the client libraries (per nss-pam-ldapd/README).

Tested on Linux. No idea about Solaris etc, sorry.

The DN field was removed from the pam protocol, so uid lookup happens on every connection now. I couldn't think of a safe way to avoid that; suggestions welcome.

--

(the following statements apply to patches 2 and 3 only; patch 1 is copied from work by Arthur de Jong, licensed LGPLv2.1)

The attached patch files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the preceding patches were developed by Ryan Tandy ryan@nardis.ca. I have not assigned rights and/or interest in this work to any party.

I, Ryan Tandy, hereby place the preceding modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.