%if 0%{?fedora} > 15 || 0%{?rhel} > 6
%global systemd 1
%global sysvinit 0
%else
%global systemd 0
%global sysvinit 1
%endif
# Fedora had these in F18, but we didn't cut over to use them until after F18
# was frozen, so pretend it didn't happen until F19.
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
%global systemd_macros 1
%else
%global systemd_macros 0
%endif
%if 0%{?fedora} > 14 || 0%{?rhel} > 6
%global tmpfiles 1
%else
%global tmpfiles 0
%endif
# Fedora had it in F17, but moving things around in already-released versions
# is a bad idea, so pretend it didn't happen until F19.
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
%global separate_usr 0
%global nssdir %{_libdir}
%global pamdir %{_libdir}/security
%else
%global separate_usr 1
%global nssdir /%{_lib}
%global pamdir /%{_lib}/security
%endif
# For distributions that support it, build with RELRO
%if (0%{?fedora} > 15 || 0%{?rhel} >= 7)
%define _hardened_build 1
%endif
Name: nss-pam-ldapd
Version: 0.8.13
Release: 25%{?dist}
Summary: An nsswitch module which uses directory servers
Group: System Environment/Base
License: LGPLv2+
URL: http://arthurdejong.org/nss-pam-ldapd/
Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig
Source2: nslcd.init
Source3: nslcd.tmpfiles
Source4: nslcd.service
Patch1: nss-pam-ldapd-0.8.12-validname.patch
Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch
Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch
Patch4: nss-pam-ldapd-0.8.12-Use-a-timeout-when-skipping-remaining-result-data.patch
Patch5: nss-pam-ldapd-0.8.12-fix-buffer-overflow-on-interrupted-read-thanks-John-.patch
Patch6: nss-pam-ldapd-rh-msgs-in-tests.patch
Patch7: nss-pam-ldapd-0.8.13-Fix-use-after-free-in-read_hostent-and-read_netent.patch
Patch8: nss-pam-ldapd-0.8.13-Use-right-h_errnop-for-retrying-with-larger-buffer.patch
Patch9: nss-pam-ldapd-exitcode.patch
Patch10: nss-pam-ldapd-0.8.12-str-cmp.patch
Patch11: nss-pam-ldapd-0.8.13-avoid-lockout-on-bad-password.patch
Patch12: nss-pam-ldapd-0.8.13-password-longer-than-64-chars.patch
Patch13: nss-pam-ldapd-0.8.13-uri-man-fix.patch
Patch14: nss-pam-ldapd-0.8.13-uid_formatting.patch
Patch15: nss-pam-ldapd-bz1676861-Increase-size-of-config-file-token.patch
# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount.
Patch16: 0016-Backport-of-request-and-parse-password-policy-contro.patch
Patch17: 0017-Backport-of-passing-expiration-controls-back-to-PAM-.patch
Patch18: 0018-Also-extract-policy-controls-on-BIND-failure.patch
Patch19: 0019-Fix-password-policy-expiration-warnings.patch
Patch20: 0020-Simplify-password-policy-message-handling.patch
Patch21: 0021-backport-the-pam_authc_ppolicy-option.patch
Patch22: 0022-Backport-the-human-readable-password-policy-reply.patch
Patch23: 0023-Backport-typo-fixes-in-password-expiration-warnings.patch
Patch24: 0024-Allow-logging-longer-lines.patch
# rhbz#1618558 - AD authentication on RHEL using nslcd fails with error "pwdLastSet: password changed in the future"
Patch25: 0025-Backport-of-Update-shadow.c-to-resolve-pwdLastSet-is.patch
# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount.
Patch26: 0026-RHEL-specific-Disable-the-password-policies-unless-e.patch
Patch27: 0027-RHEL-specific-document-the-ppolicy-option-default.patch
Patch28: 0028-increase-password-buffer-size.patch
Patch29: 0029-increase-dnsname-buffer-size.patch
Patch30: 0030-unify-expire-password-message.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openldap-devel, krb5-devel
BuildRequires: autoconf, automake
BuildRequires: pam-devel
Obsoletes: nss-ldapd < 0.7
Provides: nss-ldapd = %{version}-%{release}
# Obsolete PADL's nss_ldap
Provides: nss_ldap = 265-12
Obsoletes: nss_ldap < 265-11
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
# Obsolete PADL's pam_ldap
Provides: pam_ldap = 185-15
Obsoletes: pam_ldap < 185-15
%global build_pam_ldap 1
%else
# Pull in the pam_ldap module, which is its own package in F14 and later, to
# keep upgrades from removing the module. We used to disable nss-pam-ldapd's
# own pam_ldap.so when it wasn't mature enough.
Requires: pam_ldap%{?_isa}
%global build_pam_ldap 0
%endif
# Pull in nscd, which is recommended.
Requires: nscd
%if %{sysvinit}
Requires(post): /sbin/ldconfig, chkconfig, grep, sed
Requires(preun): chkconfig, initscripts
Requires(postun): /sbin/ldconfig, initscripts
%endif
%if %{systemd}
BuildRequires: systemd-units
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(post): systemd-sysv
%endif
%description
The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name
service information (users, groups, etc.) on behalf of a lightweight
nsswitch module.
%prep
%setup -q
%patch1 -p0 -b .validname
%patch2 -p1 -b .epipe
%patch3 -p1 -b .overflow
%patch4 -p1 -b .skiptimeout
%patch5 -p1 -b .readall
%patch6 -p1 -b .test_msgs
%patch7 -p1 -b .use_after_free
%patch8 -p1 -b .errnop_val
%patch9 -p1 -b .exit_code
%patch10 -p1 -b .str_cmp
%patch11 -p1 -b .avoid_lockout_on_bad_password
%patch12 -p1 -b .long_password
%patch13 -p1 -b .uri_list
%patch14 -p1 -b .uid_formatting
%patch15 -p1 -b .config_token_size
%patch16 -p1 -b .backport_policy_control_daemon
%patch17 -p1 -b .backport_policy_control_pam
%patch18 -p1 -b .ppolicy_bind_failure
%patch19 -p1 -b .fix_expiration_warnings
%patch20 -p1 -b .simplify_msg_handling
%patch21 -p1 -b .ppolicy_option
%patch22 -p1 -b .ppolicy_human_readable
%patch23 -p1 -b .ppolicy_typos
%patch24 -p1 -b .long_log_lines
%patch25 -p1 -b .pwd_last_set
%patch26 -p1 -b .ppolicy_default
%patch27 -p1 -b .ppolicy_default_man
%patch28 -p1 -b .password_buffer_length
%patch29 -p1 -b .dnsname_buffer_length
%patch30 -p1 -b .password_expire_message
autoreconf -f -i
%build
CFLAGS="$RPM_OPT_FLAGS -fPIC" ; export CFLAGS
%configure --libdir=%{nssdir} \
%if %{build_pam_ldap}
--with-pam-seclib-dir=%{pamdir}
%else
--disable-pam
%endif
make %{?_smp_mflags}
%check
make check
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/{%{_initddir},%{_libdir},%{_unitdir}}
%if %{sysvinit}
install -p -m755 %{SOURCE2} $RPM_BUILD_ROOT/%{_initddir}/nslcd
%endif
%if %{systemd}
install -p -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/
%endif
%if 0%{?fedora} > 13 || 0%{?rhel} > 5
%if %{separate_usr}
# Follow glibc's convention and provide a .so symlink so that people who know
# what to expect can link directly with the module.
if test %{_libdir} != /%{_lib} ; then
touch $RPM_BUILD_ROOT/rootfile
relroot=..
while ! test -r $RPM_BUILD_ROOT/%{_libdir}/$relroot/rootfile ; do
relroot=../$relroot
done
ln -s $relroot/%{_lib}/libnss_ldap.so.2 \
$RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so
rm $RPM_BUILD_ROOT/rootfile
fi
%else
ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{nssdir}/libnss_ldap.so
%endif
%endif
sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \
$RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd
%if %{tmpfiles}
mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir}
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf
%endif
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO
%{_sbindir}/*
%{nssdir}/*.so.*
%if %{build_pam_ldap}
%{pamdir}/pam_ldap.so
%endif
%{_mandir}/*/*
%attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf
%if %{tmpfiles}
%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf
%endif
%if %{sysvinit}
%attr(0755,root,root) %{_initddir}/nslcd
%endif
%if %{systemd}
%config(noreplace) %{_unitdir}/*
%endif
%attr(0755,nslcd,root) /var/run/nslcd
%if 0%{?fedora} > 13 || 0%{?rhel} > 5
# This would be the only thing in the -devel subpackage, so we include it. It
# will conflict with nss_ldap, so only include it for releases where pam_ldap is
# its own package.
/%{_libdir}/*.so
%endif
%pre
getent group ldap > /dev/null || \
/usr/sbin/groupadd -r -g 55 ldap
getent passwd nslcd > /dev/null || \
/usr/sbin/useradd -r -g ldap -c 'LDAP Client User' \
-u 65 -d / -s /sbin/nologin nslcd 2> /dev/null || :
%post
# The usual stuff.
%if %{sysvinit}
/sbin/chkconfig --add nslcd
%endif
%if %{systemd}
%if %{systemd_macros}
%systemd_post nslcd.service
%else
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%endif
%endif
/sbin/ldconfig
# Import important non-default settings from nss_ldap or pam_ldap configuration
# files, but only the first time this package is installed.
comment="This comment prevents repeated auto-migration of settings."
if test -s /etc/nss-ldapd.conf ; then
source=/etc/nss-ldapd.conf
elif test -s /etc/nss_ldap.conf ; then
source=/etc/nss_ldap.conf
elif test -s /etc/pam_ldap.conf ; then
source=/etc/pam_ldap.conf
else
source=/etc/ldap.conf
fi
target=/etc/nslcd.conf
if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
# Try to make sure we only do this the first time.
echo "# $comment" >> $target
if grep -E -q '^uri[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default host/uri and replace it...
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
# ... with the uri.
grep -E '^uri[[:blank:]]' $source >> $target
elif grep -E -q '^host[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default host/uri and replace it...
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
# ... with the "host" reformatted as a URI.
scheme=ldap
# check for 'ssl on', which means we want to use ldaps://
if grep -E -q '^ssl[[:blank:]]+on$' $source 2> /dev/null ; then
scheme=ldaps
fi
grep -E '^host[[:blank:]]' $source |\
sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target
fi
# Base doesn't require any special logic.
if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default base and replace it.
sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
grep -E '^base[[:blank:]]' $source >> $target
fi
# Pull in these settings, if they're set, directly.
grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
grep -E '^(tls_)' $source 2> /dev/null >> $target
grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target
fi
# If this is the first time we're being installed, and the system is already
# configured to use LDAP as a naming service, enable the daemon, but don't
# start it since we can never know if that's a safe thing to do. If this
# is an upgrade, leave the user's runlevel selections alone.
if [ "$1" -eq "1" ]; then
if grep -E -q '^USELDAP=yes$' /etc/sysconfig/authconfig 2> /dev/null ; then
%if %{sysvinit}
/sbin/chkconfig nslcd on
%endif
%if %{systemd}
/bin/systemctl --no-reload enable nslcd.service >/dev/null 2>&1 ||:
%endif
fi
fi
# Earlier versions of 0.7.6 of this package would have included both 'gid
# nslcd' (a group which doesn't exist) and 'gid ldap' (which we ensure exists).
# If we detect both, fix the configuration.
if grep -q '^gid nslcd' $target ; then
if grep -q '^gid ldap' $target ; then
sed -i -e 's,^gid nslcd$,# gid nslcd,g' $target
fi
fi
# In 0.8.4, the name of the attribute which was expected to contain the DNs of
# a group's members changed from "uniqueMember" to "member". Change any
# instances of "map group uniqueMember ..." to "map group member ...", unless
# "member" is already being mapped, in which case attempting this would
# probably just confuse things further.
if grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]]" $target ; then
if ! grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+member[[:blank:]]" $target ; then
sed -i -r -e "s,^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]](.*),map group member \1,g" $target
fi
fi
# Create the daemon's /var/run directory if it isn't there.
if ! test -d /var/run/nslcd ; then
mkdir -p -m 0755 /var/run/nslcd
fi
exit 0
%preun
if [ "$1" -eq "0" ]; then
%if %{sysvinit}
/sbin/service nslcd stop >/dev/null 2>&1
/sbin/chkconfig --del nslcd
%endif
%if %{systemd}
%if %{systemd_macros}
%systemd_preun nslcd.service
%else
/bin/systemctl --no-reload disable nslcd.service > /dev/null 2>&1 || :
/bin/systemctl stop nslcd.service > /dev/null 2>&1 || :
%endif
%endif
fi
exit 0
%postun
/sbin/ldconfig
%if %{sysvinit}
if [ "$1" -ge "1" ]; then
/etc/rc.d/init.d/nslcd condrestart >/dev/null 2>&1
fi
%endif
%if %{systemd}
%if %{systemd_macros}
%systemd_postun_with_restart nslcd.service
%else
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ]; then
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1
fi
%endif
%endif
exit 0
%if %{systemd}
%triggerun -- nss-pam-ldapd < 0.7.13-6
# Save the current service runlevel info, in case the user wants to apply
# the enabled status manually later, by running
# "systemd-sysv-convert --apply nslcd".
%{_bindir}/systemd-sysv-convert --save nslcd >/dev/null 2>&1 ||:
# Do this because the old package's %%postun doesn't know we need to do it.
/sbin/chkconfig --del nslcd >/dev/null 2>&1 || :
# Do this because the old package's %%postun wouldn't have tried.
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1 || :
exit 0
%endif
%changelog
* Tue Apr 7 2020 Tomas Halman <thalman@redhat.com> - 0.8.13-24
- Unify password expire message
- Resolves: rhbz#1771439 - Different password expiration message for LDAP users
with and without ObjectClass ShadowAccount
* Tue Apr 7 2020 Tomas Halman <thalman@redhat.com> - 0.8.13-24
- Extend dns name buffers to allow long dns names
- Resolves: rhbz#1685610 - nslcd aborts when rhost is large and UseDNS is true
* Tue Mar 31 2020 Tomas Halman <thalman@redhat.com> - 0.8.13-23
- Extend password buffer length to allow modern hashes
- Resolves: rhbz#1773506 - Truncated shadowPasswords in nslcd 0.8.13
* Tue Sep 17 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-22
- Do not enable the password expiration controls by default
- Document the option and its default
- Resolves: rhbz#1612543 - Password expiration notification is not sent
if the LDAP user doesn't have the objectClass
shadowAccount.
* Fri Aug 30 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-21
- Resolves: rhbz#1618558 - AD authentication on RHEL using nslcd fails
with error "pwdLastSet: password changed in the
future"
* Tue Aug 27 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-20
- Resolves: rhbz#1714763 - [RHEL7] Correct startup dependencies for cgcred service for nslcd/LDAP clients
* Thu Aug 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-19
- Resolves: rhbz#1559524 - nslcd only prints 200 characters in error message
* Wed Aug 21 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-18
- Resolves: rhbz#1612543 - Password expiration notification is not sent if
the LDAP user doesn't have the objectClass shadowAccount.
* Thu Mar 14 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-17
- Resolves: rhbz#1676861 - nslcd fails to connect to ldap if fqdn is large
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-16
- Resolves: rhbz#1151675 - NSLCD WRAPS LDAP USER UIDNUMBER > 2^31 SO UID
IS WRONG (AND A NEGATIVE NUMBER)
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-15
- Resolves: rhbz#1204202 - fix doc to describe actual uri format in
nslcd.conf
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-14
- Resolves: rhbz#1288429 - /etc/tmpfiles.d/nss-pam-ldapd.conf shipped when
/etc/tmpfiles.d is reserved for the local
administrator
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-13
- Resolves: rhbz#1312297 - nslcd.service does not restart on failure
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-12
- Resolves: rhbz#1425790 - Unable to authenticate with 64 character password
using nss-pam-ldapd
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-11
- Resolves: rhbz#1497761 - Incorrect password tries to bind to all domain
controllers and locks user out
* Mon Oct 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-10
- Resolves: rhbz#1357493 - In RHEL 7, authentication failing when using
nslcd + pam_ldap where user has different in
nis/passwd and ldap.
* Mon Oct 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-9
- Resolves: rhbz#1420576 - 'systemctl status nslcd' always returns FAILURE
status even though the service is stopped with
'systemctl stop nslcd
* Wed Jan 29 2014 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-8
- Fix a potential use-after-free in nsswitch module
- Resolves: rhbz#1036030 - New defect found in nss-pam-ldapd-0.8.13-4.el7
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.8.13-7
- Mass rebuild 2014-01-24
* Mon Jan 20 2014 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-6
- Change the error messages the tests expect to those printed on RH based
systems
- Resolves: rhbz#1044482
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.8.13-5
- Mass rebuild 2013-12-27
* Fri Oct 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.13-4
- compile nslcd/log.c with -fPIC instead of the current hardened-build default
of -fPIE, which doesn't seem to avoid relocations for its thread-local
variables on s390x (#1002834)
* Sat Oct 05 2013 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-3
- Suppress Broken Pipe messages when requesting a large groupo
- Resolves: rhbz#1002829
* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-2
- Build with _hardened_build macro
* Mon May 6 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.13-1
- update to 0.8.13
- correct a syntax error in the fix that was added for #832706
* Tue Apr 30 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-4
- in %%post, attempt to rewrite any instances of "map group uniqueMember ..."
to be "map group member ..." in nslcd.conf, as the attribute name changed
in 0.8.4 (via freeipa ticket #3589)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jan 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-2
- drop local patch to make the client flush some more read buffers
* Fri Jan 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-1
- update to 0.8.12 (#846793)
- make building pam_ldap conditional on the targeted release
- add "After=named.service dirsrv.target slapd.service" to nslcd.service,
to make sure that nslcd is started after them if they're to be started
on the local system (#832706)
- alter the versioned Obsoletes: on pam_ldap to include the F18 package
- use %%{_unitdir} when deciding where to put systemd configuration, based
on patch from Václav Pavlín (#850232)
- use new systemd macros for scriptlet hooks, when available, based on
patch from Václav Pavlín (#850232)
* Sun Sep 09 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.17-1
- new upstream release 0.7.17
* Sun Aug 05 2012 Jakub Hrozek <jhrozek@redhat.com> - 0.7.16-5
- Obsolete PADL's nss_ldap
* Sat Aug 04 2012 Jakub Hrozek <jhrozek@redhat.com> - 0.7.16-4
- Build the PAM module, obsoletes PADL's pam-ldap (#856006)
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon May 14 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.16-2
- backport upstream revision r1659 related to broken pipe when
requesting a large group
- use grep -E instead of egrep to avoid rpmlint warnings
* Sat Apr 28 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.16-1
- new upstream release 0.7.16
* Thu Mar 15 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.15-2
- Do not print "Broken Pipe" error message when requesting a large group
* Fri Mar 9 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.15-1
- new upstream release 0.7.15
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Dec 16 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.14-2
- Do not overflow large UID/GID values on 32bit architectures
* Mon Nov 28 2011 Nalin Dahyabhai <nalin@redhat.com>
- use the same conditional test for deciding when to create the .so symlink as
we do later on for deciding when to include it in the package (#757004)
* Fri Sep 23 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.14-1
- new upstream release 0.7.14
- obsoletes nss-pam-ldapd-0.7.x-buffers.patch
* Wed Aug 24 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-8
- include backported enhancement to take URIs in the form "dns:DOMAIN" in
addition to the already-implemented "dns" (#730309)
* Thu Jul 14 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-7
- switch to only munging the contents of /etc/nslcd.conf on the very first
install (#706454)
- make sure that we have enough space to parse any valid GID value when
parsing a user's primary GID (#716822)
- backport support for the "validnames" option from SVN and use it to allow
parentheses characters by modifying the default setting (#690870), then
modify the default again to also allow shorter and shorter names to pass
muster (#706860)
* Wed Jul 13 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-6
- convert to systemd-native startup (#716997)
* Mon Jun 13 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-5
- change the file path Requires: we have for pam_ldap into a package name
Requires: (#601931)
* Wed Mar 30 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-4
- tag nslcd.conf with %%verify(not md5 size mtime), since we always tweak
it in %%post (#692225)
* Tue Mar 1 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-3
- add a tmpfiles configuration to ensure that /var/run/nslcd is created when
/var/run is completely empty at boot (#656643)
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Dec 13 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-1
- update to 0.7.13
* Fri Oct 29 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.12-1
- update to 0.7.12
* Fri Oct 15 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.11-1
- update to 0.7.11
* Wed Sep 29 2010 jkeating - 0.7.10-2
- Rebuilt for gcc bug 634757
* Fri Sep 24 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.10-1
- update to 0.7.10
* Thu Sep 23 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.9-2
- when creating /var/run/nslcd in the buildroot, specify that 0755 is a
permissions value and not another directory name (#636880)
* Mon Aug 30 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.9-1
- update to 0.7.9
* Wed Aug 18 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.8-1
- update to 0.7.8
* Wed Jul 7 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.7-1
- update to 0.7.7
* Mon Jun 28 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-3
- don't accidentally set multiple 'gid' settings in nslcd.conf, and try to
clean up after older versions of this package that did (#608314)
* Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-2
- make inclusion of the .so symlink conditional on being on a sufficiently-
new Fedora where pam_ldap isn't part of the nss_ldap package, so having
this package conflict with nss_ldap doesn't require that pam_ldap be
removed (#596691)
* Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-1
- update to 0.7.6
* Mon May 17 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-3
- switch to the upstream patch for #592411
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-2
- don't return an uninitialized buffer as the value for an optional attribute
that isn't present in the directory server entry (#592411)
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-1
- update to 0.7.5
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.4-1
- update to 0.7.4
- stop trying to migrate retry timeout parameters from old ldap.conf files
- add an explicit requires: on nscd to make sure it's at least available on
systems that are using nss-pam-ldapd; otherwise it's usually optional
* Tue Mar 23 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.3-1
- update to 0.7.3
* Thu Feb 25 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.2-2
- bump release for post-review commit
* Thu Feb 25 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.2-1
- add comments about why we have a .so link at all, and not a -devel subpackage
* Wed Jan 13 2010 Nalin Dahyabhai <nalin@redhat.com>
- obsolete/provides nss-ldapd
- import configuration from nss-ldapd.conf, too
* Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com>
- rename to nss-pam-ldapd
- also check for import settings in /etc/nss_ldap.conf and /etc/pam_ldap.conf
* Thu Sep 24 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-2
- rebuild
* Wed Sep 16 2009 Nalin Dahyabhai <nalin@redhat.com>
- apply Mitchell Berger's patch to clean up the init script, use %%{_initddir},
and correct the %%post so that it only thinks about turning on nslcd when
we're first being installed (#522947)
- tell status() where the pidfile is when the init script is called for that
* Tue Sep 8 2009 Nalin Dahyabhai <nalin@redhat.com>
- fix typo in a comment, capitalize the full name for "LDAP Client User" (more
from #516049)
* Wed Sep 2 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-1
- update to 0.6.11
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.10-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Jun 18 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-3
- update URL: and Source:
* Mon Jun 15 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-2
- add and own /var/run/nslcd
- convert hosts to uri during migration
* Thu Jun 11 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-1
- update to 0.6.10
* Fri Apr 17 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.8-1
- bump release number to 1 (part of #491767)
- fix which group we check for during %%pre (part of #491767)
* Tue Mar 24 2009 Nalin Dahyabhai <nalin@redhat.com>
- require chkconfig by package rather than path (Jussi Lehtola, part of #491767)
* Mon Mar 23 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.8-0.1
- update to 0.6.8
* Mon Mar 23 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.7-0.1
- start using a dedicated user
* Wed Mar 18 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.7-0.0
- initial package (#445965)