Ryan Tandy authored Apr 07, 2020 and Quanah Gibson-Mount committed Apr 21, 2020

Based on initial patch by Peter Marschall.

Peter Marschall authored Apr 05, 2020 and Quanah Gibson-Mount committed Apr 21, 2020

Add manual page slapd-pw-argon2.5 and make sure it gets installed.
Signed-off-by: Peter Marschall <peter@adpm.de>

Simon Levermann authored Jan 25, 2017 and Quanah Gibson-Mount committed Apr 21, 2020

This change implements argon2, which won the Password Hashing
Competition (https://password-hashing.net/) as a contrib-module in order
to provide a modern password hashing alternative in openldap. The
currently available password hashing algorithms are relatively old, and
modern hardware, especially GPUs can compute quite a few (ranging from
tens of thousands to millions) of hashes per second. Argon2 was designed
to withstand such attacks.

This implementation uses the default work factors used in the argon2
command line client, but the resulting hashes are stored in a way that
would allow retroactive changes to these values, or even exposing them
as configuration in the module.

Ryan Tandy authored Apr 03, 2020 and Quanah Gibson-Mount committed Apr 16, 2020

init.c: align mi_dbenv_flags and flags with mdb_dbi_open, which declares
flags as unsigned int.

search.c: align mi_rtxn_size with ARG_UINT; adjust ww_ctx.nentries to
silence a warning about signed/unsigned comparison.

config.c: parse checkpoint config more carefully. Reject negative or
unreasonably large values for kbytes and minutes. Ensure both values are
parsed successfully before making any changes.

Fixes a compilation failure under MinGW, where stdint.h types are not
implicitly pulled in by other headers.

Ryan Tandy authored Sep 01, 2019 and Quanah Gibson-Mount committed Apr 16, 2020

MinGW targets do not have the <sys/socket.h> header. The configure check
would conclude that there is no socklen_t type, resulting in portable.h
containing its own definition of socklen_t, which would later conflict
with the actual definition in <ws2tcpip.h>.

Add <ws2tcpip.h> to the configure check for socklen_t, so that the
defined type is correctly detected.

Howard Chu authored Apr 12, 2020 and Quanah Gibson-Mount committed Apr 13, 2020

Always retry ldap_int_tls_connect() if it didn't complete,
regardless of blocking or non-blocking socket. Code from
ITS#7428 was wrong to only retry for async.

Add BDB dev package

Note that with slapd-ldap, the special character "*" actually allows anonymous rather than denies, as is the case with authz-policy

Fixes potential segfault in ldapsearch

Thorsten Glaser authored Aug 01, 2018 and Quanah Gibson-Mount committed Feb 06, 2020

No functional impact

    Update config.guess and config.sub from official upstream project at https://savannah.gnu.org/projects/config/

    Specifically in this case, commit 5256817ace8493502ec88501a19e4051c2e220b0 for the date Wed Jan 1 19:36:58 2020 +1100