- Previously, a fixed size buffer to store the LDAP configuration could exceed its size. As a consequence, nss_ldap failed when it was used with certain large configurations, especially on 64-bit architectures where pointers in internal data structures occupy twice as much space in the buffer as on 32-bit architectures. This caused situations where a certain LDAP configuration worked on 32-bit architecture but not on 64-bit architecture. With this update, the size of the buffer has been increased to 64 KB, and nss_ldap now works correctly with LDAP configurations that do not exceed the size of 64 KB.
- Previously, nss_ldap did not correctly handle the situation where "unreadable" files were present in the CA certificate directory. Consequently, nss_ldap failed when resolving usernames and groups while using TLS even if a valid readable certificate was available. This update corrects the problem and nss_ldap now ignores files that are not world readable and uses the readable certificate files as expected.
- In certain cases, nss_ldap failed to get a response from the Lightweight Directory Access Protocol (LDAP) server and the client became temporarily unable to query the server. This update applies a patch which improves the code and the server now responds as expected.
- The LDAP server stored its configuration in a fixed-size buffer that could have been exceeded with large configurations, thus causing nss_ldap to fail. This was especially likely to occur on 64-bit architectures where pointers to internal data structures occupy twice as much space in the buffer as on 32-bit architectures. This caused situations where a certain ldap configuration worked on 32-bit architecture but not on 64-bit architecture. With this update, the code has been modified to allow the use of larger ldap configurations without exceeding the buffer and nss_ldap now works correctly.
- Prior to this update, nss_ldap did not select the closest DNS records, but always selected the first record returned by DNS. This update changes the behavior to select the records based on the priority and weight fields.