--- nss_ldap-238/ChangeLog	2005-03-24 12:03:40.000000000 +1200
+++ nss_ldap-251/ChangeLog	2006-06-22 14:39:26.000000000 +1200
@@ -1,6 +1,140 @@
-$Id: ChangeLog,v 2.331 2005/03/24 00:03:03 lukeh Exp $
+$Id: ChangeLog,v 2.374 2006/05/15 08:13:44 lukeh Exp $
 ===============================================================
 
+251	Luke Howard <lukeh@padl.com>
+
+	* remove doc/rfc2307.txt, it is available from
+	  http://www.ietf.org/rfc/rfc2307.txt
+	* make objectClass a mappable attribute
+
+250	Luke Howard <lukeh@padl.com>
+
+	* don't use static _nss_ldap_no_members buffer,
+	  causes crash when nss_ldap is unloaded and memory
+	  is still referenced
+	* fix for BUG#249: tcsh closes file descriptors,
+	  confuses nss_ldap and hangs (from David Houlder)
+	* fix for BUG#257: initgroups() broken in RFC2307bis
+	  support disabled
+	* fix for BUG#261: sslpath example wrong
+	* fix for BUG#263: compile do_triple_permutations()
+	  when IRS enabled
+
+249	Luke Howard <lukeh@padl.com>
+
+	* fix for BUG#253: build broken on AIX
+	* fix for BUG#255: deadlock in initgroups
+
+248	Luke Howard <lukeh@padl.com>
+
+	* fix regression in per-objectclass attribute mapping
+	  introduced in nss_ldap-246
+
+247	Luke Howard <lukeh@padl.com>
+
+	* double-check *ld != NULL even if mapped eror return
+	  from ldap_initialize() returns NSS_SUCCESS
+
+246	Luke Howard <lukeh@padl.com>
+
+	* paged results and RFC2307bis support are now always
+	  compiled in; they are by default disabled unless
+	  you configured with --enable-paged-results and
+	  --enable-rfc2307bis, respectively. See nss_ldap(5)
+	  for configuration options.
+	* fix for BUG#219: paged results delivers wrong results
+	* fix for BUG#222: use asynchronous start TLS if
+	  available, using bind_timeout value
+	* fix for BUG#235: make DNS SRV lookup domain
+	  configurable (nss_srv_domain)
+	* fix for BUG#240: return "*" rather than "x" for
+	  userPassword if not present
+	* fix for BUG#245: paged results broken since nss_ldap-241
+	* patch from Ralf Haferkamp <rhafer@suse.de>:
+	  compile fix for IPv6
+	* compile for Solaris
+	* schema mapping is always enabled, cleanup schema
+	  mapping code
+	* allow for map-specific objectclass mapping
+	* partial implementation of Solaris Simplified LDAP
+	  API, allows automountd support on Solaris via nss_ldap
+	* for Linux automounter, always close connection after
+	  endautomntent() to avoid persistent connection
+	* add nss_connect_policy argument to ldap.conf
+
+245	Luke Howard <lukeh@padl.com>
+
+	* don't leak LDAP connection if do_bind() failed or
+	  descriptor owner had changed. If do_bind() failed the
+	  underlying descriptor would also be leaked, causing a
+	  large number of sockets to be consumed during failover
+	* add nss_initgroups_ignoreusers parameter to ldap.conf,
+	  returns NOTFOUND if nss_ldap's initgroups() is called
+	  for users (comma separated)
+	* try to deal with systems that have headers for both
+	  versions of the SASL library installed
+	* better logging of failed connections and reconnections
+	* patch from Dean Michaels <dean@interdynamix.com>:
+	  build with Netscape 5 library on Solaris
+	* patch from Ralf Haferkamp <rhafer@suse.de>:
+	  manual page fix to bind_policy
+
+244	Luke Howard <lukeh@padl.com>
+
+	* patch from Ralf Haferkamp <rhafer@suse.de>:
+	  enusre bytesleft macro does not return values < 0
+	* include <sys/param.h> in ldap-nss.c
+
+243	Luke Howard <lukeh@padl.com>
+
+	* fix for BUG#225: invalid pointer dereferencing when
+	  reading rootpw
+
+242	Luke Howard <lukeh@padl.com>
+
+	* fixes for compiling on Solaris 10
+
+241	Luke Howard <lukeh@padl.com>
+
+	* new, more robust reconnection logic
+	* both "host" and "uri" directives can be used in
+	  ldap.conf
+	* new (undocumented) nss_reconnect_tries,
+	  nss_reconnect_sleeptime, nss_reconnect_maxsleeptime,
+	  nss_reconnect_maxconntries directives
+	* reload configuration file if changed
+
+240	Luke Howard <lukeh@padl.com>
+
+	* new API for resolving automounts (requires custom
+	  autofs plugin for Linux at present):
+	  _nss_ldap_setautomntent(), _nss_ldap_getautomntent(),
+	  _nss_ldap_endautomntent(), _nss_ldap_getautomntbyname_r()
+	* fix for BUG#200: rename SOCKLEN_T as it conflicts on AIX
+	* fix for BUG#205: accept line feeds in ldap.conf
+	* fix for BUG#211: nss_ldap fails to start TLS on referred
+	  connections
+	* fix for BUG#213: initgroups crash if RFC2307bis undefined
+	* turn down reconnection logging volume
+
+239	Luke Howard <lukeh@padl.com>
+
+	* support for initgroups using backlinks (selectable
+	  at runtime if RFC2307bis support is enabled, using
+	  the nss_initgroups backlink configuration directive)
+	* support for dynamically expanding filter sizes
+	* from Peter Marschall <peter@adpm.de>:
+	  revert the deletion of blanks/tabs in ldap.conf that
+	  happened between 235 and 238
+	* from Peter Marschall <peter@adpm.de>:
+	  This patch changes configure.in and Makefile.am so that
+	  ldap.conf gets installed in the place and with the name
+	  that is given to the configure option --with-ldap-conf-file.
+	  In addition to that it fixes a long standing bug in
+	  Makefile.am that tries to install a file before the
+	  destination directory is guaranteed to be created (hunk #3),
+	  and uses $(mkinstalldirs) for AIX (hunk #2).
+
 238	Luke Howard <lukeh@padl.com>
 
 	* more manual page updates