User lookup and authentication is now performed by a library that all processes should be using. The result is more consistent and faster authentication.
This release supports the MMP implementation. The next release supports implementation in the Message Store and the MTA.
The following interface changes will affect the MMP:
The MMP now supports user status attributes. Prior to this release, the MMP relied on the back-end servers to enforce user status. This change reduces load on the back-end during user migration scenarios.
The MMP log messages have been normalized to always include an integer connection id which is not reused during the MMP process lifetime. Previously, the MMP messages used a hex connection context address which could be reused. Furthermore, the lpool layer used a different context address that was difficult to correlate. Now the MMP, hula and lpool layers will all use the same ID.
The MMP debug log level configuration setting now uses syslog-style log levels rather than unspecified numeric levels. The LogLeveloption used to default to 1; it now defaults to 5 (LOG_NOTICE). Values below 3 produce no output. Values from 3 (LOG_ERR) to 7 (LOG_DEBUG) provide different quantities of output in the debug log.
The MMP will now support the following additional MTA options from option.dat: LDAP_DOMAIN_FILTER_SCHEMA1, LDAP_DOMAIN_FILTER_SCHEMA2, LDAP_ATTR_DOMAIN1_SCHEMA2, LDAP_ATTR_DOMAIN2_SCHEMA2, LDAP_ATTR_DOMAIN_SEARCH_FILTER, LDAP_DOMAIN_ATTR_BASEDN, LDAP_DOMAIN_ATTR_CANONICAL, LDAP_DOMAIN_ATTR_ALIAS, LDAP_UID, LDAP_DOMAIN_ATTR_UID_SEPARATOR, LDAP_DOMAIN_ATTR_STATUS, LDAP_DOMAIN_ATTR_MAIL_STATUS, LDAP_USER_STATUS, LDAP_USER_MAIL_STATUS.
The ident support in TCP access filters was implemented but untested in previous releases. A warning was placed in the manual that ident support was deprecated several releases ago. The new code does not implement support for ident. Filters which require identwill cause authentication to fail with an error.
Previous versions of MMP permitted user names with any UTF-8 character although this was untested. Correct UTF-8 syntax is now enforced, and overlong encodings and surrogates are fobidden.