High Performance User Lookup and Authentication (HULA) provides a library for the Communications Suite to achieve consistent user lookup semantics as, for example, domainmap does for domain lookups. With HULA, the following interface changes will affect the MMP:
HULA has been implemented in multiple releases. This release supports the MMP implementation of HULA. The next release supports HULA implementation in the Message Store and the MTA.
The following interface changes will affect the MMP:
The MMP now supports user status attributes. Prior to this release, the MMP relied on the back-end servers to enforce user status. This change reduces load on the back-end during user migration scenarios.
The MMP log messages have been normalized to always include an integer connection ID which is not reused during the MMP process lifetime. Previously, the MMP messages used a hex connection context address which could be reused. Furthermore, the lpool layer used a different context address that was difficult to correlate. Now the MMP, hula and lpool layers will all use the same ID.
The MMP debug log level configuration setting now uses syslog-style log levels rather than unspecified numeric levels. The LogLevel option used to default to 1; it now defaults to 5 (LOG_NOTICE). Values below 3 produce no output. Values from 3 (LOG_ERR) to 7 (LOG_DEBUG) provide different quantities of output in the debug log.
The MMP will now support the following additional MTA options from option.dat: LDAP_DOMAIN_FILTER_SCHEMA1, LDAP_DOMAIN_FILTER_SCHEMA2, LDAP_ATTR_DOMAIN1_SCHEMA2, LDAP_ATTR_DOMAIN2_SCHEMA2, LDAP_ATTR_DOMAIN_SEARCH_FILTER, LDAP_DOMAIN_ATTR_BASEDN, LDAP_DOMAIN_ATTR_CANONICAL, LDAP_DOMAIN_ATTR_ALIAS, LDAP_UID, LDAP_DOMAIN_ATTR_UID_SEPARATOR, LDAP_DOMAIN_ATTR_STATUS, LDAP_DOMAIN_ATTR_MAIL_STATUS, LDAP_USER_STATUS, LDAP_USER_MAIL_STATUS.
The ident support in TCP access filters was implemented but untested in previous releases. A warning was placed in the manual that ident support was deprecated several releases ago. The new code does not implement support for ident. Filters which require ident will cause authentication to fail with an error.
Previous versions of MMP permitted user names with any UTF-8 character although this was untested. HULA enforces correct UTF-8 syntax and forbids overlong encodings and surrogates.