Improved Active Directory Support in nss_ldap

The latest release of nss_ldap includes improved support for Active Directory, including:

• expansion of nested groups
• incremental retrieval of multi-valued attributes (range attribute option)
• performance improvements for large groups (--with-ngroups configure option)
• Berkeley DB is no longer required for schema mapping
• fix for a bug which could cause nss_ldap to crash if it reconnected the LDAP server during a nested search

This version also features improved support for AIX. More information on nss_ldap is here.

pam_ldap now supports SASL interactive authentication for secure authentication without the overhead of SSL/TLS. Supported mechanisms include DIGEST-MD5 and CRAM-MD5.