From d9c72b224ab23cab557659f8a9cc9874a3ee9b6b Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sun, 30 Jan 2011 15:43:24 -0500
Subject: [PATCH] Mention LDAP attribute compatibility status.

---
 doc/UPGRADE | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/doc/UPGRADE b/doc/UPGRADE
index fb2711991..0de00a6b0 100644
--- a/doc/UPGRADE
+++ b/doc/UPGRADE
@@ -1,6 +1,28 @@
 Notes on upgrading from an older release
 ========================================
 
+o Upgrading from a version prior to 1.7.5:
+
+    Sudo 1.7.5 includes an updated LDAP schema with support for
+    the sudoNotBefore, sudoNotAfter and sudoOrder attributes.
+
+    The sudoNotBefore and sudoNotAfter attribute support is only
+    used when the SUDOERS_TIMED setting is enabled in ldap.conf.
+    If enabled, those attributes are used directly when constructing
+    an LDAP filter.  As a result, your LDAP server must have the
+    updated schema if you want to use sudoNotBefore and sudoNotAfter.
+
+    The sudoOrder support does not affect the LDAP filter sudo
+    constructs and so there is no need to explicitly enable it in
+    ldap.conf.  If the sudoOrder attribute is not present in an
+    entry, a value of 0 is used.  If no entries contain sudoOrder
+    attributes, the results are in whatever order the LDAP server
+    returns them, as in past versions of sudo.
+
+    Older versions of sudo will simply ignore the new attributes
+    if they are present in an entry.  There are no compatibility
+    problems using the updated schema with older versions of sudo.
+
 o Upgrading from a version prior to 1.7.4:
 
     Starting with sudo 1.7.4, the time stamp files have moved from
-- 
2.40.0