"Fossies" - the Fresh Open Source Software Archive

Member "nss_ldap-265/NEWS" (6 Nov 2009, 5345 Bytes) of package /linux/privat/old/nss_ldap-265.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 #ident $Id: NEWS,v 2.5 2004/06/19 05:23:05 lukeh Exp $
    2 
    3 Please contact PADL Software Development Support <dev@padl.com>
    4 if you wish to contribute.
    5 
    6 Please see http://bugzilla.padl.com for more information!
    7 
    8 BUGZILLA BUGS:
    9 ==============
   10 
   11 BUGS 18, 19, 20, 34 would be good to fix soon.
   12 
   13 [BUG#12]
   14 - we should probably put the session, under Solaris, in the backend. 
   15   We need to do so in a way that remains compatible with the GNU NSS,
   16   where I expect we need to open a connection for every lookup.
   17   In nscd, where the backends are cached, it doesn't make sense to keep
   18   opening and closing sockets to the LDAP server, particularly as the
   19   rebinding logic was put there to *allow* the connection to be long
   20   lived (marked RESOLVED LATER; a single connection is now used per
   21   process)
   22 
   23 [BUG#12]
   24 - ditto for IRS: the private data should contain the session and be long
   25   lived. 
   26 
   27 [BUG#13]
   28 - we could clean up the text segment a bit by generating filters on the
   29   fly from object classes and attributes, instead of storing them. This
   30   seems to be important under Solaris as the linker doesn't intern strings (?)
   31   All that filter-constructing stuff in the ldap-*.h headers is UGLY.
   32   (marked RESOLVED LATER)
   33 
   34 [BUG#14]
   35 - infinite recursion is host lookup -- libldap uses gethostbyname(). Perhaps
   36   we should link with a custom gethostbyname() which uses DNS only??? (This
   37   is nominally the LDAP client library's problem but we could short-circuit
   38   by resolving the IP addresses ourselves). (marked RESOLVED INVALID)
   39 
   40 [BUG#16]
   41 - finish implementing dl-*.c  (LOW priority). In fact I'm tempted to remove
   42   this from the line up: SGI have their own LDAP C library support, and
   43   so do DEC (with SIA). (removed dl-*.c; marked RESOLVED WONTFIX)
   44 
   45 [BUG#17]
   46 - implement gethostbyname2() and
   47   debug IPv6 support in ldap-hosts.c (and ldap-network.c?) (Uli?)
   48 
   49 [BUG#19]
   50 - add support for DHCP and coldstart configuration. Coldstart should
   51   update /etc/ldap.conf (/var/ldap/LDAP_CLIENT_CACHE?). Should probably
   52   add support for the HP/Sun server profile schema (marked RESOLVED
   53   LATER)
   54 
   55 [BUG#21]
   56 - write testsuite (marked RESOLVED LATER)
   57 
   58 [BUG#22]
   59 - support for bootparams map (marked RESOLVED LATER)
   60 
   61 [BUG#34]
   62 - shells hang on Solaris for LDAP users (marked RESOLVED LATER;
   63 Solaris 7 users get patch cluster 106541-12)
   64 
   65 [BUG#49]
   66 - race condition in ldap-nss.c (FIXED in nss_ldap-121)
   67 
   68 [BUG#50]
   69 - check return value of ldap_simple_bind() (FIXED in nss_ldap-122)
   70 
   71 [BUG#63]
   72 - integrate support for runtime schema mapping (FIXED in nss_ldap-168)
   73 
   74 To: linux-ldap@rage.net
   75 Cc: ldap-nis@padl.com
   76 Subject: Re: Netgroups [in nss_ldap]
   77 Fcc: +outgoing
   78 Reply-To: lukeh@padl.com
   79 
   80 [ ldap-nis readers may find this interesting. ]
   81 
   82 Matt,
   83 
   84 >Ok, i am going to see if I can do something with netgroups. Which of
   85 >the services would be best to model ldap-netgrp.c after?
   86 >
   87 >I am not familiar with adding a new service to nss_ldap. What is
   88 >involved? Do you think you could give a general overview of what has
   89 >to happen to get the netgroup service doing SOMETHING?
   90 
   91 First, you need to familiarize yourself with the netgroup resolution
   92 APIs. It's important that you implement something that works for both
   93 Solaris and the GNU C Library (and, possibly, the BIND IRS, although
   94 no one seems to be particularly interested in that switch).  I haven't
   95 looked into them in great detail. You'll need to create ldap-netgrp.c
   96 (rip off ldap-pwd.c for starters). and implement the following:
   97 
   98 Linux
   99 =====
  100 
  101 NSS_STATUS
  102 _nss_ldap_setnetgrent(const char *group, struct __netgrent *result);
  103 
  104 NSS_STATUS
  105 _nss_ldap_endnetgrent(struct __netgrent *result);
  106 
  107 NSS_STATUS
  108 _nss_ldap_getnetgrent_r(struct __netgrent *result, char *buffer,
  109 	size_t buflen, int *errnop);
  110 
  111 Because netgroups are just triples in LDAP, you should be able to avail
  112 yourself of the _nss_netgroup_parseline() helper function. (Having
  113 the glibc source handy would be helpful.) Call this from the parser
  114 (see below) for values of the "nisNetgroupTriple" attribute.
  115 
  116 Solaris
  117 =======
  118 
  119 Check out /usr/include/nss_dbdefs.h. It looks pretty hairy:
  120 FYI, let's look at how a user is resolved:
  121 
  122 NSS_STATUS
  123 _nss_ldap_getpwnam_r (
  124                        const char *name,
  125                        struct passwd * result,
  126                        char *buffer,
  127                        size_t buflen,
  128                        int *errnop)
  129 {
  130   LOOKUP_NAME (name, result, buffer, buflen, errnop, filt_getpwnam, pw_attributes, _nss_ldap_parse_pw);
  131 }
  132 
  133 The LOOKUP_NAME macro marshalls arguments to pass to
  134 _nss_ldap_getbyname(), which is responsible for searching in the
  135 directory. If the search is successful, this function will call
  136 the parser (_nss_ldap_parse_pw()) with the LDAP result, and
  137 the buffers supplied by the user. The parser is responsible
  138 for mapping the LDAP entry into a struct pwent or whatever.
  139 There are helper functions provided for doing such, for example
  140 _nss_ldap_assign_attrval():
  141 
  142   stat = _nss_ldap_assign_attrval (ld, e, LDAP_ATTR_USERNAME, &pw->pw_name, &buffer, &buflen);
  143   if (stat != NSS_SUCCESS)
  144 
  145 This model works well when there is a 1:1 mapping between LDAP
  146 entries and entities that the host API is responsible for. Things
  147 get a bit trickier for things like getgroupsbymember(). Hope
  148 this helps. Note that for Solaris, each backend has a dispatch
  149 table, a "constructor" (_nss_ldap_passwd_constr, for example).