"Fossies" - the Fresh Open Source Software Archive 
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1 #ident $Id: NEWS,v 2.5 2004/06/19 05:23:05 lukeh Exp $
2
3 Please contact PADL Software Development Support <dev@padl.com>
4 if you wish to contribute.
5
6 Please see http://bugzilla.padl.com for more information!
7
8 BUGZILLA BUGS:
9 ==============
10
11 BUGS 18, 19, 20, 34 would be good to fix soon.
12
13 [BUG#12]
14 - we should probably put the session, under Solaris, in the backend.
15 We need to do so in a way that remains compatible with the GNU NSS,
16 where I expect we need to open a connection for every lookup.
17 In nscd, where the backends are cached, it doesn't make sense to keep
18 opening and closing sockets to the LDAP server, particularly as the
19 rebinding logic was put there to *allow* the connection to be long
20 lived (marked RESOLVED LATER; a single connection is now used per
21 process)
22
23 [BUG#12]
24 - ditto for IRS: the private data should contain the session and be long
25 lived.
26
27 [BUG#13]
28 - we could clean up the text segment a bit by generating filters on the
29 fly from object classes and attributes, instead of storing them. This
30 seems to be important under Solaris as the linker doesn't intern strings (?)
31 All that filter-constructing stuff in the ldap-*.h headers is UGLY.
32 (marked RESOLVED LATER)
33
34 [BUG#14]
35 - infinite recursion is host lookup -- libldap uses gethostbyname(). Perhaps
36 we should link with a custom gethostbyname() which uses DNS only??? (This
37 is nominally the LDAP client library's problem but we could short-circuit
38 by resolving the IP addresses ourselves). (marked RESOLVED INVALID)
39
40 [BUG#16]
41 - finish implementing dl-*.c (LOW priority). In fact I'm tempted to remove
42 this from the line up: SGI have their own LDAP C library support, and
43 so do DEC (with SIA). (removed dl-*.c; marked RESOLVED WONTFIX)
44
45 [BUG#17]
46 - implement gethostbyname2() and
47 debug IPv6 support in ldap-hosts.c (and ldap-network.c?) (Uli?)
48
49 [BUG#19]
50 - add support for DHCP and coldstart configuration. Coldstart should
51 update /etc/ldap.conf (/var/ldap/LDAP_CLIENT_CACHE?). Should probably
52 add support for the HP/Sun server profile schema (marked RESOLVED
53 LATER)
54
55 [BUG#21]
56 - write testsuite (marked RESOLVED LATER)
57
58 [BUG#22]
59 - support for bootparams map (marked RESOLVED LATER)
60
61 [BUG#34]
62 - shells hang on Solaris for LDAP users (marked RESOLVED LATER;
63 Solaris 7 users get patch cluster 106541-12)
64
65 [BUG#49]
66 - race condition in ldap-nss.c (FIXED in nss_ldap-121)
67
68 [BUG#50]
69 - check return value of ldap_simple_bind() (FIXED in nss_ldap-122)
70
71 [BUG#63]
72 - integrate support for runtime schema mapping (FIXED in nss_ldap-168)
73
74 To: linux-ldap@rage.net
75 Cc: ldap-nis@padl.com
76 Subject: Re: Netgroups [in nss_ldap]
77 Fcc: +outgoing
78 Reply-To: lukeh@padl.com
79
80 [ ldap-nis readers may find this interesting. ]
81
82 Matt,
83
84 >Ok, i am going to see if I can do something with netgroups. Which of
85 >the services would be best to model ldap-netgrp.c after?
86 >
87 >I am not familiar with adding a new service to nss_ldap. What is
88 >involved? Do you think you could give a general overview of what has
89 >to happen to get the netgroup service doing SOMETHING?
90
91 First, you need to familiarize yourself with the netgroup resolution
92 APIs. It's important that you implement something that works for both
93 Solaris and the GNU C Library (and, possibly, the BIND IRS, although
94 no one seems to be particularly interested in that switch). I haven't
95 looked into them in great detail. You'll need to create ldap-netgrp.c
96 (rip off ldap-pwd.c for starters). and implement the following:
97
98 Linux
99 =====
100
101 NSS_STATUS
102 _nss_ldap_setnetgrent(const char *group, struct __netgrent *result);
103
104 NSS_STATUS
105 _nss_ldap_endnetgrent(struct __netgrent *result);
106
107 NSS_STATUS
108 _nss_ldap_getnetgrent_r(struct __netgrent *result, char *buffer,
109 size_t buflen, int *errnop);
110
111 Because netgroups are just triples in LDAP, you should be able to avail
112 yourself of the _nss_netgroup_parseline() helper function. (Having
113 the glibc source handy would be helpful.) Call this from the parser
114 (see below) for values of the "nisNetgroupTriple" attribute.
115
116 Solaris
117 =======
118
119 Check out /usr/include/nss_dbdefs.h. It looks pretty hairy:
120 FYI, let's look at how a user is resolved:
121
122 NSS_STATUS
123 _nss_ldap_getpwnam_r (
124 const char *name,
125 struct passwd * result,
126 char *buffer,
127 size_t buflen,
128 int *errnop)
129 {
130 LOOKUP_NAME (name, result, buffer, buflen, errnop, filt_getpwnam, pw_attributes, _nss_ldap_parse_pw);
131 }
132
133 The LOOKUP_NAME macro marshalls arguments to pass to
134 _nss_ldap_getbyname(), which is responsible for searching in the
135 directory. If the search is successful, this function will call
136 the parser (_nss_ldap_parse_pw()) with the LDAP result, and
137 the buffers supplied by the user. The parser is responsible
138 for mapping the LDAP entry into a struct pwent or whatever.
139 There are helper functions provided for doing such, for example
140 _nss_ldap_assign_attrval():
141
142 stat = _nss_ldap_assign_attrval (ld, e, LDAP_ATTR_USERNAME, &pw->pw_name, &buffer, &buflen);
143 if (stat != NSS_SUCCESS)
144
145 This model works well when there is a 1:1 mapping between LDAP
146 entries and entities that the host API is responsible for. Things
147 get a bit trickier for things like getgroupsbymember(). Hope
148 this helps. Note that for Solaris, each backend has a dispatch
149 table, a "constructor" (_nss_ldap_passwd_constr, for example).