Arthur de Jong

- debian packaging: on installation a search is done for any

- reasonable configuration informatio (existing nss_ldap config,

- libnss_ldapd/debian/rules: clean up debian packaging a bit

- libnss_ldapd/doc: get rid of unneeded docs and integrate useful

- parts in topleven README

- depenency

- protocol logging (dunping the actual byte values read and

- simler and more compact framework to generate methods (one reader

- function to deserialize a struct from the stream and

- allocate a structure of a ceirtain type

- stuff has been removed, beacause we are going to do some major

- files containting keywords

-changes from nss_ldap to nss-ldapd 0.1

---------------------------------------

-* split code in NSS part and daemon part

-* new test code

-* many thanks to my employer, West Consulting, for allowing me

- to spend some work time on this fork

-* default configuration file location is changed to /etc/nss-ldapd.conf

-

- only provide improved behaviour for LDAP client libraries that support

-* initialise schema in getgroupsbymember()

-* use synchoronous searches for _nss_ldap_getbyname()

-* mass reindentation, GNU style

-

-before next release

--------------------

-* add a ChangeLog

-* fix permissions of created socket (so that non-root users will have access to nslcd)

-* debian package: install in /lib, not in /usr/lib (move in rules, this was hidden in debian/libnss-ldap.install in the old package)

-* add nslcd manual page

-* update all documentation

-* only set herrno on errors to fix hostname lookups?

-

-* clean up ldap server code

-* reserve some threads in the server for root

-* add HACKING document describing how to make modifications

-* set up connection to LDAP server before making NSLCD mechanims available (e.g. before creating socket)

-* debian packaging: maybe remove stuff from /etc/nsswitch.conf on purge

-* make lintian and linda clean

-* support ipv6?

-

-

-assorted

---------

-* rootdb is not much use in most nslcd configurations anyway since all nss

- requests are done as root (except shadow)

-* apparently shadow lookups are not done through nscd and will be done by the

- original process

-* probably disable this functionality for now and document the fact that you

- should use libpam-ldap for authentication without exposing the passwords

- through LDAP

-* FIXME: strerror() is not reentrant

-- remove dots from copyright statements

-- update copyright statements to be consistent throughout all files

-- change FSF address

-- add a warning somewhere as to when the NSS functions are available

-- set up a threading mechanism in the server process

-- reserve some threads in the server for root

-* IDEA - set up connection to LDAP server before making NSLCD mechanims available (e.g. before creating socket)

-* another way to prevent deadlocks is to pass some flag from nsldc to nss_ldap

-* look at packaging of libnss-mysql for lintian overrides and other things

-* look at http://svn.asta.mh-hannover.de/categories/python/pyauthd/

-* in all server modules add sanity checking code (e.g. not too large buffer allocation and checking that host, user, etc do not contain funky characters)

-* storing IPv6 address in LDAP is currently not supported (this needs to be implemented in the LDAP parsing end)

-* add netmask to network structure

-* rename server directory to nslcd

-* fix alignment problems in buffers

-* ISSUE: resolve.[ch] has license: BSD WITH ADVERTISING CLAUSE - GPL PROBLEM

-

-Please see http://bugzilla.padl.com for more information!

-http://bugzilla.padl.com/buglist.cgi?short_desc_type=allwordssubstr&short_desc=&product=nss_ldap&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&changedin=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Bug+Number&field0-0-0=noop&type0-0-0=noop&value0-0-0=

-

-BUGZILLA BUGS:

-==============

-

-BUGS 18, 19, 20, 34 would be good to fix soon.

-

-[BUG#12]

-- we should probably put the session, under Solaris, in the backend.

- We need to do so in a way that remains compatible with the GNU NSS,

- where I expect we need to open a connection for every lookup.

- In nscd, where the backends are cached, it doesn't make sense to keep

- opening and closing sockets to the LDAP server, particularly as the

- rebinding logic was put there to *allow* the connection to be long

- lived (marked RESOLVED LATER; a single connection is now used per

- process)

-

-[BUG#12]

-- ditto for IRS: the private data should contain the session and be long

- lived.

-

-[BUG#13]

-- we could clean up the text segment a bit by generating filters on the

- fly from object classes and attributes, instead of storing them. This

- seems to be important under Solaris as the linker doesn't intern strings (?)

- All that filter-constructing stuff in the ldap-*.h headers is UGLY.

- (marked RESOLVED LATER)

-

-[BUG#14]

-- infinite recursion is host lookup -- libldap uses gethostbyname(). Perhaps

- we should link with a custom gethostbyname() which uses DNS only??? (This

- is nominally the LDAP client library's problem but we could short-circuit

- by resolving the IP addresses ourselves). (marked RESOLVED INVALID)

-

-[BUG#16]

-- finish implementing dl-*.c (LOW priority). In fact I'm tempted to remove

- this from the line up: SGI have their own LDAP C library support, and

- so do DEC (with SIA). (removed dl-*.c; marked RESOLVED WONTFIX)

-

-[BUG#17]

-- implement gethostbyname2() and

- debug IPv6 support in ldap-hosts.c (and ldap-network.c?) (Uli?)

-

-[BUG#19]

-- add support for DHCP and coldstart configuration. Coldstart should

- update /etc/ldap.conf (/var/ldap/LDAP_CLIENT_CACHE?). Should probably

- add support for the HP/Sun server profile schema (marked RESOLVED

- LATER)

-

-[BUG#21]

-- write testsuite (marked RESOLVED LATER)

-

-[BUG#22]

-- support for bootparams map (marked RESOLVED LATER)

-

-[BUG#34]

-- shells hang on Solaris for LDAP users (marked RESOLVED LATER;

-Solaris 7 users get patch cluster 106541-12)

-

-[BUG#49]

-- race condition in ldap-nss.c (FIXED in nss_ldap-121)

-

-[BUG#50]

-- check return value of ldap_simple_bind() (FIXED in nss_ldap-122)

-

-[BUG#63]

-- integrate support for runtime schema mapping (FIXED in nss_ldap-168)

-

-To: linux-ldap@rage.net

-Cc: ldap-nis@padl.com

-Subject: Re: Netgroups [in nss_ldap]

-Fcc: +outgoing

-Reply-To: lukeh@padl.com

-

-[ ldap-nis readers may find this interesting. ]

-

-Matt,

-

->Ok, i am going to see if I can do something with netgroups. Which of

->the services would be best to model ldap-netgrp.c after?

->

->I am not familiar with adding a new service to nss_ldap. What is

->involved? Do you think you could give a general overview of what has

->to happen to get the netgroup service doing SOMETHING?

-

-First, you need to familiarize yourself with the netgroup resolution

-APIs. It's important that you implement something that works for both

-Solaris and the GNU C Library (and, possibly, the BIND IRS, although

-no one seems to be particularly interested in that switch). I haven't

-looked into them in great detail. You'll need to create ldap-netgrp.c

-(rip off ldap-pwd.c for starters). and implement the following:

-RELEASE_MONTH="Nov 2006"

- * This is a fork from the libnss-ldap package.

-

- -- Arthur de Jong <adejong@debian.org> Thu, 7 Dec 2006 12:04:11 +0100