From 37a678151640f150e4d654fc1a9fdcc553810413 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Thu, 27 Dec 2007 10:42:01 +0000 Subject: get files ready for 0.5 release git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@539 ef36b2f9-881f-0410-afb5-c4e39611909c --- TODO | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index 793680b..9694f65 100644 --- a/TODO +++ b/TODO @@ -1,20 +1,19 @@ probably before we can call this stable --------------------------------------- * implement _nss_ldap_initgroups_dyn() -* clean up and refactor ldap server code * fix usage of strerror() as it is not thread safe * error out quickly when the LDAP server is down * fix race condition when setting signal mask in common/tio.c + (using pthread_sigmask() adds a dependency on the pthread library, + maybe we should switch back to stdio) * find problem with reachability of LDAP server -* get root/nonroot connections working properly -* fix a problem with spaces in DNs in configfile (base and binddn keywors) +* get root/nonroot connections working other items ----------- * set up (test) connection to LDAP server before creating socket * Debian packaging: maybe remove stuff from /etc/nsswitch.conf on remove or purge (maybe prompt?) -* support IPv6 in name (host address) lookups * probably document that you should use libpam-ldap for authentication without exposing the passwords through NSS * make a test suite (instructions for setting up environment (server), LDIF @@ -25,6 +24,8 @@ other items * maybe support netmasks (check README also) * reserve some threads in the server for root users (probably set up connection pools) (we currently have a connection per thread) +* maybe implement a connection object in the myldap module that is shared + by different sessions (sessions need to be cleaned up) * add sanity checking code (e.g. not too large buffer allocation and checking that host, user, etc do not contain funky characters) in all server modules * implement running under a different uid/gid (maybe chroot jail) @@ -36,16 +37,23 @@ other items * reconfigure or upgrade of Debian package should restart nslcd instead of stop and later on start * tune the filter and parameter buffer sizes -* in mkfilter_*() functions: add some check to see if the filter fits and log - an error (also see to it that the caller exists (e.g. declare return value - as must use)) * maybe document how to set up automounting in LDAP (Linux and Solaris) * make sure to translate timelimit 0 into timelimit -1 where needed * split out idle checking into separate function so we may be able to call it periodically from elsewhere (e.g. the main loop) * add an option to create an extra socket somewhere (so it may be used with chroot jails) -* make number of thread configurable in config -* make I/O timeout between NSS lib and daemon configurable at configure -* document the timout mechanism between client and server and document some - cases where this may cause problems +* make number of threads/connections configurable in config +* make I/O timeout between NSS lib and daemon configurable with configure +* ethers: also look in ipHostNumber attribute to look up an IPv4 (IPv6) + address and return it as an alternative entry +* protocols/rpc: the description attribute should be used as an alias? +* do more checks with failing LDAP connections (e.g. killing connections) +* maybe make myldap code thread-safe (use locking) +* review changes in nss_ldap and merge any useful changes +* maybe rate-limit LDAP entry warnings +* consider returning the canonical value as it is stored in LDAP, not + the requested value (they can differ in case) +* test non-ASCII characters in fields (mostly cn) +* implement attribute defaults (for when they're missing from the directory) +* implement attribute overrides (to always return a specific value, not matter what the directory says) -- cgit v1.2.3