From ba243579c4f745f11e6aceb6487b501a4495bd4f Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Thu, 30 Dec 2010 21:28:29 +0000 Subject: get files ready for 0.8.0 release git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1358 ef36b2f9-881f-0410-afb5-c4e39611909c --- TODO | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index 60f63e8..5399a5c 100644 --- a/TODO +++ b/TODO @@ -1,15 +1,10 @@ -* test reachability problems with LDAP server more * write more unit tests -* maybe implement a connection object in the myldap module that is shared - by different sessions (sessions need to be cleaned up) * add sanity checking code (e.g. not too large buffer allocation and checking that host, user, etc do not contain funky characters) in all server modules * log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute) * in the server: once the request is done pass the flushing of the buffers to a separate thread so our workers are available to handle new requests (test whether this actually improves performace) -* split out idle checking into separate function so we may be able to call it - periodically from elsewhere (e.g. the main loop) * add an option to create an extra socket somewhere (so it may be used in chroot jails) * make I/O timeout between NSS lib and daemon configurable with configure @@ -17,15 +12,23 @@ address and return it as an alternative entry (investigate whether this is sane) * protocols/rpc: the description attribute should be used as an alias? -* do more checks with failing LDAP connections (e.g. killing connections) -* maybe make myldap code thread-safe (use locking) * review changes in nss_ldap and merge any useful changes * maybe rate-limit LDAP entry warnings -* only parse nslcd.conf options if they are available on the platform -* maybe support memberOf attribute in passwd entries that map to groups * setnetgrent() may need to return an error if the netgroup is undefined * handle repeated calls to getent() better (see http://bugzilla.padl.com/show_bug.cgi?id=376) * make it possible to start nslcd real early in the boot process and have it become available when it determines it can (other timeout/retry mechanism on startup) * write a simple PAM test application +* make user/group name filtering configurable (with regular expression) + (perhaps even extend the filtering to other data) +* implement requesting and handling password policy information when binding + as a user +* integrate the FreeBSD code +* implement nested groups +* implement other services in nslcd: sudo and autofs are candidates +* restart unscd on postinst, just like nscd (or perhaps do nscd -i ) +* instead of library symbol, use environment variable to disable NSS module +* properly test Solaris support +* fix buffer handling in read_**string() functions (Solaris support) +* complete pynslcd implementation -- cgit v1.2.3