probably before we can call this stable --------------------------------------- * implement _nss_ldap_initgroups_dyn() * split out configuration part into own source file * clean up and refactor ldap server code * FIXME: strerror() is not reentrant * align stuff in buffer (e.g. arrays of pointers) * resolve.[ch] has license: BSD WITH ADVERTISING CLAUSE - LGPL problem? * get rootbindpw in Debian package working again * rewrite nss-ldapd.conf(5) manual page other items ----------- * another way to prevent deadlocks is to pass some flag from nsldc to nss_ldap (this however will not work if nscd is used) * set up connection to LDAP server before making NSLCD mechanism available (e.g. before creating socket) * Debian packaging: maybe remove stuff from /etc/nsswitch.conf on purge * support ipv6 in name (host address) lookups * support ipv6 in LDAP connections (investigate if OpenLDAP supports it) * set up a compat directory where we can have compatibility wrappers * probably disable rootbinddn for now and document the fact that you should use libpam-ldap for authentication without exposing the passwords through LDAP * redo the attribute mapping stuff * make a test suite (instructions for setting up environment (server), LDIF file, nsswitch.conf and nss-ldapd.conf) * support bootparams (check README also) * support publickey (check README also) * support netmasks (check README also) * add a warning somewhere as to when the NSS functions are available * reserve some threads in the server for root users * check FSF address * add sanity checking code (e.g. not too large buffer allocation and checking that host, user, etc do not contain funky characters) in all server modules * implement running under a different uid/gid (maybe chroot jail) * probably switch version numbering scheme back to three numbers with a 1.0.0 release * think of a way to preserve the case-sensitive nature of NSS (while maintaining the case insensitive LDAP) * maybe remove dh_makeshlibs from debian/rules (probably not needed) * maybe move library to /usr/lib * include a generic init script * debconf: see if we can read shared values as default in case of missing config