probably before we can call this stable --------------------------------------- * implement _nss_ldap_initgroups_dyn() * fix usage of strerror() as it is not thread safe * error out quickly when the LDAP server is down * fix race condition when setting signal mask in common/tio.c (using pthread_sigmask() adds a dependency on the pthread library, maybe we should switch back to stdio) * find problem with reachability of LDAP server * get root/nonroot connections working other items ----------- * set up (test) connection to LDAP server before creating socket * Debian packaging: maybe remove stuff from /etc/nsswitch.conf on remove or purge (maybe prompt?) * probably document that you should use libpam-ldap for authentication without exposing the passwords through NSS * make a test suite (instructions for setting up environment (server), LDIF file, nsswitch.conf and nss-ldapd.conf) * write more unit tests * maybe support bootparams (check README also) * maybe support publickey (check README also) * maybe support netmasks (check README also) * reserve some threads in the server for root users (probably set up connection pools) (we currently have a connection per thread) * maybe implement a connection object in the myldap module that is shared by different sessions (sessions need to be cleaned up) * add sanity checking code (e.g. not too large buffer allocation and checking that host, user, etc do not contain funky characters) in all server modules * implement running under a different uid/gid (maybe chroot jail) * maybe remove dh_makeshlibs from debian/rules (probably not needed) * include a generic init script * log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute) * in the server: once the request is done pass the flushing of the buffers to a separate thread so our workers are available to handle new requests * reconfigure or upgrade of Debian package should restart nslcd instead of stop and later on start * tune the filter and parameter buffer sizes * maybe document how to set up automounting in LDAP (Linux and Solaris) * make sure to translate timelimit 0 into timelimit -1 where needed * split out idle checking into separate function so we may be able to call it periodically from elsewhere (e.g. the main loop) * add an option to create an extra socket somewhere (so it may be used with chroot jails) * make number of threads/connections configurable in config * make I/O timeout between NSS lib and daemon configurable with configure * ethers: also look in ipHostNumber attribute to look up an IPv4 (IPv6) address and return it as an alternative entry * protocols/rpc: the description attribute should be used as an alias? * do more checks with failing LDAP connections (e.g. killing connections) * maybe make myldap code thread-safe (use locking) * review changes in nss_ldap and merge any useful changes * maybe rate-limit LDAP entry warnings * consider returning the canonical value as it is stored in LDAP, not the requested value (they can differ in case) * test non-ASCII characters in fields (mostly cn) * implement attribute defaults (for when they're missing from the directory) * implement attribute overrides (to always return a specific value, not matter what the directory says)