Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/TODO
blob: 45bc952bd0b72ee4abe31f4c7b5ef3213d652c55 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
probably before we can call this stable
---------------------------------------
* implement _nss_ldap_initgroups_dyn()
* split out configuration part into own source file
* clean up and refactor ldap server code
* FIXME: strerror() is not reentrant
* align stuff in buffer (e.g. arrays of pointers)
* resolve.[ch] has license: BSD WITH ADVERTISING CLAUSE - LGPL problem?
* get rootbindpw in Debian package working again
* rewrite nss-ldapd.conf(5) manual page

other items
-----------
* another way to prevent deadlocks is to pass some flag from nsldc to nss_ldap
  (this however will not work if nscd is used)
* set up connection to LDAP server before making NSLCD mechanism available
  (e.g. before creating socket)
* Debian packaging: maybe remove stuff from /etc/nsswitch.conf on purge
* support ipv6 in name (host address) lookups
* support ipv6 in LDAP connections (investigate if OpenLDAP supports it)
* set up a compat directory where we can have compatibility wrappers
* probably disable rootbinddn for now and document the fact that you should
  use libpam-ldap for authentication without exposing the passwords through
  LDAP
* redo the attribute mapping stuff
* make a test suite (instructions for setting up environment (server), LDIF
  file, nsswitch.conf and nss-ldapd.conf)
* support bootparams (check README also)
* support publickey (check README also)
* support netmasks (check README also)
* add a warning somewhere as to when the NSS functions are available
* reserve some threads in the server for root users
* check FSF address
* add sanity checking code (e.g. not too large buffer allocation and checking
  that host, user, etc do not contain funky characters) in all server modules
* implement running under a different uid/gid (maybe chroot jail)
* probably switch version numbering scheme back to three numbers with a 1.0.0
  release
* think of a way to preserve the case-sensitive nature of NSS (while
  maintaining the case insensitive LDAP)
* maybe remove dh_makeshlibs from debian/rules (probably not needed)
* maybe move library to /usr/lib
* include a generic init script
* debconf: see if we can read shared values as default in case of missing config