Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/TODO
blob: 3f0ede81e20cc5e0f46a8c05e4e7cdd4b30c0a54 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
probably before we can call this stable
---------------------------------------
* find problem with reachability of LDAP server
* Debian package: protect /etc/nss-ldapd.conf if bindpw is used

other items
-----------
* probably document that you should use libpam-ldap for authentication without
  exposing the passwords through NSS
* document test suite (instructions for setting up environment (server), LDIF
  file, nsswitch.conf and nss-ldapd.conf)
* write more unit tests
* maybe implement a connection object in the myldap module that is shared
  by different sessions (sessions need to be cleaned up)
* add sanity checking code (e.g. not too large buffer allocation and checking
  that host, user, etc do not contain funky characters) in all server modules
* log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute)
* in the server: once the request is done pass the flushing of the buffers to
  a separate thread so our workers are available to handle new requests
* tune the filter and parameter buffer sizes
* split out idle checking into separate function so we may be able to call it
  periodically from elsewhere (e.g. the main loop)
* add an option to create an extra socket somewhere (so it may be used in
  chroot jails)
* make I/O timeout between NSS lib and daemon configurable with configure
* ethers: also look in ipHostNumber attribute to look up an IPv4 (IPv6)
  address and return it as an alternative entry
* protocols/rpc: the description attribute should be used as an alias?
* do more checks with failing LDAP connections (e.g. killing connections)
* maybe make myldap code thread-safe (use locking)
* review changes in nss_ldap and merge any useful changes
* maybe rate-limit LDAP entry warnings
* consider returning the canonical value as it is stored in LDAP, not
  the requested value (they can differ in case)
* test non-ASCII characters in fields (mostly cn)
* implement attribute defaults (for when they're missing from the directory)
* implement attribute overrides (to always return a specific value, no matter
  what the directory says)
* see if we can use LD_LIBRARY_PATH to run our tests in so we don't need to
  install NSS library in system path
* only parse configuration options if they are available on the platform
* have some more general mechanism to disable NSS module in nslcd
* support searchbase autodetection
* start the LDAP search and connection in myldap_get_entry() instead of
  in myldap_search()
* maybe use datagram sockets for NSS/nslcd communication
* support multiple search bases
* support memberOf attribute in passwd entries that map to groups
* setnetgrent() may need to return an error if the netgroup is undefined
* handle repeated calls to getent() better (see http://bugzilla.padl.com/show_bug.cgi?id=376)
* make it possible to define nisNetgroup as a ou-like thing with
  handling all sub-nisNetgroup objects as memberNisNetgroup, host objects as
  nisNetgroupTriple (HOST,,), users as (,USER?,)
* make it possible to start nslcd really early in the boot process and have
  it become available when it determines it can (other timeout/retry mechanism
  on startup)
* if Debconf base is empty do something more useful
* make lookups case-sensitive