get files ready for 0.1 release

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@201 ef36b2f9-881f-0410-afb5-c4e39611909c

1 files changed, 33 insertions, 138 deletions

diff --git a/TODO b/TODO
index 790c469..45bc952 100644
--- a/TODO
+++ b/TODO
@@ -1,149 +1,44 @@
-
-before next release
--------------------
-* add a ChangeLog
-* fix permissions of created socket (so that non-root users will have access to nslcd)
-* debian package: install in /lib, not in /usr/lib (move in rules, this was hidden in debian/libnss-ldap.install in the old package)
-* add nslcd manual page
-* update all documentation
-* only set herrno on errors to fix hostname lookups?
-
 probably before we can call this stable
 ---------------------------------------
 * implement _nss_ldap_initgroups_dyn()
 * split out configuration part into own source file
-* clean up ldap server code
-* reserve some threads in the server for root
+* clean up and refactor ldap server code
 * FIXME: strerror() is not reentrant
 * align stuff in buffer (e.g. arrays of pointers)
-* add HACKING document describing how to make modifications
+* resolve.[ch] has license: BSD WITH ADVERTISING CLAUSE - LGPL problem?
+* get rootbindpw in Debian package working again
+* rewrite nss-ldapd.conf(5) manual page
 
 other items
 -----------
 * another way to prevent deadlocks is to pass some flag from nsldc to nss_ldap
-* set up connection to LDAP server before making NSLCD mechanims available (e.g. before creating socket)
-* debian packaging: maybe remove stuff from /etc/nsswitch.conf on purge
-* make lintian and linda clean
-* support ipv6?
-
-
-assorted
---------
-* rootdb is not much use in most nslcd configurations anyway since all nss
-  requests are done as root (except shadow)
-* apparently shadow lookups are not done through nscd and will be done by the
-  original process
-* probably disable this functionality for now and document the fact that you
-  should use libpam-ldap for authentication without exposing the passwords
-  through LDAP
-* FIXME: strerror() is not reentrant
-- remove dots from copyright statements
-- update copyright statements to be consistent throughout all files
-- change FSF address
-- add a warning somewhere as to when the NSS functions are available
-- set up a threading mechanism in the server process
-- reserve some threads in the server for root
-* IDEA - set up connection to LDAP server before making NSLCD mechanims available (e.g. before creating socket)
-* another way to prevent deadlocks is to pass some flag from nsldc to nss_ldap
-* look at packaging of libnss-mysql for lintian overrides and other things
-* look at http://svn.asta.mh-hannover.de/categories/python/pyauthd/
-* in all server modules add sanity checking code (e.g. not too large buffer allocation and checking that host, user, etc do not contain funky characters)
-* storing IPv6 address in LDAP is currently not supported (this needs to be implemented in the LDAP parsing end)
-* add netmask to network structure
-* rename server directory to nslcd
-* fix alignment problems in buffers
-* ISSUE: resolve.[ch] has license: BSD WITH ADVERTISING CLAUSE - GPL PROBLEM
+  (this however will not work if nscd is used)
+* set up connection to LDAP server before making NSLCD mechanism available
+  (e.g. before creating socket)
+* Debian packaging: maybe remove stuff from /etc/nsswitch.conf on purge
+* support ipv6 in name (host address) lookups
+* support ipv6 in LDAP connections (investigate if OpenLDAP supports it)
+* set up a compat directory where we can have compatibility wrappers
+* probably disable rootbinddn for now and document the fact that you should
+  use libpam-ldap for authentication without exposing the passwords through
+  LDAP
+* redo the attribute mapping stuff
+* make a test suite (instructions for setting up environment (server), LDIF
+  file, nsswitch.conf and nss-ldapd.conf)
+* support bootparams (check README also)
+* support publickey (check README also)
+* support netmasks (check README also)
+* add a warning somewhere as to when the NSS functions are available
+* reserve some threads in the server for root users
+* check FSF address
+* add sanity checking code (e.g. not too large buffer allocation and checking
+  that host, user, etc do not contain funky characters) in all server modules
 * implement running under a different uid/gid (maybe chroot jail)
-
-Please see http://bugzilla.padl.com for more information!
-http://bugzilla.padl.com/buglist.cgi?short_desc_type=allwordssubstr&short_desc=&product=nss_ldap&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&changedin=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Bug+Number&field0-0-0=noop&type0-0-0=noop&value0-0-0=
-
-BUGZILLA BUGS:
-==============
-
-BUGS 18, 19, 20, 34 would be good to fix soon.
-
-[BUG#12]
-- we should probably put the session, under Solaris, in the backend.
-  We need to do so in a way that remains compatible with the GNU NSS,
-  where I expect we need to open a connection for every lookup.
-  In nscd, where the backends are cached, it doesn't make sense to keep
-  opening and closing sockets to the LDAP server, particularly as the
-  rebinding logic was put there to *allow* the connection to be long
-  lived (marked RESOLVED LATER; a single connection is now used per
-  process)
-
-[BUG#12]
-- ditto for IRS: the private data should contain the session and be long
-  lived.
-
-[BUG#13]
-- we could clean up the text segment a bit by generating filters on the
-  fly from object classes and attributes, instead of storing them. This
-  seems to be important under Solaris as the linker doesn't intern strings (?)
-  All that filter-constructing stuff in the ldap-*.h headers is UGLY.
-  (marked RESOLVED LATER)
-
-[BUG#14]
-- infinite recursion is host lookup -- libldap uses gethostbyname(). Perhaps
-  we should link with a custom gethostbyname() which uses DNS only??? (This
-  is nominally the LDAP client library's problem but we could short-circuit
-  by resolving the IP addresses ourselves). (marked RESOLVED INVALID)
-
-[BUG#16]
-- finish implementing dl-*.c  (LOW priority). In fact I'm tempted to remove
-  this from the line up: SGI have their own LDAP C library support, and
-  so do DEC (with SIA). (removed dl-*.c; marked RESOLVED WONTFIX)
-
-[BUG#17]
-- implement gethostbyname2() and
-  debug IPv6 support in ldap-hosts.c (and ldap-network.c?) (Uli?)
-
-[BUG#19]
-- add support for DHCP and coldstart configuration. Coldstart should
-  update /etc/ldap.conf (/var/ldap/LDAP_CLIENT_CACHE?). Should probably
-  add support for the HP/Sun server profile schema (marked RESOLVED
-  LATER)
-
-[BUG#21]
-- write testsuite (marked RESOLVED LATER)
-
-[BUG#22]
-- support for bootparams map (marked RESOLVED LATER)
-
-[BUG#34]
-- shells hang on Solaris for LDAP users (marked RESOLVED LATER;
-Solaris 7 users get patch cluster 106541-12)
-
-[BUG#49]
-- race condition in ldap-nss.c (FIXED in nss_ldap-121)
-
-[BUG#50]
-- check return value of ldap_simple_bind() (FIXED in nss_ldap-122)
-
-[BUG#63]
-- integrate support for runtime schema mapping (FIXED in nss_ldap-168)
-
-To: linux-ldap@rage.net
-Cc: ldap-nis@padl.com
-Subject: Re: Netgroups [in nss_ldap]
-Fcc: +outgoing
-Reply-To: lukeh@padl.com
-
-[ ldap-nis readers may find this interesting. ]
-
-Matt,
-
->Ok, i am going to see if I can do something with netgroups. Which of
->the services would be best to model ldap-netgrp.c after?
->
->I am not familiar with adding a new service to nss_ldap. What is
->involved? Do you think you could give a general overview of what has
->to happen to get the netgroup service doing SOMETHING?
-
-First, you need to familiarize yourself with the netgroup resolution
-APIs. It's important that you implement something that works for both
-Solaris and the GNU C Library (and, possibly, the BIND IRS, although
-no one seems to be particularly interested in that switch).  I haven't
-looked into them in great detail. You'll need to create ldap-netgrp.c
-(rip off ldap-pwd.c for starters). and implement the following:
+* probably switch version numbering scheme back to three numbers with a 1.0.0
+  release
+* think of a way to preserve the case-sensitive nature of NSS (while
+  maintaining the case insensitive LDAP)
+* maybe remove dh_makeshlibs from debian/rules (probably not needed)
+* maybe move library to /usr/lib
+* include a generic init script
+* debconf: see if we can read shared values as default in case of missing config