diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2006-12-23 11:50:32 +0000 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2006-12-23 11:50:32 +0000 |
commit | 30263a59daa22a7f6814d36dde96e6f9d3188438 (patch) | |
tree | f4bf5a6ac38dbd3df33eaf730564a06dea841639 /TODO | |
parent | 428a3fd2d4b895717bf493304b09fe39ab1f447f (diff) |
get files ready for 0.1 release
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@201 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 171 |
1 files changed, 33 insertions, 138 deletions
@@ -1,149 +1,44 @@ - -before next release -------------------- -* add a ChangeLog -* fix permissions of created socket (so that non-root users will have access to nslcd) -* debian package: install in /lib, not in /usr/lib (move in rules, this was hidden in debian/libnss-ldap.install in the old package) -* add nslcd manual page -* update all documentation -* only set herrno on errors to fix hostname lookups? - probably before we can call this stable --------------------------------------- * implement _nss_ldap_initgroups_dyn() * split out configuration part into own source file -* clean up ldap server code -* reserve some threads in the server for root +* clean up and refactor ldap server code * FIXME: strerror() is not reentrant * align stuff in buffer (e.g. arrays of pointers) -* add HACKING document describing how to make modifications +* resolve.[ch] has license: BSD WITH ADVERTISING CLAUSE - LGPL problem? +* get rootbindpw in Debian package working again +* rewrite nss-ldapd.conf(5) manual page other items ----------- * another way to prevent deadlocks is to pass some flag from nsldc to nss_ldap -* set up connection to LDAP server before making NSLCD mechanims available (e.g. before creating socket) -* debian packaging: maybe remove stuff from /etc/nsswitch.conf on purge -* make lintian and linda clean -* support ipv6? - - -assorted --------- -* rootdb is not much use in most nslcd configurations anyway since all nss - requests are done as root (except shadow) -* apparently shadow lookups are not done through nscd and will be done by the - original process -* probably disable this functionality for now and document the fact that you - should use libpam-ldap for authentication without exposing the passwords - through LDAP -* FIXME: strerror() is not reentrant -- remove dots from copyright statements -- update copyright statements to be consistent throughout all files -- change FSF address -- add a warning somewhere as to when the NSS functions are available -- set up a threading mechanism in the server process -- reserve some threads in the server for root -* IDEA - set up connection to LDAP server before making NSLCD mechanims available (e.g. before creating socket) -* another way to prevent deadlocks is to pass some flag from nsldc to nss_ldap -* look at packaging of libnss-mysql for lintian overrides and other things -* look at http://svn.asta.mh-hannover.de/categories/python/pyauthd/ -* in all server modules add sanity checking code (e.g. not too large buffer allocation and checking that host, user, etc do not contain funky characters) -* storing IPv6 address in LDAP is currently not supported (this needs to be implemented in the LDAP parsing end) -* add netmask to network structure -* rename server directory to nslcd -* fix alignment problems in buffers -* ISSUE: resolve.[ch] has license: BSD WITH ADVERTISING CLAUSE - GPL PROBLEM + (this however will not work if nscd is used) +* set up connection to LDAP server before making NSLCD mechanism available + (e.g. before creating socket) +* Debian packaging: maybe remove stuff from /etc/nsswitch.conf on purge +* support ipv6 in name (host address) lookups +* support ipv6 in LDAP connections (investigate if OpenLDAP supports it) +* set up a compat directory where we can have compatibility wrappers +* probably disable rootbinddn for now and document the fact that you should + use libpam-ldap for authentication without exposing the passwords through + LDAP +* redo the attribute mapping stuff +* make a test suite (instructions for setting up environment (server), LDIF + file, nsswitch.conf and nss-ldapd.conf) +* support bootparams (check README also) +* support publickey (check README also) +* support netmasks (check README also) +* add a warning somewhere as to when the NSS functions are available +* reserve some threads in the server for root users +* check FSF address +* add sanity checking code (e.g. not too large buffer allocation and checking + that host, user, etc do not contain funky characters) in all server modules * implement running under a different uid/gid (maybe chroot jail) - -Please see http://bugzilla.padl.com for more information! -http://bugzilla.padl.com/buglist.cgi?short_desc_type=allwordssubstr&short_desc=&product=nss_ldap&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&changedin=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Bug+Number&field0-0-0=noop&type0-0-0=noop&value0-0-0= - -BUGZILLA BUGS: -============== - -BUGS 18, 19, 20, 34 would be good to fix soon. - -[BUG#12] -- we should probably put the session, under Solaris, in the backend. - We need to do so in a way that remains compatible with the GNU NSS, - where I expect we need to open a connection for every lookup. - In nscd, where the backends are cached, it doesn't make sense to keep - opening and closing sockets to the LDAP server, particularly as the - rebinding logic was put there to *allow* the connection to be long - lived (marked RESOLVED LATER; a single connection is now used per - process) - -[BUG#12] -- ditto for IRS: the private data should contain the session and be long - lived. - -[BUG#13] -- we could clean up the text segment a bit by generating filters on the - fly from object classes and attributes, instead of storing them. This - seems to be important under Solaris as the linker doesn't intern strings (?) - All that filter-constructing stuff in the ldap-*.h headers is UGLY. - (marked RESOLVED LATER) - -[BUG#14] -- infinite recursion is host lookup -- libldap uses gethostbyname(). Perhaps - we should link with a custom gethostbyname() which uses DNS only??? (This - is nominally the LDAP client library's problem but we could short-circuit - by resolving the IP addresses ourselves). (marked RESOLVED INVALID) - -[BUG#16] -- finish implementing dl-*.c (LOW priority). In fact I'm tempted to remove - this from the line up: SGI have their own LDAP C library support, and - so do DEC (with SIA). (removed dl-*.c; marked RESOLVED WONTFIX) - -[BUG#17] -- implement gethostbyname2() and - debug IPv6 support in ldap-hosts.c (and ldap-network.c?) (Uli?) - -[BUG#19] -- add support for DHCP and coldstart configuration. Coldstart should - update /etc/ldap.conf (/var/ldap/LDAP_CLIENT_CACHE?). Should probably - add support for the HP/Sun server profile schema (marked RESOLVED - LATER) - -[BUG#21] -- write testsuite (marked RESOLVED LATER) - -[BUG#22] -- support for bootparams map (marked RESOLVED LATER) - -[BUG#34] -- shells hang on Solaris for LDAP users (marked RESOLVED LATER; -Solaris 7 users get patch cluster 106541-12) - -[BUG#49] -- race condition in ldap-nss.c (FIXED in nss_ldap-121) - -[BUG#50] -- check return value of ldap_simple_bind() (FIXED in nss_ldap-122) - -[BUG#63] -- integrate support for runtime schema mapping (FIXED in nss_ldap-168) - -To: linux-ldap@rage.net -Cc: ldap-nis@padl.com -Subject: Re: Netgroups [in nss_ldap] -Fcc: +outgoing -Reply-To: lukeh@padl.com - -[ ldap-nis readers may find this interesting. ] - -Matt, - ->Ok, i am going to see if I can do something with netgroups. Which of ->the services would be best to model ldap-netgrp.c after? -> ->I am not familiar with adding a new service to nss_ldap. What is ->involved? Do you think you could give a general overview of what has ->to happen to get the netgroup service doing SOMETHING? - -First, you need to familiarize yourself with the netgroup resolution -APIs. It's important that you implement something that works for both -Solaris and the GNU C Library (and, possibly, the BIND IRS, although -no one seems to be particularly interested in that switch). I haven't -looked into them in great detail. You'll need to create ldap-netgrp.c -(rip off ldap-pwd.c for starters). and implement the following: +* probably switch version numbering scheme back to three numbers with a 1.0.0 + release +* think of a way to preserve the case-sensitive nature of NSS (while + maintaining the case insensitive LDAP) +* maybe remove dh_makeshlibs from debian/rules (probably not needed) +* maybe move library to /usr/lib +* include a generic init script +* debconf: see if we can read shared values as default in case of missing config |