get files ready for 0.5 release

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@539 ef36b2f9-881f-0410-afb5-c4e39611909c

1 files changed, 19 insertions, 11 deletions

diff --git a/TODO b/TODO
index 793680b..9694f65 100644
--- a/TODO
+++ b/TODO
@@ -1,20 +1,19 @@
 probably before we can call this stable
 ---------------------------------------
 * implement _nss_ldap_initgroups_dyn()
-* clean up and refactor ldap server code
 * fix usage of strerror() as it is not thread safe
 * error out quickly when the LDAP server is down
 * fix race condition when setting signal mask in common/tio.c
+  (using pthread_sigmask() adds a dependency on the pthread library,
+  maybe we should switch back to stdio)
 * find problem with reachability of LDAP server
-* get root/nonroot connections working properly
-* fix a problem with spaces in DNs in configfile (base and binddn keywors)
+* get root/nonroot connections working
 
 other items
 -----------
 * set up (test) connection to LDAP server before creating socket
 * Debian packaging: maybe remove stuff from /etc/nsswitch.conf on remove or
   purge (maybe prompt?)
-* support IPv6 in name (host address) lookups
 * probably document that you should use libpam-ldap for authentication without
   exposing the passwords through NSS
 * make a test suite (instructions for setting up environment (server), LDIF
@@ -25,6 +24,8 @@ other items
 * maybe support netmasks (check README also)
 * reserve some threads in the server for root users (probably set up
   connection pools) (we currently have a connection per thread)
+* maybe implement a connection object in the myldap module that is shared
+  by different sessions (sessions need to be cleaned up)
 * add sanity checking code (e.g. not too large buffer allocation and checking
   that host, user, etc do not contain funky characters) in all server modules
 * implement running under a different uid/gid (maybe chroot jail)
@@ -36,16 +37,23 @@ other items
 * reconfigure or upgrade of Debian package should restart nslcd instead of
   stop and later on start
 * tune the filter and parameter buffer sizes
-* in mkfilter_*() functions: add some check to see if the filter fits and log
-  an error (also see to it that the caller exists (e.g. declare return value
-  as must use))
 * maybe document how to set up automounting in LDAP (Linux and Solaris)
 * make sure to translate timelimit 0 into timelimit -1 where needed
 * split out idle checking into separate function so we may be able to call it
   periodically from elsewhere (e.g. the main loop)
 * add an option to create an extra socket somewhere (so it may be used with
   chroot jails)
-* make number of thread configurable in config
-* make I/O timeout between NSS lib and daemon configurable at configure
-* document the timout mechanism between client and server and document some
-  cases where this may cause problems
+* make number of threads/connections configurable in config
+* make I/O timeout between NSS lib and daemon configurable with configure
+* ethers: also look in ipHostNumber attribute to look up an IPv4 (IPv6)
+  address and return it as an alternative entry
+* protocols/rpc: the description attribute should be used as an alias?
+* do more checks with failing LDAP connections (e.g. killing connections)
+* maybe make myldap code thread-safe (use locking)
+* review changes in nss_ldap and merge any useful changes
+* maybe rate-limit LDAP entry warnings
+* consider returning the canonical value as it is stored in LDAP, not
+  the requested value (they can differ in case)
+* test non-ASCII characters in fields (mostly cn)
+* implement attribute defaults (for when they're missing from the directory)
+* implement attribute overrides (to always return a specific value, not matter what the directory says)