mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
05fbd96356
openldap/contrib/slapd-modules/nssov/nss-ldapd/TODO
Howard Chu c682cce27c nss-ldap overlay, built with nss-ldapd-0.6.2
2008-06-02 12:08:05 +00:00

60 lines
3.2 KiB
Plaintext
Raw Blame History

probably before we can call this stable
---------------------------------------
* fix usage of strerror() as it is not thread safe
* fix race condition when setting signal mask in common/tio.c
(using pthread_sigmask() adds a dependency on the pthread library,
we should probably just do locking)
* find problem with reachability of LDAP server
* find out why HAVE_GSSPAI is not always set to what configure outputs
* have the daemon run under a special uid/gid
other items
-----------
* set up (test) connection to LDAP server before creating socket
* Debian packaging: maybe remove stuff from /etc/nsswitch.conf on remove or
purge (maybe prompt?)
* probably document that you should use libpam-ldap for authentication without
exposing the passwords through NSS
* document test suite (instructions for setting up environment (server), LDIF
file, nsswitch.conf and nss-ldapd.conf)
* write more unit tests
* maybe support bootparams (check README also)
* maybe support publickey (check README also)
* maybe support netmasks (check README also)
* maybe implement a connection object in the myldap module that is shared
by different sessions (sessions need to be cleaned up)
* add sanity checking code (e.g. not too large buffer allocation and checking
that host, user, etc do not contain funky characters) in all server modules
* log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute)
* in the server: once the request is done pass the flushing of the buffers to
a separate thread so our workers are available to handle new requests
* reconfigure or upgrade of Debian package should restart nslcd instead of
stop and later on start
* tune the filter and parameter buffer sizes
* maybe document how to set up automounting in LDAP (Linux and Solaris)
* make sure to translate timelimit 0 into timelimit -1 where needed
* split out idle checking into separate function so we may be able to call it
periodically from elsewhere (e.g. the main loop)
* add an option to create an extra socket somewhere (so it may be used with
chroot jails)
* make I/O timeout between NSS lib and daemon configurable with configure
* ethers: also look in ipHostNumber attribute to look up an IPv4 (IPv6)
address and return it as an alternative entry
* protocols/rpc: the description attribute should be used as an alias?
* do more checks with failing LDAP connections (e.g. killing connections)
* maybe make myldap code thread-safe (use locking)
* review changes in nss_ldap and merge any useful changes
* maybe rate-limit LDAP entry warnings
* consider returning the canonical value as it is stored in LDAP, not
the requested value (they can differ in case)
* test non-ASCII characters in fields (mostly cn)
* implement attribute defaults (for when they're missing from the directory)
* implement attribute overrides (to always return a specific value, no matter
what the directory says)
* see if we can use LD_LIBRARY_PATH to run our tests in so we don't need to
install NSS library in system path
* only parse configuration options if they are available on the platform
* have some more general mechanism to disable NSS module in nslcd
* do not use LDAP_DEPRECATED enabled functions
* support searchbase autodetection
Reference in New Issue View Git Blame Copy Permalink