1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
1 |
* test reachability problems with LDAP server more
|
2 |
* write more unit tests
|
|
3 |
* maybe implement a connection object in the myldap module that is shared
|
|
4 |
by different sessions (sessions need to be cleaned up)
|
|
5 |
* add sanity checking code (e.g. not too large buffer allocation and checking
|
|
6 |
that host, user, etc do not contain funky characters) in all server modules
|
|
7 |
* log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute)
|
|
8 |
* in the server: once the request is done pass the flushing of the buffers to
|
|
9 |
a separate thread so our workers are available to handle new requests
|
|
10 |
(test whether this actually improves performace)
|
|
11 |
* tune the filter and parameter buffer sizes
|
|
12 |
* split out idle checking into separate function so we may be able to call it
|
|
13 |
periodically from elsewhere (e.g. the main loop)
|
|
14 |
* add an option to create an extra socket somewhere (so it may be used in
|
|
15 |
chroot jails)
|
|
16 |
* make I/O timeout between NSS lib and daemon configurable with configure
|
|
17 |
* ethers: also look in ipHostNumber attribute to look up an IPv4 (IPv6)
|
|
18 |
address and return it as an alternative entry (investigate whether this is
|
|
19 |
sane)
|
|
20 |
* protocols/rpc: the description attribute should be used as an alias?
|
|
21 |
* do more checks with failing LDAP connections (e.g. killing connections)
|
|
22 |
* maybe make myldap code thread-safe (use locking)
|
|
23 |
* review changes in nss_ldap and merge any useful changes
|
|
24 |
* maybe rate-limit LDAP entry warnings
|
|
25 |
* only parse configuration options if they are available on the platform
|
|
26 |
* have some more general mechanism to disable NSS lookups from nslcd
|
|
27 |
* maybe support memberOf attribute in passwd entries that map to groups
|
|
28 |
* setnetgrent() may need to return an error if the netgroup is undefined
|
|
29 |
* handle repeated calls to getent() better (see http://bugzilla.padl.com/show_bug.cgi?id=376)
|
|
30 |
* make it possible to start nslcd real early in the boot process and have
|
|
31 |
it become available when it determines it can (other timeout/retry mechanism
|
|
32 |
on startup)
|
|
3
by Arthur de Jong
* some attributes may be mapped to a shell-like expression that expand |
33 |
* write a simple PAM test application
|