|
»
»
Mega patch against nss_ldap 264
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Mega patch against nss_ldap 264
by Howard Wilkinson
::
Rate this Message:
I have just pushed a large patch against nss_Ldap 264 up to the bugzilla.
This is a structural alteration at the source code level to ldap-nss.c which is generally just changing how it reads. However, it fixes some bugs in the kerberos pathways and also commons up code that had multiple copies in the code source. I would be very grateful if anybody could try it out and let me know what I have broken. My intention with this is to make the critical path through the code run the minimal code when a connection to the LDAP server exists, make recovery on failure more resilient, and provide for multiple SASL mechs without need to alter the ldap-nss code. Comments, improvements and fault reports much appreciated. I am hoping that Luke will push this out as the basis for the main development downstream, so that I can add the extra features on the kerberos side I am looking for. Howard. |
|
|
Re: Mega patch against nss_ldap 264
by Lukeh-3
::
Rate this Message:
Thanks Howard! I am a bit snowed under now but I really look forward
to taking a look at this. -- Luke On 10/12/2008, at 5:30 AM, Howard Wilkinson wrote: > I have just pushed a large patch against nss_Ldap 264 up to the > bugzilla. > > This is a structural alteration at the source code level to ldap- > nss.c which is generally just changing how it reads. However, it > fixes some bugs in the kerberos pathways and also commons up code > that had multiple copies in the code source. > > I would be very grateful if anybody could try it out and let me know > what I have broken. > > My intention with this is to make the critical path through the code > run the minimal code when a connection to the LDAP server exists, > make recovery on failure more resilient, and provide for multiple > SASL mechs without need to alter the ldap-nss code. > > Comments, improvements and fault reports much appreciated. > > I am hoping that Luke will push this out as the basis for the main > development downstream, so that I can add the extra features on the > kerberos side I am looking for. > > Howard. > > -- www.padl.com | www.fghr.net |
|
|
Re: Mega patch against nss_ldap 264
by Howard Wilkinson
::
Rate this Message:
I have revisited this code and posted some new patches to the bugzilla.
This now includes more comprehensive recovery code when the connection to the server goes down. I know of one outstanding issue with the group stuff, where recursion is used to expand nested groups the recovery code fails. I intend to remove the recursion and replace with list walking code to produce the transitive closure needed for this function. Anybody who is feeling brave and would like to test this out then I need to know I have not broken any of: 1. Plain text password binds 2. Anonymous binds 3. SSL/TLS binds 4. Other LDAP backends - my major testing has been against Active Directory, so tests against the Fedora Directory Server (389DS) and OpenLDAP would be useful. Furthermore, I have tested but not implemented in production the keytab based renewal code. So if someone can hammer this it would be great. Howard. P.S. I think the hard/soft features in the Bind code should now function as advertised - can somebody check this as well? On Tue, 2008-12-09 at 22:13 +0000, Luke Howard wrote: > Thanks Howard! I am a bit snowed under now but I really look forward > to taking a look at this. > > -- Luke > > On 10/12/2008, at 5:30 AM, Howard Wilkinson wrote: > > > I have just pushed a large patch against nss_Ldap 264 up to the > > bugzilla. > > > > This is a structural alteration at the source code level to ldap- > > nss.c which is generally just changing how it reads. However, it > > fixes some bugs in the kerberos pathways and also commons up code > > that had multiple copies in the code source. > > > > I would be very grateful if anybody could try it out and let me > know > > what I have broken. > > > > My intention with this is to make the critical path through the > code > > run the minimal code when a connection to the LDAP server exists, > > make recovery on failure more resilient, and provide for multiple > > SASL mechs without need to alter the ldap-nss code. > > > > Comments, improvements and fault reports much appreciated. > > > > I am hoping that Luke will push this out as the basis for the main > > development downstream, so that I can add the extra features on the > > kerberos side I am looking for. > > > > Howard. > > > > > > -- > www.padl.com | www.fghr.net > > > Howard Wilkinson <howard@...> Coherent Technology Limited |
| Free embeddable forum powered by Nabble | Forum Help |
