nss-pam-ldapd branch master updated. 0.9.5-2-g96045d2

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd branch master updated. 0.9.5-2-g96045d2
Date: Mon, 20 Apr 2015 21:05:04 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  96045d249eda023a0bc7b810553a5b529d2c991a (commit)
      from  530cc24c83dd5d2d347acb40d64c3ae06a43a293 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=96045d249eda023a0bc7b810553a5b529d2c991a

commit 96045d249eda023a0bc7b810553a5b529d2c991a
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Apr 17 20:45:51 2015 +0200

    Implement nss_getgrent_skipmembers
    
    This option allows skipping group member list retrieval to improve
    performance with very large groups. This option results in inconsistent
    group membership information being presented that may confuse some
    applications.

diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index dbf4d8b..0f27700 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -6,7 +6,7 @@
    nslcd.conf.5.xml - docbook manual page for nslcd.conf
 
    Copyright (C) 1997-2005 Luke Howard
-   Copyright (C) 2007-2014 Arthur de Jong
+   Copyright (C) 2007-2015 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -738,6 +738,25 @@
      </listitem>
     </varlistentry>
 
+    <varlistentry id="nss_getgrent_skipmembers"> <!-- since 0.9.6 -->
+     <term><option>nss_getgrent_skipmembers</option> yes|no</term>
+     <listitem>
+      <para>
+       If this option is set, the group member list is not retrieved when
+       looking up groups.
+       Lookups for finding which groups a user belongs to will remain
+       functional so the user will likely still get the correct groups
+       assigned on login.
+      </para>
+      <para>
+       This can offer a speed-up on systems that have very large groups.
+       It has the downside of returning inconsistent information about
+       group membership which may confuse some applications.
+       This option is not recommended for most configurations.
+      </para>
+     </listitem>
+    </varlistentry>
+
     <varlistentry id="validnames"> <!-- since 0.8.2 -->
      <term><option>validnames</option> <replaceable>REGEX</replaceable></term>
      <listitem>
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index cec1b0c..d42fb71 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2007 West Consulting
-   Copyright (C) 2007-2014 Arthur de Jong
+   Copyright (C) 2007-2015 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -1191,6 +1191,7 @@ static void cfg_defaults(struct ldap_config *cfg)
   cfg->nss_initgroups_ignoreusers = NULL;
   cfg->nss_min_uid = 0;
   cfg->nss_nested_groups = 0;
+  cfg->nss_getgrent_skipmembers = 0;
   cfg->validnames_str = NULL;
   handle_validnames(__FILE__, __LINE__, "",
                     "/^[a-z0-9._@$()]([a-z0-9._@$() 
\\~-]*[a-z0-9._@$()~-])?$/i",
@@ -1517,6 +1518,11 @@ static void cfg_read(const char *filename, struct 
ldap_config *cfg)
       cfg->nss_nested_groups = get_boolean(filename, lnr, keyword, &line);
       get_eol(filename, lnr, keyword, &line);
     }
+    else if (strcasecmp(keyword, "nss_getgrent_skipmembers") == 0)
+    {
+      cfg->nss_getgrent_skipmembers = get_boolean(filename, lnr, keyword, 
&line);
+      get_eol(filename, lnr, keyword, &line);
+    }
     else if (strcasecmp(keyword, "validnames") == 0)
     {
       handle_validnames(filename, lnr, keyword, line, cfg);
@@ -1785,6 +1791,7 @@ static void cfg_dump(void)
   }
   log_log(LOG_DEBUG, "CFG: nss_min_uid %lu", (unsigned long 
int)nslcd_cfg->nss_min_uid);
   log_log(LOG_DEBUG, "CFG: nss_nested_groups %s", 
print_boolean(nslcd_cfg->nss_nested_groups));
+  log_log(LOG_DEBUG, "CFG: nss_getgrent_skipmembers %s", 
print_boolean(nslcd_cfg->nss_getgrent_skipmembers));
   log_log(LOG_DEBUG, "CFG: validnames %s", nslcd_cfg->validnames_str);
   log_log(LOG_DEBUG, "CFG: ignorecase %s", 
print_boolean(nslcd_cfg->ignorecase));
   for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++)
diff --git a/nslcd/cfg.h b/nslcd/cfg.h
index 2fade8b..6eef944 100644
--- a/nslcd/cfg.h
+++ b/nslcd/cfg.h
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2007 West Consulting
-   Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+   Copyright (C) 2007-2015 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -122,6 +122,7 @@ struct ldap_config {
   SET *nss_initgroups_ignoreusers;  /* the users for which no initgroups() 
searches should be done */
   uid_t nss_min_uid;  /* minimum uid for users retrieved from LDAP */
   int nss_nested_groups; /* whether to expand nested groups */
+  int nss_getgrent_skipmembers;  /* whether to skip member lookups */
   regex_t validnames; /* the regular expression to determine valid names */
   char *validnames_str; /* string version of validnames regexp */
   int ignorecase; /* whether or not case should be ignored in lookups */
diff --git a/nslcd/group.c b/nslcd/group.c
index 95349ad..eab4bec 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2006 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006-2014 Arthur de Jong
+   Copyright (C) 2006-2015 Arthur de Jong
    Copyright (C) 2013 Steve Hill
 
    This library is free software; you can redistribute it and/or
@@ -199,9 +199,12 @@ void group_init(void)
   set = set_new();
   attmap_add_attributes(set, attmap_group_cn);
   attmap_add_attributes(set, attmap_group_userPassword);
-  attmap_add_attributes(set, attmap_group_memberUid);
   attmap_add_attributes(set, attmap_group_gidNumber);
-  attmap_add_attributes(set, attmap_group_member);
+  if (!nslcd_cfg->nss_getgrent_skipmembers)
+  {
+    attmap_add_attributes(set, attmap_group_memberUid);
+    attmap_add_attributes(set, attmap_group_member);
+  }
   group_attrs = set_tolist(set);
   if (group_attrs == NULL)
   {
diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
index 90acbeb..f9025fb 100644
--- a/pynslcd/cfg.py
+++ b/pynslcd/cfg.py
@@ -1,7 +1,7 @@
 
 # cfg.py - module for accessing configuration information
 #
-# Copyright (C) 2010, 2011, 2012, 2013 Arthur de Jong
+# Copyright (C) 2010-2015 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -82,6 +82,7 @@ pagesize = 0  # FIXME: add support
 nss_initgroups_ignoreusers = set()
 nss_min_uid = 0
 nss_nested_groups = False
+nss_getgrent_skipmembers = False
 validnames = re.compile(r'^[a-z0-9._@$][a-z0-9._@$ 
\\~-]{0,98}[a-z0-9._@$~-]$', re.IGNORECASE)
 pam_authz_searches = []
 pam_password_prohibit_message = None
@@ -175,7 +176,7 @@ def read(filename):
             globals()[m.group('keyword').lower()] = int(m.group('value'))
             continue
         # parse options with a single boolean argument
-        m = 
re.match('(?P<keyword>referrals|nss_nested_groups)\s+(?P<value>%s)' %
+        m = 
re.match('(?P<keyword>referrals|nss_nested_groups|nss_getgrent_skipmembers)\s+(?P<value>%s)'
 %
                          '|'.join(_boolean_options.keys()),
                      line, re.IGNORECASE)
         if m:
diff --git a/pynslcd/group.py b/pynslcd/group.py
index c8abfe5..d1412bb 100644
--- a/pynslcd/group.py
+++ b/pynslcd/group.py
@@ -1,7 +1,7 @@
 
 # group.py - group entry lookup routines
 #
-# Copyright (C) 2010-2014 Arthur de Jong
+# Copyright (C) 2010-2015 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -52,7 +52,9 @@ class Search(search.LDAPSearch):
 
     def __init__(self, *args, **kwargs):
         super(Search, self).__init__(*args, **kwargs)
-        if 'memberUid' in self.parameters or 'member' in self.parameters:
+        if (cfg.nss_getgrent_skipmembers or
+                'memberUid' in self.parameters or
+                'member' in self.parameters):
             # set up our own attributes that leave out membership attributes
             self.attributes = list(self.attributes)
             if attmap['memberUid'] in self.attributes:

-----------------------------------------------------------------------

Summary of changes:
 man/nslcd.conf.5.xml |   21 ++++++++++++++++++++-
 nslcd/cfg.c          |    9 ++++++++-
 nslcd/cfg.h          |    3 ++-
 nslcd/group.c        |    9 ++++++---
 pynslcd/cfg.py       |    5 +++--
 pynslcd/group.py     |    6 ++++--
 6 files changed, 43 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
nss-pam-ldapd branch master updated. 0.9.5-2-g96045d2, Commits of the nss-pam-ldapd project
Prev by Date: nss-pam-ldapd commit: r2130 - debian/nss-pam-ldapd/tags/0.9.5-2
Next by Date: nss-pam-ldapd branch master updated. 0.9.5-3-gc0366d8
Previous by thread: nss-pam-ldapd commit: r2130 - debian/nss-pam-ldapd/tags/0.9.5-2
Next by thread: nss-pam-ldapd branch master updated. 0.9.5-3-gc0366d8