Re: [PATCH] Nested groups
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [PATCH] Nested groups
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: [PATCH] Nested groups
- Date: Fri, 22 Mar 2013 11:20:07 +0100
On Thu, 2013-03-21 at 12:36 +0000, Steve Hill wrote:
> The attached patches implement support for nested LDAP groups in
> nslcd.
>
> I have tested the 0.7.5 patch under Scientific Linux 6. As 0.7.5 is
> not the current release version of nss-pam-ldapd, I've also ported the
> patch to 0.8.12, but unfortunately currently don't have the facility
> to test this.
Thanks for providing the patch, looks very interesting. One thing that
I'm still looking into is limiting the search depth in some way to be
able to limit the recursion to not go wild when one group has another
group as a member and vice versa.
In practice this shouldn't be a problem with the current myldap_search()
implementation because the number of parallel searches has a fixed
limit.
Another point would be to use a queue mechanism similar to what is done
in the Solaris NSS netgroup code so that only one search operation is
running at the same time.
Btw, 0.7.5 is a bit old. There have been quite a number of important
fixes in later 0.7 releases.
Thanks,
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/