lists.arthurdejong.org
RSS feed

Re: [PATCH] Nested groups

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [PATCH] Nested groups




On Thu, 2013-03-21 at 12:36 +0000, Steve Hill wrote:
The attached patches implement support for nested LDAP groups in
nslcd.
<snip>
Thanks for providing the patch, looks very interesting. One thing that
I'm still looking into is limiting the search depth in some way to be
able to limit the recursion to not go wild when one group has another
group as a member and vice versa.

In practice this shouldn't be a problem with the current myldap_search()
implementation because the number of parallel searches has a fixed
limit.

Another point would be to use a queue mechanism similar to what is done
in the Solaris NSS netgroup code so that only one search operation is
running at the same time.

Btw, 0.7.5 is a bit old. There have been quite a number of important
fixes in later 0.7 releases.

Thanks,


I just wanted to voice support for this functionality. I'd love to move away from libnss-ldap for several reasons but we depend on nested groups. I think for many large organizations this is a must have. Thank you for working on this Steve.

Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.


--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/