[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Contribution: Active Directory Password Cache (ITS#5042)


Thanks for the contribution.

I have a few comments (also gathered from others):

1) you should provide patches against HEAD code; there has been some
limited changes in the API related to overlay initialization and so.

2) you could try to rework the overlay to avoid any specific reference
to Active Directory, since your cache should apply to any remote system
implementing Kerberos V.  It could be abstracted even more, to act as a
replacement of saslauthd, by allowing it to auth via LDAP, pam and more,
not just Kerberos.

3) you should add a (configurable) TTL, so that the cache could
eventually be notified of an account lockout at the remote server's side.

4) you should add support for dynamic configuration, so that the module
can fit into the new configuration paradigm for possible release with 2.4.

5) you should follow coding guidelines (indentation and so) as in most
of the code.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it