Re: commit: ldap/contrib/slapd-modules/nssov - New directory

[Howard Chu <hyc@symas.com>]

hyc@OpenLDAP.org wrote:
> Update of /repo/OpenLDAP/pkg/ldap/contrib/slapd-modules/nssov

> Log Message:
> Directory /repo/OpenLDAP/pkg/ldap/contrib/slapd-modules/nssov added to the repository

I've imported a complete copy of Arthur de Jong's nss-ldapd-0.6.2 with this 
overlay. The overlay implements a listener inside slapd that speaks the same 
protocol as nss-ldapd. As such, it replaces the server side of his package 
(nslcd). You still need to build and install his client side though (nss).

It passes the majority of the "make check" tests in the nss-ldapd/tests 
directory on my OpenSuSE system. The ones that fail appear to be incorrectly 
written tests. Unfortunately those tests are heavily dependent on your 
system's nsswitch.conf and the other databases; they ought to be cleaned up to 
be completely self-contained.

The point of all this: the nss-ldapd approach avoids the issue of polluting 
the user space with libldap's symbols, by sending all requests thru a small 
nss stub. This stub sends requests (using a very simple protocol) over a Unix 
Domain socket to some other server which actually processes the requests. With 
the original nss-ldapd, an nslcd daemon listening on that socket then uses 
libldap to contact whatever LDAP server was configured.

With this overlay, slapd itself answers the nss requests. On a host with the 
master database, this avoids an unnecessary context switch if nothing else. 
Even on hosts without the full database, this approach opens up the 
possibility of using pcache to perform intelligent caching of nss data, as 
well as using syncrepl to keep information current.

I've also discussed with Arthur some directions for improvement in the base 
nss code. I may push some of those into here later.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/