[Date Prev][Date Next]
Re: commit: ldap/contrib/slapd-modules/nssov - New directory
- To: OpenLDAP Commit <firstname.lastname@example.org>
- Subject: Re: commit: ldap/contrib/slapd-modules/nssov - New directory
- From: Howard Chu <email@example.com>
- Date: Mon, 02 Jun 2008 03:31:11 -0700
- In-reply-to: <200806021004.m52A46Ic057763@cantor.openldap.org>
- References: <200806021004.m52A46Ic057763@cantor.openldap.org>
- User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9pre) Gecko/2008043023 SeaMonkey/2.0a1pre
Update of /repo/OpenLDAP/pkg/ldap/contrib/slapd-modules/nssov
Directory /repo/OpenLDAP/pkg/ldap/contrib/slapd-modules/nssov added to the repository
I've imported a complete copy of Arthur de Jong's nss-ldapd-0.6.2 with this
overlay. The overlay implements a listener inside slapd that speaks the same
protocol as nss-ldapd. As such, it replaces the server side of his package
(nslcd). You still need to build and install his client side though (nss).
It passes the majority of the "make check" tests in the nss-ldapd/tests
directory on my OpenSuSE system. The ones that fail appear to be incorrectly
written tests. Unfortunately those tests are heavily dependent on your
system's nsswitch.conf and the other databases; they ought to be cleaned up to
be completely self-contained.
The point of all this: the nss-ldapd approach avoids the issue of polluting
the user space with libldap's symbols, by sending all requests thru a small
nss stub. This stub sends requests (using a very simple protocol) over a Unix
Domain socket to some other server which actually processes the requests. With
the original nss-ldapd, an nslcd daemon listening on that socket then uses
libldap to contact whatever LDAP server was configured.
With this overlay, slapd itself answers the nss requests. On a host with the
master database, this avoids an unnecessary context switch if nothing else.
Even on hosts without the full database, this approach opens up the
possibility of using pcache to perform intelligent caching of nss data, as
well as using syncrepl to keep information current.
I've also discussed with Arthur some directions for improvement in the base
nss code. I may push some of those into here later.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/