You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
227 lines
7.7 KiB
227 lines
7.7 KiB
diff -c -r nss_ldap-250/ChangeLog nss_ldap-250.1/ChangeLog
|
|
*** nss_ldap-250/ChangeLog Wed Apr 26 18:19:00 2006
|
|
--- nss_ldap-250.1/ChangeLog Wed Aug 16 16:58:57 2006
|
|
***************
|
|
*** 1,6 ****
|
|
--- 1,13 ----
|
|
$Id$
|
|
===============================================================
|
|
|
|
+ 250.1 Paul B. Henson <henson@acm.org>
|
|
+
|
|
+ * add nss_getgrent_skipmembers parameter to ldap.conf,
|
|
+ if enabled will not request member attributes for
|
|
+ group lookups, greatly increasing performance in the
|
|
+ face of large groups
|
|
+
|
|
250 Luke Howard <lukeh@padl.com>
|
|
|
|
* don't use static _nss_ldap_no_members buffer,
|
|
diff -c -r nss_ldap-250/ldap-nss.c nss_ldap-250.1/ldap-nss.c
|
|
*** nss_ldap-250/ldap-nss.c Wed Apr 26 18:19:00 2006
|
|
--- nss_ldap-250.1/ldap-nss.c Wed Aug 16 16:51:49 2006
|
|
***************
|
|
*** 1258,1264 ****
|
|
|
|
cfg = __config;
|
|
|
|
! _nss_ldap_init_attributes (cfg->ldc_attrtab);
|
|
_nss_ldap_init_filters ();
|
|
|
|
#ifdef HAVE_LDAP_SET_OPTION
|
|
--- 1258,1264 ----
|
|
|
|
cfg = __config;
|
|
|
|
! _nss_ldap_init_attributes (cfg->ldc_attrtab, cfg->ldc_getgrent_skipmembers);
|
|
_nss_ldap_init_filters ();
|
|
|
|
#ifdef HAVE_LDAP_SET_OPTION
|
|
diff -c -r nss_ldap-250/ldap-nss.h nss_ldap-250.1/ldap-nss.h
|
|
*** nss_ldap-250/ldap-nss.h Wed Apr 26 18:19:00 2006
|
|
--- nss_ldap-250.1/ldap-nss.h Wed Aug 16 16:51:59 2006
|
|
***************
|
|
*** 390,395 ****
|
|
--- 390,396 ----
|
|
time_t ldc_mtime;
|
|
|
|
char **ldc_initgroups_ignoreusers;
|
|
+ int ldc_getgrent_skipmembers;
|
|
};
|
|
|
|
typedef struct ldap_config ldap_config_t;
|
|
diff -c -r nss_ldap-250/ldap-schema.c nss_ldap-250.1/ldap-schema.c
|
|
*** nss_ldap-250/ldap-schema.c Wed Apr 26 18:19:00 2006
|
|
--- nss_ldap-250.1/ldap-schema.c Wed Aug 16 16:54:52 2006
|
|
***************
|
|
*** 273,279 ****
|
|
|
|
static void init_pwd_attributes (const char ***pwd_attrs);
|
|
static void init_sp_attributes (const char ***sp_attrs);
|
|
! static void init_grp_attributes (const char ***grp_attrs);
|
|
static void init_hosts_attributes (const char ***hosts_attrs);
|
|
static void init_services_attributes (const char ***services_attrs);
|
|
static void init_network_attributes (const char ***network_attrs);
|
|
--- 273,279 ----
|
|
|
|
static void init_pwd_attributes (const char ***pwd_attrs);
|
|
static void init_sp_attributes (const char ***sp_attrs);
|
|
! static void init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers);
|
|
static void init_hosts_attributes (const char ***hosts_attrs);
|
|
static void init_services_attributes (const char ***services_attrs);
|
|
static void init_network_attributes (const char ***network_attrs);
|
|
***************
|
|
*** 289,299 ****
|
|
* attribute table initialization routines
|
|
*/
|
|
void
|
|
! _nss_ldap_init_attributes (const char ***attrtab)
|
|
{
|
|
init_pwd_attributes (&attrtab[LM_PASSWD]);
|
|
init_sp_attributes (&attrtab[LM_SHADOW]);
|
|
! init_grp_attributes (&attrtab[LM_GROUP]);
|
|
init_hosts_attributes (&attrtab[LM_HOSTS]);
|
|
init_services_attributes (&attrtab[LM_SERVICES]);
|
|
init_network_attributes (&attrtab[LM_NETWORKS]);
|
|
--- 289,299 ----
|
|
* attribute table initialization routines
|
|
*/
|
|
void
|
|
! _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers)
|
|
{
|
|
init_pwd_attributes (&attrtab[LM_PASSWD]);
|
|
init_sp_attributes (&attrtab[LM_SHADOW]);
|
|
! init_grp_attributes (&attrtab[LM_GROUP], ldc_getgrent_skipmembers);
|
|
init_hosts_attributes (&attrtab[LM_HOSTS]);
|
|
init_services_attributes (&attrtab[LM_SERVICES]);
|
|
init_network_attributes (&attrtab[LM_NETWORKS]);
|
|
***************
|
|
*** 357,363 ****
|
|
}
|
|
|
|
static void
|
|
! init_grp_attributes (const char ***grp_attrs)
|
|
{
|
|
int i = 0;
|
|
static const char *__grp_attrs[ATTRTAB_SIZE + 1];
|
|
--- 357,363 ----
|
|
}
|
|
|
|
static void
|
|
! init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers)
|
|
{
|
|
int i = 0;
|
|
static const char *__grp_attrs[ATTRTAB_SIZE + 1];
|
|
***************
|
|
*** 366,374 ****
|
|
|
|
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
|
|
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
|
|
! (*grp_attrs)[i++] = (char *) AT (memberUid);
|
|
! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
|
|
! (*grp_attrs)[i++] = (char *) AT (uniqueMember);
|
|
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
|
|
(*grp_attrs)[i] = NULL;
|
|
}
|
|
--- 366,377 ----
|
|
|
|
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
|
|
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
|
|
! if (!ldc_getgrent_skipmembers)
|
|
! {
|
|
! (*grp_attrs)[i++] = (char *) AT (memberUid);
|
|
! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
|
|
! (*grp_attrs)[i++] = (char *) AT (uniqueMember);
|
|
! }
|
|
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
|
|
(*grp_attrs)[i] = NULL;
|
|
}
|
|
diff -c -r nss_ldap-250/ldap-schema.h nss_ldap-250.1/ldap-schema.h
|
|
*** nss_ldap-250/ldap-schema.h Wed Apr 26 18:19:00 2006
|
|
--- nss_ldap-250.1/ldap-schema.h Wed Aug 16 16:54:07 2006
|
|
***************
|
|
*** 30,36 ****
|
|
* function to initialize global lookup filters.
|
|
*/
|
|
void _nss_ldap_init_filters ();
|
|
! void _nss_ldap_init_attributes (const char ***attrtab);
|
|
|
|
/**
|
|
* make filters formerly declared in ldap-*.h globally available.
|
|
--- 30,36 ----
|
|
* function to initialize global lookup filters.
|
|
*/
|
|
void _nss_ldap_init_filters ();
|
|
! void _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers);
|
|
|
|
/**
|
|
* make filters formerly declared in ldap-*.h globally available.
|
|
diff -c -r nss_ldap-250/nss_ldap.5 nss_ldap-250.1/nss_ldap.5
|
|
*** nss_ldap-250/nss_ldap.5 Wed Apr 26 18:19:00 2006
|
|
--- nss_ldap-250.1/nss_ldap.5 Wed Aug 16 17:07:19 2006
|
|
***************
|
|
*** 445,450 ****
|
|
--- 445,458 ----
|
|
to return NSS_STATUS_NOTFOUND if called with a listed users as
|
|
its argument.
|
|
.TP
|
|
+ .B nss_getgrent_skipmembers <yes|no>
|
|
+ Specifies whether or not to populate the members list in
|
|
+ the group structure for group lookups. If very large groups
|
|
+ are present, enabling this option will greatly increase
|
|
+ perforance, at the cost of some lost functionality. You should
|
|
+ verify no local applications rely on this information before
|
|
+ enabling this on a production system.
|
|
+ .TP
|
|
.B nss_srv_domain <domain>
|
|
This option determines the DNS domain used for performing SRV
|
|
lookups.
|
|
diff -c -r nss_ldap-250/util.c nss_ldap-250.1/util.c
|
|
*** nss_ldap-250/util.c Wed Apr 26 18:19:00 2006
|
|
--- nss_ldap-250.1/util.c Wed Aug 16 16:52:55 2006
|
|
***************
|
|
*** 660,665 ****
|
|
--- 660,666 ----
|
|
result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME;
|
|
result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES;
|
|
result->ldc_initgroups_ignoreusers = NULL;
|
|
+ result->ldc_getgrent_skipmembers = 0;
|
|
|
|
for (i = 0; i <= LM_NONE; i++)
|
|
{
|
|
***************
|
|
*** 1137,1142 ****
|
|
--- 1138,1156 ----
|
|
break;
|
|
}
|
|
}
|
|
+ else if (!strcasecmp (k, NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS))
|
|
+ {
|
|
+ if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
|
|
+ || !strcasecmp (v, "true"))
|
|
+ {
|
|
+ result->ldc_getgrent_skipmembers = 1;
|
|
+ }
|
|
+ else if (!strcasecmp (v, "off") || !strcasecmp (v, "no")
|
|
+ || !strcasecmp (v, "false"))
|
|
+ {
|
|
+ result->ldc_getgrent_skipmembers = 0;
|
|
+ }
|
|
+ }
|
|
else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY))
|
|
{
|
|
if (!strcasecmp (v, "oneshot"))
|
|
diff -c -r nss_ldap-250/util.h nss_ldap-250.1/util.h
|
|
*** nss_ldap-250/util.h Wed Apr 26 18:19:00 2006
|
|
--- nss_ldap-250.1/util.h Wed Aug 16 16:49:52 2006
|
|
***************
|
|
*** 83,88 ****
|
|
--- 83,89 ----
|
|
#define NSS_LDAP_KEY_PAGESIZE "pagesize"
|
|
#define NSS_LDAP_KEY_INITGROUPS "nss_initgroups"
|
|
#define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers"
|
|
+ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers"
|
|
|
|
/* more reconnect policy fine-tuning */
|
|
#define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"
|