calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '792e8f41a1'
${ noResults }
gentoo-overlay/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_s...

227 lines
7.7 KiB
Raw Blame History

diff -c -r nss_ldap-250/ChangeLog nss_ldap-250.1/ChangeLog
*** nss_ldap-250/ChangeLog Wed Apr 26 18:19:00 2006
--- nss_ldap-250.1/ChangeLog Wed Aug 16 16:58:57 2006
***************
*** 1,6 ****
--- 1,13 ----
$Id$
===============================================================
+ 250.1 Paul B. Henson <henson@acm.org>
+
+ * add nss_getgrent_skipmembers parameter to ldap.conf,
+ if enabled will not request member attributes for
+ group lookups, greatly increasing performance in the
+ face of large groups
+
250 Luke Howard <lukeh@padl.com>
* don't use static _nss_ldap_no_members buffer,
diff -c -r nss_ldap-250/ldap-nss.c nss_ldap-250.1/ldap-nss.c
*** nss_ldap-250/ldap-nss.c Wed Apr 26 18:19:00 2006
--- nss_ldap-250.1/ldap-nss.c Wed Aug 16 16:51:49 2006
***************
*** 1258,1264 ****
cfg = __config;
! _nss_ldap_init_attributes (cfg->ldc_attrtab);
_nss_ldap_init_filters ();
#ifdef HAVE_LDAP_SET_OPTION
--- 1258,1264 ----
cfg = __config;
! _nss_ldap_init_attributes (cfg->ldc_attrtab, cfg->ldc_getgrent_skipmembers);
_nss_ldap_init_filters ();
#ifdef HAVE_LDAP_SET_OPTION
diff -c -r nss_ldap-250/ldap-nss.h nss_ldap-250.1/ldap-nss.h
*** nss_ldap-250/ldap-nss.h Wed Apr 26 18:19:00 2006
--- nss_ldap-250.1/ldap-nss.h Wed Aug 16 16:51:59 2006
***************
*** 390,395 ****
--- 390,396 ----
time_t ldc_mtime;
char **ldc_initgroups_ignoreusers;
+ int ldc_getgrent_skipmembers;
};
typedef struct ldap_config ldap_config_t;
diff -c -r nss_ldap-250/ldap-schema.c nss_ldap-250.1/ldap-schema.c
*** nss_ldap-250/ldap-schema.c Wed Apr 26 18:19:00 2006
--- nss_ldap-250.1/ldap-schema.c Wed Aug 16 16:54:52 2006
***************
*** 273,279 ****
static void init_pwd_attributes (const char ***pwd_attrs);
static void init_sp_attributes (const char ***sp_attrs);
! static void init_grp_attributes (const char ***grp_attrs);
static void init_hosts_attributes (const char ***hosts_attrs);
static void init_services_attributes (const char ***services_attrs);
static void init_network_attributes (const char ***network_attrs);
--- 273,279 ----
static void init_pwd_attributes (const char ***pwd_attrs);
static void init_sp_attributes (const char ***sp_attrs);
! static void init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers);
static void init_hosts_attributes (const char ***hosts_attrs);
static void init_services_attributes (const char ***services_attrs);
static void init_network_attributes (const char ***network_attrs);
***************
*** 289,299 ****
* attribute table initialization routines
*/
void
! _nss_ldap_init_attributes (const char ***attrtab)
{
init_pwd_attributes (&attrtab[LM_PASSWD]);
init_sp_attributes (&attrtab[LM_SHADOW]);
! init_grp_attributes (&attrtab[LM_GROUP]);
init_hosts_attributes (&attrtab[LM_HOSTS]);
init_services_attributes (&attrtab[LM_SERVICES]);
init_network_attributes (&attrtab[LM_NETWORKS]);
--- 289,299 ----
* attribute table initialization routines
*/
void
! _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers)
{
init_pwd_attributes (&attrtab[LM_PASSWD]);
init_sp_attributes (&attrtab[LM_SHADOW]);
! init_grp_attributes (&attrtab[LM_GROUP], ldc_getgrent_skipmembers);
init_hosts_attributes (&attrtab[LM_HOSTS]);
init_services_attributes (&attrtab[LM_SERVICES]);
init_network_attributes (&attrtab[LM_NETWORKS]);
***************
*** 357,363 ****
}
static void
! init_grp_attributes (const char ***grp_attrs)
{
int i = 0;
static const char *__grp_attrs[ATTRTAB_SIZE + 1];
--- 357,363 ----
}
static void
! init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers)
{
int i = 0;
static const char *__grp_attrs[ATTRTAB_SIZE + 1];
***************
*** 366,374 ****
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
! (*grp_attrs)[i++] = (char *) AT (memberUid);
! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
! (*grp_attrs)[i++] = (char *) AT (uniqueMember);
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
(*grp_attrs)[i] = NULL;
}
--- 366,377 ----
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
! if (!ldc_getgrent_skipmembers)
! {
! (*grp_attrs)[i++] = (char *) AT (memberUid);
! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
! (*grp_attrs)[i++] = (char *) AT (uniqueMember);
! }
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
(*grp_attrs)[i] = NULL;
}
diff -c -r nss_ldap-250/ldap-schema.h nss_ldap-250.1/ldap-schema.h
*** nss_ldap-250/ldap-schema.h Wed Apr 26 18:19:00 2006
--- nss_ldap-250.1/ldap-schema.h Wed Aug 16 16:54:07 2006
***************
*** 30,36 ****
* function to initialize global lookup filters.
*/
void _nss_ldap_init_filters ();
! void _nss_ldap_init_attributes (const char ***attrtab);
/**
* make filters formerly declared in ldap-*.h globally available.
--- 30,36 ----
* function to initialize global lookup filters.
*/
void _nss_ldap_init_filters ();
! void _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers);
/**
* make filters formerly declared in ldap-*.h globally available.
diff -c -r nss_ldap-250/nss_ldap.5 nss_ldap-250.1/nss_ldap.5
*** nss_ldap-250/nss_ldap.5 Wed Apr 26 18:19:00 2006
--- nss_ldap-250.1/nss_ldap.5 Wed Aug 16 17:07:19 2006
***************
*** 445,450 ****
--- 445,458 ----
to return NSS_STATUS_NOTFOUND if called with a listed users as
its argument.
.TP
+ .B nss_getgrent_skipmembers <yes|no>
+ Specifies whether or not to populate the members list in
+ the group structure for group lookups. If very large groups
+ are present, enabling this option will greatly increase
+ perforance, at the cost of some lost functionality. You should
+ verify no local applications rely on this information before
+ enabling this on a production system.
+ .TP
.B nss_srv_domain <domain>
This option determines the DNS domain used for performing SRV
lookups.
diff -c -r nss_ldap-250/util.c nss_ldap-250.1/util.c
*** nss_ldap-250/util.c Wed Apr 26 18:19:00 2006
--- nss_ldap-250.1/util.c Wed Aug 16 16:52:55 2006
***************
*** 660,665 ****
--- 660,666 ----
result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME;
result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES;
result->ldc_initgroups_ignoreusers = NULL;
+ result->ldc_getgrent_skipmembers = 0;
for (i = 0; i <= LM_NONE; i++)
{
***************
*** 1137,1142 ****
--- 1138,1156 ----
break;
}
}
+ else if (!strcasecmp (k, NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS))
+ {
+ if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
+ || !strcasecmp (v, "true"))
+ {
+ result->ldc_getgrent_skipmembers = 1;
+ }
+ else if (!strcasecmp (v, "off") || !strcasecmp (v, "no")
+ || !strcasecmp (v, "false"))
+ {
+ result->ldc_getgrent_skipmembers = 0;
+ }
+ }
else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY))
{
if (!strcasecmp (v, "oneshot"))
diff -c -r nss_ldap-250/util.h nss_ldap-250.1/util.h
*** nss_ldap-250/util.h Wed Apr 26 18:19:00 2006
--- nss_ldap-250.1/util.h Wed Aug 16 16:49:52 2006
***************
*** 83,88 ****
--- 83,89 ----
#define NSS_LDAP_KEY_PAGESIZE "pagesize"
#define NSS_LDAP_KEY_INITGROUPS "nss_initgroups"
#define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers"
+ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers"
/* more reconnect policy fine-tuning */
#define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"
Reference in new issue View Git Blame Copy Permalink