This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: How to get LDAP support in NSS/compat?

On Tue, May 27, Ulrich Drepper wrote:

> Hash: SHA1
> Thorsten Kukuk wrote:
> > With this, everything should work.
> The patch doesn't look bad but is the functionality really equivalent?

Yes, it is. I only removed duplicated code from nss_compat (the same
code was already in nss_nis or nss_nisplus).
And all my tests shows the same result and I'm using it already here.

> I'm worried about now using the NIS NSS module from cmopat instead of
> going directly.  Are there any ways there are differences?  I wouldn't
> expect since I hope the code is thread-safe.

There are two problems: The NIS interface between the client and the
server is not thread safe. As result, it could always be that the
data is incomplete and users are missing or duplicated. But this is
nothing new, this happens already with the old nss_compat module and
it also happens with nss_nis.

But the second problem I worry much more about: The new nss_compat
module breaks RPM.

What happens is: RPM is linked static and calls NSS functions. 
rpm dlopen nss_compat. nss_compat dlopen nss_nis. The second dlopen in
nss_compat seg.faults, if the main program is linked static (I will
write a short test case for this later).

So, since we don't support dlopen in static linked programs official,
is the seg.fault expected to be happen or is this a bug somewhere?

If this is the expected behavior and not fixable, I think we should not
use the new nss_compat code. I doubt that RPM will be fixed to not call
NSS functions and be linked static.

> What is in any case missing is cleanup.  Breaking long lines, correct
> line breaks, ...  If you do this I'll check the changes in any we can
> see how they perform.

There is a lot of more cleanup missing and the initgroups_dyn()
support is missing. Without this, login will be really slow if you
have big NIS, NIS+ maps or whatever else.

I will do this, after the above static linking/dlopen problem is


Thorsten Kukuk
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

Attachment: pgp00000.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]