On 28. mai. 2006, at 19.32, Matthijs Kooijman wrote: > I've been playing around with this issue myself as well. I want to > support > nested groups through winbind, which is supported through > winbind_getgrouplist, but not through getgrent... Great to see some more interest in it! :-) I am about to go live with a system with a significant number of users ( > 1 million), and have just disabled group lookups for now. >> By coincidence I found that NetBSD has created the infrastructure >> needed to make this a reallity allready! In NetBSD getgrouplist(3) is >> now a front-end for getgroupmembership(3). > I just found this one too. I'm not sure how widespread the > implementation of > getgroupmembership is, though. I know nss_winbind does not > implement it, but > does implement initgroups_dyn. From your post I think nss_ldap does > this also. Most NSS modules come from Linux / GLIBC, and thus match their implementations. Since this does not exist in FreeBSD yet, I would first look to the other BSDs and try to match their implementation. Since FreeBSD's nss comes from NetBSD I think it is pretty obvious that we want to import new features from them, and not from GNU Libc. :-) However, NSS is a large beast reaching into many central parts of libc, and great care must be taken to not break anything when importing new code. Last I looked it seemed like NetBSD's NSS code had moved along quit a bit, and I don't know if it is common practice to backport specific functionality, or to just do a new import? >> Is there any chance for FreeBSD to get an updated import of NSS from >> NetBSD anytime soon? :-) > Due to the (possibly) limited support of getgroupmembership in nss > backends, > it might be better to use initgroups_dyn instead? No, I would rather let BSD NSS be BSD NSS and implement a compability layer for initgroups_dyn :-) See /usr/src/lib/libc/net/nss_compat.c and bsdnss.c in nectar's nss_ldap port. > Anyway, I've spent some words on this issue on my blog [1], if anyones > interested. I'm planning on trying to make this work on FreeBSD > sometime soon. > But, since I only have FreeBSD 6.0 machines to play around with > (possibly 6.1 > soon), I will probably code up a patch for 6.0. Have there been big > changes to > nss since then that might make this a useless idea? New code should generally be patches againts -CURRENT, but I don't think this is a part of the source tree that is changed very often. I would at least have a look at the files you plan on changing from - CURRENT so you can know that the world as you know it is not about to be changed / replaced :) Frode Nordahl frode_at_nordahl.netReceived on Mon Jul 17 2006 - 09:58:57 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:58 UTC