(Sorry for the lack of an In-Reply-To header, I couldn't find the message ID anywhere). Hey, I've been playing around with this issue myself as well. I want to support nested groups through winbind, which is supported through winbind_getgrouplist, but not through getgrent... > I have been playing around with nss and libc this weekend to find > ways to make nss_ldap work more efficiently by coupling getgrouplist > (3) with _nss_ldap_initgroups_dyn. init_groups_dyn seems to be the function used by linux. It has pretty much the same interface as getgroupmembership from NetBSD, with just a difference in memory allocation. > By coincidence I found that NetBSD has created the infrastructure > needed to make this a reallity allready! In NetBSD getgrouplist(3) is > now a front-end for getgroupmembership(3). I just found this one too. I'm not sure how widespread the implementation of getgroupmembership is, though. I know nss_winbind does not implement it, but does implement initgroups_dyn. From your post I think nss_ldap does this also. > Is there any chance for FreeBSD to get an updated import of NSS from > NetBSD anytime soon? :-) Due to the (possibly) limited support of getgroupmembership in nss backends, it might be better to use initgroups_dyn instead? Anyway, I've spent some words on this issue on my blog [1], if anyones interested. I'm planning on trying to make this work on FreeBSD sometime soon. But, since I only have FreeBSD 6.0 machines to play around with (possibly 6.1 soon), I will probably code up a patch for 6.0. Have there been big changes to nss since then that might make this a useless idea? Gr. Matthijs [1]: http://katherina.student.utwente.nl/~matthijs/cgi-bin/blosxom/software/samba/WinbindNested.htmlReceived on Sun May 28 2006 - 15:32:49 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC