[Pkg-shadow-devel] ldap support
Nicolas François
nicolas.francois at centraliens.net
Wed Jun 11 09:03:39 UTC 2008
Hi,
On Tue, Jun 10, 2008 at 09:53:59PM +0200, miek at miek.nl wrote:
> [ Quoting Nicolas François in "Re: [Pkg-shadow-devel] ldap support"... ]
> > Hello,
> >
> > > I'm not getting this.. as you are using setpwent (for instance) you
> > > should be getting the backend for free? As glibc will do the heavy
> > > lifting and will update the appropiate backend?
> >
> > This might be an old TODO entry (shadow used to have its own API to read
> > and write in the passwd/group/shadow files).
> >
> > However, I never tried this. If you could try it, that would be great.
>
> I've tried it, it didn't work :( I've put an user in ldap, the
> user 'henkie'.
Sorry, I only checked the output path.
shadow uses an internal API, sgetpwent(), to parse a line, and it
still reads /etc/passwd by opening it directly.
On the read path, I can easily change to using getpwent() from the libc
when building the shadow internal database.
However, the only API from the libc I could find to write a entry in the
paswd database is putpwent(), and this API requires a FILE handle. Thus,
writing to LDAP would not be that easy.
There are also some differences between LDAP and file databases which
could require a different logic. The database is remote and could be much
larger. Reading the entire content of the database when the database is
read (as done currently) should be changed.
I would gladly accept a patch to introduce LDAP, or setup a branch for
this, but I cannot currently work on it.
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list