hyc@OpenLDAP.org wrote:
Update of /repo/OpenLDAP/pkg/ldap/contrib/slapd-modules/nssov
Log Message: Directory /repo/OpenLDAP/pkg/ldap/contrib/slapd-modules/nssov added to the repository
I've imported a complete copy of Arthur de Jong's nss-ldapd-0.6.2 with this overlay. The overlay implements a listener inside slapd that speaks the same protocol as nss-ldapd. As such, it replaces the server side of his package (nslcd). You still need to build and install his client side though (nss).
It passes the majority of the "make check" tests in the nss-ldapd/tests directory on my OpenSuSE system. The ones that fail appear to be incorrectly written tests. Unfortunately those tests are heavily dependent on your system's nsswitch.conf and the other databases; they ought to be cleaned up to be completely self-contained.
The point of all this: the nss-ldapd approach avoids the issue of polluting the user space with libldap's symbols, by sending all requests thru a small nss stub. This stub sends requests (using a very simple protocol) over a Unix Domain socket to some other server which actually processes the requests. With the original nss-ldapd, an nslcd daemon listening on that socket then uses libldap to contact whatever LDAP server was configured.
With this overlay, slapd itself answers the nss requests. On a host with the master database, this avoids an unnecessary context switch if nothing else. Even on hosts without the full database, this approach opens up the possibility of using pcache to perform intelligent caching of nss data, as well as using syncrepl to keep information current.
I've also discussed with Arthur some directions for improvement in the base nss code. I may push some of those into here later.