[Freeipa-devel] [PATCHES(6)] SSSD: Native ldap driver

Simo Sorce ssorce at redhat.com
Thu Jul 9 13:03:32 UTC 2009 

On Thu, 2009-07-09 at 12:38 +0200, Sumit Bose wrote:
> On Wed, Jul 08, 2009 at 07:41:44PM -0400, Simo Sorce wrote:
> > This set of patches implement a native ldap driver backend.
> > 
> > It is the first basic core of a working driver. It still have a few
> > TODOs and FIXMEs in it, and there are still features that need to be
> > implemented.
> > 
> > But it is stable enough and big enough to be useful.
> > I've done basic testing through development, and most stuff should work.
> > 
> > Patches:
> > 0001 - add some cleanup code to remove .X files
> > 0002 - expose some useful sysdb functions previously declared static
> > 0003 - add a set of async helpers for the ldap driver
> > 0004 - convert ldap auth to use the async helpers
> > 0005 - unify password caching between proxy and ldap
> > 0006 - implement the identity part of the ldap driver
> > 
> > notes:
> > - Sumit you may want to look at 0005 and then unify the krb password
> > caching.
> > - during the implementation of the initgr call I noticed that it would
> > be useful if some of the search function in sysdb could autostart an
> > operation, I implemented this for some functions, might make sense to
> > extend it to others.
> > - there is a definition for an ipa-v1 schema but no implementation yet,
> > it will require 2 other ways to handle initgr depending on whether the
> > ASQ control is available or not.
> > 
> > 
> > I think the code is good enough to be pushed and will help align the
> > team (esp. Sumit waiting on some of this stuff) so although not perfect
> > it here for review.
> > 
> > Simo.
> 
> ACK with the following patch applied. Talloc might be smart enough to
> make the talloc_zfree not needed, but I think it looks clearer this way.

Yes, talloc is indeed smart enough, the reson why we call talloc_zfree()
in these case is 2 fold:
1) avoid piling up memory. All emmory will be freed when the breq will
be freed anyway, cause it is all hanging on from there, but it doesn't
make sense to carry around potentially high quantities of memory we do
not need anymore.
2) catch with a nice segfault invalid use of subreq in the following
code, as subreq is not to be used except to get results.

So the patch is very welcome, thanks!

> Great work, btw.

Thank you, pushing the code now!

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list