[Date Prev][Date Next] [Chronological] [Thread] [Top]

Extension to back-passwd: back-posix

To: OpenLDAP Development <openldap-devel@OpenLDAP.org>
Subject: Extension to back-passwd: back-posix
From: Dave Horsfall <daveh@ci.com.au>
Date: Thu, 26 May 2005 14:51:26 +1000 (EST)
Archive: No

As discussed in ITS #3737, I'm going to write a new backend based upon 
back-passwd (calling it "back-posix" for want of a better name), but 
before I do so I want to make sure that I won't be wasting my time by 
having to throw everything out and starting again.

Our objective here is to provide a single search against multiple sources 
including /etc/passwd, so back-posix would slot underneath back-meta.  It 
would be as general as possible whilst catering for our needs, hence the 
proposed discussion.

I've browsed the archives noting the points therein, especially the 
threads openldap-devel/199901/msg00035 and openldap-devel/199903/msg00011, 
and ITS #40.

Outline:

Returns objectClass inetOrgPerson/posixAccount, with as many attributes as 
I can find or infer, as uid=pw_name [0]:

	Required attributes:

	cn:		Set from pw_name (configurable? [1])
	gidNumber:	Set from pw_gid
	homeDirectory:	Set from pw_dir
	sn:		Inferred from pw_gecos [2]
	uid:		Set from pw_name
	uidNumber:	Set from pw_uid

	Optional attributes:

	description:	Set from pw_gecos (up to first comma?)
	gecos:		Set from pw_gecos
	givenName:	Set from first token in pw_gecos (or pw_name if "&")
	initials:	Hmmm...
	loginShell:	Set from pw_shell
	userPassword:	Set from pw_passwd [3]

	Other optional attributes (which we don't use):

	host:		It's only in "account" [4]
	l:		Set from getdomainname()
	mail:		Set from pw_name @ domain
	telephone:	Extract from pw_gecos [5]

Other considerations (which definitely won't be in the first cut):

	Remove the serialisation.
	Implement some form of cache.
	Handle setpassent().

Anything else?

Notes:

[0]	Or configurable, as long as it's a required attribute.

[1]	I prefer my configuration options to be set at run time, not
	compile time, wherever possible.  Other options include returning
	pw_gecos instead, or givenName+sn?

[2]	Take everything before first "," and then all but first token,
	perhaps skipping what looks like initials.

[3]	Probably useless in a shadowed environment.

[4]	But could be a configurable option...

[5]	How portable is this field, as Howard noted?  On FreeBSD at
	least, it's full name, office, work phone, home phone.  One
	whacky idea could be "gecos l,telephoneNumber,homePhone" i.e.
	parse the stuff after the first comma into those attributes.

-- 
Dave Horsfall  DTM  VK2KFU  daveh@ci.com.au  Ph: +61 2 8425-5508 (d) -5500 (sw)
Corinthian Engineering, Level 1, 401 Pacific Hwy, Artarmon, NSW 2064, Australia

Prev by Date: Re: libldap and _r-functions
Next by Date: FYI: testing back-ldif
Index(es):
- Chronological
- Thread