Comments (11)
jaqx0r
commented on August 19, 2024
This seems reasonable.
Do you want to work on this?
from nsscache.
akorn
commented on August 19, 2024
No. Unfortunately I have neither the required python skills, nor (more importantly) time. :(
I can work around the problem by not using nss-cache at all; instead, I'll periodically run getent passwd and getent group on a box with nss set to use LDAP, and copy the results to the LDAP servers (well, actually, I'll use svn or git to distribute the flat files).
This works for me because my only problem is that there are race conditions when the LDAP servers all try to start simultaneously and look up uid/gid mappings in LDAP; if the LDAP servers themselves use flat files, that's good enough for me. I don't need shadow, netgroup, automount or anything else, just uid-name, gid-name and group-member mappings, and this getent based kludge will work for me. (I'm writing this down because it may work for others too.)
from nsscache.
jaqx0r
commented on August 19, 2024
Understood. I too am short on time so this will have to wait for now.
On Wed, 6 Jan 2016, 18:26 Dr. András Korn [email protected] wrote:
No. Unfortunately I have neither the required python skills, nor (more
importantly) time. :(I can work around the problem by not using nss-cache at all; instead, I'll
periodically run getent passwd and getent group on a box with nss set to
use LDAP, and copy the results to the LDAP servers (well, actually, I'll
use svn or git to distribute the flat files).This works for me because my only problem is that there are race
conditions when the LDAP servers all try to start simultaneously and look
up uid/gid mappings in LDAP; if the LDAP servers themselves use flat files,
that's good enough for me. I don't need shadow, netgroup, automount or
anything else, just uid-name, gid-name and group-member mappings, and this
getent based kludge will work for me. (I'm writing this down because it may
work for others too.)—
Reply to this email directly or view it on GitHub
#68 (comment).
from nsscache.
kev009
commented on August 19, 2024
@jaqx0r do you have a preference on how this should be implemented? I can do it quite easily in python, but maybe there are some reasons it should be in libnss-cache?
from nsscache.
jaqx0r
commented on August 19, 2024
Without having thought about it too hard, my feeling is that libnss-cache
is the wrong place because that's in the critical read path, so it should
be done in nsscache (i.e. the python).
This might prove to be bad for really large nestings of groups but we can
burn that bridge when we come to it.
On Fri., 7 Oct. 2016, 15:40 Kevin Bowling, [email protected] wrote:
@jaqx0r https://github.com/jaqx0r do you have a preference on how this
should be implemented? I can do it quite easily in python, but maybe there
are some reasons it should be in libnss-cache?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#68 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AC5b-85GXnF8-nSW48xzNt4HEgJrs18aks5qxc1EgaJpZM4G9yd1
.
from nsscache.
kev009
commented on August 19, 2024
I was thinking it has some considerations like, a recursive group member that is not in ldap should be preserved because one of the other nss providers may have it.. but after writing it out I don't see why doing that in the python side wont work.
from nsscache.
JaseFace
commented on August 19, 2024
Did anyone have some time to start this up yet?
from nsscache.
trenton42
commented on August 19, 2024
Looking through the python, it appears that there would be an issue mapping the recursive groups on incremental updates. For --full runs it is fine, but when running without --full, only modified groups will show up in the search result. In order to properly update all nested groups, several queries would have to be made (query for any groups that contain the changed group, then any groups that contain those groups, etc.), so depending on the ldap layout, it could greatly diminish the efficiency of doing an incremental update. It may also be possible to cache those group to group relationships, but that would also require more code changes.
from nsscache.
trenton42
commented on August 19, 2024
This first stab will cache nested groups, but only on a full sync: master...trenton42:nested-groups
Using this code with incremental updates will be subtly broken, as changes in memberships in child groups will not propagate up to parent groups
from nsscache.
jaqx0r
commented on August 19, 2024
Thanks for working on this! If we can hide this feature behind a flag then
I'm happy to merge it so people can try it out.
…On Fri, 26 Oct 2018 at 11:20, Trenton Broughton ***@***.***> wrote:
This first stab will cache nested groups, but only on a full sync:
master...trenton42:nested-groups
<master...trenton42:nested-groups>
Using this code with incremental updates will be subtly broken, as changes
in memberships in child groups will not propagate up to parent groups
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#68 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AC5b-9UqqSWE-5ASLRR_MFRbq0gnasiUks5uo1J3gaJpZM4G9yd1>
.
from nsscache.
trenton42
commented on August 19, 2024
Thanks @jaqx0r! I added those changes in #84. Let me know if that looks good.
from nsscache.
Related Issues (20)
- nsscache doesn't map all members of a group HOT 2
- reformat by removing error E713 for membership test HOT 7
- ShadowExpire == -1 HOT 1
- sshkey map fails to import HOT 4
- Not all LDAP servers provide LastModification Dates
- bsddb3 is deprecated HOT 3
- `uidattr` ignored when writing out groups
- mox3 archived & deprecated upstream, please update tests to not use it HOT 3
- Does not work offline. HOT 6
- Question: Merge groups with the same ids
- Add support for GCS source HOT 1
- skip the unexcepted line in the cache file
- Tagging of versions HOT 3
- nsscache doesn't update group cache from ldap source HOT 7
- ConfigParser.NoSectionError: No section: 'suffix' with nsscache >= 0.36 HOT 2
- configure nsscache with samba4 active directory HOT 31
- is nsscache python3 compatible? HOT 25
- Get integration tests running in CI HOT 37
- Properly define byte vs string types in source and cache api boundaries
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nsscache.