From owner-freebsd-current@FreeBSD.ORG Mon Jan 7 13:20:53 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2DDD16A41A for ; Mon, 7 Jan 2008 13:20:53 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10]) by mx1.freebsd.org (Postfix) with ESMTP id 6DC0113C448 for ; Mon, 7 Jan 2008 13:20:53 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from pampa.cs.huji.ac.il ([132.65.80.32]) by cs1.cs.huji.ac.il with esmtp id 1JBruN-0008Ew-Dk; Mon, 07 Jan 2008 15:20:51 +0200 X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.2 To: Frode Nordahl In-reply-to: Your message of Mon, 7 Jan 2008 11:21:09 +0100 . Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 07 Jan 2008 15:20:51 +0200 From: Danny Braniss Message-ID: Cc: freebsd-current@freebsd.org, Matthijs Kooijman Subject: Re: FreeBSD nss, getgroupmembership(3) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jan 2008 13:20:53 -0000 > On 7. jan.. 2008, at 11.10, Matthijs Kooijman wrote: > > > a while back (or actually, more than a year back...) there was some > > discussion > > in this thread about implementing getgroupmembership support in > > FreeBSD NSS. > > > > FYI, Michael Bushkov has commited support for this a few weeks back > > based on > > work by me and largely by Michael Hanselmann. For now, there is no > > support yet > > in the nss_ldap and nss_winbind modules, but patches are already > > available. > > > > Support wil not be merged to 7.0, but hopefully it will be in 7.1. > > > > See pr 115196 [1] for more details about it, and links to the > > winbind/ldap patches. > > > > Gr. > > > > Matthijs > > > > [1]: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/115196 > > Thank you for letting me know, this is fantastic!! :-) A big thank you > to everyone involved in making this happen. > > I will attempt to put this to test in a production system in good time > before 7.1 so any issues can be resolved before release. > > Any chance the patch will apply on 6.x? > > -- > Frode Nordahl > sorry if this sounds like a party-poopper but: 1- why not just fix getgrouplist instead of inventing getgroupmembership? (the patch replaces the code of getgrouplist by a call to getgroupmembership anyways) 2- why not just make a new table, with key uid/username and with data the list of groups? this is what we have here, the list is autogenerated each time the main password file and/or group are modified. this reduces network noice and cycles conciderably. danny