> nsldap Issues > I'm inclined to do some maintenance of the nsldap module, just for the record: > > Deprecation warnings during build. i have replaced the ones concerning Ns_DString* operations in the repository.
When compiling under macOS of the form: nsldap.c:652:15: warning: 'ldap_initialize' is deprecated: first deprecated in macOS 10.11 - use OpenDirectory Framework [-Wdeprecated-declarations] These will go away when using openLDAP under macOS. I assume, you are just referring to the prior ones. > The pre-processor macro LDAPV3 has to be defined manually when building in > order to work with current LDAP server versions. As i see it, the macro is not necessary (i’ve replaced it with a proper version compare, with macros provided by the standard includes. Also without the macro being defined, nsdap compiles fine and works (but without setting the LDAP to LDAPV3). Is this maybe Alpine specific? > Ns_ModuleInit() returns extraneously when scheduling a background procedure: > I worked around by setting maxidle to 0 in the pool configuration. what means "returns extraneously”? crash? Tcl exception? I would expect, Ns_ModuleInit() to be executed during startup (when all modules are loaded), not in a background procedure. > The ns_ldap search documentation mentions that attributes to be extracted can > be specified after the filter. > This is not consistently documented. > If using an empty filter *and* an attribute to extract, an assertion is > triggered and nsd exits. this requires certainly work > Thorough documentation of all configuration options is missing. ditto > > Current LDAP client library implementations encourage the use of LDAP URI's > instead of host, port and schema. This would be a useful enhancement. i have added this to the repository. Please test if possible, i have no usable LDAP server installation. > Controlled Creation of the auth Chain > > Initially I had the idea of separating authentication and authorization and > have the admin of the server decide how and in which order to run respective > "filters". The current implementation does not give exact control over the > order of registration of auth callbacks. I'll have to learn more on the > details of Naviserver configuration. > what do you mean by “no control”? This is exactly like for filters, you can append at the end or at the begin, > Global Initialzation of a Tcl Module > > The nsauthn module implements caching of credentials from passwd files. For > this I wanted to use a global initialization procedure, run before any server > is initialized. Alas I did not find if this is even possible. Any info on > this is appreciated. > In general, the global (shared) Tcl libraries are loaded before the per-server (private) libraries. You get the path of the global libraries via [ns_library shared] and the per-server ones via ns_library private] https://naviserver.sourceforge.io/5.0/manual/files/tcl-libraries.html > - - - > > Best Regards, > > Georg > > _______________________________________________ > naviserver-devel mailing list > naviserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
