Hi all. I'm new to this list, so I apologize in advance if I ask any noobish questions.
First off, I've created a new LDAP mapping module for using the CN attribute. Where do I send the code? Second, the code I'm sending in may need to be cleaned up some. I'm not usually a C programmer, so there are likely some bugs. Finally, I'd like to comment on the current LDAP mapping module. The reason I took the time to write a new LDAP mapping module was because the current module has some pretty serious flaws. The module is probably fine in a network that has a handful of users, but in any medium to large network, the current module would bring the LDAP servers to their knees. The current module does a while loop over pwgetent(), pulls a pem from each user's LDAP entry, and then compares the retrieved pem to the pem on the card. In a network with 1000 users, it is possible that this module could make 1001 queries (excluding queries for the system accounts) just to log a user in or to unlock the screen. It would be far more efficient to search the LDAP server for the pem on the card, and return the username. This would only require one query to log a user in. This is the model that I use in the cn-ldap module. V/r, Ryan Lane
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
