Decouple the netgroup module from the ldap module

nima / site

Modular shell-scripting framework - 99% native bash, 1% phat!

http://nima.github.io/site/

5 stars 4 forks source link

Decouple the netgroup module from the ldap module #2

Open nima opened 10 years ago

nima commented 10 years ago

The netgroup module currently assumes that netgroups is ldap-backed; this is a silly assumption. It should use nsswitch alone, and if that happens to be backed by ldap, then so be it.

baua commented 10 years ago

So we replace ldapsearch with getent?

nima commented 10 years ago

First we can check to see if everything currently done via ldap queries is possible with getent alone.

Once we know that is the case - check if there are any performance considerations, and if not - all the ldap calls can be replaced. If there are benefits with using ldap directly, we can have a check - if the ldap module loaded successfully (core:softimport return status), then use that, if not - use getent.

baua commented 10 years ago

getent seems to flatten out the netgroup hierarchy. It only reports a leafs of the tree (hostnames) and not the nodes (nested netgroup). Might still be worth implementing basic functionality like group memberships.