Sswen winbindd ldap
The base goal is to lay the foundation for a series of winbind improvements. The replacement of the ADS-API in winbindd by the tldap library is just the first step.
Further goals in this area are:
-
Improve the failover times for disappeared DC
-
optimize the kerberos ticket handling in such a way that existing tickets are used instead of triggering a new auth request
-
centralize the DC connection management to support a reliable and fast detection of connection loss and reconnection process
-
integrate and condense the required code and functionality to a minimum number of layers and remove APIs and layers not required.
As a first step we decided to align the ldap libraries and move the functionality, included in winbindd_ads.c, to use the tldap library.
Since we didn't want to reinvent the wheel we started using the functionality offered by the tldap-/tldap_util-library which does offer already a few of the required features.
As a starting point of this first step, we replace each externally triggered function (callbacks) from the winbindd_ads.c by pure-ldap versions. Not only that this is the least invasive approach but it eases the testing as the results and timings are easy to compare.