Adam Young wrote:
On 07/14/2010 07:52 PM, Dmitri Pal wrote:
Adam Young wrote:
On 07/14/2010 03:43 PM, Rob Crittenden wrote:
The netgroup plugin was using the wrong attribute for memberships. It
needs to use memberuser for users and groups and memberhost for hosts
and hostgroups. I fixed this up and corrected the tests as well.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Got it installed and running. Unclear how to test.
Create a user group with 3 users U1 U2 U3. Create a host group with the
two hosts H 1 H2
Create a netgroup that includes this user group and this host group
Configure client to use your IPA server as a source of the netgroups
Lits the netgoups - should get your netgroup
List the contents of the netgroup. You should get triplets: user, host,
domain
The order of the users and hosts in triplets does not matter. What
matters is that each host and each user are listed in some triplet and
generally present in the netgroup not more than once.
------------------------------------------------------------------------
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Here's my script. ypcat stopped working with
No such map netgroup. Reason: Can't communicate with portmapper
Too tired to debug tonight/
ipa user-add --first=Kermit --last=Frog kfrog
ipa user-add --first=Count --last=VonCount count123
ipa user-add --first=Oscar --last=Grouch scram
ipa user-add --first=Elmo --last=Gonzales elmo
ipa user-add --first=Zoe --last=MacPhearson zoe
ipa user-add --first=Prairie --last=Dawn pdawn
ipa group-add --desc="Monsters on Sesame Street" monsters
ipa group-add --desc="Muppets moonlighting for CTW" muppets
ipa group-add-member --users=kfrog,scram,pdawn muppets
ipa group-add-member --users=count123,elmo,zoe monsters
ipa netgroup-add --desc="staging servers" net-stage
ipa netgroup-add --desc="live servers" net-live
ipa hostgroup-add --desc "Live servers" host-live
ipa hostgroup-add --desc "Staging servers" stage-live
ipa hostgroup-add-member --hosts
live3.pbs.org,live2.pbs.org,live1.pbs.org host-live
ipa hostgroup-add-member --hosts
stage3.pbs.org,stage2.pbs.org,stage1.pbs.org host-stage
ipa netgroup-add-member --groups=muppets --hostgroups=host-live net-live
ipa netgroup-add-member --groups=muppets --hostgroups=host-stage net-stage
ypcat -d ipa.ayoung.boston.devel.redhat.com -h
ipa.ayoung.boston.devel.redhat.com netgroup
Ok, kudos on the big test group but your knowledge of Sesame Street
characters last names is a bit disturbing ;-)
Your ypcat command is wrong. The -d is your NIS domain (same as your IPA
domain) and the -h is the host to connect to.
I get the following output with this data set:
(-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
(-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
Based on my limited understanding of netgroups this looks correct. You
have defined two netgroups, both of which have the same user group as a
member. The first netgroup has no hosts or hostgroups associated with
it, the second has an empty hostgroup (because you added non-existent
hosts, or at least hosts not on my box).
I added a host to host-live and now I get:
(-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
(lion.example.com,kfrog,example.com) (-,scram,example.com)
(-,pdawn,example.com)
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
