On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote: > I did some more testing and found out that this line: > > default:schema-compat-entry-rdn: 'cn=%first("%{fqdn}")' > > needs to be changed to: > > default:schema-compat-entry-rdn: cn=%first("%{fqdn}") > > in both install/share/schema_compat.uldif and > install/updates/10-schema_compat.update, otherwise we get entries > with DN like this: > "'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com". > > Besides this, both clean installs and upgrades seem to work fine > with this patch.
Right, the quoting rules. Revised again, in case you need it. Thanks! Nalin
From 837575de789228428618e1338256321769720abb Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai <na...@dahyabhai.net> Date: Mon, 16 Apr 2012 15:31:12 -0400 Subject: [PATCH 2/3] - create a "cn=computers" compat area populated with ieee802Device entries corresponding to computers with fqdn and macAddress attributes --- install/share/schema_compat.uldif | 14 ++++++++++++++ install/updates/10-schema_compat.update | 15 +++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index f042edf..deca1bb 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -92,6 +92,20 @@ add:schema-compat-entry-attribute: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' add:schema-compat-entry-attribute: 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")' add:schema-compat-entry-attribute: 'sudoOption=%{ipaSudoOpt}' +dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config +default:objectClass: top +default:objectClass: extensibleObject +default:cn: computers +default:schema-compat-container-group: cn=compat, $SUFFIX +default:schema-compat-container-rdn: cn=computers +default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX +default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) +default:schema-compat-entry-rdn: cn=%first("%{fqdn}") +default:schema-compat-entry-attribute: objectclass=device +default:schema-compat-entry-attribute: objectclass=ieee802Device +default:schema-compat-entry-attribute: cn=%{fqdn} +default:schema-compat-entry-attribute: macAddress=%{macAddress} + # Enable anonymous VLV browsing for Solaris dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config only:aci: '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )' diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update index 8ef1424..9835bb8 100644 --- a/install/updates/10-schema_compat.update +++ b/install/updates/10-schema_compat.update @@ -4,3 +4,18 @@ replace: schema-compat-entry-attribute:'sudoRunAsGroup=%deref("ipaSudoRunAs","cn # as the original, '' or -. dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config replace: schema-compat-entry-attribute:'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})' + +dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config +default:objectClass: top +default:objectClass: extensibleObject +default:cn: computers +default:schema-compat-container-group: cn=compat, $SUFFIX +default:schema-compat-container-rdn: cn=computers +default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX +default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) +default:schema-compat-entry-rdn: cn=%first("%{fqdn}") +default:schema-compat-entry-attribute: objectclass=device +default:schema-compat-entry-attribute: objectclass=ieee802Device +default:schema-compat-entry-attribute: cn=%{fqdn} +default:schema-compat-entry-attribute: macAddress=%{macAddress} + -- 1.7.10
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel