Awesome, it worked!

Just one final question: how to make that script search not only in ipa1.example.com's LDAP database, but also in ipa2.example.com's LDAP in case ipa1 is inaccessible? It's vital for a production environment!


I tried copying the whole section of code from " ldapsearch ..." to "... done" and putting it after a new instance of " if [ ! -s "$tmpf" ]; then ", but it didn't work (I'm not a programmer...).

My current cron script is like this: https://cloud.mail.ru/public/fdf2e60c5df8%2Fsudo.sh

Programmers, please take a glance at the file - logically it shouldn't be difficult to make necessary modifications,
but I don't know how...


23-Oct-14 21:40, Alexander Bokovoy пишет:
try adding something like this:

old_krb5_ccache=${KRB5_CCACHE}
KRB5_CCACHE=/tmp/_hostgroups_access.ccache.$$
export KRB5_CCACHE
kinit -k -t /etc/krb5.keytab host/`hostname`
# perform actual search
ldapsearch -Y GSSAPI .....

# end of script
kdestroy
KRB5_CCACHE=${old_krb5_ccache}
export KRB5_CCACHE

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to