Forgot to include environment specifics:

CentOS Linux release 7.2.1511 (Core)
ipa-server-4.2.0-15.0.1.el7.centos.6.x86_64
389-ds-base-1.3.4.0-26.el7_2.x86_64
389-ds-base-1.3.4.0-26.el7_2.x86_64


On 04/06/16 10:40, Daryl Fonseca-Holt wrote:
Due to legacy constraints the default protocol.bynumber and protocol.byname do not produce the alias feature we have:
ypcat protocols.byname  
ip      0
IP      0
icmp    1
ICMP    1
igmp    2
IGMP    2
ggp     3
GGP     3
tcp     6
TCP     6
pup     12
PUP     12
udp     17
UDP     17
IPv6    41
ipv6    41
IPv6-Route      43
ipv6-route      43
IPv6-Frag       44
ipv6-frag       44
IPv6-ICMP       58
ipv6-icmp       58
IPv6-NoNxt      59
ipv6-nonxt      59

ypcat protocols.bynumber
ip      0       IP
icmp    1       ICMP
igmp    2       IGMP
ggp     3       GGP
tcp     6       TCP
pup     12      PUP
udp     17      UDP
IPv6    41      ipv6
IPv6-Route      43      ipv6-route
IPv6-Frag       44      ipv6-frag
IPv6-ICMP       58      ipv6-icmp
IPv6-NoNxt      59      ipv6-nonxt

ypmatch 0 protocols.bynumber
ip      0       IP

ypmatch ip protocols.byname
ip      0       IP

ypmatch IP protocols.byname
ip      0       IP
Notice the above legacy ypcat protcols.bynumber is not showing description Attribute in the third column, rather, it is the alias. ypmatch can find an entry in protocols.byname using the name or the alias.

The document format-specifiers.txt says
 * nis-keys-format (required if nis-key-format is not set, multivalued)
   A format specifier which the plugin will use to convert the contents
   of the directory server entry into a set of keys for the NIS map.
   The resulting NIS map will include a key for each value to which the
   _expression_ evaluates.  This can be used to allow for an arbitrary
   number of NIS map entries to be created for a given directory server
   entry.  The syntax of format specifiers is described in
   "format-specifiers.txt".
It seemed like a %collect in nis-keys-format was just what I needed.

Using this schema in /etc/dirsv/<instance>/99user.ldif I created directory entries that had both a name and an alias.
dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
cn: schema
objectClasses: ( 1.3.6.1.4.1.35157.1.1.3 
  NAME 'umipProtocol' 
  DESC 'User defined 
  LDAP objectclass' 
  SUP top 
  STRUCTURAL 
  MUST ( cn $ umipProtocolName $ umipProtocolNumber )
  MAY ( description $ umipProtocolAlias )
  X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.35157.1.1.1.13 
  NAME 'umipProtocolName'
  DESC 'IP protocol name - custom'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  EQUALITY caseExactIA5Match
  X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.35157.1.1.1.14 
  NAME 'umipProtocolNumber' 
  DESC 'IP protocol number - custom' 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
  EQUALITY integerMatch
  X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.35157.1.1.1.15
  NAME 'umipProtocolAlias'
  DESC 'IP protocol alias name'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  EQUALITY caseExactIA5Match
  X-ORIGIN 'user defined' )

With these NIS map LDIFs added
dn: nis-domain=uofmt2+nis-map=protocols.byname,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
nis-domain: uofmt2
nis-map: protocols.byname
nis-base: ou=Protocols,ou=Unix,dc=uofmt2
nis-filter: (objectClass=umipProtocol)
nis-keys-format: %{umipProtocolName}"
nis-value-format: %{umipProtocolName}	%{umipProtocolNumber}	%{umipProtocolAlias}

dn: nis-domain=uofmt2+nis-map=protocols.byname,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
nis-domain: uofmt2
nis-map: protocols.byname
nis-base: ou=Protocols,ou=Unix,dc=uofmt2
nis-filter: (objectClass=umipProtocol)
nis-keys-format: %{umipProtocolName}"
nis-value-format: %{umipProtocolName}	%{umipProtocolNumber}	%{umipProtocolAlias}
ypcat produces the desired output. ypmatch doesn't work at all.
ypmatch ip protocols.byname
Can't match key ip in map protocols.byname. Reason: No such key in map

ypmatch IP protocols.byname
Can't match key IP in map protocols.byname. Reason: No such key in map
For reference, here is the ypcat output of the two maps:
ypcat protocols.byname
IPv6-NoNxt	59	ipv6-nonxt
IPv6-ICMP	58	ipv6-icmp
IPv6-Frag	44	ipv6-frag
IPv6-Route	43	ipv6-route
IPv6	41	ipv6
udp	17	UDP
pup	12	PUP
tcp	6	TCP
ggp	3	GGP
igmp	2	IGMP
icmp	1	ICMP
ip	0	IP

ypcat protocols.bynumber
IPv6-NoNxt	59	ipv6-nonxt
IPv6-ICMP	58	ipv6-icmp
IPv6-Frag	44	ipv6-frag
IPv6-Route	43	ipv6-route
IPv6	41	ipv6
udp	17	UDP
pup	12	PUP
tcp	6	TCP
ggp	3	GGP
igmp	2	IGMP
icmp	1	ICMP
ip	0	IP
Shouldn't the %collect cause to two NIS entries to be created for each directory entry? It seems to on the ypcat but I don't understand why the ypmatch would fail.

Thanks, Daryl
-- 
 -- 
 Daryl Fonseca-Holt
 IST/Technology Services/Unix Server Team
 University of Manitoba
 204.480.1079



-- 
 -- 
 Daryl Fonseca-Holt
 IST/Technology Services/Unix Server Team
 University of Manitoba
 204.480.1079
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to