Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On Tue, 2012-04-24 at 18:42 +0200, Jan Cholasta wrote:
On 24.4.2012 16:21, Nalin Dahyabhai wrote:
On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote:
I did some more testing and found out that this line:
default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})'
needs to be changed to:
default:schema-compat-entry-rdn: cn=%first(%{fqdn})
in both install/share/schema_compat.uldif and
install/updates/10-schema_compat.update, otherwise we get entries
with DN like this:
'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com.
Besides this, both clean installs and upgrades seem to work fine
with this patch.
Right, the quoting rules. Revised again, in case you need it.
Thanks!
Nalin
ACK.
Honza
Pushed to master.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On 23.4.2012 22:45, Nalin Dahyabhai wrote:
On Mon, Apr 23, 2012 at 05:03:28PM +0200, Jan Cholasta wrote:
On 16.4.2012 22:39, Nalin Dahyabhai wrote:
This bit of configuration creates a cn=computers area under cn=compat
which we populate with ieee802Device entries corresponding to any
ipaHost entries which have both fqdn and macAddress values.
Please add this to install/updates/10-schema_compat.update as well.
Okay, I think a simple copy is enough, but am not yet sufficiently
familiar with the install/{share,update} stuff to be completely sure.
Nalin
I did some more testing and found out that this line:
default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})'
needs to be changed to:
default:schema-compat-entry-rdn: cn=%first(%{fqdn})
in both install/share/schema_compat.uldif and
install/updates/10-schema_compat.update, otherwise we get entries with
DN like this:
'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com.
Besides this, both clean installs and upgrades seem to work fine with
this patch.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote:
I did some more testing and found out that this line:
default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})'
needs to be changed to:
default:schema-compat-entry-rdn: cn=%first(%{fqdn})
in both install/share/schema_compat.uldif and
install/updates/10-schema_compat.update, otherwise we get entries
with DN like this:
'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com.
Besides this, both clean installs and upgrades seem to work fine
with this patch.
Right, the quoting rules. Revised again, in case you need it.
Thanks!
Nalin
From 837575de789228428618e1338256321769720abb Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai na...@dahyabhai.net
Date: Mon, 16 Apr 2012 15:31:12 -0400
Subject: [PATCH 2/3] - create a cn=computers compat area populated with
ieee802Device entries corresponding to computers with
fqdn and macAddress attributes
---
install/share/schema_compat.uldif | 14 ++
install/updates/10-schema_compat.update | 15 +++
2 files changed, 29 insertions(+)
diff --git a/install/share/schema_compat.uldif
b/install/share/schema_compat.uldif
index f042edf..deca1bb 100644
--- a/install/share/schema_compat.uldif
+++ b/install/share/schema_compat.uldif
@@ -92,6 +92,20 @@ add:schema-compat-entry-attribute:
'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}'
add:schema-compat-entry-attribute: 'sudoRunAsGroup=%deref(ipaSudoRunAs,cn)'
add:schema-compat-entry-attribute: 'sudoOption=%{ipaSudoOpt}'
+dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: computers
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=computers
+default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
+default:schema-compat-search-filter:
((macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:schema-compat-entry-rdn: cn=%first(%{fqdn})
+default:schema-compat-entry-attribute: objectclass=device
+default:schema-compat-entry-attribute: objectclass=ieee802Device
+default:schema-compat-entry-attribute: cn=%{fqdn}
+default:schema-compat-entry-attribute: macAddress=%{macAddress}
+
# Enable anonymous VLV browsing for Solaris
dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
only:aci: '(targetattr !=aci)(version 3.0; acl VLV Request Control; allow
(read, search, compare, proxy) userdn = ldap:///anyone;; )'
diff --git a/install/updates/10-schema_compat.update
b/install/updates/10-schema_compat.update
index 8ef1424..9835bb8 100644
--- a/install/updates/10-schema_compat.update
+++ b/install/updates/10-schema_compat.update
@@ -4,3 +4,18 @@ replace:
schema-compat-entry-attribute:'sudoRunAsGroup=%deref(ipaSudoRunAs,cn
# as the original, '' or -.
dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
replace:
schema-compat-entry-attribute:'nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),-,,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),-),%{nisDomainName:-})::nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),%ifeq(\hostCategory\,\all\,\\,\-\),,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),%ifeq(\userCategory\,\all\,\\,\-\)),%{nisDomainName:-})'
+
+dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: computers
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=computers
+default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
+default:schema-compat-search-filter:
((macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:schema-compat-entry-rdn: cn=%first(%{fqdn})
+default:schema-compat-entry-attribute: objectclass=device
+default:schema-compat-entry-attribute: objectclass=ieee802Device
+default:schema-compat-entry-attribute: cn=%{fqdn}
+default:schema-compat-entry-attribute: macAddress=%{macAddress}
+
--
1.7.10
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On 24.4.2012 16:21, Nalin Dahyabhai wrote:
On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote:
I did some more testing and found out that this line:
default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})'
needs to be changed to:
default:schema-compat-entry-rdn: cn=%first(%{fqdn})
in both install/share/schema_compat.uldif and
install/updates/10-schema_compat.update, otherwise we get entries
with DN like this:
'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com.
Besides this, both clean installs and upgrades seem to work fine
with this patch.
Right, the quoting rules. Revised again, in case you need it.
Thanks!
Nalin
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On Mon, Apr 23, 2012 at 05:03:28PM +0200, Jan Cholasta wrote:
On 16.4.2012 22:39, Nalin Dahyabhai wrote:
This bit of configuration creates a cn=computers area under cn=compat
which we populate with ieee802Device entries corresponding to any
ipaHost entries which have both fqdn and macAddress values.
Please add this to install/updates/10-schema_compat.update as well.
Okay, I think a simple copy is enough, but am not yet sufficiently
familiar with the install/{share,update} stuff to be completely sure.
Nalin
From 9cfbef42a0efa8898caf3454c07b729f58f526ba Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai na...@dahyabhai.net
Date: Mon, 16 Apr 2012 15:31:12 -0400
Subject: [PATCH 2/3] - create a cn=computers compat area populated with
ieee802Device entries corresponding to computers with
fqdn and macAddress attributes
---
install/share/schema_compat.uldif | 14 ++
install/updates/10-schema_compat.update | 15 +++
2 files changed, 29 insertions(+)
diff --git a/install/share/schema_compat.uldif
b/install/share/schema_compat.uldif
index f042edf..38bf678 100644
--- a/install/share/schema_compat.uldif
+++ b/install/share/schema_compat.uldif
@@ -92,6 +92,20 @@ add:schema-compat-entry-attribute:
'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}'
add:schema-compat-entry-attribute: 'sudoRunAsGroup=%deref(ipaSudoRunAs,cn)'
add:schema-compat-entry-attribute: 'sudoOption=%{ipaSudoOpt}'
+dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: computers
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=computers
+default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
+default:schema-compat-search-filter:
((macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})'
+default:schema-compat-entry-attribute: objectclass=device
+default:schema-compat-entry-attribute: objectclass=ieee802Device
+default:schema-compat-entry-attribute: cn=%{fqdn}
+default:schema-compat-entry-attribute: macAddress=%{macAddress}
+
# Enable anonymous VLV browsing for Solaris
dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
only:aci: '(targetattr !=aci)(version 3.0; acl VLV Request Control; allow
(read, search, compare, proxy) userdn = ldap:///anyone;; )'
diff --git a/install/updates/10-schema_compat.update
b/install/updates/10-schema_compat.update
index 8ef1424..46a94c3 100644
--- a/install/updates/10-schema_compat.update
+++ b/install/updates/10-schema_compat.update
@@ -4,3 +4,18 @@ replace:
schema-compat-entry-attribute:'sudoRunAsGroup=%deref(ipaSudoRunAs,cn
# as the original, '' or -.
dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
replace:
schema-compat-entry-attribute:'nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),-,,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),-),%{nisDomainName:-})::nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),%ifeq(\hostCategory\,\all\,\\,\-\),,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),%ifeq(\userCategory\,\all\,\\,\-\)),%{nisDomainName:-})'
+
+dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: computers
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=computers
+default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
+default:schema-compat-search-filter:
((macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})'
+default:schema-compat-entry-attribute: objectclass=device
+default:schema-compat-entry-attribute: objectclass=ieee802Device
+default:schema-compat-entry-attribute: cn=%{fqdn}
+default:schema-compat-entry-attribute: macAddress=%{macAddress}
+
--
1.7.10
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
