Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On Tue, 2012-04-24 at 18:42 +0200, Jan Cholasta wrote: On 24.4.2012 16:21, Nalin Dahyabhai wrote: On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote: I did some more testing and found out that this line: default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})' needs to be changed to: default:schema-compat-entry-rdn: cn=%first(%{fqdn}) in both install/share/schema_compat.uldif and install/updates/10-schema_compat.update, otherwise we get entries with DN like this: 'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com. Besides this, both clean installs and upgrades seem to work fine with this patch. Right, the quoting rules. Revised again, in case you need it. Thanks! Nalin ACK. Honza Pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On 23.4.2012 22:45, Nalin Dahyabhai wrote: On Mon, Apr 23, 2012 at 05:03:28PM +0200, Jan Cholasta wrote: On 16.4.2012 22:39, Nalin Dahyabhai wrote: This bit of configuration creates a cn=computers area under cn=compat which we populate with ieee802Device entries corresponding to any ipaHost entries which have both fqdn and macAddress values. Please add this to install/updates/10-schema_compat.update as well. Okay, I think a simple copy is enough, but am not yet sufficiently familiar with the install/{share,update} stuff to be completely sure. Nalin I did some more testing and found out that this line: default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})' needs to be changed to: default:schema-compat-entry-rdn: cn=%first(%{fqdn}) in both install/share/schema_compat.uldif and install/updates/10-schema_compat.update, otherwise we get entries with DN like this: 'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com. Besides this, both clean installs and upgrades seem to work fine with this patch. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote: I did some more testing and found out that this line: default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})' needs to be changed to: default:schema-compat-entry-rdn: cn=%first(%{fqdn}) in both install/share/schema_compat.uldif and install/updates/10-schema_compat.update, otherwise we get entries with DN like this: 'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com. Besides this, both clean installs and upgrades seem to work fine with this patch. Right, the quoting rules. Revised again, in case you need it. Thanks! Nalin From 837575de789228428618e1338256321769720abb Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai na...@dahyabhai.net Date: Mon, 16 Apr 2012 15:31:12 -0400 Subject: [PATCH 2/3] - create a cn=computers compat area populated with ieee802Device entries corresponding to computers with fqdn and macAddress attributes --- install/share/schema_compat.uldif | 14 ++ install/updates/10-schema_compat.update | 15 +++ 2 files changed, 29 insertions(+) diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index f042edf..deca1bb 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -92,6 +92,20 @@ add:schema-compat-entry-attribute: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' add:schema-compat-entry-attribute: 'sudoRunAsGroup=%deref(ipaSudoRunAs,cn)' add:schema-compat-entry-attribute: 'sudoOption=%{ipaSudoOpt}' +dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config +default:objectClass: top +default:objectClass: extensibleObject +default:cn: computers +default:schema-compat-container-group: cn=compat, $SUFFIX +default:schema-compat-container-rdn: cn=computers +default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX +default:schema-compat-search-filter: ((macAddress=*)(fqdn=*)(objectClass=ipaHost)) +default:schema-compat-entry-rdn: cn=%first(%{fqdn}) +default:schema-compat-entry-attribute: objectclass=device +default:schema-compat-entry-attribute: objectclass=ieee802Device +default:schema-compat-entry-attribute: cn=%{fqdn} +default:schema-compat-entry-attribute: macAddress=%{macAddress} + # Enable anonymous VLV browsing for Solaris dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config only:aci: '(targetattr !=aci)(version 3.0; acl VLV Request Control; allow (read, search, compare, proxy) userdn = ldap:///anyone;; )' diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update index 8ef1424..9835bb8 100644 --- a/install/updates/10-schema_compat.update +++ b/install/updates/10-schema_compat.update @@ -4,3 +4,18 @@ replace: schema-compat-entry-attribute:'sudoRunAsGroup=%deref(ipaSudoRunAs,cn # as the original, '' or -. dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config replace: schema-compat-entry-attribute:'nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),-,,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),-),%{nisDomainName:-})::nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),%ifeq(\hostCategory\,\all\,\\,\-\),,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),%ifeq(\userCategory\,\all\,\\,\-\)),%{nisDomainName:-})' + +dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config +default:objectClass: top +default:objectClass: extensibleObject +default:cn: computers +default:schema-compat-container-group: cn=compat, $SUFFIX +default:schema-compat-container-rdn: cn=computers +default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX +default:schema-compat-search-filter: ((macAddress=*)(fqdn=*)(objectClass=ipaHost)) +default:schema-compat-entry-rdn: cn=%first(%{fqdn}) +default:schema-compat-entry-attribute: objectclass=device +default:schema-compat-entry-attribute: objectclass=ieee802Device +default:schema-compat-entry-attribute: cn=%{fqdn} +default:schema-compat-entry-attribute: macAddress=%{macAddress} + -- 1.7.10 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On 24.4.2012 16:21, Nalin Dahyabhai wrote: On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote: I did some more testing and found out that this line: default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})' needs to be changed to: default:schema-compat-entry-rdn: cn=%first(%{fqdn}) in both install/share/schema_compat.uldif and install/updates/10-schema_compat.update, otherwise we get entries with DN like this: 'cn=test.example.com',cn=computers,cn=compat,dc=example,dc=com. Besides this, both clean installs and upgrades seem to work fine with this patch. Right, the quoting rules. Revised again, in case you need it. Thanks! Nalin ACK. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries
On Mon, Apr 23, 2012 at 05:03:28PM +0200, Jan Cholasta wrote: On 16.4.2012 22:39, Nalin Dahyabhai wrote: This bit of configuration creates a cn=computers area under cn=compat which we populate with ieee802Device entries corresponding to any ipaHost entries which have both fqdn and macAddress values. Please add this to install/updates/10-schema_compat.update as well. Okay, I think a simple copy is enough, but am not yet sufficiently familiar with the install/{share,update} stuff to be completely sure. Nalin From 9cfbef42a0efa8898caf3454c07b729f58f526ba Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai na...@dahyabhai.net Date: Mon, 16 Apr 2012 15:31:12 -0400 Subject: [PATCH 2/3] - create a cn=computers compat area populated with ieee802Device entries corresponding to computers with fqdn and macAddress attributes --- install/share/schema_compat.uldif | 14 ++ install/updates/10-schema_compat.update | 15 +++ 2 files changed, 29 insertions(+) diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index f042edf..38bf678 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -92,6 +92,20 @@ add:schema-compat-entry-attribute: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' add:schema-compat-entry-attribute: 'sudoRunAsGroup=%deref(ipaSudoRunAs,cn)' add:schema-compat-entry-attribute: 'sudoOption=%{ipaSudoOpt}' +dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config +default:objectClass: top +default:objectClass: extensibleObject +default:cn: computers +default:schema-compat-container-group: cn=compat, $SUFFIX +default:schema-compat-container-rdn: cn=computers +default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX +default:schema-compat-search-filter: ((macAddress=*)(fqdn=*)(objectClass=ipaHost)) +default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})' +default:schema-compat-entry-attribute: objectclass=device +default:schema-compat-entry-attribute: objectclass=ieee802Device +default:schema-compat-entry-attribute: cn=%{fqdn} +default:schema-compat-entry-attribute: macAddress=%{macAddress} + # Enable anonymous VLV browsing for Solaris dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config only:aci: '(targetattr !=aci)(version 3.0; acl VLV Request Control; allow (read, search, compare, proxy) userdn = ldap:///anyone;; )' diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update index 8ef1424..46a94c3 100644 --- a/install/updates/10-schema_compat.update +++ b/install/updates/10-schema_compat.update @@ -4,3 +4,18 @@ replace: schema-compat-entry-attribute:'sudoRunAsGroup=%deref(ipaSudoRunAs,cn # as the original, '' or -. dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config replace: schema-compat-entry-attribute:'nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),-,,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),-),%{nisDomainName:-})::nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),%ifeq(\hostCategory\,\all\,\\,\-\),,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),%ifeq(\userCategory\,\all\,\\,\-\)),%{nisDomainName:-})' + +dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config +default:objectClass: top +default:objectClass: extensibleObject +default:cn: computers +default:schema-compat-container-group: cn=compat, $SUFFIX +default:schema-compat-container-rdn: cn=computers +default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX +default:schema-compat-search-filter: ((macAddress=*)(fqdn=*)(objectClass=ipaHost)) +default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})' +default:schema-compat-entry-attribute: objectclass=device +default:schema-compat-entry-attribute: objectclass=ieee802Device +default:schema-compat-entry-attribute: cn=%{fqdn} +default:schema-compat-entry-attribute: macAddress=%{macAddress} + -- 1.7.10 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel