[Freeipa-devel] [PATCH] 487 fix netgroup plugin

Thu Jul 15 13:49:00 UTC 2010

On 07/15/2010 09:15 AM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 07/14/2010 07:52 PM, Dmitri Pal wrote:
>>> Adam Young wrote:
>>>> On 07/14/2010 03:43 PM, Rob Crittenden wrote:
>>>>> The netgroup plugin was using the wrong attribute for memberships. It
>>>>> needs to use memberuser for users and groups and memberhost for hosts
>>>>> and hostgroups. I fixed this up and corrected the tests as well.
>>>>>
>>>>> rob
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>
>>>>
>>>> Got it installed and running. Unclear how to test.
>>>
>>> Create a user group with 3 users U1 U2 U3. Create a host group with the
>>> two hosts H 1 H2
>>> Create a netgroup that includes this user group and this host group
>>> Configure client to use your IPA server as a source of the netgroups
>>> Lits the netgoups - should get your netgroup
>>> List the contents of the netgroup. You should get triplets: user, host,
>>> domain
>>> The order of the users and hosts in triplets does not matter. What
>>> matters is that each host and each user are listed in some triplet and
>>> generally present in the netgroup not more than once.
>>>
>>>
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>
>>
>>
>>
>> Here's my script. ypcat stopped working with
>>
>> No such map netgroup. Reason: Can't communicate with portmapper
>>
>> Too tired to debug tonight/
>>
>> ipa user-add --first=Kermit --last=Frog kfrog
>> ipa user-add --first=Count --last=VonCount count123
>> ipa user-add --first=Oscar --last=Grouch scram
>>
>> ipa user-add --first=Elmo --last=Gonzales elmo
>> ipa user-add --first=Zoe --last=MacPhearson zoe
>> ipa user-add --first=Prairie --last=Dawn pdawn
>>
>>
>> ipa group-add --desc="Monsters on Sesame Street" monsters
>> ipa group-add --desc="Muppets moonlighting for CTW" muppets
>>
>> ipa group-add-member --users=kfrog,scram,pdawn muppets
>> ipa group-add-member --users=count123,elmo,zoe monsters
>>
>> ipa netgroup-add --desc="staging servers" net-stage
>> ipa netgroup-add --desc="live servers" net-live
>>
>> ipa hostgroup-add --desc "Live servers" host-live
>> ipa hostgroup-add --desc "Staging servers" stage-live
>>
>>
>> ipa hostgroup-add-member --hosts
>> live3.pbs.org,live2.pbs.org,live1.pbs.org host-live
>> ipa hostgroup-add-member --hosts
>> stage3.pbs.org,stage2.pbs.org,stage1.pbs.org host-stage
>>
>>
>> ipa netgroup-add-member --groups=muppets --hostgroups=host-live net-live
>> ipa netgroup-add-member --groups=muppets --hostgroups=host-stage 
>> net-stage
>>
>>
>>
>> ypcat -d ipa.ayoung.boston.devel.redhat.com -h
>> ipa.ayoung.boston.devel.redhat.com netgroup
>>
>
> Ok, kudos on the big test group but your knowledge of Sesame Street 
> characters last names is a bit disturbing ;-)
>
> Your ypcat command is wrong. The -d is your NIS domain (same as your 
> IPA domain) and the -h is the host to connect to.
>
> I get the following output with this data set:
>
> (-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
> (-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
>
> Based on my limited understanding of netgroups this looks correct. You 
> have defined two netgroups, both of which have the same user group as 
> a member. The first netgroup has no hosts or hostgroups associated 
> with it, the second has an empty hostgroup (because you added 
> non-existent hosts, or at least hosts not on my box).
>
> I added a host to host-live and now I get:
>
> (-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
> (lion.example.com,kfrog,example.com) (-,scram,example.com) 
> (-,pdawn,example.com)
>
> rob
ACK