[Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
Jan Cholasta
jcholast at redhat.com
Tue Apr 24 11:02:44 UTC 2012
On 23.4.2012 23:18, Nalin Dahyabhai wrote:
> On Mon, Apr 23, 2012 at 05:40:27PM +0200, Jan Cholasta wrote:
>> On 23.4.2012 17:21, Jan Cholasta wrote:
>>> On 16.4.2012 22:51, Nalin Dahyabhai wrote:
>>>> The ethers.byname and ethers.byaddr NIS maps pair host names and
>>>> hardware network addresses. This should close ticket #2259.
>>>
>>> Please add this to install/updates/50-nis.update as well.
>>>
>>> Besides that, ACK on all 3 patches. I have checked only if ypcat and
>>> ypmatch work as expected, I would prefer if someone with more LDAP/NIS
>>> knowledge took a look at the patches before pushing them.
>>
>> I have just noticed one issue: we allow the octets in MAC addresses
>> to be separated not only by ":", but also by "|", "\" or "-". Your
>> patch doesn't seem to work for MAC addresses not using ":" as a
>> separator:
>>
>> $ ipa host-mod host.example.com --macaddress 00:11:22:33:44:55
>>
>> $ ypcat ethers
>> 00:11:22:33:44:55 host.example.com
>>
>> $ ipa host-mod host.example.com --macaddress 00-11-22-33-44-55
>>
>> $ ypcat ethers
>> <nothing>
>
> Updated patch attached, but I'm skeptical that software which consumes
> this data will handle anything other than ':', as neither RFC 2307 nor
> ethers(5) mention it. For that reason I'd lean toward either not
> accepting data in that format, or fixing it up on its way in to the
> directory -- we can fix it up when the compat plugins are computing the
> data they'll serve (and I can revise the patch to configure them to do
> so), but software that looks at the non-compat data won't benefit from
> it.
>
> Nalin
I agree and IMO fixing the value when the compat plugins are computing
the data they'll serve is the best way to go, as someone might already
have non-colon separated MAC addresses in their DS.
The patch works fine, however it causes an error during IPA installs and
upgrades.
Excerpt from ipaserver-install.log:
INFO New entry: nis-domain=idm.lab.bos.redhat.com+nis-map=ethers.byaddr,
cn=NIS Server, cn=plugins, cn=config
...
ERROR Add failure 'NoneType' object is not callable
INFO New entry: nis-domain=idm.lab.bos.redhat.com+nis-map=ethers.byname,
cn=NIS Server, cn=plugins, cn=config
...
ERROR Add failure 'NoneType' object is not callable
The error is:
Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line
652, in __update_record
self.conn.addEntry(entry)
File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
495, in addEntry
arg_desc = 'entry=%s' % (entry)
TypeError: 'NoneType' object is not callable
I'm not sure what is causing it. You might be triggering some bug in
LDAP updater code (Rob, can you take a look at this please?)
I'm just curious, why you do this:
default:nis-keys-format: %mregsub("%{macAddress}
%{fqdn}","(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..) (.*)","%1")
and not simply this:
default:nis-keys-format: ${macAddress}
?
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list