[Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps

Jan Cholasta jcholast at redhat.com
Tue Apr 24 11:02:44 UTC 2012 

On 23.4.2012 23:18, Nalin Dahyabhai wrote:
> On Mon, Apr 23, 2012 at 05:40:27PM +0200, Jan Cholasta wrote:
>> On 23.4.2012 17:21, Jan Cholasta wrote:
>>> On 16.4.2012 22:51, Nalin Dahyabhai wrote:
>>>> The ethers.byname and ethers.byaddr NIS maps pair host names and
>>>> hardware network addresses. This should close ticket #2259.
>>>
>>> Please add this to install/updates/50-nis.update as well.
>>>
>>> Besides that, ACK on all 3 patches. I have checked only if ypcat and
>>> ypmatch work as expected, I would prefer if someone with more LDAP/NIS
>>> knowledge took a look at the patches before pushing them.
>>
>> I have just noticed one issue: we allow the octets in MAC addresses
>> to be separated not only by ":", but also by "|", "\" or "-". Your
>> patch doesn't seem to work for MAC addresses not using ":" as a
>> separator:
>>
>> $ ipa host-mod host.example.com --macaddress 00:11:22:33:44:55
>>
>> $ ypcat ethers
>> 00:11:22:33:44:55 host.example.com
>>
>> $ ipa host-mod host.example.com --macaddress 00-11-22-33-44-55
>>
>> $ ypcat ethers
>> <nothing>
>
> Updated patch attached, but I'm skeptical that software which consumes
> this data will handle anything other than ':', as neither RFC 2307 nor
> ethers(5) mention it.  For that reason I'd lean toward either not
> accepting data in that format, or fixing it up on its way in to the
> directory -- we can fix it up when the compat plugins are computing the
> data they'll serve (and I can revise the patch to configure them to do
> so), but software that looks at the non-compat data won't benefit from
> it.
>
> Nalin

I agree and IMO fixing the value when the compat plugins are computing 
the data they'll serve is the best way to go, as someone might already 
have non-colon separated MAC addresses in their DS.


The patch works fine, however it causes an error during IPA installs and 
upgrades.

Excerpt from ipaserver-install.log:

INFO New entry: nis-domain=idm.lab.bos.redhat.com+nis-map=ethers.byaddr, 
cn=NIS Server, cn=plugins, cn=config
...
ERROR Add failure 'NoneType' object is not callable
INFO New entry: nis-domain=idm.lab.bos.redhat.com+nis-map=ethers.byname, 
cn=NIS Server, cn=plugins, cn=config
...
ERROR Add failure 'NoneType' object is not callable

The error is:

Traceback (most recent call last):
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 
652, in __update_record
     self.conn.addEntry(entry)
   File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 
495, in addEntry
     arg_desc = 'entry=%s' % (entry)
TypeError: 'NoneType' object is not callable

I'm not sure what is causing it. You might be triggering some bug in 
LDAP updater code (Rob, can you take a look at this please?)


I'm just curious, why you do this:

default:nis-keys-format: %mregsub("%{macAddress} 
%{fqdn}","(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..) (.*)","%1")

and not simply this:

default:nis-keys-format: ${macAddress}

?


Honza

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list