[Freeipa-devel] [PATCH] 487 fix netgroup plugin

Thu Jul 15 15:21:43 UTC 2010

Adam Young wrote:
> On 07/15/2010 09:15 AM, Rob Crittenden wrote:
>> Adam Young wrote:
>>> On 07/14/2010 07:52 PM, Dmitri Pal wrote:
>>>> Adam Young wrote:
>>>>> On 07/14/2010 03:43 PM, Rob Crittenden wrote:
>>>>>> The netgroup plugin was using the wrong attribute for memberships. It
>>>>>> needs to use memberuser for users and groups and memberhost for hosts
>>>>>> and hostgroups. I fixed this up and corrected the tests as well.
>>>>>>
>>>>>> rob
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-devel mailing list
>>>>>> Freeipa-devel at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>>
>>>>>
>>>>> Got it installed and running. Unclear how to test.
>>>>
>>>> Create a user group with 3 users U1 U2 U3. Create a host group with the
>>>> two hosts H 1 H2
>>>> Create a netgroup that includes this user group and this host group
>>>> Configure client to use your IPA server as a source of the netgroups
>>>> Lits the netgoups - should get your netgroup
>>>> List the contents of the netgroup. You should get triplets: user, host,
>>>> domain
>>>> The order of the users and hosts in triplets does not matter. What
>>>> matters is that each host and each user are listed in some triplet and
>>>> generally present in the netgroup not more than once.
>>>>
>>>>
>>>>> ------------------------------------------------------------------------ 
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>
>>>
>>>
>>>
>>> Here's my script. ypcat stopped working with
>>>
>>> No such map netgroup. Reason: Can't communicate with portmapper
>>>
>>> Too tired to debug tonight/
>>>
>>> ipa user-add --first=Kermit --last=Frog kfrog
>>> ipa user-add --first=Count --last=VonCount count123
>>> ipa user-add --first=Oscar --last=Grouch scram
>>>
>>> ipa user-add --first=Elmo --last=Gonzales elmo
>>> ipa user-add --first=Zoe --last=MacPhearson zoe
>>> ipa user-add --first=Prairie --last=Dawn pdawn
>>>
>>>
>>> ipa group-add --desc="Monsters on Sesame Street" monsters
>>> ipa group-add --desc="Muppets moonlighting for CTW" muppets
>>>
>>> ipa group-add-member --users=kfrog,scram,pdawn muppets
>>> ipa group-add-member --users=count123,elmo,zoe monsters
>>>
>>> ipa netgroup-add --desc="staging servers" net-stage
>>> ipa netgroup-add --desc="live servers" net-live
>>>
>>> ipa hostgroup-add --desc "Live servers" host-live
>>> ipa hostgroup-add --desc "Staging servers" stage-live
>>>
>>>
>>> ipa hostgroup-add-member --hosts
>>> live3.pbs.org,live2.pbs.org,live1.pbs.org host-live
>>> ipa hostgroup-add-member --hosts
>>> stage3.pbs.org,stage2.pbs.org,stage1.pbs.org host-stage
>>>
>>>
>>> ipa netgroup-add-member --groups=muppets --hostgroups=host-live net-live
>>> ipa netgroup-add-member --groups=muppets --hostgroups=host-stage 
>>> net-stage
>>>
>>>
>>>
>>> ypcat -d ipa.ayoung.boston.devel.redhat.com -h
>>> ipa.ayoung.boston.devel.redhat.com netgroup
>>>
>>
>> Ok, kudos on the big test group but your knowledge of Sesame Street 
>> characters last names is a bit disturbing ;-)
>>
>> Your ypcat command is wrong. The -d is your NIS domain (same as your 
>> IPA domain) and the -h is the host to connect to.
>>
>> I get the following output with this data set:
>>
>> (-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
>> (-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
>>
>> Based on my limited understanding of netgroups this looks correct. You 
>> have defined two netgroups, both of which have the same user group as 
>> a member. The first netgroup has no hosts or hostgroups associated 
>> with it, the second has an empty hostgroup (because you added 
>> non-existent hosts, or at least hosts not on my box).
>>
>> I added a host to host-live and now I get:
>>
>> (-,kfrog,example.com) (-,scram,example.com) (-,pdawn,example.com)
>> (lion.example.com,kfrog,example.com) (-,scram,example.com) 
>> (-,pdawn,example.com)
>>
>> rob
> ACK

pushed to master