[Freeipa-devel] Host groups and netgroups

Dmitri Pal dpal at redhat.com
Tue Nov 30 13:26:38 UTC 2010 

JR Aquino wrote:
> On 11/24/10 11:19 AM, "Dmitri Pal" <dpal at redhat.com> wrote:
>
>   
>> Hello,
>>
>> It is well known that with IPA we want to try to move people from the
>> netgroups to host groups but many companies currently use netgroups as
>> hostgroups.  To simplify migration I suggest that we by default always
>> create a managed  "nisnetgroup" entry that would map 1-1 to the host
>> group using managed entry plugin. The logic would work the following way:
>>
>> 1) When the host group is created the netgroup also will be created with
>> the same name and memberHost attribute pointing to the DN of the newly
>> created host group
>> 2) The deletion of the host group will automatically remove managed
>> netgroup
>> 3) The rename of the host group (if allowed) should cause the managed
>> group to be renamed too.
>>
>> In the UI/CLI we will filter out managed netgroups in all cases related
>> to identity part of the server (list of netgroups, users members of the
>> netgroup, hosts members of netgroup, ect.). The netgroups will be
>> available only in the special cases like SUDO plugin.
>>
>> The work will consist of:
>> 1) Defining the managed entry plugin config for this case
>> 2) Adding this configuration to the installation sequence
>> 3) Updating netgroup searches to filter out managed entries
>> 4) Allow all netgroups in SUDO plugin (I think this is already the case).
>>
>> If this proposal looks reasonable I will open a ticket.
>> JR will you be able to provide a patch that does all of this since this
>> is not exactly what we originally planned?
>>     
>
> This proposal looks reasonable.
>
> I will be working this week to explore handling this in either the
> 'Managed Entries' or 'Plugin' Route to see which is the most appropriate.
>
>   
I opened a ticket https://fedorahosted.org/freeipa/ticket/543
JR do you have a Fedora account?

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-devel mailing list