[Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
The ethers.byname and ethers.byaddr NIS maps pair host names and
hardware network addresses. This should close ticket #2259.
Nalin
From a69406b83496c053dbe68ab7e019c86242c06565 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai
Date: Mon, 16 Apr 2012 15:33:42 -0400
Subject: [PATCH 3/3] - add a pair of ethers maps for computers with hardware
addresses on file
---
install/share/nis.uldif | 23 +++
1 file changed, 23 insertions(+)
diff --git a/install/share/nis.uldif b/install/share/nis.uldif
index 2255541..96b790f 100644
--- a/install/share/nis.uldif
+++ b/install/share/nis.uldif
@@ -70,3 +70,26 @@ default:nis-filter: (objectClass=ipanisNetgroup)
default:nis-key-format: %{cn}
default:nis-value-format:%merge("
","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\"memberHost\\\",\\\"fqdn\\\")\\\",\\\"%deref_r(\\\"member\\\",\\\"fqdn\\\")\\\",\\\"%deref_r(\\\"memberHost\\\",\\\"member\\\",\\\"fqdn\\\")\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\"memberUser\\\",\\\"uid\\\")\\\",\\\"%deref_r(\\\"member\\\",\\\"uid\\\")\\\",\\\"%deref_r(\\\"memberUser\\\",\\\"member\\\",\\\"uid\\\")\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins,
cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byaddr
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..:..:..:..:..:..)
(.*)","%1")
+default:nis-values-format: %{macAddress} %{fqdn}
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins,
cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byname
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..:..:..:..:..:..)
(.*)","%2")
+default:nis-values-format: %{macAddress} %{fqdn}
+default:nis-secure: no
+
--
1.7.10
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
On 16.4.2012 22:51, Nalin Dahyabhai wrote: The ethers.byname and ethers.byaddr NIS maps pair host names and hardware network addresses. This should close ticket #2259. Nalin Please add this to install/updates/50-nis.update as well. Besides that, ACK on all 3 patches. I have checked only if ypcat and ypmatch work as expected, I would prefer if someone with more LDAP/NIS knowledge took a look at the patches before pushing them. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
On 23.4.2012 17:21, Jan Cholasta wrote: On 16.4.2012 22:51, Nalin Dahyabhai wrote: The ethers.byname and ethers.byaddr NIS maps pair host names and hardware network addresses. This should close ticket #2259. Nalin Please add this to install/updates/50-nis.update as well. Besides that, ACK on all 3 patches. I have checked only if ypcat and ypmatch work as expected, I would prefer if someone with more LDAP/NIS knowledge took a look at the patches before pushing them. Honza I have just noticed one issue: we allow the octets in MAC addresses to be separated not only by ":", but also by "|", "\" or "-". Your patch doesn't seem to work for MAC addresses not using ":" as a separator: $ ipa host-mod host.example.com --macaddress 00:11:22:33:44:55 $ ypcat ethers 00:11:22:33:44:55 host.example.com $ ipa host-mod host.example.com --macaddress 00-11-22-33-44-55 $ ypcat ethers Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
Jan Cholasta wrote: On 23.4.2012 17:21, Jan Cholasta wrote: On 16.4.2012 22:51, Nalin Dahyabhai wrote: The ethers.byname and ethers.byaddr NIS maps pair host names and hardware network addresses. This should close ticket #2259. Nalin Please add this to install/updates/50-nis.update as well. Besides that, ACK on all 3 patches. I have checked only if ypcat and ypmatch work as expected, I would prefer if someone with more LDAP/NIS knowledge took a look at the patches before pushing them. Honza I have just noticed one issue: we allow the octets in MAC addresses to be separated not only by ":", but also by "|", "\" or "-". Your patch doesn't seem to work for MAC addresses not using ":" as a separator: $ ipa host-mod host.example.com --macaddress 00:11:22:33:44:55 $ ypcat ethers 00:11:22:33:44:55 host.example.com $ ipa host-mod host.example.com --macaddress 00-11-22-33-44-55 $ ypcat ethers Honza We can always change that if need be. I made the regex rather generous. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
On Mon, Apr 23, 2012 at 05:40:27PM +0200, Jan Cholasta wrote:
> On 23.4.2012 17:21, Jan Cholasta wrote:
> >On 16.4.2012 22:51, Nalin Dahyabhai wrote:
> >>The ethers.byname and ethers.byaddr NIS maps pair host names and
> >>hardware network addresses. This should close ticket #2259.
> >
> >Please add this to install/updates/50-nis.update as well.
> >
> >Besides that, ACK on all 3 patches. I have checked only if ypcat and
> >ypmatch work as expected, I would prefer if someone with more LDAP/NIS
> >knowledge took a look at the patches before pushing them.
>
> I have just noticed one issue: we allow the octets in MAC addresses
> to be separated not only by ":", but also by "|", "\" or "-". Your
> patch doesn't seem to work for MAC addresses not using ":" as a
> separator:
>
> $ ipa host-mod host.example.com --macaddress 00:11:22:33:44:55
>
> $ ypcat ethers
> 00:11:22:33:44:55 host.example.com
>
> $ ipa host-mod host.example.com --macaddress 00-11-22-33-44-55
>
> $ ypcat ethers
>
Updated patch attached, but I'm skeptical that software which consumes
this data will handle anything other than ':', as neither RFC 2307 nor
ethers(5) mention it. For that reason I'd lean toward either not
accepting data in that format, or fixing it up on its way in to the
directory -- we can fix it up when the compat plugins are computing the
data they'll serve (and I can revise the patch to configure them to do
so), but software that looks at the non-compat data won't benefit from
it.
Nalin
From 7bb76d236db9b9c0ed5b2c8faf959dc34a399a7c Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai
Date: Mon, 16 Apr 2012 15:33:42 -0400
Subject: [PATCH 3/3] - add a pair of ethers maps for computers with hardware
addresses on file
---
install/share/nis.uldif | 23 +++
install/updates/50-nis.update | 23 +++
2 files changed, 46 insertions(+)
diff --git a/install/share/nis.uldif b/install/share/nis.uldif
index 2255541..f9747d5 100644
--- a/install/share/nis.uldif
+++ b/install/share/nis.uldif
@@ -70,3 +70,26 @@ default:nis-filter: (objectClass=ipanisNetgroup)
default:nis-key-format: %{cn}
default:nis-value-format:%merge("
","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\"memberHost\\\",\\\"fqdn\\\")\\\",\\\"%deref_r(\\\"member\\\",\\\"fqdn\\\")\\\",\\\"%deref_r(\\\"memberHost\\\",\\\"member\\\",\\\"fqdn\\\")\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\"memberUser\\\",\\\"uid\\\")\\\",\\\"%deref_r(\\\"member\\\",\\\"uid\\\")\\\",\\\"%deref_r(\\\"memberUser\\\",\\\"member\\\",\\\"uid\\\")\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins,
cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byaddr
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress}
%{fqdn}","(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..) (.*)","%1")
+default:nis-values-format: %{macAddress} %{fqdn}
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins,
cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byname
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress}
%{fqdn}","(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..) (.*)","%2")
+default:nis-values-format: %{macAddress} %{fqdn}
+default:nis-secure: no
+
diff --git a/install/updates/50-nis.update b/install/updates/50-nis.update
index 5c72639..6c1ca15 100644
--- a/install/updates/50-nis.update
+++ b/install/updates/50-nis.update
@@ -12,3 +12,26 @@ replace:nis-value-format: '%merge("
","%{memberNisNetgroup}","(%link(\"%ifeq(\\\
# https://bugzilla.redhat.com/show_bug.cgi?id=767372
dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
replace:nis-value-format: '%merge("
","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%{externalHost}\\\",\\
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
On 23.4.2012 23:18, Nalin Dahyabhai wrote:
On Mon, Apr 23, 2012 at 05:40:27PM +0200, Jan Cholasta wrote:
On 23.4.2012 17:21, Jan Cholasta wrote:
On 16.4.2012 22:51, Nalin Dahyabhai wrote:
The ethers.byname and ethers.byaddr NIS maps pair host names and
hardware network addresses. This should close ticket #2259.
Please add this to install/updates/50-nis.update as well.
Besides that, ACK on all 3 patches. I have checked only if ypcat and
ypmatch work as expected, I would prefer if someone with more LDAP/NIS
knowledge took a look at the patches before pushing them.
I have just noticed one issue: we allow the octets in MAC addresses
to be separated not only by ":", but also by "|", "\" or "-". Your
patch doesn't seem to work for MAC addresses not using ":" as a
separator:
$ ipa host-mod host.example.com --macaddress 00:11:22:33:44:55
$ ypcat ethers
00:11:22:33:44:55 host.example.com
$ ipa host-mod host.example.com --macaddress 00-11-22-33-44-55
$ ypcat ethers
Updated patch attached, but I'm skeptical that software which consumes
this data will handle anything other than ':', as neither RFC 2307 nor
ethers(5) mention it. For that reason I'd lean toward either not
accepting data in that format, or fixing it up on its way in to the
directory -- we can fix it up when the compat plugins are computing the
data they'll serve (and I can revise the patch to configure them to do
so), but software that looks at the non-compat data won't benefit from
it.
Nalin
I agree and IMO fixing the value when the compat plugins are computing
the data they'll serve is the best way to go, as someone might already
have non-colon separated MAC addresses in their DS.
The patch works fine, however it causes an error during IPA installs and
upgrades.
Excerpt from ipaserver-install.log:
INFO New entry: nis-domain=idm.lab.bos.redhat.com+nis-map=ethers.byaddr,
cn=NIS Server, cn=plugins, cn=config
...
ERROR Add failure 'NoneType' object is not callable
INFO New entry: nis-domain=idm.lab.bos.redhat.com+nis-map=ethers.byname,
cn=NIS Server, cn=plugins, cn=config
...
ERROR Add failure 'NoneType' object is not callable
The error is:
Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line
652, in __update_record
self.conn.addEntry(entry)
File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
495, in addEntry
arg_desc = 'entry=%s' % (entry)
TypeError: 'NoneType' object is not callable
I'm not sure what is causing it. You might be triggering some bug in
LDAP updater code (Rob, can you take a look at this please?)
I'm just curious, why you do this:
default:nis-keys-format: %mregsub("%{macAddress}
%{fqdn}","(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..) (.*)","%1")
and not simply this:
default:nis-keys-format: ${macAddress}
?
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
On 04/24/2012 01:02 PM, Jan Cholasta wrote: The error is: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 652, in __update_record self.conn.addEntry(entry) File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 495, in addEntry arg_desc = 'entry=%s' % (entry) TypeError: 'NoneType' object is not callable I'm not sure what is causing it. You might be triggering some bug in LDAP updater code (Rob, can you take a look at this please?) For "convenience", the old Entry class returns None for missing attributes. This unfortunately applies to __str__ as well, so you can't convert Entries to strings. Surprisingly, exactly that is done in ipaldap itself. https://fedorahosted.org/freeipa/ticket/1880 (description of problem) https://fedorahosted.org/freeipa/ticket/2660 (currently open ticket) A quick fix could be to change `'entry=%s' % (entry)` to `'entry=%s' % entry.toDict()`. -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
On Tue, Apr 24, 2012 at 01:02:44PM +0200, Jan Cholasta wrote:
> I'm just curious, why you do this:
>
> default:nis-keys-format: %mregsub("%{macAddress}
> %{fqdn}","(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..)
> (.*)","%1")
>
> and not simply this:
>
> default:nis-keys-format: ${macAddress}
>
> ?
Good eye. It's because of an implementation detail of the server
plugin: when computing entries for a NIS map, it has to be able to deal
with the list of keys which it computes having a different number of
items in it than the list of corresponding values.
If an entry has, say, two 'fqdn' values, and three 'macAddress' values,
then for keys "%{macAddress}" would produce three values, and for
values, "%{fqdn} %{macAddress} would produce six, since it's generating
all of the combinations.
In that case the plugin, assuming you want to make all six values
visible to clients, has to figure out how to match up three keys to six
values. It can repeat the list of keys as the second (or rightmost)
variable changes, like this:
key="fqdn1", value="macAddress1 fqdn1"
key="fqdn2", value="macAddress1 fqdn2"
key="fqdn3", value="macAddress1 fqdn3"
key="fqdn1", value="macAddress2 fqdn1"
key="fqdn2", value="macAddress2 fqdn2"
key="fqdn3", value="macAddress2 fqdn3"
or it can repeat the list of keys as the first (or leftmost) variable
changes, like this:
key="fqdn1", value="macAddress1 fqdn1"
key="fqdn2", value="macAddress2 fqdn1"
key="fqdn3", value="macAddress1 fqdn2"
key="fqdn1", value="macAddress2 fqdn2"
key="fqdn2", value="macAddress1 fqdn3"
key="fqdn3", value="macAddress2 fqdn3"
Now, if your key is the second column, that's not what you want. If
it's the first column, the second way actually looks right:
key="macAddress1", value="macAddress1 fqdn1"
key="macAddress2", value="macAddress2 fqdn1"
key="macAddress1", value="macAddress1 fqdn2"
key="macAddress2", value="macAddress2 fqdn2"
key="macAddress1", value="macAddress1 fqdn3"
key="macAddress2", value="macAddress2 fqdn3"
The plugin's not smart enough to figure out which way is correct (and at
the moment I can't even remember which way I ended up choosing), so the
configuration just makes sure that the list of keys starts out at the
same length as the list of values, and then uses the regex to strip out
the parts we don't want.
Revised patch attached.
Cheers,
Nalin
From 33aea09a1c1b48d6dcc3deef884fd33c938a1d6f Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai
Date: Mon, 16 Apr 2012 15:33:42 -0400
Subject: [PATCH 3/3] - add a pair of ethers maps for computers with hardware
addresses on file
---
install/share/nis.uldif | 23 +++
install/updates/50-nis.update | 23 +++
2 files changed, 46 insertions(+)
diff --git a/install/share/nis.uldif b/install/share/nis.uldif
index 2255541..1e54828 100644
--- a/install/share/nis.uldif
+++ b/install/share/nis.uldif
@@ -70,3 +70,26 @@ default:nis-filter: (objectClass=ipanisNetgroup)
default:nis-key-format: %{cn}
default:nis-value-format:%merge("
","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\"memberHost\\\",\\\"fqdn\\\")\\\",\\\"%deref_r(\\\"member\\\",\\\"fqdn\\\")\\\",\\\"%deref_r(\\\"memberHost\\\",\\\"member\\\",\\\"fqdn\\\")\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\"memberUser\\\",\\\"uid\\\")\\\",\\\"%deref_r(\\\"member\\\",\\\"uid\\\")\\\",\\\"%deref_r(\\\"memberUser\\\",\\\"member\\\",\\\"uid\\\")\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins,
cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byaddr
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress}
%{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)
(.*)","%1:%2:%3:%4:%5:%6")
+default:nis-values-format: %mregsub("%{macAddress}
%{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)
(.*)","%1:%2:%3:%4:%5:%6 %7")
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins,
cn=config
+default:objectclass: top
+default:objectcla
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
On 24.4.2012 16:57, Nalin Dahyabhai wrote:
On Tue, Apr 24, 2012 at 01:02:44PM +0200, Jan Cholasta wrote:
I'm just curious, why you do this:
default:nis-keys-format: %mregsub("%{macAddress}
%{fqdn}","(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..)
(.*)","%1")
and not simply this:
default:nis-keys-format: ${macAddress}
?
Good eye. It's because of an implementation detail of the server
plugin: when computing entries for a NIS map, it has to be able to deal
with the list of keys which it computes having a different number of
items in it than the list of corresponding values.
If an entry has, say, two 'fqdn' values, and three 'macAddress' values,
then for keys "%{macAddress}" would produce three values, and for
values, "%{fqdn} %{macAddress} would produce six, since it's generating
all of the combinations.
In that case the plugin, assuming you want to make all six values
visible to clients, has to figure out how to match up three keys to six
values. It can repeat the list of keys as the second (or rightmost)
variable changes, like this:
key="fqdn1", value="macAddress1 fqdn1"
key="fqdn2", value="macAddress1 fqdn2"
key="fqdn3", value="macAddress1 fqdn3"
key="fqdn1", value="macAddress2 fqdn1"
key="fqdn2", value="macAddress2 fqdn2"
key="fqdn3", value="macAddress2 fqdn3"
or it can repeat the list of keys as the first (or leftmost) variable
changes, like this:
key="fqdn1", value="macAddress1 fqdn1"
key="fqdn2", value="macAddress2 fqdn1"
key="fqdn3", value="macAddress1 fqdn2"
key="fqdn1", value="macAddress2 fqdn2"
key="fqdn2", value="macAddress1 fqdn3"
key="fqdn3", value="macAddress2 fqdn3"
Now, if your key is the second column, that's not what you want. If
it's the first column, the second way actually looks right:
key="macAddress1", value="macAddress1 fqdn1"
key="macAddress2", value="macAddress2 fqdn1"
key="macAddress1", value="macAddress1 fqdn2"
key="macAddress2", value="macAddress2 fqdn2"
key="macAddress1", value="macAddress1 fqdn3"
key="macAddress2", value="macAddress2 fqdn3"
The plugin's not smart enough to figure out which way is correct (and at
the moment I can't even remember which way I ended up choosing), so the
configuration just makes sure that the list of keys starts out at the
same length as the list of values, and then uses the regex to strip out
the parts we don't want.
Thanks for the detailed explanation.
Revised patch attached.
Cheers,
Nalin
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps
On Wed, 2012-04-25 at 11:24 +0200, Jan Cholasta wrote:
> On 24.4.2012 16:57, Nalin Dahyabhai wrote:
> > On Tue, Apr 24, 2012 at 01:02:44PM +0200, Jan Cholasta wrote:
> >> I'm just curious, why you do this:
> >>
> >> default:nis-keys-format: %mregsub("%{macAddress}
> >> %{fqdn}","(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..)
> >> (.*)","%1")
> >>
> >> and not simply this:
> >>
> >> default:nis-keys-format: ${macAddress}
> >>
> >> ?
> >
> > Good eye. It's because of an implementation detail of the server
> > plugin: when computing entries for a NIS map, it has to be able to deal
> > with the list of keys which it computes having a different number of
> > items in it than the list of corresponding values.
> >
> > If an entry has, say, two 'fqdn' values, and three 'macAddress' values,
> > then for keys "%{macAddress}" would produce three values, and for
> > values, "%{fqdn} %{macAddress} would produce six, since it's generating
> > all of the combinations.
> >
> > In that case the plugin, assuming you want to make all six values
> > visible to clients, has to figure out how to match up three keys to six
> > values. It can repeat the list of keys as the second (or rightmost)
> > variable changes, like this:
> >key="fqdn1", value="macAddress1 fqdn1"
> >key="fqdn2", value="macAddress1 fqdn2"
> >key="fqdn3", value="macAddress1 fqdn3"
> >key="fqdn1", value="macAddress2 fqdn1"
> >key="fqdn2", value="macAddress2 fqdn2"
> >key="fqdn3", value="macAddress2 fqdn3"
> > or it can repeat the list of keys as the first (or leftmost) variable
> > changes, like this:
> >key="fqdn1", value="macAddress1 fqdn1"
> >key="fqdn2", value="macAddress2 fqdn1"
> >key="fqdn3", value="macAddress1 fqdn2"
> >key="fqdn1", value="macAddress2 fqdn2"
> >key="fqdn2", value="macAddress1 fqdn3"
> >key="fqdn3", value="macAddress2 fqdn3"
> > Now, if your key is the second column, that's not what you want. If
> > it's the first column, the second way actually looks right:
> >key="macAddress1", value="macAddress1 fqdn1"
> >key="macAddress2", value="macAddress2 fqdn1"
> >key="macAddress1", value="macAddress1 fqdn2"
> >key="macAddress2", value="macAddress2 fqdn2"
> >key="macAddress1", value="macAddress1 fqdn3"
> >key="macAddress2", value="macAddress2 fqdn3"
> >
> > The plugin's not smart enough to figure out which way is correct (and at
> > the moment I can't even remember which way I ended up choosing), so the
> > configuration just makes sure that the list of keys starts out at the
> > same length as the list of values, and then uses the regex to strip out
> > the parts we don't want.
>
> Thanks for the detailed explanation.
>
> >
> > Revised patch attached.
> >
> > Cheers,
> >
> > Nalin
>
> ACK.
>
> Honza
>
Pushed to master.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
