[nssldap] nss netgroup host support in linux

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Julie Ashworth <julie [at] ls.berkeley.edu>
To: nssldap [at] padl.com
Subject: [nssldap] nss netgroup host support in linux
Date: Wed, 12 Sep 2007 11:44:09 -0700

hi,

I'm migrating my solaris yp installation to openldap, and its 
nearly complete, except I cannot use host membership checking in 
the nfs exports file (/etc/exports on RHEL4/5) with ldap netgroups.

Does anybody know if this is possible, or a work-around?

The netgroup /etc/exports (@host syntax) works with /etc/netgroup 
(specify 'netgroup: files' in /etc/nsswitch.conf), and works with
yp - just not with ldap.

Below are my configurations, in case its helpful. 

Server's /etc/exports entry:
/oakdisk1  @test(rw,sync)

Client query the ldap db on the client (nsswitch is using only ldap - I removed 
the working /etc/netgroup file):
$ getent netgroup test
test                  (client, , ) (client.math.berkeley.edu, , )

Client access nfs share:
$ ls /misc/oakdisk1
ls: /misc/oakdisk1: No such file or directory

(see below for output from slapd)

ldif entries:
*********************************
dn: ou=Netgroup, dc=berkeley,dc=edu
ou: Netgroup
description: Netgroup for trusted hosts 
objectClass: top
objectClass: organizationalUnit

dn: cn=test,ou=Netgroup,dc=berkeley,dc=edu
objectClass: nisNetgroup
objectClass: top
cn: test
nisNetgroupTriple: (barra,,)
nisNetgroupTriple: (barra.math.berkeley.edu,,)
*********************************


Thanks in advance,
Julie




slapd output:

connection_get(20): got connid=434
connection_read(20): checking for input on id=434
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_get_next
ber_get_next on fd 20 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=434 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 20
do_bind: v3 anonymous bind
connection_get(20): got connid=434
connection_read(20): checking for input on id=434
ber_get_next
ber_get_next: tag 0x30 len 124 contents:
ber_get_next
do_search
ber_get_next on fd 20 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <nisMapName=auto.misc,dc=berkeley,dc=edu>
=> ldap_bv2dn(nisMapName=auto.misc,dc=berkeley,dc=edu,0)
<= ldap_bv2dn(nisMapName=auto.misc,dc=berkeley,dc=edu,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(nisMapName=auto.misc,dc=berkeley,dc=edu,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(nisMapName=auto.misc,dc=berkeley,dc=edu,272)=0
<<< dnPrettyNormal: <nisMapName=auto.misc,dc=berkeley,dc=edu>, 
<nisMapName=auto.misc,dc=berkeley,dc=edu>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
==> limits_get: conn=434 op=1 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("nisMapName=auto.misc,dc=berkeley,dc=edu")
search_candidates: base="nisMapName=auto.misc,dc=berkeley,dc=edu" (0x0000011f) 
scope=2
=> bdb_dn2idl( "nisMapName=auto.misc,dc=berkeley,dc=edu" )
<= bdb_dn2idl: id=9 first=287 last=295
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read 9 candidates
<= bdb_equality_candidates: id=9, first=286, last=295
=> bdb_equality_candidates (cn)
=> key_read
<= bdb_index_read 1 candidates
<= bdb_equality_candidates: id=1, first=294, last=294
bdb_search_candidates: id=1 first=294 last=294
=> send_search_entry: dn="cn=oakdisk1,nisMapName=auto.misc,dc=berkeley,dc=edu"
ber_flush: 112 bytes to sd 20
<= send_search_entry
send_ldap_result: conn=434 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 20
connection_get(20): got connid=434
connection_read(20): checking for input on id=434
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
do_unbind
ber_get_next on fd 20 failed errno=0 (Success)
connection_read(20): input error=-2 id=434, closing.
connection_closing: readying conn=434 sd=20 for close
connection_close: deferring conn=434 sd=20
connection_resched: attempting closing conn=434 sd=20
connection_close: conn=434 sd=20


-- 
Julie Ashworth (julie@ls.berkeley.edu, 510-643-8747)
Letters & Sciences Computer Resources, University of CA, Berkeley 
<http://LS.berkeley.edu/lscr/>
PGP Key ID: 0x17F013D2

[nssldap] nss netgroup host support in linux, Julie Ashworth

Re: [nssldap] nss netgroup host support in linux, Julie Ashworth
Re: [nssldap] nss netgroup host support in linux, Klaus Steinberger
- Re: [nssldap] nss netgroup host support in linux, Julie Ashworth
  - Message not available
    - Re: [nssldap] nss netgroup host support in linux, Julie Ashworth

Prev by Date: [nssldap] su issue
Next by Date: Re: [nssldap] nss netgroup host support in linux
Previous by thread: [nssldap] su issue
Next by thread: Re: [nssldap] nss netgroup host support in linux