Re: [nssldap] nss netgroup host support in linux

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Julie Ashworth <julie [at] ls.berkeley.edu>
To: nssldap [at] padl.com
Subject: Re: [nssldap] nss netgroup host support in linux
Date: Wed, 12 Sep 2007 13:03:17 -0700

I should make a correction in my previous email.

I tried to remove hostnames from the email, i.e.
replacing 'barra' with 'client', but I failed to replace
the name in the ldif files (see below).
Sorry about the confusion.

-Julie
 

On 12-09-2007 11.44 -0700, Julie Ashworth wrote:
> hi,
> 
> I'm migrating my solaris yp installation to openldap, and its 
> nearly complete, except I cannot use host membership checking in 
> the nfs exports file (/etc/exports on RHEL4/5) with ldap netgroups.
> 
> Does anybody know if this is possible, or a work-around?
> 
> The netgroup /etc/exports (@host syntax) works with /etc/netgroup 
> (specify 'netgroup: files' in /etc/nsswitch.conf), and works with
> yp - just not with ldap.
> 
> Below are my configurations, in case its helpful. 
> 
> Server's /etc/exports entry:
> /oakdisk1  @test(rw,sync)
> 
> Client query the ldap db on the client (nsswitch is using only ldap - I 
> removed the working /etc/netgroup file):
> $ getent netgroup test
> test                  (client, , ) (client.math.berkeley.edu, , )
> 
> Client access nfs share:
> $ ls /misc/oakdisk1
> ls: /misc/oakdisk1: No such file or directory
> 
> (see below for output from slapd)
> 
> ldif entries:
> *********************************
> dn: ou=Netgroup, dc=berkeley,dc=edu
> ou: Netgroup
> description: Netgroup for trusted hosts 
> objectClass: top
> objectClass: organizationalUnit
> 
> dn: cn=test,ou=Netgroup,dc=berkeley,dc=edu
> objectClass: nisNetgroup
> objectClass: top
> cn: test
> nisNetgroupTriple: (barra,,)
> nisNetgroupTriple: (barra.math.berkeley.edu,,)
> *********************************
> 
> 
> Thanks in advance,
> Julie
> 
> 
> 
> 
> slapd output:
> 
> connection_get(20): got connid=434
> connection_read(20): checking for input on id=434
> ber_get_next
> ber_get_next: tag 0x30 len 12 contents:
> ber_get_next
> ber_get_next on fd 20 failed errno=11 (Resource temporarily unavailable)
> do_bind
> ber_scanf fmt ({imt) ber:
> ber_scanf fmt (m}) ber:
> >>> dnPrettyNormal: <>
> <<< dnPrettyNormal: <>, <>
> do_bind: version=3 dn="" method=128
> send_ldap_result: conn=434 op=0 p=3
> send_ldap_response: msgid=1 tag=97 err=0
> ber_flush: 14 bytes to sd 20
> do_bind: v3 anonymous bind
> connection_get(20): got connid=434
> connection_read(20): checking for input on id=434
> ber_get_next
> ber_get_next: tag 0x30 len 124 contents:
> ber_get_next
> do_search
> ber_get_next on fd 20 failed errno=11 (Resource temporarily unavailable)
> ber_scanf fmt ({miiiib) ber:
> >>> dnPrettyNormal: <nisMapName=auto.misc,dc=berkeley,dc=edu>
> => ldap_bv2dn(nisMapName=auto.misc,dc=berkeley,dc=edu,0)
> <= ldap_bv2dn(nisMapName=auto.misc,dc=berkeley,dc=edu,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(nisMapName=auto.misc,dc=berkeley,dc=edu,272)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(nisMapName=auto.misc,dc=berkeley,dc=edu,272)=0
> <<< dnPrettyNormal: <nisMapName=auto.misc,dc=berkeley,dc=edu>, 
> <nisMapName=auto.misc,dc=berkeley,dc=edu>
> ber_scanf fmt ({mm}) ber:
> ber_scanf fmt ({mm}) ber:
> ber_scanf fmt ({M}}) ber:
> ==> limits_get: conn=434 op=1 dn="[anonymous]"
> => bdb_search
> bdb_dn2entry("nisMapName=auto.misc,dc=berkeley,dc=edu")
> search_candidates: base="nisMapName=auto.misc,dc=berkeley,dc=edu" 
> (0x0000011f) scope=2
> => bdb_dn2idl( "nisMapName=auto.misc,dc=berkeley,dc=edu" )
> <= bdb_dn2idl: id=9 first=287 last=295
> => bdb_equality_candidates (objectClass)
> => key_read
> <= bdb_index_read: failed (-30990)
> <= bdb_equality_candidates: id=0, first=0, last=0
> => bdb_equality_candidates (objectClass)
> => key_read
> <= bdb_index_read 9 candidates
> <= bdb_equality_candidates: id=9, first=286, last=295
> => bdb_equality_candidates (cn)
> => key_read
> <= bdb_index_read 1 candidates
> <= bdb_equality_candidates: id=1, first=294, last=294
> bdb_search_candidates: id=1 first=294 last=294
> => send_search_entry: dn="cn=oakdisk1,nisMapName=auto.misc,dc=berkeley,dc=edu"
> ber_flush: 112 bytes to sd 20
> <= send_search_entry
> send_ldap_result: conn=434 op=1 p=3
> send_ldap_response: msgid=2 tag=101 err=0
> ber_flush: 14 bytes to sd 20
> connection_get(20): got connid=434
> connection_read(20): checking for input on id=434
> ber_get_next
> ber_get_next: tag 0x30 len 5 contents:
> ber_get_next
> do_unbind
> ber_get_next on fd 20 failed errno=0 (Success)
> connection_read(20): input error=-2 id=434, closing.
> connection_closing: readying conn=434 sd=20 for close
> connection_close: deferring conn=434 sd=20
> connection_resched: attempting closing conn=434 sd=20
> connection_close: conn=434 sd=20
> 
> 
> -- 
> Julie Ashworth (julie@ls.berkeley.edu, 510-643-8747)
> Letters & Sciences Computer Resources, University of CA, Berkeley 
> <http://LS.berkeley.edu/lscr/>
> PGP Key ID: 0x17F013D2
> 
---end quoted text---

-- 
Julie Ashworth (julie@ls.berkeley.edu, 510-643-8747)
Letters & Sciences Computer Resources, University of CA, Berkeley 
<http://LS.berkeley.edu/lscr/>
PGP Key ID: 0x17F013D2

[nssldap] nss netgroup host support in linux, Julie Ashworth
- Re: [nssldap] nss netgroup host support in linux, Julie Ashworth
- Re: [nssldap] nss netgroup host support in linux, Klaus Steinberger
  - Re: [nssldap] nss netgroup host support in linux, Julie Ashworth
    - Message not available
      - Re: [nssldap] nss netgroup host support in linux, Julie Ashworth

Prev by Date: [nssldap] nss netgroup host support in linux
Next by Date: Re: [nssldap] nss netgroup host support in linux
Previous by thread: [nssldap] nss netgroup host support in linux
Next by thread: Re: [nssldap] nss netgroup host support in linux