SCIENTIFIC-LINUX-USERS Archives

October 2005

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: openldap and nis netgroup
From:
Andy Wettstein <[log in to unmask]>
Reply To:
Andy Wettstein <[log in to unmask]>
Date:
Fri, 21 Oct 2005 08:50:42 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (46 lines) 
On Thu, Oct 20, 2005 at 03:38:27PM -0500, Ken Teh wrote:
> I'm looking at the feasibility of using ldap instead of NIS and have come 
> across something that looks discouraging.  In /etc/hosts.allow and 
> /etc/exports, one can specify a netgroup for the client list.  I use this 
> feature.  Can I retain this if I switch to ldap?  I've looked on the web.  
> There are messages posted which indicate that this will not work.  But the 
> postings were all 3-4 years.
> 
> Does anyone know?

It should work.  We have our netgroups in LDAP and we distribute /etc/netgroup 
via cfengine, too.

LDAP entries look like this:

dn: cn=ng,ou=Netgroup,dc=xxx,dc=xxx,dc=xxx
objectClass: top
objectClass: nisNetgroup
cn: ng
nisNetgroupTriple: (xxx.xxx.xxx,,)

Here is a C program to list netgroups so you know it is working:

#include <stdio.h>
#include <netdb.h>

int main ( int argc, char *argv[] ) {

   char *mach, *usr, *dom;

   if (argc < 2) {
      printf("Usage: %s netgroup\n",argv[0]);
      return 1;
   }

   printf ( "(machine),(user),(domain)\n");
   (void)setnetgrent(argv[1]);
   while (getnetgrent(&mach,&usr,&dom)) {
        printf ( "%s,%s,%s\n",mach,usr,dom);
   }
   (void)endnetgrent();

   return 0;

}

ATOM RSS1 RSS2