On Thu, Oct 20, 2005 at 03:38:27PM -0500, Ken Teh wrote:
> I'm looking at the feasibility of using ldap instead of NIS and have come
> across something that looks discouraging. In /etc/hosts.allow and
> /etc/exports, one can specify a netgroup for the client list. I use this
> feature. Can I retain this if I switch to ldap? I've looked on the web.
> There are messages posted which indicate that this will not work. But the
> postings were all 3-4 years.
>
> Does anyone know?
It should work. We have our netgroups in LDAP and we distribute /etc/netgroup
via cfengine, too.
LDAP entries look like this:
dn: cn=ng,ou=Netgroup,dc=xxx,dc=xxx,dc=xxx
objectClass: top
objectClass: nisNetgroup
cn: ng
nisNetgroupTriple: (xxx.xxx.xxx,,)
Here is a C program to list netgroups so you know it is working:
#include <stdio.h>
#include <netdb.h>
int main ( int argc, char *argv[] ) {
char *mach, *usr, *dom;
if (argc < 2) {
printf("Usage: %s netgroup\n",argv[0]);
return 1;
}
printf ( "(machine),(user),(domain)\n");
(void)setnetgrent(argv[1]);
while (getnetgrent(&mach,&usr,&dom)) {
printf ( "%s,%s,%s\n",mach,usr,dom);
}
(void)endnetgrent();
return 0;
}
|