[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Problems with netgroups and ldap.
From: |
Mark Keller |
Subject: |
Problems with netgroups and ldap. |
Date: |
Thu, 7 Apr 2005 16:55:29 -0700 |
User-agent: |
KMail/1.8 |
I seem to be having a problem with netgroup matching on Solaris using LDAP as
the netgroup repository. We have been using NIS with netgroups on Linux and
Solaris for quite a while. Cfengine has always worked fine using netgroups as
classes. We recently started converting to using LDAP instead of NIS. On
Linux everything works fine. On Solaris cfagent will hang for 5-10 minutes
and then get a timeout error. After using debugging it appears cfengine is
hanging when trying to do a netgroup match. I know netgroups are working fine
with Solaris and LDAP because other apps have no problem. I can even write my
own little chunk of C code and netgroups work:
...
setnetgrent(netgroup);
while(getnetgrent(&host, &user, &domain)) {
printf("%s:%s\n", host, user);
}
endnetgrent();
...
So I started looking at the cfengine source. In src/install.c I found the
chunk of code that deals with netgroups. The code looks fine to me, but since
it was having problems I decided to modify it.
Here is cfengine original code that doesn't work on Solaris:
case netgroup: setnetgrent(ebuff);
while (getnetgrent(&machine,&user,&domain))
{
if (strcmp(machine,VDEFAULTBINSERVER.name) == 0)
{
Debug1("Matched %s in netgroup %s\n",machine,ebuff);
AddClassToHeap(GROUPBUFF);
break;
}
if (strcmp(machine,VFQNAME) == 0)
{
Debug1("Matched %s in netgroup %s\n",machine,ebuff);
AddClassToHeap(GROUPBUFF);
break;
}
}
endnetgrent();
break;
I basically removed setnetgrent and getnetgrent and used innetgr instead. Now
cfengine seems to work fine on Solaris and LDAP with netgroups.
case netgroup:
if (innetgr(ebuff,VDEFAULTBINSERVER.name, NULL, NULL))
{
Debug1("Matched %s in netgroup
%s\n",VDEFAULTBINSERVER.name,ebuff);
AddClassToHeap(GROUPBUFF);
break;
}
if (innetgr(ebuff,VFQNAME, NULL, NULL))
{
Debug1("Matched %s in netgroup %s\n",VFQNAME,ebuff);
AddClassToHeap(GROUPBUFF);
break;
}
break;
Any ideas on what the problem might be? Why would the setnetgrent function
hang in cfengine when I can write almost the same code in a sample program
and it works fine?
Any help would greatly be appreciated, I would hate to have to apply my
own patches everytime I build cfengine for Solaris.
Thanks,
Mark Keller
- Problems with netgroups and ldap.,
Mark Keller <=