10226
Comment: add more LAL API
|
13785
add usage
|
Deletions are marked like this. | Additions are marked like this. |
Line 42: | Line 42: |
structuralObjectClass: nisNetgroup | |
Line 51: | Line 50: |
structuralObjectClass: nisNetgroup | |
Line 74: | Line 72: |
structuralObjectClass: nisNetgroup | |
Line 202: | Line 199: |
== Usage of the Netgroups in CipUX == === With the CipUX XML-RPC client/server === [ ... ] === Within the LDAP Abstraction Layer === This guide is for developers who implement CipUX::Task commands. Warning: you should not use the LDAP Abstraction Layer directly if you are not knowing what you are doing. You can erease easily your database or write nonsense inside a huge amount of database fields. This might leed into a complete unfunctional server. Use CipUX::Task commands instaed! ==== cipux_get_value ==== '''Retrieve the value for "server-hosts":''' {{{ ./cipux_get_value -n server-hosts -e nisNetgroupTriple }}} Result: {{{ (tjener,-,-) }}} '''Retrieving all values of nisNetgroupTriple for all groups:''' {{{ ./cipux_get_value -N -e nisNetgroupTriple }}} Result: {{{ server-hosts (tjener,-,-) workstation-hosts x all-hosts x printer-hosts x ltsp-server-hosts x }}} (e.g.: between "all-hosts" and "x" is a \t) '''Retrieving all nisNetgroupMember of all netgroups (default there is none!):''' {{{ ./cipux_get_value -N -e nisNetgroupMember }}} Result: {{{ server-hosts x workstation-hosts x all-hosts x printer-hosts x ltsp-server-hosts x }}} ("x" stands for "no-value"; derived from Japanese and called "batsu") '''Add a host to all groups:''' {{{ ./cipux_set_value -N -a -e nisNetgroupTriple -v '(cleon,-,-)' }}} Result: {{{ }}} You can verify this: {{{ ./cipux_get_value -N -e nisNetgroupTriple }}} Result: {{{ server-hosts (tjener,-,-) (cleon,-,-) workstation-hosts (cleon,-,-) all-hosts (cleon,-,-) printer-hosts (cleon,-,-) ltsp-server-hosts (cleon,-,-) }}} '''Remove a host from printer-hosts:''' {{{ ./cipux_set_value -n printer-hosts -d -e nisNetgroupTriple -v '(cleon,-,-) }}} Result: {{{ }}} You can verify this: {{{ ./cipux_get_value -N -e nisNetgroupTriple }}} Result: {{{ server-hosts (tjener,-,-) (cleon,-,-) workstation-hosts (cleon,-,-) all-hosts (cleon,-,-) printer-hosts x ltsp-server-hosts (cleon,-,-) }}} '''Remove host from all netgroups:''' {{{ ./cipux_set_value -N -d -e nisNetgroupTriple -v '(cleon,-,-)' }}} Result: {{{ }}} You can verify this: {{{ ./cipux_get_value -N -e nisNetgroupTriple }}} Result: {{{ server-hosts (tjener,-,-) workstation-hosts x all-hosts x printer-hosts x ltsp-server-hosts x }}} ==== cipux_set_value ==== '''Adding the machine "cleon" to the workstations''' {{{ ./cipux_set_value -n workstation-hosts -e nisNetgroupTriple -v cleon }}} Result: {{{ ldap_modify: Invalid syntax (21) additional info: nisNetgroupTriple: value #0 invalid per syntax }}} This is wrong, because the the syntax of nisNetgroupTriple is different. You should do it like this: {{{ ./cipux_set_value -n workstation-hosts -e nisNetgroupTriple -v '(cleon,-,-)' }}} Result: {{{ }}} You can check that with cipux_get_value: {{{ ./cipux_get_value -N -e nisNetgroupTriple }}} Result: {{{ server-hosts (tjener,-,-) workstation-hosts (cleon,-,-) all-hosts x printer-hosts x ltsp-server-hosts x }}} ==== cipux_add ==== '''Adding laptops:''' {{{ ./cipux_add -n --attribute cn=laptop-hosts }}} Result: {{{ adding new entry "cn=laptop-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no" }}} ==== cipux_del ==== '''Removing laptops:''' {{{ ./cipux_del -n laptop-hosts }}} Result: {{{ }}} |
|
Line 203: | Line 422: |
CipUX Feature Netgroup
This page describes briefly the implementation of the netgroup feature for CipUX.
?TableOfContents
Status of the project: |
||
CipUX Netgroup Feature |
||
|
Name: |
CipUX_Feature_Netgroup |
|
Status: |
implementing |
|
Programmer: |
Benedikt Wildenhain |
|
available in: |
3.2.12 |
|
release: |
2006-11-09 |
|
implemented in: |
cipux-cibot, cipux-cat-web |
History of "netgroups"
The netgroup feature was implemented for Skolelinux/ DebianEdu as a webmin module ("netgroups"). This module was able to add a host (workstation or server) to a so called "netgroup". If the host was added the host was able to mount the nfs share from the server. It was also use to divide hosts into groups.
Pros:
- webmin module exists and works
Cons:
- it is not userfriendly at all ("go back to save your changes")
- it is dependend on webmin (and webmin will be removed in edge)
Therefor Kurt Gramlich suggest to implement this feature into CipUX. Bededikt Wildenhain is the chief engineer to fullfill this task.
Description of implementation of webmin module "netgroups" (by Benedikt Wildenhain)
Example output of ldapsearch before adding any host beside tjener:
dn: cn=server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no objectClass: top objectClass: nisNetgroup cn: server-hosts nisNetgroupTriple: (tjener,-,-)
Output after using webmin to add a new server host:
dn: cn=server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no objectClass: top objectClass: nisNetgroup cn: server-hosts nisNetgroupTriple: (my-new-server-host,-,-) nisNetgroupTriple: (tjener,-,-)
So basically an entry named nisNetgroupTriple($hostname,-,-) was added. The following ?CommonNames (cn) have to be electable:
- server-hosts
- workstation-hosts
- ltsp-server-hosts
- printer-hosts
- all-hosts?(=member all four groups)
- any custom group defined by the admin (see below)
The LDAP attribute nisNetgroupTriple is defined in "nis.schema" from openldap.
- Each entry has three fields: host, user, and domain.
- If you leave a field blank, it allows complete access.
New object adding a new hostgroup:
dn: cn=my-new-server-group,ou=Netgroup,dc=skole,dc=skolelinux,dc=no objectClass: top objectClass: nisNetgroup cn: my-new-server-group
After adding this group as subgroup of server-hosts, a new value named memberNisNetgroup ist added:
dn: cn=server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no [...] memberNisNetgroup: my-new-server-group
The LDAP attribute memberNisNetgroup is defined in "nis.schema" from openldap.
Description of implementation of netgroup feature in CipUX
This feature must be an optional CipUX feature, because there might be installations without NFS or network shares at all. To switch it off and on we use a variable in the "CipUX" configuration section in LDAP.
To switch it on for CipUX >=3.2.12:
cipux_task_change_cipux_config_variable_value CipUX CipUX_Feature_Netgroup 1
To switch it off for CipUX >=3.2.12:
cipux_task_change_cipux_config_variable_value CipUX CipUX_Feature_Netgroup 0
Implementation in CipUX Ldap Abstraction Layer
The netgroup class must be added in CipUX LDAP Abstraction layer.
- cipux_add -n NID cipux_del -n NID cipux_set_value -n NID -e LDAP_Attribute -v VALUE cipux_set_value -N-e LDAP_Attribute -v VALUE triple = cipux_get_value -n NID -e LDAP_Attribute triplelist = cipux_get_value -N -e LDAP_Attribute
NID = netgroup ID (canonical name)
VALUE = (machine,user,domain) , the brackets are stored inside attribute!
triple = (machine, user,domain), , the brackets are printed out!
triplelist = linear list of triple
Implementation in CipUX::Task (CLI, XML'RPC-API)
The following CipUX::Task commands are needed:
- list = cipux_task_list_netgroups cipux_task_create_netgroup NID cipux_task_delete_netgroup NID cipux_task_add_machine_to_netgroup NID member_MID cipux_task_remove_machine_from_netgroup NID member_MID list = cipux_task_list_machine_members_of_netgroup NID cipux_task_add_user_to_netgroup NID member_UID cipux_task_remove_user_from_netgroup NID member_UID list = cipux_task_list_user_members_of_netgroup NID cipux_task_add_domain_to_netgroup NID member_DID cipux_task_remove_domain_from_netgroup NID member_DID list = cipux_task_list_domain_members_of_netgroup NID cipux_task_add_triple_to_netgroup NID member_MID member_UID member_DID cipux_task_remove_triple_from_netgroup NID member_MID member_UID member_DID list = cipux_task_list_triple_members_of_netgroup NID
NID = Netgroup ID (canonical name)
MID = Machine ID (canonical name)
UID = User ID (canonical name)
DID = Domain ID (canonical name)
where as the following internal convetion is valid:
- _add_machine_to_netgroup(NID,member_MID) = *_add_triple_to_netgroup(,NID,member_MID,'-','-')
- _add_user_to_netgroup(NID,member_UID) = *_add_triple_to_netgroup(,NID,,'-',member_UID,'-')
- _add_domain_to_netgroup(NID,member_DID) = *_add_triple_to_netgroup(,NID,'-','-',member_DID,)
Implementation in CAT (cipux-cat-web) GUI
The new feature must be available in some GUI. Because ?BenediktWildenhain or ChristianKuelker have Perl knowledge they will implement this first in cat-webmin or cat-web. Due to the fact that webmin will not be in Edge it would only make sense to implement this into cat-web. Others may implement that in the PHP branch of CAT later.
CAT-web uses the LDAP entry in the configuration section:
use CipUX::Cat::Web; my $CipUX_Feature_Netgroup = &rpc($login,$ticket, "cipux_task_tell_me_cipux_config_variable_value", ["CipUX","CipUX_Feature_Netgroup"]) || 0; if($CipUX_Feature_Netgroup){ # do some thing }
[...] (to be continued)
Usage of the Netgroups in CipUX
With the CipUX XML-RPC client/server
[ ... ]
Within the LDAP Abstraction Layer
This guide is for developers who implement CipUX::Task commands.
Warning: you should not use the LDAP Abstraction Layer directly if you are not knowing what you are doing. You can erease easily your database or write nonsense inside a huge amount of database fields. This might leed into a complete unfunctional server. Use CipUX::Task commands instaed!
cipux_get_value
Retrieve the value for "server-hosts": Result: Result: (e.g.: between "all-hosts" and "x" is a \t) Result: ("x" stands for "no-value"; derived from Japanese and called "batsu") Result: You can verify this: Result: Result: You can verify this: Result: Result: You can verify this: Result:
Result: This is wrong, because the the syntax of nisNetgroupTriple is different. You should do it like this: Result: You can check that with cipux_get_value: Result:
Result:
Result:
Task: when: who: plan: costs: done: Initial Talk for creating planning concept 2006-10-28 ?BenediktWildenhain 1h 30m Create a wiki page for coordination 2006-10-29 1h 1h Write description about webmin module "netgroups" 2006-11-01 ?BenediktWildenhain 2h 90m Planning implementation details 2006-11-01 both 1h 30m Update this page with implementation details 2006-11-01 2h 50m Implement changes to CipUX LDAP Abstraction L. 2006-11-04 0h 10m Implement changes to CipUX CipUX::Task 2006-11-01 ?BenediktWildenhain 4h Wrote a new cat-web module or add feature to one 2006-11- 3h Test the new feature on development system 2006-11- 1h Bugfixing 2006-11- 1h Test the new feature on development system 2006-11- 1h Test the new feature on fresh installed system 2006-11- 2h hopefully no Bugfixing 2006-11- 0h Project finished 2006-11- 18h30m ./cipux_get_value -n server-hosts -e nisNetgroupTriple
(tjener,-,-)
Retrieving all values of nisNetgroupTriple for all groups: ./cipux_get_value -N -e nisNetgroupTriple
server-hosts (tjener,-,-)
workstation-hosts x
all-hosts x
printer-hosts x
ltsp-server-hosts x
./cipux_get_value -N -e nisNetgroupMember
server-hosts x
workstation-hosts x
all-hosts x
printer-hosts x
ltsp-server-hosts x
./cipux_set_value -N -a -e nisNetgroupTriple -v '(cleon,-,-)'
./cipux_get_value -N -e nisNetgroupTriple
server-hosts (tjener,-,-) (cleon,-,-)
workstation-hosts (cleon,-,-)
all-hosts (cleon,-,-)
printer-hosts (cleon,-,-)
ltsp-server-hosts (cleon,-,-)
Remove a host from printer-hosts: ./cipux_set_value -n printer-hosts -d -e nisNetgroupTriple -v '(cleon,-,-)
./cipux_get_value -N -e nisNetgroupTriple
server-hosts (tjener,-,-) (cleon,-,-)
workstation-hosts (cleon,-,-)
all-hosts (cleon,-,-)
printer-hosts x
ltsp-server-hosts (cleon,-,-)
Remove host from all netgroups: ./cipux_set_value -N -d -e nisNetgroupTriple -v '(cleon,-,-)'
./cipux_get_value -N -e nisNetgroupTriple
server-hosts (tjener,-,-)
workstation-hosts x
all-hosts x
printer-hosts x
ltsp-server-hosts x
cipux_set_value
Adding the machine "cleon" to the workstations ./cipux_set_value -n workstation-hosts -e nisNetgroupTriple -v cleon
ldap_modify: Invalid syntax (21)
additional info: nisNetgroupTriple: value #0 invalid per syntax
./cipux_set_value -n workstation-hosts -e nisNetgroupTriple -v '(cleon,-,-)'
./cipux_get_value -N -e nisNetgroupTriple
server-hosts (tjener,-,-)
workstation-hosts (cleon,-,-)
all-hosts x
printer-hosts x
ltsp-server-hosts x
cipux_add
Adding laptops: ./cipux_add -n --attribute cn=laptop-hosts
adding new entry "cn=laptop-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no"
cipux_del
Removing laptops: ./cipux_del -n laptop-hosts
Work on the project