Problems with netgroups and ldap.

bug-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems with netgroups and ldap.

From:	Mark Keller
Subject:	Problems with netgroups and ldap.
Date:	Thu, 7 Apr 2005 16:55:29 -0700
User-agent:	KMail/1.8

I seem to be having a problem with netgroup matching on Solaris using LDAP as 
the netgroup repository. We have been using NIS with netgroups on Linux and 
Solaris for quite a while. Cfengine has always worked fine using netgroups as 
classes. We recently started converting to using LDAP instead of NIS. On 
Linux everything works fine. On Solaris cfagent will hang for 5-10 minutes 
and then get a timeout error. After using debugging it appears cfengine is 
hanging when trying to do a netgroup match. I know netgroups are working fine 
with Solaris and LDAP because other apps have no problem. I can even write my 
own little chunk of C code and netgroups work:

...
       setnetgrent(netgroup);

        while(getnetgrent(&host, &user, &domain)) {
                printf("%s:%s\n", host, user);
        }

        endnetgrent();
...

So I started looking at the cfengine source. In src/install.c I found the 
chunk of code that deals with netgroups. The code looks fine to me, but since 
it was having problems I decided to modify it.

Here is cfengine original code that doesn't work on Solaris:

   case netgroup:  setnetgrent(ebuff);

                   while (getnetgrent(&machine,&user,&domain))
                      {
                      if (strcmp(machine,VDEFAULTBINSERVER.name) == 0)
                         {
                         Debug1("Matched %s in netgroup %s\n",machine,ebuff);
                         AddClassToHeap(GROUPBUFF);
                         break;
                         }

                      if (strcmp(machine,VFQNAME) == 0)
                         {
                         Debug1("Matched %s in netgroup %s\n",machine,ebuff);
                         AddClassToHeap(GROUPBUFF);
                         break;
                         }
                      }

                   endnetgrent();
                   break;


I basically removed setnetgrent and getnetgrent and used innetgr instead. Now 
cfengine seems to work fine on Solaris and LDAP with netgroups. 

   case netgroup:     

                   if (innetgr(ebuff,VDEFAULTBINSERVER.name, NULL, NULL))
                      {
                      Debug1("Matched %s in netgroup 
%s\n",VDEFAULTBINSERVER.name,ebuff);
                      AddClassToHeap(GROUPBUFF);
                      break;
                      }
                    if (innetgr(ebuff,VFQNAME, NULL, NULL))
                         {
                         Debug1("Matched %s in netgroup %s\n",VFQNAME,ebuff);
                         AddClassToHeap(GROUPBUFF);
                         break;
                         }
      
                   break;

Any ideas on what the problem might be? Why would the setnetgrent function 
hang in cfengine when I can write almost the same code in a sample program 
and it works fine?

Any help would greatly be appreciated, I would hate to have to apply my 
own patches everytime I build cfengine for Solaris.

Thanks,

Mark Keller

[Prev in Thread]

Current Thread

[Next in Thread]

Problems with netgroups and ldap., Mark Keller <=
- Message not available
  - Re: Problems with netgroups and ldap., Mark Keller, 2005/04/08
    - Re: Problems with netgroups and ldap., Mark Burgess, 2005/04/08
    - Re: Problems with netgroups and ldap., Mark Burgess, 2005/04/08
- Re: Problems with netgroups and ldap., Mark Keller, 2005/04/11

Prev by Date: Re: Exit status of 0 from cfkey despite failure
Next by Date: checking for large file support
Previous by thread: Exit status of 0 from cfkey despite failure
Next by thread: Re: Problems with netgroups and ldap.
Index(es):
- Date
- Thread