Moin Mike, On Sun, Apr 19, 2020 at 11:43:24AM +0000, Mike Gabriel wrote: > On my customer site, we have 300 host entries or so. Doing the above > loop for every host change in LDAP will let the script walk over 300 > LDAP queries. The response time of GOsa becomes awful with that. [..] > During the next days, I can test your patch, either the one or above > or a follow-up version. Maybe you can test a follow-up one, based on your proposal to query LDAP only once. (Host gateway considered too, just in case someone has added a keytab.) Wolfgang
#!/bin/sh set -e ## This script is run by www-data using sudo. Keep that in mind! ## Make sure that malicious execution cannot hurt.## HOST="$1" kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern" kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern" kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern" kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern" logger -t gosa-modify-host -p notice Krb5 principals and keytab file for host \'$HOST\' created. # update services: /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs # cleanup from leftover host principals and keytab file: TEMPDIR=$(mktemp -d) ldapsearch -xLLL "objectclass=dhcpHost" | grep ^cn: | cut -d' ' -f2 > ${TEMPDIR}/hosts echo gateway >> ${TEMPDIR}/hosts for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do if ! grep -q $i ${TEMPDIR}/hosts ; then kadmin.local delprinc host/$i.intern@INTERN kadmin.local delprinc nfs/$i.intern@INTERN rm /etc/debian-edu/host-keytabs/$i.intern.keytab fi done exit 0
Attachment:
signature.asc
Description: PGP signature