Bug#935080: slapcat used in gosa hook script gosa-modify-host

To: Wolfgang Schweer <w.schweer@gmx.de>
Cc: 935080@bugs.debian.org
Subject: Bug#935080: slapcat used in gosa hook script gosa-modify-host
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Fri, 01 May 2020 06:18:42 +0000
Message-id: <[🔎] 20200501061842.Horde.U7C4Hopleqo3YoIEBpC2Spm@mail.das-netzwerkteam.de>
Reply-to: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 935080@bugs.debian.org
In-reply-to: <20200427103141.GA6288@star>
References: <20190819083037.Horde.B2vO3Q0tcNFxZiYwmHs7RIb@mail.das-netzwerkteam.de> <sa6a7c5s9tg.fsf@hjemme.reinholdtsen.name> <20190819083037.Horde.B2vO3Q0tcNFxZiYwmHs7RIb@mail.das-netzwerkteam.de> <20190819133331.Horde.gwWJpsFi63MXjs9mPXj2u2y@mail.das-netzwerkteam.de> <20190819083037.Horde.B2vO3Q0tcNFxZiYwmHs7RIb@mail.das-netzwerkteam.de> <20200419094051.GA6262@star> <20200419114324.Horde.EsLHMKdGH8eNWy6d0rBIY0k@mail.das-netzwerkteam.de> <20200427103141.GA6288@star> <20190819083037.Horde.B2vO3Q0tcNFxZiYwmHs7RIb@mail.das-netzwerkteam.de>

HI Wolfgang,

On  Mo 27 Apr 2020 12:31:41 CEST, Wolfgang Schweer wrote:

Moin Mike,

On Sun, Apr 19, 2020 at 11:43:24AM +0000, Mike Gabriel wrote:

On my customer site, we have 300 host entries or so. Doing the above
loop for every host change in LDAP will let the script walk over 300
LDAP queries. The response time of GOsa becomes awful with that.

[..]

During the next days, I can test your patch, either the one or above
or a follow-up version.


Maybe you can test a follow-up one, based on your proposal to query LDAP
only once. (Host gateway considered too, just in case someone has added
a keytab.)

Wolfgang

I looked at your script snippet and modified it and tested it on alive system with many hosts and LDAP being out-of-sync with the keytabfiles:


```
#!/bin/bash

set -e

declare -a hosts
num_hosts=0
while read KEY VALUE ; do
	case "$KEY" in
		dn:) let "num_hosts+=1" ;;
		cn:) hosts[$(($num_hosts-1))]="$VALUE" ;;
		"")
			:
		;;
	esac
done < <(ldapsearch -xLLL "objectclass=dhcpHost")

# add gateway host manually
hosts[$num_hosts]=gateway

# and also tjener...
hosts[$num_hosts+1]=tjener

printf -v hosts_str -- ',,%q' "${hosts[@]}"
hosts_str=$(echo $hosts_str | tr 'A-Z' 'a-z')

for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed's#.intern.keytab##' | tr 'A-Z' 'a-z') ; do

        if [[ ! "${hosts_str},," =~ ",,$i,," ]]; then
                kadmin.local delprinc host/$i.intern@INTERN
                kadmin.local delprinc nfs/$i.intern@INTERN
                rm /etc/debian-edu/host-keytabs/$i.intern.keytab
        fi
done
```

Changes:

  * avoid the need of a TEMP file
  * match LDAP hosts case insensitive

I wonder if this script (I tested it as a standalone script) shouldnot be better placed as a daily CRON job on TJENER (?) instead of itbeing part of the gosa-modify-host hook script.


Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpJZHU9oa3qz.pgp
Description: Digitale PGP-Signatur

Reply to:

Follow-Ups:
- Bug#935080: slapcat used in gosa hook script gosa-modify-host
  - From: Wolfgang Schweer <w.schweer@gmx.de>

Next by Date: Bug#935080: slapcat used in gosa hook script gosa-modify-host
Next by thread: Bug#935080: slapcat used in gosa hook script gosa-modify-host
Index(es):
- Date
- Thread