Hi again, On Mo 27 Apr 2020 12:31:41 CEST, Wolfgang Schweer wrote:
Maybe you can test a follow-up one, based on your proposal to query LDAP only once. (Host gateway considered too, just in case someone has added a keytab.)
Here is a slight change...
```
#!/bin/bash
set -e
declare -a hosts
num_hosts=0
while read KEY VALUE ; do
case "$KEY" in
dn:) let "num_hosts+=1" ;;
cn:) hosts[$(($num_hosts-1))]="$VALUE" ;;
"")
:
;;
esac
done < <(ldapsearch -xLLL "objectclass=dhcpHost")
# add gateway host manually
hosts[$num_hosts]=gateway
# and also tjener...
hosts[$num_hosts+1]=tjener
printf -v hosts_str -- ',,%q' "${hosts[@]}"
hosts_str=$(echo $hosts_str | tr 'A-Z' 'a-z')
for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed
's#.intern.keytab##') ; do
match_value=$(echo $i | tr 'A-Z' 'a-z')
if [[ ! "${hosts_str},," =~ ",,${match_value},," ]]; then
kadmin.local delprinc host/$i.intern@INTERN
kadmin.local delprinc nfs/$i.intern@INTERN
rm /etc/debian-edu/host-keytabs/$i.intern.keytab
fi
done
```
The match_value part in the loop got introduced. We need to keep the
case-sensitive string for exactly matching the file name and the
principal name. But for matching, we want all to be lower-case.
Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpIwMmA8FnYP.pgp
Description: Digitale PGP-Signatur