Bug#935080: slapcat used in gosa hook script gosa-modify-host

Fri, 01 May 2020 03:22:14 -0700 

HI Wolfgang,

On  Mo 27 Apr 2020 12:31:41 CEST, Wolfgang Schweer wrote:


Moin Mike,

On Sun, Apr 19, 2020 at 11:43:24AM +0000, Mike Gabriel wrote:

On my customer site, we have 300 host entries or so. Doing the above
loop for every host change in LDAP will let the script walk over 300
LDAP queries. The response time of GOsa becomes awful with that.

[..]

During the next days, I can test your patch, either the one or above
or a follow-up version.


Maybe you can test a follow-up one, based on your proposal to query LDAP
only once. (Host gateway considered too, just in case someone has added
a keytab.)

Wolfgang
I looked at your script snippet and modified it and tested it on a live system with many hosts and LDAP being out-of-sync with the keytab files: 

```
#!/bin/bash

set -e

declare -a hosts
num_hosts=0
while read KEY VALUE ; do
        case "$KEY" in
                dn:) let "num_hosts+=1" ;;
                cn:) hosts[$(($num_hosts-1))]="$VALUE" ;;
                "")
                        :
                ;;
        esac
done < <(ldapsearch -xLLL "objectclass=dhcpHost")

# add gateway host manually
hosts[$num_hosts]=gateway

# and also tjener...
hosts[$num_hosts+1]=tjener

printf -v hosts_str -- ',,%q' "${hosts[@]}"
hosts_str=$(echo $hosts_str | tr 'A-Z' 'a-z')
for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##' | tr 'A-Z' 'a-z') ; do 
        if [[ ! "${hosts_str},," =~ ",,$i,," ]]; then
                kadmin.local delprinc host/$i.intern@INTERN
                kadmin.local delprinc nfs/$i.intern@INTERN
                rm /etc/debian-edu/host-keytabs/$i.intern.keytab
        fi
done
```

Changes:

  * avoid the need of a TEMP file
  * match LDAP hosts case insensitive
I wonder if this script (I tested it as a standalone script) should not be better placed as a daily CRON job on TJENER (?) instead of it being part of the gosa-modify-host hook script. 

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgppTCInoZZpn.pgp
Description: Digitale PGP-Signatur

Reply via email to