Moin Mike,
On Sun, Apr 19, 2020 at 11:43:24AM +, Mike Gabriel wrote:
> On my customer site, we have 300 host entries or so. Doing the above
> loop for every host change in LDAP will let the script walk over 300
> LDAP queries. The response time of GOsa becomes awful with that.
[..]
> During the next days, I can test your patch, either the one or above
> or a follow-up version.
Maybe you can test a follow-up one, based on your proposal to query LDAP
only once. (Host gateway considered too, just in case someone has added
a keytab.)
Wolfgang
#!/bin/sh
set -e
## This script is run by www-data using sudo. Keep that in mind!
## Make sure that malicious execution cannot hurt.##
HOST="$1"
kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab
host/$HOST.intern"
kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab
nfs/$HOST.intern"
logger -t gosa-modify-host -p notice Krb5 principals and keytab file for host
\'$HOST\' created.
# update services:
/usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
# cleanup from leftover host principals and keytab file:
TEMPDIR=$(mktemp -d)
ldapsearch -xLLL "objectclass=dhcpHost" | grep ^cn: | cut -d' ' -f2 >
${TEMPDIR}/hosts
echo gateway >> ${TEMPDIR}/hosts
for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed
's#.intern.keytab##') ; do
if ! grep -q $i ${TEMPDIR}/hosts ; then
kadmin.local delprinc host/$i.intern@INTERN
kadmin.local delprinc nfs/$i.intern@INTERN
rm /etc/debian-edu/host-keytabs/$i.intern.keytab
fi
done
exit 0
signature.asc
Description: PGP signature
