On Wed, May 18, 2011 at 10:28:49PM +0200, Neuhold Christian (TSA) wrote:
> Hello, thanks for tip with "{CRYPT}". I made some testing and played with nis-value-format:
>
> [root@xxx ~]# ypcat users | grep tst
> tst:{crypt}xOf6b2C9ZsCsA:1346:21:Test:/user/tst:/bin/csh
>
> --> Definition from users in dse.ldif:
> dn: nis-domain=amsint+nis-map=users,cn=NIS Server,cn=plugins,cn=config
> objectClass: extensibleObject
> objectClass: top
> nis-domain: amsint
> nis-map: users
> nis-base: ou=People, dc=amsint, dc=com
> nis-filter: (objectClass=posixAccount)
> nis-key-format: %{uid}
> nis-value-format: %{uid}:%{userPassword}:%{uidNumber}:%{gidNumber}:%{cn}:%{homeDirectory}:%{loginShell}
That's probably not a good idea -- if you have a plaintext user
password, it'll show up in this field as plaintext. If you have
passwords hashed using mechanisms other than crypt() (like {SSHA}) the
hashes will show up here even though your client machines won't know
what to do with them, but that's less of an issue.
> --> So I tried with this definition:
> dn: nis-domain=amsint+nis-map=users2,cn=NIS Server,cn=plugins,cn=config
> objectClass: extensibleObject
> objectClass: top
> nis-domain: amsint
> nis-map: users2
> nis-base: ou=People, dc=amsint, dc=com
> nis-filter: (objectClass=posixAccount)
> nis-key-format: %{uid}
> nis-value-format: %{uid}:%regsub("%{userPassword}","^\{crypt\}(..*)","%1","*")
> :%{uidNumber}:%{gidNumber}:%{gecos:-%{cn:-Some Unnamed User},,,}:%{homeDirec
> tory}:%{loginShell:-/bin/bash}
>
> --> {crypt} vs. {CRYPT} but still:
> [root@xxx ~]# ypcat users2 | grep tst
> tst:*:1346:21:Test:/user/tst:/bin/csh
Quoting gets pretty complicated rather quickly here -- the way you've
written this expression, I think you'd want to start with "^\\{" to
include a literal "\" in the regular expression. You can run
"nisserver-plugin-defs -m passwd.byname" to pull up the defaults.
> --> So I tried again with:
> dn: nis-domain=amsint+nis-map=users3,cn=NIS Server,cn=plugins,cn=config
> objectClass: extensibleObject
> objectClass: top
> nis-domain: amsint
> nis-map: users3
> nis-base: ou=People, dc=amsint, dc=com
> nis-filter: (objectClass=posixAccount)
> nis-key-format: %{uid}
> nis-value-format: %{uid}:%regsub("%{userPassword}","crypt\}(..*)","%1","*"):%{
> uidNumber}:%{gidNumber}:%{gecos:-%{cn:-Some Unnamed User},,,}:%{homeDirector
> y}:%{loginShell:-/bin/bash}
>
> --> {crypt} vs. crypt\} and now:
> [root@xxx ~]# ypcat users3 | grep tst
> tst:xOf6b2C9ZsCsA:1346:21:Test:/user/tst:/bin/csh
>
> But why ?
The "{CRYPT}" prefix is checked for in a case-sensitive manner, so if
the values you have actually start with "{crypt}", then that'd explain
why this nis-value-format causes the desired value to show up and the
default doesn't.
HTH,
Nalin
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
