NIS Netgroups

Goal

We want to map the following entry from /etc/netgroup:

secretagents (-,jbond,example.com) (-,atrevalyan,example.com) otheragents

into the following LDAP entry in Penrose:

dn: cn=secretagents,ou=Netgroups,dc=NIS,dc=Example,dc=com
nisNetgroupTriple: -,jbond,example.com
nisNetgroupTriple: -,atrevalyan,example.com
memberNisNetgroup: otheragents
objectClass: nisNetgroup
cn: secretagents

Solution

First we create the source:

<source name="netgroups">

    <connection-name>NIS</connection-name>

    <field name="cn" primaryKey="true"/>
    <field name="nisNetgroupTriple"/>
    <field name="memberNisNetgroup"/>
    <field name="description"/>

    <parameter>
      <param-name>objectClasses</param-name>
      <param-value>nisNetgroup</param-value>
    </parameter>
    <parameter>
      <param-name>base</param-name>
      <param-value>system/netgroup</param-value>
    </parameter>
    <parameter>
      <param-name>scope</param-name>
      <param-value>ONELEVEL</param-value>
    </parameter>

</source>

Then we create the mapping:

<entry dn="cn=...,ou=Netgroups,dc=NIS,dc=Example,dc=com">

    <oc>nisNetgroup</oc>

    <at name="cn" rdn="true">
      <variable>n.cn</variable>
    </at>
    <at name="nisNetgroupTriple">
      <variable>n.nisNetgroupTriple</variable>
    </at>
    <at name="memberNisNetgroup">
      <variable>n.memberNisNetgroup</variable>
    </at>
    <at name="description">
      <variable>n.description</variable>
    </at>

    <source name="n">
      <source-name>netgroups</source-name>
      <field name="cn">
        <variable>cn</variable>
      </field>
      <field name="nisNetgroupTriple">
        <variable>nisNetgroupTriple</variable>
      </field>
      <field name="memberNisNetgroup">
        <variable>memberNisNetgroup</variable>
      </field>
      <field name="description">
        <variable>description</variable>
      </field>
    </source>

</entry>

The Penrose Project

The Safehaus

NIS Netgroups

Goal

Solution