Pymacds and multiple server bindings
Gary Larizza
The Pymacds library that Nigel added is quite cool. It creates a
conduit to inspect your system and ensure that your machines search/
contacts paths are added/removed depending on whether you're on or off-
network.
Unless I'm missing something, though, there seems to be no method of
capturing the servers to which your machine is bound (something akin
of the 'dscl localhost -list /LDAPv3' command). You could do a:
SystemNodes = pymacds.GetSearchNodes()
for nodes in SystemNodes:
pymacds.EnsureSearchNodeAbsent(nodes)
This would remove the nodes from your /Search path, but if you want to
re-add them later, I don't see any way of capturing those paths again
the next time the script was run. You COULD create a global variable
that stored the path like this:
_Search_Path = '/LDAPv3/server.foo.com'
This doesn't help, though, if you have a replica server in every
building with a different name (which is what I have going on here).
I COULD create a method that determines which building's network you
were on, and ensure that you're bound to the nearest replica, but if
I'm able to programmatically determine that with a dscl command that
outputs to a plist it would save some lines of code. I don't know of
a way to get the output, in plist format, of all the bound servers on
a machine (dscl -plist localhost -read /LDAPv3 doesn't give me what I
need) - maybe someone has a dscl trick up their sleeve? If a machine
were bound to multiple servers, I could pull that info out of a plist
and then iterate pymacds.EnsureSearchNodePresent(node) over it.
Does anyone have any thoughts on this? Thanks!
-Gary
Nigel Kersten
> Hey guys,
>
> The Pymacds library that Nigel added is quite cool. It creates a
> conduit to inspect your system and ensure that your machines search/
> contacts paths are added/removed depending on whether you're on or off-
> network.
>
> Unless I'm missing something, though, there seems to be no method of
> capturing the servers to which your machine is bound (something akin
> of the 'dscl localhost -list /LDAPv3' command). You could do a:
>
> SystemNodes = pymacds.GetSearchNodes()
> for nodes in SystemNodes:
> pymacds.EnsureSearchNodeAbsent(nodes)
That's pretty much it.
>
> This would remove the nodes from your /Search path, but if you want to
> re-add them later, I don't see any way of capturing those paths again
> the next time the script was run. You COULD create a global variable
> that stored the path like this:
>
> _Search_Path = '/LDAPv3/server.foo.com'
So you want to be able to retrieve all *configured* nodes that aren't
actually in the search path basically?
>
> This doesn't help, though, if you have a replica server in every
> building with a different name (which is what I have going on here).
> I COULD create a method that determines which building's network you
> were on, and ensure that you're bound to the nearest replica, but if
> I'm able to programmatically determine that with a dscl command that
> outputs to a plist it would save some lines of code. I don't know of
> a way to get the output, in plist format, of all the bound servers on
> a machine (dscl -plist localhost -read /LDAPv3 doesn't give me what I
> need) - maybe someone has a dscl trick up their sleeve? If a machine
> were bound to multiple servers, I could pull that info out of a plist
> and then iterate pymacds.EnsureSearchNodePresent(node) over it.
>
> Does anyone have any thoughts on this? Thanks!
>
> -Gary
>
> --
> You received this message because you are subscribed to the Google Groups "PyMacAdmin" group.
> To post to this group, send email to pymac...@googlegroups.com.
> To unsubscribe from this group, send email to pymacadmin+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/pymacadmin?hl=en.
>
>
Gary Larizza
>
> So you want to be able to retrieve all *configured* nodes that aren't
> actually in the search path basically?
>
I believe that's what I'm trying to say. The machine has been bound to
one of our OD replica servers, but we remove this replica from the
/Search path when the laptop goes off our corporate network. When the
laptop comes back to our network, i need to know exactly which server
should be in the /Search path. Previously I could pull that from dscl
-list localhost /LDAPv3 but if a machine is bound to MULTIPLE servers
we need a way to add them all.
I hope I'm making sense here.
>>
>> --
>> You received this message because you are subscribed to the Google Groups "PyMacAdmin" group.
>> To post to this group, send email to pymac...@googlegroups.com.
>> To unsubscribe from this group, send email to pymacadmin+...@googlegroups.com.
>> For more options, visit this group at http://groups.google.com/group/pymacadmin?hl=en.
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups "PyMacAdmin" group.
> To post to this group, send email to pymac...@googlegroups.com.
> To unsubscribe from this group, send email to pymacadmin+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/pymacadmin?hl=en.
>
>
--
Gary Larizza
Director of Technology
Huron City Schools
http://www.huronhs.com
悟
Nigel Kersten
<ga...@huron-city.k12.oh.us> wrote:
> On Monday, October 18, 2010, Nigel Kersten <ni...@explanatorygap.net> wrote:
>
>>
>> So you want to be able to retrieve all *configured* nodes that aren't
>> actually in the search path basically?
>>
>
> I believe that's what I'm trying to say. The machine has been bound to
> one of our OD replica servers, but we remove this replica from the
> /Search path when the laptop goes off our corporate network. When the
> laptop comes back to our network, i need to know exactly which server
> should be in the /Search path. Previously I could pull that from dscl
> -list localhost /LDAPv3 but if a machine is bound to MULTIPLE servers
> we need a way to add them all.
>
> I hope I'm making sense here.
Absolutely. I think I've got what you need, I just need to go look
what AD prefixes look like for completeness.
Nigel Kersten
<ni...@explanatorygap.net> wrote:
> On Mon, Oct 18, 2010 at 11:08 AM, Gary Larizza
> <ga...@huron-city.k12.oh.us> wrote:
>> On Monday, October 18, 2010, Nigel Kersten <ni...@explanatorygap.net> wrote:
>>
>>>
>>> So you want to be able to retrieve all *configured* nodes that aren't
>>> actually in the search path basically?
>>>
>>
>> I believe that's what I'm trying to say. The machine has been bound to
>> one of our OD replica servers, but we remove this replica from the
>> /Search path when the laptop goes off our corporate network. When the
>> laptop comes back to our network, i need to know exactly which server
>> should be in the /Search path. Previously I could pull that from dscl
>> -list localhost /LDAPv3 but if a machine is bound to MULTIPLE servers
>> we need a way to add them all.
>>
>> I hope I'm making sense here.
Hopefully this should be what you want?
I just checked in 0.3, it just lets you list configured nodes as well
as current nodes, and adds filtering for all of them so you can
specifically just ask for BSD, Local, LDAPv3, 'Active Directory'
nodes.
Clay Caviness
Nigel Kersten
> We're just calling EnsureSearchNodePresent/EnsureSearchNodeAbsent with our
> explicitly set search path, rather than determining the path on-the-fly. I
> think for most corporate uses, this is the better way to go.
I was going argue this point too, but then I realized that other
people may have replicas and/or distributed OD setups that don't rely
upon a DNS view to abstract it all away behind one hostname.
I'm getting fuzzy here, but I think AD does something a bit unusual
with DCs and the AD plugin too?
Then I remembered I wanted to add multiple local domain support for
people who are doing the secondary DSLocal domain, and it seemed
easiest to just add it all, especially given how little work it was.
(<3 list comprehensions)
Your point stands though. If you've got a single identifier for your
remote DS node, you should explicitly enforce it being present/absent,
but there could be situations where you might also want to audit for
non-sanctioned remote DS nodes.