On Nov 13, 2017, at 12:51 PM, Alexander Bokovoy
<abokovoy(a)redhat.com> wrote:
Not sure why you keep saying that.
Your example showed only one entry. Suppose I want to generate
(host1, user1,)
(host2, user2,)
I can use
ipa netgroup-add-member —hosts=host1 —users=user1
ipa netgroup-add-member —hosts=host2 —users=user2
But the results aren’t always as expected
Failure mode 1: deleting a host
ipa netgroup-add-member testng --hosts=www.rutgers.edu --users=hedrick
ipa netgroup-add-member testng --hosts=c217.cs.rutgers.edu --users=clh
nisNetgroupTriple: (
www.rutgers.edu,hedrick,cs.rutgers.edu)
nisNetgroupTriple: (
c217.cs.rutgers.edu,clh,cs.rutgers.edu)
ipa host-del
www.rutgers.edu
nisNetgroupTriple: (
c217.cs.rutgers.edu,hedrick,cs.rutgers.edu)
nisNetgroupTriple: (-,clh,cs.rutgers.edu)
Note that hedrick is now paired with c217, not www.
Failure mode 2: external host mixed with internal
ipa netgroup-add-member testng --users=dsmith --hosts=rci.rutgers.edu
nisNetgroupTriple: (
rci.rutgers.edu,hedrick,cs.rutgers.edu)
nisNetgroupTriple: (
c217.cs.rutgers.edu,clh,cs.rutgers.edu)
nisNetgroupTriple: (-,dsmith,cs.rutgers.edu)
Probably not what I intended. The problem is that external hosts are shown first, while
the user is added last.