Workaround for Event-Hold Script Problem
Novell Cool Solutions: Tip
Digg This -
Posted: 30 Aug 2006
I am trying to sync passwords from NIS to the ID Vault using the bi-directional driver. All modifications from NIS work fine expect for the password change. What I have figured out is that the poll.sh script looks for deltas in the maps and when it finds a change, submits this as an event to the changelog. The Publisher shim picks this up and creates an event for processing by the IDM engine and then deletes the file in the changelog. So far so good.
However, I find that after installing the PAM module, when the password is changed in NIS using the passwd command on the NIS Master, the "event" is submitted as a "hold" file in the changelog (e.g., hold20060816 ...) If I rename this file to begin with "event20060816 ...", the password change is processed correctly by the publisher shim, so I know that the actual password change is showing up from PAM. To confirm, I submitted other events and saw that they always enter the changelog with the event prefix before they are processed and then cleaned out.
So presumably the password change (PAM module) should not be submitting as a "hold" file. Anybody know anything about this?
You are indeed correct on all your observations. The "hold" technique was designed so that "modify password" events would not enter the changelog before a potential "add" event for a new user that may have been created. Otherwise, the user would be created, then if the password was changed by PAM, the password event could enter the changelog first. Then the poll script would pick up the add and put it in later.
However, the poll.sh script should be doing a "--release", which instructs nxclh to release all events on hold. This is done after it scans for the deltas.
Looking at the nis/poll.sh myself, I can see where this is a problem. It seems that the "--release" was added to the files/poll.sh, but not the nis/poll.sh or nisplus/poll.sh.
To fix this, simply edit nis/poll.sh and add the line:
# if the changelog has any "hold" events, release them $CHANGELOG --release
right before it checks $YPGROUP (the group map) for changes. This will be updated in the field patches.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com