[Freeipa-users] fixing port numbers associated with the NIS

Rich Megginson rmeggins at redhat.com
Tue Nov 15 15:34:02 UTC 2011 

On 11/15/2011 08:12 AM, Boris Epstein wrote:
>
>
> On Tue, Nov 15, 2011 at 10:08 AM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     On 11/15/2011 07:44 AM, Boris Epstein wrote:
>>
>>
>>     On Mon, Nov 14, 2011 at 7:16 PM, Nalin Dahyabhai
>>     <nalin at redhat.com <mailto:nalin at redhat.com>> wrote:
>>
>>         On Mon, Nov 14, 2011 at 05:19:44PM -0500, Boris Epstein wrote:
>>         >    Hello all,
>>         >
>>         >    I am using the FreeIPA to run NIS via a plugin. Works
>>         great - except
>>         >    that the ypserv port numbers end up different after
>>         every reboot. That
>>         >    makes it hard to run it with the firewall activated.
>>         >
>>         >    Does anybody know how to make those port number
>>         assignments permanent?
>>
>>         There's no tooling specifically for doing this, but the
>>         plugin supports
>>         it.  In order to get it to use a fixed port, you'll need to
>>         edit the
>>         directory server entry for "cn=NIS Server, cn=plugins,
>>         cn=config" and
>>         add a "nsslapd-pluginarg0" value which contains the port
>>         number you'd
>>         like it to use.
>>
>>         You can do this either by stopping the directory server,
>>         editing its
>>         dse.ldif file directly, and then restarting it, or by editing
>>         the entry
>>         "live" using ldapmodify and then restarting the server.  The
>>         latter
>>         method (I'm using port 541 here) looks something like this:
>>
>>          # ldapmodify -x -D "cn=Directory Manager" -W <<- EOF
>>          dn: cn=NIS Server,cn=plugins,cn=config
>>          changetype: modify
>>          replace: nsslapd-pluginarg0
>>          nsslapd-pluginarg0: 541
>>          -
>>
>>          EOF
>>          # ipactl restart
>>
>>         You'll need to supply the Directory Manager password.  Once
>>         that's done,
>>         running "rpcinfo -p" on the server should show that the NIS
>>         service is
>>         listening on the desired port.
>>
>>         HTH,
>>
>>         Nalin
>>
>>
>>     Nalin,
>>
>>     Thanks a lot for the tip. It definitely looks like this put me on
>>     the right path though I am not quite there yet.
>>
>>     Doing what you suggested did not quite work. For one thing, the
>>     right cn is "NIS", not "NIS Server". Another thing is, it does
>>     not look like the LDIF files in question have
>>     the nsslapd-pluginarg0 parameter - or are happy with it being added.
>     You have to shutdown the directory server first
>     service dirsrv stop
>     or
>     systemctl stop dirsrv.target
>
>
> Rich,
>
> I even went as far as rebooting the whole machine - even that did not 
> seem to make a difference.
I mean - if you are editing dse.ldif instead of using ldapmodify, you 
must stop the server first - if you edit dse.ldif while the server is 
running, your edits will be lost.
>
> Boris.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111115/1200f738/attachment.htm>

More information about the Freeipa-users mailing list