[Freeipa-users] NIS support gone with 4.2?

Alexander Bokovoy abokovoy at redhat.com
Sun Jan 3 20:39:48 UTC 2016 

On Sun, 03 Jan 2016, Harald Dunkel wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>On 01/03/16 19:29, Alexander Bokovoy wrote:
>> Alternatively, do following:
>>
>> ipa-nis-manage disable
>>
>> ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn
>>
>> You'll get list of DNs like this: dn: nis-domain=<domain>+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config
>>
>> dn: nis-domain=<domain>+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config
>>
>> Run ldapdelete -D "cn=Directory Manager" -W "<dn1>" "<dn2>" ...
>>
>> where <dn..> is what you've got after "dn: "
>>
>> This is how you can delete those entries.
>>
>> After that, run 'ipa-nis-manage enable'.
>>
>
>Hi Alex,
>
>sorry to say, but it did not work:
>
>[root at ipa2 ~]# ipa-nis-manage disable
>Directory Manager password:
>
>This setting will not take effect until you restart Directory Server.
>[root at ipa2 ~]# systemctl restart dirsrv at EXAMPLE-COM
>[root at ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn
>Enter LDAP Password:
>dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=con
> fig
>
>dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=con
> fig
>
>[root at ipa2 ~]# ldapdelete -D "cn=Directory Manager" -W "nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config" "nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config"
>Enter LDAP Password:
>[root at ipa2 ~]# ipa-nis-manage enable
>Directory Manager password:
>
>Enabling plugin
>This setting will not take effect until you restart Directory Server.
>The portmap service may need to be started.
>[root at ipa2 ~]# systemctl restart dirsrv at EXAMPLE-COM
>[root at ipa2 ~]# systemctl restart rpcbind
>[root at ipa2 ~]# ypcat -h localhost -d example.com passwd
>No such map passwd.byname. Reason: No such map in server's domain
>[root at ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn
>Enter LDAP Password:
>[root at ipa2 ~]#
>
>I tried it on a replica, though.
Yes, this looks like a bug in the ipa-nis-manage which is a bit larger
than I thought originally.

You can restore maps by running

ipa-ldap-updater /usr/share/ipa/nis.uldif

after that and restarting the dirsrv, you should be seeing the maps.

-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list