<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 11/15/2011 08:12 AM, Boris Epstein wrote:
<blockquote
cite="mid:CADeF1XEZ_aVvYzeaB_UZWAZqi_Nowr0fW1YMLL-5mzNa6qykKw@mail.gmail.com"
type="cite"><br>
<br>
<div class="gmail_quote">On Tue, Nov 15, 2011 at 10:08 AM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
<div>
<div class="h5"> On 11/15/2011 07:44 AM, Boris Epstein
wrote:
<blockquote type="cite"><br>
<br>
<div class="gmail_quote">On Mon, Nov 14, 2011 at 7:16
PM, Nalin Dahyabhai <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:nalin@redhat.com" target="_blank">nalin@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt
0pt 0pt 0.8ex; border-left: 1px solid rgb(204,
204, 204); padding-left: 1ex;">
<div>
<div>On Mon, Nov 14, 2011 at 05:19:44PM -0500,
Boris Epstein wrote:<br>
> Hello all,<br>
><br>
> I am using the FreeIPA to run NIS via
a plugin. Works great - except<br>
> that the ypserv port numbers end up
different after every reboot. That<br>
> makes it hard to run it with the
firewall activated.<br>
><br>
> Does anybody know how to make those
port number assignments permanent?<br>
<br>
</div>
</div>
There's no tooling specifically for doing this,
but the plugin supports<br>
it. In order to get it to use a fixed port,
you'll need to edit the<br>
directory server entry for "cn=NIS Server,
cn=plugins, cn=config" and<br>
add a "nsslapd-pluginarg0" value which contains
the port number you'd<br>
like it to use.<br>
<br>
You can do this either by stopping the directory
server, editing its<br>
dse.ldif file directly, and then restarting it, or
by editing the entry<br>
"live" using ldapmodify and then restarting the
server. The latter<br>
method (I'm using port 541 here) looks something
like this:<br>
<br>
# ldapmodify -x -D "cn=Directory Manager" -W
<<- EOF<br>
dn: cn=NIS Server,cn=plugins,cn=config<br>
changetype: modify<br>
replace: nsslapd-pluginarg0<br>
nsslapd-pluginarg0: 541<br>
-<br>
<br>
EOF<br>
# ipactl restart<br>
<br>
You'll need to supply the Directory Manager
password. Once that's done,<br>
running "rpcinfo -p" on the server should show
that the NIS service is<br>
listening on the desired port.<br>
<br>
HTH,<br>
<br>
Nalin<br>
</blockquote>
</div>
<br>
<div>Nalin,</div>
<div><br>
</div>
<div>Thanks a lot for the tip. It definitely looks
like this put me on the right path though I am not
quite there yet.</div>
<div><br>
</div>
<div>Doing what you suggested did not quite work. For
one thing, the right cn is "NIS", not "NIS Server".
Another thing is, it does not look like the LDIF
files in question have the nsslapd-pluginarg0
parameter - or are happy with it being added.</div>
</blockquote>
</div>
</div>
You have to shutdown the directory server first<br>
service dirsrv stop<br>
or<br>
systemctl stop dirsrv.target<br>
</div>
</blockquote>
<div><br>
</div>
<div>Rich,</div>
<div><br>
</div>
<div>I even went as far as rebooting the whole machine - even
that did not seem to make a difference.</div>
</div>
</blockquote>
I mean - if you are editing dse.ldif instead of using ldapmodify,
you must stop the server first - if you edit dse.ldif while the
server is running, your edits will be lost.<br>
<blockquote
cite="mid:CADeF1XEZ_aVvYzeaB_UZWAZqi_Nowr0fW1YMLL-5mzNa6qykKw@mail.gmail.com"
type="cite">
<div class="gmail_quote">
<div><br>
</div>
<div>Boris. </div>
</div>
<br>
</blockquote>
<br>
</body>
</html>