Re: [Freeipa-users] fixing port numbers associated with the NIS

[Rich Megginson]

On 11/15/2011 08:12 AM, Boris Epstein wrote:


On Tue, Nov 15, 2011 at 10:08 AM, Rich Megginson <rmegg...@redhat.com 
<mailto:rmegg...@redhat.com>> wrote:

    On 11/15/2011 07:44 AM, Boris Epstein wrote:


    On Mon, Nov 14, 2011 at 7:16 PM, Nalin Dahyabhai
    <na...@redhat.com <mailto:na...@redhat.com>> wrote:

        On Mon, Nov 14, 2011 at 05:19:44PM -0500, Boris Epstein wrote:
        >    Hello all,
        >
        >    I am using the FreeIPA to run NIS via a plugin. Works
        great - except
        >    that the ypserv port numbers end up different after
        every reboot. That
        >    makes it hard to run it with the firewall activated.
        >
        >    Does anybody know how to make those port number
        assignments permanent?

        There's no tooling specifically for doing this, but the
        plugin supports
        it.  In order to get it to use a fixed port, you'll need to
        edit the
        directory server entry for "cn=NIS Server, cn=plugins,
        cn=config" and
        add a "nsslapd-pluginarg0" value which contains the port
        number you'd
        like it to use.

        You can do this either by stopping the directory server,
        editing its
        dse.ldif file directly, and then restarting it, or by editing
        the entry
        "live" using ldapmodify and then restarting the server.  The
        latter
        method (I'm using port 541 here) looks something like this:

         # ldapmodify -x -D "cn=Directory Manager" -W <<- EOF
         dn: cn=NIS Server,cn=plugins,cn=config
         changetype: modify
         replace: nsslapd-pluginarg0
         nsslapd-pluginarg0: 541
         -

         EOF
         # ipactl restart

        You'll need to supply the Directory Manager password.  Once
        that's done,
        running "rpcinfo -p" on the server should show that the NIS
        service is
        listening on the desired port.

        HTH,

        Nalin


    Nalin,

    Thanks a lot for the tip. It definitely looks like this put me on
    the right path though I am not quite there yet.

    Doing what you suggested did not quite work. For one thing, the
    right cn is "NIS", not "NIS Server". Another thing is, it does
    not look like the LDIF files in question have
    the nsslapd-pluginarg0 parameter - or are happy with it being added.
    You have to shutdown the directory server first
    service dirsrv stop
    or
    systemctl stop dirsrv.target


Rich,

I even went as far as rebooting the whole machine - even that did not 
seem to make a difference.
I mean - if you are editing dse.ldif instead of using ldapmodify, you 
must stop the server first - if you edit dse.ldif while the server is 
running, your edits will be lost.

Boris.


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users