On Sun, 03 Jan 2016, Harald Dunkel wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 01/03/16 19:29, Alexander Bokovoy wrote:
Alternatively, do following:

ipa-nis-manage disable

ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS 
Server,cn=plugins,cn=config" dn

You'll get list of DNs like this: dn: 
nis-domain=<domain>+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config

dn: nis-domain=<domain>+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config

Run ldapdelete -D "cn=Directory Manager" -W "<dn1>" "<dn2>" ...

where <dn..> is what you've got after "dn: "

This is how you can delete those entries.

After that, run 'ipa-nis-manage enable'.


Hi Alex,

sorry to say, but it did not work:

[root@ipa2 ~]# ipa-nis-manage disable
Directory Manager password:

This setting will not take effect until you restart Directory Server.
[root@ipa2 ~]# systemctl restart dirsrv@EXAMPLE-COM
[root@ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS 
Server,cn=plugins,cn=config" dn
Enter LDAP Password:
dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=con
fig

dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=con
fig

[root@ipa2 ~]# ldapdelete -D "cn=Directory Manager" -W 
"nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config" 
"nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config"
Enter LDAP Password:
[root@ipa2 ~]# ipa-nis-manage enable
Directory Manager password:

Enabling plugin
This setting will not take effect until you restart Directory Server.
The portmap service may need to be started.
[root@ipa2 ~]# systemctl restart dirsrv@EXAMPLE-COM
[root@ipa2 ~]# systemctl restart rpcbind
[root@ipa2 ~]# ypcat -h localhost -d example.com passwd
No such map passwd.byname. Reason: No such map in server's domain
[root@ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS 
Server,cn=plugins,cn=config" dn
Enter LDAP Password:
[root@ipa2 ~]#

I tried it on a replica, though.
Yes, this looks like a bug in the ipa-nis-manage which is a bit larger
than I thought originally.

You can restore maps by running

ipa-ldap-updater /usr/share/ipa/nis.uldif

after that and restarting the dirsrv, you should be seeing the maps.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to