On Tue, Nov 15, 2011 at 10:08 AM, Rich Megginson <[email protected]>wrote:
> ** > On 11/15/2011 07:44 AM, Boris Epstein wrote: > > > > On Mon, Nov 14, 2011 at 7:16 PM, Nalin Dahyabhai <[email protected]> wrote: > >> On Mon, Nov 14, 2011 at 05:19:44PM -0500, Boris Epstein wrote: >> > Hello all, >> > >> > I am using the FreeIPA to run NIS via a plugin. Works great - except >> > that the ypserv port numbers end up different after every reboot. >> That >> > makes it hard to run it with the firewall activated. >> > >> > Does anybody know how to make those port number assignments >> permanent? >> >> There's no tooling specifically for doing this, but the plugin supports >> it. In order to get it to use a fixed port, you'll need to edit the >> directory server entry for "cn=NIS Server, cn=plugins, cn=config" and >> add a "nsslapd-pluginarg0" value which contains the port number you'd >> like it to use. >> >> You can do this either by stopping the directory server, editing its >> dse.ldif file directly, and then restarting it, or by editing the entry >> "live" using ldapmodify and then restarting the server. The latter >> method (I'm using port 541 here) looks something like this: >> >> # ldapmodify -x -D "cn=Directory Manager" -W <<- EOF >> dn: cn=NIS Server,cn=plugins,cn=config >> changetype: modify >> replace: nsslapd-pluginarg0 >> nsslapd-pluginarg0: 541 >> - >> >> EOF >> # ipactl restart >> >> You'll need to supply the Directory Manager password. Once that's done, >> running "rpcinfo -p" on the server should show that the NIS service is >> listening on the desired port. >> >> HTH, >> >> Nalin >> > > Nalin, > > Thanks a lot for the tip. It definitely looks like this put me on the > right path though I am not quite there yet. > > Doing what you suggested did not quite work. For one thing, the right cn > is "NIS", not "NIS Server". Another thing is, it does not look like the > LDIF files in question have the nsslapd-pluginarg0 parameter - or are happy > with it being added. > > You have to shutdown the directory server first > service dirsrv stop > or > systemctl stop dirsrv.target > Rich, I even went as far as rebooting the whole machine - even that did not seem to make a difference. Boris.
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
