Pages

Sunday, November 13, 2011

Migrating /etc/ethers into LDAP

If you are using /etc/ethers than you can move it into your LDAP. First take a look at your /etc/ethers:

# cat /etc/ethers
00:1B:21:02:96:56    192.168.1.70
00:30:05:c5:2a:ba    192.168.1.73
98:FC:11:79:37:76    192.168.1.69

Now create a ldif file that contains the above information:

# vi ethers.ldif
dn: ou=ethers,dc=example,dc=com
ou: ethers
objectClass: top
objectClass: organizationalUnit

dn: cn=192.168.1.70,ou=ethers,dc=example,dc=com
cn: 192.168.1.70
macAddress: 00:1B:21:02:96:56
objectClass: ieee802Device
objectClass: device
objectClass: top
description: Blog Server

dn: cn=192.168.1.73,ou=ethers,dc=example,dc=com
cn: 192.168.1.73
macAddress: 00:30:05:c5:2a:ba
objectClass: ieee802Device
objectClass: device
objectClass: top
description: Domain Controller


dn: cn=192.168.1.69,ou=ethers,dc=example,dc=com
cn: 192.168.1.69
macAddress: 98:FC:11:79:37:76
objectClass: ieee802Device
objectClass: device
objectClass: top
description: WLAN Router


Now add it to your LDAP server:

# ldapadd -x -W -D 'cn=ldapadmin,dc=example,dc=com' -f ethers.ldif
Enter LDAP Password:
adding new entry "ou=ethers,dc=example,dc=com"

adding new entry "cn=192.168.1.70,ou=ethers,dc=example,dc=com"

adding new entry "cn=192.168.1.73,ou=ethers,dc=example,dc=com"

adding new entry "cn=192.168.1.69,ou=ethers,dc=example,dc=com"

Next modify your ldap.conf so it can find your LDAP entrys:

# vi /etc/ldap.conf
...
nss_base_ethers        ou=ethers,dc=example,dc=com?one
...

Then configure /etc/nsswitch.conf and allow your system to look for ethernet addresses in your LDAP:

# vi /etc/nsswitch.conf
...
ethers:         files ldap
...

Finally move the original /etc/ethers to another location and test a query against your LDAP:

# mv /etc/ethers /etc/ethers.bak
# getent ethers 00:1B:21:02:96:56
0:1b:21:2:96:56 192.168.1.70
# getent ethers 192.168.1.73
0:30:5:c5:2a:ba 192.168.1.73


It will show you the IP and ethernet address for your query.