Pages

Sunday, November 13, 2011

Migrating /etc/hosts into LDAP

If you are using /etc/hosts than you can move it into your LDAP. First take a look at your /etc/hosts:

# cat /etc/hosts
127.0.0.1        localhost
192.168.1.70     blog01
192.168.1.73     dc01
192.168.1.69     wlan01

Now create a ldif file that contains the above information:

# vi hosts.ldif
dn: ou=hosts,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: hosts

dn: cn=blog01+ipHostNumber=192.168.1.70,ou=hosts,dc=example,dc=com
ipHostNumber: 192.168.1.70
objectClass: top
objectClass: ipHost
objectClass: device
cn: blog01

dn: cn=dc01+ipHostNumber=192.168.1.73,ou=hosts,dc=example,dc=com
ipHostNumber: 192.168.1.73
objectClass: top
objectClass: ipHost
objectClass: device
cn: dc01

dn: cn=wlan01+ipHostNumber=192.168.1.69,ou=hosts,dc=example,dc=com
ipHostNumber: 192.168.1.69
objectClass: top
objectClass: ipHost
objectClass: device
cn: wlan01


Now add it to your LDAP server:

# ldapadd -x -W -D 'cn=ldapadmin,dc=example,dc=com' -f hosts.ldif
Enter LDAP Password:
adding new entry "ou=hosts,dc=example,dc=com"

adding new entry "cn=blog01+ipHostNumber=192.168.1.70,ou=hosts,dc=example,dc=com"

adding new entry "cn=dc01+ipHostNumber=192.168.1.73,ou=hosts,dc=example,dc=com"

adding new entry "cn=wlan01+ipHostNumber=192.168.1.69,ou=hosts,dc=example,dc=com"

Next modify your ldap.conf so it can find your LDAP entrys:

# vi /etc/ldap.conf
...
nss_base_hosts        ou=hosts,dc=example,dc=com?one
...

Then configure /etc/nsswitch.conf and advise your system to look for your hosts in your files and your LDAP:

# vi /etc/nsswitch.conf
...
hosts:         files ldap
...

Now comment every server out that appear in /etc/hosts except for localhost and the server itself:

# vi /etc/hosts
127.0.0.1        localhost
192.168.1.70     blog01
#192.168.1.73     dc01
#192.168.1.69     wlan01

Finally test a query against your LDAP:

# getent hosts
127.0.0.1       localhost
192.168.1.70    blog01
192.168.1.70    blog01
192.168.1.73    dc01
192.168.1.69    wlan01

It will show you the IP and the hostname - as expected. The server blog01 shows up twice, one from /etc/hosts and one from your LDAP. If you try now to ping a server that is only stored in your LDAP then you will notice that it does not work:

# ping dc01
^C

Before you can ping any server which IP is stored in your LDAP you have to start nscd (Naming Service Caching Daemon). After nscd is started you can ping every server that is stored in your LDAP only:

# nscd
# ping dc01
PING dc01 (192.168.1.73) 56(84) bytes of data.
64 bytes from dc01 (192.168.1.73): icmp_req=1 ttl=64 time=0.675 ms
...