Pages

Sunday, November 13, 2011

Migrating /etc/networks into LDAP

If you are using /etc/networks than you can move it into your LDAP. First take a look at your /etc/networks:

# cat /etc/networks
loopback        127.0.0.0
example.com     192.168.1.0
example2.com    192.168.2.0

Now create a ldif file that contains the above information:

# vi networks.ldif
dn: ou=networks,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: networks

dn: cn=example.com,ou=networks,dc=example,dc=com
objectClass: top
objectClass: ipNetwork
cn: example.com
ipNetworkNumber: 192.168.1.0
ipNetmaskNumber: 255.255.255.192

dn: cn=example2.com,ou=networks,dc=example,dc=com
objectClass: top
objectClass: ipNetwork
cn: example2.com
ipNetworkNumber: 192.168.2.0
ipNetmaskNumber: 255.255.255.0

Now add it to your LDAP server:

# ldapadd -x -W -D 'cn=ldapadmin,dc=example,dc=com' -f networks.ldif
Enter LDAP Password:
adding new entry "ou=networks,dc=example,dc=com"

adding new entry "cn=example.com,ou=networks,dc=example,dc=com"

adding new entry "cn=example2.com,ou=networks,dc=example,dc=com"

Next modify your ldap.conf so it can find your LDAP entrys:

# vi /etc/ldap.conf
...
nss_base_networks       ou=networks,dc=example,dc=com?one
...

Then configure /etc/nsswitch.conf and allow your system to look for ethernet addresses in your LDAP:

# vi /etc/nsswitch.conf
...
networks:       files ldap
...

Remove all entrys from /etc/networks except for loopback:

# vi /etc/networks
loopback        127.0.0.0
#example.com     192.168.1.0
#example2.com    192.168.2.0

And finally run a query:

# getent networks
loopback              127.0.0.0
example.com           192.168.1.0
example2.com          192.168.2.0