If you are using any rpc service like NFS or NIS then you probably know the command rpcinfo. With rpcinfo you can get all rpc servives running on a remote host:
# rpcinfo -p dc01
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
...
The information about program (10000), service (portmapper) and the description (portmap, sunrpc and rpcbind) are stored in /etc/rpc:
# grep portmapper /etc/rpc
portmapper 100000 portmap sunrpc rpcbind
The information about the protocol (tcp/udp) and the port (111) are stored in /etc/services but won't matter here:
# grep 111 /etc/services
sunrpc 111/tcp rpcbind #SUN Remote Procedure Call
sunrpc 111/udp rpcbind #SUN Remote Procedure Call
If you are thinking about migrating /etc/services into LDAP - don't. Stop it. It is a real bad idea.
The information stored in /etc/rpc can be stored in LDAP. In most cases this is not necassary but possible and here is a way how to do this. To migrate the /etc/rpc file to LDAP take a look at the file first:
# cat /etc/rpc
...
portmapper 100000 portmap sunrpc rpcbind
...
The appropiate ldif for the portmapper looks like this:
# vi /etc/rpc.ldif
dn: ou=rpc,dc=example,dc=com
ou: rpc
objectClass: top
objectClass: organizationalUnit
dn: cn=portmapper,ou=rpc,dc=example,dc=com
objectClass: oncRpc
objectClass: top
cn: rpcbind
cn: portmap
cn: sunrpc
description: rpcbind
oncRpcNumber: 100000
At the top it has a organisational unit for all rpc services. You only need this once. The second object is for the portmapper itself. It contains all information shown in /etc/rpc like the service, programm and description. Now add the the file /etc/rpc.ldif to your LDAP:
# ldapadd -x -W -D 'cn=ldapadmin,dc=example,dc=com' -f /etc/rpc.ldif
Enter LDAP Password:
adding new entry "ou=rpc,dc=example,dc=com"
adding new entry "cn=portmapper,ou=rpc,dc=example,dc=com"
Configure your nsswitch.conf to look for rpc services in LDAP and disable the file lookup:
vi /etc/nsswitch.conf
...
rpc: ldap
#rpc: files
...
Tell your LDAP client where to look for rpc services:
# vi /etc/ldap.conf
...
nss_base_rpc ou=rpc,dc=example,dc=com?one
...
Then check if your configuration works:
# getent rpc
portmapper 100000 rpcbind portmap sunrpc
If you disabled the file lookup and enabled the LDAP lookup only in /etc/nsswitch.conf then you should get only one entry. Now use rpcinfo to check all rpc services on a remote host again:
# rpcinfo -p dc01
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 52036
100024 1 tcp 35779
..
Everything after the portmapper shows up real slow. This happens because for each entry rpcinfo tries to lookup in your LDAP for an appropiate rpc service which does not contain so far. That means that you have to create a LDAP object for each entry in /etc/rpc and add it to your LDAP.
No comments:
Post a Comment