Before you continue reading you should know that migrating /etc/services into LDAP may refuses your system to boot. I had plenty of trouble with /etc/services in LDAP, that is why I don't use it anymore. The next point is that you may use different operating systems. In this case the content of /etc/services may differ. When I take a look at /etc/services in Slackware, I have three entrys for port 1:
# more /etc/services
...
rtmp 1/ddp #Routing Table Maintenance Protocol
tcpmux 1/tcp #TCP Port Service Multiplexer
tcpmux 1/udp #TCP Port Service Multiplexer
...
In Solaris 10 I have only one entry for port 1:
# more /etc/services
...
tcpmux 1/tcp
...
What is right and what is wrong now?
Nevertheless, here is a way to put /etc/services into LDAP. I will use ssh as an example, in most cases it runs on all systems on port 22. First create a ldif file like this:
# vi services.ldif
dn: ou=services,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: services
dn: cn=ssh+ipServiceProtocol=tcp,ou=services,dc=example,dc=com
objectClass: ipService
objectClass: top
cn: ssh
ipServicePort: 22
ipServiceProtocol: tcp
dn: cn=ssh+ipServiceProtocol=udp,ou=services,dc=example,dc=com
objectClass: ipService
objectClass: top
cn: ssh
ipServicePort: 22
ipServiceProtocol: udp
It contains an organizational unit and two objects for ssh for udp and tcp on port 22. Then add the content to your DIT:
# ldapadd -x -W -D 'cn=ldapadmin,dc=example,dc=com' -f services.ldif
Enter LDAP Password:
adding new entry "ou=services,dc=example,dc=com"
adding new entry "cn=ssh+ipServiceProtocol=tcp,ou=services,dc=example,dc=com"
adding new entry "cn=ssh+ipServiceProtocol=udp,ou=services,dc=example,dc=com"
Nect uncomment the ssh lines in /etc/services:
# vi /etc/services
...
#ssh 22/tcp #Secure Shell Login
#ssh 22/udp #Secure Shell Login
...
Now test that your system can't resolve port 22 with ssh:
# getent services | grep ssh | grep 22
With the command above you shouldn't get any output. Now prepare your system to lookup for services in your LDAP. First tell your system where to look for services in your LDAP by adding the nss_base_services line into /etc/ldap.conf:
# vi /etc/ldap.conf
...
nss_base_services ou=services,dc=example,dc=com?one
...
Then tell your system to look for services in your LDAP by modifying /etc/nsswitch.conf:
# vi /etc/nsswitch.conf
...
services: files ldap
...
Your system is now ready. Give it a try with the getent command from above:
# getent services | grep ssh | grep 22
ssh 22/tcp
ssh 22/udp
That's it. As I told you, I don't recommend migrating /etc/services in LDAP. Maybe it was just me but I had lots of trouble with this.
No comments:
Post a Comment