LDAP Hosts

From ArchWiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: Written in first person (Discuss in Talk:LDAP Hosts)

This document will allow you to put your /etc/hosts into your LDAP server. At first make sure you have an LDAP server up and running (take LDAP authentication as an introduction). Next you need to create a proper ldif file from /etc/hosts. Actually mine is like:

127.0.0.1 localhost
192.168.1.1 gojira.marex.local gojira
192.168.1.50 gamera.marex.local gamera
192.168.1.51 iris.marex.local iris
192.168.1.52 zedan.marex.local zedan

Where 127.0.0.1 is localhost (of course), 192.168.1.1 is the LDAP server, followed by at least 3 workstation (gamera, iris & zedan). For a ldif file you need to create a ou for your hosts and each host (I will call the next file hosts.ldif):

dn: ou=Hosts,dc=marex,dc=local                                                                                              
objectClass: organizationalUnit                                                                                             
objectClass: top                                                                                                            
ou: Hosts

dn: cn=gojira+ipHostNumber=192.168.1.1,ou=Hosts,dc=marex,dc=local
objectClass: ipHost
objectClass: device
objectClass: top
cn: gojira
ipHostNumber: 192.168.1.1

dn: cn=gamera+ipHostNumber=192.168.1.50,ou=Hosts,dc=marex,dc=local
objectClass: ipHost
objectClass: device
objectClass: top
cn: gamera
ipHostNumber: 192.168.1.50

dn: cn=iris+ipHostNumber=192.168.1.51,ou=Hosts,dc=marex,dc=local
objectClass: ipHost
objectClass: device
objectClass: top
cn: iris
ipHostNumber: 192.168.1.51

dn: cn=zedan+ipHostNumber=192.168.1.52,ou=Hosts,dc=marex,dc=local
objectClass: ipHost
objectClass: device
objectClass: top
cn: zedan
ipHostNumber: 192.168.1.52

Next put the file into your LDAP server with your credentials (output truncated):

$ ldapadd -x -W -D 'cn=ldapadmin,dc=marex,dc=local' -h 192.168.1.1 -p 389 -f hosts.ldif
...
adding new entry "cn=zedan+ipHostNumber=192.168.1.52,ou=Hosts,dc=marex,dc=local"

If everything filled up then edit your /etc/nss_ldap.conf and change the line beginning with nss_base_hosts to the following:

nss_base_hosts          ou=Hosts,dc=marex,dc=local?one

Now change the /etc/hosts in that way that only localhost, the LDAP server and the own name of the workstation exist. An example how it could look on the workstation gamera:

127.0.0.1 localhost
192.168.1.1 gojira.marex.local gojira
192.168.1.50 gamera.marex.local gamera

On the LDAP server you can ignore every workstation. Finally you need to edit the hosts entry in your /etc/nsswitch.conf:

hosts:          files dns ldap

Now test your configuration:

$ getent hosts
127.0.0.1       localhost
192.168.1.1     gojira.marex.local gojira
192.168.1.50    gamera.marex.local gamera
192.168.1.1     gojira
192.168.1.50    gamera
192.168.1.51    iris
192.168.1.52    zedan

The first 3 lines are from /etc/hosts, the last 4 lines are from your LDAP server. Finally to get ping working with LDAP you need to start nscd:

$ mkdir -p /var/db/nscd
$ mkdir -p /var/run/nscd
$ /etc/rc.d/nscd start
$ ping iris
PING iris (192.168.1.51) 56(84) bytes of data.
...