I'm suppose to setup an environment where we migrate from NIS to FreeIPA with NIS listener enabled for those older non-ldap systems. The issue I'm having a bit of an issue where we want to have FreeIPA domain on a different domain than NIS domain for example "ldap.com" and for NIS domain will be the old existing domain "nis.com" . Could you guys point me to the right direction ? since FreeIPA server installation automatically set NIS domain name to the same as FreeIPA domain and I haven't figure out a way to configure it.
OS: CentOS 7 FreeIPA version: 4.6.5
Thanks
This is not supported per se but you might get some success with the following.
See dn: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX, this is managed entry plugin configuration that sets static attribute value when creating the entry. See install/share/host_nis_groups.ldif and install/updates/20-host_nis_groups.update how these are defined and overridden on upgrade. If you change mepStaticAttr: nisDomainName: $DOMAIN in the actual cn=NGP HGP Template, new host entries will be created with the new value.
dn: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
install/share/host_nis_groups.ldif
install/updates/20-host_nis_groups.update
mepStaticAttr: nisDomainName: $DOMAIN
cn=NGP HGP Template
For old ones it is easier to modify netgroups with ipa netgroup-mod --nisdomainname=....
ipa netgroup-mod --nisdomainname=...
Then you need to modify slapi-nis configuration to add additional per-domain maps for new NIS domain name in addition to existing ones. To do so, you need to take a copy install/share/nis.uldif file, change $DOMAIN there to your NIS domain name ($DOMAIN always is set with the IPA primary domain value), name this copy as 80-my-nis-config.update and call ipa-ldap-updater ./80-my-nis-config.update. See https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ for more details about ipa-ldap-updater.
install/share/nis.uldif
$DOMAIN
80-my-nis-config.update
ipa-ldap-updater ./80-my-nis-config.update
ipa-ldap-updater
I'm closing this ticket because it is not an issue in a normal sense. If you need to continue, please use freeipa-users@ mailing list.
Metadata Update from @abbra: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
@abbra Thanks for the quick response. I'll try it once I get back to the office .
Login to comment on this ticket.