Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. The Name Service Switch (Overview)
Part II DNS Setup and Administration
3. DNS Setup and Administration (Reference)
Part III NIS Setup and Administration
4. Network Information Service (NIS) (Overview)
5. Setting Up and Configuring NIS Service
Part IV LDAP Naming Services Setup and Administration
8. Introduction to LDAP Naming Services (Overview/Reference)
9. LDAP Basic Components and Concepts (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Sun Java System Directory Server With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP General Reference (Reference)
15. Transitioning From NIS to LDAP (Overview/Tasks)
16. Transitioning From NIS+ to LDAP
NIS+ to LDAP Tools and the Service Management Facility
When Not to Use SMF With NIS+ to LDAP
Modifying the /lib/svc/method/nisplus File
Creating Attributes and Object Classes
Getting Started With the NIS+ to LDAP Transition
Default Location in LDAP and NIS+
Timeout/Size Limits and Referral Action for LDAP Communication
General LDAP Operation Control
nisplusLDAPdatabaseIdMapping Attribute
nisplusLDAPattributeFromColumn Attribute
nisplusLDAPcolumnFromAttribute Attribute
NIS+ to LDAP Migration Scenarios
How to Convert All NIS+ Data to LDAP in One Operation
How to Convert All LDAP Data to NIS+ in One Operation
How to Merge NIS+ and LDAP Data
Masters and Replicas (NIS+ to LDAP)
The Directory Server (NIS+ to LDAP)
Configuring the Sun Java System Directory Server
Assigning Server Address and Port Number
Mapping NIS+ Objects Other Than Table Entries
NIS+ Entry Owner, Group, Access, and TTL
How to Store Additional Entry Attributes in LDAP
Principal Names and Netnames (NIS+ to LDAP)
client_info and timezone Tables (NIS+ to LDAP)
client_info Attributes and Object Class
timezone Attributes and Object Class
Adding New Object Mappings (NIS+ to LDAP)
A. Solaris 10 Software Updates to DNS, NIS, and LDAP
In addition to keeping NIS+/LDAP configuration information in the configuration files and on the command line, configuration attributes can also be stored in LDAP. This is useful if the configuration information is shared by many NIS+ servers, and is expected to change on a regular basis.
To enable storing of configuration attributes in LDAP, consult your LDAP server documentation and create the following new attributes and object class. The configuration information is expected to reside at the location specified by the nisplusLDAPconfigDN value (from the rpc.nisd command line, or from /lib/svc/method/nisplus), with a cn equal to the nisplusLDAPbaseDomain value (as it is known to the rpc.nisd daemon before reading any configuration information from LDAP).
LDIF data is suitable for ldapadd(1) (attribute and object class OIDs are examples only).
The defaultSearchBase, preferredServerList, and authenticationMethod attributes derive from a draft “DUA config” schema, which is intended to become an IETF standard. In any case, the following definitions are sufficient for the purposes of NIS+LDAPmapping(4).
dn: cn=schema changetype: modify add: attributetypes attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' \ DESC 'Default LDAP base DN used by a DUA' \ EQUALITY distinguishedNameMatch \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' \ DESC 'Preferred LDAP server host addresses to be used by a DUA' \ EQUALITY caseIgnoreMatch \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' \ DESC 'Identifies the authentication method used to connect to the DSA'\ EQUALITY caseIgnoreMatch \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
NIS+/LDAP configuration attributes are as follows.
dn: cn=schema changetype: modify add: attributetypes attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.0 \ NAME 'nisplusLDAPTLS' \ DESC 'Transport Layer Security' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.1 \ NAME 'nisplusLDAPTLSCertificateDBPath' \ DESC 'Certificate file' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.2 \ NAME 'nisplusLDAPproxyUser' \ DESC 'Proxy user for data store/retrieval' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.3 \ NAME 'nisplusLDAPproxyPassword' \ DESC 'Password/key/shared secret for proxy user' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.4 \ NAME 'nisplusLDAPinitialUpdateAction' \ DESC 'Type of initial update' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.5 \ NAME 'nisplusLDAPinitialUpdateOnly' \ DESC 'Exit after update ?' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.6 \ NAME 'nisplusLDAPretrieveErrorAction' \ DESC 'Action following an LDAP search error' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.7 \ NAME 'nisplusLDAPretrieveErrorAttempts' \ DESC 'Number of times to retry an LDAP search' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.8 \ NAME 'nisplusLDAPretrieveErrorTimeout' \ DESC 'Timeout between each search attempt' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.9 \ NAME 'nisplusLDAPstoreErrorAction' \ DESC 'Action following an LDAP store error' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.10 \ NAME 'nisplusLDAPstoreErrorAttempts' \ DESC 'Number of times to retry an LDAP store' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.11 \ NAME 'nisplusLDAPstoreErrorTimeout' \ DESC 'Timeout between each store attempt' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.12 \ NAME 'nisplusLDAPrefreshErrorAction' \ DESC 'Action when refresh of NIS+ data from LDAP fails' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.13 \ NAME 'nisplusLDAPrefreshErrorAttempts' \ DESC 'Number of times to retry an LDAP refresh' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.14 \ NAME 'nisplusLDAPrefreshErrorTimeout' \ DESC 'Timeout between each refresh attempt' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.15 \ NAME 'nisplusNumberOfServiceThreads' \ DESC 'Max number of RPC service threads' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.16 \ NAME 'nisplusThreadCreationErrorAction' \ DESC 'Action when a non-RPC-service thread creation fails' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.17 \ NAME 'nisplusThreadCreationErrorAttempts' \ DESC 'Number of times to retry thread creation' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.18 \ NAME 'nisplusThreadCreationErrorTimeout' \ DESC 'Timeout between each thread creation attempt' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.19 \ NAME 'nisplusDumpErrorAction' \ DESC 'Action when an NIS+ dump fails' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.20 \ NAME 'nisplusDumpErrorAttempts' \ DESC 'Number of times to retry a failed dump' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.21 \ NAME 'nisplusDumpErrorTimeout' \ DESC 'Timeout between each dump attempt' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.22 \ NAME 'nisplusResyncService' \ DESC 'Service provided during a resync' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.23 \ NAME 'nisplusUpdateBatching' \ DESC 'Method for batching updates on master' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.24 \ NAME 'nisplusUpdateBatchingTimeout' \ DESC 'Minimum time to wait before pinging replicas' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.25 \ NAME 'nisplusLDAPmatchFetchAction' \ DESC 'Should pre-fetch be done ?' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.26 \ NAME 'nisplusLDAPbaseDomain' \ DESC 'Default domain name used in NIS+/LDAP mapping' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.27 \ NAME 'nisplusLDAPdatabaseIdMapping' \ DESC 'Defines a database id for an NIS+ object' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.28 \ NAME 'nisplusLDAPentryTtl' \ DESC 'TTL for cached objects derived from LDAP' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.29 \ NAME 'nisplusLDAPobjectDN' \ DESC 'Location in LDAP tree where NIS+ data is stored' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.30 \ NAME 'nisplusLDAPcolumnFromAttribute' \ DESC 'Rules for mapping LDAP attributes to NIS+ columns' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.31 \ NAME 'nisplusLDAPattributeFromColumn' \ DESC 'Rules for mapping NIS+ columns to LDAP attributes' \ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) dn: cn=schema changetype: modify add: objectclasses objectclasses: ( 1.3.6.1.4.1.42.2.27.5.42.42.19.0 NAME 'nisplusLDAPconfig' \ DESC 'NIS+/LDAP mapping configuration' \ SUP top STRUCTURAL MUST ( cn ) \ MAY ( preferredServerList $ defaultSearchBase $ authenticationMethod $ nisplusLDAPTLS $ nisplusLDAPTLSCertificateDBPate $ nisplusLDAPproxyUser $ nisplusLDAPproxyPassword $ nisplusLDAPinitialUpdateAction $ nisplusLDAPinitialUpdateOnly $ nisplusLDAPretrieveErrorAction $ nisplusLDAPretrieveErrorAttempts $ nisplusLDAPretrieveErrorTimeout $ nisplusLDAPstoreErrorAction $ nisplusLDAPstoreErrorAttempts $ nisplusLDAPstoreErrorTimeout $ nisplusLDAPrefreshErrorAction $ nisplusLDAPrefreshErrorAttempts $ nisplusLDAPrefreshErrorTimeout $ nisplusNumberOfServiceThreads $nisplusThreadCreationErrorAction $ nisplusThreadCreationErrorAttempts $ nisplusThreadCreationErrorTimeout $ nisplusDumpErrorAction $ nisplusDumpErrorAttempts $ nisplusDumpErrorTimeout $ nisplusResyncService $ nisplusUpdateBatching $ nisplusUpdateBatchingTimeout $ nisplusLDAPmatchFetchAction $ nisplusLDAPbaseDomain $ nisplusLDAPdatabaseIdMapping $ nisplusLDAPentryTtl $ nisplusLDAPobjectDN $ nisplusLDAPcolumnFromAttribute ! $ nisplusLDAPattributeFromColumn ) )
Create a file containing the following LDIF data (substitute your actual search base for searchBase, and the fully qualified domain name for domain.)
dn: cn=domain,searchBase
cn: domain
objectClass: top objectClass: nisplusLDAPconfig
Use the above file as input to ldapadd(1) to create the NIS+/LDAP configuration entry. Initially, the entry is empty. Use ldapmodify(1) to add configuration attributes. For example, to set the nisplusNumberOfServiceThreads attribute to “32”, create the following file (for input to ldapmodify(1)).
dn: cn=domain, searchBase nisplusNumberOfServiceThreads: 32