|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)|
To populate the LDAP server with data, after the LDAP server has been configured with the proper DIT and schema. Use the new ldapaddent tool. This tool will create entries in LDAP containers from their corresponding /etc files. It can be used to populate data into the containers for the following types of data: aliases, auto_*, bootparams, ethers, group, hosts (including IPv6 addresses), netgroup, netmasks, networks, passwd, shadow, protocols, publickey, rpc, and services.
By default, ldapaddent reads from the standard input and adds this data to the LDAP container associated with the database specified on the command line. But an input file from which data should be read can be specified using the -f option.
Because the entries are stored in the directory based on the client's configuration, the client must be configured to use the LDAP naming services.
For better performance, load the databases in this order:
passwd database followed by shadow database
networks database followed by netmasks database
bootparams database followed by ethers database
Note that when adding automounter entries, the database name is in the form of auto_* (for example, auto_home).
If you have /etc files from different hosts to add to the LDAP server, you can either merge all of them into the same /etc file and then use ldapaddent on one host to add the files, or perform ldapaddent on the different hosts one by one, with the expectation that each host is already configured as a LDAP client.
If your naming service data is already in an NIS server, and you want to move the data to the LDAP server for LDAP naming services, use the ypcat (or niscat) command to dump the NIS map into files. Then, run ldapaddent against these files to add the data to the LDAP server.
Note - ldapaddent can only be run on an LDAP client.
The following procedure assumes that the tables are to be extracted from a yp client.
Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.
# ldapclient init -a profileName=new -a domainName=west.example.com \ 192.168.0.1
# ldapaddent -D “cn=directory manager” -f /etc/hosts hosts
You will be prompted for a password.
In this example, ldapaddent will use the authentication method that has been configured in the profile new. Selecting simple will cause the password to be sent in the clear. For more information, refer to the ldapaddent(1M) man page.