System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

nisplusLDAPcolumnFromAttribute Attribute

nisplusLDAPcolumnFromAttribute specifies the rules used to map LDAP data to NIS+.

The full entry mapping syntax can be found on NIS+LDAPmapping(4). However, a few examples should make things clearer.

The NIS+ rpc.org_dir table contains four columns called cname, name, numbe, and comment. Therefore, the entries for the NIS+ RPC program number (100300) with the canonical name nisd and the aliases rpc.nisd and nisplusd could be represented by the following NIS+ entries in rpc.org_dir.

nisd nisd 100300	NIS+ server
nisd rpc.nisd 100300	NIS+ server
nisd nisplusd 100300	NIS+ server

Assuming the defaultSearchBase value is dc=some,dc=domain, the corresponding LDAP entry, as listed by ldapsearch(1), would be the following.

dn: cn=nisd,ou=Ppc,dc=some,dc=domain
cn: nisd
cn: rpc.nsid
cn: nisplusd
oncRpcNumber: 100300
description: NIS+ server
objectClass: oncRpc

This makes for a simple one-to-one mapping between NIS+ and LDAP data, and the corresponding mapping attribute value going from NIS+ to LDAP is the following.

nisplusLDAPattributeFromColumn \
rpc:		dn=("cn=%s,", name), \
				cn=cname, \
				cn=name, \
				oncRpcNumber=number, \

This constructs the DN for the entry to be cn=%s, with the value of the cname column substituted for %s.


Since the value ends in a comma, the read base value from the nisplusObjectDN is appended, and you have the following.


The oncRpcNumber and description attribute values are just simple assignments of the corresponding NIS+ column values. The rpc.nisd will collect the multiple NIS+ entries into one LDAP entry, with multiple cn values to represent the different name column values.

Similarly, the mapping from LDAP to NIS+ would be as follows.

nisplusLDAPcolumnFromAttribute \
       rpc:      cname=cn, \
                 (name)=(cn), \
                 number=oncRpcNumber, \

The above assigns the oncRpcNumber and description values to the corresponding NIS+ columns. The multi-valued cn (denoted by (cn) is mapped to multiple name column values (denoted by (name)). Since the name column cannot be multi-valued, the rpc.nisd creates one NIS+ entry for each cn value.

Finally, the nisplusLDAPattributeFromColumn value is an example of rule sets used for deletion.

nisplusLDAPattributeFromColumn \
user_attr_del:	dn=("uid=%s,", name), \
           SolarisUserQualifier=, \
           SolarisAttrReserved1=, \
           SolarisAttrReserved2=, \

Again, the user_attr.org_dir data shares the ou=People container with other account information (from the passwd.org_dir and other tables). If an entry in the user_attr.org_dir table is deleted, you probably do not want to delete the entire ou=People entry. Instead, the delete entry above says that when a user_attr.org_dir entry is deleted, the SolarisUserQualifier, SolarisAttrReserved1, SolarisAttrReserved2, and SolarisAttrKeyValue attributes (if any) are deleted from the ou=People entry specified by the following rule.

dn=("uid=%s,", name)

The rest of the LDAP entry is left unchanged.