Complete Contents
Introduction
Chapter 1 Introduction to Synchronized NIS/LDAP Service
Chapter 2 Initializing and Operating the NIS Service
Chapter 3 Using Deja to Update NIS Information
Chapter 4 NIS Information in the LDAP Directory
Chapter 5 NIS Command & File Reference
Appendix A Mapping Syntax and Semantics
NIS Extension Guide: Using Deja to Update NIS Information
Previous Next Contents Index


Chapter 3 Using Deja to Update NIS Information

This chapter explains how to use the Deja tool to add, delete and modify NIS information in the LDAP directory.

The Netscape Directory Server provides several graphical interfaces to view or modify information in the directory:

The Directory Console can be used to create and modify most information in the directory but it does not offer dedicated templates for creating and modifying NIS information.

The Directory Express web gateway is designed for viewing the contents of the directory quickly, searching for entries, and modifying some directory information. Its limited functionality makes it unsuitable for more complex operations.

Deja is a Java directory editor particularly suited for the day-to-day management of NIS and RADIUS information. With the tool you can search for and view entries, create and modify entries, delete entries, and copy and paste entries. Deja can be connected remotely or locally to a Netscape Directory Server.

This chapter includes the following sections:


Introduction to Deja
Deja provides a comprehensive user interface suitable for maintaining the directory contents. Figure 3.1 shows the Deja Create panel. The tool is split into four areas, the toolbar, the browser window, the function window, and the status bar. The toolbar, browser window, and status bar can be hidden

When you click on an icon in the toolbar or select an option from the Directory menu, the appropriate screen is displayed in the function window.

Figure 3.1 Deja Directory Editor

The toolbar offers quick access to the most commonly used functions. Refer to Table  3.1 for a description of the icons and their functions.

Table 3.1 Deja Toolbar Icons

Icon

Function

Login

Click this icon to login to the directory server. You must login to modify the contents of the directory.

Search

Click this icon to search for entries in the directory.
View

Select an entry in the directory browser window and click this icon to view the entry's attributes and values.

Create

Click this icon to create a new entry in the directory.
Modify

Select an entry in the directory browser window and click this icon to modify the entry's properties.

Rename

Select an entry in the directory browser window and click this icon to modify the Relative Distinguished Name of the entry.

Delete

Select an entry in the directory browser window and click this icon to remove an entry from the directory.

Cut

Select an entry in the directory browser window and click this icon to cut the entry from the directory, and retain a copy in the clipboard.

Copy

Select an entry in the directory browser window and click this icon to copy the entry into the clipboard.

Paste

After an entry has been cut or copied to the clipboard, select a parent entry in the directory browser window and click this icon to paste the entry as a child of the selected entry

Help

Gives the URL to follow to display the online help.


Starting Deja
Deja must connect to the directory server. This connection can be established only if the ns-slapd daemon is running on the directory server. If the ns-slapd daemon is not running, Deja will start but is unable to connect.

For information on starting the Netscape Directory Server, see the Netscape Directory Server Administrator's Guide.

To display Deja:

  1. Run dejasync on the server. As root type:
  2. # /opt/SUNWconn/ldap/sbin/dejasync

    For details on the options of the dejasync command, refer to "dejasync" . You must run dejasync to make sure that Deja takes into account all the configuration options you set during the dsypinstall process.

  3. On the machine running the directory server daemon, ns-slapd, set the JAVA_HOME environment variable to the installation directory of your Java Virtual Machine (JVM).
  4. Type:
  5. prompt% /opt/SUNWconn/bin/deja [ hostname [:port_number]]

    where:

Note. The machine on which you are running Deja needs to have a Java Virtual Machine and JDK version 1.1.5 or a compatible version installed.

Logging In

Directory access rights are defined by a set of access control rules on the directory server. You must be the directory administrator to modify the access control rules. When you log in to the directory, your username and password are compared with those stored in the directory. If there is a match, the access rights defined in the access control rules are granted.

You can browse the directory content without logging in, but you must have write permission before you can modify directory entries. Figure 3.2 shows the Login panel.

Note. It may not be possible to browse the directory content without logging in. This depends on the access control rules defined in the directory server.

Figure 3.2 Deja Login Panel

To log in to Deja:

  1. Click on the Login icon or select Login from the File menu.
  2. Type the Distinguished Name (DN) of the NIS administrator in the User text field.
  3. You can define an alias for the NIS administrator in Deja.properties file. See "Setting Deja Properties" for information on creating a login alias.

  4. Type your password in the Password field.
  5. Select the profile (Standard, NIS or RADIUS) you want from the Profile option button.
  6. The default profile is Standard.

  7. Click Login.
  8. Your password is compared to the password stored in the directory. If there is no match the login fails.


General Operations
This section gives some tips on how to use Deja.

Setting the Display Options

The Options menu is used to hide or show the toolbar, status bar, or directory browser. The default view has all of these elements.

To hide or show an element, select it from the Options menu to change its status.

Setting Deja Properties

The Deja Properties panel displays information about the selected user profile, and the connection to the directory server. To access the Properties panel, select Properties from the File menu.

The Properties panel is displayed, and shows the user properties and connection properties of Deja. See Figure 3.3.

Figure 3.3 Deja Properties Panel

User Properties

The User Properties pane displays the name of the connected user and the user profile for creating or modifying entries.

Name

If you are not logged into the directory server, Anonymous is displayed. If you have logged in, the login name is displayed.

User Profile

To set the user profile, select the profile (Standard, NIS or RADIUS) from the Profile option button in the User Properties pane.

The default profile is Standard.

Connection Properties

The Connection Properties pane displays the name of the directory server to which Deja is connected, and the connection port number.

Server and Port Number

Deja displays information about its connection to the directory server. The default port number that Deja uses to connect to the directory server is 389. The host name and port number can be specified on the command line when Deja is started. See "Starting Deja" .

To connect to a different directory server or change the port number from within Deja see "Connecting to Another Directory Server" .

Opening a New Deja Window

To open a new window in Deja, from the File menu select New Window. The new window has its own connection to the directory server. This means that you can connect to several directory servers simultaneously.

Closing a Deja Window

To close a Deja window, select Close from the File menu. The Deja window is closed.

To close all Deja windows, select Exit from the File menu. A confirmation window is displayed. Click Yes to close all Deja windows.

Reconnecting Deja to the Directory Server

If the directory server is disabled for some reason, Deja loses its connection to the directory. Deja does not automatically reconnect to the directory server when it is re-enabled.

To reconnect Deja to the directory server, select Connect from the File menu. Deja is reconnected.

Connecting to Another Directory Server

  1. To connect Deja to a different directory server, select Connect To... from the File menu.
  2. The Connect To... dialogue box is displayed.

  3. Deja tries to connect to the new directory server. If it is unable to connect, an error message is displayed.
Refreshing the Browser Window

If directory operations are being performed on the same directory server by another user or by the administrator, the browser window is not automatically updated. To refresh the browser window:

  1. In the browser window, click on the root entry of the branch you want to refresh.
  2. You can choose to refresh all of the directory by selecting the directory root entry, or to refresh just a branch by clicking on the root entry of the branch.

  3. From the File menu, select Refresh Subtree.
  4. All the branches of the directory below the selected entry are collapsed in the browser window. When they are reopened, they are refreshed.


Operations on NIS Entries
This chapter describes the read, create, modify, delete and search operations that can be performed on directory entries using Deja. Deja offers specific templates for searching for and creating NIS entries. To view the NIS-specific search and create panels you must change the Deja user profile to NIS, as explained in "User Properties" .

Viewing an Entry

Use View to look at the attributes defined for an entry in the directory. Figure 3.4 shows the Deja View window. You can only open one View window per entry. To refresh a View window after modifying an entry, view the entry again. The original View window is replaced with a new one.

Figure 3.4 Deja View Window

When an attribute has more than one value, an arrow is displayed next to the attribute name in the entry definition: a right arrow when the values are collapsed, and a down arrow when the values are expanded.

The View Window

There are three ways to display the View window:

Closing a View Window

To close a View window, select Close from the Window menu of the View window. Alternatively, you can double click on the Window menu button.

Copying an Entry From a View Window

To copy an entry from a View window, select Copy from the Edit menu of the View Window. The entry is copied to the clipboard.

Highlighting an Entry From a View Window

To highlight an entry in Deja's browser window from the View Window, select Highlight from the Edit menu.

Creating a New Entry

The Deja create panel offers templates that guide you through the creation of an NIS entry. The available templates are Users, Aliases, Hosts, and Groups. These templates respectively represent entries for the passwd, aliases, hosts, and groups maps. When the NIS maps are imported into the LDAP directory, an LDAP subtree is created for each map.

Table  3.2 shows the default templates available in Deja, the corresponding NIS map, and the corresponding subtree in the LDAP directory.

Table 3.2 Deja Templates

Template Name
Map Name
LDAP Subtree (default)
Users
/etc/passwd
ou=People,o=Sun, c=US
Aliases
/etc/mail/aliases
ou=Aliases,o=Sun,c=US
Hosts
/etc/hosts
ou=Hosts,o=Sun,c=US
Groups
/etc/groups
ou=Group,o=Sun,c=US

To modify the default NIS templates, or create new ones, you can modify the Deja.properties file on the directory server. See "Setting Deja Properties" for information.

Figure 3.5 shows the Deja Create panel for NIS users.

Figure 3.5 Deja Create Panel for NIS Users

  1. Click on the Create icon or select Create from the Entry menu.
  2. The Create panel is displayed.

    There are three steps to creating an NIS directory entry. You must complete each step before you can progress to the next one. Click on Next Step and Previous Step to navigate between the steps.

  3. When you have completed the entry definition, click Done.
Naming an Entry

  1. Provide the DN of the parent entry. There are several ways to achieve this:
  2. Name the entry by selecting a naming attribute with the option button next to the Entry's name field.
  3. The list of naming attributes is defined in the Deja.properties file on the directory server.

  4. Type the Relative Distinguished Name of the entry in the Entry Name text field.
When you are satisfied with the entry name and parent, click the Next Step button to select object classes and attributes.

See "Selecting Object Classes" for information on selecting object classes. The Select Object Classes window is displayed pre-filled with default object classes depending on the selected template. The default object classes are specified in the Deja.properties file on the directory server.

See "Selecting Attributes" for information on selecting attributes for the entry. The attributes available for selection are defined for each object class in the schema.

Selecting Object Classes

You can define one or more object classes for your entry. When the objectclass list is complete, click the Next Step button to select attributes. If you have selected the Users map in the NIS profile, the required object classes are already listed in the Selected Objectclasses pane.

Note. If the selected object classes do not contain the previously selected naming attribute, a warning message is displayed. You must either specify a different naming attribute by going back to the first step, or add an appropriate object class to the entry.

Adding an Object Class to the Entry

To add an object class to the entry, double click on the object class from the Available Objectclasses list.

Alternatively, you can select an object class from the Available Objectclasses list and click on the right arrow button to add the object class to the entry.

Removing an Object Class From the Entry

To remove an object class from an entry, double click on the object class in the Selected Objectclasses list.

Alternatively, you can select the object class in the Selected Objectclasses list and click on the left arrow button to remove the object class from the entry.

Selecting Attributes

Each object class has a number of mandatory and optional attributes associated with it. An entry definition table, with the current list of attributes and values is displayed in the right pane. Mandatory attributes are marked with (M), optional attributes with (O).

The names of the mandatory attributes are already listed in the entry definition before you assign a value to them. To complete the entry, you must provide values for these attributes. If you try to add an entry to the directory without assigning values to all the mandatory attributes, an error message is displayed.

For example, if you want to create an entry with the person and posixAccount object classes, the mandatory attributes are:

Optional attributes for theses object classes can include description, see also, telephone number and userPassword.

Some attributes accept multiple values, others can only have one value. By default, attributes are multi-valued. Single-valued attributes are identified in the schema by the SINGLE-VALUE keyword. If you try to add more than one value to a single-valued attribute, an error message is displayed.

Assigning a Value to an Attribute

To assign a value to an attribute:

  1. From the Choose Attribute list, or from the entry definition, select the attribute for which you want to add a value.
  2. For example, select Login Name from the Choose Attribute list.

  3. Type the value for the attribute in the text field.
  4. For example, type mpolo in the text field.

  5. Click Add to add the value of the attribute to the entry definition.
  6. The value appears in the entry definition next to the attribute. See Figure 3.6.

  7. To add an additional value for an attribute, repeat steps 1 to 3.
  8. You must add values for all the mandatory attributes displayed in the entry definition table.

  9. Double click on the entry in the browser to display all of its attributes.
  10. Figure 3.6 Example Entry Create Window

Deleting a Value From an Attribute

To delete an attribute value:

  1. Select the value or the attribute name in the entry definition.
  2. Click Delete.
Modifying an Attribute Value

To modify an attribute value:

  1. Select the value of the attribute you want to modify in the entry definition.
  2. The attribute value appears in the text field.

  3. Modify the value and click Modify.
  4. The modified value appears in the entry definition.

Cancel

To cancel a create operation at any time, in the Create panel, click Cancel. The entry definition is cleared.

Deleting an Entry

The delete panel of Deja is used to delete entries from the directory. Figure 3.7 shows the Deja Delete panel.

Figure 3.7 Deja Delete Panel

You must have write permission for the entry you want to delete. See "Logging In" for information.

  1. Select the entry you want to delete in the browser window.
  2. You can only delete leaf entries. You cannot delete a root entry such as the root DSe or a parent that still has children.

  3. Click on the Delete icon, or select Delete from the Entry menu.
  4. The Delete panel is displayed.

  5. Click on Delete to remove the entry from the directory.
  6. Click on Cancel to clear the delete panel.
WARNING! There is no undelete function.

Cut, Copy and Paste

This section explains how to perform cut, copy and paste operations on directory entries using Deja.

Cutting an Entry

Use Cut to remove an entry from the directory and keep a copy of it on the clipboard. The entry can be pasted from the clipboard into the directory in another location.

You must have write permission for the entry you want to cut. See "Logging In" for information.

To cut an entry from the directory:

  1. In the browser, click on the entry you want to cut.
  2. Click on the Cut icon. Alternatively, select Cut from the Edit menu, or press Ctrl-x on the keyboard.
  3. The entry is cut from the directory to the clipboard. You can now paste the entry to a new location in the directory.

  4. If you want to restore the entry to the directory, select Restore from the Edit menu.
  5. The entry is restored to its original position in the directory, if possible. If the parent entry no longer exists, or has been renamed, the paste is not possible and an error message is displayed.

Copying an Entry

Use Copy to copy an existing entry from the directory into the clipboard. The entry can then be pasted from the clipboard into the directory in another location.

To copy an entry in the directory:

  1. In the browser, click on the entry you want to copy to select it.
  2. Click on the Copy icon. Alternatively, select Copy from the Edit menu, or press Ctrl-c on the keyboard.
  3. The entry is copied from the directory to the clipboard.

You can now paste the entry to a new location in the directory.

Pasting an Entry

After a Cut or Copy operation, use Paste to paste an entry from the clipboard into the directory. You can paste at different levels in the directory tree:

You must have write permission to paste an entry into the directory. See "Logging In" for information.

  1. To copy an entry and paste it at the same level in the subtree:
  2. Immediately following the copy operation, click on the Paste icon. Alternatively, select Paste from the Edit menu, or press Ctrl-v on the keyboard.

    In the browser window, the pasted entry is displayed. A sequence number is appended to its name to ensure naming remains unique at a given level in the directory tree.

  3. To cut or copy an entry and paste it at a different level:
  4. Select the new parent entry for the entry you want to paste, and click on the Paste icon. Alternatively, select Paste from the Edit menu, or press Ctrl-v on the keyboard.

    To copy an entry, and paste it immediately below the copied entry, you must click elsewhere in the directory tree to deselect the copied entry, then click on it again to select it, then perform the paste. If you do not deselect then reselect, the entry in the clipboard is pasted at the same level, not one level below.

Restoring an Entry

If you accidentally cut an entry from the directory, you can restore it, provided that you have not performed any subsequent cut or copy operations.

To restore an entry that you have just cut from the directory, select Restore from the Edit menu. The entry on the clipboard is returned to its original location.

Modifying an Entry

Use Modify to change attributes and object classes in directory entries. The Deja Modify panel is very similar to the attribute selection panel that you use to create an entry. See Figure 3.5.

You must have write permission for the entry that you want to modify. See "Logging In" for information.

  1. In the browser, click on the entry you want to modify.
  2. Click on the Modify icon or select Modify from the Entry menu.
  3. The Modify Attributes window is displayed. Click on the Modify Objectclasses button to display the Modify Objectclasses window.

  4. You can modify the following characteristics of an entry:
  5. When you have finished the modifications, click Done.
Renaming an Entry

Use Rename to modify the Relative Distinguished Name (RDN) of an entry. Figure 3.8 shows the Deja Rename panel.

Figure 3.8 Deja Rename Panel

You must have write permission for the entry you want to rename. See "Logging In" for information.

  1. Select the entry you want to rename in the browser window.
  2. You can only rename leaf entries. You cannot rename parents that still have children, or the root entry.

  3. Click on the Rename icon, or select Rename from the Entry menu.
  4. The rename panel appears. The name of the parent and the Relative Distinguished Name (RDN) of the selected entry are displayed.

  5. Type the new RDN of the entry in the To text field.
  6. If you want the new RDN to replace the old RDN, check the Remove old RDN check box.

    By default the new RDN replaces the old RDN. If the Remove old RDN check box is unchecked, the new RDN is added to the entry as an additional value.

  7. Click the Rename button.
Searching for an Entry

Use Search when you want to find an NIS entry in the directory. By default, you can search four NIS maps with this function; users, aliases, hosts and groups. Figure 3.9 shows the Deja Search panel for NIS users.

The Deja.properties file on the directory server defines the NIS search templates available in Deja. For information on adding or modifying NIS templates see "Setting Deja Properties" .

Figure 3.9 Deja Search Panel for NIS Users

To search for an NIS entry:

  1. Click on the Search icon, or select Search from the Entry menu.
  2. The Search panel is displayed.

  3. Select the map you want to search from the Map Name option button.
  4. Default options are Users, Aliases, Hosts or Groups.

  5. Type the text string you want to search for in the NIS Key text field.
  6. The search can include the wildcard character *.

  7. Click Search to start the search.
  8. The search results are displayed in the search results list and the number of entries found is displayed in the status bar. If there are no matches, the search results list is empty and the status bar indicates that no entries were found.

  9. To stop the search at any time, click the Stop button.
  10. The search is stopped and no results are returned.

  11. Click the Clear button to clear the search text field.
Search Results List

Search results are displayed in a list below the search criteria.

The headings of the search results table depend on the map that is searched. Table  3.3 shows the attribute types displayed in the search result table for each map.

Table 3.3 NIS Search Results Lists

Map Name
Attributes
users
cn, uid, uidNumber, gidNumber, homeDirectory
aliases
cn, rfc822mailMember
hosts
cn, ipHostNumber, macaddress
groups
cn, gidNumber, memberUid

To view an entry from the search results list, double-click on the entry's name. The view entry window is displayed, and the entry is highlighted in the browser window.


Setting Deja Properties
This section describes how to configure Deja properties, and the maintenance operations required to synchronize Deja properties with configuration changes that occur on the directory server side.

Many of Deja's characteristics can be configured by the directory administrator. The characteristics are defined in the Deja.properties file on the directory server.

File Structure

The Deja.properties file is located in the /opt/SUNWconn/ldap/html directory on the directory server.

The Deja.properties file consists of four sections:

Some of the properties described in the Deja.properties file are not relevant to the topics discussed in this book. In particular, this section does not explain how to create new search filters, or the meaning of the RADIUS parameters.

File Syntax

Each section in the Deja.properties file contains a list of definitions. Each definitition ends with a carriage return. The different elements in a definition are separated by commas. Related elements are separated by semi-colons.

For example, the list of supported NIS maps is defined as follows:

NIS_MAPS=passwd.byname;NIS_MAP_USERS_CHOICE, mail.aliases;NIS_MAP_ALIASES_CHOICE, hosts.byname;NIS_MAP_HOSTS_CHOICE, group.byname;NIS_MAP_GROUPS_CHOICE

In this example, each map name and the label identifying it are separated by semi-colons. The four map elements in the definition are separated by commas. This definition does not show the actual labels that appear in Deja's menus. These are defined separately, in the localized resource bundle. The localized resource bundle contains translations in every supported locale for the user interface of Deja.

Labels

Standard Deja labels and identifiers (parameters ending in _LABEL, _IDENTIFIER or _CHOICE) are defined in the localized resource bundle. You cannot change these definitions. You can, however, create your own labels.

For example, if you want to add support for the networks NIS map, you must append the map name, and a new label to identify it to the NIS maps definition. In the following example, the networks.byaddr map is identified by the label Networks.

NIS_MAPS=passwd.byname;NIS_MAP_USERS_CHOICE, mail.aliases;NIS_MAP_ALIASES_CHOICE, hosts.byname;NIS_MAP_HOSTS_CHOICE, group.byname;NIS_MAP_GROUPS_CHOICE, networks.byaddr;Networks

This definition is local to your Deja.properties file. It is not part of the localized resource bundle.

General Properties

In the General Properties section the following parameters are defined:

SCHEMA_THREAD_TIME_LIMIT

Defines a time limit in milliseconds on the time it takes Deja to read the schema. The default value is no time limit.

BROWSER_ENTRY_LIMIT

Specifies the maximum number of entries that can be displayed in the browser. If a limit has been set, you must refresh certain subtrees before opening more. The default value is no limit.

BROWSER_SUBENTRY_LIMIT

Defines the maximum number of immediate children of an entry that can be displayed in the browser. The default value is no limit.

BROWSER_LOAD_SUBNODES_TIME_LIMIT

Specifies the maximum amount of time allowed for Deja to load the children of a node when the node is opened in the browser. This is not the amount of time it then takes to display those children. The default value is 10000 milliseconds.

BROWSER_CHECK_NODE_TIME_LIMIT

This is the maximum time taken for Deja to verify whether an entry is a leaf or a node. The default value is 2000 milliseconds.

STANDARD_SECURITY_AUTHENTICATION

Defines the standard authentication mechanism used in the login panel. The only possible value for this parameter is simple.

The following example shows the General Properties section of the Deja.properties file.

# schema thread time limit in milliseconds (0 = no limit)

SCHEMA_THREAD_TIME_LIMIT=0

#

# manage referrals as entries (true or false)

REFERRALS_MANAGE_DSA=true

#

# max. number of nodes in browser tree (0 = no limit)

BROWSER_ENTRY_LIMIT=0

# max number of subnodes of a node in the browser tree (0 = no limit)

BROWSER_SUBENTRY_LIMIT=0

# time limit to load subnodes (in ms, 0 = no limit)

BROWSER_LOAD_SUBNODES_TIME_LIMIT=10000

# time limit to verify if entry is a leaf or an inner node (in ms, 0 = no limit)

BROWSER_CHECK_NODE_TIME_LIMIT=2000

#

# authentication mechanism

# supported values : CRAM-MD5, simple (cleartext password)

STANDARD_SECURITY_AUTHENTICATION=simple

# STANDARD_SECURITY_AUTHENTICATION=CRAM-MD5

Standard LDAP Properties

In the Standard LDAP Properties section of the Deja.properties file you can:

This section describes the first two items.

Hiding Attributes

STANDARD_ATTRIBUTES_CRYPTED

In the View, Modify and Create windows of Deja, some attribute values are not displayed, or replaced by a localized text string. You can specify the attributes you want to be hidden by adding them to the STANDARD_ATTRIBUTES_CRYPTED list. Attribute names are separated by commas. By default the values for userpassword, radiusppppasswd, radiusloginpasswd, chappassword, and radiusslippasswd are hidden.

Login Parameters

STANDARD_LOGIN_SEARCH_FILTER

The search feature of the login panel operates using the filter defined with this label. By default it is (|(cn=*{0}*)(uid=*{0}*)). This search filter means that either the cn attribute or the uid attribute should contain the search string typed by the user in the search text field.

STANDARD_LOGIN_MAX_SEARCH_RESULT

Specifies the maximum number of search results per naming context returned by a login search. The default value is 55.

STANDARD_LOGIN_ALIASES

Defines an alias for the user DN you use to login to Deja. By default, there are no aliases defined, and the STANDARD_LOGIN_ALIASES parameter is commented out. The definition in the Deja.properties file reads as follows:

# STANDARD_LOGIN_ALIASES= userA_alias; userA_dn; userB_alias; userB_dn

To add a login alias, you must uncomment the line, add an alias name and a user DN for login. For example, if the user cn=Robert Travis, ou=sales,o=sun,c=us wants to login frequently, you can create an alias for him, for example, rob. To add this alias, you would edit the STANDARD_LOGIN_ALIASES definition in the Deja.properties file to read as follows:

STANDARD_LOGIN_ALIASES= rob; cn=Robert Travis,ou=sales,o=sun,c=us

Note. If you create several aliases, you must use a semi-colon to separate them, and not a comma, which is the standard syntax, because the comma is used to separate the different elements in the DN. The semi-colon separates the elements of a DN from a new alias definition.

For example, if you also wanted to add an alias for an administrator user whose DN is cn=Directory Manager, o=sun, c=us, the STANDARD_LOGIN_ALIASES definition in the Deja.properties file would read as follows:

STANDARD_LOGIN_ALIASES= rob ; cn=Robert Travis,ou=sales,o=sun,c=us ; Directory Manager ; cn=Directory Manager, o=sun, c=us

When Deja is restarted the aliases are available in the Login panel. This parameter is case-sensitive.

NIS Properties

The NIS Properties section in the Deja.properties file contains a number of tokens defining how NIS entries are displayed in Deja.

The NIS_MAPS definition contains a list of the NIS maps displayed in Deja. Each map listed in NIS_MAPS is associated with the following tokens: NIS_FILTER, NIS_DOMAIN, NIS_ROOT, NIS_NAMINGATTR, and NIS_OCLASS. The values for these tokens are copied from the nis.mapping file by the dejasync utility. If the tokens already exist in the Deja.properties file they are updated. For more information, see "dejasync" .

When you create new map definitions in the nis.mapping file, these must also be declared in the Deja.properties. This procedure is described in "Adding a NIS Map to Deja using dejasync" .

NIS_MAPS

Specifies the list of maps available in Deja. Each map name is followed by a semicolon and the label that appears in the Map Name option button of the NIS Search, Create or Modify panels. If you create a new map in the nis.mapping file, you must declare the map name in the NIS_MAPS token in the Deja.properties file. The syntax is:

NIS_MAPS= map.name;map_label, map.name;map_label, ...

NIS_FILTER.map.name

Specifies the filter that is used in the NIS Search panel. This definition is automatically generated by running dejasync.

NIS_DOMAIN.map.name

Specifies the label that appears in the NIS Create, Modify and Search panels. It shows to which domain the NIS map applies. This definition is automatically generated by running dejasync.

NIS_NAMINGATTR.map.name

Specifies the naming attributes that are available in the NIS Create panel. This is a comma separated list. This definition is automatically generated by running dejasync.

NIS_ROOT.map.name

Specifies the DN of the root entry used for NIS searches. It is also the default parent entry displayed in the NIS Create panel. This definition is automatically generated by running dejasync.

NIS_OCLASS.map.name

Specifies the default object classes that are added to an entry definition in the NIS Create Panel. This is a comma separated list. This definition is automatically generated by running dejasync.

NIS_LIST.map.name

Contains names of the attributes and header labels for the NIS search results table. The syntax is:

NIS_LIST.map.name= attribute;header_label, attribute;header_label, ...

NIS_ADD.map.name

Specifies labels and syntax for attributes in the NIS Create panel. The syntax is:

NIS_ADD.map.name= attribute;label;syntax, attribute;label;syntax, ...

Where syntax is one of the four basic input types (int, string, crypt and ipaddr). If a syntax isn't specified, the default value, string, is used. Specifying a syntax is useful to constrain user input:

NIS_LIST.default

Contains the names of the attributes listed in the NIS search results table if NIS_LIST is not defined for a map.

Adding a NIS Map to Deja using dejasync

To add a NIS map definition to Deja from the nis.mapping file using dejasync:

  1. Login as root or become superuser on the directory server.
  2. Add the name of the map, and the label you want to be used in the NIS Maps option button, to the NIS_MAPS definition.
  3. The map must have a mpping definition in the nis.mapping file. For example, to add the ethers.byname map to Deja using the label Ethers, the NIS_MAPS definition will look like this:

    NIS_MAPS= ethers.byname;Ethers,

    passwd.byname;NIS_MAP_USERS_CHOICE,

    mail.aliases;NIS_MAP_ALIASES_CHOICE,

    hosts.byname;NIS_MAP_HOSTS_CHOICE,

    group.byname;NIS_MAP_GROUPS_CHOICE

  4. Run dejasync by typing:
  5. prompt# /opt/SUNWconn/ldap/sbin/dejasync -d Deja_properties_directory -n NIS_mapping_file

    Where:

    The dejasync utility reads the map declarations in NIS_MAPS, reads the mapping definitions from the nis.mapping file, and updates or adds the corresponding map definitions to the Deja.properties file.

    For the example, the following map definition is added at the end of the Deja.properties file:

    NIS_OCLASS.ethers.byname= ieee802Device

    NIS_FILTER.ethers.byname=

    (&(objectClass=ieee802Device)(cn=$NIS_KEY))

    NIS_NAMINGATTR.ethers.byname=cn

    NIS_ROOT.ethers.byname=dc=airius,dc=com

    NIS_DOMAIN.ethers.byname=airius.com

  6. Optionally add NIS_LIST and NIS_ADD definitions for the new map.
  7. Exit from Deja and restart it to use the new map.
  8. For the example, the following definitions are added for NIS_LIST and NIS_ADD:

    NIS_LIST.ethers.byname=cn;Host Name, macAddress;Ethernet Address, description;Comments

    NIS_ADD.ethers.byname=cn;Host Name, macAddress;Ethernet Address, description;Comments

Default NIS Map Definitions

In the Deja.properties file, the section containing the NIS properties is as follows:

# list of supported maps

#

NIS_MAPS=passwd.byname;NIS_MAP_USERS_CHOICE, mail.aliases;NIS_MAP_ALIASES_CHOICE, hosts.byname;NIS_MAP_HOSTS_CHOICE, group.byname;NIS_MAP_GROUPS_CHOICE

#

# passwd map

#

NIS_FILTER.passwd.byname= (&(objectclass=posixAccount)(uid=$NIS_KEY))

NIS_DOMAIN.passwd.byname= airius_users.com

NIS_NAMINGATTR.passwd.byname=cn

NIS_ROOT.passwd.byname= dc=airius_users,dc=com

NIS_OCLASS.passwd.byname= posixaccount,person

NIS_LIST.passwd.byname=cn;NIS_USER_CN_ATTR_LABEL, uid;NIS_UID_ATTR_LABEL, uidNumber;NIS_UIDNUMBER_ATTR_LABEL, gidNumber;NIS_GIDNUMBER_ATTR_LABEL, homeDirectory;NIS_HOMEDIRECTORY_ATTR_LABEL

NIS_ADD.passwd.byname=cn;NIS_USER_CN_ATTR_LABEL, sn;NIS_SN_ATTR_LABEL, uid;NIS_UID_ATTR_LABEL, uidNumber;NIS_UIDNUMBER_ATTR_LABEL;int, gidNumber;NIS_GIDNUMBER_ATTR_LABEL;int, homeDirectory;NIS_HOMEDIRECTORY_ATTR_LABEL, userPassword;NIS_USERPASSWORD_ATTR_LABEL;crypt, loginShell;NIS_LOGINSHELL_ATTR_LABEL, description;NIS_DESCRIPTION_ATTR_LABEL

#

# alias map

#

NIS_FILTER.mail.aliases= (&(objectclass=nisMailAlias)(cn=$NIS_KEY))

NIS_DOMAIN.mail.aliases= airius_aliases.com

NIS_NAMINGATTR.mail.aliases=cn

NIS_ROOT.mail.aliases= dc=airius_aliases,dc=com

NIS_OCLASS.mail.aliases= nismailalias

NIS_LIST.mail.aliases= cn;NIS_ALIAS_CN_ATTR_LABEL, rfc822mailMember;NIS_RFC822MAILMEMBER_ATTR_LABEL

NIS_ADD.mail.aliases= cn;NIS_ALIAS_CN_ATTR_LABEL, rfc822mailMember;NIS_RFC822MAILMEMBER_ATTR_LABEL

#

# host map

#

NIS_FILTER.hosts.byname= (&(objectclass=ipHost)(cn=$NIS_KEY))

NIS_DOMAIN.hosts.byname= airius_hosts.com

NIS_NAMINGATTR.hosts.byname=cn

NIS_ROOT.hosts.byname= dc=airius_hosts,dc=com

NIS_OCLASS.hosts.byname= ipHost

NIS_LIST.hosts.byname= cn;NIS_HOST_CN_ATTR_LABEL, ipHostNumber;NIS_IPHOSTNUMBER_ATTR_LABEL, macaddress;NIS_MACADDRESS_ATTR_LABEL

NIS_ADD.hosts.byname= cn;NIS_HOST_CN_ATTR_LABEL, ipHostNumber;NIS_IPHOSTNUMBER_ATTR_LABEL;ipaddr, macaddress;NIS_MACADDRESS_ATTR_LABEL, l;NIS_L_ATTR_LABEL

#

# group map

#

NIS_FILTER.group.byname= (&(objectclass=posixGroup)(cn=$NIS_KEY))

NIS_DOMAIN.group.byname= airius_groups.com

NIS_NAMINGATTR.group.byname=cn

NIS_ROOT.group.byname= dc=airius_groups,dc=com

NIS_OCLASS.group.byname= posixGroup

NIS_LIST.group.byname= cn;NIS_GROUP_CN_ATTR_LABEL, gidNumber;NIS_GIDNUMBER_ATTR_LABEL, memberUid;NIS_MEMBERUID_ATTR_LABEL

NIS_ADD.group.byname= cn;NIS_GROUP_CN_ATTR_LABEL, gidNumber;NIS_GIDNUMBER_ATTR_LABEL;int, memberUid;NIS_MEMBERUID_ATTR_LABEL

NIS_LIST.default= cn;NIS_CN_ATTR_LABEL

 

Copyright © 1999 Sun Microsystems, Inc. Some preexisting portions Copyright © 1999 Netscape Communications Corporation