Complete Contents
Introduction
Chapter 1 Introduction to Synchronized NIS/LDAP Service
Chapter 2 Initializing and Operating the NIS Service
Chapter 3 Using Deja to Update NIS Information
Chapter 4 NIS Information in the LDAP Directory
Chapter 5 NIS Command & File Reference
Appendix A Mapping Syntax and Semantics
NIS Extension Guide: NIS Command & File Reference
Previous Next Contents Index


Chapter 5 NIS Command & File Reference

This chapter provides reference information on the NIS daemons, commands and files. It covers standard NIS components as well as the NIS features delivered with the Solaris Extensions for Netscape Directory Server 4.11.

This chapter includes the following sections:


Deja.properties
Synopsis

The location of the Deja.properties file is:

/opt/SUNWconn/ldap/html/Deja.properties

Description

The Deja.properties file determines the display characteristics of Deja. It also defines the templates that are used to create and modify certain directory entries, such as NIS and RADIUS entries.

You must be authenticated as superuser or root to modify the Deja.properties file. When you have made modifications to this file, you must restart Deja for the modifications to take effect.

File Structure

The Deja.properties file consists of four sections:

File Syntax

Each section in the Deja.properties file contains a list of definitions. Each definition ends with a carriage return. The different elements in a definition are separated by commas. Related elements are separated by semi-colons.

For example, the attributes returned in RADIUS searches are defined as follows:

RADIUS_RU_LIST.default= cn;RADIUS_RU_CN_ATTR_LABEL, uid;RADIUS_RU_UID_ATTR_LABEL

In this example, the definition is composed of two elements, separated by a comma. Each element consists of an attribute type (cn and uid in this example), and a label that is displayed in Deja, in the results table header row.

This example does not show the actual labels that appear in Deja's menus. These are defined separately, in the localized resource bundle. The localized resource bundle contains translations in every supported locale for the user interface of Deja.

Labels

Standard Deja labels and identifiers (parameters ending in _LABEL, _IDENTIFIER or _CHOICE) are defined in the localized resource bundle. You cannot change these definitions. You can, however, create your own labels.

For example, if you want to the ipHostNumber attribute type to the list returned by default in a search on RADIUS remote users, you might modify the RADIUS_RU_LIST.default definition as follows:

RADIUS_RU_LIST.default= cn;RADIUS_RU_CN_ATTR_LABEL, uid;RADIUS_RU_UID_ATTR_LABEL, ipHostNumber;Host Number

This definition is local to your Deja.properties file. It is not part of the localized resource bundle.

User Input

In the Deja.properties file, user input is represented using the character sequence {0}. For example, in a search filter, the definition (cn=*{0}*) specifies that the search will result in entries for which cn contains the search string.

The character sequence {$definition$} is used by Deja to define a user input field in searches. The expression definition, can consist of the following elements:

If Field type is not specified, the string input field is used by default. For example, the following expression {$iphostnumber;IP Host Number;ipaddr$} generates an ipaddr input field with the label IP Host Number. It also specifies that the user input is an attribute of the type iphostnumber.

General Properties

SCHEMA_THREAD_TIME_LIMIT

Defines a time limit in milliseconds on the time it takes Deja to read the schema. The default value is no time limit.

BROWSER_ENTRY_LIMIT

Specifies the maximum number of entries that can be displayed in the browser. If a limit has been set, you must refresh certain subtrees before opening more. The default value is no limit.

BROWSER_SUBENTRY_LIMIT

Defines the maximum number of immediate children of an entry that can be displayed in the browser. The default value is no limit.

BROWSER_LOAD_SUBNODES_TIME_LIMIT

Specifies the maximum amount of time allowed for Deja to load the children of a node when the node is opened in the browser. This is not the amount of time it then takes to display those children. The default value is 10000 milliseconds.

BROWSER_CHECK_NODE_TIME_LIMIT

This is the maximum time taken for Deja to verify whether an entry is a leaf or a node. The default value is 2000 milliseconds.

STANDARD_SECURITY_AUTHENTICATION

Defines the standard authentication mechanism used in the login panel. The only possible value for this parameter is simple.

Standard LDAP Properties

In this section the following tokens are defined:

STANDARD_ATTRIBUTES_CRYPTED

In the View, Modify and Create windows of Deja, some attribute values are not displayed, or replaced by a localized text string. You can specify the attributes you want to be hidden by adding them to the STANDARD_ATTRIBUTES_CRYPTED list. Attribute names are separated by commas. By default the values for userpassword, radiusppppasswd, radiusloginpasswd, chappassword, and radiusslippasswd are hidden.

STANDARD_LOGIN_SEARCH_FILTER

The search feature of the login panel operates using the filter defined with this label. By default it is (|(cn=*{0}*)(uid=*{0}*)). This search filter means that either the cn attribute or the uid attribute should contain the search string typed by the user in the search text field.

STANDARD_LOGIN_MAX_SEARCH_RESULT

Specifies the maximum number of search results per naming context returned by a login search. The default value is 55.

STANDARD_LOGIN_ALIASES

Defines an alias for the user DN you use to login to Deja. By default, there are no aliases defined, and the STANDARD_LOGIN_ALIASES parameter is commented out. The definition in the Deja.properties file reads as follows:

# STANDARD_LOGIN_ALIASES= userA_alias; userA_dn; userB_alias; userB_dn

To add a login alias, you must uncomment the line, add an alias name and a user DN for login. For example, if the user cn=Robert Travis,ou=sales,o=sun,c=us wants to login frequently, you can create an alias for him, for example, rob. To add this alias, you would edit the STANDARD_LOGIN_ALIASES definition in the Deja.properties file to read as follows:

STANDARD_LOGIN_ALIASES= rob; cn=Robert Travis,ou=sales,o=sun,c=us

Note. If you create several aliases, you must use a semi-colon to separate them, and not a comma, which is the standard syntax, because the comma is used to separate the different elements in the DN. The semi-colon separates the elements of a DN from a new alias definition.

For example, if you also wanted to add an alias for the NIS administrator whose DN is cn=NIS Manager, o=sun, c=us, the STANDARD_LOGIN_ALIASES definition in the Deja.properties file would read as follows:

STANDARD_LOGIN_ALIASES= rob ; cn=Robert Travis,ou=sales,o=sun,c=us ; NIS admin; cn=NIS Manager, o=sun, c=us

When Deja is restarted the aliases are available in the Login panel. This parameter is case-sensitive.

STANDARD_SEARCH_FILTERS

Specifies the standard searches available in Deja. Each entry in this list is defined on a separate line.

STANDARD_SEARCH_FILTER_name

Defines each search available, where name is the name of the search specified in STANDARD_SEARCH_FILTERS. A search definition consists of the search name (for example, STANDARD_SEARCH_FILTER_PERSON), the label that appears in the Search Type option button (for example, STANDARD_SEARCH_FILTER_PERSON_IDENTIFIER), and the search definition (for example, (&(objectclass=*)(cn=*{0}*)) ).

STANDARD_SEARCH_TABLE_LABELS

Contains a list of the attributes and header labels for the search results table. By default the cn, telephoneNumber and mail attributes are listed.

STANDARD_CREATE_PASTE_CLEAR_DATA

When you paste an entry to the Create panel, the paste works in one of two ways:

NIS Properties

NIS_MAPS

Specifies the list of maps available in Deja. Each map name is followed by a semicolon and the label that appears in the Map Name option button of the NIS Search, Create or Modify panels. If you create a new map in the nis.mapping file, you must declare the map name in the NIS_MAPS token in the Deja.properties file. The syntax is:

NIS_MAPS= map.name;map_label, map.name;map_label, ...

NIS_FILTER.map.name

Specifies the filter that is used in the NIS Search panel. This definition is automatically generated by running dejasync.

NIS_DOMAIN.map.name

Specifies the label that appears in the NIS Create, Modify and Search panels. It shows to which domain the NIS map applies. This definition is automatically generated by running dejasync.

NIS_NAMINGATTR.map.name

Specifies the naming attributes that are available in the NIS Create panel. This is a comma separated list. This definition is automatically generated by running dejasync.

NIS_ROOT.map.name

Specifies the DN of the root entry used for NIS searches. It is also the default parent entry displayed in the NIS Create panel. This definition is automatically generated by running dejasync.

NIS_OCLASS.map.name

Specifies the default object classes that are added to an entry definition in the NIS Create Panel. This is a comma separated list. This definition is automatically generated by running dejasync.

NIS_LIST.map.name

Contains names of the attributes and header labels for the NIS search results table. The syntax is:

NIS_LIST.map.name= attribute;header_label, attribute;header_label, ...

NIS_ADD.map.name

Specifies labels and syntax for attributes in the NIS Create panel. The syntax is:

NIS_ADD.map.name= attribute;label;syntax, attribute;label;syntax, ...

Where syntax is one of the four basic input types (int, string, crypt and ipaddr). If a syntax isn't specified, the default value, string, is used. Specifying a syntax is useful to constrain user input:

NIS_LIST.default

Contains the names of the attributes listed in the NIS search results table if NIS_LIST is not defined for a map.

RADIUS Properties

RADIUS_RU_SEARCH, RADIUS_RAS_SEARCH

Specifies the standard searches available in Deja for remote users (RU) and remote access servers (RAS). Each entry in this list is defined on a separate line. The syntax is:

RADIUS_RU_SEARCH= Name;label, Name;label, ...

Where Name is the name of the search, and label is the text that appears in the Search Type option button.

RADIUS_RU_FILTER.Name, RADIUS_RAS_FILTER.Name

Defines the search filter used in the search, where Name is the name of the search specified in RADIUS_RU_SEARCH or RADIUS_RAS_SEARCH.

RADIUS_RU_LIST.Name, RADIUS_RAS_LIST.Name

Contains a list of the attributes and header labels for the search results table.

RADIUS_RU_LIST.default, RADIUS_RAS_LIST.default

Contains the default list of the attributes and header labels for the search results table if a RADIUS_RU_LIST.Name or RADIUS_RAS_LIST.Name definition does not exist for the search.

RADIUS_COMPLEX_SEARCH_LIST

Contains a list of the attributes and header labels for the complex searches results table.

RADIUS_RU_ADD_COMMON, RADIUS_RAS_ADD_COMMON

Specifies alternative names for attributes that are displayed in the Choose Attributes list of the RADIUS Create panel. The syntax is:

RADIUS_RU_ADD_COMMON= attribute;label;type

Where attribute is the name of an attribute, label is the name you want to appear in the Choose Attributes list, and type is the input type. You can restrict user input to one of the four basic input types (int, string, crypt or ipaddr). The default type is string.

RADIUS_RU_PROFILE, RADIUS_RAS_PROFILE

Three RADIUS Remote User profiles are defined in the default Deja.properties file. You can add more profiles, or add attributes to the existing profiles, but you should not remove default attributes in the existing profiles.

RADIUS_RU_PROFILE and RADIUS_RAS_PROFILE specify the RADIUS profiles available to Deja. The default profiles are SLIP, PPP and LOGIN. The syntax is:

RADIUS_RU_PROFILE= profile_name;label, profile_name;label ...

Where profile_name is the name of the profile, and label is the label that appears in the Create or Modify panels.

RADIUS_RU_ADD.Name, RADIUS_RAS_ADD.Name

Defines the default attributes that are added to the entry automatically. The syntax is:

RADIUS_RU_ADD.profile_name= attribute;label;input_type, ...

Where attribute is the attribute you want automatically added to the entry definition, label is the name to appear in the entry definition, and input_type is one of the four basic input types (int, string, crypt or ipaddr). The default input_type is string.

RADIUS_RU_OCLASS

Specifies the object class associated with the RADIUS remote user entry type. A single object class is required for each type. This definition is automatically updated if you use the dejasync utility. The default object class is remoteUser.

RADIUS_RAS_OCLASS

Specifies the object class associated with the RADIUS remote access server entry type. A single object class is required for each type. This definition is automatically updated if you use the dejasync utility. The default object class is nas.

RADIUS_RU_ROOT

Specifies the DN of the root entry used for RADIUS remote user searches. It is also the default parent entry displayed in the RADIUS Create panel. This definition is automatically updated if you use the dejasync utility. The default value is o=xyz_remote_users,c=us.

RADIUS_RAS_ROOT

Specifies the DN of the root entry used for RADIUS remote access server searches. It is also the default parent entry displayed in the RADIUS Create panel. This definition is automatically updated if you use the dejasync utility. The default value is o=xyz_ras,c=us.

RADIUS_RU_NAMINGATTR

Specifies the naming attributes that are available in the RADIUS Create panel for remote user entries. This is a comma separated list. The default naming attributes are cn and uid.

RADIUS_RAS_NAMINGATTR

Specifies the naming attributes that are available in the RADIUS Create panel for remote access server entries. This is a comma separated list. The default naming attribute is cn.

RADIUS_MAX_FAIL

Specifies the search limit for the RADIUS remote user blocked accounts search. The blocked accounts search returns entries that have a value for the attribute radiusAuthFailedAccess that is greater than or equal to the value of RADIUS_MAX_FAIL. The default value is 1. This definition is automatically updated if you use the dejasync utility.

See Also

See "dsypsync" , "nis.mapping" .


dejasync
Synopsis

The command syntax for dejasync is:

/opt/SUNWconn/ldap/sbin/dejasync [-v] [-d Deja_properties_directory] [-n NIS_mapping_file] [-r RADIUS_mapping_file]

Description

dejasync is a command line utility that synchronizes the Deja.properties files with the NIS and RADIUS mapping files (nis.mapping and radius.mapping) on the directory server. Use it when you have made modifications to the mapping files and you want the changes to be carried over into Deja. As necessary, it creates or updates tokens in the Deja.properties file.

dejasync also backs up the Deja.properties file.

You must be logged in as root or superuser to run dejasync.

nis.mapping File

dejasync gets from the Deja.properties file the list of maps managed by Deja for NIS. These are lines that start with the NIS_MAPS token.

For each map in the Deja.properties file, dejasync creates a new map definition by copying the following tokens from the nis.mapping file into the Deja.properties file:

If these tokens exist in the Deja.properties file, the dejasync command updates them. If they do not exist, it creates them.

radius.mapping File

When synchronizing Deja.properties with the radius.mapping file, dejasync copies the Max_allowed_failures, base-DN and FILTER tokens from the radius.mapping file to the Deja.properties file:

If these tokens exist in the Deja.properties file it updates them. If they do not exist it creates them.

Options

-v

Enables verbose mode.

-d Deja_properties_directory

Specifies the directory containing the Deja.properties file. By default this is /opt/SUNWconn/ldap/html.

-n NIS_mapping_file

Specifies the filename of the NIS mapping file. By default this is /etc/opt/SUNWconn/ldap/current/mapping/nis.mapping.

-r RADIUS_mapping_file

Specifies the filename of the RADIUS mapping file. By default this is /etc/opt/SUNWconn/ldap/current/mapping/radius.mapping.

See Also

See "nis.mapping" , and "Deja.properties" .


dsexport
Synopsis

The command syntax for dsexport is:

/opt/SUNWconn/ldap/sbin/dsexport [-c dsserv_conf_file] [-d debuglevel] [-D binddn] [-f frontend] [-h host] [-m mappingfile] [-M bindmethod] [-p port] [-S schema_entry_dn] -t table [-T ldap_timeout] [-V variable=value]... [-w password] [outputfile]

Description

The dsexport command exports directory entries using the specified mapping file to restore the formatted files which were used to create the entries in the first place.

If you remove the Solaris Extensions for Netscape Directory Server 4.11 and want to restore a standard NIS service, you can run dsexport to restore and bring up to date the NIS source files used by the NIS service to build NIS maps. Some comments and formatting information that were in the original file are lost. This information is not stored in the directory server. The lines may also not be in the original order.

The exported file is displayed on standard output unless you specify an output file name.

Options

-c dsserv_conf_file

Specifies the location of the directory server configuration file. The default is NSHOME/slapd-serverID/config/slapd.conf.

-d debuglevel

This option tells the directory server daemon at what level information should be logged to log files. You can request any combination of the following levels:

Mask
Description
1
Trace
2
Packets
4
Arguments
8
Connections
16
BER
32
Filters
64
Configuration
128
Access control
256
Statistics (summary level)
512
Statistics (detailed level)
1024
Not used
2048
Parse
65535
All information

To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debuglevel of 33.

-D binddn

Specifies the DN used for authenticating the administrator who is connecting to the directory. By default, this information is taken from the configuration file.

-f frontend

Specifies the relevant Front-End section in the mapping file. The default value of front_end is NIS.

-h host

Indicates the hostname of the directory server that holds the data store from which you want to export the data. The default is the local host.

-m mappingfile

Specifies the mapping file that the dsexport command uses to export entries from the LDAP directory. The default mapping file is /etc/opt/SUNWconn/ldap/current/mapping/nis.mapping.

-M bindmethod

Specifies the type of bind and the authentication mechanism used to bind to the directory. The only possible value for bindmethod is simple.

-p port

Specifies the UDP port on which the slapd directory server daemon resides. The default value is 389.

-t table

Specifies the exact name of the table in the Table section of the mapping file. Note that for the nis.mapping file only the tables which have a LINE definition in the IMPORT section can be used. For example, to export hosts, use the hosts.byaddr Table section in the mapping file. For example, if you want to restore the /etc/passwd file, the table name in the default mapping file is passwd.byname.

-S schema_entry_dn

Specifies the DN used by dsexport to read the schema from the LDAP server. By default, the value of schema_entry_dn is cn=schema.

-T ldap_timeout

Specifies a timeout on the connection to the directory. The default value is 60 seconds.

-V variable=value

Used to set variables. You can repeat this option to specify multiple variable-value pairs. For example:

-V BASE_DN=o=sun,c=us -V foo=bar

-w password

Specifies the password used for authenticating the administrator who is connecting to the directory to perform changes. It is preferable not to use the -w option in a multi-user environment. This is because the password will be displayed in a listing of running processes. If you do not specify a bind DN and password, this information is read from the configuration file. If you specify a bind DN and not a password, you are prompted to provide one. These alternatives are more secure than supplying a password on the command line with the -w option.

output_file

Specifies the output file to use.

See Also

See "nis.mapping" , "dsimport" . For information on slapd.conf, refer to the Netscape Directory Server Administrator's Guide.


dsimport
Synopsis

The command syntax for dsimport is:

/opt/SUNWconn/ldap/sbin/dsimport [-n] [-r] [-s] [-c dsserv_conf_file] [-d debuglevel] [-D binddn] [-f front_end] [-h host] [-m mapping_file] [-M bindmethod] [-p port] [-S schema_entry_dn] -t table [-T ldap-timeout] [-V variable=value]... [-w passwd] [file...]

Description

The dsimport utility creates directory entries from any text file in which one line corresponds to one directory entry. If the entry already exists, dsimport updates it.

You must create a mapping file that specifies the semantics of the information provided in each line of the input file. You might also need to create an LDAP object class and attributes that are specific to the type of information you want to store in the directory.

The dsimport utility is also used during the initialization of the NIS service to import all the information stored in NIS files into the LDAP directory. When you run the dsypinstall script to configure the directory server as an NIS server, the NIS information available on your server is automatically added to your directory database through a call to dsimport. The mapping of NIS files into LDAP object classes and attributes is provided in the nis.mapping file. For information on the NIS/LDAP information mapping, refer to Chapter  4, "NIS Information in the LDAP Directory."

The mapping semantics and syntax accepted by the dsimport utility are described in Appendix  A, "Mapping Syntax and Semantics."

Options

-n

Do not create or modify directory entries but instead output them in LDIF format. You can then use the ldapadd(1) command to perform changes in the directory based on the LDIF files. The default is not to produce LDIF files and to create or modify directory entries directly.

-r

Remove entries in the directory that do not correspond to a line in one of the input files. The default is not to remove entries.

-s

Shift DN. Normally an entry is edited in place. With this option, however, if the DN of the imported entry is changed, its DN is modified. (The entry is "shifted" to a new location in the directory). For example, there is an entry in the LDAP directory with the DN cn=joe,ou=sales,ou=people,o=airius,c=us, and the BASE_DN for people is set to ou=people,o=airius,c=us. If Joe's entry did not exist, it would be created with the DN cn=joe,ou=people,o=airius,c=us. But since it already exists, the alternatives are:

    1. Specify -s on the dsimport command line and change the DN so that Joe's entry is now where it would be if it was just created. Joe's entry is shifted from cn=joe,ou=sales,ou=people,o=airius,c=us to cn=joe,ou=people,o=airius,c=us.
    2. Or do not modify the DN of the entry and just apply any necessary changes to the existing entry. Joe's entry stays at cn=joe,ou=sales,ou=people,o=airius,c=us.
-c dsserv_conf_file

Specifies the location of the directory server configuration file. The default is NSHOME>/slapd-<serverID>/config/slapd.conf.

-d debuglevel

This option tells the directory server daemon at what level information should be logged to log files. You can request any combination of the following levels:

Mask
Description
1
Trace
2
Packets
4
Arguments
8
Connections
16
BER
32
Filters
64
Configuration
128
Access control
256
Statistics (summary level)
512
Statistics (detailed level)
1024
Not used
2048
Parse
65535
All information

To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debuglevel of 33.

-D binddn

Specifies the DN used for authenticating the administrator who is connecting to the directory. By default, this information is taken from the configuration file.

-f frontend

Specifies the relevant Front-End section in the mapping file. The default value of front_end is NIS.

-h host

Indicates the hostname of the directory server that holds the data store from which you want to export the data. The default is the local host.

-m mappingfile

Specifies the mapping file that the dsimport command uses to export entries from the LDAP directory. The default mapping file is /etc/opt/SUNWconn/ldap/current/mapping/nis.mapping.

-M bindmethod

Specifies the type of bind and the authentication mechanism used to bind to the directory. The only possible value for bindmethod is simple.

-p port

Specifies the UDP port on which the slapd directory server daemon resides. The default value is 389.

-t table

Specifies the exact name of the table in the Table section of the mapping file.

-S schema_entry_dn

Specifies the DN used by dsimport to read the schema from the LDAP server. By default, the value of schema_entry_dn is cn=schema.

-T ldap_timeout

Specifies a timeout on the connection to the directory. The default value is 60 seconds.

-V variable=value

Used to set variables. You can repeat this option to specify multiple variable-value pairs. For example:

-V BASE_DN=o=sun,c=us -V foo=bar

-w password

Specifies the password used for authenticating the administrator who is connecting to the directory to perform changes. It is preferable not to use the -w option in a multi-user environment. This is because the password will be displayed in a listing of running processes. If you do not specify a bind DN and password, this information is read from the configuration file. If you specify a bind DN and not a password, you are prompted to provide one. These alternatives are more secure than supplying a password on the command line with the -w option.

file

Specifies one or several files that the dsimport command takes as input. If you do not specify a file on the command line, dsimport reads from standard input.

See Also

See "nis.mapping" , "dsexport" , "dsypinstall" .

For information on slapd, slapd.conf, and ldapadd, refer to the Netscape Directory Server Administrator's Guide.


dsyp
Synopsis

The command syntax for dsyp is:

/etc/init.d/dsyp -V BASE_DN=o=sun,c=us -V foo=bar | -V BASE_DN=o=sun,c=us -V foo=bar

Description

The dsyp command can be used to initialize or disable the NIS/LDAP synchronized service.

Options

start

Initializes NIS/LDAP synchronized service by stopping the ypserv(1M) and the rpc.yppasswdd(1M) daemons, and starting the dsypserv daemon.

stop

Disables NIS/LDAP synchronized service by stopping the dsyppasswdd and dsypserv daemons, and by calling the ypstart(1M) script.

See Also

See the man pages for ypserv(1M), rpc.yppasswd(1M), ypstart(1M), and "dsyppasswdd" .


dsypaddmap
Synopsis

The command syntax for dsypaddmap is:

dsypaddmap [-b] [-l] [-r] [-d domain-name] [-f mapping-file] -m nis_master [-n naming-context] map-name

Description

The dsypaddmap command simplifies the process of creating NIS-to-LDAP mapping definitions. When you want to add support for an NIS map in the LDAP directory, use dsypaddmap to:

Note. The dsypaddmap command does not import data into the directory. To import the NIS data into the directory, use the dsimport command. See "dsimport" .

Options

-b

Inserts the YP_INTERDOMAIN key into the map. This key causes the NIS server to use DNS for hostname and address lookups for hosts not found in the maps.

-l

Initializes the specified map with LDAP entries alreday present in the directory. By default, only entries created or modified after the map declaration are put in the map. Security might be at risk if invalid entries are present in the directory database.

-r

Used to secure maps. With this option, the NIS server will only accept connections from the root user.

-d domain-name

Specifies the name of the domain to which the map belongs.

-f mapping-file

Specifies the path to the mapping file. By default it is /etc/opt/SUNWconn/ldap/current/mapping.

-m nis-master

Specifies the hostname of the master server for the map added to the LDAP directory.

-n naming-context

Specifies the subtree under which the LDAP entries corresponding to the new map will be created. By default, the entries are created under the subtree specified in the NAMING_CONTEXT variable in the nis.mapping file.

map-name

Specifies the name of the NIS map to be added to the LDAP directory.

See Also

See "dsypdelmap" .


dsypdelmap
Synopsis

The command syntax for dsypdelmap is:

dsypdelmap [-d domain-name] [-f mapping-file] [-n naming-context] map-name

Description

The dsypdelmap command can be used to individually disable NIS maps stored in the LDAP directory. This command does not remove the corresponding mapping definition from the nis.mapping file. It does not remove the corresponding entries from the directory either, because the directory entries might by shared with other applications. However, the map is not listed in the result of a ypcat(1), ypwhich(1), or ypmatch() command.

Options

-d domain-name

Specifies the name of the domain to which the map belongs.

-f mapping-file

Specifies the path to the mapping file. By default it is /etc/opt/SUNWconn/ldap/current/mapping.

-n naming-context

Specifies the subtree under which the LDAP entries corresponding to the map are located. By default, the entries are located under the subtree specified in the NAMING_CONTEXT variable in the nis.mapping file.

map-name

Specifies the name of the NIS map to be disabled in the LDAP directory.

See Also

See "dsypaddmap" .


dsypinit
Synopsis

The command syntax for dsypinit is:

/opt/SUNWconn/ldap/sbin/dsypinit -c

/opt/SUNWconn/ldap/sbin/dsypinit -m [-r] [-b] [-l] [-k key_value] [-d domain] [table *]

/opt/SUNWconn/ldap/sbin/dsypinit -s master_server

/opt/SUNWconn/ldap/sbin/dsypinit -u [-d domain] [table *]

Description

The dsypinit command is used to set up the Netscape Directory Server as an NIS server. You can start the NIS server as a master server, a slave server, or even as an NIS client.

The dsypinit command also builds the NIS tables that are stored on the server.

If you need to set up both master and slave servers, you must run dsypinit on the masters before you run it on the slaves.

Options

The dsypinit command can be run in four modes:

Client Option

-c

Used to set up an NIS client. You are prompted for a list of NIS servers. This list should be ordered from server which is physically closest to the client to the one which is the most far away. These servers must have an entry in the /etc/hosts file. The hosts file contains the names and IP addresses of all hosts on the network. The dsypinit command also keeps a list of hosts in the file /var/yp/binding/domain/ypservers. This file is used when the ypbind command is running without the -broadcast option.

Master Server Options

-m

Used to set up and build the tables for an NIS master server database.

-r

Used to secure maps. With this option, the NIS server will only accept connections from the root user.

-b

Specifies that the server will use the DNS resolver dameon, dsyprsvd, to look up DNS for hostnames and addresses not found in the NIS tables.

-l

Initializes the NIS tables with entries already present in the LDAP database. Security might be at risk if invalid entries are present in the database.

-k key_value

Used to insert a special key and value in the tables specified on the command line. Special keys are usually prefixed by YP_ . They are interpreted by NIS utilities.

Keys include:

Note. It is NOT recommended to change these key directories by using -k.

-d domain

Restricts the tables initialized to those belonging to the specified domain. The other tables in the mapping file are not initialized. By default, all tables in all domains are initialized.

table *

Restricts the tables initialized to those specified. This option makes it possible to initialize some tables with different options if necessary.

Slave Server Options

-s

Used to set up a slave server database.

master_server

Specifies the master server from which the NIS tables are propagated. It must be an existing reachable NIS server.

Disable Options

-u

Used to disable the specified NIS tables in the specified domain. If the -u option is used without the -d option and without a list of tables, none of the NIS domains managed by the serverare initialized.

-d domain

Specifies a domain for which the specified tables will be disabled. All other domains and tables managed by the server are normally initialized.

table *

Specifies the tables to be disabled. If no tables are specified, all the tables within the specified domain will be disabled.

See Also

See "dsypinstall" , "nis.mapping" , and the man pages for ypbind(1M) and dsyprsvd(1M).


dsypinstall
Synopsis

The syntax for dsypinstall is:

/opt/SUNWconn/ldap/sbin/dsypinstall -u

Description

The dsypinstall script initializes the NIS server and imports NIS data into the LDAP database. This script is interactive, you are prompted for:

  1. The name of the NIS domain managed by the server.
  2. The name you provide is used to create the directory subtree under which all NIS entries are stored.

  3. The installation directory for the Netscape Directory Server.
  4. The DN of the Netscape Directory Server directory manager.
  5. The DN you provide must be the same as the one you provided in the setup script for the Netscape Directory Server. This DN has all permissions on the Netscape Directory Server. By default, it is cn=Directory Manager.

  6. The port number where the directory server listens for LDAP traffic.
  7. The DN of the administrator for NIS information.
  8. You must create an entry for the NIS administrator in the directory. You must also create an ACI giving the administrator all permissions on the NIS subtrees in the directory. Refer to "Access Control on NIS Information" .

  9. The location of the NIS source files.
  10. The dsypinstall script assumes that your Makefile is located in /var/yp. It also assumes that the source files for NIS tables are all located in the directory that you specify when prompted, except for the aliases file which is assumed to be in /etc/mail.

  11. A list of NIS servers.
The dsypinstall script calls dsypinit to initialize the NIS server, and it calls dsimport to import data from the NIS source files to the LDAP database. The NIS-to-LDAP information mapping is defined in the nis.mapping file.

After running the dsypinstall script, you must restart the Directory Server daemon, ns-slapd.

Options

-u

Used to remove all files and daemons that provide NIS synchronization with the Directory Server.

See Also

See "dsimport" , "dsypinit" , "nis.mapping" .


dsyppasswdd
Synopsis

The syntax for dsyppasswd is:

/opt/SUNWconn/ldap/lib/dsyppasswdd [-m] [-D pwdfilesdir] [-M directory] [-nopw] [-nogecos] [-noshell] [-nofiles]

Description

The dsyppasswdd daemon manages changes to the NIS passwd map stored in the LDAP directory. It is a modified version of the NIS rpc.yppasswdd daemon to run with Netscape Directory Server. It runs on the master server, and responds to NIS requests from remote users to change their password, shell, or gecos fields in the passwd.byname map.

The requested changes are actually made in the LDAP database and the NIS map is rebuilt from there.

Change requests are made using the passwd command.

Options

-m

Performs a push operation after each modification of the NIS passwd map.

-D pwdfilesdir

Indicates the name of the directory containing the passwd and shadow files used by NIS. The default is /etc/yp.

-M directory

Indicates the name of the directory containing the LDAP-to-NIS mapping file, nis.mapping. The default directory is /etc/opt/SUNWconn/ldap/current/mapping.

-nopw

Indicates that passwords may not be changed remotely using the passwd command.

-nogecos

Indicates that the field containing the user's real name and other mail-related information may not be changed remotely using the passwd command.

-noshell

Indicates that the user's shell may not be changed remotely using the passwd command.

-nofiles

Prevents the synchronization of passwd and shadow files; see the NOTES section.

Notes

Although the LDAP directory is presumed to be the master repository for password data, many legacy installations have scripts which change user passwords in the NIS source files and issue a make command. To ensure that these files are kept synchronized with the directory, the dsyppasswdd daemon copies any updates made by a client system into the standard NIS passwd and shadow files. These files are presumed to be in /etc/yp unless the -D option is used to specify otherwise.

Encrypted passwords are usually stored using the Unix crypt format.

A password change operation made via the passwd(1) command and the dsyppasswdd daemon will always replace any existing passwords in the directory with a single entry encrypted using crypt.

See Also

See the man pages for passwd(1), passwd(4), and crypt(3C)


dsypsync
Synopsis

The command syntax for dsypsync is:

/opt/SUNWconn/ldap/sbin/dsypsync [-d domain-name] [map-name]

Description

The dsypsync command is used to manually resynchronize NIS maps with the NIS information stored in the directory. You can resynchronize all the maps within a specified domain, or individual maps.

In normal operation, the synchronization is done automatically. You may need to resynchronize manually using dsypsync after a system crash or after rebuilding the LDAP database using the ldif2db command.

Options

-d domain-name

Specifies to resynchronize all the maps in the specified domain. If you do not specify either a domain name or a map name, by default, all maps in all domains controlled by the server are resynchronized.

map-name

Specifies the map which you want to resynchronize. If you do not specify either a domain name or a map name, by default, all maps in all domains controlled by the server are resynchronized.

See Also

For information on ldif2db, refer to the Netscape Directory Server Administrator's Guide.


dsypxfr
Synopsis

The command syntax for dsypxfr is:

/opt/SUNWconn/ldap/sbin/dsypxfr [-f ] [-C tid prot servname] [-d domainname] [-h host] [-s domainname] [-t timeout] table

/opt/SUNWconn/ldap/sbin/dsypxfr_1perday.sh

/opt/SUNWconn/ldap/sbin/dsypxfr_1perhour.sh

/opt/SUNWconn/ldap/sbin/dsypxfr_2perday.sh

Description

The dsypxfr command synchronizes the NIS maps between master and slave servers. It calls the ypxfrd daemon on the master to update the local database, and to transfer the specified NIS maps to the local host.

The ypxfrd must be running on the master server.

The dsypxfr_1perday.sh, dsypxfr_1perhour.sh and dsypxfr_2perday.sh scripts can be used to build sorted crontab entries. These scripts include several commands to update several maps together.

The dsypxfr_1perday.sh script updates the following maps:

The dsypxfr_1perhour.sh script updates the following maps:

The dsypxfr_2perday.sh script updates the following maps:

Options

-f

Force the transfer to occur even if the version at the master is not more recent than the local version.

-C tid prot servname

Used internally by dsypserv to pass callback information. Do not set this option.

-d domainname

Specify a domain other than the default domain.

-h host

Get the map from the specified host even if a different host name is specified in the map itself. If host is not specified, dsypxfr gets the name of the master server from the NIS service.

-s domainname

Specify a source domain from which to transfer a map that should be the same across domains.

-t timeout

Time limit for the map transfer in seconds. The default value is 25.

mapname

Name of the map to be updated.

See Also

See the man page for ypxfrd(1M).


nis.at.conf
Synopsis

The location of the nis.at.conf file:

/opt/SUNWconn/ldap/default/schema/nis.at.conf

Description

The nis.at.conf file contains schema information used for synchronizing the NIS service with the Netscape Directory Server. It contains a list of LDAP attributes, described in LDIF format. The attributes in this file are not specified in RFC 2307 An Approach for Using LDAP as a Network Information Service, but are required to use the Netscape Directory Server as an NIS server.

For information on LDIF, refer to Netscape Directory Server Administrator's Guide.

Attributes in the nis.at.conf file are defined by:

For example, the line describing the sunNisDomain attribute is:

1.3.6.1.4.1.42.2.27.1.1.2 NAME 'sunNisDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE

See Also

See "nis.oc.conf" .


nis.conf
Synopsis

The location of the nis.conf file is:

/opt/SUNWconn/ldap/default/nis.conf

Description

The nis.conf file contains configuration information for the NIS service. It contains the following parameters:

rootdn

The DN of the NIS administrator. You are prompted to provide this DN when you run the dsypinstall initialization script.

rootpw

The password of the NIS administrator. You are prompted to provide this password when you run the dsypinstall initialization script.

ldapport

The port number on which the directory server daemon slapd-<serverID> listens for LDAP traffic. By default it is port number 389.

ldappath

The path to the installation directory of the directory server. By default, the Netscape Directory Server is installed under /usr/netscape/server4.

More configuration parameters for the NIS service are stored in the nis.mapping file.

See Also

See "nis.mapping" .


nis.mapping
Synopsis

The location of the nis.mapping file is:

/etc/opt/SUNWconn/ldap/current/mapping/nis.mapping

Description

The nis.mapping file contains:

Configuration Parameters

The configuration information stored in the nis.mapping file is at the beginning of the file, under the section entitled Configuration Variables.

The following configuration variables are defined:

DOMAIN_NAME

Specifies the NIS domain managed by the server.

NAMING_CONTEXT

When this variable is defined, it specifies the directory tree suffix under which the NIS subtree is created.

If this variable is not defined, the directory tree suffix is derived from the domain name supplied when running the dsypinstall script. By default the directory tree suffix is generated with dc (domain component) attributes. For example, with DOMAIN_NAME=france.airius.com, the directory tree suffix created by default is dc=france,ds=airius,dc=com.

The NIS subtree shown in "NIS Files/LDAP Subtrees" is created under this subtree.

ADMIN_SUFFIX

The distinguished name of the subtree that will hold NIS administrative entries. These entries are maintained automatically by the server.

DBM_DIRECTORY

Specifies the directory where the NIS binary maps are generated.

AUTOMATIC_PUSH

When NIS entries are modified in the LDAP directory, specifies to automatically push modifications to slave NIS servers. This variable is used only in the context of standard NIS replication (using dsyppush), not in the context of LDAP replication.

The possible values for this variable are enabled or disabled. The default setting is disabled.

AUTOMATIC_PUSH_DELAY

Specifies the delay for pushing modifications to slaves in minutes. When this variable is defined, the AUTOMATIC_PUSH variable must be enabled.

Mapping Information

The nis.mapping file defines the mapping of entries in NIS files to LDAP attributes. This nis.mapping file is divided into sections that contain mapping information for each NIS table. This mapping information is used by the NIS initialization process, dsypinstall, to import information from the NIS source files into the LDAP directory. It is specifically used by the following components:

The mapping definitions in the nis.mapping file specify the following:

The mapping of information for each table is described in "NIS File Entries/LDAP Entries" . The syntax and semantics of the mapping definitions are described in Appendix  A, "Mapping Syntax and Semantics."

See Also

See "nis.conf" .


nis.oc.conf
Synopsis

The location of the nis.oc.conf file is:

/opt/SUNWconn/ldap/default/schema/nis.oc.conf

Description

The nis.oc.conf file contains schema information used for synchronizing the NIS service with the Netscape Directory Server. It contains a list of LDAP object classes, described in LDIF format. The object classes in this file are not specified in RFC 2307 An Approach for Using LDAP as a Network Information Service, but are required to use the Netscape Directory Server as an NIS server.

For information on LDIF, refer to Netscape Directory Server Administrator's Guide.

Object classes in the nis.oc.conf file are defined by:

For example, the line describing the nisMailAlias object class is:

1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP 'top' MUST ( cn ) MAY ( rfc822mailMember )

See Also

See "nis.at.conf" .

 

Copyright © 1999 Sun Microsystems, Inc. Some preexisting portions Copyright © 1999 Netscape Communications Corporation