Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. The Name Service Switch (Overview)
Part II DNS Setup and Administration
3. DNS Setup and Administration (Reference)
Part III NIS Setup and Administration
4. Network Information Service (NIS) (Overview)
5. Setting Up and Configuring NIS Service
Part IV LDAP Naming Services Setup and Administration
8. Introduction to LDAP Naming Services (Overview/Reference)
9. LDAP Basic Components and Concepts (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Sun Java System Directory Server With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP General Reference (Reference)
15. Transitioning From NIS to LDAP (Overview/Tasks)
16. Transitioning From NIS+ to LDAP
NIS+ to LDAP Tools and the Service Management Facility
When Not to Use SMF With NIS+ to LDAP
Modifying the /lib/svc/method/nisplus File
Creating Attributes and Object Classes
Getting Started With the NIS+ to LDAP Transition
Default Location in LDAP and NIS+
Timeout/Size Limits and Referral Action for LDAP Communication
General LDAP Operation Control
nisplusLDAPdatabaseIdMapping Attribute
nisplusLDAPattributeFromColumn Attribute
nisplusLDAPcolumnFromAttribute Attribute
NIS+ to LDAP Migration Scenarios
How to Convert All NIS+ Data to LDAP in One Operation
How to Convert All LDAP Data to NIS+ in One Operation
How to Merge NIS+ and LDAP Data
Masters and Replicas (NIS+ to LDAP)
The Directory Server (NIS+ to LDAP)
Configuring the Sun Java System Directory Server
Assigning Server Address and Port Number
NIS+ Entry Owner, Group, Access, and TTL
How to Store Additional Entry Attributes in LDAP
Principal Names and Netnames (NIS+ to LDAP)
client_info and timezone Tables (NIS+ to LDAP)
client_info Attributes and Object Class
timezone Attributes and Object Class
Adding New Object Mappings (NIS+ to LDAP)
Storing Configuration Information in LDAP
A. Solaris 10 Software Updates to DNS, NIS, and LDAP
You can store NIS+ objects other than table entries in LDAP. However, doing so has no particular value unless you also have NIS+ replicas that obtain those NIS+ objects from LDAP. The recommended choices are the following.
There are no replicas, or the replicas obtain their data from the NIS+ master only.
Edit the mapping configuration file (see NIS+LDAPmapping(4)) to remove the following attribute values for all non-table-entry objects.
nisplusLDAPdatabaseIdMapping nisplusLDAPentryTtl nisplusLDAPobjectDN
For example, if you started out from the /var/nis/NIS+LDAPmapping.template file, the sections you need to remove (or disable by commenting) are as follows.
# Standard NIS+ directories nisplusLDAPdatabaseIdMapping basedir: . . .
nisplusLDAPdatabaseIdMapping user_attr_table:user_attr.org_dir
nisplusLDAPdatabaseIdMapping audit_user_table:audit_user.org_dir # Standard NIS+ directories nisplusLDAPentryTtl basedir:21600:43200:43200 . . .
nisplusLDAPentryTtl user_attr_table:21600:43200:43200 nisplusLDAPentryTtl audit_user_table:21600:43200:43200 # Standard NIS+ directories nisplusLDAPobjectDN basedir:cn=basedir,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\ cn=basedir,ou=nisPlus,?base?\ objectClass=nisplusObjectContainer,\ objectClass=top . . .
nisplusLDAPobjectDN audit_user_table:cn=audit_user,ou=nisPlus,?base?\ objectClass=nisplusObjectContainer:\ cn=audit_user,ou=nisPlus,?base?\ objectClass=nisplusObjectContainer,\ objectClass=top
NIS+ replicas obtain their data from LDAP server.
Create the nisplusObject attribute and nisplusObjectContainer object class as shown in the following example (LDIF data is suitable for ldapadd(1). Attribute and object class OIDs are for illustration only.)
dn: cn=schema changetype: modify add: attributetypes attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.1.0 NAME 'nisplusObject' DESC 'An opaque representation of an NIS+ object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )
dn: cn=schema changetype: modify add: objectclasses
objectclasses: (1.3.6.1.4.1.42.2.27.5.42.42.2.0 NAME'nisplusObjectContainer'
SUP top STRUCTURAL DESC 'Abstraction of an NIS+ object' MUST ( cn $ nisplusObject ) )
You also need to create a container for the NIS+ objects. The following LDIF syntax shows how to create the ou=nisPlus,dc=some,dc=domain container, and can be used as input to ldapadd(1).
dn: ou=nisPlus,dc=some,dc=domain ou: nisPlus objectClass: top objectClass: organizationalUnit