Documentation Home
> System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
R
S
T
U
V
W
X
Y
Preface
Part I About Naming and Directory Services
Chapter 1 Naming and Directory Services (Overview)
What Is a Naming Service?
Solaris Naming Services
Description of the DNS Naming Service
Description of the /etc Files Naming Service
Description of the NIS Naming Service
Description of the NIS+ Naming Service
Description of the LDAP Naming Services
Naming Services: A Quick Comparison
Chapter 2 The Name Service Switch (Overview)
About the Name Service Switch
Format of the nsswitch.conf File
Search Criteria
Switch Status Messages
Switch Action Options
Default Search Criteria
What if the Syntax is Wrong?
Auto_home and Auto_master
Timezone and the Switch File
Comments in nsswitch.conf Files
Keyserver and publickey Entry in the Switch File
The nsswitch.conf Template Files
The Default Switch Template Files
The nsswitch.conf File
Selecting a Different Configuration File
How to Modify the Name Service Switch
DNS and Internet Access
IPv6 and Solaris Naming Services
Ensuring Compatibility With +/- Syntax
The Switch File and Password Information
Part II DNS Setup and Administration
Chapter 3 DNS Setup and Administration (Reference)
Related Materials
Migrating From BIND 8 to BIND 9
DNS and the Service Management Facility
Implementing rndc
The rndc.conf Configuration File
Differences in the Control Channels
Commands of BIND 9 rndc
BIND 9 Commands, Files, Tools, and Options
BIND 9 Tools and Configuration Files
Comparison of BIND 8 and BIND 9 Commands and Files
Descriptions of Command and Option Changes
The named.conf Options
Statements in BIND 9
The Controls Statement
The Zone Statement
The ACL Statement
The Key Statement
The Trusted-Keys Statement
The Server Statement
The Include Statement
Summary of the named.conf Options
Part III NIS Setup and Administration
Chapter 4 Network Information Service (NIS) (Overview)
NIS Introduction
NIS Architecture
NIS Machine Types
NIS Servers
NIS Clients
NIS Elements
The NIS Domain
NIS Daemons
NIS Utilities
NIS Maps
Default NIS Maps
Using NIS Maps
NIS Map Nicknames
NIS-Related Commands
NIS Binding
Server-List Mode
Broadcast Mode
Chapter 5 Setting Up and Configuring NIS Service
Configuring NIS Task Map
Before You Begin Configuring NIS
NIS and the Service Management Facility
Planning Your NIS Domain
Identify Your NIS Servers and Clients
Preparing the Master Server
Source Files Directory
Passwd Files and Namespace Security
Preparing Source Files for Conversion to NIS Maps
How to Prepare Source Files for Conversion
Preparing the Makefile
Setting Up the Master Server With ypinit
How to set up the master server using ypinit
Master Supporting Multiple NIS Domains
Starting and Stopping NIS Service on the Master Server
Starting NIS Service Automatically
Starting and Stopping NIS From the Command Line
Setting Up NIS Slave Servers
Preparing a Slave Server
Setting Up a Slave Server
How to Set Up a Slave Server
How to Start NIS on a Slave Server
Setting Up NIS Clients
Chapter 6 Administering NIS (Tasks)
Password Files and Namespace Security
Administering NIS Users
How to Add a New NIS User to an NIS Domain
Setting User Passwords
NIS Netgroups
Working With NIS Maps
Obtaining Map Information
Changing a Map's Master Server
How to Change a Map's Master Server
Modifying Configuration Files
How to Modify Configuration Files
Modifying and Using the Makefile
Working With the Makefile
Changing Makefile Macros/Variables
Modifying Makefile Entries
How to Modify the Makefile to Use Specific Databases
How to Modify the Makefile to Delete Databases
Updating and Modifying Existing Maps
How to Update Maps Supplied With the Default Set
Maintaining Updated Maps
Propagating an NIS Map
Using cron for Map Transfers
Using Shell Scripts With cron and ypxfr
Directly Invoking ypxfr
Logging ypxfr Activity
Modifying Default Maps
Using makedbm to Modify a Non-Default Map
Creating New Maps from Text Files
Adding Entries to a File-Based Map
Creating Maps From Standard Input
Modifying Maps Made From Standard Input
Adding a Slave Server
How to Add a Slave Server
Using NIS With C2 Security
Binding to a Specific NIS Server
Changing a Machine's NIS Domain
How to Change a Machine's NIS Domain Name
Using NIS in Conjunction With DNS
How to Configure Machine Name and Address Lookup Through NIS and DNS
Dealing with Mixed NIS Domains
Turning Off NIS Services
Chapter 7 NIS Troubleshooting
NIS Binding Problems
Symptoms
NIS Problems Affecting One Client
ypbind Not Running on Client
Missing or Incorrect Domain Name
Client Not Bound to Server
No Server Available
ypwhich Displays Are Inconsistent
When Server Binding is Not Possible
ypbind Crashes
NIS Problems Affecting Many Clients
rpc.yppasswdd Considers a Non-Restricted Shell That Begins With r to be Restricted
Network or Servers Are Overloaded
Server Malfunction
NIS Daemons Not Running
Servers Have Different Versions of an NIS Map
Logging ypxfr Output
Check the crontab File and ypxfr Shell Script
Check the ypservers Map
Work Around
ypserv Crashes
Part IV LDAP Naming Services Setup and Administration
Chapter 8 Introduction to LDAP Naming Services (Overview/Reference)
Audience Assumptions
Suggested Background Reading
Additional Prerequisite
LDAP Naming Services Compared to Other Naming Services
Advantages of LDAP Naming Services
Restrictions of LDAP Naming Services
LDAP Naming Services Setup (Task Map)
Chapter 9 LDAP Basic Components and Concepts (Overview)
LDAP Data Interchange Format (LDIF)
Using Fully Qualified Domain Names With LDAP
Default Directory Information Tree (DIT)
Default LDAP Schema
Service Search Descriptors (SSDs) and Schema Mapping
Description of SSDs
Attribute Map
objectClass Map
LDAP Client Profiles
Client Profile Attributes
Local Client Attributes
ldap_cachemgr Daemon
LDAP Naming Services Security Model
Introduction
Transport Layer Security (TLS)
Assigning Client Credential Levels
enableShadowUpdate Switch
Credential Storage
Choosing Authentication Methods
Authentication and Services
Pluggable Authentication Methods
pam_unix Service Modules
pam_krb5 Service Module
pam_ldap Service Module
PAM and Changing Passwords
Account Management
Account Management With pam_unix
Chapter 10 Planning Requirements for LDAP Naming Services (Tasks)
LDAP Planning Overview
Planning the LDAP Network Model
Planning the Directory Information Tree (DIT)
Multiple Directory Servers
Data Sharing With Other Applications
Choosing the Directory Suffix
LDAP and Replica Servers
Planning the LDAP Security Model
Planning Client Profiles and Default Attribute Values for LDAP
Planning the LDAP Data Population
How to Populate a Server With host Entries Using ldapaddent
Chapter 11 Setting Up Sun Java System Directory Server With LDAP Clients (Tasks)
Configuring Sun Java System Directory Server by Using idsconfig
Creating a Checklist Based on Your Server Installation
Attribute Indexes
Schema Definitions
Using Browsing Indexes
Using Service Search Descriptors to Modify Client Access to Various Services
Setting Up SSDs Using idsconfig
Running idsconfig
How to Configure Sun Java System Directory Server by Using idsconfig
Example idsconfig Setup
Populating the Directory Server Using ldapaddent
How to Populate Sun Java System Directory Server With User Password Data Using ldapaddent
Managing Printer Entries
Adding Printers
Using lpget
Populating the Directory Server With Additional Profiles
How to Populate the Directory Server With Additional Profiles Using ldapclient
Configuring the Directory Server to Enable Account Management
For Clients That Use pam_ldap
For Clients That Use pam_unix
Migrating Your Sun Java System Directory Server
Chapter 12 Setting Up LDAP Clients (Tasks)
Prerequisites to LDAP Client Setup
LDAP and the Service Management Facility
Initializing an LDAP Client
Using Profiles to Initialize a Client
How to Initialize a Client Using Profiles
Using Per-User Credentials
How to Initialize a Client Using Per-User Credentials
Using Proxy Credentials
How to Initialize a Client Using Proxy Credentials
Enabling Shadow Updating in LDAP
How to Initialize a Client to Enable the Updating of Shadow Data
Initializing a Client Manually
How to Initialize a Client Manually
Modifying a Manual Client Configuration
How to Modify a Manual Configuration
Uninitializing a Client
How to Uninitialize a Client
Setting Up TLS Security
Configuring PAM
Configuring PAM to Use UNIX policy
Configuring PAM to Use LDAP server_policy
Retrieving LDAP Naming Services Information
Listing All LDAP Containers
Listing All User Entry Attributes
Customizing the LDAP Client Environment
Modifying the nsswitch.conf File for LDAP
Enabling DNS With LDAP
Chapter 13 LDAP Troubleshooting (Reference)
Monitoring LDAP Client Status
Verifying ldap_cachemgr Is Running
Checking the Current Profile Information
Verifying Basic Client-Server Communication
Checking Server Data From a Non-Client Machine
LDAP Configuration Problems and Solutions
Unresolved Hostname
Unable to Reach Systems in the LDAP Domain Remotely
Login Does Not Work
Lookup Too Slow
ldapclient Cannot Bind to Server
Using ldap_cachemgr for Debugging
ldapclient Hangs During Setup
Chapter 14 LDAP General Reference (Reference)
Blank Checklists
LDAP Upgrade Information
Compatibility
Running the ldap_cachemgr Daemon
New automount Schema
pam_ldap Changes
LDAP Commands
General LDAP Tools
LDAP Tools Requiring LDAP Naming Services
Example pam.conf File for pam_ldap
Example pam_conf file for pam_ldap Configured for Account Management
IETF Schemas for LDAP
RFC 2307 Network Information Service Schema
Mail Alias Schema
Directory User Agent Profile (DUAProfile) Schema
Solaris Schemas
Solaris Projects Schema
Role-Based Access Control and Execution Profile Schema
Internet Print Protocol Information for LDAP
Internet Print Protocol (IPP) Attributes
Internet Print Protocol (IPP) ObjectClasses
Sun Printer Attributes
Sun Printer ObjectClasses
Generic Directory Server Requirements for LDAP
Default Filters Used by LDAP Naming Services
Chapter 15 Transitioning From NIS to LDAP (Overview/Tasks)
NIS-to-LDAP Service Overview
NIS-to-LDAP Tools and the Service Management Facility
NIS-to-LDAP Audience Assumptions
When Not to Use the NIS-to-LDAP Service
Effects of the NIS-to-LDAP Service on Users
NIS-to-LDAP Transition Terminology
NIS-to-LDAP Commands, Files, and Maps
Supported Standard Mappings
Transitioning From NIS to LDAP (Task Map)
Prerequisites for the NIS-to-LDAP Transition
Setting Up the NIS-to-LDAP Service
How to Set Up the N2L Service With Standard Mappings
How to Set Up the N2L Service With Custom or Nonstandard Mappings
Examples of Custom Maps
Example 1–Moving Host Entries
Example 2–Implementing a Custom Map
NIS-to-LDAP Best Practices With Sun Java System Directory Server
Creating Virtual List View Indexes With Sun Java System Directory Server
VLVs for Standard Maps
VLVs for Custom and Nonstandard Maps
Avoiding Server Timeouts With Sun Java System Directory Server
Avoiding Buffer Overruns With Sun Java System Directory Server
NIS-to-LDAP Restrictions
NIS-to-LDAP Troubleshooting
Common LDAP Error Messages
NIS-to-LDAP Issues
Debugging the NISLDAPmapping File
N2L Server Timeout Issue
N2L Lock File Issue
N2L Deadlock Issue
Reverting to NIS
How to Revert to Maps Based on Old Source Files
How to Revert to Maps Based on Current DIT Contents
Chapter 16 Transitioning From NIS+ to LDAP
NIS+ to LDAP Overview
rpc.nisd Configuration Files
NIS+ to LDAP Tools and the Service Management Facility
When Not to Use SMF With NIS+ to LDAP
Modifying the /lib/svc/method/nisplus File
How to Modify the /lib/svc/method/nisplus File
Creating Attributes and Object Classes
Getting Started With the NIS+ to LDAP Transition
/etc/default/rpc.nisd File
General Configuration
Configuration Data From LDAP
Server Selection
Authentication and Security
Default Location in LDAP and NIS+
Timeout/Size Limits and Referral Action for LDAP Communication
Error Actions
General LDAP Operation Control
/var/nis/NIS+LDAPmapping File
nisplusLDAPdatabaseIdMapping Attribute
nisplusLDAPentryTtl Attribute
nisplusLDAPobjectDN Attribute
nisplusLDAPattributeFromColumn Attribute
nisplusLDAPcolumnFromAttribute Attribute
NIS+ to LDAP Migration Scenarios
How to Convert All NIS+ Data to LDAP in One Operation
How to Convert All LDAP Data to NIS+ in One Operation
Merging NIS+ and LDAP Data
How to Merge NIS+ and LDAP Data
Masters and Replicas (NIS+ to LDAP)
Replication Timestamps
The Directory Server (NIS+ to LDAP)
Configuring the Sun Java System Directory Server
Assigning Server Address and Port Number
Security and Authentication
Using SSL
Performance and Indexing
Mapping NIS+ Objects Other Than Table Entries
NIS+ Entry Owner, Group, Access, and TTL
How to Store Additional Entry Attributes in LDAP
Principal Names and Netnames (NIS+ to LDAP)
client_info and timezone Tables (NIS+ to LDAP)
client_info Attributes and Object Class
timezone Attributes and Object Class
Adding New Object Mappings (NIS+ to LDAP)
How to Map Non-Entry Objects
Adding Entry Objects
Storing Configuration Information in LDAP
Appendix A Solaris 10 Software Updates to DNS, NIS, and LDAP
Service Management Facility Changes
DNS BIND
pam_ldap Changes
Documentation Errors
Glossary
© 2010, Oracle Corporation and/or its affiliates