NIS+ to LDAP Tools and the Service Management Facility
Most of the command line administrative tasks associated with the NIS+ to LDAP transition are managed by the Service Management Facility. For an overview of SMF, refer to Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. Also refer to the svcadm(1M) and svcs(1) man pages for more details.
-
Administrative actions on the NIS+ to LDAP transition service, such as enabling, disabling, or restarting, can be performed using the svcadm command.
Tip –Temporarily disabling a service by using the -t option provides some protection for the service configuration. If the service is disabled with the -t option, the original settings would be restored for the service after a reboot. If the service is disabled without -t, the service will remain disabled after reboot.
-
The NIS+ Fault Managed Resource Identifier (FMRI) is svc:/network/rpc/nisplus:<instance>. The FMRI for the LDAP client service is svc:/network/ldap/client:<instance>.
-
You can query the status of NIS+ by using the svcs command.
-
Example of svcs command and output.
# svcs \*nisplus\* STATE STIME FMRI online Sep_01 svc:/network/rpc/nisplus:default
-
-
Example of svcs -l command and output. To get the output shown below, you must use the instance name in the FMRI.
# svcs -l network/rpc/nisplus:default fmri svc:/network/rpc/nisplus:default enabled false state disabled next_state none restarter svc:/system/svc/restarter:default dependency require_all/none svc:/network/rpc/keyserv (online)
-
You can check a daemon's presence by using the ps command.
# ps -e | grep rpc.nisd root 23320 1 0 Aug 27 ? 16:30 ./ns-slapd -D \ /usr/iplanet/ds5/slapd-lastrev -i /usr/iplanet/ds5/slapd-lastrev/ root 25367 25353 0 15:35:19 pts/1 0:00 grep slapd
Note –Do not use the -f option with ps because this option attempts to translate user IDs to names, which causes more naming service lookups that might not succeed.
When Not to Use SMF With NIS+ to LDAP
In general, the /usr/sbin/rpc.nisd daemon is administered using the svcadm command. However, when rpc.nisd is invoked with -x nisplusLDAPinitialUpdateOnly=yes, rpc.nisd performs the specified initial update action, then exits. That is, rpc.nisd does not daemonize. The Service Management Facility should not be used in conjunction with -x nisplusLDAPinitialUpdateOnly=yes. SMF can be used any other time you want to start, stop, or restart the rpc.nisd daemon.
The following example shows rpc.nisd used with -x nisplusLDAPinitialUpdateOnly=yes.
# /usr/sbin/rpc.nisd -m mappingfile \ -x nisplusLDAPinitialUpdateAction=from_ldap \ -x nisplusLDAPinitialUpdateOnly=yes |
Modifying the /lib/svc/method/nisplus File
If you want to include specific options when you invoke the rpc.nisd daemon with the Service Management Facility, you can use the svcprop command or modify the /lib/svc/method/nisplus file. See the svcprop(1) man page for more information about using the svcprop command. The following procedure describes how to modify the /lib/svc/method/nisplus file.
How to Modify the /lib/svc/method/nisplus File
-
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.
-
Stop the NIS+ service.
# svcadm disable network/rpc/nisplus:default
-
Open the /lib/svc/method/nisplus file.
Use the editor of your choice.
-
Edit the file to add the desired options.
Change:
if [ -d /var/nis/data -o -d /var/nis/$hostname ]; then /usr/sbin/rpc.nisd || exit $To:
if [ -d /var/nis/data -o -d /var/nis/$hostname ]; then /usr/sbin/rpc.nisd -Y -B || exit $?In this example, the -Y and -B options are added to rpc.nisd, so the options are automatically implemented at startup.
-
Save and quit the /lib/svc/method/nisplus file.
-
Start the NIS+ service.
# svcadm enable network/rpc/nisplus:default
- © 2010, Oracle Corporation and/or its affiliates