In order to federate a subordinate naming system (either NIS+ or NIS) in X.500/LDAP:
Root reference information must be added into X.500 describing how to reach the subordinate naming system.
An X.500 client API must be specified.
Obtain the NIS+ root reference for your NIS+ hierarchy.
Create an X.500 entry that supports XFN reference attributes.
For example, the following command creates a new X.500 entry called c=us/o=doc with the object classes top, organization, and XFN-supplement (1.2.840.113536.25). The XFN-supplement object class allows the c=us/o=doc entry to store reference information for a subordinate naming system.
# fnattr -a .../c=us/o=doc object-class \ top organization XFN-supplement |
If the X.500 entry already existed and was not defined with the XFN-supplement object class, it must be removed and re-created with the additional object class. Otherwise, it will not be able to hold reference information about the subordinate naming system.
Add the reference information about the subordinate system to the entry.
After creating the X.500 entry, you can then add information about the subordinate system by binding the appropriate root reference to the named entry.
For example, if your subordinate naming system is NIS+, and the NIS+ server you want to use is nismaster, your would enter:
# fnbind -r .../c=us/o=doc/ onc_fn_enterprise onc_fn_nisplus_root \ "doc.com. nismaster |
If your subordinate naming system is NIS, and the NIS server you want to use is ypmaster, your would enter:
# fnbind -r .../c=us/o=doc/ onc_fn_enterprise onc_fn_nis_root \ "doc.com/ ypmaster" |
These examples bind the reference for the NIS+ or NIS hierarchy with the root domain name doc.com., to the next naming system pointer (NNSP) of the X.500 entry c=us/o=doc, thus linking the X.500 namespace with the doc.com. namespace.
The address format used is that of the root reference described in "Obtaining the Root Reference". Note the use of the trailing slash in the name argument to fnbind, .../c=us/o=doc/, to signify that the reference is being bound to the NNSP of the entry, rather than to the entry itself.
For further information on X.500 entries and XFN references, see "X.500 Attribute Syntax for XFN References".
An X.500 client API is required in order to access X.500 using FNS. You can use one of two different clients:
XDS/XOM API. The XDS/XOM API must be installed. It is exported from the /opt/SUNWxds/lib/libxomxds.so shared object. Consult "Getting started with the SunLink X.500 Client Toolkit" for details on the X.500 product.
LDAP (Lightweight Directory Access Protocol) API. The LDAP API is automatically installed as part of Solaris Release 2.6.
The API that you use is specified in each machine's /etc/fn/x500.conf file. This file contains configuration information for X.500 and LDAP. This file can be edited directly. The default x500.conf file contains two entries:
x500-access: xds ldap ldap-servers: localhost ldap |
Where localhost and ldap are the IP addresses or hostnames of one or more LDAP servers.
The first entry specifies the order in which X.500 accesses APIs. In the example above, X.500 will first try to use XDS/XOM. If XDS/XOM is not available, it will default to using LDAP. If the entry read: x500-access: ldap xds, X.500 would use LDAP and only fall back on XDS if LDAP were not available.
The second entry lists the IP addresses or hostnames of servers running LDAP. Each server is tried in turn until a successful LDAP connection is achieved. In the example above, the localhost is tried first. If LDAP is not available on that server, the next one is tried.