Chapter 1 Introduction to Synchronized NIS/LDAP Service

The Network Information Service (NIS) provides a robust and reliable naming service that holds information on network users, groups, host machines, servers, and generally all information necessary to operate a network. However, with the growing acceptance of LDAP directories, companies find that they also want to hold the same type of information in their LDAP directory.

This chapter provides an introduction to using the NIS name service in conjunction with the Netscape Directory Server. All NIS information is stored in the LDAP directory to provide a single repository for network information. All of the features provided by the standard NIS environment are preserved.

This chapter explains the stages in transitioning from a standard NIS service to a naming service synchronized with the Netscape Directory Server.

This chapter contains the following sections:

• "Benefits of Netscape Directory Server"
• "NIS/LDAP Compared Terminology"


• "Transitioning to Synchronized Operation"


• "Daemons Providing Synchronized Service"

• In a standard NIS environment, information is stored in a set of flat files, referred to as the NIS source files, or the etc files, because their default location is under the /etc directory. When LDAP synchronization is enabled, this information is stored in the LDAP directory which serves as a common repository for information.
• In a standard NIS environment, when information is propagated from master servers to slave servers, entire tables (or maps) are propagated, not just the updates. With LDAP replication, it is possible to replicate just the changed information to increase efficiency.
• The information stored in the Netscape Directory Server is accessible through the LDAP protocol and can potentially be shared with all applications and users in the organization, although you can restrict access if necessary.

In LDAP, information is stored in entries. The type of entry, or object class, and the mandatory and optional attributes associated with that object class, identify the type of information held in the entry. For example, the object class nisObject is used to create an LDAP entry that represents a line in an NIS file. A mandatory attribute of nisObject is nisMapName.

Detailed examples of how the contents of NIS files are mapped onto LDAP entries are provided in Chapter  4, "NIS Information in the LDAP Directory."

In an NIS environment where multiple servers hold copies of the NIS tables, the server that holds the reference copy is called the master server, and all servers that hold copies are called slave servers. The operation of copying information between the master and the slave servers is called propagation.

In an LDAP environment, you might see the terms master and replica servers. However, in the Netscape Directory Server documentation, a master server is referred to as a supplier, and a slave server as a consumer. The operation of copying information between a supplier and the consumers is called replication.

Figure 1.1 Pure NIS environment

Figure 1.2 Mixed NIS-Netscape Directory Server Environment

At this stage, you have the choice between two methods for performing updates to NIS information:

• Using the standard NIS procedure (modifying the /etc files)
• Making modifications in the LDAP database

Note. Do not use a combination of both methods.

For more information on performing updates to NIS information, refer to "Updating NIS Maps" .

Figure 1.3 Netscape Directory Server Environment

At this stage too, you have the choice of methods for performing updates to NIS information:

• Using the standard NIS update procedure (modifying the /etc files)
• Making modifications in the LDAP database

• Using the standard NIS propagation process, yppush
• Using LDAP replication

This section also provides a brief description of the additional commands and daemons provided with Solaris Extensions for Netscape Directory Server 4.11. Full reference information on these and on the standard NIS processes are provided in Chapter  5, "NIS Command & File Reference."

Table 1.1 Daemons and Commands Providing NIS Service

The dsypserv daemon provides the NIS service. It receives and responds to NIS requests in the same way as the ypserv(1M) daemon. It does not convert NIS requests to LDAP requests and NIS responses to LDAP responses. It uses all of the standard NIS administration and lookup utilities such as yppoll(1M), yppush(1M), ypcat(1), ypwhich(1), and ypmatch(1). The major difference between dsypserv and ypserv is that dsypserv uses the information in the LDAP directory to build the NIS maps.

Some of the standard NIS utilities were modified to accomodate the synchronization with the LDAP directory. These are listed in Table  1.1.

For more detailed information on the NIS service, refer to the man page for ypserv(1M).

dsyppasswdd

The dsyppasswdd daemon manages changes to the password tables stored in the LDAP directory. It runs on the master server and responds to requests from users who invoke the passwd command to change their password, full name (in the gecos field) or shell. The dsyppasswdd daemon makes updates to the LDAP database, and also to the NIS passwd file. It also updates the shadow file when there is one.

For details of how to configure the dsyppasswdd daemon, refer to "dsyppasswdd" .

dsypxfr

The dsypxfr command is used on a slave server to request updates from the master. It can be invoked manually or by a crontab file, or called by the dsypserv daemon.

For more information on dsypxfr, refer to "dsypxfr" .

dsmakedbm

The dsmakedbm command builds the NIS tables from the information held in the NIS source files. It is slightly different from the standard NIS makedbm command because it calls the dsimport utility to create NIS entries in the directory.

dsypinit

The dsypinit command initializes an NIS server as a master server or slave server. This command can also be used instead of the NIS standard ypinit command to initialize NIS clients.

For details of how to use dsypinit, refer to "dsypinit" .

Note. Do not run dsypinit to initialize the NIS service with Netscape Directory Server. Use dsypinstall, as described in "Initializing Synchronized Operation" .

dsypsync

The dsypsync command can be used to resynchronize NIS tables with the information held in the LDAP directory. In this synchronization process, the reference data, is the data held in the LDAP directory.

Note. The dsypsync command regenerates the NIS maps, however, it does not update the NIS source files.

For more information on dsypsync, see "dsypinit" .

dsyp

The dsyp command can be used to initialize or disable the NIS/LDAP synchronized service. It is called by the dsypinstall script to initialize or stop the NIS synchronization with the LDAP directory. It can also be invoked manually.

For more information on dsyp, refer to "dsyp" .

dsypaddmap

The dsypaddmap commands simplifies the process of creating NIS-to-LDAP mapping definitions. You can use dsypaddmap to automatically create an NIS-to-LDAP mapping for a new map you want to import into the directory.

Note. Although dsypaddmap creates a new subtree in the directory for the new map, it does not import NIS data into the directory. You must use dsimport to create the NIS entries in the directory.

For more information on dsypaddmap, refer to "dsypaddmap" .

dsypdelmap

The dsypdelmap command disables NIS maps. It does not actually remove the NIS entries from the directory because they could be used by other applications. It does not remove the mapping definition either.

For more information on dsypdelmap, refer to "dsypdelmap" .