nisplusLDAPcolumnFromAttribute specifies the rules used to map LDAP data to NIS+.
The full entry mapping syntax can be found on NIS+LDAPmapping(4). However, a few examples should make things clearer.
The NIS+ rpc.org_dir table contains four columns called cname, name, numbe, and comment. Therefore, the entries for the NIS+ RPC program number (100300) with the canonical name nisd and the aliases rpc.nisd and nisplusd could be represented by the following NIS+ entries in rpc.org_dir.
nisd nisd 100300 NIS+ server nisd rpc.nisd 100300 NIS+ server nisd nisplusd 100300 NIS+ server |
Assuming the defaultSearchBase value is dc=some,dc=domain, the corresponding LDAP entry, as listed by ldapsearch(1), would be the following.
cn=nisd,ou=Ppc,dc=some,dc=domain cn=nisd cn=rpc.nsid cn=nisplusd oncrocnumber=100300 description=NIS+ server objectclass=oncRpc objectclass=top |
This makes for a simple one-to-one mapping between NIS+ and LDAP data, and the corresponding mapping attribute value going from NIS+ to LDAP is the following.
nisplusLDAPattributeFromColumn \ rpc: dn=("cn=%s,", name), \ cn=cname, \ cn=name, \ oncRpcNumber=number, \ description=comment |
This constructs the DN for the entry to be cn=%s, with the value of the cname column substituted for %s.
cn=nisd, |
Since the value ends in a comma, the read base value from the nisplusObjectDN is appended, and you have the following.
cn=nisd,ou=Rpc,dc=some,dc=domain |
The oncRpcNumber and description attribute values are just simple assignments of the corresponding NIS+ column values. The rpc.nisd will collect the multiple NIS+ entries into one LDAP entry, with multiple cn values to represent the different name column values.
Similarly, the mapping from LDAP to NIS+ would be as follows.
nisplusLDAPcolumnFromAttribute \ rpc: cname=cn, \ (name)=(cn), \ number=oncRpcNumber, \ comment=description |
The above assigns the oncRpcNumber and description values to the corresponding NIS+ columns. The multi-valued cn (denoted by (cn) is mapped to multiple name column values (denoted by (name)). Since the name column cannot be multi-valued, the rpc.nisd creates one NIS+ entry for each cn value.
Finally, the nisplusLDAPattributeFromColumn value is an example of rule sets used for deletion.
nisplusLDAPattributeFromColumn \ user_attr_del: dn=("uid=%s,", name), \ SolarisUserQualifier=, \ SolarisAttrReserved1=, \ SolarisAttrReserved2=, \ SolarisAttrKeyValue= |
Again, the user_attr.org_dir data shares the ou=People container with other account information (from the passwd.org_dir and other tables). If an entry in the user_attr.org_dir table is deleted, you probably do not want to delete the entire ou=People entry. Instead, the delete entry above says that when a user_attr.org_dir entry is deleted, the SolarisUserQualifier, SolarisAttrReserved1, SolarisAttrReserved2, and SolarisAttrKeyValue attributes (if any) are deleted from the ou=People entry specified by the following rule.
dn=("uid=%s,", name) |
The rest of the LDAP entry is left unchanged.