System Administration Guide: Naming and Directory Services (FNS and NIS+)

Chapter 19 Administering NIS+ Tables

This chapter describes NIS+ tables and how to administer them. (See Table 10–1, for detailed descriptions of the default NIS+ tables.)


Note –

NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment (seeSystem Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) ). For more information, visit http://www.sun.com/directory/nisplus/transition.html.


NIS+ Tables

Information used by NIS+ is stored in NIS+ tables. (See Chapter 23, Information in NIS+ Tables for a description of each default NIS+ system tables supplied in Solaris operating environment.)

For a complete description of NIS+ table-related commands and their syntax and options, see the NIS+ man pages.

The nistbladm Command


Note –

Some NIS+ table administration tasks can be performed more easily with Solstice AdminSuiteTM tools if you have them available.


The nistbladm command is the primary NIS+ table administration command. The nistbladm command is for use on NIS+ tables stored in an NIS+ directory object. With it, you can create, modify, and delete NIS+ tables and entries. To create a table, its directory must already exist. To add entries to the table, the table and columns must already be defined.

To create a table, you must have create rights to the directory under which you will create it. To delete a table, you must have destroy rights to the directory. To modify the contents of a table, whether to add, change, or delete entries, you must have modify rights to the table or the entries.

nistbladm Syntax Summary

The general syntax of the nistbladm command is:


nistbladm options \
 [columspec | columnvalue] \
 [tablename | indexedname]

Where:

Table 19–1 nistbladm Options

Option 

Description 

-a | -A

Add an entry to an existing NIS+ table. The -a option returns an error if execution of the command would result in overwritting any existing entry. The -A option forces execution of the command even if it results in overwriting an existing entry. (See Adding Entries to a Table.)

-D defaults

Specify a different set of default properties when creating an object. (See the nistbladm man page for details.)

-d

Destroy a table. (See Deleting a Table.)

-c

Create a table. (See Creating a New Table.)

-r | -R

Remove one or more entries from an existing NIS+ table. The -r option returns an error if execution of the command would result in removal of more than one entry. The -R option forces execution of the command even if it results in removing multiple entries. (See Removing Table Entries.)

-m

An obsoleted option for modifying table entries that is still supported for backwards compatibility. The -e and -E options are the preferred method for editing entries.

-e | -E

Edit an entry in an existing NIS+ table. The -e option returns an error if execution of the command would affect more than one entry. The -A option forces execution of the command even if it results in changing an existing entry in such a way as to overwrite a different entry. (See Modifying Table Entries.)

nistbladm and Column Values

Column values are used to identify individual entries in tables using the format:


columname="value", \
 columnname="value", ...

Where:

For example, suppose you had a hosts table that listed machine names and IP addresses:

Table 19–2 Example Hosts Table

IP address 

name 

aliases 

129.146.168.4

altair

 

129.146.168.119

deneb

mail

129.146.168.120

regulus

dnsmaster

129.146.168.121

regulus

dnsmaster

129.146.168.11

sirius

 

In this example, your could identify the altair entry (row) in three different ways using the column=value of:

But notice in the table above that the machine regulus is multi-homed and has two IP addresses. In that case, the column=value of host=regulus identifies two rows. To identify just the first regulus row, you would enter either:


Note –

Some nistbladm operations require that you enter a column=value pair for every column in the table.


nistbladm, Searchable Columns, Keys, and Column Values

When an NIS+ table is created, one or more columns are designated searchable with either the S or the I flags as described in Specifying Table Columns. You can use the niscat -o tablename command to display a list of a table's columns and their characteristics.

A table is keyed on its searchable columns. This means that each row in the table must have a unique combination of values in the searchable columns. For example, if a table has one searchable column, each table row must have a unique value in that column, no two rows can contain the same value.

For example, suppose you had a table containing one searchable column named city and a non-searchable column named country. The following rows would all be permitted:

City 

Country 

San Francisco 

United States 

Santa Fe 

United States 

Santiago 

Chile 

But you could not have two rows like:

City 

Country 

London 

Canada 

London 

England 

If a table has multiple searchable columns, it is the combination of values that must be unique. For example, suppose you had a table containing two searchable columns, Lastname, Firstname and a non-searchable column named city. The following rows would all be permitted:

Lastname 

Firstname 

City 

Kuznetsov 

Sergei 

Odessa 

Kuznetsov 

Rima 

Odessa 

Sergei 

Alex 

Odessa 

But you could not have two rows like this:

Lastname 

Firstname 

City 

Kuznetsov 

Rima 

Odessa 

Kuznetsov 

Rima 

Chelm 

NIS+ commands use the values in the searchable columns to identify specific table rows.

nistbladm and Indexed Names

In the context of table administration, an NIS+ indexed name is a name that combines a table name with column value search criteria to identify and select particular entries in a table. Indexed names use the format:


[search_criteria],tablename.directory

Note that search_criteria must be enclosed in square brackets [ ]. The search_criteria use the format:


columname=value, \
 columname=value,...

Where columname=value pairs are column values from the table's searchable columns as described in nistbladm and Column Values.

For example, to identify the altair entry in Table 19–2 you could use the indexed name:


[addr=129.146.168.4,cname=altair],hosts.org_dir.doc.com.

The nistbladm -R command allows you to remove all the entries in a table by using the two square brackets with nothing between them [ ] as a wildcard specifying all table rows.

nistbladm and Groups

In a Solaris-NIS+ environment, there are three types of groups:


Note –

Do not use nistbladm to administer NIS+ groups.


(See Solaris Groups for more information on the different types of groups and how to work with them.)

Creating a New Table

An NIS+ table must have at least one column and at least one of its columns must be searchable. To create an NIS+ table, use the nistbladm command with the -c option:


nistbladm -c tabletype columnspec \
 ... tablename

Where:


 nistbladm -c tabletype columnspec columnspec \
 columnspec tablename

Columnspec formats are described in Specifying Table Columns, below.

Specifying Table Columns

Each columnspec entry has two to four components in the format:


name=type,rights:
Table 19–3 Table Column Components

Component 

Description 

name

Name of the column 

=

An equal sign which is required. 

type

[Optional] The type of column specified by the letters S, I or C (see Table 19–4). This component is optional. If no type is specified, the column becomes the default type.

rights

[Optional] Access rights. These access rights are over and above those granted to the table as a whole or to specific entries. If no access is specified, the column's access rights are those granted to the table as a whole, or to the entry. The syntax for access rights is described in Specifying Access Rights in Commands.

A column can be one of the following types:

Table 19–4 Table Column Types

Type 

Description 

 

No column type specified after the = sign. The column is neither searchable nor encrypted.

S

Searchable. 

I

Searchable, but case-insensitive. When NIS+ commands search through the column, they will ignore case. 

C

Encrypted. 

NIS+ commands search through the column and identify individual table rows based on the contents of the searchable columns. Searchable columns are designated with either the S or the I option. In database terminology, a searchable column is a key. The first column in each table must be searchable. The remaining columns do not have to be searchable. Because the table is keyed on the searchable columns, if you have more than one searchable column, they must be the first and subsequent columns and not skip any columns. For example, if only one column in a table is searchable, it has to be the first column. If two columns are searchable, they must be the first two columns. (See nistbladm, Searchable Columns, Keys, and Column Values for more information on searchable columns.)

If you specify only access rights, you don't need to use a comma. If you include one or more of the -S, -I, or -C flags, add a comma before the access rights.

In the example below, a table is created with the addition of column-specific access rights applied to the first two columns:


master% nistbladm -c depts Name=I,w+m Site=w+m Name=C \
 divs.mydir.doc.com.

For more information about specifying column access rights when creating a table, see Setting Column Rights When Creating a Table.


Note –

NIS+ assumes that all column entries are null terminated. Applications and routines that write information to NIS+ tables must be configured to null terminate each column entry.


Creating Additional Automount Table

If you are creating an automount table, the table can have only two columns. The first column must be named key and the second column must be named value. For example, to create an automount table named auto1, you would enter:


master% nistbladm -c key-value key=S value= auto1.org_dir.doc.com.

Deleting a Table

To delete a table, use the -d option and enter the table name:


nistbladm -d tablename

The table must be empty before you can delete it (see Removing Table Entries). This example deletes the divs table from the doc.com. directory:


rootmaster% nistbladm -d divs.doc.com.

Adding Entries to a Table

To add new entries (rows) to a table, use nistbladm with either the -a or -A options followed by either one or more column=value pairs and the table name or an indexed name as described in nistbladm and Indexed Names.


nistbladm [-a | -A] indexedname
nistbladm [-a | -A] column="value" \
column="value" \
... tablename

When adding new entry rows to a table with either -a or -A:


Note –

NIS+ is a naming service and its tables are designed to store references to objects, not the objects themselves. NIS+ is optimized to support 10,000 objects with a combined total size of all tables not more than 10M bytes. NIS+ does not support individual tables where the sum of field sizes in a single column are greater than approximately 7k. If a table is too large, rpc.nisd may fail.


Adding a Table Entry With the -a Option

The -a option adds an entry to a table unless the entry already exists, in which case it returns an error. An entry is defined as existing if its values in the searchable columns exactly match the values in the new entry's searchable columns. (The values in non-searchable columns are not taken into account.)

To use the -a option, you must specify a value for every column in the table:


nistbladm -a column="value" \
 column="value" \
 ... tablename
nistbladm -a indexedname

(To list the names and characteristics of table columns, use the niscat -o tablename command.)

For example, to add a new row to a table named depts using column=value pairs, you would enter:


rootmaster% nistbladm -a Name='R&D' Site='SanFran' \
 Name='vattel' depts.doc.com.

To add the same entry using an indexed name, you would enter:


rootmaster% nistbladm -a [Name='R&D',Site='SanFran',\
 Name='vattel'],depts.doc.com.

Both examples would produce a table row that looked like this:

Dept 

Site 

Name 

R&D 

SanFran 

vattel 

C-shell users should also use quotes to set off expressions using square brackets.

You can only add one entry with each instance of the nistbladm command. You must run nistbladm once for each entry row you want to add.

If a table row already exists with values in each column that are identical to the entry you are trying to create, nistbladm -a will return an error. You cannot have two identical entry rows in a table. In this context, rows are considered identical if the values in the searchable columns are identical, the values in none search able columns are not considered.

For example, if the Dept and Site columns are searchable, and the Name column is not searchable, nistbladm considers the following two rows to be identical:

Dept (searchable) 

Site (searchable) 

Name (not searchable) 

Sales 

Vancouver 

Hosteen 

Sales 

Vancouver 

Lincoln 

In this example, nistbladm -a would not allow you to create the Sales Vancouver Lincoln row.

However if just some of the searchable columns have values identical to the entry you are trying to create, nistbladm -a will create a new entry as specified. For example, you could run the following commands to create two similar, but not identical, rows in a depts table:


rootmaster% nistbladm -a Dept='Sales' \
   Site='Vancouver' Name='hosteen' staff.doc.com.
rootmaster% nistbladm -a Dept='Sales' \
   Site='SanFran' Name='lincoln' staff.doc.com.

Which would produce rows that had some, but not all identical values in the searchable columns:

Dept 

Site 

Name 

Sales 

Vancouver 

hosteen 

Sales 

SanFran 

lincoln 

Adding a Table Entry With the -A Option

The -A option is designed for applications where you need to force nistbladm to overwrite an existing entry. Like the -a option, -A adds a new entry to a table. However, if the entry already exists, instead of exiting with an error, it overwrites the existing entry row.

When using the -A option, you must specify all columns in the entry.

For example, suppose the following table exists and the Dept and Site columns are searchable:

Dept (searchable) 

Site (searchable) 

Name 

Sales 

SanFran 

Lincoln 

Now you run the following command:


rootmaster% nistbladm -A Name=Sales Site=SanFran \
 Name=Tsosulu depts.doc.com.

The -a option would have returned an error, since the entry specified by Name=Sales Site=SanFran already exists. But the -A option allows you to overwrite the existing row.

Dept 

Site 

Name 

Sales 

SanFran

Tsosulu

Modifying Table Entries

Existing table entries are edited (modified) using either the -e or -E options. The Solaris operating environment release also supports use of the -m option for backwards compatibility with earlier releases. (All new applications and command line operations should use either the -e or -E options.)

To edit an existing entry (row) in a table, use nistbladm with either the -e or -E options followed by one or more column=value pairs that specify the new values and ending with an indexed name that identifies a particular row in a table as described in nistbladm and Indexed Names.


nistbladm [-e | -E] column="value" \
 column="value" \
 ... indexedname

When adding new entry rows to a table with either -e or -E:

Editing a Table Entry With the -e Option

The -e option edits an entry in a table unless doing so would result in changing values in searchable columns in more than one entry row, in which case it returns an error. (The values in non-searchable columns are not taken into account.)


nistbladm column="value" \
 column="value" \
 ... indexedname

To use the -e option, you only need to specify the column values you are changing.

For example, suppose you had the table:

Dept 

Site 

Name 

Sales 

SanFran 

Tsosulu 

To change the value of the Name column to Chandar, you would enter:


master% nistbladm -e Name="Chandar" [Dept='Sales',Site='SanFran'],\
 depts.doc.com.

Now the table looks like this:

Dept 

Site 

Name 

Sales 

SanFran 

Chandar 

(Note that in the example above, the indexed name did not need to include the Name column because in these examples that column is not searchable.)

C-shell users should also use quotes to set off expressions using square brackets.

You can use the -e option to edit the values in searchable columns so long as the new values you specify affect only the single row identified by the indexed name. For example, to change the department to Manf, you would enter:


master% nistbladm -e Dept="Manf" [Dept='Sales',Site='SanFran'],\
 depts.doc.com.

Dept (searchable) 

Site (searchable) 

Name 

Manf 

SanFran 

Chandar 

However, if an entry row already existed with Manf and SanFran in the searchable columns, the -e option would return an error.

You can specify changes to multiple columns so long as they all apply to a single entry row. For example, to change both the Dept and Name values, you would enter:


master% nistbladm -e Dept="Manf" Name=”Thi” \
 [Dept='Sales',Site='SanFran'],depts.doc.com.

Dept (searchable) 

Site (searchable) 

Name 

Manf 

SanFran 

Thi 

Editing a Table Entry With the -E Option

The -E option is designed for applications where you need to force nistbladm to overwrite an existing entry even if doing so will affect more than one entry.

For example, suppose your table had the following rows:

Dept (searchable) 

Site (searchable) 

Name 

Sales 

SanFran 

Chandar 

Sales 

Alameda 

Achmed 

Now you run the following command:


master% nistbladm -E Site="Alameda” Mgr="Chu" \
[Div='Sales',Site='SanFran'],depts.doc.com.

Which would change the Sales SanFran Chandar row to Sales Alameda Chu. But Sales Alameda are the key values identifying the Sales Alameda Achmed row, so that row would also be changed. The result would be a single row where once there had been two rows:

Dept (searchable) 

Site (searchable) 

Name 

Sales 

Alameda 

Chu 

The -e option would have returned an error, since the edit would affect more than one row. But the -E option allows you to affect more than one entry row.

Removing Table Entries

Removing Single Table Entries

To remove a single entry from a table, use the -r option:


nistbladm -r indexed-name

This example removes the Manf-1 entry from the depts table:


rootmaster% nistbladm -r [Dept=Manf-1,Site=Emeryville,Name=hosteen],\
depts.doc.com.

You can specify as few column values as you wish. If NIS+ finds duplicates, it does not remove any entry and returns an error message instead. Thus, you could have removed the Manf-1 by specifying only the Site column value, as in this example:


rootmaster% nistbladm -r [Site=Emeryville],depts.doc.com.

However, you could not have removed the Sales entry by specifying only the Site column value (SanFran), because two entries have that same value (R&D and Sales):

Dept 

Site 

Name 

R&D

SanFran

kuznetsov

Sales 

SanFran

jhill

Manf-1 

Emeryville

hosteen

Manf-2 

Sausalito

lincoln

Removing Multiple Entries From a Table

To remove multiple entries from a table, use the -R option:


nistbladm -R indexedname

As with the -r option, you can specify as few column values as you wish. Unlike the -r option, however, if NIS+ finds duplicates, it removes all of them. You can find the name of a table's column by using the niscat -o command. This example removes all entries in which the Site is SanFran:


rootmaster% nistbladm -R [Site=SanFran],depts.doc.com.

Dept 

Site 

Name 

Manf-1 

Emeryville

hosteen

Manf-2 

Sausalito

lincoln

You can use the -R option to remove all the entries from a table. Simply do not specify any column values between the square brackets, as in this example:


rootmaster% nistbladm -R [],depts.doc.com.

When used with the nistbladm -R command, an empty set of square brackets is interpreted as a wildcard specifying all table rows.

The niscat Command

The niscat command displays the contents of an NIS+ table. However, you can also use it to display the object properties of the table. You must have read rights to the table, entries, or columns that you wish to display.

Syntax

To display the contents of a table, use:


niscat [-hM] tablename

To display the object properties of a table, use:


niscat -o tablename
niscat -o entry
Table 19–5 niscat Options

Option 

Description 

-h

Header. Displays a header line above the table entries, listing the name of each column. 

-M

Master. Displays only the entries of the table stored on the Master server. This ensures you get the most up-to-date information and should be used only for debugging. 

-o

Object. Displays object information about the table, such as column names, properties, and servers. 

Displaying the Contents of a Table

To display the contents of a table, use niscat with a table name:


niscat tablename

This example displays the contents of the table named depts.


rootmaster% niscat -h depts.doc.com.
#Name:Site:Name
R&D:SanFran:kuznetsov
Sales:SanFran:jhill
Manf-1:Emeryville:hosteen
Manf-2:Sausalito:lincoln

Note –

The symbol *NP* indicates that you do not have permission to view that entry. Permissions are granted on a table, column, or entry (row) basis. For more on access permissions, see Chapter 15, Administering NIS+ Access Rights.


Displaying the Object Properties of a Table or Entry

To list the object properties of a table, use niscat -o and the table's name:


niscat -o tablename.org_dir

To display the object properties of a table entry, use niscat -o and specify the entry with an indexed name:


entry ::=column=value \
 ... tablename | \
 [column=value,...],\
 tablename

Here are two examples, one for a table and one for a table entry:

Table


rootmaster# niscat -o hosts.org_dir.doc.com.
Object Name : hosts
Owner : rootmaster.doc.com.
Group : admin.doc.com.
Domain : org_dir.doc.com.
Access Rights : ----rmcdr---r---
Time to Live : 12:0:0
Object Type : TABLE
Table Type : hosts_tbl
Number of Columns : 4
Character Separator :
Search Path :
Columns :
 [0] Name : cname
 Attributes : (SEARCHABLE, TEXTUAL DATA, CASE INS
 Access Rights: ----------------
 [1] Name : name
 Attributes : (SEARCHABLE, TEXTUAL DATA, CASE INS
 Access Rights: ----------------
 [2] Name : addr
 Attributes : (SEARCHABLE, TEXTUAL DATA, CASE INS
 Access Rights: ----------------
 [3] Name : comment
 Attributes : (TEXTUAL DATA)
 Access Rights: ----------------

Table entry


rootmaster# niscat -o [name=rootmaster],hosts.org_dir.doc.com.
Object Name : hosts
Owner : rootmaster.doc.com.
Group : admin.doc.com.
Domain : org_dir.doc.com.
Access Rights : ----rmcdr---r---
Time to Live : 12:0:0
Object Type : ENTRY
 Entry data of type hosts_tbl
 Entry has 4 columns.
 .
#

The nismatch and nisgrep Commands

The nismatch and nisgrep commands search through NIS+ tables for entries that match a particular string or regular expression, respectively. They display either the entries themselves or a count of how many entries matched. The differences between the nismatch and nisgrep commands are highlighted in Table 19–6 below.

Table 19–6 Characteristics of nismatch and nisgrep

Characteristics 

nismatch 

nisgrep 

Search criteria 

Accepts text only 

Accepts regular expressions 

Speed 

Faster 

Slower 

Searches through 

Searchable columns only 

All columns, whether searchable or not 

Syntax of search criteria 

column=string ... tablename[ column= string,...], tablename

column=exp ... tablename

The tasks and examples in this section describe the syntax for both commands.

To use either command, you must have read access to the table you are searching through.

The examples in this section are based on the values in the following table, named depts.doc.com. Only the first two columns are searchable.

Name (S) 

Site (S) 

Name 

R&D 

SanFran 

kuznetsov 

Sales 

SanFran 

jhill 

Manf-1 

Emeryville 

hosteen 

Manf-2 

Sausalito 

lincoln 

Shipping-1 

Emeryville 

tsosulu 

Shipping-2 

Sausalito 

katabami 

Service 

Sparks 

franklin 

About Regular Expressions

Regular expressions are combinations of text and symbols that you can use to search for special configurations of column values. For example, the regular expression `Hello' searches for a value that begins with Hello. When using a regular expression in the command line, be sure to enclose it in quotes, since many of the regular expression symbols have special meaning to the Bourne and C shells. For example:


rootmaster% nisgrep -h greeting='Hello' phrases.doc.com.

The regular expression symbols are summarized in Table 19–7, below.

Table 19–7 Regular Expression Symbols

Symbol 

Description 

^string

Find a value that begins with string.

string $

Find a value that ends with string.

Find a value that has a number characters equal to the number of periods. 

[chars]

Find a value that contains any of the characters in the brackets. 

*expr

Find a value that has zero or more matches of the expr.

+

Find something that appears one or more times. 

?

Find any value. 

\'s-char'

Find a special character, such as ? or $. 

x | y

Find a character that is either x or y.

Syntax

To search through the first column, use:


nismatch string tablename  
nisgrep reg-exp tablename

To search through a particular column, use:


nismatch column=string tablename
nisgrep column=reg-exp tablename 

To search through multiple columns, use:


nismatch column=string tablename ...\
nismatch [column=string,...],tablename
nisgrep column=reg-exp ... \
   tablename
Table 19–8 nismatch and nisgrep Options

Option 

Description 

-c

Count. Instead of the entries themselves, displays a count of the entries that matched the search criteria. 

-h

Header. Displays a header line above the entries, listing the name of each column. 

-M

Master. Displays only the entries of the table stored on the master server. This ensures you get the most up-to-date information and should be used only for debugging. 

Searching the First Column

To search for a particular value in the first column of a table, simply enter the first column value and a tablename. In nismatch, the value must be a string. In nisgrep, the value must be a regular expression.


nismatch [-h] string tablename
nisgrep [-h] reg-expression tablename

This example searches through the depts table for all the entries whose first column has a value of R&D:


rootmaster% nismatch -h `R&D' depts.doc.com.
rootmaster% nisgrep -h `R&D' depts.doc.com.

Note –

Quotes are used in the 'R&D' expression above to prevent the shell from interpreting the ampersand (&) as a metacharacter.


Searching a Particular Column

To search through a particular column other than the first, use the following syntax:


nismatch column=string tablename
nisgrep column=reg-expression tablename

This example searches through the depts table for all the entries whose second column has a value of SanFran:


rootmaster% nismatch -h Site=SanFran depts.doc.com.
rootmaster% nisgrep -h Site=SanFran depts.doc.com.

Searching Multiple Columns

To search for entries with matches in two or more columns, use the following syntax:


nismatch [-h] [column=string, ... \
 column=string,...],tablename
nisgrep [-h] column=reg-exp ... \
 tablename

This example searches for entries whose second column has a value of SanFran and whose third column has a value of jhill:


rootmaster% nismatch -h [Site=SanFran,Name=jhill], depts.doc.com.
rootmaster% nisgrep -h Site=SanFran Name=jhill depts.doc.com.

The nisln Command

The nisln command creates symbolic links between NIS+ objects such as tables and directories. All NIS+ administration commands accept the -L flag, which directs them to follow links between NIS+ objects.


Note –

Do not link table entries. Tables may be linked to other tables, but do not link an entry in one table to an entry in another table.


To create a link to another object (table or directory), you must have modify rights to the source object; that is, the one that will point to the other object or entry.


Caution – Caution –

Never link a cred table. Each org_dir directory should have its own cred table. Do not use a link to some other org_dir cred table.


Syntax

To create a link, use:


nisln source target
Table 19–9 nisln Options

Option 

Description 

-L

Follow links. If the source is itself a link, the new link will not be linked to it, but to that link's original source.

-D

Defaults. Specify a different set of defaults for the linked object. Defaults are described in Specifying Nondefault Security Values at Creation Time.

Creating a Link

To create a link between objects such as tables and directories, specify both object names: first the source, and then the target. Do not link table entries.


nisln source-object target-object

The nissetup Command

The nissetup command expands an existing NIS+ directory object into a domain by creating the org_dir and groups_dir directories, and a full set of NIS+ tables. It does not, however, populate the tables with data. For that, you will need the nisaddent command, described in The nisaddent Command. Expanding a directory into a domain is part of the process of setting up a domain.


Note –

When setting up a new NIS+ domain, the nisserverscript is easier to use than the nissetup command. SeeSetting Up NIS+ Root Servers for a full description of using nisserver.


The nissetup command can expand a directory into a domain that supports NIS clients as well.

To use nissetup, you must have modify rights to the directory under which you'll store the tables.

Expanding a Directory Into an NIS+ Domain

You can use the nissetup command with or without a directory name. If you don't supply the directory name, it uses the default directory. Each object that is added is listed in the output.


rootmaster# /usr/lib/nis/nissetup doc.com.
org_dir.doc.com. created
groups_dir.doc.com. created
auto_master.org_dir.doc.com. created
auto_home.org_dir.doc.com. created
bootparams.org_dir.doc.com. created
cred.org_dir.doc.com. created
ethers.org_dir.doc.com. created
group.org_dir.doc.com. created
hosts.org_dir.doc.com. created
mail_aliases.org_dir.doc.com. created
sendmailvars.org_dir.doc.com. created
netmasks.org_dir.doc.com. created
netgroup.org_dir.doc.com. created
networks.org_dir.doc.com. created
passwd.org_dir.doc.com. created
protocols.org_dir.doc.com. created
rpc.org_dir.doc.com. created
services.org_dir.doc.com. created
timezone.org_dir.doc.com. created

Expanding a Directory Into an NIS-Compatible Domain

To expand a directory into a domain that supports NIS+ and NIS client requests, use the -Y flag. The tables are created with read rights for the nobody class so that NIS clients requests can access them.


rootmaster# /usr/lib/nis/nissetup -Y Test.doc.com.

The nisaddent Command

The nisaddent command loads information from text files or NIS maps into NIS+ tables. It can also dump the contents of NIS+ tables back into text files. If you are populating NIS+ tables for the first time, see the instructions inPopulating NIS+ Tables. It describes all the prerequisites and related tasks.

You can use nisaddent to transfer information from one NIS+ table to another (for example, to the same type of table in another domain), but not directly. First, you need to dump the contents of the table into a file, and then load the file into the other table. Be sure, though, that the information in the file is formatted properly. Chapter 10, NIS+ Tables and Informationdescribes the format required for each table.

When you load information into a table, you can use any of three options: replace, append, or merge. The append option simply adds the source entries to the NIS+ table. With the replace option, NIS+ first deletes all existing entries in the table and then adds the entries from the source. In a large table, this adds a large set of entries into the table's .log file (one set for removing the existing entries, another for adding the new ones), taking up space in /var/nis and making propagation to replicas time consuming.

The merge option produces the same result as the replace option but uses a different process, one that can greatly reduce the number of operations that must be sent to the replicas. With the merge option, NIS+ handles three types of entries differently:

When updating a large table with a file or map whose contents are not greatly different from those of the table, the merge option can spare the server a great many operations. Because the merge option deletes only the entries that are not duplicated in the source (the replace option deletes all entries, indiscriminately), it saves one delete and one add operation for every duplicate entry.

If you are loading information into the tables for the first time, you must have create rights to the table object. If you are overwriting information in the tables, you must have modify rights to the tables.

Syntax

To load information from text files, use:


/usr/lib/nis/nisaddent -f filename table-type\[domain]
/usr/lib/nis/nisaddent -f filename \
 -t tablename table-type [domain]

To load information from NIS maps, use:


/usr/lib/nis/nisaddent -y NISdomain table-type\
  [domain]
/usr/lib/nis/nisaddent -y NISdomain -t tablename table-type [domain]
/usr/lib/nis/nisaddent -Y map table-type [domain]
/usr/lib/nis/nisaddent -Y map -t tablename table-type [domain]

To dump information from an NIS+ table to a file, use:


/usr/lib/nis/nisaddent -d [-t tablename tabletype] \
 > filename

Loading Information From a File

You can transfer the contents of a file into an NIS+ table in several different ways:


nisaddent -f filename table-type

nisaddent -a -f filename table-type

nisaddent -m -f filename table-type

The following two examples load the contents of a text file named /etc/passwd.xfr into the NIS+ Passwd table. The first is into a table in the local domain, the second into a table in another domain:


rootmaster# /usr/lib/nis/nisaddent -f /etc/passwd.xfr passwd
rootmaster# /usr/lib/nis/nisaddent -f /etc/shadow.xfr shadow
rootmaster# /usr/lib/nis/nisaddent -f /etc/passwd.xfr passwd sales.doc.com.
rootmaster# /usr/lib/nis/nisaddent -f /etc/shadow.xfr shadow sales.doc.com.

Note –

When creating an NIS+ passwd table from /etc files, you must run nisaddent twice; once on the /etc/passwd file and once on the /etc/shadow file.


To merge entries from the /etc/inet/ipnodes file (IPv6 addresses) into the ipnodes.org_dir table, use the -v and -f options.


rootmaster# /usr/lib/nis/nisaddent -mv -f  /etc/inet/ipnodes ipnodes

Another way is to use stdin as the source. However, you cannot use the -m option with stdin. You can use redirect (->) or pipe (-|), but you cannot pipe into another domain.

Task 

Command 

Redirect 

cat filename > nisaddent table-type

Redirect with append option 

cat filename > nisaddent -a table-type

Redirect with append into another domain 

cat filename > nisaddent -a table-type NIS+ domain

Pipe 

cat filename | nisaddent table-type

Pipe with append option 

cat filename | nisaddent -a table-type

If the NIS+ table is an automounter table or a nonstandard table, add the -t option and the complete name of the NIS+ table.


master# nisaddent -f /etc/auto_home.xfr \
  -t auto_home.org_dir.doc.com.key-value
master# nisaddent -f /etc/auto_home.xfr \
  -t auto_home.org_dir.doc.com. key-value sales.doc.com.

Loading Data From an NIS Map

You can transfer information from an NIS map in two different ways; either by specifying the NIS domain or by specifying the actual NIS map. If you specify the domain, NIS+ will figure out which map file in /var/yp/nisdomain to use as the source, based on the table-type. Note that /var/yp/nisdomain must be local files.

NIS+ Table Type 

NIS Map Name 

Hosts

hosts.byaddr

Nodes

ipnodes.byaddr

Passwd

passwd.byname

Group

group.byaddr

Ethers

ethers.byname

Netmasks

netmasks.byaddr

Networks

networks.byname

Protocols 

protocols.byname

RPC

rpc.bynumber

Services

services.byname

To transfer by specifying the NIS domain, use the -y (lowercase) option and provide the NIS domain in addition to the NIS+ table type.

Table replacement


nisaddent -y nisdomain table-type

Table append


nisaddent -a -y nisdomain table-type

Table merge


nisaddent -m -y nisdomain table-type

By default, nisaddent replaces the contents of the NIS+ table with the contents of the NIS map. Use the -a and -m options to append or merge. Here is an example that loads the NIS+ passwd table from its corresponding NIS map (passwd.byname) in the old-doc domain:


rootmaster# /usr/lib/nis/nisaddent -y old-doc passwd

This example does the same thing, but for the sales.doc.com. domain instead of the local domain, doc.com.


rootmaster# /usr/lib/nis/nisaddent -y old-doc passwd sales.doc.com.

If the NIS+ table is an automounter table or a nonstandard table, add the -t option and the complete name of the NIS table, just as you would if the source were a file.


rootmaster# nisaddent -y old-doc \
  -t auto_home.org_dir.doc.com. key-value
rootmaster# nisaddent -y old-doc \
  -t auto_home.org_dir.doc.com. key-value sales.doc.com.

If instead of using the map files for a domain, you prefer to specify a particular NIS map, use the -Y (uppercase) option and specify the map name.


rootmaster# nisaddent -Y hosts.byname hosts
rootmaster# nisaddent -Y hosts.byname hosts sales.doc.com.

If the NIS map is an automounter map or a non standard map, combine the -Y option with the -t option:


rootmaster# nisaddent -Y auto_home 
 -t auto_home.org_dir.doc.com. key-value
rootmaster# nisaddent -Y auto_home 
 -t auto_home.org_dir.doc.com. key-value sales.doc.com.

Dumping the Contents of an NIS+ Table to a File

To dump the contents of an NIS+ table into a file, use the - d and -t options. The -d options tells the command to dump, and the -t option specifies the NIS+ table:


rootmaster# nisaddent -d auto_home 
 -t auto_home.org_dir.doc.com. key-value 
rootmaster# nisaddent -d auto_home 
 -t auto_home.org_dir.doc.com.  key-value sales.doc.com.