Configuring the NIS Service

From the Admin Console, you can configure the following parameters for your NIS service:

• The NIS domain name

• The distinguished name of the subtree that will hold NIS administrative entries. These entries are maintained automatically by the server.

• Whether or not you want to use standard NIS replication

• Whether or not you want to include all directory entries: this option enables you to regenerate NIS maps to include entries present in the directory before the NIS service was initialized for the first time. These entries are not included in the import operation which takes place when the NIS service is initialized. You also need to use this option to regenerate an NIS map in the directory when the mapping configuration defined in the nis.mapping file has been modified.

• Which maps are supported on the server

• Whether you want updated information to be pushed automatically to slave servers when changes are made to NIS entries on this server, and the delay. To use this option, you must enable standard NIS replication.

To configure these parameters, go to the NIS section of the Admin Console main window.

Updating NIS Tables

Once you have populated the directory in this way for the first time, you have two options for data maintenance:

• Make updates to the NIS files, and run make in the /var/yp directory

• Make updates to the entries in the directory, for example using the Deja tool

Making updates to the entries in the directory is the most efficient method of maintaining NIS information, however the directory content will no longer be synchronized with the contents of the NIS files. If you want to resynchronize, you can export the NIS entries held in the directory to the corresponding NIS files by using dsexport. For details, see the dsexport(1m) man page.

The NIS maps are regenerated periodically from the entries stored in the directory. However, you can rebuild a map at any time from the Admin Console using the Regenerate Map function. This function will only take into account the entries stored in the directory, not the NIS source files. To regenerate an NIS map from the directory entries:

1. In the NIS section of the Admin Console, highlight a map in the map list.

2. Optionally, set the Include All Directory Entries option to yes.

   This is useful if you want to regenerate a map immediately following the initialization of the NIS service, or if you have changed the mapping definition for that particular map in the nis.mapping file.

3. Click the Regenerate Map button.

   ---

   Note -

   When you include in the NIS maps maintained by the directory server the entries that were present before you initialized the NIS service, you must ensure that these entries do not create a security risk for your NIS service. For example, because users have write access to their own directory entry, it is possible for a user to change the uid attribute to become root user.

   ---

Propagating NIS Tables

There are two methods of propagating NIS tables between master servers and slave servers. Between two Sun Directory Services servers, choose LDAP replication. Between a Sun Directory Services server and a legacy NIS server, you must use standard NIS replication.

Do not use both LDAP replication and standard NIS replication on the same subtrees or individual entries. As a general rule, use only one replication method between two servers.

Standard NIS Replication

If you make updates to your NIS files rather than to NIS entries in the directory, when you run make to rebuild the NIS tables, the dsyppush command is automatically executed.

LDAP Replication

If you make updates to NIS entries in the directory, you can enable automatic pushes of all maps to take place using the Admin Console. Alternatively, you can use the Synchronize Replicas button at any time to push just the maps you select.

For information on configuring LDAP replication, see Chapter 9, Implementing Replication.