Solaris ISP ServerTM 2.0 core man pages.
NAME | DESCRIPTION | ATTRIBUTES | FILES | SEE ALSO | NOTES
The man pages offer detailed instruction and examples on the options and subcommands for each utility. The command-line utilities are available to start and run the host configuration tool that installs Solaris ISP Server components and configures the system; to register and unregister services on this host with the Sun Internet Administrator console; and to bulk load subscriber entries from an existing data source into the Solaris ISP Server directory service.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWispm |
Interface Stability | Evolving |
/opt/SUNWisp/sbin/hcjump
/opt/SUNWisp/lib/hclfmd
/opt/SUNWisp/sbin/hcstartup
/opt/SUNWisp/sbin/ispladp
/opt/SUNWisp/sbin/isprshp
/opt/SUNWisp/sbin/mchelp
/opt/SUNWisp/sbin/mcreg
/opt/SUNWisp/sbin/mcunreg
/opt/SUNWisp/ldap/sunds/sbin/sispload
/opt/SUNWisp/sbin/uninstall-sisp1.0
performs a non-interactive Solaris ISP Server software installation and configuration. hcjump is designed to be called from a JumpStart custom configuration finish script.
maintains log files written by syslogd and auditd, and periodically cycles and archives log files. hclfmd detects intrusion attempts and notifies.
starts the host configuration tool and Web-based user interface for installation and configuration of Solaris ISP Server software. hcstartup performs setup and initialization, and from a browser presents the host configuration user interface.
creates entries in configuration files, for access by the ISP IDIA library functions (which return information required for accessing directory services). Also creates required directory services entries.
sets the port on which the Solaris ISP Server remote command execution daemon listens.
displays the release version of SunTM Internet AdministratorTM installed on the system and lists all utilities associated with it.
registers a software component making it available for management through the Sun Internet Administrator console. Overwrites any previous registration of the same component.
unregisters a software component GUI, making it unavailable to the Sun Internet Administrator console.
converts a file of user entries into an ldif file for loading into the Solaris ISP Server directory service.
performs a non-interactive uninstall of SolarisTM for ISPsTM 1.0 components and saves the old data.
NAME | DESCRIPTION | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPERANDS | EXTENDED DESCRIPTION | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO | NOTES
Performs setup and initialization for installation and configuration. hcjump is designed to be called from a JumpStart custom configuration finish script. You must have root access to run hcjump. It can also be used to perform a replicated installation and upgrade.
hcjump does the following:
Copies the host configuration archive files into /tmp.
Copies information from the installation media into /var/opt/SUNWisp/hc/media.
Removes any existing configuration information in /var/opt/SUNWisp/hc/media to copy information from the installation media.
Copies files from the exported scenario directory into /var/opt/SUNWisp/hc/scenario.
Implements the scenario, installing and removing software and reconfiguring as specified.
Cleans up /tmp.
When you save an exported scenario from the host configuration GUI, a copy of hcjump is saved in its root directory. Invoke this version of hcjump from your finish script.
Both hcjump and hcstartup store configuration information in this directory. When hcjump is invoked, all data in the host configuration directory is removed and replaced with new data.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
When hcjump runs, it removes the information on the current state of the system in /var/opt/SUNWisp/hc saved by the host configuration software (hcstartup). For this reason, invoke hcjump before invoking hcstartup and not vice versa.
NAME | SYNOPSIS | DESCRIPTION | OPERANDS | EXTENDED DESCRIPTION | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO
The host configuration log file management daemon is a resident daemon that is started when the system boots. It perfoms three basic functions:
hclfmd maintains log files written by syslogd:
Deletes weekly archives older than one month.
Creates a weekly archive by compiling and compressing a week's worth of daily logs and deleting the daily logs. The weekly log is named: name.YYYYMMDDHHMM-YYYYMMDDHHMM.tar.z.
Cycles the daily logs by renaming the existing logs and sending a hangup (SIGHUP) signal.
hclfmd finds these files by reading /etc/syslog.conf.
hclfmd maintains log files written by auditd:
Deletes weekly archives older than one month.
Creates a weekly archive by compiling and compressing a week's worth of daily logs and deleting the daily logs. The weekly log is named: name.YYYYMMDDHHMM-YYYYMMDDHHMM.tar.z.
Cycles the daily logs by running audit -n.
hclfmd finds these files by reading /etc/security/audit_control.
By default, every minute, hclfmd examines its log files for intrusion attempts. The interval at which hclfmd examines its log files and the files checked for intrusion attempts are defined in hclfmd.conf. If hclfmd discovers any intrusion attempts, it runs the notification command listed in the configuration file.
When hclfmd finds an intrusion attempt in a log file, it reads this file to discover a notification mechanism.
hclfmd reads this file to discover audit logs to monitor.
hclfmd reads this file to discover syslog logs to monitor.
hclfmd removes the cron entry for /usr/lib/newsyslog because the log file management functionality is an effective replacement for it.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
ispIntro(1M)hcjump(1m), hcstartup(1m), hclmfd.conf(4), uninstall-sisp1.0(1m), syslogd(4), syslog.conf(4)
NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO
NAME | SYNOPSIS | DESCRIPTION | FILES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
Performs setup and initialization, and from a browser, accesses the host configuration user interface. You must have root access to run hcstartup.
There are Solaris for ISPs 1.0 components installed on this machine. Before installing Solaris ISP Server 2.0, this program will uninstall the old version. The configuration data for these components will be saved and they will be uninstalled (you may then select them for reinstallation and the saved data will be restored). Do you wish to proceed? (y/n) y
This message indicates that to proceed with the installation, Solaris for ISPs 1.0 components running on the machine will be uninstalled, data saved and used for upgrading to Solaris ISP Server 2.0.
Enter path to installation media(enter "none" if no media) current working directory
The current working directory is displayed and is the default value (if you press Return). If there is no distribution media available, only uninstall options may be performed.
Enter a port number for the temporary web server [8000]
Port 8000 is the default port for the temporary Web server. hcstartup checks to see if the port is available, and prompts for another if it is in use.
Please choose one of the following options:
The default selection is 1 which will start HotJava browser for host configuration (if you press Return). The second option allows you to open a browser of your choice for the host configuration process. You can also abort the installation by selecting the third option.
Behind the scenes, hcstartup does the following:
Executes uninstall-sisp1.0 script to:
Uninstall 1.0 components currently found installed on the machine.
Save the 1.0 configuration data for upgrading to 2.0.
Copies host configuration archive information into /tmp.
Starts a temporary web server for the graphical user interface.
Copies information from the distribution media to /var/opt/SUNWisp/hc/media.
Provides browser options to begin host configuration process for installation.
When the configuration process is complete, cleans up /tmp.
The presence of this file indicates that the utility is already running. hcstartup checks for this file when first invoked. If the file exists, another install and configuration process is already running, or one has exited improperly.
The presence of this file indicates that the batch install utility is running. hcstartup checks for this file when first invoked. If the file exists, another install and configuration process is already running, or one has exited improperly.
A number of temporary directories and files are created here. hcstartup removes them as a part of its cleanup.
Distributed media files are copied to this directory.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
If you run this command remotely, set the DISPLAY environment properly.
NAME | SYNOPSIS | DESCRIPTION | FILES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
Records access information about LDAP servers configured on the network, for use by the ISP Directory Information API. Creates the ou=componentID and ispVersion=versionNo entries in the directory for services that have recorded their need for them during service installation. Root access is required to run this command.
An application that requires access to the directory services should create an empty file in /etc/opt/SUNWisp/ldap/ispconf. The file must be named in the form componentID-version, where componentID is a string uniquely identifying the software and version is the software version number. After ispldap runs, the file contains the bind DN and password for that portion of the directory tree where application-specific entries have been made. Therefore, set permissions on the file to protect that information appropriately.
Specifies the distinguished name (DN) for binding to the directory as the directory administrator.
Prints usage message and exits.
Suppresses output messages and executes command in quiet mode.
Indicates the number of directory servers configured on the network. One server host name is required. Additional servers (as appropriate) can be specified. In every case, the port number is optional. If no port number is specified, the default port (389) is assumed.
In Solaris ISP ServerTM 2.0, only a single, unreplicated directory server is supported.
Specifies the DN of the top Solaris ISP Server domain entry in the ISO tree.
Indicates the password for binding to the directory as the administrator.
If you enter the password option on the command line, it is visible to anyone who can see your screen and to anyone issuing a ps command while ispldap is running. You can omit the -w option on the command line, avoiding these risks. The command then prompts you for the password, and your entry is not echoed on the screen.
The following shows a standard use of ispldap to record information about an LDAP server on the host "Groucho" running on the default LDAP port (389).
# /opt/SUNWisp/bin/ispldap -d ou=admin,o=sun,c=us -s "Groucho" -t o=sun,c=us # Password:
The following use of ispldap stores the bind information about an LDAP server on the host "Chico" running on port 2000:
# /opt/SUNWisp/bin/ispldap -d ou=admin,o=sun,c=us -s "Chico:2000" \ -t o=sun,c=us # Password:Also in this example,
The bind DN is "ou=admin,o=sun,c=us."
The bind password is omitted from the command line arguments. The utility prompts for a password and does not echo it on the command line, keeping the password secure.
The DN for the top level domain entry for the product in this example is "o=sun,c=us."
The following use of ispldap stores the bind information about an LDAP server at IP address 129.146.115.159 running on the default LDAP port (389).
# /opt/SUNWisp/bin/ispldap -d "ou=admin,o=sun,c=us" -s "129.146.115.159" # Password:
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWixamr |
Interface Stability | Evolving |
If you modify the service entries in the directory services, particularly the distinguished name or the password, you must run this command again on the service host.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
Use isprshp to change the port on which the remote command execution daemon listens. Run this command once on each host managed by SunTM Internet AdministratorTM and set Sun Internet Administrator to the same port (using its graphical user interface).
Enter a valid, available port number. If this option is omitted, the remote execution daemon is set to listen on its default port (50097).
# /opt/SUNWisp/bin/isprshp -p 60320
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWixamr |
Interface Stability | Evolving |
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO
Lists all command-line utilities associated with the installed version of Sun Internet Administrator. Displays the release version of the product. Run mchelp on the machine where Sun Internet Administrator is installed.
/opt/SUNWisp/sbin/mchelp
The following output is displayed at your terminal:
Sun Internet Administrator release 1.1 commands:
mcadd | Adds a service to be managed |
mcaddadm | Creates an administrator account |
mcadmpwd | Sets an administrator password |
mchelp | Lists all command-line utilities |
mchostls | Lists all available services on a host |
mcreg | Records information about a manageable user interface |
mcrm | Removes a managed service from Sun Internet Administrator |
mcrmadm | Deletes an administrator account |
mcunreg | Deletes information about a manageable user interface |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
mcadd(1m), mcaddadm(1m), mcadmpwd(1m), mcdsinit(1m), mcdsclean(1m), mchostls(1m), mcreg(1m), mcrm(1m), mcrmadm(1m), mcunreg(1m).
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXTENDED DESCRIPTION | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
Records user interface information for Sun Internet Administrator. Use the different forms of mcreg for the various supported user interface types. See the EXTENDED DESCRIPTION for a discussion of each form.
Indicates that the specified component is the graphical user interface of a three-tier, web-based service.
Specifies the unique component identifier for the service being registered. The package name is recommended because it is guaranteed to be unique.
Specifies the path to all GUI files with the exception of CGI scripts. Specify the CGI location with the -s option.
Specifies the full path to an optional GIF format file to be used as an icon in the Sun Internet Administrator GUI.
Specifies a Java classpath for any servlets being used. Required if servlets are used. A classpath is one or more colon-separated paths to class or jar files. Enter the full path for each.
Indicates that Sun Internet Administrator should pass the locale to the component through the URL.
Specifies a simple name, such as "FTP," for use in the Sun Internet Administrator GUI.
Specifies command-line program information. Enclose the entire entry in quotes. It takes:
The full path to the command-line executable. If standard parameters are required, enter them here. For example: -p "/usr/bin/ps -ef".
-a Enter this option if parameters are accepted from the user at runtime.
-d help_file Enter this option, and the complete path to supporting documentation for the command-line utility.
-g group_name Enter the name of the UNIX user group under which the command or X-program should run.
-u user_name Enter the UNIX user name under which the command or X-program should be run.
Specifies information required for each servlet used by the GUI being registered. For each servlet, the following information is required:
The path to the servlet, relative to the document root of the administration Web server.
The fully-qualified Java class name of the servlet.
Any required servlet arguments, listed by name and value.
Specify one -r option for each servlet used by the GUI.
Specifies the path to CGI used by the GUI, if any.
Specifies the release version of the component being registered. This is required.
Specifies the path to the main (or opening) page of a Web-based GUI. This is the page that Sun Internet Administrator displays to the administrator when it receives a legitimate request to manage the service. For a three-tier application, enter a relative path. For a two-tier application, enter the full path to the page.
Specifies the full path to an X-based administration program. It takes:
-g group_name Enter the name of the UNIX user group under which the command or X-program should run.
-u user_name Enter the UNIX user name under which the command or X-program should be run.
Specifies the product version that is displayed in the Sun Internet Administrator GUI. This is required.
A three-tier Web-based GUI has one software component (ASCA) located on the same machine with Sun Internet Administrator and another (ASRA) located on the machine where the service resides. You must register both pieces.
To register the ASCA information, run mcreg on the Sun Internet Administrator host with -A, -c, -v, and -y options (see the first command synopsis).
To register the ASRA, run mcreg on the service host with the -c, -v, and -y options only (the second command synopsis).
To register a legacy GUI, which has only a software component on the service host, run mcreg on the service host using the third form of the command.
To register the X-based administration program of a service, run mcreg on the service host using the fourth form of the command (including the -x option).
For each command-line utility supported by a service, run mcreg on the service host, using the fifth form of the command (including the -p option).
The following illustrates use of mcreg for registering SunTM Internet FTP ServerTM, which uses servlets for its three-tier graphical user interface. Run this form of the command on the machine where Sun Internet Administrator is installed.
# /opt/SUNWisp/sbin/mcreg -A -c SUNWftpa -d /opt/SUNWftpa/1.1/doc -i /opt/SUNWftpa/images/ftp.gif -j classes:/opt/fre/lib/classes:/opt/joe/lib/classes.jar -l -n ftp -r "main FTPAdmin.MainServlet" -r "start FTPAdmin.StartServlet name=foo,owner=bar" -s /opt/SUNWftpa/1.1/cgi-bin -v 1.1 -y 1.1 -w cgi-bin/ftpadmin.cgiThe registration of Sun Internet FTP Server shows the use of all mcreg options that are valid for this form of the command.
Indicates that the software component being registered is a Web-base GUI component.
SUNWftpa is the package name for the user interface, and thus is a unique identifier for it.
Documentation for Sun Internet FTP Server resides at /opt/SUNWftpa/1.1/doc.
The icon to display for Sun Internet FTP Server is at /opt/SUNWftpa/images/ftp.gif.
The Java classpath for administration servlets being used includes:
classes
/opt/fre/lib/classes
/opt/joe/lib/classes.jar
Indicates that the locale should be passed to the component through the URL.
The user-friendly name to be displayed in Sun Internet Administrator is "ftp."
The first servlet being used by the service is MainServlet in the Java package FTPAdmin. It takes no arguments on startup.
The second servlet being used by the service is StartServlet in the Java package FTPAdmin. It takes two arguments on startup: name and owner.
The CGI scripts used by the service reside in /opt/SUNWftpa/1.1/cgi-bin.
The release version is 1.1.
The first page to be served up to an administrator accessing this service is at cgi-bin/ftpadmin.cgi. Because Sun Internet FTP Server is a three-tier Web-based service, this path is relative to the document root of Sun Internet Administrator's Web server.
The product version is 1.1.
The following illustrates use of mcreg for registering SunTM Internet FTP ServerTM. Run this form of the command on the machine where Sun Internet FTP Server is installed.
# /opt/SUNWisp/sbin/mcreg -c SUNWftp -v 1.1 -y 1.1 -n ftpThe registration of Sun Internet FTP Servershows the use of all mcreg options that are valid for this form of the command.
SUNWftpa is the package name for the user interface, and thus is a unique identifier for it.
The release version is 1.1.
The product version is 1.1.
The user-friendly name to be displayed in Sun Internet Administrator is "ftp."
The following illustrates the use of mcreg for registering SunTM WebServerTM. Run this form of the command on the machine where the Sun WebServer service is installed.
# /opt/SUNWisp/sbin/mcreg -c SUNWhttp -i /opt/SUNWhttp/images/http.gif -n Sun WebServer -v 2.1 -y 2.1 -w http://httphost:9001/admin/main.html
# /opt/SUNWisp/sbin/mcreg -c SUNWhttp -i /opt/SUNWhttp/images/http.gif -n Sun WebServer -v 2.1 -y 2.1 -w http://httphost:9001/admin/main.html -lIn the foregoing examples, the options have the following meaning:
SUNWhttp is the package name for the user interface, and thus is a unique identifier for it.
The icon to display for Sun WebServer is at /opt/SUNWhttp/images/http.gif.
Indicates that Sun Internet Administrator should pass the locale to the component through the URL. In this example, the first page to be served up to an administrator accesssing this service from Sun Internet Administrator administration console will be: http://httphost:9001/admin/main.html?locale=en_US where en_US refers to US English.
The user-friendly name to be displayed in Sun Internet Administrator is "Sun WebServer".
The release version is 2.1.
The first page to be served up to an administrator accesssing this service is at http://httphost/9001/admin/main.html. Because Sun WebServer is a two-tier Web-based service, this is a complete URL to the administration server.
The product version is 2.1.
The following illustrates use of mcreg for registering an X-based product. Run this form of the command on the machine where the service is installed.
# /opt/SUNWisp/sbin/mcreg -c SUNWxtpa -n XTP -v 3.2 -y 3.1 -x /usr/Openwin/bin/xtpadmin -u root -g sysIn this example, the options have the following meaning:
SUNWxtpa is the package name for the user interface, and thus is a unique identifier for it.
The user-friendly name to be displayed in Sun Internet Administrator is "XTP."
The release version is 3.2.
The executable for the administration interface is at /opt/SUNWxtpa/bin/xtpadmin. It takes:
-g group_name This option indicates that the UNIX user group name under which the administration interface of the X-program should run is sys
-u user_name This option indicates that the UNIX user name under which the administration interface of the X-program should run is root.
The product version is 3.1.
The following illustrates use of mcreg for registering a command-line utility. Run this form of the command on the machine where the service is installed.
# /opt/SUNWisp/sbin/mcreg -c SUNWcli -n SampleCLI -p /usr/bin/ps -p "/usr/bin/date" -a -d /usr/bin/datehelp.html -u root -g sys -v 1.1 -y 1.1In this example, the options have the following meaning:
SUNWcli is the package name for the user interface, and thus is a unique identifier for it.
The user-friendly name to be displayed in Sun Internet Administrator is "SampleCLI".
Two command-line utilities are registered in this example.
In the first, ps is located at /usr/bin/ps. It takes no parameters and has no help file associated with it.
In the second, date is located at /usr/bin/date. Note that the complex argument of this option is enclosed in quotation marks. It takes:
-a This option indicates that it accepts parameters from the user at runtime.
-d This option indicates that its help file is located at /usr/bin/datehelp.html.
-g group_name The option indicates that the UNIX user group name under which the X-program should run is sys
-u user_name This option indicates that the UNIX user name under which the X-program should run is root.
The release version is 1.1.
The product version is 1.1.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
mcIntro(1m)mcadd(1m), mcaddadm(1m), mcadmpwd(1m), mcdsinit(1m), mchelp(1m), mchostls(1m), mcdsclean(1m), mcrm(1m), mcrmadm(1m), mcunreg(1m)
Use the option -l only if the component supports receiving locale information through the URL. We recommend using the browser to set your language preferences. This option is intended for browsers that do not support HTTP1.1 content negotiation.
All Solaris ISP Server components have the same component and product version except SunTM Directory Services whose component version is 3.2 (for -v) and product version is 3.1 (for -y).
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXTENDED DESCRIPTION | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
Removes information about a service's user interface, so that the service cannot be managed by Sun Internet Administrator (for example, on deinstallation). For all supported user interface types, run the first version of the command, with -c and -v options, on the machine where the service is installed. For three-tier Web-based user interfaces, run the second version of the command as well, specifying -A, -c, -v options, on the machine where Sun Internet Administrator is installed. Root access is required to run this command.
Specifies an administrative Web interface is being unregistered. Required in that case.
Specifies the software component being unregistered, by unique component identifier (package name). This option is required, and must match the componentID specified when mcreg was called to register the component.
Specifies the release version of the software component being unregistered This option is required, and must match the componentVersion specified when mcreg was called to register the component.
To unregister all supported types of user interfaces, run this form of mcunreg on the host where the service is installed.
# /opt/SUNWisp/sbin/mcunreg -c SUNWftpa -v 1.1When running mcunreg, the -c and -v options must exactly match those used to register the software (mcreg).
To unregister a three-tier Web-based user interface, run this form of mcunreg on the Sun Internet Administrator host in addition to running the other form on the service host.
# /opt/SUNWisp/sbin/mcunreg -A -c SUNWftpa -v 1.1When running mcunreg, the -c and -v options must exactly match those used to register the software (mcreg). On the Sun Internet Administrator host, use the -A option to indicate that this is the ASCA software component for the service.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWisp |
Interface Stability | Evolving |
mcIntro(1m)mcadd(1m), mcaddadm(1m), mcadmpwd(1m), mcdsinit(1m), mchelp(1m), mchostls(1m), mcdsclean(1m), mcreg(1m), mcrm(1m), mcrmadm(1m).
Running this command completely disables the service for administration from Sun Internet Administrator.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXTENDED DESCRIPTION | EXIT STATUS | ATTRIBUTES | SEE ALSO
This utility takes a data file with subscriber entries in the format described in sispload.mapping(4) and creates an ldif file that can be used to create the subscribers in a Sun Directory Services data store.
The mapping file defines how sispload will interpret each field in the input file and how those fields will be translated into entries in the directory service.
The output file can be used with ldapmodify(1M) to create the directory entries.
Specifies a base distinguished name (DN) to use as the root of all entries. The default is specified in the BASE_DN entry in the sispload.mapping(4) file, which is set to the base DN named when Solaris ISP Server was installed. Use this option to override the setting in the mapping file.
Sets the logging level for the dsservd(1M) daemon. You can set any combination of the following levels:
Description
Trace
Packets
Arguments
Connections
BER
Filters
Configuration
Access Control
Statistics (summary)
Statistics (detailed)
Not Used
Parse
All information
Specifies the file which contains raw data to be mapped to ldif entries. The raw data comes from some other data source, such as a database or NIS files. Each line in the input file corresponds to an entry or a change to an entry to be made in the directory service. See sispload.mapping(4) for information on the syntax rules for this file.
Specifies the host name of the directory server to which the user entries will be added. New entries will be checked against the directory on this host to determine whether new entries should be added or should modify existing user entries. If no host is specified, the local machine is the default.
Specifies the mapping file to use to translate input entries into directory entries. If no mapping file is specified, sispload.mapping in /etc/opt/SUNWconn/ldap/current/mapping is used. See sispload.mapping(4) for details on the format of the mapping file.
Specifies a file root where output will be sent instead of STDOUT and STDERR. Two files will be created: outputFile.ldif contains ldif-format changes to make to the directory, and outputFile.err contains error and warning messages.
Specifies the table in the mapping file to use to create user entries. Valid parameters are
sisp - to create users with the ispSubscriber object class.
sisprad - to create users with the ispSubscriber and remoteUser (RADIUS user) object classes.
sispsims - to create users with the ispSubscriber and emailPerson object classes.
sispradsims - to create users with the ispSubscriber, remoteUser, and emailPerson object classes.
If -t is not specified, the sisp
table is used.
Sets variables for use in the conversion. Repeat the -V flag to define multiple variables. For example:
-V BASE_DN=o=myISP,c=US \ -V SUNMS=mailbox
The sispload utility is designed to migrate large sets of user data from one source into ispSubscriber
entries in the Solaris ISP Server directory server. Any source data may be used, as long as it can be exported into an ASCII file in the format understood
by sispload. The manual page for sispload.mapping(4)
describes the syntax for the input file.
For each line in the input file, sispload attempts to construct an appropriate directory in ldif format. The entry contains the distinguished name, object class definitions, and all applicable attributes for the object classes. Data may not be available for some attributes. Use blank fields in the input file, and sispload will either ignore the attribute or set it to an appropriate default value.
For each entry created, sispload checks the directory on the named host (or the local host) to discover whether an entry already exists with matching data. If a matching subscriber entry is found, sispload attempts to create an ldif modify record instead of an add. If neither a modify nor an add record cannot be created, an error will be logged in the error file.
Before you make actual changes to the directory, you should run ldapmodify with the -n option to preview the changes that would be made. For example:
# ldapmodify -D 'cn=admin,o=XYZ,c=US' -w secret -h ldap2.xyz.com \-n -f bulkload.ldif |
If there are errors, you may need to modify some of the entries that are being made, or you may need to delete some entries from the ldif file and modify them manually.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWixsds |
Interface Stability | Evolving |
sispload.mapping(4), dsimport(1M)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXTENDED DESCRIPTION | EXIT STATUS | ATTRIBUTES | SEE ALSO
NAME | SYNOPSIS | DESCRIPTION | OPERANDS | ENVIRONMENT VARIABLES | EXIT STATUS | ATTRIBUTES | SEE ALSO
Uninstalls Solaris for ISPs 1.0 components, if found installed, and saves the old data for upgrading to Solaris ISP Server 2.0. You must have root access to run this script. If you are upgrading from the:
Host configuration software (using hcstartup), this script is automatically executed.
Command line, you must execute this script before upgrading to Solaris ISP Server 2.0 software.
The path to the root of the installation media for invoking this script.
There are Solaris for ISPs 1.0 components installed on this machine. Before installing Solaris ISP Server 2.0, this program will uninstall the old version. The configuration data for these components will be saved and they will be uninstalled (you may then select them for reinstallation and the saved data will be restored). Do you wish to proceed? (y/n)
If the script is executed by hcstartup, this prompt asks you to specify whether or not you wish to uninstall Solaris for ISPs 1.0 components, currently running on the machine, and save the data for an upgrade. You will not get this prompt if you execute this command from the command line.
When invoked,
See environ(5)
for descriptions of the following environment variables that affect the execution of command_name: NLSPATH.
The following exit values are returned:
Successful completion. Uninstalled 1.0 components and saved data successfully.
Exited silently. Did not find 1.0 components installed for upgrading.
An error occurred or the root to the installation media is incorrect.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
NAME | SYNOPSIS | DESCRIPTION | OPERANDS | ENVIRONMENT VARIABLES | EXIT STATUS | ATTRIBUTES | SEE ALSO
NAME | DESCRIPTION | RETURN VALUES | ATTRIBUTES | FILES | SEE ALSO | NOTES
The ISP Directory Information API (IDIA) contains C language library functions and a Java class that provide information to enable read-write access to information stored in the Lightweight Directory Access Protocol (LDAP) directory service. It supports ISP services that need to bind to the LDAP server and update service information.
The information provided by IDIA is determined during the Solaris ISP Server host configuration process and directory services initialization. The ispldap command-line utility stores this information for use by the API.
See individual man pages for the return values of the C functions.
Each method in the Java class ispLdapService throws a Java IOException.
See attributes(5) for descriptions of the following attributes.
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWispm |
The C header file for the LDAP directory services access API.
The Java package for the IspLdapService class.
The C header file for ISPMC_aar().
This C function provides the distinguished name and password for binding to the LDAP server with access to a particular region of the directory information tree (DIT).
This C function provides the names and port numbers of LDAP directory servers configured on the network.
This C function provides the distinguished name of the root domain (top-level domain entry in the DIT, under which Solaris ISP Server information is stored).
This Java class provides information on LDAP servers configured on the network. Various class methods return the root domain entry in the DIT and distinguished names and passwords for binding to the directory.
This C function accepts the user name and password of an administrator of Sun Internet Administrator and validates against the entry in the directory services. It first checks the name and password, to authenticate that the user exists. Then it checks the component identifier and version provided to determine whether this user is authorized to access that service. The results of the check are passed back by means of the access parameter.
NAME | DESCRIPTION | RETURN VALUES | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | EXTENDED DESCRIPTION | RETURN VALUES | ERRORS | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
#include <isp_dir_api.h>int ispGetLdapInfo(const char *componentId, const char *versionNo, char **ldapBindDn, char **ldapBindPasswd, char **compConfigDn);
Accepts the component identifier and version number for a particular software component and provides the distinguished name and password for binding to an LDAP server with access to update a particular portion of the DIT. Also provides the distinguished name of a component configuration entry if one exists.
The parameter descriptions follow in alphabetical order.
An output argument that points to a Null-terminated string containing the distinguished name of a component configuration entry (if one exists) associated with the componentId and versionNo. If no such entry exists, this pointer is set to NULL.
An input argument that points to a character constant containing the identifier of the particular software component (service) of interest. Typical component identifiers are package names (or slight variants) as these are guaranteed to be unique.
An output argument that points to a Null-terminated string containing the distinguished name for binding to the LDAP server with access to the portion of the DIT associated with the component passed in componentId and versionNo.
An output argument that points to a Null-terminated string containing the password for binding to the LDAP server with access to the portion of the DIT associated with the component passed in componentId and versionNo.
An input argument that points to a character constant containing the version number of the particular component of interest. Typical component version numbers are in the form major.minor (for example, 1.0).
Use the information provided by the ispGetLdapInfo() function to bind to a known LDAP server (using the LDAP client library API), and to access component-specific configuration information if it exists.
Services that need read-only access can bind to the directory unauthenticated and perform searches and compares. This API provides information required to gain write access. Remember that the server access controls must be set to allow write access.
The caller of ispGetLdapInfo() is reponsible for calling free() on compConfigDn, ldapBindDn, and ldapBindPasswd.
The ispGetLdapInfo() function returns the following.
Successful completion.
An error occurred. The error number in errno is set as shown in ERRORS.
The ispGetLdapInfo() function sets the following errno values when an error occurs.
ENOENT
No entry exists for the specified componentId and versionNo.
EIO
The function is unable to read LDAP information from the disk. The underlying file may not exist. Use ispldap(1m) to create it.
EACCESS
The user does not have permission to access the LDAP information file on disk.
The following shows a typical use of ispGetLdapInfo().
char *ftpLdapDn; char *ftpLdapPasswd; char *ftpCompDn; if(ispGetLdapInfo( "SUNWftp", "1.0", &ftpLdapDn, &ftpLdapPasswd, &ftpCompDn)==0) { ldap_bind(ld, ftpLdapDN, ftpLdapPasswd); /*Do other processing as appropriate Use the ISP-wide root domain DN to find the configuration information. */ if(ftpLdapDn) free(ftpLdapDn); if(ftpLdapPasswd) free(ftpLdapPasswd); if(ftpCompDn) free(ftpCompDn); }
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
MT_Level | Safe |
NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | EXTENDED DESCRIPTION | RETURN VALUES | ERRORS | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | RETURN VALUES | ERRORS | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
#include <isp_dir_api.h>int ispGetLdapServers(char **listOfLdapServers);
Provides a pointer to a Null-terminated character string containing a list of LDAP servers and port numbers.
The caller of ispGetLdapServers() is reponsible for calling free() on the listOfLdapServers string.
The parameter descriptions follow in alphabetical order.
An output argument that points to a Null-terminated character string containing a list of LDAP servers and port numbers in the following syntax:
hostName1[:portNum1] [hostName2[:portNum2] ... ]
Note that hostName and its associated port number are separated by a colon (:), while different hostNames are separated by spaces.
The server host name is returned in a form that matches the parameter accepted by the LDAP client library, which could be an IP address in dot notation or a DNS name, and can be passed directly through to those function calls. If no LDAP servers are configured, listOfLdapServers is an empty string. If listOfLdapServers lists a server without a port number, that server is using the default LDAP port (389).
In Solaris ISP ServerTM 2.0, only a single directory server is supported. The only replication supported is when configuring the dirctory for operation with Sun Internet Mail Server.
The ispGetLdapServers() function returns the following.
Successful completion.
An error occurred. The error number in errno is set as shown in Missing Cross Reference Target.
The ispGetLdapServers() function sets the following errno values when an error occurs.
EIO
The function is unable to read LDAP information from the disk. The underlying file may not exist.
EACCESS
The user does not have permission to access the LDAP information file on disk.
char* ldapServers; if(ispGetLdapServers(&ldapServers)==0) { ldap_init(ldapServers, LDAP_PORT); /*other use of the directory server*/ free(ldapServers); }
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
MT_Level | Safe |
NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | RETURN VALUES | ERRORS | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | RETURN VALUES | ERRORS | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
#include <isp_dir_api.h>int ispGetTopDn(char **ispGlobalDn);
Provides a pointer to a Null-terminated string containing the DN of the top-level Solaris ISP Server entry in the directory information tree (DIT). SunTM Internet AdministratorTM uses the ispGlobalDn to locate component-specific configuration information and administrator information in the directory. Service components should use the compDn returned by the ispGetLdapInfo() function.
The caller of ispGetTopDn() is reponsible for calling free() on ispGlobalDn.
The parameter descriptions follow in alphabetical order.
An output argument that points to a Null-terminated string containing the distinguished name of the root domain entry in the DIT.
The ispGetTopDn() function returns the following.
Successful completion.
An error occurred. The error number in errno is set as shown in ERRORS.
The ispGetTopDn() function sets the following errno values when an error occurs.
ENOENT
No entry exists in the configuration file, or the file does not exist.
EIO
The function is unable to read Lightweight Directory Access Protocol (LDAP) information from the disk. The underlying file may not exist.
EACCESS
The user does not have permission to access the LDAP information file on disk.
char * ispTopDn = NULL; if((ispGetTopDn(&ispTopDn)) < 0 ) { /check errno*/ } else { printf("isp Top Dn = %s \n", ispTopDn); /*other processing using ispTopDn*/ } if(ispTopDn) free(ispTopDn);
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
MT_Level | Safe |
NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | RETURN VALUES | ERRORS | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
NAME | SYNOPSIS | DESCRIPTION | METHODS | EXTENDED DESCRIPTION | EXCEPTIONS | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
package com.sun.isp.idia; public class IspLdapService() { public IspLdapService(String Svc, String Vers) throws IOException {} public String Servers() throws IOException {} public String TopDn() throws IOException {} public String BindDN() throws IOException {} public String BindPasswd() throws IOException {} }
The IspLdapService class uses Java Native methods Interface (JNI) to deliver the same information provided by the C library functions ispGetLdapServers(), ispGetLdapInfo(), and ispGetTopDn(). Because of the use of native methods, and for security reasons (IspLdapService accesses files on disk), it cannot be used from an applet.
public String BindDN();
Returns a String object containing the DN to be used by the service to bind to the LDAP server. This DN (and its password) is associated with regions of the directory information tree (DIT) defined by the Service and Version parameters passed when this IspLdapService object was constructed. When a service requires privileged access (for example, to update entries in the directory) it binds using this DN.
public String BindPasswd();
Returns a String object containing the password to be used by the service to bind to the LDAP server. The DN and password are associated with regions of the DIT defined by the Service and Version parameters passed when this IspLdapService object was constructed.
public IspLdapService(String Service, String Version);
Constructs an IspLdapService object where
Is a String object containing the component identifier of the service whose directory information is needed. A component identifier must be unique, and may be a package name or variant.
The component identifier must match that recorded by the mcreg command when the service software was installed and configured.
Is a String object containing the version number of the service whose directory information is needed. The version number is typically in the form major.minor (for example, 1.0).
The version number must match that recorded by the mcreg command when the service software was installed and configured.
Each component that uses the directory services has its own region of the DIT for its component-specific information. The constructor initializes the String object returned by BindDN() to the distinguished name for binding to that portion of the DIT. It initializes the String object returned by BindPasswd() to the password attribute for that entry.
public String Servers() ;
Returns a String object containing a list of LDAP servers configured on the network. If no servers are configured, an empty String is returned. The String has the following syntax:
hostName1[:portNum1] [hostName2[:portNum2] . . . ]
Note that hostName and its associated port number are separated by a colon (:), while different hostNames are separated by spaces. The server host name is returned in a form that matches the parameter accepted by the LDAP client library, which could be an IP address in dot notation or a DNS name, and can be passed directly through to those function calls.
In Solaris ISP ServerTM 2.0, only a single, directory server is supported. The only replication supported is when configuring the directory to operate with Sun Internet Mail Server.
public String TopDn() ;
Returns a String object containing the distinguished name of the root domain entry in the DIT (the top-level entry under which Solaris ISP Server information is stored).
The IspLdapService class is designed to work with Java Naming and Directory Interface (JNDI) to access information from any standard directory service without requiring specific directory knowledge on the part of the application. JNDI uses several JNDI Environment Properties to specify the LDAP server and the user name and credentials the application will use to bind to it. These are:
java.naming.provider.url (Context.PROVIDER_URL)
java.naming.dns.url (Context.DNS_URL)
java.naming.security.principal (Context.SECURITY_PRINCIPAL)
java.naming.security.credentials (Context.SECURITY_CREDENTIALS)
Each of these takes a Java String object and can be set as env.put(Context.XXX), by the application. An example of how to use IspLdapService with JNDI is included below.
Each of the public methods of IspLdapService throws a Java IOException when an error occurs in reading the configuration file from disk. Remember to handle these exceptions in your code.
// JNDI packages import javax.naming.*; import javax.naming.directory.*; // ISP directory information classes import com.sun.isp.idia.*; ... { ... String ldapServers; String topDN; String bindDN; String bindPwd; // Fetch LDAP server, bindDN and password // from Isp Dir Info API-classes and bind // to the LDAP server IspLdapService ftpService = new IspLdapService("SUNWftp", "1.0"); try { ldapServers = ftpService.Servers(); topDN = ftpService.TopDN(); bindDN = ftpService.BindDN(); bindPwd = ftpService.BindPasswd(); } catch (IOException e) { System.err.println("Error determining Ldap information"); return; } // LDAP initialization Hashtable env = new Hashtable(5, 0.75f); env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(javax.naming.Context.PROVIDER_URL, "ldap://" + ldapServers); env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindDN); env.put(javax.naming.Context.SECURITY_CREDENTIALS, bindPwd); ... }
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
MT_Level | Safe |
NAME | SYNOPSIS | DESCRIPTION | METHODS | EXTENDED DESCRIPTION | EXCEPTIONS | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | RETURN VALUES | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
#include <mcauth.h>int ISPMC_aar(char *admin_name, char *password, char *componentID, char *version, int *access);
This function accepts the user name and password of a user of Sun Internet Administrator and validates against the entry in the directory services. It first checks the name and password, to authenticate that the user exists. Then it checks the component identifier and version provided to determine whether this user is authorized to access that service. The results of the check are passed back by means of the access parameter.
Points to a string containing the user name of the administrator being authenticated.
Points to a string containing this administrator's password.
Points to a string containing a unique component identifier of the software component the administrator is accessing.
Points to a string containing version number (major.minor) of the software component the administrator is accessing.
An output argument that points to an integer specifying the results of the check. If access is 1, the administrator is authenticated and authorized for access to the desired service. If access is zero (0), the administrator is not authorized, or the administrator entry does not exist (this is an invalid user).
The ISPMC_aar() function function returns the following.
The function has exited properly. The results of the authentication and access check are in the access parameter.
The function has exited with an error. The user has not been validated and the contents of access are insignificant.
Because this value can be set by a number of different programs, all using similar error numbers for different reasons, you should not rely on this value to determine a specific reason for the failure.
#include <nl_types.h> #include "mcauth.h" nl_catd catd; main() { char *name = "john"; char *pwd = "smith"; char *comp = "SUNWfoobar"; char *version = "1.0"; int err, access; if ( (err = ISPMC_aar(name, pwd, comp, version, &access))== 0) { if (access == 1) printf ("Authenticated and authorized\n"); else printf ("Authentication or authorization failed\n"); } else { printf ("Error encountered\n"); } }
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWixamr |
Interface Stability | Evolving |
NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | RETURN VALUES | EXAMPLES | ATTRIBUTES | FILES | SEE ALSO
NAME | DESCRIPTION | ATTRIBUTES | FILES | SEE ALSO | NOTES
This page describes all of the man pages available for configuration files associated with Solaris ISP Server platform components.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWispm |
Interface Stability | Stable |
/etc/opt/SUNWisp/hclfmd.conf
/etc/opt/SUNWisp/ldap/lib/sispload.mapping
configures the Solaris ISP Server host configuration log file management daemon.
defines the translation methods used by sispload(1m) to convert user records from a structured text file to ldif entries.
NAME | DESCRIPTION | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | ATTRIBUTES | SEE ALSO
/etc/opt/SUNWisp/hclfmd.conf
The hclfmd.conf file contains the list of log files to be monitored by hclfmd. Each entry in the file has the following form:
interval:minutes log_file:commandwhere
Specifies the interval (in minutes) at which the listed log files are monitored. The interval can range from 1 minute to 10080 minutes (1 week).
Is the interval at which the log files are monitored. By default, the interval is set to one minute; that is, the log files are monitored every minute. You can modify the interval at which the log files are monitored by changing the interval values.
Is the complete path to the log file to be monitored. There should be an auth.err entry in /etc/syslog.conf for this file.
Is the notification command to run if new entries are found in the monitored file. The command is passed to /usr/bin/sh for execution, and may contain the following variables:
Replaced with the name of the file where the new entries are found.
Is a temporary file containing the new contents of the monitored log file.
If your command requires a literal percent sign (%), enter %%.
interval:1 /var/log/badauth:/usr/bin/mailx -s %f root < %c
checks the log file (badauth) every minute and runs the mailx command every time it detects new entries in the log file with subject set to "%f" and the mail body being whatever is in file "%c".
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWisp |
Interface Stability | Evolving |
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | ATTRIBUTES | SEE ALSO
NAME | SYNOPSIS | DESCRIPTION | EXTENDED DESCRIPTION | EXAMPLES | ATTRIBUTES | SEE ALSO
/etc/opt/SUNWisp/ldap/sunds/default/mapping/sispload.mapping
The sispload.mapping file contains the default rules for translating a file of user records into ldif records. The file is used with sispload(1m) to create an output file of ldif records for each user. The resulting ldif file can be used with ldapadd(1m) to create records for all of the user records in the directory server.
The Extended Description section explains the default rules defined in sispload.mapping and the expected syntax of the input files. You need to create a new mapping file if your input files are in another format or your directory schema has been altered from the Solaris ISP Server default. The mapping file follows the syntax of mapping files used by dsimport(1m), and you should read the dsimport man page or see the Sun Directory Services 3.1 Administration Guide.
The syntax of the mapping file is complicated. It may be very difficult to create a mapping file that properly converts data into records for your directory. Editing the mapping file is not recommended.
This section explains the syntax of the input file containing user data, the default mapping file, and the way the output ldif file is constructed from the input.
You must extract your current user data into an ASCII file with one entry per line according to the syntax described here. If you cannot
get data that matches this syntax exactly, you may need to create a new mapping file to match the syntax of your file. You should change only
the way lines are parsed in the LINE
entries of the Extract section in the mapping file.
For more details on the use, syntax, and valid data for the attributes that are constructed, please refer to the following sources:
Solaris ISP Server 2.0 Administration Guide for information about the ispSubscriber
object class. All of the sispload conversion tables use this class.
Sun Directory Services 3.1 Administration Guide for information about the remoteUser
and emailPerson
object classes used to create RADIUS and Sun Internet Mail Server users.
Each line in the input file corresponds to a resulting record in the ldif file and the directory. Each line is a series of fields separated by a delimiter.
The default delimiter is an exclamation point (!). You may change the delimiter by changing the value of SEPARATOR
in the Dynamic
section of the mapping file. You must also change the LINE
entries because they
are constructed with ! as the delimiter. Do not use a comma (,) or a space as the delimiter because records which contain distinguished name data
will use commas and spaces as part of the data.
If your data does not include one of the expected fields, you may be able to use a null field between separators in the input file. For example, if your data does not include the third field expected in the input:
!data1!data2!!data4!...
Only optional fields may be omitted. Optional data is marked with an asterisk (*) at the end of the token name in the mapping file, and noted as optional in the descriptions below.
This section describes the form of the input file. For details on the object classes and attributes constructed from the input file see the Output section below.
There are four forms for the input file corresponding to four translation tables:
sisp
is used to create user records using the ispSubscriber
object class.
sisprad
is used to create user records using the remoteUser
object
class and the ispSubscriber
object class so that RADIUS authentication data is included.
sispsims
is used to create user records using the emailPerson
object
class and the ispSubscriber
object class so that Sun Internet Mail Server data is included. Use this table if you have configured a Sun Internet Mail Serverdirectory
as a slave of the Solaris ISP Server directory.
sispradsims
is used to create user records using the emailPerson
, remoteUser
, andispSubscriber
object classes so that Sun Internet Mail Server data and RADIUS authentication data is included.
The table that is used is selected with the -t option for sispload. The default table is sisp
.
The following subsections describe the input fields for each table.
!LastName!FirstName!Nickname!Username!Password!DomainName!\ EmailAddress!Services!UID!GID!ContentDirectory!
Where:
Contains the real last name.
Contains the real first name.
(Optional) Contains an optional nickname or alias.
Contains the user name used to log on to the network.
(Optional) Contains the user's password.
(Optional) Contains the fully qualified domain name to which this user belongs.
(Optional) Contains this user's fully qualified email address, including the domain name.
(Optional) Contains a space-separated list of Solaris ISP Server ispService
distinguished name entries that correspond to services that the user is allowed to use. For example, if the user has an FTP directory, there may
be an entry of the form "ispversion=1.0, ou=SUNWftp, ou=Services, o=myisp, c=us."
(Optional) Contains a UNIX user id number.
(Optional) Contains a UNIX group id number.
(Optional) Identifies the directory used by the user for personal content (FTP uploads and personal web documents).
!LastName!FirstName!Nickname!Username!Password!DomainName!\ E-mailAddress!Services!UID!GID!ContentDirectory!\ AuthSuffix!GroupCheck!GroupReply!
Where the fields from "Last Name" through "Content Directory" are the same as in the "sisp Input" section, and
(Optional) Defines a string that may be appended to the user name used for authentication when the RADIUS server processes the user for authentication. For example, the RADIUS server may append a domain string to authenticate users who belong to a particular domain. For example, a user logging in as "jdoe" might be authenticated as "jdoe@othernet.com."
(Optional) Defines a list of attributes in a user's record that the RADIUS server will check against data supplied during authentication. If no GroupCheck information is supplied, RADIUS will check all of the remote user's attributes before granting access. An example attribute for GroupCheck is "userPassword." Separate multiple attributes by spaces in the input file.
(Optional) Defines a list of attributes returned by the RADIUS server with an access-accept or access-reject response. Example attributes that might be used in the GroupReply field are "radiusPppProfile" and "dynamicIPAddress." Separate multiple attributes by spaces in the input file.
!LastName!FirstName!Nickname!Username!Password!DomainName!\ E-mailAddress!Services!UID!GID!ContentDirectory!\ AuthSuffix!GroupCheck!GroupReply!\ DataSource!MailServe!MailDomain!LegacyMail!\ MailDeliveryOption!RFC822Mailbox!MailFolderMap!MailQuota!\ ChannelType!
Where the fields from "Last Name" through "Content Directory" are the same as in the "sisp Input" section, and
Contains a string identifying the original source of this data for reference.
Defines the fully qualified domain name of the mail server to which mail for the user should be delivered.
Defines an object class for users that use a legacy mail gateway channel. Valid object classes supported by Sun Internet Mail Server are gatewayCCMailUser, gatewayMSMailUser, and gatewayProfsUser.
Specifies the value of the mailDeliveryOption
attribute
for the user. The variable MAILDEV
in the Common
section will be used if there is no input in
this field.
Specifies all of the email addresses defined for the user. This field may be left blank if the value of EmailAddress is the only valid address for the user.
Defines the message store for the user's mail folder. This field may be "UNIX V7" to use /var/mail or "Sun-MS" to use the Sun Internet Mail Server message store. The
variable SUNMS
in the Common
section will be used if there is no input in this field.
Defines the maximum size (in bytes) of the message store for the user.
Defines the type of legacy mail channel for the user. This is an optional field for users that use a legacy mail gateway channel; valid data in this field are:
0 for CC:mail
1 for Microsoft Mail
4 for an SMTP mail system
8 for IBM PROFS
!LastName!FirstName!Nickname!Username!Password!DomainName!\ EmailAddress!Services!UID!GID!ContentDirectory!\ AuthSuffix!GroupCheck!GroupReply!\ DataSource!MailServer!MailDomain!LegacyMail!\ MailDeliveryOption!RFC822Mailbox!MailFolder!MailQuota!\ ChannelType!
The sispradsims
input line is composed of all of the fields from the other three tables, which are described above.
The default mapping file is located in /etc/opt/SUNWisp/ldap/sunds/default/mapping/sispload.mapping.
The mapping file contains the rules for parsing the input file lines, assigning the fields to variables, and then using those variables to construct an ldif-format record for the directory server. In most cases, you will not need to edit this file. If you have a non-default input file format or if you have extended the default Solaris ISP Server schema, you may need to make changes to the mapping file. Please read this document and the man page for dsimport(1m) before editing the mapping file.
The syntax of the mapping file is complicated. It may be very difficult to create a mapping file that properly converts data into records for your directory. Editing the mapping file is not recommended.
The mapping file contains four Table
sections which define how input will be parsed and converted to ldif records. The four tables are sisp
, sisprad
, sispsims
,
and sispradsims
.
See the Input File Syntax section for details on each table's function.
See the dsimport(1m) manual page for more detailed information on the contents of each table and the general rules for constructing a mapping.
The following token and variable definitions may help you adjust the mapping if you have trouble with the output or with creating valid input:
Defines the distinguished name (dn) in the directory naming context where user records will be created. The default is the base dn specified when Solaris ISP Server was installed. The dn of each user will be cn=FirstName LastName (Username),ou="People", ou=domain [[ou=domain...]], BASE_DN.
Defines a path prefix to all user ISP content directories. The default is /home. The value of the content directory field from the input file is appended to this value to get the full path for the ispContentDirectory
attribute. The ispDirectoryRoot
attribute for an ispService
plus the ispContentDirectory
forms the full path to the actual directory.
Defines the criteria for determining whether a record already exists in the directory. By default, a new record from the input data is considered a duplicate if there is already a record with a matching cn=FirstName LastName and mail=EmailAddress. Refer to dsimport(1m) for details on constructing a match filter if the default does not meet your needs.
Defines the field delimiter in the input data. If you change the SEPARATOR you must also change the delimiter used in the LINE definitions in the table's Dynamic and Extract sections.
The output from sispload is stored in two files: filename.err contains error messages and filename.ldif contains ldif records for adding records to the directory.
The majority of the ldif file will consist of user records to add or modify. The format of the records depends on the translation table used. The user records for each table are explained below.
In addition to user records, there may be entries to create intermediate nodes where user data is stored. The ldif file may contain records
that add organizationalUnit
object classes to fill in the tree from the base DN to the ou=People node
where users are stored.
The object class of user records when the sisp
table is used is ispSubscriber
.
The following list describes how the input data is used to construct attributes in the ldif user record. Refer to the "Input" section for information on the meaning of the input fields (shown in a different style).
dn
Specifies the complete distinguished
name for the user record. The dn
is constructed as follows:
dn=cn="FirstName LastName (Username)", ou="People", ou=DomainName[[ou=domain...]], $BASE_DN.
cn
Specifies an additional commonName
attribute.
cn=FirstName LastName.
sn
Specifies the family name or surname.
sn=LastName.
givenname
Specifies the first or given name.
givenname=FirstName.
userid
Specifies the user name used for authentication.
userid=Username.
userPassword
Specifies the password used for authentication. If no password is given in the input data, the user name is used.
userid=Password || Username.
uidNumber
Specifies the user ID number used for processes and files owned by the user.
uidNumber=UID.
gidNumber
Specifies the group ID number used for processes and files owned by the user.
gidNumber=GID.
ispContentDirectory
Specifies a path prefix for the actual file system directory
where the user stores personal content (such as web pages or FTP content). The ispContentDirectory
attribute is built
from appending the field from the input file to the value of DIRPREF
in the mapping file Common
section. If DIRPREF
is null and there is no data in the input field, this attribute is not set.
ispContentDirectory= $DIRPREF/ContentDirectory.
ispAuthorizedServices
Specifies the distinguished name of each ISP service
this user is allowed to use. Each distinguished name in the input file should reference the ispVersion
attribute of an
existing ispService
record. Multiple services can be separated by spaces between the delimiters in the input file. An
example of an entry in the input file is "ispversion=1.0,ou=SUNWftp,ou=Services,o=myisp,c=us."
ispAuthorizedServices=Services.
mail
Specifies the full email address.
mail=EmailAddress.
The object classes of user records when the sisprad
table is used are remoteUser
and ispSubscriber
.
The ldif record contains all of the attributes described in the sisp Output section. In addition, the sisprad table generates
the additional attributes for a remoteUser
object listed below. Refer to the "Input" section for information
on the meaning of the input fields (shown in a different style).
authsuffixname
Specifies the authSuffixName
attribute. This string is added to the user name by the RADIUS server when it checks authentication. If there is no
value in the input file, the user's DomainName is used.
authSuffixName=AuthSuffix ||DomainName.
grpCheckInfo
Specifies a list of attributes that the RADIUS server checks against the data supplied by a user session at login. If there is no value in the input file, the attributes authSuffixName and userPassword are used.
grpCheckInfo=GroupCheck || "authSuffixName userPassword".
authServiceProtocol
Specifies the type of service for the user. This attribute takes its value from the AUTHPROT variable defined in the Common section; the default value is Framed-User.
authServiceProtocol=$AUTHPROT.
framedrouting
Specifies the routing method for the user, when the user is a router to a network. This attribute takes its value from the FRAMEDROUTING variable defined in the Common section; the default value is None.
framedrouting=$FRAMEDROUTING.
framedprotocol
Specifies the framing to be used for framed access. This attribute takes its value from the FRAMEDPROTOCOL variable defined in the Common section; the default value is PPP.
framedprotocol=$FRAMEDPROTOCOL.
grpReplyInfo
Specifies a list of attributes returned by the RADIUS server with an access-accept or an access-reject response. If there is no value in the input file, the attributes authServiceProtocol, framedProtocol, and framedRouting are used.
grpReplyInfo=GroupReply || "authServiceProtocol framedProtocol framedRouting".
The object classes of user records when the sispsims
table is used are emailPerson
and ispSubscriber
. If there is an input entry for LegacyMail, such as "gatewayCCMailUser,"
then this additional object class is also created for the user. When the sispradsims
table is used, a remoteUser
object class is created for each user record.
The ldif records from the sispsims table contain all of the attributes described in the "sisp Output" section. Records from the sispradsims table also include the records described in the "sisprad Output" section.
In addition, the sispsims and sispradsims tables generate the additional attributes for an emailPerson
object listed below. Refer to the "Input" section for information on the meaning of the input fields (shown
in a different style).
dataSource
Specifies the original source of the user data. This is an optional field for reference purpose. If the data source is blank in the input file, the string "Solaris for ISP Server(tm) sispload utility" is used.
dataSource=DataSource || "Solaris for ISP Server(tm) sispload utility"
mailhost
Specifies the fully qualified domain name of the SMTP/MIME mail server.
mailhost=MailServer
mailQuota
Specifies the maximum size in bytes of the user's message store, or 0 (zero) for unlimited size.
mailQuota=MailQuota
mailDeliveryOption
Specifies the method for delivering mail to the user. If there is no value in the input file, the attribute takes its value from the MAILDELIV variable defined in the Common section; the default value is mailbox. See "Appendix D. SIMS Directory Schema and Directory Information Tree " in Sun Internet Mail Server 3.5 Administrator's Guide for a complete list of valid values.
mailDeliveryOption=MailDeliveryOption || $MAILDELIV
mailFolderMap
Specifies the type of message store for the user's mail folders. If there is no value in the input file, the attribute takes its value from the SUNMS variable defined in the Common section; the default value is "SUN-MS".
mailFolderMap=MailDeliveryOption || $SUNMS.
preferredrfc822recipient
Specifies the user's internal email address. This attribute is built by combining the Username and MailServer tokens from the input file.
preferredrfc822recipient=UserName@MailServer.
rfc822Mailbox
Specifies an email address for the user. There may be multiple valid addresses separated by spaces in the input file; a separate rfc822Mailbox attribute is added for each address.
rfc822Mailbox=RFC822Mailbox.
channelType
Defines the type of legacy mail channel for the user.
channelType=ChannelType.
The following listing shows an example input file with two user records. The records will be converted using the sisprad
table.
!Smith!Joseph!Joe!jsmith!!myisp!\ jsmith@myisp.net!ispversion=1.0,ou=SUNWftp,ou=Services,o=MyISP,c=US!\ 89091!10!jsmith!@myisp.net!authSuffixName userPassword!\ authServiceProtocol framedProtocol framedRouting\ radiusPppProfile! !Jones!Janet!!janjones!!myisp!\ janjones@myisp.net!ispversion=1.0,ou=SUNWftp,ou=Services,o=MyISP,c=US!\ 89092!10!janjones!@myisp.net!authSuffixName userPassword!\ authServiceProtocol framedProtocol framedRouting\ radiusPppProfile!
If the above data is in a file named /tmp/radius.input it could be converted to ldif records using sispload:
% cd /opt/SUNWisp/ldap/sunds/sbin % ./sispload -b o=MyISP,c=US -t sisprad -f /tmp/radius |
The file radius.ldif should contain the following records if the translation is successful and the user records do not already exist:
dn: cn=Joseph Smith (jsmith),ou=People,ou=myisp,o=MyISP,c=US changetype: add sn: Smith cn: Joseph Smith userid: jsmith userPassword: jsmith objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: ispSubscriber objectClass: remoteUser uidNumber: 89091 gidNumber: 10 ispContentDirectory: home/jsmith ispauthorizedServices: ispversion=1.0,ou=SUNWftp,\ ou=Services,o=MyISP,c=US mail: jsmith@myisp.net authsuffixname: @myisp.net grpCheckInfo: authSuffixName grpCheckInfo: userPassword authServiceProtocol: Framed-User framedrouting: None framedprotocol: PPP grpReplyInfo: authServiceProtocol grpReplyInfo: framedProtocol grpReplyInfo: framedRouting grpReplyInfo: radiusPppProfile dn: cn=Janet Jones (janjones),ou=People,ou=myisp,o=MyISP,c=US changetype: add sn: Jones cn: Janet Jones userid: janjones userPassword: janjones objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: ispSubscriber objectClass: remoteUser uidNumber: 89092 gidNumber: 10 ispContentDirectory: home/janjones ispauthorizedServices: ispversion=1.0,ou=SUNWftp,\ ou=Services,o=MyISP,c=US mail: janjones@myisp.net authsuffixname: @myisp.net grpCheckInfo: authSuffixName grpCheckInfo: userPassword authServiceProtocol: Framed-User framedrouting: None framedprotocol: PPP grpReplyInfo: authServiceProtocol grpReplyInfo: framedProtocol grpReplyInfo: framedRouting grpReplyInfo: radiusPppProfile
Finally, these records can be added to the directory using ldapmodify(1m):
% cd /opt/SUNWconn/bin % ./ldapmodify -D cn=admin,o=MyISP,c=US -w secret -f /tmp/radius.ldif |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWixsds |
Interface Stability | Evolving |
sispload(1m), dsimport(1m)
Sun Directory Services 3.1 Administration Guide
Sun Internet Mail Server 3.5 Administrator's Guide
NAME | SYNOPSIS | DESCRIPTION | EXTENDED DESCRIPTION | EXAMPLES | ATTRIBUTES | SEE ALSO