Red Hat Enterprise Linux 5 Administration Unleashed

266CHAPTER 12Identity ManagementEach time the auto.* files are modified on the server, the service autofs reloadcommand must be run to reload the files and the make command must be run in the/var/yp/ directory to update the NIS map files. If an auto.* file is removed from theautofs configuration, the NIS map file for the deleted file in /var/yp// must bedeleted before running make in the /var/yp/ directory to update the NIS maps. If slaveNIS servers exist, use ypxfr as described in the earlier “Configuring NIS Slave Servers”section to update the NIS maps on the slave servers as well.From the NIS client, the ypcat command can be used to view the contents of these filessuch as the following:ypcat auto.masterNow that the NIS client has the autofs configuration files, stop the autofs service if it isalready running with local files:service autofs stopRemove the local autofs configuration files so the autofs service knows to get them viaNIS. It is a good idea to back them up in case you need to reference them later:rm /etc/auto.*Start the autofs service on the client with the service autofs start command as root.To ensure autofs is started by boot time, execute chkconfig autofs on as root as well.Enabling LDAPLDAP, or Lightweight Directory Access Protocol, is a server-client service that provides adirectory of information such as user data and user authentication. If the LDAP serverbeing contacted does not have the requested information, it can forward the request to adifferent LDAP server on the same network or on the Internet. Even though requests canbe forwarded to other LDAP servers, the most common application of LDAP is an internaldirectory for large organizations such as a business office (from one office to multipleoffices around the world) or a university. Instead of having to find a traditional phonedirectory or phone book, information about other employees or students can be quicklyreferenced online using LDAP. Instead of updating the file for the directory and reprintingit for everyone, the central directory is updated, and all users have access to the newlyupdated information instantly.Allowing LDAP ConnectionsBy default, OpenLDAP uses TCP and UDP port 389 for unencrypted connections and TCPand UDP port 636 for secure, encrypted connections.If custom IPTables rules are being used, refer to Chapter 24 for details on how to allowthese ports.If the default security level is enabled instead of custom IPTables rules, use the Security LevelConfiguration tool to allow LDAP connections. Start it by selecting Administration, Security