Naming and Directory Services (DNS, NIS, and LDAP)

CHAPTER 16Transitioning From NIS+ to LDAPThis chapter describes how to make the transition from using the NIS+ naming serviceto LDAP naming services.NIS+ to LDAP OverviewThe NIS+ server daemon, rpc.nisd, stores NIS+ data in proprietary-format files inthe /var/nis/data directory. While it is entirely possible to keep NIS+ datasynchronized with LDAP, such synchronization has previously required an externalagent. However, the NIS+ daemon now enables you to use an LDAP server as a datarepository for NIS+ data. Since this makes it possible for NIS+ and LDAP clients toshare the same naming service information, it is easier to transition from using NIS+as the main naming service, to using LDAP for the same role.By default, the rpc.nisd daemon continues to work as before, relying only onthe/var/nis/data NIS+ database. If desired, the system administrator can choose touse an LDAP server as the authoritative data repository for any subset of the NIS+database. In this case, the /var/nis/data files serve as a cache for the rpc.nisddaemon, reducing LDAP lookup traffic, and enabling the rpc.nisd to continueworking if the LDAP server is temporarily unavailable. In addition to continuoussynchronization between NIS+ and LDAP, you can also perform uploads of NIS+ datato LDAP, or downloads of LDAP data to NIS+.Mapping of data to and from LDAP is controlled by a flexible configuration filesyntax. (All standard NIS+ tables (except for client_info.org_dir andtimezone.org_dir) are covered by a template mapping file,/var/nis/NIS+LDAPmapping.template), which should require little or no changefor most NIS+ installations. (See “client_info and timezone Tables (NIS+ toLDAP)” on page 280 for information on client_info.org_dir andtimezone.org_dir.) In addition to locations for NIS+ data in the LDAP Directory251