Naming and Directory Services (DNS, NIS, and LDAP)

More documents

Recommendations

Info

nisplusLDAPobjectDN rpc:ou=Rpc,?one?objectClass=oncRpc:\ou=Rpc,?one?objectClass=onRpc,objectClass=topThe above shows that the table entries are read from and written to the base ou=Rpc.Again, the trailing comma appends the defaultSearchBase value. Select entriesthat have an objectClass attribute value of oncRpc. When creating an entry in theou=Rpc container in LDAP, you also must specify top as an objectClass value.As an example showing a non-default delete specification, consider the following.nisplusLDAPobjectDNuser_attr:\ou=People,?one?objectClass=SolarisUserAttr,\solarisAttrKeyValue=*:\ou=People,?one?objectClass=SolarisUserAttr:\dbid=user_attr_delThe user_attr.org_dir data resides in the ou=People LDAP container, which itshares with account information from other sources, such as the passwd.org_dirNIS+ table.Select entries in that container that have the solarisAttrKeyValue attribute, sinceonly those contain user_attr.org_dir data. The dbid=user_attr_del portionof the nisplusLDAPobjectDN shows that when an entry in theuser_attr.org_dir NIS+ table entry is deleted, deletion of the correspondingLDAP entry (if any) should follow the rules in the rule set identified by theuser_attr_del database ID. See “nisplusLDAPcolumnFromAttributeAttribute” on page 262 for more information.nisplusLDAPattributeFromColumn AttributenisplusLDAPattributeFromColumn specifies the rules used to map NIS+ data toLDAP. Mapping rules for the other direction is controlled bynisplusLDAPcolumnFromAttribute.nisplusLDAPcolumnFromAttribute AttributenisplusLDAPcolumnFromAttribute specifies the rules used to map LDAP data toNIS+.The full entry mapping syntax can be found on NIS+LDAPmapping(4). However, afew examples should make things clearer.The NIS+ rpc.org_dir table contains four columns called cname, name, numbe, andcomment. Therefore, the entries for the NIS+ RPC program number (100300) with thecanonical name nisd and the aliases rpc.nisd and nisplusd could be representedby the following NIS+ entries in rpc.org_dir.nisd nisd 100300 NIS+ servernisd rpc.nisd 100300 NIS+ servernisd nisplusd 100300 NIS+ server262 System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) • January 2005
Assuming the defaultSearchBase value is dc=some,dc=domain, thecorresponding LDAP entry, as listed by ldapsearch(1), would be the following.dn: cn=nisd,ou=Ppc,dc=some,dc=domaincn: nisdcn: rpc.nsidcn: nisplusdoncRpcNumber: 100300description: NIS+ serverobjectClass: oncRpcThis makes for a simple one-to-one mapping between NIS+ and LDAP data, and thecorresponding mapping attribute value going from NIS+ to LDAP is the following.nisplusLDAPattributeFromColumn \rpc: dn=("cn=%s,", name), \cn=cname, \cn=name, \oncRpcNumber=number, \description=commentThis constructs the DN for the entry to be cn=%s, with the value of the cname columnsubstituted for %s.cn=nisd,Since the value ends in a comma, the read base value from the nisplusObjectDN isappended, and you have the following.cn=nisd,ou=Rpc,dc=some,dc=domainThe oncRpcNumber and description attribute values are just simple assignmentsof the corresponding NIS+ column values. The rpc.nisd will collect the multipleNIS+ entries into one LDAP entry, with multiple cn values to represent the differentname column values.Similarly, the mapping from LDAP to NIS+ would be as follows.nisplusLDAPcolumnFromAttribute \rpc: cname=cn, \(name)=(cn), \number=oncRpcNumber, \comment=descriptionThe above assigns the oncRpcNumber and description values to thecorresponding NIS+ columns. The multi-valued cn (denoted by (cn) is mapped tomultiple name column values (denoted by (name)). Since the name column cannot bemulti-valued, the rpc.nisd creates one NIS+ entry for each cn value.Finally, the nisplusLDAPattributeFromColumn value is an example of rule setsused for deletion.nisplusLDAPattributeFromColumn \user_attr_del: dn=("uid=%s,", name), \SolarisUserQualifier=, \Chapter 16 • Transitioning From NIS+ to LDAP 263
Page 1 and 2:
System Administration Guide:Naming
Page 3 and 4:
ContentsPreface 15Part I About Nami
Page 5 and 6:
Server-List Mode 77Broadcast Mode 7
Page 7 and 8:
Using Fully Qualified Domain Names
Page 9 and 10:
Checking Server Data From a Non-Cli
Page 11 and 12:
Replication Timestamps 268The Direc
Page 13 and 14:
ExamplesEXAMPLE 2-1 NIS+ Switch Fil
Page 15 and 16:
PrefaceSolaris Administration Guide
Page 17 and 18:
Related Books■ Sun Java System Di
Page 19 and 20:
PARTIAbout Naming and Directory Ser
Page 21 and 22:
CHAPTER 1Naming and Directory Servi
Page 23 and 24:
A network information service store
Page 25 and 26:
docS2S1sales.docS3manf.docC1 C2 C3
Page 27 and 28:
Subsequent changes in your organiza
Page 29 and 30:
NIS+ uses a client-server model to
Page 31 and 32:
CHAPTER 2The Name Service Switch (O
Page 33 and 34:
TABLE 2-1 Switch File Information S
Page 35 and 36:
networks: nis [NOTFOUND=return] fil
Page 37 and 38:
Note - In order to use LDAP naming
Page 39 and 40:
EXAMPLE 2-3 Files Switch File Templ
Page 41 and 42:
Selecting a Different Configuration
Page 43 and 44:
Caution - Potential delay issues:
Page 45 and 46:
PARTIIDNS Setup and AdministrationT
Page 47 and 48:
CHAPTER 3DNS Setup and Administrati
Page 49 and 50:
DNS and the Service ManagementFacil
Page 51 and 52:
EXAMPLE 3-2 Sample named.conf File
Page 53 and 54:
etc/rndc.confComparison of BIND 8 a
Page 55 and 56:
Options {Changes[ directory path_na
Page 57 and 58:
Options {Changes[ sortlist { addres
Page 59 and 60:
options {blackhole { ; ... };coresi
Page 61 and 62:
};print-time ;print-severity ;print
Page 63 and 64:
};maintain-ixfr-base ; // obsoletem
Page 65 and 66:
PARTIIINIS Setup and Administration
Page 67 and 68:
CHAPTER 4Network Information Servic
Page 69 and 70:
NIS Machine TypesThere are three ty
Page 71 and 72:
Note - rpc.yppasswdd considers all
Page 73 and 74:
TABLE 4-3 NIS Map DescriptionsMap N
Page 75 and 76:
For example, when you add a new mac
Page 77 and 78:
TABLE 4-4 NIS Command SummaryComman
Page 79 and 80:
CHAPTER 5Setting Up and Configuring
Page 81 and 82:
■You can query the status of NIS
Page 83 and 84:
In addition, if audit_user, auth_at
Page 85 and 86:
Preparing the MakefileAfter checkin
Page 87 and 88:
If the map or maps being pushed by
Page 89 and 90:
# svcadm restart network/nis/server
Page 91 and 92:
Setting Up NIS ClientsThe two metho
Page 93 and 94:
CHAPTER 6Administering NIS (Tasks)T
Page 95 and 96:
This step is necessary because the
Page 97 and 98:
separated by commas. For example, t
Page 99 and 100:
▼How to Change a Map’s Master S
Page 101 and 102:
master of the map, modify the Makef
Page 103 and 104:
5. Run make.# make mapnameWhere map
Page 105 and 106:
To periodically run ypxfr at a rate
Page 107 and 108:
■Using the Makefile” on page 10
Page 109 and 110:
2. Change to the NIS domain directo
Page 111 and 112:
Using NIS in Conjunction With DNSTy
Page 113 and 114:
CHAPTER 7NIS TroubleshootingThis ch
Page 115 and 116:
Client7# ls /var/yp...-rwxr-xr-x 1
Page 117 and 118:
Note - For security reasons, the us
Page 119 and 120:
# svcadm restart network/nis/server
Page 121 and 122:
100004 2 udp 731 ypserv100004 1 udp
Page 123 and 124:
PARTIVLDAP Naming Services Setup an
Page 125 and 126:
CHAPTER 8Introduction to LDAP Namin
Page 127 and 128:
DNS NIS NIS+ LDAPServers Master/sla
Page 129 and 130:
CHAPTER 9LDAP Basic Components andC
Page 131 and 132:
networksdn: ipNetworkNumber=200.20.
Page 133 and 134:
Also, if you use interface-specific
Page 135 and 136:
semicolon-separated base-scope-filt
Page 137 and 138:
LDAP Client ProfilesTo simplify Sol
Page 139 and 140:
TABLE 9-2 Client Profile Attributes
Page 141 and 142:
LDAP Naming Services Security Model
Page 143 and 144:
Caution - Allowing anonymous write
Page 145 and 146:
■and that it is easy to set up.sa
Page 147 and 148:
Pluggable Authentication MethodsBy
Page 149 and 150:
TABLE 9-5 pam_unix versus pam_ldapP
Page 151 and 152:
Note - The preceding account manage
Page 153 and 154:
CHAPTER 10Planning Requirements for
Page 155 and 156:
information will be searched for a
Page 157 and 158:
For information about how to set up
Page 159 and 160:
Because the entries are stored in t
Page 161 and 162:
CHAPTER 11Setting Up Sun Java Syste
Page 163 and 164:
Note - If you are using hostnames i
Page 165 and 166:
Using Service Search Descriptors to
Page 167 and 168:
▼How to Configure Sun Java System
Page 169 and 170:
EXAMPLE 11-1 Running idsconfig for
Page 171 and 172:
EXAMPLE 11-1 Running idsconfig for
Page 173 and 174:
Populating the Directory Server Wit
Page 175 and 176:
Migrating Your Sun Java SystemDirec
Page 177 and 178:
CHAPTER 12Setting Up LDAP Clients (
Page 179 and 180:
■dependencyrequire_all/none svc:/
Page 181 and 182:
System successfully configuredThe -
Page 183 and 184:
Setting Up TLS SecurityNote - The s
Page 185 and 186:
Retrieving LDAP Naming ServicesInfo
Page 187 and 188:
Enabling DNS With LDAPIf you want t
Page 189 and 190:
CHAPTER 13LDAP Troubleshooting (Ref
Page 191 and 192:
Checking the Current Profile Inform
Page 193 and 194:
5. No password is defined for the u
Page 195 and 196:
CHAPTER 14LDAP General Reference (R
Page 197 and 198:
CompatibilityClients configured on
Page 199 and 200:
General LDAP ToolsLDAP command line
Page 201 and 202:
other password required pam_dhkeys.
Page 203 and 204:
IETF Schemas for LDAPSchemas are de
Page 205 and 206:
SYNTAX ’INTEGER’ SINGLE-VALUE )
Page 207 and 208:
( nisSchema.2.5 NAME ’oncRpc’ S
Page 209 and 210:
Directory User Agent Profile(DUAPro
Page 211 and 212: Solaris SchemasThe schemas required
Page 213 and 214: ( 1.3.6.1.4.1.42.2.27.5.2.4 NAME
Page 215 and 216: EQUALITY caseIgnoreMatch ORDERING c
Page 217 and 218: "edge-stitch-bottom", "staple-dual-
Page 219 and 220: Legal values include; "unknown", "b
Page 221 and 222: client generates protocol extension
Page 223 and 224: ootparams(&(objectclass=bootableDev
Page 225 and 226: TABLE 14-5 getent Attribute Filters
Page 227 and 228: CHAPTER 15Transitioning From NIS to
Page 229 and 230: ■■Chapter 4, for an overview of
Page 231 and 232: TABLE 15-1 Terminology Related to t
Page 233 and 234: Transitioning From NIS to LDAP (Tas
Page 235 and 236: ■ The name of the configuration f
Page 237 and 238: d. Start the NIS daemons to ensure
Page 239 and 240: Tip - The original NIS dbm files ar
Page 241 and 242: ou=servdates, ?one? \objectClass=se
Page 243 and 244: For example, to increase the minimu
Page 245 and 246: Object class violationError Number:
Page 247 and 248: Problem: Object class violations oc
Page 249 and 250: ▼How to Revert to Maps Based on O
Page 251 and 252: CHAPTER 16Transitioning From NIS+ t
Page 253 and 254: “client_info and timezone Tables
Page 255 and 256: 2. Stop the NIS+ service.# svcadm d
Page 257 and 258: ■nisplusLDAPconfigProxyPasswordSe
Page 259 and 260: ■■■■■■■■■■nispl
Page 261: Carefully consider how critical it
Page 265 and 266: ▼How to Convert All NIS+ Data to
Page 267 and 268: 7. Create merged versions of the ta
Page 269 and 270: eplica. For example, assume that th
Page 271 and 272: traffic. For example, if the rpc.ni
Page 273 and 274: ■■■passwordnisplusLDAPproxyPa
Page 275 and 276: NIS+ Entry Owner, Group, Access, an
Page 277 and 278: homeDirectory=home, \loginShell=she
Page 279 and 280: Set the owner of the link object to
Page 281 and 282: NAME ’nisplusClientInfoData’ \D
Page 283 and 284: nisplusLDAPdatabaseIdMappingIf this
Page 285 and 286: nisplusLDAPobjectDNThe cname column
Page 287 and 288: nisplusLDAPcolumnFromAttribute \net
Page 289 and 290: NIS+/LDAP configuration attributes
Page 291 and 292: NAME ’nisplusLDAPbaseDomain’ \D
Page 293 and 294: APPENDIXASolaris 10 Software Update
Page 295 and 296: It is not possible to provide a cle
Page 297 and 298: Glossaryapplication-levelnaming ser
Page 299 and 300: DNS zonesDNS zone filesdomainAdmini
Page 301 and 302: N2L servername resolutionname serve
Page 303 and 304: server listslave serverSee preferre
Page 305 and 306: IndexNumbers and Symbols+/- Syntaxc
Page 307 and 308: IP address, 300ipsec(7), 144IPv6, n
Page 309 and 310: NIS (Continued)stopping, 112stoppin
Page 311 and 312: private key, 301Profiles, LDAP clie
Page 313 and 314:
yppush command, NIS problems, 120yp
show all

Naming and Directory Services (DNS, NIS, and LDAP)

Create successful ePaper yourself

Delete template?

Save as template?