[ новости /+++ | форум | теги | ]

NAME

rpc.nisd - configuration file for NIS+ service daemon
 

SYNOPSIS

/etc/default/rpc.nisd

DESCRIPTION

The rpc.nisd file specifies configuration information for the rpc.nisd(1M) server. Configuration information can come from a combination of three places. It can be derived from LDAP. It can be specified in the rpc.nisd file. It can be specified on the rpc.nisd(1M) command line. The values in the rpc.nisd file override values obtained from the LDAP server. Command line values supersede values in the configuration file.

The NIS+LDAPmapping(4) file contains mapping information connecting NIS+ object data to LDAP entries. See the NIS+LDAPmapping(4) manual page for an overview of the setup needed to map NIS+ data to or from LDAP.  

Attributes

The rpc.nisd(1M) server recognizes the following attributes. Any values specified for these attributes in the rpc.nisd file, including an empty value, override values obtained from LDAP. However, the nisplusLDAPconfig* values are read from the rpc.nisd file or the command line only. They are not obtained from LDAP.

The following are attributes used for initial configuration.

nisplusLDAPconfigDN

The DN for configuration information. If empty, all other nisplusLDAPConfig* values are ignored, in the expectation that all attributes are specified in this file or on the command line. When nisplusLDAPConfigDN is not specified at all, the DN is derived from the NIS+ domain name by default. If the domain name is x.y.z., the default nisplusLDAPconfigDN is:

nisplusLDAPconfigDN=dc=x,dc=y,dc=z

nisplusLDAPconfigPreferredServerList

The list of servers to use for the configuration phase. There is no default. The following is an example of a value for nisplusLDAPconfigPreferredServerList:

nisplusLDAPconfigPreferredServerList=127.0.0.1:389

nisplusLDAPconfigAuthenticationMethod

The authentication method used to obtain the configuration information. The recognized values for nisplusLDAPconfigAuthenticationMethod are:

none

No authentication attempted.

simple

Password of proxy user sent in the clear to the LDAP server.

sasl/cram-md5

Use SASL/CRAM-MD5 authentication. This authentication method may not be supported by all LDAP servers. A password must be supplied.

sasl/digest-md5

Use SASL/DIGEST-MD5 authentication. This authentication method may not be supported by all LDAP servers. A password must be supplied.

There is no default value. The following is an example of a value for nisplusLDAPconfigAuthenticationMethod:

nisplusLDAPconfigAuthenticationMethod=simple

nisplusLDAPconfigTLS

The transport layer security used for the connection to the server. The recognized values are:

none

No encryption of transport layer data. This is the default value.

ssl

SSL encryption of transport layer data. A certificate is required.

Export and import control restrictions may limit the availability of transport layer security.

nisplusLDAPconfigTLSCertificateDBPath

The name of the file containing the certificate database. The default path is /var/nis, and the default file name is cert7.db.

nisplusLDAPconfigProxyUser

The proxy user used to obtain configuration information. There is no default value. If the value ends with a comma, the value of the nisplusLDAPconfigDN attribute is appended. For example:

nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People,

nisplusLDAPconfigProxyPassword

The password that should be supplied to LDAP for the proxy user when the authentication method requires one. In order to avoid having this password publically visible on the machine, the password should only appear in the configuration file, and the file should have an appropriate owner, group, and file mode. There is no default value.

The following are attributes used for data retrieval. The object class name used for these attributes is nisplusLDAPconfig.

preferredServerList

The list of servers to use when reading or writing mapped NIS+ data from or to LDAP. There is no default value. For example:

preferredServerList=127.0.0.1:389 

authenticationMethod

The authentication method to use when reading or writing mapped NIS+ data from or to LDAP. For recognized values, see the LDAPconfigAuthenticationMethod attribute. There is no default value. For example,

authenticationMethod=simple

nisplusLDAPTLS

The transport layer security to use when reading or writing NIS+ data from or to LDAP. For recognized values, see the nisplusLDAPconfigTLS attribute. The default value is none. Note that export and import control restrictions may limit the availability of transport layer security.

nisplusLDAPTLSCertificateDBPath

The name of the file containing the certificate DB. For recognized and default values, see the nisplusLDAPconfigTLSCertificateDBPath attribute.

defaultSearchBase

The default portion of the DN to use when reading or writing mapped NIS+ data from or to LDAP. The default is derived from the value of the baseDomain attribute, which in turn usually defaults to the NIS+ domain name. If nisplusLDAPbaseDomain has the value x.y.z, the default defaultSearchBase is dc=x,dc=y,dc=z. See the following sample attribute value:

defaultSearchBase=dc=somewhere,dc=else

nisplusLDAPbaseDomain

The domain to append when NIS+ object names are not fully qualified. The default is the domain the rpc.nisd daemon is serving, or the first such domain, if there is more than one candidate.

nisplusLDAPproxyUser

Proxy user used by the rpc.nisd to read or write from or to LDAP. Assumed to have the appropriate permission to read and modify LDAP data. There is no default value. If the value ends in a comma, the value of the defaultSearchBase attribute is appended. For example:

nisplusLDAPproxyUser=cn=nisplusAdmin,ou=People, 

nisplusLDAPproxyPassword

The password that should be supplied to LDAP for the proxy user when the authentication method so requires. In order to avoid having this password publically visible on the machine, the password should only appear in the configuration file, and the file should have an appropriate owner, group, and file mode. There is no default value.

nisplusLDAPbindTimeout
nisplusLDAPsearchTimeout
nisplusLDAPmodifyTimeout
nisplusLDAPaddTimeout
nisplusLDAPdeleteTimeout

Establish timeouts for LDAP bind, search, modify, add, and delete operations, respectively. The default value is 15 seconds for each one. Decimal values are allowed.

nisplusLDAPsearchTimeLimit

Establish a value for the LDAP_OPT_TIMELIMIT option, which suggests a time limit for the search operation on the LDAP server. The server may impose its own constraints on possible values. See your LDAP server documentation. The default is the nisplusLDAPsearchTimeout value. Only integer values are allowed.

Since the nisplusLDAPsearchTimeout limits the amount of time the client rpc.nisd will wait for completion of a search operation, setting the nisplusLDAPsearchTimeLimit larger than the nisplusLDAPsearchTimeout is not recommended.

nisplusLDAPsearchSizeLimit

Establish a value for the LDAP_OPT_SIZELIMIT option, which suggests a size limit, in bytes, for the search results on the LDAP server. The server may impose its own constraints on possible values. See your LDAP server documentation. The default is zero, which means unlimited. Only integer values are allowed.

nisplusLDAPfollowReferral

Determines if the rpc.nisd should follow referrals or not. Recognized values are yes and no. The default value is no.

nisplusNumberOfServiceThreads

Sets the maximum number of RPC service threads that the rpc.nisd may use. Note that the rpc.nisd may create additional threads for certain tasks, so that the actual number of threads running may be larger than the nisplusNumberOfServiceThreads value.

The value of this attribute is a decimal integer from zero to (2**31)-1, inclusive. Zero, which is the default, sets the number of service threads to three plus the number of CPUs available when the rpc.nisd daemon starts. For example:

nisplusNumberOfServiceThreads=16

The following attributes specify the action to be taken when some event occurs. The values are all of the form event=action. The default action is the first one listed for each event.

nisplusLDAPinitialUpdateAction

Provides the optional capability to update all NIS+ data from LDAP, or vice versa, when the rpc.nisd starts. Depending on various factors such as both NIS+ and LDAP server and network performance, as well as the amount of data to be uploaded or downloaded, these operations can consume very significant CPU and memory resources. During upload and download, the rpc.nisd has not yet registered with rpcbind, and provides no NIS+ service. When data is downloaded from LDAP, any new items added to the rpc.nisd's database get a TTL as for an initial load. See the description for the nisplusLDAPentryTtl attribute on NIS+LDAPmapping(4).

none

No initial update in either direction. This is the default.

from_ldap

Causes the rpc.nisd to fetch data for all NIS+ objects it serves, and for which mapping entries are available, from the LDAP repository.

to_ldap

The rpc.nisd writes all NIS+ objects for which it is the master server, and for which mapping entries are available, to the LDAP repository.

nisplusLDAPinitialUpdateOnly

Use in conjunction with nisplusLDAPinitialUpdateAction.

no

Following the initial update, the rpc.nisd starts serving NIS+ requests. This is the default.

yes

The rpc.nisd exits after the initial update. This value is ignored if specified together with nisplusLDAPinitialUpdateAction=none.

nisplusLDAPretrieveErrorAction

If an error occurs while trying to retrieve an entry from LDAP, one of the following actions can be selected:

use_cached

Action according to nisplusLDAPrefreshError below. This is the default.

retry

Retry the retrieval the number of time specified by nisplusLDAPretrieveErrorAttempts, with the nisplusLDAPretrieveErrorTimeout value controlling the wait between each attempt.

try_again
unavail
no_such_name

Return NIS_TRYAGAIN, NIS_UNAVAIL, or NIS_NOSUCHNAME, respectively, to the client. Note that the client code may not be prepared for this and can react in unexpected ways.

nisplusLDAPretrieveErrorAttempts

The number of times a failed retrieval should be retried. The default is unlimited. The nisplusLDAPretrieveErrorAttempts value is ignored unless nisplusLDAPretrieveErrorAction=retry.

nisplusLDAPretrieveErrorTimeout

The timeout (in seconds) between each new attempt to retrieve LDAP data. The default is 15 seconds. The value for nisplusLDAPretrieveErrorTimeout is ignored unless nisplusLDAPretrieveErrorAction=retry.

nisplusLDAPstoreErrorAction

An error occurred while trying to store data to the LDAP repository.

retry

Retry operation nisplusLDAPstoreErrorAttempts times with nisplusLDAPstoreErrorTimeout seconds between each attempt. Note that this may tie up a thread in the rpc.nisd daemon.

system_error

Return NIS_SYSTEMERROR to the client.

unavail

Return NIS_UNAVAIL to the client. Note that the client code may not be prepared for this and can react in unexpected ways.

nisplusLDAPstoreErrorAttempts

The number of times a failed attempt to store should be retried. The default is unlimited. The value for nisplusLDAPstoreErrorAttempts is ignored unless nisplusLDAPstoreErrorAction=retry.

nisplusLDAPstoreErrortimeout

The timeout, in seconds, between each new attempt to store LDAP data. The default is 15 seconds. The nisplusLDAPstoreErrortimeout value is ignored unless nisplusLDAPstoreErrorAction=retry.

nisplusLDAPrefreshErrorAction

An error occured while trying to refresh a cache entry.

continue_using

Continue using expired cache entry, if one is available. Otherwise, the action is retry. This is the default.

retry

Retry operation nisplusLDAPrefreshErrorAttempts times with nisplusLDAPrefreshErrorTimeout seconds between each attempt. Note that this may tie up a thread in the rpc.nisd daemon.

cache_expired
tryagain

Return NIS_CACHEEXPIRED or NIS_TRYAGAIN, respectively, to the client. Note that the client code may not be prepared for this and could can react in unexpected ways.

nisplusLDAPrefreshErrorAttempts

The number of times a failed refresh should be retried. The default is unlimited. This applies to the retry and continue_using actions, but for the latter, only when there is no cached entry.

nisplusLDAPrefreshErrorTimeout

The timeout (in seconds) between each new attempt to refresh data. The default is 15 seconds. The value for nisplusLDAPrefreshErrorTimeout applies to the retry and continue_using actions.

nisplusThreadCreationErrorAction

The action to take when an error occured while trying to create a new thread. This only applies to threads controlled by the rpc.nisd daemon not to RPC service threads. An example of threads controlled by the rpc.nisd daemon are those created to serve nis_list(3NSL) with callback, as used by niscat(1) to enumerate tables.

pass_error

Pass on the thread creation error to the client, to the extent allowed by the available NIS+ error codes. The error might be NIS_NOMEMORY, or another resource shortage error. This action is the default.

retry

Retry operation nisplusThreadCreationErrorAttempts times, waiting nisplusThreadCreationErrorTimeout seconds between each attempt. Note that this may tie up a thread in the rpc.nisd daemon.

nisplusThreadCreationErrorAttempts

The number of times a failed thread creation should be retried. The default is unlimited. The value for nisplusThreadCreationErrorAttempts is ignored unless the nisplusThreadCreationErrorAction=retry.

nisplusThreadCreationErrorTimeout

The number of seconds to wait between each new attempt to create a thread. The default is 15 seconds. Ignored unless nisplusThreadCreationErrorAction=retry.

nisplusDumpError

An error occurred during a full dump of a NIS+ directory from the master to a replica. The replica can:

retry

Retry operation nisplusDumpErrorAttempts times waiting nisplusDumpErrorTimeout seconds between each attempt. Note that this may tie up a thread in the rpc.nisd.

rollback

Try to roll back the changes made so far before retrying per the retry action. If the rollback fails or cannot be performed due to the selected ResyncServiceAction level, the retry action is selected.

nisplusDumpErrorAttempts

The number of times a failed full dump should be retried. The default is unlimited. When the number of retry attempts has been used up, the full dump is abandoned, and will not be retried again until a resync fails because no update time is available.

nisplusDumpErrorTimeout

The number of seconds to wait between each attempt to execute a full dump. The default is 120 seconds.

nisplusResyncService

Type of NIS+ service to be provided by a replica during resync, that is, data transfer from NIS+ master to NIS+ replica. This includes both partial and full resyncs.

from_copy

Service is provided from a copy of the directory to be resynced while the resync is in progress. Rollback is possible if an error occurs. Note that making a copy of the directory may require a significant amount of time, depending on the size of the tables in the directory and available memory on the system.

directory_locked

While the resync for a directory is in progress, it is locked against access. Operations to the directory are blocked until the resync is done. Rollback is not possible.

from_live

The replica database is updated in place. Rollback is not possible. If there are dependencies between individual updates in the resync, clients may be exposed to data inconsistencies during the resync. In particular, directories or tables may disappear for a time during a full dump.

nisplusUpdateBatching

How updates should be batched together on the master.

accumulate

Accumulate updates for at least nisplusUpdateBatchingTimeout seconds. Any update that comes in before the timeout has occured will reset the timeout counter. Thus, a steady stream of updates less than nisplusUpdateBatchingTimeout seconds apart could delay pinging replicas indefinitely.

bounded_accumulate

Accumulate updates for at least nisplusUpdateBatchingTimeout seconds. The default value for timeout is 120 seconds. Incoming updates do not reset the timeout counter, so replicas will be informed once the initial timeout has expired.

none

Updates are not batched. Instead, replicas are informed immediately of any update. While this should maximize data consistency between master and replicas, it can also cause considerable overhead on both master and replicas.

nisplusUpdateBatchingTimeout

The minimum time (in seconds) during which to accumulate updates. Replicas will not be pinged during this time. The default is 120 seconds.

nisplusLDAPmatchFetchAction

A NIS+ match operation, that is, any search other than a table enumeration, will encounter one of the following situations:

1.

Table believed to be entirely in cache, and all cached entries are known to be valid. The cached tabled data is authoritative for the match operation.

2.

Table wholly or partially cached, but there may be individual entries that have timed out.

3.

No cached entries for the table. Always attempt to retrieve matching data from LDAP.

When the table is wholly or partially cached, the action for the nisplusLDAPmatchFetchAction attribute controls whether or not the LDAP repository is searched:

no_match_only

Only go to LDAP when there is no match at all on the search of the available NIS+ data, or the match includes at least one entry that has timed out.

always

Always make an LDAP lookup.

never

Never make an LDAP lookup.

nisplusMaxRPCRecordSize

Sets the maximum RPC record size that NIS+ can use over connection oriented transports. The minimum record size is 9000, which is the default. The default value will be used in place of any value less than 9000. The value of this attribute is a decimal integer from 9000 to 2^31, inclusive.

Storing Configuration Attributes in LDAP

Most attributes described on this man page, as well as those from NIS+LDAPmapping(4), can be stored in LDAP. In order to do so, you will need to add the following definitions to your LDAP server, which are described here in LDIF format suitable for use by ldapadd(1). The attribute and object class OIDs are examples only.

dn: cn=schema
changetype: modify
add: attributetypes
OIDattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 \
         NAME 'defaultSearchBase' \
         DESC 'Default LDAP base DN used by a DUA' \
         EQUALITY distinguishedNameMatch \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 \
         NAME 'preferredServerList' \
         DESC 'Preferred LDAP server host addresses used by DUA' \
         EQUALITY caseIgnoreMatch \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 \
         NAME 'authenticationMethod' \
         DESC 'Authentication method used to contact the DSA' \
         EQUALITY caseIgnoreMatch \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.0 \
         NAME 'nisplusLDAPTLS' \
         DESC 'Transport Layer Security' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.1 \
         NAME 'nisplusLDAPTLSCertificateDBPath' \
         DESC 'Certificate file' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.2 \
         NAME 'nisplusLDAPproxyUser' \
         DESC 'Proxy user for data store/retrieval' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.3 \
         NAME 'nisplusLDAPproxyPassword' \
         DESC 'Password/key/shared secret for proxy user' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.4 \
         NAME 'nisplusLDAPinitialUpdateAction' \
         DESC 'Type of initial update' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.5 \
         NAME 'nisplusLDAPinitialUpdateOnly' \
         DESC 'Exit after update ?' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.6 \
         NAME 'nisplusLDAPretrieveErrorAction' \
         DESC 'Action following an LDAP search error' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.7 \
         NAME 'nisplusLDAPretrieveErrorAttempts' \
         DESC 'Number of times to retry an LDAP search' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.8 \
         NAME 'nisplusLDAPretrieveErrorTimeout' \
         DESC 'Timeout between each search attempt' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.9 \
         NAME 'nisplusLDAPstoreErrorAction' \
         DESC 'Action following an LDAP store error' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.10 \
         NAME 'nisplusLDAPstoreErrorAttempts' \
         DESC 'Number of times to retry an LDAP store' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.11 \
         NAME 'nisplusLDAPstoreErrorTimeout' \
         DESC 'Timeout between each store attempt' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.12 \
         NAME 'nisplusLDAPrefreshErrorAction' \
         DESC 'Action when refresh of NIS+ data from LDAP fails' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.13 \
         NAME 'nisplusLDAPrefreshErrorAttempts' \
         DESC 'Number of times to retry an LDAP refresh' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.14 \
         NAME 'nisplusLDAPrefreshErrorTimeout' \
         DESC 'Timeout between each refresh attempt' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.15 \
         NAME 'nisplusNumberOfServiceThreads' \
         DESC 'Max number of RPC service threads' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.16 \
         NAME 'nisplusThreadCreationErrorAction' \
         DESC 'Action when a non-RPC-service thread creation fails' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.17 \
         NAME 'nisplusThreadCreationErrorAttempts' \
         DESC 'Number of times to retry thread creation' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.18 \
         NAME 'nisplusThreadCreationErrorTimeout' \
         DESC 'Timeout between each thread creation attempt' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.19 \
         NAME 'nisplusDumpErrorAction' \
         DESC 'Action when a NIS+ dump fails' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.20 \
         NAME 'nisplusDumpErrorAttempts' \
         DESC 'Number of times to retry a failed dump' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.21 \
         NAME 'nisplusDumpErrorTimeout' \
         DESC 'Timeout between each dump attempt' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.22 \
         NAME 'nisplusResyncService' \
         DESC 'Service provided during a resync' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.23 \
         NAME 'nisplusUpdateBatching' \
         DESC 'Method for batching updates on master' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.24 \
         NAME 'nisplusUpdateBatchingTimeout' \
         DESC 'Minimum time to wait before pinging replicas' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.25 \
         NAME 'nisplusLDAPmatchFetchAction' \
         DESC 'Should pre-fetch be done ?' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.26 \
         NAME 'nisplusLDAPbaseDomain' \
         DESC 'Default domain name used in NIS+/LDAP mapping' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.27 \
         NAME 'nisplusLDAPdatabaseIdMapping' \
         DESC 'Defines a database id for a NIS+ object' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.28 \
         NAME 'nisplusLDAPentryTtl' \
         DESC 'TTL for cached objects derived from LDAP' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.29 \
         NAME 'nisplusLDAPobjectDN' \
         DESC 'Location in LDAP tree where NIS+ data is stored' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.30 \
         NAME 'nisplusLDAPcolumnFromAttribute' \
         DESC 'Rules for mapping LDAP attributes to NIS+ columns' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.31 \
         NAME 'nisplusLDAPattributeFromColumn' \
         DESC 'Rules for mapping NIS+ columns to LDAP attributes' \
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

dn: cn=schema
changetype: modify
add: objectclasses
objectclasses:  ( 1.3.6.1.4.1.42.2.27.5.42.42.19.0 \
         NAME 'nisplusLDAPconfig' \
         DESC 'NIS+/LDAP mapping configuration' \
         SUP top STRUCTURAL MUST ( cn ) \
         MAY ( preferredServerList $ defaultSearchBase $
           authenticationMethod $ nisplusLDAPTLS $
           nisplusLDAPTLSCertificateDBPath $
           nisplusLDAPproxyUser $ nisplusLDAPproxyPassword $
           nisplusLDAPinitialUpdateAction $
           nisplusLDAPinitialUpdateOnly $
           nisplusLDAPretrieveErrorAction $
           nisplusLDAPretrieveErrorAttempts $
           nisplusLDAPretrieveErrorTimeout $
           nisplusLDAPstoreErrorAction $
           nisplusLDAPstoreErrorAttempts $
           nisplusLDAPstoreErrorTimeout $
           nisplusLDAPrefreshErrorAction $
           nisplusLDAPrefreshErrorAttempts $
           nisplusLDAPrefreshErrorTimeout $
           nisplusNumberOfServiceThreads $
           nisplusThreadCreationErrorAction $
           nisplusThreadCreationErrorAttempts $
           nisplusThreadCreationErrorTimeout $
           nisplusDumpErrorAction $
           nisplusDumpErrorAttempts $
           nisplusDumpErrorTimeout $
           nisplusResyncService $ nisplusUpdateBatching $
           nisplusUpdateBatchingTimeout $
           nisplusLDAPmatchFetchAction $
           nisplusLDAPbaseDomain $
           nisplusLDAPdatabaseIdMapping $
           nisplusLDAPentryTtl $
           nisplusLDAPobjectDN $
           nisplusLDAPcolumnFromAttribute $
           nisplusLDAPattributeFromColumn ) )

Create a file containing the following LDIF data. Substitute your actual search base for searchBase, and your fully qualified domain name for domain:

dn: cn=domain,searchBase
cn: domain
objectClass: top
objectClass: nisplusLDAPconfig

Use this file as input to the ldapadd(1) command in order to create the NIS+/LDAP configuration entry. Initially, the entry is empty. You can use the ldapmodify(1) command to add configuration attributes.  

EXAMPLES

Example 1 Creating a NIS+/LDAP Configuration Entry

To set the nisplusNumberOfServiceThreads attribute to 32, create the following file and use it as input to ldapmodify(1):

dn: cn=domain,searchBase
nisplusNumberOfServiceThreads: 32

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE Availability SUNWnisr Interface Stability

SEE ALSO

nisldapmaptest(1M), rpc.nisd(1M), NIS+LDAPmapping(4), attributes(5)

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

Index

NAME

SYNOPSIS

DESCRIPTION

Attributes

Storing Configuration Attributes in LDAP

EXAMPLES

ATTRIBUTES

SEE ALSO

Партнёры:

Хостинг: