Document Information
Preface
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. The Name Service Switch (Overview)
Part II DNS Setup and Administration
3. DNS Setup and Administration (Reference)
Part III NIS Setup and Administration
4. Network Information Service (NIS) (Overview)
5. Setting Up and Configuring NIS Service
6. Administering NIS (Tasks)
7. NIS Troubleshooting
Part IV LDAP Naming Services Setup and Administration
8. Introduction to LDAP Naming Services (Overview/Reference)
9. LDAP Basic Components and Concepts (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Sun Java System Directory Server With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP General Reference (Reference)
15. Transitioning From NIS to LDAP (Overview/Tasks)
16. Transitioning From NIS+ to LDAP
NIS+ to LDAP Overview
Getting Started With the NIS+ to LDAP Transition
Masters and Replicas (NIS+ to LDAP)
The Directory Server (NIS+ to LDAP)
NIS+ Entry Owner, Group, Access, and TTL
Principal Names and Netnames (NIS+ to LDAP)
client_info and timezone Tables (NIS+ to LDAP)
Adding New Object Mappings (NIS+ to LDAP)
Storing Configuration Information in LDAP
Part V Active Directory Naming Service
17. Setting Up Solaris Active Directory Clients
A. Solaris 10 Software Updates to DNS, NIS, and LDAP
Service Management Facility Changes
DNS BIND
pam_ldap Changes
Documentation Errors
Glossary
Index
|
Mapping NIS+ Objects Other Than Table Entries
You can store NIS+ objects other than table entries in LDAP. However, doing
so has no particular value unless you also have NIS+ replicas that
obtain those NIS+ objects from LDAP. The recommended choices are the following.
There are no replicas, or the replicas obtain their data from the NIS+ master only. Edit the mapping configuration file (see NIS+LDAPmapping(4)) to remove the following attribute values for all non-table-entry objects. nisplusLDAPdatabaseIdMapping
nisplusLDAPentryTtl
nisplusLDAPobjectDN For example, if you started out from the /var/nis/NIS+LDAPmapping.template file, the sections you need to remove (or disable by commenting) are as follows. # Standard NIS+ directories
nisplusLDAPdatabaseIdMapping basedir:
.
.
. nisplusLDAPdatabaseIdMapping user_attr_table:user_attr.org_dir nisplusLDAPdatabaseIdMapping audit_user_table:audit_user.org_dir
# Standard NIS+ directories
nisplusLDAPentryTtl basedir:21600:43200:43200
.
.
. nisplusLDAPentryTtl user_attr_table:21600:43200:43200
nisplusLDAPentryTtl audit_user_table:21600:43200:43200
# Standard NIS+ directories
nisplusLDAPobjectDN basedir:cn=basedir,ou=nisPlus,?base?\ objectClass=nisplusObjectContainer:\
cn=basedir,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
.
.
.nisplusLDAPobjectDN audit_user_table:cn=audit_user,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=audit_user,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=topNIS+ replicas obtain their data from LDAP server. Create the nisplusObject attribute and nisplusObjectContainer object class as shown in the following example (LDIF data is suitable for ldapadd(1). Attribute and object class OIDs are for illustration only.) dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.1.0 NAME 'nisplusObject'
DESC 'An opaque representation of an NIS+ object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )dn: cn=schema
changetype: modify
add: objectclasses objectclasses: (1.3.6.1.4.1.42.2.27.5.42.42.2.0 NAME'nisplusObjectContainer' SUP top STRUCTURAL DESC 'Abstraction of an NIS+ object'
MUST ( cn $ nisplusObject ) ) You also need to create a container for the NIS+ objects. The following LDIF syntax shows how to create the ou=nisPlus,dc=some,dc=domain container, and can be used as input to ldapadd(1). dn: ou=nisPlus,dc=some,dc=domain
ou: nisPlus
objectClass: top
objectClass: organizationalUnit
|
