We know LDAP, but NIS and all the different ways that NIS MAPs are implemented were confusing. The data presented is based on a "real" implementation as we saw things to make LDAP return the same values as were presented form the NIS servers to clients.

Use with caution as your mileage may vary (Well, your NIS may vary.)

passwd and shadow#

Typical location in LDAP: ou=people or ou=users

Map Format:

loginname:password:uidNumber|defaultgidNumber:gecos:homeDirectory:loginShell

Example map entry:

jwilleke:x:52658:280:Jim Willeke, 213-449-7111:/home/jwilleke:/usr/bin/ksh

LDAP entry would be:

dn: uid=user1,ou=People,dc=willeke,dc=com
uid: user1
cn: user1
uidnumber: 199995
gidnumber: 20
gecos: Joe Smith [New York]
homedirectory: /home/user1
loginshell: /bin/csh
objectclass: top
objectclass: shadowAccount
objectclass: account
objectclass: posixAccount
objectclass: nisKeyObject
objectclass: inetOrgPerson

passwd and publickey#

Typical location in LDAP: ou=people or ou=users

Map Format:

name   publickey:encryptedPrivateKey

Example map entry:

nobody 9cc01614d929848849add28d090acdaa1c78270aeec969c9:9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99

LDAP entry would be:

dn: uid=nobody,ou=People,dc=willeke,dc=com
uid: nobody
cn: nobody
uidnumber: 199995
gidnumber: 20
gecos: nobody 
homedirectory: /home/nobody
loginshell: /bin/csh
nisPublicKey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9
nisSecretKey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99
objectclass: top
objectclass: shadowAccount
objectclass: account
objectclass: posixAccount
objectclass: nisKeyObject
objectclass: inetOrgPerson

group#

Typical location in LDAP: ou=group

Map Format:

groupname:*:memberUid,memberUid,memberUid

Example map entry:

mygroup:*:441:user1,user2,user3

LDAP entry would be:

dn: cn=mygroup,ou=Group,ou=unix,dc=willeke,dc=com
cn: mygroup
gidnumber: 4441
memberuid: user1
memberuid: user2
memberuid: user3
objectclass: top
objectclass: posixGroup

services#

dn: cn=name+ipServiceProtocol=udp,ou=Services,ou=unix,dc=willeke,dc=com
cn: name
cn: nameserver
ipserviceprotocol: udp
ipserviceport: 42
objectclass: top
objectclass: ipService

netgroup#

Typical location in LDAP: ou=netgroup

Map Format:

Example map entry:

LDAP entry would be:

cn=mynetgroup,ou=netgroup,dc=central,dc=sun,dc=com
objectclass=nisNetgroup
objectclass=top
cn=mynetgroup
nisnetgrouptriple=(user1..mydc.mycom.com,-,)
nisnetgrouptriple=(user1.,-,)
membernisnetgroup=mylab

hosts and publickey #

Typical location in LDAP: ou=hosts

Map Format:

IP-address official-host-name  nickname1  nickname2 nicknames...

Example map entry:

200.20.20.99	myhost	jimshost	# host 1 - floor 1 - Lab a - building b

LDAP entry would be:

dn: cn=myhost+ipHostNumber=200.20.20.99,ou=Hosts,ou=unix,dc=willeke,dc=com
cn: myhost
cn: jimshost
iphostnumber: 200.20.20.99
description: host 1 - floor 1 - Lab a - building b
nispublickey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9
nissecretkey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99
objectclass: top
objectclass: NisKeyObject (AUX)
objectclass: device
objectclass: ipHost (AUX)

networks and netmasks #

Typical location in LDAP: ou=networks

Map Format:

Example map entry:

anoc-1		129.230		anoc-1

LDAP entry would be:

dn: ipNetworkNumber=129.230,ou=Networks,ou=unix,dc=willeke,dc=com
cn: anoc-1
ipnetworknumber: 129.144
objectclass: top
objectclass: ipNetwork
description: your Lab Network
ipnetmasknumber: 255.255.255.0

Example map entry:

200.20.20.0		255.255.255.0

LDAP entry would be:

dn: ipNetworkNumber=200.20.20.0,ou=Networks,ou=unix,dc=willeke,dc=com
cn: 200-20-20
ipnetworknumber: 200.20.20.0
objectclass: top
objectclass: ipNetwork
description: my Lab Network
ipnetmasknumber: 255.255.255.0

Example 2:

Example map entry:

129.144		255.255.255.0

LDAP entry would be:

dn: ipNetworkNumber=129.144,ou=Networks,ou=unix,dc=willeke,dc=com
cn: 129.144
ipnetworknumber: 129.144
objectclass: top
objectclass: ipNetwork
description: your Lab Network
ipnetmasknumber: 255.255.255.0

Example 3:

Example map entry:

arpanet		10		arpa	# Historical

LDAP entry would be: dn: ipNetworkNumber=10,ou=Networks,ou=unix,dc=willeke,dc=com cn: arpanet cn: arpa ipnetworknumber: 10 objectclass: top objectclass: ipNetwork description: Historical ipnetmasknumber: 255.0.0.0 }}}

rpc#

Typical location in LDAP: ou=rpc

Map Format:

Example map entry:

logger		100102	na.logger	# SunNet Manager

LDAP entry would be:

dn: cn=logger,ou=Rpc,ou=unix,dc=willeke,dc=com
cn: logger
cn: na.logger
oncrpcnumber: 100102
description: SunNet Manager
objectclass: top
objectclass: oncRpc

protocols#

Typical location in LDAP: ou=networks

Map Format:

Example map entry:

ipv6		41	IPv6		# IPv6 in IP encapsulation

LDAP entry would be:

dn: cn=ipv6,ou=Protocols,ou=unix,dc=willeke,dc=com
cn: IPv6
ipprotocolnumber: 41
description: IPv6 in IP encapsulation
description: transmission control protocol
objectclass: top
objectclass: ipProtocol

ethers and bootparams #

Typical location in LDAP: ou=ethers

Example map entry (ethers):

8:1:21:71:31:c1  myhost

Example map entry (bootparams):

myhost  root=boothost:/export/a/b/c/d/e

LDAP entry would be:

dn: cn=myhost,ou=Ethers,ou=unix,dc=willeke,dc=com
macaddress: 8:1:21:71:31:c1
bootparameter: root=boothost:/export/a/b/c/d/e
objectclass: top
objectclass: device
objectclass: ieee802Device (AUX)
objectclass: bootableDevice (AUX)
cn: myhost

publickey#

dn: cn=myhost+ipHostNumber=200.20.20.99,ou=Hosts,ou=unix,dc=willeke,dc=com
cn: myhost
iphostnumber: 200.20.20.99
description: Joe Smith
nispublickey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9
nissecretkey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99
objectclass: top
objectclass: NisKeyObject
objectclass: device
objectclass: ipHost

aliases#

For an entry form a NIS make file similar to:

amass:	bestj@mailbox,titschr@mailbox,gayhead@mailbox,vansicr@mailbox

You would create an LDAP entry like:

dn: cn=amass,ou=Aliases,ou=unix,dc=willeke,dc=com
mgrpRFC822mailmember: bestj@mailbox
mgrpRFC822mailmember: titschr@mailbox
mgrpRFC822mailmember: gayhead@mailbox
mgrpRFC822mailmember: vansicr@mailbox
mail: amass
objectClass: mailGroup
objectClass: groupOfNames
objectClass: Top
cn: amass

Aliases File Format

Original mailGroup schema from NetScape Note that only cn, mgrpRFC822mailmember and mail are used form the original objectClass.

project#

For an entry form a NIS make file similar to:

dcdi01p01:1001:king:oracle::project.cpu-shares=(privileged,30,none)

You would create an Entry like:

dn: SolarisProjectName=dcdi01p01,ou=Projects,ou=unix,dc=willeke,dc=com
SolarisProjectName: dcdi01p01
SolarisProjectID: 1001
SolarisProjectAttr: project.cpu-shares=(privileged,30,none)
memberUid: oracle
objectClass: SolarisProject
objectClass: Top
description: king

Automount#

The following shows an example of a direct AutoFS map, auto_direct, stored in the LDAP directory server using new (rfc-2307bis) automount schema:

dn:automountMapName=auto_direct,dc=nishpind
objectClass: top
objectClass: automountMap
automountMapName: auto_direct
 
 
dn:automountKey=/mnt_direct/test1,automountMapname=auto_direct, dc=nishpind
objectClass: top
objectClass: automount
automountInformation:hostA:/tmp 
automountKey: /mnt_direct/test1

dn:automountKey=/mnt_direct/test2,automountMapname=auto_direct, dc=nishpind
objectClass: top
objectClass: automount
automountInformation:hostB:/tmp
automountKey:/mnt_direct/test2

Automounts become a DIT structure similar to:

dc=com
|--dc=willeke
|---ou=Unix
|----automountMapName=auto_direct
|-----automountKey=/mnt_direct/test1
|-----automountKey=/mnt_direct/test2

Printers#

Includes RFC-3712 and SUN-Printer Schema.

This one seems to not work the way we expected. Given a map similar.

dn: printer-uri=myprinter
objectclass=top
objectclass=printerService
objectclass=printerAbstract
objectclass=sunPrinter
printer-name=myprinter
sun-printer-bsdaddr=printsvr.example.com,myprinter,Solaris
sun-printer-kvp=description=HP LaserJet (PS)
printer-uri=myprinter

For printer aliases , you need to add "objectClass=printerLPR" and create an entry like:

dn: printer-uri=myprinterAlias
objectclass=top
objectclass=printerService
objectclass=printerAbstract
objectclass=sunPrinter
objectClass=printerLPR
printer-name=myprinterAlias
printer-aliases=myprinterAlias
sun-printer-kvp=use=myprinter
printer-uri=myprinterAlias

profile#

dn: cn=default,ou=profile,ou=unix,dc=willeke,dc=com
serviceSearchDescriptor: passwd:ou=people,dc=willeke,dc=com?sub
serviceSearchDescriptor: group:ou=Groups,dc=willeke,dc=com?one
serviceSearchDescriptor: netgroup:ou=Netgroups,ou=unix,dc=willeke,dc=com?one
serviceSearchDescriptor: sudoers:ou=Sudoers,ou=unix,dc=willeke,dc=com?one
defaultSearchScope: one
objectclassMap: passwd:posixAccount=posixAccount
objectclassMap: group:posixGroup=posixGroup
objectclassMap: sudoers:sudoRole=sudoRole
objectclassMap: netgroup:nisNetgroup=nisNetgroup
credentialLevel: proxy
profileTTL: 3000
authenticationMethod: tls:simple
followReferrals: FALSE
bindTimeLimit: 10
preferredServerList: XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
defaultSearchBase: ou=unix,dc=willeke,dc=com
defaultServerList: XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
searchTimeLimit: 30
objectClass: Top
objectClass: DUAConfigProfile
cn: default

ypservers#

Used only by the N2L Product and NIS Servers.

dn: cn=nis-new,ou=ypservers,ou=Unix,dc=example,dc=com
objectClass: Device
objectClass: Top
cn: nis-new