-Table of Contents
We know LDAP, but NIS and all the different ways that NIS MAPs are implemented were confusing. The data presented is based on a "real" implementation as we saw things to make LDAP return the same values as were presented form the NIS servers to clients.
Use with caution as your mileage may vary (Well, your NIS may vary.)
passwd and shadow#
Typical location in LDAP: ou=people or ou=usersMap Format:
loginname:password:uidNumber|defaultgidNumber:gecos:homeDirectory:loginShell
Example map entry:
jwilleke:x:52658:280:Jim Willeke, 213-449-7111:/home/jwilleke:/usr/bin/ksh
LDAP entry would be:
dn: uid=user1,ou=People,dc=willeke,dc=com uid: user1 cn: user1 uidnumber: 199995 gidnumber: 20 gecos: Joe Smith [New York] homedirectory: /home/user1 loginshell: /bin/csh objectclass: top objectclass: shadowAccount objectclass: account objectclass: posixAccount objectclass: nisKeyObject objectclass: inetOrgPerson
passwd and publickey#
Typical location in LDAP: ou=people or ou=usersMap Format:
name publickey:encryptedPrivateKey
Example map entry:
nobody 9cc01614d929848849add28d090acdaa1c78270aeec969c9:9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99
LDAP entry would be:
dn: uid=nobody,ou=People,dc=willeke,dc=com uid: nobody cn: nobody uidnumber: 199995 gidnumber: 20 gecos: nobody homedirectory: /home/nobody loginshell: /bin/csh nisPublicKey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9 nisSecretKey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99 objectclass: top objectclass: shadowAccount objectclass: account objectclass: posixAccount objectclass: nisKeyObject objectclass: inetOrgPerson
group#
Typical location in LDAP: ou=groupMap Format:
groupname:*:memberUid,memberUid,memberUid
Example map entry:
mygroup:*:441:user1,user2,user3
LDAP entry would be:
dn: cn=mygroup,ou=Group,ou=unix,dc=willeke,dc=com cn: mygroup gidnumber: 4441 memberuid: user1 memberuid: user2 memberuid: user3 objectclass: top objectclass: posixGroup
services#
dn: cn=name+ipServiceProtocol=udp,ou=Services,ou=unix,dc=willeke,dc=com cn: name cn: nameserver ipserviceprotocol: udp ipserviceport: 42 objectclass: top objectclass: ipService
netgroup#
Typical location in LDAP: ou=netgroupMap Format:
Example map entry:
LDAP entry would be:
cn=mynetgroup,ou=netgroup,dc=central,dc=sun,dc=com objectclass=nisNetgroup objectclass=top cn=mynetgroup nisnetgrouptriple=(user1..mydc.mycom.com,-,) nisnetgrouptriple=(user1.,-,) membernisnetgroup=mylab
hosts and publickey #
Typical location in LDAP: ou=hostsMap Format:
IP-address official-host-name nickname1 nickname2 nicknames...
Example map entry:
200.20.20.99 myhost jimshost # host 1 - floor 1 - Lab a - building b
LDAP entry would be:
dn: cn=myhost+ipHostNumber=200.20.20.99,ou=Hosts,ou=unix,dc=willeke,dc=com cn: myhost cn: jimshost iphostnumber: 200.20.20.99 description: host 1 - floor 1 - Lab a - building b nispublickey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9 nissecretkey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99 objectclass: top objectclass: NisKeyObject (AUX) objectclass: device objectclass: ipHost (AUX)
networks and netmasks #
Typical location in LDAP: ou=networksMap Format:
Example map entry:
anoc-1 129.230 anoc-1
LDAP entry would be:
dn: ipNetworkNumber=129.230,ou=Networks,ou=unix,dc=willeke,dc=com cn: anoc-1 ipnetworknumber: 129.144 objectclass: top objectclass: ipNetwork description: your Lab Network ipnetmasknumber: 255.255.255.0
Example map entry:
200.20.20.0 255.255.255.0
LDAP entry would be:
dn: ipNetworkNumber=200.20.20.0,ou=Networks,ou=unix,dc=willeke,dc=com cn: 200-20-20 ipnetworknumber: 200.20.20.0 objectclass: top objectclass: ipNetwork description: my Lab Network ipnetmasknumber: 255.255.255.0
Example 2:
Example map entry:
129.144 255.255.255.0
LDAP entry would be:
dn: ipNetworkNumber=129.144,ou=Networks,ou=unix,dc=willeke,dc=com cn: 129.144 ipnetworknumber: 129.144 objectclass: top objectclass: ipNetwork description: your Lab Network ipnetmasknumber: 255.255.255.0
Example 3:
Example map entry:
arpanet 10 arpa # Historical
LDAP entry would be: dn: ipNetworkNumber=10,ou=Networks,ou=unix,dc=willeke,dc=com cn: arpanet cn: arpa ipnetworknumber: 10 objectclass: top objectclass: ipNetwork description: Historical ipnetmasknumber: 255.0.0.0 }}}
rpc#
Typical location in LDAP: ou=rpcMap Format:
Example map entry:
logger 100102 na.logger # SunNet Manager
LDAP entry would be:
dn: cn=logger,ou=Rpc,ou=unix,dc=willeke,dc=com cn: logger cn: na.logger oncrpcnumber: 100102 description: SunNet Manager objectclass: top objectclass: oncRpc
protocols#
Typical location in LDAP: ou=networksMap Format:
Example map entry:
ipv6 41 IPv6 # IPv6 in IP encapsulation
LDAP entry would be:
dn: cn=ipv6,ou=Protocols,ou=unix,dc=willeke,dc=com cn: IPv6 ipprotocolnumber: 41 description: IPv6 in IP encapsulation description: transmission control protocol objectclass: top objectclass: ipProtocol
ethers and bootparams #
Typical location in LDAP: ou=ethersExample map entry (ethers):
8:1:21:71:31:c1 myhost
Example map entry (bootparams):
myhost root=boothost:/export/a/b/c/d/e
LDAP entry would be:
dn: cn=myhost,ou=Ethers,ou=unix,dc=willeke,dc=com macaddress: 8:1:21:71:31:c1 bootparameter: root=boothost:/export/a/b/c/d/e objectclass: top objectclass: device objectclass: ieee802Device (AUX) objectclass: bootableDevice (AUX) cn: myhost
publickey#
dn: cn=myhost+ipHostNumber=200.20.20.99,ou=Hosts,ou=unix,dc=willeke,dc=com cn: myhost iphostnumber: 200.20.20.99 description: Joe Smith nispublickey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9 nissecretkey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99 objectclass: top objectclass: NisKeyObject objectclass: device objectclass: ipHost
aliases#
For an entry form a NIS make file similar to:amass: bestj@mailbox,titschr@mailbox,gayhead@mailbox,vansicr@mailbox
You would create an LDAP entry like:
dn: cn=amass,ou=Aliases,ou=unix,dc=willeke,dc=com mgrpRFC822mailmember: bestj@mailbox mgrpRFC822mailmember: titschr@mailbox mgrpRFC822mailmember: gayhead@mailbox mgrpRFC822mailmember: vansicr@mailbox mail: amass objectClass: mailGroup objectClass: groupOfNames objectClass: Top cn: amass
Original mailGroup schema from NetScape Note that only cn, mgrpRFC822mailmember and mail are used form the original objectClass.
project#
For an entry form a NIS make file similar to:dcdi01p01:1001:king:oracle::project.cpu-shares=(privileged,30,none)You would create an Entry like:
dn: SolarisProjectName=dcdi01p01,ou=Projects,ou=unix,dc=willeke,dc=com SolarisProjectName: dcdi01p01 SolarisProjectID: 1001 SolarisProjectAttr: project.cpu-shares=(privileged,30,none) memberUid: oracle objectClass: SolarisProject objectClass: Top description: king
Automount#
The following shows an example of a direct AutoFS map, auto_direct, stored in the LDAP directory server using new (rfc-2307bis) automount schema:dn:automountMapName=auto_direct,dc=nishpind objectClass: top objectClass: automountMap automountMapName: auto_direct dn:automountKey=/mnt_direct/test1,automountMapname=auto_direct, dc=nishpind objectClass: top objectClass: automount automountInformation:hostA:/tmp automountKey: /mnt_direct/test1 dn:automountKey=/mnt_direct/test2,automountMapname=auto_direct, dc=nishpind objectClass: top objectClass: automount automountInformation:hostB:/tmp automountKey:/mnt_direct/test2
Automounts become a DIT structure similar to:
dc=com |--dc=willeke |---ou=Unix |----automountMapName=auto_direct |-----automountKey=/mnt_direct/test1 |-----automountKey=/mnt_direct/test2
Printers#
Includes RFC-3712 and SUN-Printer Schema.This one seems to not work the way we expected. Given a map similar.
dn: printer-uri=myprinter objectclass=top objectclass=printerService objectclass=printerAbstract objectclass=sunPrinter printer-name=myprinter sun-printer-bsdaddr=printsvr.example.com,myprinter,Solaris sun-printer-kvp=description=HP LaserJet (PS) printer-uri=myprinter
For printer aliases , you need to add "objectClass=printerLPR" and create an entry like:
dn: printer-uri=myprinterAlias objectclass=top objectclass=printerService objectclass=printerAbstract objectclass=sunPrinter objectClass=printerLPR printer-name=myprinterAlias printer-aliases=myprinterAlias sun-printer-kvp=use=myprinter printer-uri=myprinterAlias
profile#
dn: cn=default,ou=profile,ou=unix,dc=willeke,dc=com serviceSearchDescriptor: passwd:ou=people,dc=willeke,dc=com?sub serviceSearchDescriptor: group:ou=Groups,dc=willeke,dc=com?one serviceSearchDescriptor: netgroup:ou=Netgroups,ou=unix,dc=willeke,dc=com?one serviceSearchDescriptor: sudoers:ou=Sudoers,ou=unix,dc=willeke,dc=com?one defaultSearchScope: one objectclassMap: passwd:posixAccount=posixAccount objectclassMap: group:posixGroup=posixGroup objectclassMap: sudoers:sudoRole=sudoRole objectclassMap: netgroup:nisNetgroup=nisNetgroup credentialLevel: proxy profileTTL: 3000 authenticationMethod: tls:simple followReferrals: FALSE bindTimeLimit: 10 preferredServerList: XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY defaultSearchBase: ou=unix,dc=willeke,dc=com defaultServerList: XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY searchTimeLimit: 30 objectClass: Top objectClass: DUAConfigProfile cn: default
ypservers#
Used only by the N2L Product and NIS Servers.dn: cn=nis-new,ou=ypservers,ou=Unix,dc=example,dc=com objectClass: Device objectClass: Top cn: nis-new