Overview #

We know LDAP, but NIS and all the different ways that NIS MAPs are implemented were confusing. The data presented is based on a "real" implementation as we saw things to make LDAP return the same values as were presented form the NIS servers to clients.

Use with caution as your mileage may vary (Well, your NIS may vary.)

passwd and shadow #

Typical location in LDAP: ou=people or ou=users

Map Format:

loginname:password:uidNumber|defaultgidNumber:gecos:homeDirectory:loginShell

Example map entry:

jwilleke:x:52658:280:Jim Willeke, 213-449-7111:/home/jwilleke:/usr/bin/ksh

LDAP entry would be:

 
dn: uid=user1,ou=People,dc=willeke,dc=com 
uid: user1 
cn: user1 
uidnumber: 199995 
gidnumber: 20 
gecos: Joe Smith [New York] 
homedirectory: /home/user1 
loginshell: /bin/csh 
objectclass: top 
objectclass: shadowAccount 
objectclass: account 
objectclass: posixAccount 
objectclass: nisKeyObject 
objectclass: inetOrgPerson 

passwd and publickey #

Typical location in LDAP: ou=people or ou=users

Map Format:

name publickey:encryptedPrivateKey

Example map entry:

nobody 9cc01614d929848849add28d090acdaa1c78270aeec969c9:9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99

LDAP entry would be:

 
dn: uid=nobody,ou=People,dc=willeke,dc=com 
uid: nobody 
cn: nobody 
uidnumber: 199995 
gidnumber: 20 
gecos: nobody 
homedirectory: /home/nobody 
loginshell: /bin/csh 
nisPublicKey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9 
nisSecretKey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99 
objectclass: top 
objectclass: shadowAccount 
objectclass: account 
objectclass: posixAccount 
objectclass: nisKeyObject 
objectclass: inetOrgPerson 

group #

Typical location in LDAP: ou=group

Map Format:

groupname:*:memberUid,memberUid,memberUid

Example map entry:

mygroup:*:441:user1,user2,user3

LDAP entry would be:

 
dn: cn=mygroup,ou=Group,ou=unix,dc=willeke,dc=com 
cn: mygroup 
gidnumber: 4441 
memberuid: user1 
memberuid: user2 
memberuid: user3 
objectclass: top 
objectclass: posixGroup 

services #

 
dn: cn=name+ipServiceProtocol=udp,ou=Services,ou=unix,dc=willeke,dc=com 
cn: name 
cn: nameserver 
ipserviceprotocol: udp 
ipserviceport: 42 
objectclass: top 
objectclass: ipService 

netgroup #

Typical location in LDAP: ou=netgroup

Map Format:

Example map entry:

LDAP entry would be:

 
cn=mynetgroup,ou=netgroup,dc=central,dc=sun,dc=com 
objectclass=nisNetgroup 
objectclass=top 
cn=mynetgroup 
nisnetgrouptriple=(user1..mydc.mycom.com,-,) 
nisnetgrouptriple=(user1.,-,) 
membernisnetgroup=mylab 

hosts and publickey #

Typical location in LDAP: ou=hosts

Map Format:

IP-address official-host-name nickname1 nickname2 nicknames...

Example map entry:

200.20.20.99	myhost	jimshost	# host 1 - floor 1 - Lab a - building b

LDAP entry would be:

 
dn: cn=myhost+ipHostNumber=200.20.20.99,ou=Hosts,ou=unix,dc=willeke,dc=com 
cn: myhost 
cn: jimshost 
iphostnumber: 200.20.20.99 
description: host 1 - floor 1 - Lab a - building b 
nispublickey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9 
nissecretkey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99 
objectclass: top 
objectclass: NisKeyObject (AUX) 
objectclass: device 
objectclass: ipHost (AUX) 

networks and netmasks #

Typical location in LDAP: ou=networks

Map Format:

Example map entry:

anoc-1	 129.230	 anoc-1

LDAP entry would be:

 
dn: ipNetworkNumber=129.230,ou=Networks,ou=unix,dc=willeke,dc=com 
cn: anoc-1 
ipnetworknumber: 129.144 
objectclass: top 
objectclass: ipNetwork 
description: your Lab Network 
ipnetmasknumber: 255.255.255.0 

Example map entry:

200.20.20.0	 255.255.255.0

LDAP entry would be:

 
dn: ipNetworkNumber=200.20.20.0,ou=Networks,ou=unix,dc=willeke,dc=com 
cn: 200-20-20 
ipnetworknumber: 200.20.20.0 
objectclass: top 
objectclass: ipNetwork 
description: my Lab Network 
ipnetmasknumber: 255.255.255.0 

Example 2:

Example map entry:

129.144	 255.255.255.0

LDAP entry would be:

 
dn: ipNetworkNumber=129.144,ou=Networks,ou=unix,dc=willeke,dc=com 
cn: 129.144 
ipnetworknumber: 129.144 
objectclass: top 
objectclass: ipNetwork 
description: your Lab Network 
ipnetmasknumber: 255.255.255.0 

Example 3:

Example map entry:

arpanet	 10	 arpa	# Historical

LDAP entry would be: dn: ipNetworkNumber=10,ou=Networks,ou=unix,dc=willeke,dc=com cn: arpanet cn: arpa ipnetworknumber: 10 objectclass: top objectclass: ipNetwork description: Historical ipnetmasknumber: 255.0.0.0 }}}

rpc #

Typical location in LDAP: ou=rpc

Map Format:

Example map entry:

logger	 100102	na.logger	# SunNet Manager

LDAP entry would be:

 
dn: cn=logger,ou=Rpc,ou=unix,dc=willeke,dc=com 
cn: logger 
cn: na.logger 
oncrpcnumber: 100102 
description: SunNet Manager 
objectclass: top 
objectclass: oncRpc 

protocols #

Typical location in LDAP: ou=networks

Map Format:

Example map entry:

 
ipv6	 41	IPv6	 # IPv6 in IP encapsulation 

LDAP entry would be:

 
dn: cn=ipv6,ou=Protocols,ou=unix,dc=willeke,dc=com 
cn: IPv6 
ipprotocolnumber: 41 
description: IPv6 in IP encapsulation 
description: transmission control protocol 
objectclass: top 
objectclass: ipProtocol 

ethers and bootparams #

Typical location in LDAP: ou=ethers

Example map entry (ethers):

8:1:21:71:31:c1 myhost

Example map entry (bootparams):

myhost root=boothost:/export/a/b/c/d/e

LDAP entry would be:

 
dn: cn=myhost,ou=Ethers,ou=unix,dc=willeke,dc=com 
macaddress: 8:1:21:71:31:c1 
bootparameter: root=boothost:/export/a/b/c/d/e 
objectclass: top 
objectclass: device 
objectclass: ieee802Device (AUX) 
objectclass: bootableDevice (AUX) 
cn: myhost 

publickey #

 
dn: cn=myhost+ipHostNumber=200.20.20.99,ou=Hosts,ou=unix,dc=willeke,dc=com 
cn: myhost 
iphostnumber: 200.20.20.99 
description: Joe Smith 
nispublickey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9 
nissecretkey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99 
objectclass: top 
objectclass: NisKeyObject 
objectclass: device 
objectclass: ipHost 

aliases #

For an entry form a NIS make file similar to:
amass:	bestj@mailbox,titschr@mailbox,gayhead@mailbox,vansicr@mailbox

You would create an LDAP entry like:

 
dn: cn=amass,ou=Aliases,ou=unix,dc=willeke,dc=com 
mgrpRFC822mailmember: bestj@mailbox 
mgrpRFC822mailmember: titschr@mailbox 
mgrpRFC822mailmember: gayhead@mailbox 
mgrpRFC822mailmember: vansicr@mailbox 
mail: amass 
objectClass: mailGroup 
objectClass: groupOfNames 
objectClass: Top 
cn: amass 

Aliases File Format

Original mailGroup schema from NetScape Note that only cn, mgrpRFC822mailmember and mail are used form the original objectClass.

solarisProject #

For an entry form a NIS make file similar to:
dcdi01p01:1001:king:oracle::project.cpu-shares=(privileged,30,none)
You would create an Entry like:
 
dn: SolarisProjectName=dcdi01p01,ou=Projects,ou=unix,dc=willeke,dc=com 
SolarisProjectName: dcdi01p01 
SolarisProjectID: 1001 
SolarisProjectAttr: project.cpu-shares=(privileged,30,none) 
memberUid: oracle 
objectClass: SolarisProject 
objectClass: Top 
description: king 

Automount #

The following shows an example of a direct AutoFS map, auto_direct, stored in the LDAP directory server using new (rfc-2307bis) automount schema:
 
dn:automountMapName=auto_direct,dc=nishpind 
objectClass: top 
objectClass: automountMap 
automountMapName: auto_direct 


dn:automountKey=/mnt_direct/test1,automountMapname=auto_direct, dc=nishpind 
objectClass: top 
objectClass: automount 
automountInformation:hostA:/tmp 
automountKey: /mnt_direct/test1 

dn:automountKey=/mnt_direct/test2,automountMapname=auto_direct, dc=nishpind 
objectClass: top 
objectClass: automount 
automountInformation:hostB:/tmp 
automountKey:/mnt_direct/test2 

Automounts become a DIT structure similar to:

 
dc=com 
|--dc=willeke 
|---ou=Unix 
|----automountMapName=auto_direct 
|-----automountKey=/mnt_direct/test1 
|-----automountKey=/mnt_direct/test2 

Printers #

Includes RFC-3712 and SUN-Printer Schema.

This one seems to not work the way we expected. Given a map similar.

 
dn: printer-uri=myprinter 
objectclass=top 
objectclass=printerService 
objectclass=printerAbstract 
objectclass=sunPrinter 
printer-name=myprinter 
sun-printer-bsdaddr=printsvr.example.com,myprinter,Solaris 
sun-printer-kvp=description=HP LaserJet (PS) 
printer-uri=myprinter 

For printer aliases , you need to add "objectClass=printerLPR" and create an entry like:

 
dn: printer-uri=myprinterAlias 
objectclass=top 
objectclass=printerService 
objectclass=printerAbstract 
objectclass=sunPrinter 
objectClass=printerLPR 
printer-name=myprinterAlias 
printer-aliases=myprinterAlias 
sun-printer-kvp=use=myprinter 
printer-uri=myprinterAlias 

profile #

 
dn: cn=default,ou=profile,ou=unix,dc=willeke,dc=com 
serviceSearchDescriptor: passwd:ou=people,dc=willeke,dc=com?sub 
serviceSearchDescriptor: group:ou=Groups,dc=willeke,dc=com?one 
serviceSearchDescriptor: netgroup:ou=Netgroups,ou=unix,dc=willeke,dc=com?one 
serviceSearchDescriptor: sudoers:ou=Sudoers,ou=unix,dc=willeke,dc=com?one 
defaultSearchScope: one 
objectclassMap: passwd:posixAccount=posixAccount 
objectclassMap: group:posixGroup=posixGroup 
objectclassMap: sudoers:sudoRole=sudoRole 
objectclassMap: netgroup:nisNetgroup=nisNetgroup 
credentialLevel: proxy 
profileTTL: 3000 
authenticationMethod: tls:simple 
followReferrals: FALSE 
bindTimeLimit: 10 
preferredServerList: XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY 
defaultSearchBase: ou=unix,dc=willeke,dc=com 
defaultServerList: XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY 
searchTimeLimit: 30 
objectClass: Top 
objectClass: DUAConfigProfile 
cn: default 

ypservers #

Used only by the N2L Product and NIS Servers.
 
dn: cn=nis-new,ou=ypservers,ou=Unix,dc=example,dc=com 
objectClass: Device 
objectClass: Top 
cn: nis-new 

More Information #

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-54) was last changed on 07-Apr-2016 14:00 by jim