rpc.nisd(4) File Formats rpc.nisd(4)NAMErpc.nisd - configuration file for NIS+ service daemon
SYNOPSIS
/etc/default/rpc.nisd
DESCRIPTION
The rpc.nisd file specifies configuration information for the
rpc.nisd(1M) server. Configuration information can come from a combina‐
tion of three places. It can be derived from LDAP. It can be specified
in the rpc.nisd file. It can be specified on the rpc.nisd(1M) command
line. The values in the rpc.nisd file override values obtained from the
LDAP server. Command line values supersede values in the configuration
file.
The NIS+LDAPmapping(4) file contains mapping information connecting
NIS+ object data to LDAP entries. See the NIS+LDAPmapping(4) manual
page for an overview of the setup needed to map NIS+ data to or from
LDAP.
Attributes
The rpc.nisd(1M) server recognizes the following attributes. Any values
specified for these attributes in the rpc.nisd file, including an empty
value, override values obtained from LDAP. However, the nisplusLDAPcon‐
fig* values are read from the rpc.nisd file or the command line only.
They are not obtained from LDAP.
The following are attributes used for initial configuration.
nisplusLDAPconfigDN
The DN for configuration information. If empty, all other nis‐
plusLDAPConfig* values are ignored, in the expectation that all
attributes are specified in this file or on the command line. When
nisplusLDAPConfigDN is not specified at all, the DN is derived from
the NIS+ domain name by default. If the domain name is x.y.z., the
default nisplusLDAPconfigDN is:
nisplusLDAPconfigDN=dc=x,dc=y,dc=z
nisplusLDAPconfigPreferredServerList
The list of servers to use for the configuration phase. There is no
default. The following is an example of a value for nisplusLDAPcon‐
figPreferredServerList:
nisplusLDAPconfigPreferredServerList=127.0.0.1:389
nisplusLDAPconfigAuthenticationMethod
The authentication method used to obtain the configuration informa‐
tion. The recognized values for nisplusLDAPconfigAuthentication‐
Method are:
none No authentication attempted.
simple Password of proxy user sent in the clear to the
LDAP server.
sasl/cram-md5 Use SASL/CRAM-MD5 authentication. This authenti‐
cation method may not be supported by all LDAP
servers. A password must be supplied.
sasl/digest-md5 Use SASL/DIGEST-MD5 authentication. This authen‐
tication method may not be supported by all LDAP
servers. A password must be supplied.
There is no default value. The following is an example of a value
for nisplusLDAPconfigAuthenticationMethod:
nisplusLDAPconfigAuthenticationMethod=simple
nisplusLDAPconfigTLS
The transport layer security used for the connection to the server.
The recognized values are:
none No encryption of transport layer data. This is the default
value.
ssl SSL encryption of transport layer data. A certificate is
required.
Export and import control restrictions may limit the availability
of transport layer security.
nisplusLDAPconfigTLSCertificateDBPath
The name of the file containing the certificate database. The
default path is /var/nis, and the default file name is cert7.db.
nisplusLDAPconfigProxyUser
The proxy user used to obtain configuration information. There is
no default value. If the value ends with a comma, the value of the
nisplusLDAPconfigDN attribute is appended. For example:
nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People,
nisplusLDAPconfigProxyPassword
The password that should be supplied to LDAP for the proxy user
when the authentication method requires one. In order to avoid hav‐
ing this password publically visible on the machine, the password
should only appear in the configuration file, and the file should
have an appropriate owner, group, and file mode. There is no
default value.
The following are attributes used for data retrieval. The object class
name used for these attributes is nisplusLDAPconfig.
preferredServerList
The list of servers to use when reading or writing mapped NIS+ data
from or to LDAP. There is no default value. For example:
preferredServerList=127.0.0.1:389
authenticationMethod
The authentication method to use when reading or writing mapped
NIS+ data from or to LDAP. For recognized values, see the LDAPcon‐
figAuthenticationMethod attribute. There is no default value. For
example,
authenticationMethod=simple
nisplusLDAPTLS
The transport layer security to use when reading or writing NIS+
data from or to LDAP. For recognized values, see the nisplusLDAP‐
configTLS attribute. The default value is none. Note that export
and import control restrictions may limit the availability of
transport layer security.
nisplusLDAPTLSCertificateDBPath
The name of the file containing the certificate DB. For recognized
and default values, see the nisplusLDAPconfigTLSCertificateDBPath
attribute.
defaultSearchBase
The default portion of the DN to use when reading or writing mapped
NIS+ data from or to LDAP. The default is derived from the value of
the baseDomain attribute, which in turn usually defaults to the
NIS+ domain name. If nisplusLDAPbaseDomain has the value x.y.z, the
default defaultSearchBase is dc=x,dc=y,dc=z. See the following
sample attribute value:
defaultSearchBase=dc=somewhere,dc=else
nisplusLDAPbaseDomain
The domain to append when NIS+ object names are not fully quali‐
fied. The default is the domain the rpc.nisd daemon is serving, or
the first such domain, if there is more than one candidate.
nisplusLDAPproxyUser
Proxy user used by the rpc.nisd to read or write from or to LDAP.
Assumed to have the appropriate permission to read and modify LDAP
data. There is no default value. If the value ends in a comma, the
value of the defaultSearchBase attribute is appended. For example:
nisplusLDAPproxyUser=cn=nisplusAdmin,ou=People,
nisplusLDAPproxyPassword
The password that should be supplied to LDAP for the proxy user
when the authentication method so requires. In order to avoid hav‐
ing this password publically visible on the machine, the password
should only appear in the configuration file, and the file should
have an appropriate owner, group, and file mode. There is no
default value.
nisplusLDAPbindTimeout
nisplusLDAPsearchTimeout
nisplusLDAPmodifyTimeout
nisplusLDAPaddTimeout
nisplusLDAPdeleteTimeout
Establish timeouts for LDAP bind, search, modify, add, and delete
operations, respectively. The default value is 15 seconds for each
one. Decimal values are allowed.
nisplusLDAPsearchTimeLimit
Establish a value for the LDAP_OPT_TIMELIMIT option, which sug‐
gests a time limit for the search operation on the LDAP server. The
server may impose its own constraints on possible values. See your
LDAP server documentation. The default is the nis‐
plusLDAPsearchTimeout value. Only integer values are allowed.
Since the nisplusLDAPsearchTimeout limits the amount of time the
client rpc.nisd will wait for completion of a search operation,
setting the nisplusLDAPsearchTimeLimit larger than the nis‐
plusLDAPsearchTimeout is not recommended.
nisplusLDAPsearchSizeLimit
Establish a value for the LDAP_OPT_SIZELIMIT option, which suggests
a size limit, in bytes, for the search results on the LDAP server.
The server may impose its own constraints on possible values. See
your LDAP server documentation. The default is zero, which means
unlimited. Only integer values are allowed.
nisplusLDAPfollowReferral
Determines if the rpc.nisd should follow referrals or not. Recog‐
nized values are yes and no. The default value is no.
nisplusNumberOfServiceThreads
Sets the maximum number of RPC service threads that the rpc.nisd
may use. Note that the rpc.nisd may create additional threads for
certain tasks, so that the actual number of threads running may be
larger than the nisplusNumberOfServiceThreads value.
The value of this attribute is a decimal integer from zero to
(2**31)-1, inclusive. Zero, which is the default, sets the number
of service threads to three plus the number of CPUs available when
the rpc.nisd daemon starts. For example:
nisplusNumberOfServiceThreads=16
The following attributes specify the action to be taken when some event
occurs. The values are all of the form event=action. The default action
is the first one listed for each event.
nisplusLDAPinitialUpdateAction
Provides the optional capability to update all NIS+ data from LDAP,
or vice versa, when the rpc.nisd starts. Depending on various fac‐
tors such as both NIS+ and LDAP server and network performance, as
well as the amount of data to be uploaded or downloaded, these
operations can consume very significant CPU and memory resources.
During upload and download, the rpc.nisd has not yet registered
with rpcbind, and provides no NIS+ service. When data is downloaded
from LDAP, any new items added to the rpc.nisd's database get a TTL
as for an initial load. See the description for the nisplusLDAPen‐
tryTtl attribute on NIS+LDAPmapping(4).
none No initial update in either direction. This is the
default.
from_ldap Causes the rpc.nisd to fetch data for all NIS+ objects
it serves, and for which mapping entries are avail‐
able, from the LDAP repository.
to_ldap The rpc.nisd writes all NIS+ objects for which it is
the master server, and for which mapping entries are
available, to the LDAP repository.
nisplusLDAPinitialUpdateOnly
Use in conjunction with nisplusLDAPinitialUpdateAction.
no Following the initial update, the rpc.nisd starts serving
NIS+ requests. This is the default.
yes The rpc.nisd exits after the initial update. This value is
ignored if specified together with nisplusLDAPinitialUpdate‐
Action=none.
nisplusLDAPretrieveErrorAction
If an error occurs while trying to retrieve an entry from LDAP, one
of the following actions can be selected:
use_cached Action according to nisplusLDAPrefreshError below.
This is the default.
retry Retry the retrieval the number of time specified by
nisplusLDAPretrieveErrorAttempts, with the nis‐
plusLDAPretrieveErrorTimeout value controlling the
wait between each attempt.
try_again Return NIS_TRYAGAIN, NIS_UNAVAIL, or NIS_NOSUCH‐
unavail NAME, respectively, to the client. Note that the
no_such_name client code may not be prepared for this and can
react in unexpected ways.
nisplusLDAPretrieveErrorAttempts
The number of times a failed retrieval should be retried. The
default is unlimited. The nisplusLDAPretrieveErrorAttempts value is
ignored unless nisplusLDAPretrieveErrorAction=retry.
nisplusLDAPretrieveErrorTimeout
The timeout (in seconds) between each new attempt to retrieve LDAP
data. The default is 15 seconds. The value for nisplusLDAPre‐
trieveErrorTimeout is ignored unless nisplusLDAPretrieveErrorAc‐
tion=retry.
nisplusLDAPstoreErrorAction
An error occured while trying to store data to the LDAP reposi‐
tory.
retry Retry operation nisplusLDAPstoreErrorAttempts times
with nisplusLDAPstoreErrorTimeout seconds between
each attempt. Note that this may tie up a thread in
the rpc.nisd daemon.
system_error Return NIS_SYSTEMERROR to the client.
unavail Return NIS_UNAVAIL to the client. Note that the
client code may not be prepared for this and can
react in unexpected ways.
nisplusLDAPstoreErrorAttempts
The number of times a failed attempt to store should be retried.
The default is unlimited. The value for nisplusLDAPstoreErrorAt‐
tempts is ignored unless nisplusLDAPstoreErrorAction=retry.
nisplusLDAPstoreErrortimeout
The timeout, in seconds, between each new attempt to store LDAP
data. The default is 15 seconds. The nisplusLDAPstoreErrortimeout
value is ignored unless nisplusLDAPstoreErrorAction=retry.
nisplusLDAPrefreshErrorAction
An error occured while trying to refresh a cache entry.
continue_using Continue using expired cache entry, if one is
available. Otherwise, the action is retry. This
is the default.
retry Retry operation nisplusLDAPrefreshErrorAttempts
times with nisplusLDAPrefreshErrorTimeout seconds
between each attempt. Note that this may tie up a
thread in the rpc.nisd daemon.
cache_expired Return NIS_CACHEEXPIRED or NIS_TRYAGAIN, respec‐
tryagain tively, to the client. Note that the client code
may not be prepared for this and could can react
in unexpected ways.
nisplusLDAPrefreshErrorAttempts
The number of times a failed refresh should be retried. The default
is unlimited. This applies to the retry and continue_using actions,
but for the latter, only when there is no cached entry.
nisplusLDAPrefreshErrorTimeout
The timeout (in seconds) between each new attempt to refresh data.
The default is 15 seconds. The value for nisplusLDAPrefreshError‐
Timeout applies to the retry and continue_using actions.
nisplusThreadCreationErrorAction
The action to take when an error occured while trying to create a
new thread. This only applies to threads controlled by the rpc.nisd
daemon not to RPC service threads. An example of threads controlled
by the rpc.nisd daemon are those created to serve nis_list(3NSL)
with callback, as used by niscat(1) to enumerate tables.
pass_error Pass on the thread creation error to the client, to
the extent allowed by the available NIS+ error
codes. The error might be NIS_NOMEMORY, or another
resource shortage error. This action is the default.
retry Retry operation nisplusThreadCreationErrorAttempts
times, waiting nisplusThreadCreationErrorTimeout sec‐
onds between each attempt. Note that this may tie up
a thread in the rpc.nisd daemon.
nisplusThreadCreationErrorAttempts
The number of times a failed thread creation should be retried. The
default is unlimited. The value for nisplusThreadCreationErrorAt‐
tempts is ignored unless the nisplusThreadCreationErrorAc‐
tion=retry.
nisplusThreadCreationErrorTimeout
The number of seconds to wait between each new attempt to create a
thread. The default is 15 seconds. Ignored unless nisplusThreadCre‐
ationErrorAction=retry.
nisplusDumpError
An error occured during a full dump of a NIS+ directory from the
master to a replica. The replica can:
retry Retry operation nisplusDumpErrorAttempts times waiting
nisplusDumpErrorTimeout seconds between each attempt.
Note that this may tie up a thread in the rpc.nisd.
rollback Try to roll back the changes made so far before retry‐
ing per the retry action. If the rollback fails or can‐
not be performed due to the selected ResyncServiceAc‐
tion level, the retry action is selected.
nisplusDumpErrorAttempts
The number of times a failed full dump should be retried. The
default is unlimited. When the number of retry attempts has been
used up, the full dump is abandoned, and will not be retried again
until a resync fails because no update time is available.
nisplusDumpErrorTimeout
The number of seconds to wait between each attempt to execute a
full dump. The default is 120 seconds.
nisplusResyncService
Type of NIS+ service to be provided by a replica during resync,
that is, data transfer from NIS+ master to NIS+ replica. This
includes both partial and full resyncs.
from_copy Service is provided from a copy of the direc‐
tory to be resynced while the resync is in
progress. Rollback is possible if an error
occurs. Note that making a copy of the direc‐
tory may require a significant amount of time,
depending on the size of the tables in the
directory and available memory on the system.
directory_locked While the resync for a directory is in
progress, it is locked against access. Opera‐
tions to the directory are blocked until the
resync is done. Rollback is not possible.
from_live The replica database is updated in place.
Rollback is not possible. If there are depen‐
dencies between individual updates in the
resync, clients may be exposed to data incon‐
sistencies during the resync. In particular,
directories or tables may disappear for a time
during a full dump.
nisplusUpdateBatching
How updates should be batched together on the master.
accumulate Accumulate updates for at least nisplusUp‐
dateBatchingTimeout seconds. Any update that
comes in before the timeout has occured will
reset the timeout counter. Thus, a steady
stream of updates less than nisplusUpdate‐
BatchingTimeout seconds apart could delay
pinging replicas indefinitely.
bounded_accumulate Accumulate updates for at least nisplusUp‐
dateBatchingTimeout seconds. The default
value for timeout is 120 seconds. Incoming
updates do not reset the timeout counter, so
replicas will be informed once the initial
timeout has expired.
none Updates are not batched. Instead, replicas
are informed immediately of any update. While
this should maximize data consistency
between master and replicas, it can also
cause considerable overhead on both master
and replicas.
nisplusUpdateBatchingTimeout
The minimum time (in seconds) during which to accumulate updates.
Replicas will not be pinged during this time. The default is 120
seconds.
nisplusLDAPmatchFetchAction
A NIS+ match operation, that is, any search other than a table enu‐
meration, will encounter one of the following situations:
1. Table believed to be entirely in cache, and all cached
entries are known to be valid. The cached tabled data
is authoritative for the match operation.
2. Table wholly or partially cached, but there may be indi‐
vidual entries that have timed out.
3. No cached entries for the table. Always attempt to
retrieve matching data from LDAP.
When the table is wholly or partially cached, the action for the
nisplusLDAPmatchFetchAction attribute controls whether or not the
LDAP repository is searched:
no_match_only Only go to LDAP when there is no match at all on
the search of the available NIS+ data, or the
match includes at least one entry that has timed
out.
always Always make an LDAP lookup.
never Never make an LDAP lookup.
nisplusMaxRPCRecordSize
Sets the maximum RPC record size that NIS+ can use over connection
oriented transports. The minimum record size is 9000, which is the
default. The default value will be used in place of any value less
than 9000. The value of this attribute is a decimal integer from
9000 to 2^31, inclusive.
Storing Configuration Attributes in LDAP
Most attributes described on this man page, as well as those from
NIS+LDAPmapping(4), can be stored in LDAP. In order to do so, you will
need to add the following definitions to your LDAP server, which are
described here in LDIF format suitable for use by ldapadd(1). The
attribute and object class OIDs are examples only.
dn: cn=schema
changetype: modify
add: attributetypes
OIDattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 \
NAME 'defaultSearchBase' \
DESC 'Default LDAP base DN used by a DUA' \
EQUALITY distinguishedNameMatch \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 \
NAME 'preferredServerList' \
DESC 'Preferred LDAP server host addresses used by DUA' \
EQUALITY caseIgnoreMatch \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 \
NAME 'authenticationMethod' \
DESC 'Authentication method used to contact the DSA' \
EQUALITY caseIgnoreMatch \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.0 \
NAME 'nisplusLDAPTLS' \
DESC 'Transport Layer Security' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.1 \
NAME 'nisplusLDAPTLSCertificateDBPath' \
DESC 'Certificate file' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.2 \
NAME 'nisplusLDAPproxyUser' \
DESC 'Proxy user for data store/retrieval' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.3 \
NAME 'nisplusLDAPproxyPassword' \
DESC 'Password/key/shared secret for proxy user' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.4 \
NAME 'nisplusLDAPinitialUpdateAction' \
DESC 'Type of initial update' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.5 \
NAME 'nisplusLDAPinitialUpdateOnly' \
DESC 'Exit after update ?' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.6 \
NAME 'nisplusLDAPretrieveErrorAction' \
DESC 'Action following an LDAP search error' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.7 \
NAME 'nisplusLDAPretrieveErrorAttempts' \
DESC 'Number of times to retry an LDAP search' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.8 \
NAME 'nisplusLDAPretrieveErrorTimeout' \
DESC 'Timeout between each search attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.9 \
NAME 'nisplusLDAPstoreErrorAction' \
DESC 'Action following an LDAP store error' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.10 \
NAME 'nisplusLDAPstoreErrorAttempts' \
DESC 'Number of times to retry an LDAP store' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.11 \
NAME 'nisplusLDAPstoreErrorTimeout' \
DESC 'Timeout between each store attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.12 \
NAME 'nisplusLDAPrefreshErrorAction' \
DESC 'Action when refresh of NIS+ data from LDAP fails' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.13 \
NAME 'nisplusLDAPrefreshErrorAttempts' \
DESC 'Number of times to retry an LDAP refresh' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.14 \
NAME 'nisplusLDAPrefreshErrorTimeout' \
DESC 'Timeout between each refresh attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.15 \
NAME 'nisplusNumberOfServiceThreads' \
DESC 'Max number of RPC service threads' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.16 \
NAME 'nisplusThreadCreationErrorAction' \
DESC 'Action when a non-RPC-service thread creation fails' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.17 \
NAME 'nisplusThreadCreationErrorAttempts' \
DESC 'Number of times to retry thread creation' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.18 \
NAME 'nisplusThreadCreationErrorTimeout' \
DESC 'Timeout between each thread creation attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.19 \
NAME 'nisplusDumpErrorAction' \
DESC 'Action when a NIS+ dump fails' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.20 \
NAME 'nisplusDumpErrorAttempts' \
DESC 'Number of times to retry a failed dump' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.21 \
NAME 'nisplusDumpErrorTimeout' \
DESC 'Timeout between each dump attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.22 \
NAME 'nisplusResyncService' \
DESC 'Service provided during a resync' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.23 \
NAME 'nisplusUpdateBatching' \
DESC 'Method for batching updates on master' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.24 \
NAME 'nisplusUpdateBatchingTimeout' \
DESC 'Minimum time to wait before pinging replicas' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.25 \
NAME 'nisplusLDAPmatchFetchAction' \
DESC 'Should pre-fetch be done ?' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.26 \
NAME 'nisplusLDAPbaseDomain' \
DESC 'Default domain name used in NIS+/LDAP mapping' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.27 \
NAME 'nisplusLDAPdatabaseIdMapping' \
DESC 'Defines a database id for a NIS+ object' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.28 \
NAME 'nisplusLDAPentryTtl' \
DESC 'TTL for cached objects derived from LDAP' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.29 \
NAME 'nisplusLDAPobjectDN' \
DESC 'Location in LDAP tree where NIS+ data is stored' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.30 \
NAME 'nisplusLDAPcolumnFromAttribute' \
DESC 'Rules for mapping LDAP attributes to NIS+ columns' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.31 \
NAME 'nisplusLDAPattributeFromColumn' \
DESC 'Rules for mapping NIS+ columns to LDAP attributes' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 1.3.6.1.4.1.42.2.27.5.42.42.19.0 \
NAME 'nisplusLDAPconfig' \
DESC 'NIS+/LDAP mapping configuration' \
SUP top STRUCTURAL MUST ( cn ) \
MAY ( preferredServerList $ defaultSearchBase $
authenticationMethod $ nisplusLDAPTLS $
nisplusLDAPTLSCertificateDBPath $
nisplusLDAPproxyUser $ nisplusLDAPproxyPassword $
nisplusLDAPinitialUpdateAction $
nisplusLDAPinitialUpdateOnly $
nisplusLDAPretrieveErrorAction $
nisplusLDAPretrieveErrorAttempts $
nisplusLDAPretrieveErrorTimeout $
nisplusLDAPstoreErrorAction $
nisplusLDAPstoreErrorAttempts $
nisplusLDAPstoreErrorTimeout $
nisplusLDAPrefreshErrorAction $
nisplusLDAPrefreshErrorAttempts $
nisplusLDAPrefreshErrorTimeout $
nisplusNumberOfServiceThreads $
nisplusThreadCreationErrorAction $
nisplusThreadCreationErrorAttempts $
nisplusThreadCreationErrorTimeout $
nisplusDumpErrorAction $
nisplusDumpErrorAttempts $
nisplusDumpErrorTimeout $
nisplusResyncService $ nisplusUpdateBatching $
nisplusUpdateBatchingTimeout $
nisplusLDAPmatchFetchAction $
nisplusLDAPbaseDomain $
nisplusLDAPdatabaseIdMapping $
nisplusLDAPentryTtl $
nisplusLDAPobjectDN $
nisplusLDAPcolumnFromAttribute $
nisplusLDAPattributeFromColumn ) )
Create a file containing the following LDIF data. Substitute your
actual search base for searchBase, and your fully qualified domain name
for domain:
dn: cn=domain,searchBase
cn: domain
objectClass: top
objectClass: nisplusLDAPconfig
Use this file as input to the ldapadd(1) command in order to create the
NIS+/LDAP configuration entry. Initially, the entry is empty. You can
use the ldapmodify(1) command to add configuration attributes.
EXAMPLES
Example 1 Creating a NIS+/LDAP Configuration Entry
To set the nisplusNumberOfServiceThreads attribute to 32, create the
following file and use it as input to ldapmodify(1):
dn: cn=domain,searchBase
nisplusNumberOfServiceThreads: 32
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWnisr │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Obsolete │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOnisldapmaptest(1M), rpc.nisd(1M), NIS+LDAPmapping(4), attributes(5)SunOS 5.10 18 Feb 2003 rpc.nisd(4)