YPSERV(5) | File Formats and Configurations | YPSERV(5) |
ypserv - configuration file for NIS to LDAP transition daemons
/etc/default/ypserv
The ypserv file specifies configuration information for the ypserv(8) daemon. Configuration information can come from LDAP or be specified in the ypserv file.
You can create a simple ypserv file by running inityp2l(8). The ypserv file can then be customized as required.
A related NISLDAPmapping file contains mapping information that converts NIS entries into LDAP entries. See the NISLDAPmapping(5) man page for an overview of the setup that is needed to map NIS data to or from LDAP.
The ypserv(8) server recognizes the attributes that follow. Values specified for these attributes in the ypserv file, including any empty values, override values that are obtained from LDAP. However, the nisLDAPconfig* values are read from the ypserv file only
The following are attributes that are used for initial configuration.
nisLDAPconfigDN
nisLDAPconfigPreferredServerList
nisLDAPconfigPreferredServerList=127.0.0.1:389
nisLDAPconfigAuthenticationMethod
none
simple
sasl/cram-md5
sasl/digest-md5
nisLDAPconfigAuthenticationMethod has no default value. The following is an example of a value for nisLDAPconfigAuthenticationMethod:
nisLDAPconfigAuthenticationMethod=simple
nisLDAPconfigTLS
none
ssl
Export and import control restrictions might limit the availability of transport layer security.
nisLDAPconfigTLSCertificateDBPath
nisLDAPconfigProxyUser
nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,
nisLDAPconfigProxyPassword
The following are attributes used for data retrieval. The object class name used for these attributes is nisLDAPconfig.
preferredServerList
preferredServerList=127.0.0.1:389
authenticationMethod
authenticationMethod=simple
nisLDAPTLS
nisLDAPTLSCertificateDBPath
nisLDAPproxyUser
nisLDAPproxyUser=cn=nisAdmin,ou=People,
nisLDAPproxyPassword
nisLDAPsearchTimeout
nisLDAPbindTimeout
nisLDAPmodifyTimeout
nisLDAPaddTimeout
nisLDAPdeleteTimeout
nisLDAPsearchTimeLimit
Since the nisLDAPsearchTimeout limits the amount of time the client ypserv will wait for completion of a search operation, do not set the value of nisLDAPsearchTimeLimit larger than the value of nisLDAPsearchTimeout.
nisLDAPsearchSizeLimit
nisLDAPfollowReferral
The following attributes specify the action to be taken when some event occurs. The values are all of the form event=action. The default action is the first one listed for each event.
nisLDAPretrieveErrorAction
use_cached
If all attempts fail, then a warning is logged and the value currently in the cache is returned to the client.
fail
nisLDAPretrieveErrorAttempts
nisLDAPretrieveErrorTimeout
nisLDAPstoreErrorAction
retry
fail
nisLDAPstoreErrorAttempts
nisLDAPstoreErrortimeout
Most attributes described on this man page, as well as those described on NISLDAPmapping(5), can be stored in LDAP. In order to do so, you will need to add the following definitions to your LDAP server, which are described here in LDIF format suitable for use by ldapadd(1). The attribute and objectclass OIDs are examples only.
dn: cn=schema changetype: modify add: attributetypes attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' \
DESC 'Preferred LDAP server host addresses used by DUA' \
EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' \
DESC 'Authentication method used to contact the DSA' \
EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.0 \
NAME 'nisLDAPTLS' \
DESC 'Transport Layer Security' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.1 \
NAME 'nisLDAPTLSCertificateDBPath' \
DESC 'Certificate file' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.2 \
NAME 'nisLDAPproxyUser' \
DESC 'Proxy user for data store/retrieval' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.3 \
NAME 'nisLDAPproxyPassword' \
DESC 'Password/key/shared secret for proxy user' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.6 \
NAME 'nisLDAPretrieveErrorAction' \
DESC 'Action following an LDAP search error' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.7 \
NAME 'nisLDAPretrieveErrorAttempts' \
DESC 'Number of times to retry an LDAP search' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.8 \
NAME 'nisLDAPretrieveErrorTimeout' \
DESC 'Timeout between each search attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.9 \
NAME 'nisLDAPstoreErrorAction' \
DESC 'Action following an LDAP store error' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.10 \
NAME 'nisLDAPstoreErrorAttempts' \
DESC 'Number of times to retry an LDAP store' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.11 \
NAME 'nisLDAPstoreErrorTimeout' \
DESC 'Timeout between each store attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.12 \
NAME 'nisLDAPdomainContext' \
DESC 'Context for a single domain' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.13 \
NAME 'nisLDAPyppasswddDomains' \
DESC 'List of domains for which password changes are made' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.14 \
NAME 'nisLDAPdatabaseIdMapping' \
DESC 'Defines a database id for a NIS object' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.15 \
NAME 'nisLDAPentryTtl' \
DESC 'TTL for cached objects derived from LDAP' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.16 \
NAME 'nisLDAPobjectDN' \
DESC 'Location in LDAP tree where NIS data is stored' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.17 ) \
NAME 'nisLDAPnameFields' \
DESC 'Rules for breaking NIS entries into fields' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.18 ) \
NAME 'nisLDAPsplitFields' \
DESC 'Rules for breaking fields into sub fields' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.19 \
NAME 'nisLDAPattributeFromField' \
DESC 'Rules for mapping fields to LDAP attributes' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.20 \
NAME 'nisLDAPfieldFromAttribute' \
DESC 'Rules for mapping fields to LDAP attributes' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.21 \
NAME 'nisLDAPrepeatedFieldSeparators' \
DESC 'Rules for mapping fields to LDAP attributes' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.22 \
NAME 'nisLDAPcommentChar' \
DESC 'Rules for mapping fields to LDAP attributes' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.23 \
NAME 'nisLDAPmapFlags' \
DESC 'Rules for mapping fields to LDAP attributes' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.0 NAME 'nisLDAPconfig' \
DESC 'NIS/LDAP mapping configuration' \
SUP top STRUCTURAL \
MAY ( cn $ preferredServerList $
authenticationMethod $ nisLDAPTLS $
nisLDAPTLSCertificateDBPath $
nisLDAPproxyUser $ nisLDAPproxyPassword $
nisLDAPretrieveErrorAction $
nisLDAPretrieveErrorAttempts $
nisLDAPretrieveErrorTimeout $
nisLDAPstoreErrorAction $
nisLDAPstoreErrorAttempts $
nisLDAPstoreErrorTimeout $
nisLDAPdomainContext $
nisLDAPyppasswddDomains $
nisLDAPdatabaseIdMapping $
nisLDAPentryTtl $
nisLDAPobjectDN $
nisLDAPnameFields $
nisLDAPsplitFields $
nisLDAPattributeFromField $
nisLDAPfieldFromAttribute $
nisLDAPrepeatedFieldSeparators $
nisLDAPcommentChar $
nisLDAPmapFlags ) )
Create a file containing the following LDIF data. Substitute your actual nisLDAPconfigDN for configDN:
dn: configDN objectClass: top objectClass: nisLDAPconfig
Use this file as input to the ldapadd(1) command in order to create the NIS to LDAP configuration entry. Initially, the entry is empty. You can use the ldapmodify(1) command to add configuration attributes.
Example 1 Creating a NIS to LDAP Configuration Entry
To set the server list to port 389 on 127.0.0.1, create the following file and use it as input to ldapmodify(1):
dn: configDN preferredServerList: 127.0.0.1:389
See attributes(7) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Obsolete |
ldapadd(1), ldapmodify(1), NISLDAPmapping(5), attributes(7), inityp2l(8), yppasswdd(8), ypserv(8), ypxfrd(8)
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
December 2, 2023 | OmniOS |