👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

OpenSolaris 2009.06 - man page for ypserv (opensolaris section 4)

ypserv(4)				   File Formats 				ypserv(4)

NAME
       ypserv - configuration file for NIS to LDAP transition daemons

SYNOPSIS
       /etc/default/ypserv

DESCRIPTION
       The  ypserv file specifies configuration information for the ypserv(1M) daemon. Configura-
       tion information can come from LDAP or be specified in the ypserv file.

       You can create a simple ypserv file by running inityp2l(1M). The ypserv file can  then  be
       customized as required.

       A  related NISLDAPmapping file contains mapping information that converts NIS entries into
       LDAP entries. See the NISLDAPmapping(4) man page for an overview  of  the  setup  that  is
       needed to map NIS data to or from LDAP.

EXTENDED DESCRIPTION
       The  ypserv(1M)	server	recognizes the attributes that follow. Values specified for these
       attributes in the ypserv file, including  any  empty  values,  override	values	that  are
       obtained from LDAP. However, the nisLDAPconfig* values are read from the ypserv file only

   Attributes
       The following are attributes that are used for initial configuration.

       nisLDAPconfigDN

	   The	DN for configuration information. If nisLDAPconfigDN is empty, all other nisLDAP-
	   Config* values are ignored.

       nisLDAPconfigPreferredServerList

	   The list of servers to use for the configuration phase. There is no default value. The
	   following is an example of a value for nisLDAPconfigPreferredServerList:

	     nisLDAPconfigPreferredServerList=127.0.0.1:389

       nisLDAPconfigAuthenticationMethod

	   The authentication method used to obtain the configuration information. The recognized
	   values for nisLDAPconfigAuthenticationMethod are:

	   none 	      No authentication attempted

	   simple	      Password of proxy user sent in the clear to the LDAP server

	   sasl/cram-md5      Use SASL/CRAM-MD5 authentication. This  authentication  method  may
			      not be supported by all LDAP servers. A password must be supplied.

	   sasl/digest-md5    Use SASL/DIGEST-MD5 authentication. The SASL/CRAM-MD5authentication
			      method may not be supported by all LDAP servers. A password must be
			      supplied.

	   nisLDAPconfigAuthenticationMethod has no default value. The following is an example of
	   a value for nisLDAPconfigAuthenticationMethod:

	     nisLDAPconfigAuthenticationMethod=simple

       nisLDAPconfigTLS

	   The transport layer security used for the connection to  the  server.  The  recognized
	   values are:

	   none    No encryption of transport layer data. The default value is none.

	   ssl	   SSL encryption of transport layer data. A certificate is required.

	   Export and import control restrictions might limit the availability of transport layer
	   security.

       nisLDAPconfigTLSCertificateDBPath

	   The name of the directory that contains the certificate database. The default path  is
	   /var/yp.

       nisLDAPconfigProxyUser

	   The proxy user used to obtain configuration information. nisLDAPconfigProxyUser has no
	   default value. If the value ends with  a  comma,  the  value  of  the  nisLDAPconfigDN
	   attribute is appended. For example:

	     nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,

       nisLDAPconfigProxyPassword

	   The	password  that should be supplied to LDAP for the proxy user when the authentica-
	   tion method requires one. To avoid exposing this password publicly on the machine, the
	   password  should  only  appear  in the configuration file, and the file should have an
	   appropriate owner, group, and file mode.  nisLDAPconfigProxyPassword  has  no  default
	   value.

       The following are attributes used for data retrieval. The object class name used for these
       attributes is nisLDAPconfig.

       preferredServerList

	   The list of servers to use to read or to write mapped NIS data from or to  LDAP.  pre-
	   ferredServerList has no default value. For example:

	     preferredServerList=127.0.0.1:389

       authenticationMethod

	   The	authentication method to use to read or to write mapped NIS data from or to LDAP.
	   For recognized values, see the LDAPconfigAuthenticationMethod  attribute.  authentica-
	   tionMethod has no default value. For example:

	     authenticationMethod=simple

       nisLDAPTLS

	   The	transport layer security to use to read or to write NIS data from or to LDAP. For
	   recognized values, see the nisLDAPconfigTLS attribute.  The	default  value	is  none.
	   Export and import control restrictions might limit the availability of transport layer
	   security.

       nisLDAPTLSCertificateDBPath

	   The name of the directory that contains the certificate DB. For recognized and default
	   values  for	nisLDAPTLSCertificateDBPath,  see  the	nisLDAPconfigTLSCertificateDBPath
	   attribute.

       nisLDAPproxyUser

	   Proxy user used by ypserv(1M), ypxfrd(1M) and yppasswdd(1M) to read or to  write  from
	   or  to  LDAP. Assumed to have the appropriate permission to read and modify LDAP data.
	   There is no default value. If the value ends in a comma, the value of the context  for
	   the	current  domain, as defined by a nisLDAPdomainContext attribute, is appended. See
	   NISLDAPmapping(4). For example:

	     nisLDAPproxyUser=cn=nisAdmin,ou=People,

       nisLDAPproxyPassword

	   The password that should be supplied to LDAP for the proxy user when  the  authentica-
	   tion  method so requires. To avoid exposing this password publicly on the machine, the
	   password should only appear in the configuration file,  and	the  file  must  have  an
	   appropriate owner, group, and file mode. nisLDAPproxyPassword has no default value.

       nisLDAPsearchTimeout

	   Establishes	the  timeout  for  the	LDAP  search  operation.  The  default	value for
	   nisLDAPsearchTimeout is 180 seconds.

       nisLDAPbindTimeout
       nisLDAPmodifyTimeout
       nisLDAPaddTimeout
       nisLDAPdeleteTimeout

	   Establish timeouts for LDAP bind, modify, add, and  delete  operations,  respectively.
	   The default value is 15 seconds for each attribute. Decimal values are allowed.

       nisLDAPsearchTimeLimit

	   Establish  a  value for the LDAP_OPT_TIMELIMIT option, which suggests a time limit for
	   the search operation on the LDAP server. The server may impose its own constraints  on
	   possible   values.	See   your   LDAP   server  documentation.  The  default  is  the
	   nisLDAPsearchTimeout value. Only integer values are allowed.

	   Since the nisLDAPsearchTimeout limits the amount of time the client ypserv  will  wait
	   for	completion  of a search operation, do not set the value of nisLDAPsearchTimeLimit
	   larger than the value of nisLDAPsearchTimeout.

       nisLDAPsearchSizeLimit

	   Establish a value for the LDAP_OPT_SIZELIMIT option, which suggests a size  limit,  in
	   bytes,  for	the search results on the LDAP server. The server may impose its own con-
	   straints on possible values. See your LDAP server documentation. The default value for
	   nisLDAPsearchSizeLimit  is zero, which means the size limit is unlimited. Only integer
	   values are allowed.

       nisLDAPfollowReferral

	   Determines if the ypserv  should  follow  referrals	or  not.  Recognized  values  for
	   nisLDAPfollowReferral  are  yes and no. The default value for nisLDAPfollowReferral is
	   no.

       The following attributes specify the action to be taken when some event occurs. The values
       are  all  of  the  form	event=action. The default action is the first one listed for each
       event.

       nisLDAPretrieveErrorAction

	   If an error occurs while trying to retrieve an entry from LDAP, one of  the	following
	   actions can be selected:

	   use_cached	 Retry the retrieval the number of time specified by nisLDAPretrieveErro-
			 rAttempts, with the nisLDAPretrieveErrorTimeout  value  controlling  the
			 wait between each attempt.

			 If  all  attempts fail, then a warning is logged and the value currently
			 in the cache is returned to the client.

	   fail 	 Proceed as for use_cached, but if all attempts fail, a YPERR_YPERR error
			 is returned to the client.

       nisLDAPretrieveErrorAttempts

	   The	number	of  times  a  failed  retrieval  should be retried. The default value for
	   nisLDAPretrieveErrorAttempts is unlimited. While retries are made  the  ypserv  daemon
	   will be prevented from servicing further requests .nisLDAPretrieveErrorAttempts values
	   other than 1 should be used with caution.

       nisLDAPretrieveErrorTimeout

	   The timeout in seconds between each new attempt to retrieve	LDAP  data.  The  default
	   value for nisLDAPretrieveErrorTimeout is 15 seconds.

       nisLDAPstoreErrorAction

	   An error occurred while trying to store data to the LDAP repository.

	   retry    Retry operation nisLDAPstoreErrorAttempts times with nisLDAPstoreErrorTimeout
		    seconds between each attempt. While retries are made, the NIS daemon will  be
		    prevented from servicing further requests. Use with caution.

	   fail     Return YPERR_YPERR error to the client.

       nisLDAPstoreErrorAttempts

	   The number of times a failed attempt to store should be retried. The default value for
	   nisLDAPstoreErrorAttempts is unlimited. The	value  for  nisLDAPstoreErrorAttempts  is
	   ignored unless nisLDAPstoreErrorAction=retry.

       nisLDAPstoreErrortimeout

	   The	timeout,  in  seconds,	between  each new attempt to store LDAP data. The default
	   value for nisLDAPstoreErrortimeout is 15 seconds. The  nisLDAPstoreErrortimeout  value
	   is ignored unless nisLDAPstoreErrorAction=retry.

   Storing Configuration Attributes in LDAP
       Most  attributes  described  on	this  man page, as well as those described on NISLDAPmap-
       ping(4), can be stored in LDAP. In order to do so, you will need to add the following def-
       initions  to your LDAP server, which are described here in LDIF format suitable for use by
       ldapadd(1). The attribute and objectclass OIDs are examples only.

	 dn: cn=schema
	 changetype: modify
	 add: attributetypes
	 attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' \
		   DESC 'Preferred LDAP server host addresses used by DUA' \
		   EQUALITY caseIgnoreMatch	      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
	 attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' \
		   DESC 'Authentication method used to contact the DSA' \
		   EQUALITY caseIgnoreMatch	      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

	 dn: cn=schema
	      changetype: modify
	      add: attributetypes
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.0 \
			NAME 'nisLDAPTLS' \
			DESC 'Transport Layer Security' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.1 \
			NAME 'nisLDAPTLSCertificateDBPath' \
			DESC 'Certificate file' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.2 \
			NAME 'nisLDAPproxyUser' \
			DESC 'Proxy user for data store/retrieval' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.3 \
			NAME 'nisLDAPproxyPassword' \
			DESC 'Password/key/shared secret for proxy user' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.6 \
			NAME 'nisLDAPretrieveErrorAction' \
			DESC 'Action following an LDAP search error' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.7 \
			NAME 'nisLDAPretrieveErrorAttempts' \
			DESC 'Number of times to retry an LDAP search' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.8 \
			NAME 'nisLDAPretrieveErrorTimeout' \
			DESC 'Timeout between each search attempt' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.9 \
			NAME 'nisLDAPstoreErrorAction' \
			DESC 'Action following an LDAP store error' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.10 \
			NAME 'nisLDAPstoreErrorAttempts' \
			DESC 'Number of times to retry an LDAP store' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.11 \
			NAME 'nisLDAPstoreErrorTimeout' \
			DESC 'Timeout between each store attempt' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.12 \
			NAME 'nisLDAPdomainContext' \
			DESC 'Context for a single domain' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.13 \
			NAME 'nisLDAPyppasswddDomains' \
			DESC 'List of domains for which password changes are made' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.14 \
			NAME 'nisLDAPdatabaseIdMapping' \
			DESC 'Defines a database id for a NIS object' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.15 \
			NAME 'nisLDAPentryTtl' \
			DESC 'TTL for cached objects derived from LDAP' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.16 \
			NAME 'nisLDAPobjectDN' \
			DESC 'Location in LDAP tree where NIS data is stored' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.17 ) \
			NAME 'nisLDAPnameFields' \
			DESC 'Rules for breaking NIS entries into fields' \e
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.18 ) \
			NAME 'nisLDAPsplitFields' \
			DESC 'Rules for breaking fields into sub fields' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.19 \
			NAME 'nisLDAPattributeFromField' \
			DESC 'Rules for mapping fields to LDAP attributes' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.20 \
			NAME 'nisLDAPfieldFromAttribute' \
			DESC 'Rules for mapping fields to LDAP attributes' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.21 \
			NAME 'nisLDAPrepeatedFieldSeparators' \
			DESC 'Rules for mapping fields to LDAP attributes' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.22 \
			NAME 'nisLDAPcommentChar' \
			DESC 'Rules for mapping fields to LDAP attributes' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

	      attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.43.1.23 \
			NAME 'nisLDAPmapFlags' \
			DESC 'Rules for mapping fields to LDAP attributes' \
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

	      dn: cn=schema
	      changetype: modify
	      add: objectclasses
	      objectclasses:  ( 1.3.6.1.4.1.42.2.27.5.42.43.1.0 NAME 'nisLDAPconfig' \
			DESC 'NIS/LDAP mapping configuration' \
			SUP top STRUCTURAL \
			MAY ( cn $ preferredServerList $
			  authenticationMethod $ nisLDAPTLS $
			  nisLDAPTLSCertificateDBPath $
			  nisLDAPproxyUser $ nisLDAPproxyPassword $
			  nisLDAPretrieveErrorAction $
			  nisLDAPretrieveErrorAttempts $
			  nisLDAPretrieveErrorTimeout $
			  nisLDAPstoreErrorAction $
			  nisLDAPstoreErrorAttempts $
			  nisLDAPstoreErrorTimeout $
			  nisLDAPdomainContext $
			  nisLDAPyppasswddDomains $
			  nisLDAPdatabaseIdMapping $
			  nisLDAPentryTtl $
			  nisLDAPobjectDN $
			  nisLDAPnameFields $
			  nisLDAPsplitFields $
			  nisLDAPattributeFromField $
			  nisLDAPfieldFromAttribute $
			  nisLDAPrepeatedFieldSeparators $
			  nisLDAPcommentChar $
			  nisLDAPmapFlags ) )

       Create a file containing the following LDIF data. Substitute your  actual  nisLDAPconfigDN
       for configDN:

	 dn: configDN
	 objectClass: top
	 objectClass: nisLDAPconfig

       Use  this  file as input to the ldapadd(1) command in order to create the NIS to LDAP con-
       figuration entry. Initially, the entry is empty. You can use the ldapmodify(1) command  to
       add configuration attributes.

EXAMPLES
       Example 1 Creating a NIS to LDAP Configuration Entry

       To  set	the server list to port 389 on 127.0.0.1, create the following file and use it as
       input to ldapmodify(1):

	 dn: configDN
	 preferredServerList: 127.0.0.1:389

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWypu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Obsolete			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       ldapadd(1),   ldapmodify(1),   inityp2l(1M),   yppasswdd(1M),   ypserv(1M),    ypxfrd(1M),
       NIS+LDAPmapping(4), attributes(5)

       System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

SunOS 5.11				    9 Aug 2004					ypserv(4)


All times are GMT -4. The time now is 01:50 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password