The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

rpc.nisd (4)
  • rpc.nisd (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • >> rpc.nisd (4) ( Solaris man: Специальные файлы /dev/* )
  •  

    NAME

    rpc.nisd - configuration file for NIS+ service daemon
     
    

    SYNOPSIS

    /etc/default/rpc.nisd
    

     

    DESCRIPTION

    The rpc.nisd file specifies configuration information for the rpc.nisd(1M) server. Configuration information can come from a combination of three places. It can be derived from LDAP. It can be specified in the rpc.nisd file. It can be specified on the rpc.nisd(1M) command line. The values in the rpc.nisd file override values obtained from the LDAP server. Command line values supersede values in the configuration file.

    The NIS+LDAPmapping(4) file contains mapping information connecting NIS+ object data to LDAP entries. See the NIS+LDAPmapping(4) manual page for an overview of the setup needed to map NIS+ data to or from LDAP.  

    Attributes

    The rpc.nisd(1M) server recognizes the following attributes. Any values specified for these attributes in the rpc.nisd file, including an empty value, override values obtained from LDAP. However, the nisplusLDAPconfig* values are read from the rpc.nisd file or the command line only. They are not obtained from LDAP.

    The following are attributes used for initial configuration.

    nisplusLDAPconfigDN

    The DN for configuration information. If empty, all other nisplusLDAPConfig* values are ignored, in the expectation that all attributes are specified in this file or on the command line. When nisplusLDAPConfigDN is not specified at all, the DN is derived from the NIS+ domain name by default. If the domain name is x.y.z., the default nisplusLDAPconfigDN is:

    nisplusLDAPconfigDN=dc=x,dc=y,dc=z
    

    nisplusLDAPconfigPreferredServerList

    The list of servers to use for the configuration phase. There is no default. The following is an example of a value for nisplusLDAPconfigPreferredServerList:

    nisplusLDAPconfigPreferredServerList=127.0.0.1:389
    

    nisplusLDAPconfigAuthenticationMethod

    The authentication method used to obtain the configuration information. The recognized values for nisplusLDAPconfigAuthenticationMethod are:

    none

    No authentication attempted.

    simple

    Password of proxy user sent in the clear to the LDAP server.

    sasl/cram-md5

    Use SASL/CRAM-MD5 authentication. This authentication method may not be supported by all LDAP servers. A password must be supplied.

    sasl/digest-md5

    Use SASL/DIGEST-MD5 authentication. This authentication method may not be supported by all LDAP servers. A password must be supplied.

    There is no default value. The following is an example of a value for nisplusLDAPconfigAuthenticationMethod:

    nisplusLDAPconfigAuthenticationMethod=simple
    

    nisplusLDAPconfigTLS

    The transport layer security used for the connection to the server. The recognized values are:

    none

    No encryption of transport layer data. This is the default value.

    ssl

    SSL encryption of transport layer data. A certificate is required.

    Export and import control restrictions may limit the availability of transport layer security.

    nisplusLDAPconfigTLSCertificateDBPath

    The name of the file containing the certificate database. The default path is /var/nis, and the default file name is cert7.db.

    nisplusLDAPconfigProxyUser

    The proxy user used to obtain configuration information. There is no default value. If the value ends with a comma, the value of the nisplusLDAPconfigDN attribute is appended. For example:

    nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People,
    

    nisplusLDAPconfigProxyPassword

    The password that should be supplied to LDAP for the proxy user when the authentication method requires one. In order to avoid having this password publically visible on the machine, the password should only appear in the configuration file, and the file should have an appropriate owner, group, and file mode. There is no default value.

    The following are attributes used for data retrieval. The object class name used for these attributes is nisplusLDAPconfig.

    preferredServerList

    The list of servers to use when reading or writing mapped NIS+ data from or to LDAP. There is no default value. For example:

    preferredServerList=127.0.0.1:389 
    

    authenticationMethod

    The authentication method to use when reading or writing mapped NIS+ data from or to LDAP. For recognized values, see the LDAPconfigAuthenticationMethod attribute. There is no default value. For example,

    authenticationMethod=simple
    

    nisplusLDAPTLS

    The transport layer security to use when reading or writing NIS+ data from or to LDAP. For recognized values, see the nisplusLDAPconfigTLS attribute. The default value is none. Note that export and import control restrictions may limit the availability of transport layer security.

    nisplusLDAPTLSCertificateDBPath

    The name of the file containing the certificate DB. For recognized and default values, see the nisplusLDAPconfigTLSCertificateDBPath attribute.

    defaultSearchBase

    The default portion of the DN to use when reading or writing mapped NIS+ data from or to LDAP. The default is derived from the value of the baseDomain attribute, which in turn usually defaults to the NIS+ domain name. If nisplusLDAPbaseDomain has the value x.y.z, the default defaultSearchBase is dc=x,dc=y,dc=z. See the following sample attribute value:

    defaultSearchBase=dc=somewhere,dc=else
    

    nisplusLDAPbaseDomain

    The domain to append when NIS+ object names are not fully qualified. The default is the domain the rpc.nisd daemon is serving, or the first such domain, if there is more than one candidate.

    nisplusLDAPproxyUser

    Proxy user used by the rpc.nisd to read or write from or to LDAP. Assumed to have the appropriate permission to read and modify LDAP data. There is no default value. If the value ends in a comma, the value of the defaultSearchBase attribute is appended. For example:

    nisplusLDAPproxyUser=cn=nisplusAdmin,ou=People, 
    

    nisplusLDAPproxyPassword

    The password that should be supplied to LDAP for the proxy user when the authentication method so requires. In order to avoid having this password publically visible on the machine, the password should only appear in the configuration file, and the file should have an appropriate owner, group, and file mode. There is no default value.

    nisplusLDAPbindTimeout
    nisplusLDAPsearchTimeout
    nisplusLDAPmodifyTimeout
    nisplusLDAPaddTimeout
    nisplusLDAPdeleteTimeout

    Establish timeouts for LDAP bind, search, modify, add, and delete operations, respectively. The default value is 15 seconds for each one. Decimal values are allowed.

    nisplusLDAPsearchTimeLimit

    Establish a value for the LDAP_OPT_TIMELIMIT option, which suggests a time limit for the search operation on the LDAP server. The server may impose its own constraints on possible values. See your LDAP server documentation. The default is the nisplusLDAPsearchTimeout value. Only integer values are allowed.

    Since the nisplusLDAPsearchTimeout limits the amount of time the client rpc.nisd will wait for completion of a search operation, setting the nisplusLDAPsearchTimeLimit larger than the nisplusLDAPsearchTimeout is not recommended.

    nisplusLDAPsearchSizeLimit

    Establish a value for the LDAP_OPT_SIZELIMIT option, which suggests a size limit, in bytes, for the search results on the LDAP server. The server may impose its own constraints on possible values. See your LDAP server documentation. The default is zero, which means unlimited. Only integer values are allowed.

    nisplusLDAPfollowReferral

    Determines if the rpc.nisd should follow referrals or not. Recognized values are yes and no. The default value is no.

    nisplusNumberOfServiceThreads

    Sets the maximum number of RPC service threads that the rpc.nisd may use. Note that the rpc.nisd may create additional threads for certain tasks, so that the actual number of threads running may be larger than the nisplusNumberOfServiceThreads value.

    The value of this attribute is a decimal integer from zero to (2**31)-1, inclusive. Zero, which is the default, sets the number of service threads to three plus the number of CPUs available when the rpc.nisd daemon starts. For example:

    nisplusNumberOfServiceThreads=16
    

    The following attributes specify the action to be taken when some event occurs. The values are all of the form event=action. The default action is the first one listed for each event.

    nisplusLDAPinitialUpdateAction

    Provides the optional capability to update all NIS+ data from LDAP, or vice versa, when the rpc.nisd starts. Depending on various factors such as both NIS+ and LDAP server and network performance, as well as the amount of data to be uploaded or downloaded, these operations can consume very significant CPU and memory resources. During upload and download, the rpc.nisd has not yet registered with rpcbind, and provides no NIS+ service. When data is downloaded from LDAP, any new items added to the rpc.nisd's database get a TTL as for an initial load. See the description for the nisplusLDAPentryTtl attribute on NIS+LDAPmapping(4).

    none

    No initial update in either direction. This is the default.

    from_ldap

    Causes the rpc.nisd to fetch data for all NIS+ objects it serves, and for which mapping entries are available, from the LDAP repository.

    to_ldap

    The rpc.nisd writes all NIS+ objects for which it is the master server, and for which mapping entries are available, to the LDAP repository.

    nisplusLDAPinitialUpdateOnly

    Use in conjunction with nisplusLDAPinitialUpdateAction.

    no

    Following the initial update, the rpc.nisd starts serving NIS+ requests. This is the default.

    yes

    The rpc.nisd exits after the initial update. This value is ignored if specified together with nisplusLDAPinitialUpdateAction=none.

    nisplusLDAPretrieveErrorAction

    If an error occurs while trying to retrieve an entry from LDAP, one of the following actions can be selected:

    use_cached

    Action according to nisplusLDAPrefreshError below. This is the default.

    retry

    Retry the retrieval the number of time specified by nisplusLDAPretrieveErrorAttempts, with the nisplusLDAPretrieveErrorTimeout value controlling the wait between each attempt.

    try_again
    unavail
    no_such_name

    Return NIS_TRYAGAIN, NIS_UNAVAIL, or NIS_NOSUCHNAME, respectively, to the client. Note that the client code may not be prepared for this and can react in unexpected ways.

    nisplusLDAPretrieveErrorAttempts

    The number of times a failed retrieval should be retried. The default is unlimited. The nisplusLDAPretrieveErrorAttempts value is ignored unless nisplusLDAPretrieveErrorAction=retry.

    nisplusLDAPretrieveErrorTimeout

    The timeout (in seconds) between each new attempt to retrieve LDAP data. The default is 15 seconds. The value for nisplusLDAPretrieveErrorTimeout is ignored unless nisplusLDAPretrieveErrorAction=retry.

    nisplusLDAPstoreErrorAction

    An error occurred while trying to store data to the LDAP repository.

    retry

    Retry operation nisplusLDAPstoreErrorAttempts times with nisplusLDAPstoreErrorTimeout seconds between each attempt. Note that this may tie up a thread in the rpc.nisd daemon.

    system_error

    Return NIS_SYSTEMERROR to the client.

    unavail

    Return NIS_UNAVAIL to the client. Note that the client code may not be prepared for this and can react in unexpected ways.

    nisplusLDAPstoreErrorAttempts

    The number of times a failed attempt to store should be retried. The default is unlimited. The value for nisplusLDAPstoreErrorAttempts is ignored unless nisplusLDAPstoreErrorAction=retry.

    nisplusLDAPstoreErrortimeout

    The timeout, in seconds, between each new attempt to store LDAP data. The default is 15 seconds. The nisplusLDAPstoreErrortimeout value is ignored unless nisplusLDAPstoreErrorAction=retry.

    nisplusLDAPrefreshErrorAction

    An error occured while trying to refresh a cache entry.

    continue_using

    Continue using expired cache entry, if one is available. Otherwise, the action is retry. This is the default.

    retry

    Retry operation nisplusLDAPrefreshErrorAttempts times with nisplusLDAPrefreshErrorTimeout seconds between each attempt. Note that this may tie up a thread in the rpc.nisd daemon.

    cache_expired
    tryagain

    Return NIS_CACHEEXPIRED or NIS_TRYAGAIN, respectively, to the client. Note that the client code may not be prepared for this and could can react in unexpected ways.

    nisplusLDAPrefreshErrorAttempts

    The number of times a failed refresh should be retried. The default is unlimited. This applies to the retry and continue_using actions, but for the latter, only when there is no cached entry.

    nisplusLDAPrefreshErrorTimeout

    The timeout (in seconds) between each new attempt to refresh data. The default is 15 seconds. The value for nisplusLDAPrefreshErrorTimeout applies to the retry and continue_using actions.

    nisplusThreadCreationErrorAction

    The action to take when an error occured while trying to create a new thread. This only applies to threads controlled by the rpc.nisd daemon not to RPC service threads. An example of threads controlled by the rpc.nisd daemon are those created to serve nis_list(3NSL) with callback, as used by niscat(1) to enumerate tables.

    pass_error

    Pass on the thread creation error to the client, to the extent allowed by the available NIS+ error codes. The error might be NIS_NOMEMORY, or another resource shortage error. This action is the default.

    retry

    Retry operation nisplusThreadCreationErrorAttempts times, waiting nisplusThreadCreationErrorTimeout seconds between each attempt. Note that this may tie up a thread in the rpc.nisd daemon.

    nisplusThreadCreationErrorAttempts

    The number of times a failed thread creation should be retried. The default is unlimited. The value for nisplusThreadCreationErrorAttempts is ignored unless the nisplusThreadCreationErrorAction=retry.

    nisplusThreadCreationErrorTimeout

    The number of seconds to wait between each new attempt to create a thread. The default is 15 seconds. Ignored unless nisplusThreadCreationErrorAction=retry.

    nisplusDumpError

    An error occurred during a full dump of a NIS+ directory from the master to a replica. The replica can:

    retry

    Retry operation nisplusDumpErrorAttempts times waiting nisplusDumpErrorTimeout seconds between each attempt. Note that this may tie up a thread in the rpc.nisd.

    rollback

    Try to roll back the changes made so far before retrying per the retry action. If the rollback fails or cannot be performed due to the selected ResyncServiceAction level, the retry action is selected.

    nisplusDumpErrorAttempts

    The number of times a failed full dump should be retried. The default is unlimited. When the number of retry attempts has been used up, the full dump is abandoned, and will not be retried again until a resync fails because no update time is available.

    nisplusDumpErrorTimeout

    The number of seconds to wait between each attempt to execute a full dump. The default is 120 seconds.

    nisplusResyncService

    Type of NIS+ service to be provided by a replica during resync, that is, data transfer from NIS+ master to NIS+ replica. This includes both partial and full resyncs.

    from_copy

    Service is provided from a copy of the directory to be resynced while the resync is in progress. Rollback is possible if an error occurs. Note that making a copy of the directory may require a significant amount of time, depending on the size of the tables in the directory and available memory on the system.

    directory_locked

    While the resync for a directory is in progress, it is locked against access. Operations to the directory are blocked until the resync is done. Rollback is not possible.

    from_live

    The replica database is updated in place. Rollback is not possible. If there are dependencies between individual updates in the resync, clients may be exposed to data inconsistencies during the resync. In particular, directories or tables may disappear for a time during a full dump.

    nisplusUpdateBatching

    How updates should be batched together on the master.

    accumulate

    Accumulate updates for at least nisplusUpdateBatchingTimeout seconds. Any update that comes in before the timeout has occured will reset the timeout counter. Thus, a steady stream of updates less than nisplusUpdateBatchingTimeout seconds apart could delay pinging replicas indefinitely.

    bounded_accumulate

    Accumulate updates for at least nisplusUpdateBatchingTimeout seconds. The default value for timeout is 120 seconds. Incoming updates do not reset the timeout counter, so replicas will be informed once the initial timeout has expired.

    none

    Updates are not batched. Instead, replicas are informed immediately of any update. While this should maximize data consistency between master and replicas, it can also cause considerable overhead on both master and replicas.

    nisplusUpdateBatchingTimeout

    The minimum time (in seconds) during which to accumulate updates. Replicas will not be pinged during this time. The default is 120 seconds.

    nisplusLDAPmatchFetchAction

    A NIS+ match operation, that is, any search other than a table enumeration, will encounter one of the following situations:
    1.
    Table believed to be entirely in cache, and all cached entries are known to be valid. The cached tabled data is authoritative for the match operation.
    2.
    Table wholly or partially cached, but there may be individual entries that have timed out.
    3.
    No cached entries for the table. Always attempt to retrieve matching data from LDAP.
    When the table is wholly or partially cached, the action for the nisplusLDAPmatchFetchAction attribute controls whether or not the LDAP repository is searched:

    no_match_only

    Only go to LDAP when there is no match at all on the search of the available NIS+ data, or the match includes at least one entry that has timed out.

    always

    Always make an LDAP lookup.

    never

    Never make an LDAP lookup.

    nisplusMaxRPCRecordSize

    Sets the maximum RPC record size that NIS+ can use over connection oriented transports. The minimum record size is 9000, which is the default. The default value will be used in place of any value less than 9000. The value of this attribute is a decimal integer from 9000 to 2^31, inclusive.

     

    Storing Configuration Attributes in LDAP

    Most attributes described on this man page, as well as those from NIS+LDAPmapping(4), can be stored in LDAP. In order to do so, you will need to add the following definitions to your LDAP server, which are described here in LDIF format suitable for use by ldapadd(1). The attribute and object class OIDs are examples only.

    dn: cn=schema
    changetype: modify
    add: attributetypes
    OIDattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 \
             NAME 'defaultSearchBase' \
             DESC 'Default LDAP base DN used by a DUA' \
             EQUALITY distinguishedNameMatch \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 \
             NAME 'preferredServerList' \
             DESC 'Preferred LDAP server host addresses used by DUA' \
             EQUALITY caseIgnoreMatch \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 \
             NAME 'authenticationMethod' \
             DESC 'Authentication method used to contact the DSA' \
             EQUALITY caseIgnoreMatch \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
    

    dn: cn=schema
    changetype: modify
    add: attributetypes
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.0 \
             NAME 'nisplusLDAPTLS' \
             DESC 'Transport Layer Security' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.1 \
             NAME 'nisplusLDAPTLSCertificateDBPath' \
             DESC 'Certificate file' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.2 \
             NAME 'nisplusLDAPproxyUser' \
             DESC 'Proxy user for data store/retrieval' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.3 \
             NAME 'nisplusLDAPproxyPassword' \
             DESC 'Password/key/shared secret for proxy user' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.4 \
             NAME 'nisplusLDAPinitialUpdateAction' \
             DESC 'Type of initial update' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.5 \
             NAME 'nisplusLDAPinitialUpdateOnly' \
             DESC 'Exit after update ?' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.6 \
             NAME 'nisplusLDAPretrieveErrorAction' \
             DESC 'Action following an LDAP search error' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.7 \
             NAME 'nisplusLDAPretrieveErrorAttempts' \
             DESC 'Number of times to retry an LDAP search' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.8 \
             NAME 'nisplusLDAPretrieveErrorTimeout' \
             DESC 'Timeout between each search attempt' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.9 \
             NAME 'nisplusLDAPstoreErrorAction' \
             DESC 'Action following an LDAP store error' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.10 \
             NAME 'nisplusLDAPstoreErrorAttempts' \
             DESC 'Number of times to retry an LDAP store' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.11 \
             NAME 'nisplusLDAPstoreErrorTimeout' \
             DESC 'Timeout between each store attempt' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.12 \
             NAME 'nisplusLDAPrefreshErrorAction' \
             DESC 'Action when refresh of NIS+ data from LDAP fails' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.13 \
             NAME 'nisplusLDAPrefreshErrorAttempts' \
             DESC 'Number of times to retry an LDAP refresh' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.14 \
             NAME 'nisplusLDAPrefreshErrorTimeout' \
             DESC 'Timeout between each refresh attempt' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.15 \
             NAME 'nisplusNumberOfServiceThreads' \
             DESC 'Max number of RPC service threads' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.16 \
             NAME 'nisplusThreadCreationErrorAction' \
             DESC 'Action when a non-RPC-service thread creation fails' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.17 \
             NAME 'nisplusThreadCreationErrorAttempts' \
             DESC 'Number of times to retry thread creation' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.18 \
             NAME 'nisplusThreadCreationErrorTimeout' \
             DESC 'Timeout between each thread creation attempt' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.19 \
             NAME 'nisplusDumpErrorAction' \
             DESC 'Action when a NIS+ dump fails' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.20 \
             NAME 'nisplusDumpErrorAttempts' \
             DESC 'Number of times to retry a failed dump' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.21 \
             NAME 'nisplusDumpErrorTimeout' \
             DESC 'Timeout between each dump attempt' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.22 \
             NAME 'nisplusResyncService' \
             DESC 'Service provided during a resync' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.23 \
             NAME 'nisplusUpdateBatching' \
             DESC 'Method for batching updates on master' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.24 \
             NAME 'nisplusUpdateBatchingTimeout' \
             DESC 'Minimum time to wait before pinging replicas' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.25 \
             NAME 'nisplusLDAPmatchFetchAction' \
             DESC 'Should pre-fetch be done ?' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.26 \
             NAME 'nisplusLDAPbaseDomain' \
             DESC 'Default domain name used in NIS+/LDAP mapping' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.27 \
             NAME 'nisplusLDAPdatabaseIdMapping' \
             DESC 'Defines a database id for a NIS+ object' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.28 \
             NAME 'nisplusLDAPentryTtl' \
             DESC 'TTL for cached objects derived from LDAP' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.29 \
             NAME 'nisplusLDAPobjectDN' \
             DESC 'Location in LDAP tree where NIS+ data is stored' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.30 \
             NAME 'nisplusLDAPcolumnFromAttribute' \
             DESC 'Rules for mapping LDAP attributes to NIS+ columns' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
    attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.31 \
             NAME 'nisplusLDAPattributeFromColumn' \
             DESC 'Rules for mapping NIS+ columns to LDAP attributes' \
             SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
    
    dn: cn=schema
    changetype: modify
    add: objectclasses
    objectclasses:  ( 1.3.6.1.4.1.42.2.27.5.42.42.19.0 \
             NAME 'nisplusLDAPconfig' \
             DESC 'NIS+/LDAP mapping configuration' \
             SUP top STRUCTURAL MUST ( cn ) \
             MAY ( preferredServerList $ defaultSearchBase $
               authenticationMethod $ nisplusLDAPTLS $
               nisplusLDAPTLSCertificateDBPath $
               nisplusLDAPproxyUser $ nisplusLDAPproxyPassword $
               nisplusLDAPinitialUpdateAction $
               nisplusLDAPinitialUpdateOnly $
               nisplusLDAPretrieveErrorAction $
               nisplusLDAPretrieveErrorAttempts $
               nisplusLDAPretrieveErrorTimeout $
               nisplusLDAPstoreErrorAction $
               nisplusLDAPstoreErrorAttempts $
               nisplusLDAPstoreErrorTimeout $
               nisplusLDAPrefreshErrorAction $
               nisplusLDAPrefreshErrorAttempts $
               nisplusLDAPrefreshErrorTimeout $
               nisplusNumberOfServiceThreads $
               nisplusThreadCreationErrorAction $
               nisplusThreadCreationErrorAttempts $
               nisplusThreadCreationErrorTimeout $
               nisplusDumpErrorAction $
               nisplusDumpErrorAttempts $
               nisplusDumpErrorTimeout $
               nisplusResyncService $ nisplusUpdateBatching $
               nisplusUpdateBatchingTimeout $
               nisplusLDAPmatchFetchAction $
               nisplusLDAPbaseDomain $
               nisplusLDAPdatabaseIdMapping $
               nisplusLDAPentryTtl $
               nisplusLDAPobjectDN $
               nisplusLDAPcolumnFromAttribute $
               nisplusLDAPattributeFromColumn ) )
    

    Create a file containing the following LDIF data. Substitute your actual search base for searchBase, and your fully qualified domain name for domain:

    dn: cn=domain,searchBase
    cn: domain
    objectClass: top
    objectClass: nisplusLDAPconfig
    

    Use this file as input to the ldapadd(1) command in order to create the NIS+/LDAP configuration entry. Initially, the entry is empty. You can use the ldapmodify(1) command to add configuration attributes.  

    EXAMPLES

    Example 1 Creating a NIS+/LDAP Configuration Entry

    To set the nisplusNumberOfServiceThreads attribute to 32, create the following file and use it as input to ldapmodify(1):

    dn: cn=domain,searchBase
    nisplusNumberOfServiceThreads: 32
    

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWnisr

    Interface Stability

     

    SEE ALSO

    nisldapmaptest(1M), rpc.nisd(1M), NIS+LDAPmapping(4), attributes(5)

    System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    Attributes
    Storing Configuration Attributes in LDAP
    EXAMPLES
    ATTRIBUTES
    SEE ALSO


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру