rpc.nisd(4)
NAME
rpc.nisd - configuration file for NIS+ service daemon
SYNOPSIS
/etc/default/rpc.nisd
DESCRIPTION
The rpc.nisd file specifies configuration information for
the rpc.nisd(1M) server. Configuration information can come
from a combination of three places. It can be derived from
LDAP. It can be specified in the rpc.nisd file. It can be
specified on the rpc.nisd(1M) command line. The values in
the rpc.nisd file override values obtained from the LDAP
server. Command line values supersede values in the confi-
guration file.
The NIS+LDAPmapping(4) file contains mapping information
connecting NIS+ object data to LDAP entries. See the
NIS+LDAPmapping(4) manual page for an overview of the setup
needed to map NIS+ data to or from LDAP.
Attributes
The rpc.nisd(1M) server recognizes the following attributes.
Any values specified for these attributes in the rpc.nisd
file, including an empty value, override values obtained
from LDAP. However, the nisplusLDAPconfig* values are read
from the rpc.nisd file or the command line only. They are
not obtained from LDAP.
The following are attributes used for initial configuration.
nisplusLDAPconfigDN
The DN for configuration information. If empty, all
other nisplusLDAPConfig* values are ignored, in the
expectation that all attributes are specified in this
file or on the command line. When nisplusLDAPConfigDN
is not specified at all, the DN is derived from the
NIS+ domain name by default. If the domain name is
x.y.z., the default nisplusLDAPconfigDN is:
nisplusLDAPconfigDN=dc=x,dc=y,dc=z
nisplusLDAPconfigPreferredServerList
The list of servers to use for the configuration
phase. There is no default. The following is an exam-
ple of a value for nisplusLDAPconfigPreferredServer-
List:
nisplusLDAPconfigPreferredServerList=127.0.0.1:389
nisplusLDAPconfigAuthenticationMethod
The authentication method used to obtain the
configuration information. The recognized values for
nisplusLDAPconfigAuthenticationMethod are:
none No authentication attempted.
simple
Password of proxy user sent in the clear to the
LDAP server.
sasl/cram-md5
Use SASL/CRAM-MD5 authentication. This authenti-
cation method may not be supported by all LDAP
servers. A password must be supplied.
sasl/digest-md5
Use SASL/DIGEST-MD5 authentication. This authen-
tication method may not be supported by all LDAP
servers. A password must be supplied.
There is no default value. The following is an example
of a value for nisplusLDAPconfigAuthenticationMethod:
nisplusLDAPconfigAuthenticationMethod=simple
nisplusLDAPconfigTLS
The transport layer security used for the connection
to the server. The recognized values are:
none No encryption of transport layer data. This is
the default value.
ssl SSL encryption of transport layer data. A cer-
tificate is required.
Export and import control restrictions may limit the
availability of transport layer security.
nisplusLDAPconfigTLSCertificateDBPath
The name of the file containing the certificate data-
base. The default path is /var/nis, and the default
file name is cert7.db.
nisplusLDAPconfigProxyUser
The proxy user used to obtain configuration informa-
tion. There is no default value. If the value ends
with a comma, the value of the nisplusLDAPconfigDN
attribute is appended. For example:
nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People,
nisplusLDAPconfigProxyPassword
The password that should be supplied to LDAP for the
proxy user when the authentication method requires
one. In order to avoid having this password publically
visible on the machine, the password should only
appear in the configuration file, and the file should
have an appropriate owner, group, and file mode. There
is no default value.
The following are attributes used for data retrieval. The
object class name used for these attributes is nisplusLDAP-
config.
preferredServerList
The list of servers to use when reading or writing
mapped NIS+ data from or to LDAP. There is no default
value. For example:
preferredServerList=127.0.0.1:389
authenticationMethod
The authentication method to use when reading or writ-
ing mapped NIS+ data from or to LDAP. For recognized
values, see the LDAPconfigAuthenticationMethod attri-
bute. There is no default value. For example,
authenticationMethod=simple
nisplusLDAPTLS
The transport layer security to use when reading or
writing NIS+ data from or to LDAP. For recognized
values, see the nisplusLDAPconfigTLS attribute. The
default value is none. Note that export and import
control restrictions may limit the availability of
transport layer security.
nisplusLDAPTLSCertificateDBPath
The name of the file containing the certificate DB.
For recognized and default values, see the
nisplusLDAPconfigTLSCertificateDBPath attribute.
defaultSearchBase
The default portion of the DN to use when reading or
writing mapped NIS+ data from or to LDAP. The default
is derived from the value of the baseDomain attribute,
which in turn usually defaults to the NIS+ domain
name. If nisplusLDAPbaseDomain has the value x.y.z,
the default defaultSearchBase is dc=x,dc=y,dc=z. See
the following sample attribute value:
defaultSearchBase=dc=somewhere,dc=else
nisplusLDAPbaseDomain
The domain to append when NIS+ object names are not
fully qualified. The default is the domain the
rpc.nisd daemon is serving, or the first such domain,
if there is more than one candidate.
nisplusLDAPproxyUser
Proxy user used by the rpc.nisd to read or write from
or to LDAP. Assumed to have the appropriate permission
to read and modify LDAP data. There is no default
value. If the value ends in a comma, the value of the
defaultSearchBase attribute is appended. For example:
nisplusLDAPproxyUser=cn=nisplusAdmin,ou=People,
nisplusLDAPproxyPassword
The password that should be supplied to LDAP for the
proxy user when the authentication method so
requires. In order to avoid having this password publ-
ically visible on the machine, the password should
only appear in the configuration file, and the file
should have an appropriate owner, group, and file
mode. There is no default value.
nisplusLDAPbindTimeout
nisplusLDAPsearchTimeout
nisplusLDAPmodifyTimeout
nisplusLDAPaddTimeout
nisplusLDAPdeleteTimeout
Establish timeouts for LDAP bind, search, modify, add,
and delete operations, respectively. The default value
is 15 seconds for each one. Decimal values are
allowed.
nisplusLDAPsearchTimeLimit
Establish a value for the LDAP_OPT_TIMELIMIT option,
which suggests a time limit for the search operation
on the LDAP server. The server may impose its own con-
straints on possible values. See your LDAP server
documentation. The default is the nisplusLDAPsear-
chTimeout value. Only integer values are allowed.
Since the nisplusLDAPsearchTimeout limits the amount
of time the client rpc.nisd will wait for completion
of a search operation, setting the nisplusLDAPsear-
chTimeLimit larger than the nisplusLDAPsearchTimeout
is not recommended.
nisplusLDAPsearchSizeLimit
Establish a value for the LDAP_OPT_SIZELIMIT option,
which suggests a size limit, in bytes, for the search
results on the LDAP server. The server may impose its
own constraints on possible values. See your LDAP
server documentation. The default is zero, which means
unlimited. Only integer values are allowed.
nisplusLDAPfollowReferral
Determines if the rpc.nisd should follow referrals or
not. Recognized values are yes and no. The default
value is no.
nisplusNumberOfServiceThreads
Sets the maximum number of RPC service threads that
the rpc.nisd may use. Note that the rpc.nisd may
create additional threads for certain tasks, so that
the actual number of threads running may be larger
than the nisplusNumberOfServiceThreads value.
The value of this attribute is a decimal integer from
zero to (2**31)-1, inclusive. Zero, which is the
default, sets the number of service threads to three
plus the number of CPUs available when the rpc.nisd
daemon starts. For example:
nisplusNumberOfServiceThreads=16
The following attributes specify the action to be taken when
some event occurs. The values are all of the form
event=action. The default action is the first one listed for
each event.
nisplusLDAPinitialUpdateAction
Provides the optional capability to update all NIS+
data from LDAP, or vice versa, when the rpc.nisd
starts. Depending on various factors such as both NIS+
and LDAP server and network performance, as well as
the amount of data to be uploaded or downloaded, these
operations can consume very significant CPU and memory
resources. During upload and download, the rpc.nisd
has not yet registered with rpcbind, and provides no
NIS+ service. When data is downloaded from LDAP, any
new items added to the rpc.nisd's database get a TTL
as for an initial load. See the description for the
nisplusLDAPentryTtl attribute on NIS+LDAPmapping(4).
none No initial update in either direction. This is
the default.
from_ldap
Causes the rpc.nisd to fetch data for all NIS+
objects it serves, and for which mapping entries
are available, from the LDAP repository.
to_ldap
The rpc.nisd writes all NIS+ objects for which
it is the master server, and for which mapping
entries are available, to the LDAP repository.
nisplusLDAPinitialUpdateOnly
Use in conjunction with nisplusLDAPinitialUpdateAc-
tion.
no Following the initial update, the rpc.nisd
starts serving NIS+ requests. This is the
default.
yes The rpc.nisd exits after the initial update.
This value is ignored if specified together with
nisplusLDAPinitialUpdateAction=none.
nisplusLDAPretrieveErrorAction
If an error occurs while trying to retrieve an entry
from LDAP, one of the following actions can be
selected:
use_cached
Action according to nisplusLDAPrefreshError
below. This is the default.
retry Retry the retrieval the number of time specified
by nisplusLDAPretrieveErrorAttempts, with the
nisplusLDAPretrieveErrorTimeout value control-
ling the wait between each attempt.
try_again
unavail
no_such_name
Return NIS_TRYAGAIN, NIS_UNAVAIL, or
NIS_NOSUCHNAME, respectively, to the client.
Note that the client code may not be prepared
for this and can react in unexpected ways.
nisplusLDAPretrieveErrorAttempts
The number of times a failed retrieval should be
retried. The default is unlimited. The nisplusLDAPre-
trieveErrorAttempts value is ignored unless
nisplusLDAPretrieveErrorAction=retry.
nisplusLDAPretrieveErrorTimeout
The timeout (in seconds) between each new attempt to
retrieve LDAP data. The default is 15 seconds. The
value for nisplusLDAPretrieveErrorTimeout is ignored
unless nisplusLDAPretrieveErrorAction=retry.
nisplusLDAPstoreErrorAction
An error occured while trying to store data to the
LDAP repository.
retry Retry operation nisplusLDAPstoreErrorAttempts
times with nisplusLDAPstoreErrorTimeout seconds
between each attempt. Note that this may tie up
a thread in the rpc.nisd daemon.
system_error
Return NIS_SYSTEMERROR to the client.
unavail
Return NIS_UNAVAIL to the client. Note that the
client code may not be prepared for this and can
react in unexpected ways.
nisplusLDAPstoreErrorAttempts
The number of times a failed attempt to store should
be retried. The default is unlimited. The value for
nisplusLDAPstoreErrorAttempts is ignored unless
nisplusLDAPstoreErrorAction=retry.
nisplusLDAPstoreErrortimeout
The timeout, in seconds, between each new attempt to
store LDAP data. The default is 15 seconds. The
nisplusLDAPstoreErrortimeout value is ignored unless
nisplusLDAPstoreErrorAction=retry.
nisplusLDAPrefreshErrorAction
An error occured while trying to refresh a cache
entry.
continue_using
Continue using expired cache entry, if one is
available. Otherwise, the action is retry. This
is the default.
retry Retry operation nisplusLDAPrefreshErrorAttempts
times with nisplusLDAPrefreshErrorTimeout
seconds between each attempt. Note that this may
tie up a thread in the rpc.nisd daemon.
cache_expired
tryagain
Return NIS_CACHEEXPIRED or NIS_TRYAGAIN, respec-
tively, to the client. Note that the client code
may not be prepared for this and could can
react in unexpected ways.
nisplusLDAPrefreshErrorAttempts
The number of times a failed refresh should be
retried. The default is unlimited. This applies to the
retry and continue_using actions, but for the latter,
only when there is no cached entry.
nisplusLDAPrefreshErrorTimeout
The timeout (in seconds) between each new attempt to
refresh data. The default is 15 seconds. The value
for nisplusLDAPrefreshErrorTimeout applies to the
retry and continue_using actions.
nisplusThreadCreationErrorAction
The action to take when an error occured while trying
to create a new thread. This only applies to threads
controlled by the rpc.nisd daemon not to RPC service
threads. An example of threads controlled by the
rpc.nisd daemon are those created to serve
nis_list(3NSL) with callback, as used by niscat(1) to
enumerate tables.
pass_error
Pass on the thread creation error to the client,
to the extent allowed by the available NIS+
error codes. The error might be NIS_NOMEMORY, or
another resource shortage error. This action is
the default.
retry Retry operation nisplusThreadCreationErrorAt-
tempts times, waiting nisplusThreadCreationEr-
rorTimeout seconds between each attempt. Note
that this may tie up a thread in the rpc.nisd
daemon.
nisplusThreadCreationErrorAttempts
The number of times a failed thread creation should be
retried. The default is unlimited. The value for
nisplusThreadCreationErrorAttempts is ignored unless
the nisplusThreadCreationErrorAction=retry.
nisplusThreadCreationErrorTimeout
The number of seconds to wait between each new attempt
to create a thread. The default is 15 seconds. Ignored
unless nisplusThreadCreationErrorAction=retry.
nisplusDumpError
An error occured during a full dump of a NIS+ direc-
tory from the master to a replica. The replica can:
retry Retry operation nisplusDumpErrorAttempts times
waiting nisplusDumpErrorTimeout seconds between
each attempt. Note that this may tie up a thread
in the rpc.nisd.
rollback
Try to roll back the changes made so far before
retrying per the retry action. If the rollback
fails or cannot be performed due to the selected
ResyncServiceAction level, the retry action is
selected.
nisplusDumpErrorAttempts
The number of times a failed full dump should be
retried. The default is unlimited. When the number
of retry attempts has been used up, the full dump is
abandoned, and will not be retried again until a
resync fails because no update time is available.
nisplusDumpErrorTimeout
The number of seconds to wait between each attempt to
execute a full dump. The default is 120 seconds.
nisplusResyncService
Type of NIS+ service to be provided by a replica dur-
ing resync, that is, data transfer from NIS+ master to
NIS+ replica. This includes both partial and full
resyncs.
from_copy
Service is provided from a copy of the directory
to be resynced while the resync is in progress.
Rollback is possible if an error occurs. Note
that making a copy of the directory may require
a significant amount of time, depending on the
size of the tables in the directory and avail-
able memory on the system.
directory_locked
While the resync for a directory is in progress,
it is locked against access. Operations to the
directory are blocked until the resync is done.
Rollback is not possible.
from_live
The replica database is updated in place. Roll-
back is not possible. If there are dependencies
between individual updates in the resync,
clients may be exposed to data inconsistencies
during the resync. In particular, directories
or tables may disappear for a time during a
full dump.
nisplusUpdateBatching
How updates should be batched together on the master.
accumulate
Accumulate updates for at least nisplusUp-
dateBatchingTimeout seconds. Any update that
comes in before the timeout has occured will
reset the timeout counter. Thus, a steady
stream of updates less than nisplusUp-
dateBatchingTimeout seconds apart could delay
pinging replicas indefinitely.
bounded_accumulate
Accumulate updates for at least nisplusUp-
dateBatchingTimeout seconds. The default value
for timeout is 120 seconds. Incoming updates do
not reset the timeout counter, so replicas will
be informed once the initial timeout has
expired.
none Updates are not batched. Instead, replicas are
informed immediately of any update. While this
should maximize data consistency between master
and replicas, it can also cause considerable
overhead on both master and replicas.
nisplusUpdateBatchingTimeout
The minimum time (in seconds) during which to accumu-
late updates. Replicas will not be pinged during this
time. The default is 120 seconds.
nisplusLDAPmatchFetchAction
A NIS+ match operation, that is, any search other than
a table enumeration, will encounter one of the follow-
ing situations:
1. Table believed to be entirely in cache, and all
cached entries are known to be valid. The cached
tabled data is authoritative for the match opera-
tion.
2. Table wholly or partially cached, but there may be
individual entries that have timed out.
3. No cached entries for the table. Always attempt to
retrieve matching data from LDAP.
When the table is wholly or partially cached, the
action for the nisplusLDAPmatchFetchAction attribute
controls whether or not the LDAP repository is
searched:
no_match_only
Only go to LDAP when there is no match at all on
the search of the available NIS+ data, or the
match includes at least one entry that has timed
out.
always
Always make an LDAP lookup.
never Never make an LDAP lookup.
nisplusMaxRPCRecordSize
Sets the maximum RPC record size that NIS+ can use
over connection oriented transports. The minimum
record size is 9000, which is the default. The default
value will be used in place of any value less than
9000. The value of this attribute is a decimal integer
from 9000 to 2**31, inclusive.
Storing Configuration Attributes in LDAP
Most attributes described on this man page, as well as those
from NIS+LDAPmapping(4), can be stored in LDAP. In order to
do so, you will need to add the following definitions to
your LDAP server, which are described here in LDIF format
suitable for use by ldapadd(1). The attribute and object
class OIDs are examples only.
dn: cn=schema
changetype: modify
add: attributetypes
OIDattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' \
DESC 'Default LDAP base DN used by a DUA' \
EQUALITY distinguishedNameMatch \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' \
DESC 'Preferred LDAP server host addresses used by DUA' \
EQUALITY caseIgnoreMatch \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' \
DESC 'Authentication method used to contact the DSA' \
EQUALITY caseIgnoreMatch \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.0 \
NAME 'nisplusLDAPTLS' \
DESC 'Transport Layer Security' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.1 \
NAME 'nisplusLDAPTLSCertificateDBPath' \
DESC 'Certificate file' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.2 \
NAME 'nisplusLDAPproxyUser' \
DESC 'Proxy user for data store/retrieval' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.3 \
NAME 'nisplusLDAPproxyPassword' \
DESC 'Password/key/shared secret for proxy user' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.4 \
NAME 'nisplusLDAPinitialUpdateAction' \
DESC 'Type of initial update' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.5 \
NAME 'nisplusLDAPinitialUpdateOnly' \
DESC 'Exit after update ?' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.6 \
NAME 'nisplusLDAPretrieveErrorAction' \
DESC 'Action following an LDAP search error' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.7 \
NAME 'nisplusLDAPretrieveErrorAttempts' \
DESC 'Number of times to retry an LDAP search' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.8 \
NAME 'nisplusLDAPretrieveErrorTimeout' \
DESC 'Timeout between each search attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.9 \
NAME 'nisplusLDAPstoreErrorAction' \
DESC 'Action following an LDAP store error' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.10 \
NAME 'nisplusLDAPstoreErrorAttempts' \
DESC 'Number of times to retry an LDAP store' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.11 \
NAME 'nisplusLDAPstoreErrorTimeout' \
DESC 'Timeout between each store attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.12 \
NAME 'nisplusLDAPrefreshErrorAction' \
DESC 'Action when refresh of NIS+ data from LDAP fails' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.13 \
NAME 'nisplusLDAPrefreshErrorAttempts' \
DESC 'Number of times to retry an LDAP refresh' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.14 \
NAME 'nisplusLDAPrefreshErrorTimeout' \
DESC 'Timeout between each refresh attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.15 \
NAME 'nisplusNumberOfServiceThreads' \
DESC 'Max number of RPC service threads' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.16 \
NAME 'nisplusThreadCreationErrorAction' \
DESC 'Action when a non-RPC-service thread creation fails' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.17 \
NAME 'nisplusThreadCreationErrorAttempts' \
DESC 'Number of times to retry thread creation' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.18 \
NAME 'nisplusThreadCreationErrorTimeout' \
DESC 'Timeout between each thread creation attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.19 \
NAME 'nisplusDumpErrorAction' \
DESC 'Action when a NIS+ dump fails' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.20 \
NAME 'nisplusDumpErrorAttempts' \
DESC 'Number of times to retry a failed dump' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.21 \
NAME 'nisplusDumpErrorTimeout' \
DESC 'Timeout between each dump attempt' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.22 \
NAME 'nisplusResyncService' \
DESC 'Service provided during a resync' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.23 \
NAME 'nisplusUpdateBatching' \
DESC 'Method for batching updates on master' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.24 \
NAME 'nisplusUpdateBatchingTimeout' \
DESC 'Minimum time to wait before pinging replicas' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.25 \
NAME 'nisplusLDAPmatchFetchAction' \
DESC 'Should pre-fetch be done ?' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.26 \
NAME 'nisplusLDAPbaseDomain' \
DESC 'Default domain name used in NIS+/LDAP mapping' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.27 \
NAME 'nisplusLDAPdatabaseIdMapping' \
DESC 'Defines a database id for a NIS+ object' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.28 \
NAME 'nisplusLDAPentryTtl' \
DESC 'TTL for cached objects derived from LDAP' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.29 \
NAME 'nisplusLDAPobjectDN' \
DESC 'Location in LDAP tree where NIS+ data is stored' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.30 \
NAME 'nisplusLDAPcolumnFromAttribute' \
DESC 'Rules for mapping LDAP attributes to NIS+ columns' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.31 \
NAME 'nisplusLDAPattributeFromColumn' \
DESC 'Rules for mapping NIS+ columns to LDAP attributes' \
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 1.3.6.1.4.1.42.2.27.5.42.42.19.0 NAME 'nisplusLDAPconfig' \
DESC 'NIS+/LDAP mapping configuration' \
SUP top STRUCTURAL MUST ( cn ) \
MAY ( preferredServerList $ defaultSearchBase $
authenticationMethod $ nisplusLDAPTLS $
nisplusLDAPTLSCertificateDBPath $
nisplusLDAPproxyUser $ nisplusLDAPproxyPassword $
nisplusLDAPinitialUpdateAction $
nisplusLDAPinitialUpdateOnly $
nisplusLDAPretrieveErrorAction $
nisplusLDAPretrieveErrorAttempts $
nisplusLDAPretrieveErrorTimeout $
nisplusLDAPstoreErrorAction $
nisplusLDAPstoreErrorAttempts $
nisplusLDAPstoreErrorTimeout $
nisplusLDAPrefreshErrorAction $
nisplusLDAPrefreshErrorAttempts $
nisplusLDAPrefreshErrorTimeout $
nisplusNumberOfServiceThreads $
nisplusThreadCreationErrorAction $
nisplusThreadCreationErrorAttempts $
nisplusThreadCreationErrorTimeout $
nisplusDumpErrorAction $
nisplusDumpErrorAttempts $
nisplusDumpErrorTimeout $
nisplusResyncService $ nisplusUpdateBatching $
nisplusUpdateBatchingTimeout $
nisplusLDAPmatchFetchAction $
nisplusLDAPbaseDomain $
nisplusLDAPdatabaseIdMapping $
nisplusLDAPentryTtl $
nisplusLDAPobjectDN $
nisplusLDAPcolumnFromAttribute $
nisplusLDAPattributeFromColumn ) )
Create a file containing the following LDIF data. Substitute
your actual search base for searchBase, and your fully qual-
ified domain name for domain:
dn: cn=domain,searchBase
cn: domain
objectClass: top
objectClass: nisplusLDAPconfig
Use this file as input to the ldapadd(1) command in order to
create the NIS+/LDAP configuration entry. Initially, the
entry is empty. You can use the ldapmodify(1) command to
add configuration attributes.
EXAMPLES
Example 1: Creating a NIS+/LDAP Configuration Entry
To set the nisplusNumberOfServiceThreads attribute to 32,
create the following file and use it as input to ldapmo-
dify(1):
dn: cn=domain,searchBase
nisplusNumberOfServiceThreads: 32
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWnisr |
|_____________________________|_____________________________|
| Interface Stability | Obsolete |
|_____________________________|_____________________________|
SEE ALSO
nisldapmaptest(1M), rpc.nisd(1M), NIS+LDAPmapping(4), attri-
butes(5)
System Administration Guide: Naming and Directory Services
(DNS, NIS, and LDAP)
Man(1) output converted with
man2html