1NISLDAPmapping(4) File Formats NISLDAPmapping(4)
2
6 NISLDAPmapping - mapping file used by the NIS server components
7
9 /var/yp/NISLDAPmapping
10
13 The NISLDAPmapping file specifies the mapping between NIS map entries
14 and equivalent Directory Information Tree (DIT) entries. The syntax of
15 this file is based on the equivalent NIS+ to LDAP mapping file,
16 NIS+LDAPmapping(4).
17 The presence of /var/yp/NISLDAPmapping on a NIS master server causes
20 that server to obtain NIS data from LDAP. See ypserv(4). If
21 /var/yp/NISLDAPmapping is present but the connection configuration file
22 that is defined in /etc/default/ypserv cannot be found, a warning is
23 logged. See ypserv(1M).
24 NIS slave servers always obtain their data from a NIS master server,
27 whether or not that server is getting data from LDAP, and ignore the
28 /var/yp/NISLDAPmapping file.
29 A simple NISLDAPmapping file is created using inityp2l(1M). You can
32 customize your NISLDAPmapping file as you require.
33 Each attribute defined below can be specified in/var/yp/NISLDAPmap‐
36 pingLDAP or as an LDAP attribute. If both are specified, then the
37 attribute in /var/yp/NISLDAPmapping (including empty values) takes
38 precedence.
39 A continuation is indicated by a '\' (backslash) in the last position,
42 immediately before the newline of a line. Characters are escaped, that
43 is, exempted from special interpretation, when preceeded by a backslash
44 character.
45 The '#' (hash) character starts a comment. White space is either ASCII
48 space or a horizontal tab. In general, lines consist of optional white
49 space, an attribute name, at least one white space character, and an
50 attribute value.
51
53 File Syntax
54 Repeated fields, with separator characters, are described by the fol‐
55 lowing syntax:
56 One or more entries entry:entry:entry
58 entry[":"...]
60 Zero or more entries
64 [entry":"...]
65 Attributes
69 Attributes generally apply to one more more NIS maps. Map names can be
70 specified either on their own,that is in passwd.byname, in which case
71 they apply to all domains, or for individual NIS domains, for example,
72 in passwd.byname,example.sun.uk. Where a map is mentioned in more than
73 one attribute, both versions are applied. If any parts of the
74 attributes are in conflict, the domain specific version takes prece‐
75 dence over the non-domain specific version.
76 Each domain specific attributes must appear in NISLDAPmapping before
79 any related non-domain specific attribute. If non-domain specific
80 attributes appear first, behavior may be unpredictable. Errors are
81 logged when non-domain specific attributes are found first.
82 You can associate a group of map names with a databaseId. In effect, a
85 macro is expanded to the group of names. Use this mechanism where the
86 same group of names is used in many attributes or where domain specific
87 map names are used. Then, you can make any changes to the domain name
88 in one place.
89 Unless otherwise noted, all elements of the syntaxes below may be sur‐
92 rounded by white space. Separator characters and white space must be
93 escaped if they are part of syntactic elements.
94 The following attributes are recognized.
97 nisLDAPdomainContext
99 The context to use for a NIS domain.
101 The syntax for nisLDAPdomainContext is:
103 NISDomainName ":" context
105 The following is an example of the nisLDAPdomainContext attribute:
107 domain.one : dc=site, dc=company, dc=com
109 The mapping file should define the context for each domain before
111 any other attribute makes use of the NISDomainName specified for
112 that domain.
113 nisLDAPyppasswddDomains
116 Lists the domains for which password changes should be made. NIS
118 password change requests do not specify the domains in which any
119 given password should be changed. In traditional NIS this informa‐
120 tion is effectively hard coded in the NIS makefile.
121 The syntax for the nisLDAPyppasswddDomains attribute is:
123 domainname
125 If there are multiple domains, use multiple nisLDAPyppasswddDomain
127 entries withone domainname per entry.
128 nisLDAPdatabaseIdMapping
131 Sets up an alias for a group of NIS map names. There is no default
133 value.
134 The syntax for the nisLDAPdatabaseIdMapping attribute is:
136 databaseId ":" ["["indexlist"]"] mapname[" "...]
138 where
140 databaseId = Label identifying a (subset of a) NIS
142 object for mapping purposes.
143 indexlist = fieldspec[","...]
144 fieldspec = fieldname "=" fieldvalue
145 fieldname = The name of a entry field as defined in
146 nisLDAPnameFields.
147 fieldvalue = fieldvaluestring | \" fieldvaluestring \"
148 indexlist is used for those cases where it is necessary to select a
150 subset of entries from a NIS map. The subset are those NIS entries
151 that match the indexlist. If there are multiple specifications
152 indexed for a particular NIS map, they are tried in the order
153 retrieved until one matches. Note that retrieval order usually is
154 unspecified for multi-valued LDAP attributes. Hence, if using
155 indexed specifications when nisLDAPdatabaseIdMapping is retrieved
156 from LDAP, make sure that the subset match is unambiguous.
157 If the fieldvaluestring contains white space or commas, it must
159 either be surrounded by double quotes, or the special characters
160 must be escaped. Wildcards are allowed in the fieldvaluestring. See
161 Wildcards
162 To associate the passwd.byname and passwd.byuid maps with the
164 passwd databaseId:
165 passwd:passwd.byname passwd.byuid
167 The passwd and passwd.adjunct databaseIds receive special handling.
169 In addition to its normal usage, passwd defines which maps yppass‐
170 wdd is to update when a passwd is changed. In addition to its nor‐
171 mal usage passwd.adjunct defines which maps yppasswdd is to update
172 when an adjunct passwd is changed.
173 You may not alias a single map name to a different name, as the
175 results are unpredictable.
176 nisLDAPentryTtl
179 Establish TTLs for NIS entries derived from LDAP.
181 The syntax for the nisLDAPentryTtl attribute is:
183 mapName[" "...]":"
185 initialTTLlo ":" initialTTLhi ":" runningTTL
186 where
188 initialTTLlo The lower limit for the initial TTL (in seconds)
190 for data read from LDAP when the ypserv starts. If
191 the initialTTLhi also is specified, the actual ini‐
192 tialTTL will be randomly selected from the interval
193 initialTTLlo to initialTTLhi , inclusive. Leaving
194 the field empty yields the default value of 1800
195 seconds.
196 initialTTLhi The upper limit for the initial TTL. If left empty,
199 defaults to 5400.
200 runningTTL The TTL (in seconds) for data retrieved from LDAP
203 while the ypserv is running. Leave the field empty
204 to obtain the default value of 3600 seconds.
205 If there is no specification of TTLs for a particular map, the
207 default values are used.
208 If the initialTTLlo and initialTTLhi have the same value, the
210 effect will be that all data known to the ypserv at startup times
211 out at the same time. Depending on NIS data lookup patterns, this
212 could cause spikes in ypserv-to-LDAP traffic. In order to avoid
213 that, you can specify different initialTTLlo and initialTTLhi val‐
214 ues, and obtain a spread in initial TTLs.
215 The following is an example of the nisLDAPentryTtl attribute used
217 to specify that entries in the NIS host maps read from LDAP should
218 be valid for four hours. When ypserv restarts, the disk database
219 entries are valid for between two and three hours.
220 hosts.byname hosts.byaddr:7200:10800:14400
222 nisLDAPobjectDN
226 Specifies the connection between a group of NIS maps and the LDAP
228 directory. This attribute also defines the 'order' of the NIS maps.
229 When NIS maps are bulk copied to or from the DIT, they are pro‐
230 cessed in the same order as related nisLDAPobjectDN attributes
231 appear in /var/yp/NISLDAPmapping.
232 The syntax for the nisLDAPobjectDN attribute is:
234 mapName[" "...] ":" objectDN *( ";" objectDN )
236 where
238 objectDN = readObjectSpec [":"[writeObjectSpec]]
240 readObjectSpec = [baseAndScope [filterAttrValList]]
241 writeObjectSpec = [baseAndScope [attrValList]]
242 baseAndScope = [baseDN] ["?" [scope]]
243 filterAttrValList = ["?" [filter | attrValList]]]
244 scope = "base" | "one" | "sub"
245 attrValList = attribute "=" value
246 *("," attribute "=" value)
247 The baseDN defaults to the value of the nisLDAPdomainContext
249 attribute for the accessed domain. If the baseDN ends in a comma,
250 the nisLDAPdomainContext value is appended.
251 scope defaults to one. scope has no meaning and is ignored in a
253 writeObjectSpec.
254 The filter is an LDAP search filter and has no default value.
256 The attrValList is a list of attribute and value pairs. There is no
258 default value.
259 As a convenience, if an attrValList is specified in a readObject‐
261 Spec, it is converted to a search filter by ANDing together the
262 attributes and the values. For example, the attribute and value
263 list:
264 objectClass=posixAccount,objectClass=shadowAccount
266 is converted to the filter:
268 (&(objectClass=posixAccount)\
270 (objectClass=shadowAccount))
271 Map entries are mapped by means of the relevant mapping rules in
273 the nisLDAPnameFields and nisLDAPattributeFromField .
274 If a writeObjectSpec is omitted, the effect is one of the follow‐
276 ing:
277 o If there is no trailing colon after the readObjectSpec,
279 then there is no write at all.
280 o If there is a colon after the readObjectSpec, then
282 writeObjectSpec equals readObjectSpec.
283 The following is an example of a nisLDAPobjectDN attribute declara‐
284 tion that gets the hosts.byaddr map entries from the ou=Hosts con‐
285 tainer under the default search base and writes to the same place.
286 hosts.byaddr:ou=Hosts,?one?objectClass=ipHost:
288 The following is an example of a nisLDAPobjectDN attribute declara‐
290 tion that obtains passwd map entries from the ou=People containers
291 under the default search base, and also from dc=another,dc=domain.
292 passwd:ou=People,?one?\
294 objectClass=shadowAccount,\
295 objectClass=posixAccount:;\
296 ou=People,dc=another,dc=domain,?one?\
297 objectClass=shadowAccount,\
298 objectClass=posixAccount
299 nisLDAPnameFields
303 Specifies the content of entries in a NIS map and how they should
305 be broken into named fields. nisLDAPnameFields is required because
306 unlike NIS+, NIS maps do not store information in named fields.
307 The syntax for the nisLDAPnameFields attribute is as follows:
309 "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
311 fieldName = nameOrArrayName[","...]
312 nameOrArrayName = Name of field or 'array' of repeated fields.
313 matchspec = \" formatString \"
314 formatString may contains a list of %s and %a elements each of
316 which represents a single named field or a list of repeated fields.
317 A %a field is interpreted as an IPv4 address or an IPv6 address in
318 preferred format. If an IPv6 address in non preferred format is
319 found, then it is converted and a warning is logged.
320 Where there are a list of repeated fields, the entire list is
322 stored as one entry. The fields are broken up into individual
323 entries, based on the internal separator, at a latter stage. Other
324 characters represent separators which must be present. Any separa‐
325 tor, including whitespace, specified by the formatString, may be
326 surrounded by a number of whitespace and tab characters. The white‐
327 space and tab characters are ignored.
328 Regardless of the content of this entry some fieldNames are
330 reserved:
331 rf_key The DBM key value
333 rf_ipkey The DBM key value handled as an IP address. See
336 the discussion of %a fields.
337 rf_comment Everything following the first occurance of a
340 symbol. rf_comment is defined by nisLDAPcom‐
341 mentChar.
342 rf_domain The name of the domain in which the current NIS
345 operation is being carried out.
346 rf_searchipkey The rf_searchkey value handled as an IP address.
349 See the discussion of %a fields above.
350 rf_searchkey See the description under nisLDAPattributeFrom‐
353 Field below.
354 For example, the rpc.bynumber map has the format:
356 name number alias[" "...]
358 The NIS to LDAP system is instructed to break it into a name, a
360 number, and an array of alias field by the following entry in the
361 mapping file:
362 nisLDAPnameFields rpc.bynumber : \
364 "%s %s %s", name,number,aliases)
365 nisLDAPsplitFields
369 Defines how a field, or list of fields, named by nisLDAPnameFields
371 is split into subfields. The original field is compared with each
372 line of this attribute until one matches. When a match is found
373 named subfields are generated. In latter operations subfield names
374 can be used in the same way as other field names.
375 The syntax for the nisLDAPsplitFields attribute is as follows:
377 "nisLDAPsplitFields" fieldName ":" splitSpec[","...]
379 splitSpec = "(" matchspec "," subFieldNames ")"
380 fieldName = Name of a field from nisLDAPnameFields
381 subFieldNames = subFieldname[","...]
382 matchspec = \" formatString \"
383 The netgroup memberTriples can have format (host, user, domain) or
385 groupname. The format is specified by the attribute:
386 nisLDAPsplitField memberTriple: \
388 ("(%s,%s,%s)", host, user, domain) , \
389 ("%s", group)
390 Later operations can then use field names host, user, domain, group
392 or memberTriple. Because lines are processed in order, if host,
393 user and domain are found, group will not be generated.
394 Several maps and databaseIds may contain fields that are to be
396 split in the same way. As a consequence, the names of fields to be
397 split must be unique across all maps and databaseIds.
398 Only one level of spliting is supported.That is, a subfield cannot
400 be split into further subfields.
401 nisLDAPrepeatedFieldSeparators
404 Where there is a list of repeated, splitable fields, nisLDAPrepeat‐
406 edFieldSeparators specifies which characters separate instances of
407 the splitable field.
408 The syntax for the nisLDAPrepeatedFieldSeparators attribute is as
410 follows:
411 "nisLDAPrepeatedFieldSeparators" fieldName \"sepChar[...]\"
413 sepChar = A separator character.
414 The default value is space or tab. If repeated splitable fields are
416 adjacent, that is, there is no separating character, then the fol‐
417 lowing should be specified:
418 nisLDAPrepeatedFieldSeparators netIdEntry: ""
420 nisLDAPcommentChar
424 Specifies which character represents the start of the special com‐
426 ment field in a given NIS map. If this attribute is not present
427 then the default comment character # is used.
428 To specify that a map uses a asterix to mark the start of comments.
430 nisLDAPcommentChar mapname : '*'
432 If a map cannot contain comments, then the following attribute
434 should be specified.
435 nisLDAPcommentChar mapname : ''
437 nisLDAPmapFlags
441 Indicates if YP_INTERDOMAIN or YP_SECURE entries should be created
443 in a map. Using nisLDAPmapFlags is equivalent to running
444 makedbm(1M) with the -b or the -s option. When a map is created
445 from the contents of the DIT, the mapping file attribute is the
446 only source for the YP_INTERDOMAIN or YP_SECURE entries.
447 The syntax for the nisLDAPmapFlags attribute is as follows:
449 "nisLDAPmapFlags" mapname ":" ["b"]["s"]
451 By default neither entry is created.
453 nisLDAPfieldFromAttribute
456 Specifies how a NIS entries field values are derived from LDAP
458 attribute values.
459 The syntax for the nisLDAPfieldFromAttribute attribute is as fol‐
461 lows:
462 mapName ":" fieldattrspec *("," fieldattrspec)
464 The format of fieldattrspec is shown below at Field and Attribute
466 Conversion Syntax.
467 To map by direct copy and assignment the value of the ipHostNumber
469 attribute to the addr named field, for example:
470 addr=ipHostNumber
472 Formats for the named field and attribute conversion syntax are
474 discussed below, including examples of complex attribute to field
475 conversions.
476 nisLDAPattributeFromField
479 Specifies how an LDAP attribute value is derived from a NIS entriy
481 field value.
482 The syntax for the nisLDAPattributeFromField attribute is as fol‐
484 lows:
485 mapName ":" fieldattrspec *("," fieldattrspec )
487 The format of fieldattrspec is shown below at Field and Attribute
489 Conversion Syntax.
490 As a special case, if the dn attribute value derived from a field‐
492 attrspec ends in a comma (","), the domains context from nisLDAPdo‐
493 mainContext is appended.
494 Use the following example to map the value of the addr field to the
496 ipHostNumber attribute by direct copy and assignment:
497 ipHostNumber=addr
499 All relevant attributes, including the dn, must be specified.
501 For every map it must be possible to rapidly find a DIT entry based
503 on its key. There are some maps for which a NIS to LDAP mapping for
504 the key is not desirable, so a key mapping cannot be specified. In
505 these cases a mapping that uses the reserved rf_searchkey must be
506 specified. Mappings that use this field name are ignored when
507 information is mapped into the DIT.
508 Field and Attribute Conversion Syntax
511 The general format of a fieldattrspec is:
512 fieldattrspec = lhs "=" rhs
514 lhs = lval | namespeclist
515 rhs = rval | [namespec]
516 namespeclist = namespec | "(" namespec *("," namespec) ")"
517 The lval and rval syntax are defined below at Values. The format of a
521 namespec is:
522 namespec
524 ["ldap:"] attrspec [searchTriple] | ["yp:"] fieldname
525 [mapspec]
526 fieldname
530 field | "(" field ")"
531 attrspec
535 attribute | "(" attribute ")"
536 searchTriple
540 ":" [baseDN] ["?" [scope] ["?" [filter]]]
541 baseDN Base DN for search
545 filter LDAP search filter
548 mapspec Map name
551 The repository specification in a namespec defaults is as follows:
555 o For assignments to a field:
557 on the LHS yp
560 on the RHS ldap
563 NIS field values on the RHS are those that exist before the NIS
566 entry is modified.
567 o For assignments to an attribute:
569 on the LHS ldap
572 on the RHS yp
575 Attribute values on the RHS are those that exist before the LDAP
578 entry is modified.
579 When the field or attribute name is enclosed in parenthesis, it denotes
582 a list of field or attribute values. For attributes, the meaning is the
583 list of all attributes of that name, and the interpretation depends on
584 the context. See the discussion at Values. The list specification is
585 ignored when a searchTriple or mapspec is supplied.
586 For fields, the fieldname syntax is used to map multiple attribute
589 instances to multiple NIS entries.
590 The searchTriple can be used to specify an attribute from a location
593 other than the read or write target. The defaultvalues are as follows:
594 baseDN If baseDN is omitted, the default is the current objectDN. If
596 the baseDN ends in a comma, the context of the domain is
597 appended from nisLDAPdomainContext .
598 scope one
601 filter Empty
604 Similarly, the mapspec can be used to specify a field value from a NIS
608 map other than the one implicitly indicated by the mapName. If
609 searchTriple or mapspec is explicitly specified in a namespec, the
610 retrieval or assignment, whether from or to LDAP or NIS, is performed
611 without checking if read and write are enabled for the LDAP container
612 or NIS map.
613 The ommision of the namespec in an rhs is only allowed if the lhs is
616 one or more attributes. The effect is to delete the specified
617 attribute(s). In all other situations, an omitted namespec means that
618 the rule is ignored.
619 The filter can be a value. See Values. For example, to find the ipHost‐
622 Numberthat uses the cn, you specify the following in the filter field:
623 ldap:ipHostNumber:?one?("cn=%s", (cname, "%s.*"))
625 In order to remove ambiguity, the unmodified value of a single field or
629 attribute must be specified as the following when used in the filter
630 field.
631 ("%s", namespec)
633 If the filter is not specified, the scope will be base, and the baseDN
637 is assumed to be the DN of the entry that contains the attribute to be
638 retrieved or modified. To use previously existing field or attribute
639 values in the mapping rules requires a lookup to find those values.
640 Obviously, this adds to the time required to perform the modification.
641 Also, there is a window between the time when a value is retrieved and
642 then slightly later stored back. If the values have changed in the mean
643 time, the change may be overwritten.
644 When fieldattrspecs are grouped into rule sets, in the value of a
647 nisLDAPfieldFromAttribute or nisLDAPattributeFromField attribute, the
648 evaluation of the fieldattrspecs proceed in the listed order. However,
649 evaluation may be done in parallel for multiple fieldattrspecs. If
650 there is an error when evaluating a certain fieldattrspec, including
651 retrieval or assignment of entry or field values, the extent to which
652 the other fieldattrspec rules are evaluated is unspecified.
653 Wildcards
655 Where wildcard support is available, it is of the following limited
656 form:
657 * Matches any number of characters
659 [x] Matches the character x
662 [x-y] Matches any character in the range x to y, inclusive
665 Combinations such as [a-cA-C0123] are also allowed, which would match
669 any one of a, b, c, A, B, C, 0, 1, 2, or 3.
670 Substring Extraction
672 substringextract = "(" namespec "," matchspec ")"
673 name = field or attribute name
674 matchspec =
675 The matchspec is a string like the sscanf(3C) format string, except
679 that there may be at most one format specifier, a single %s. The output
680 value of the substringextract is the substring that matches the loca‐
681 tion of the %s.
682 If there is no %s in the formatstring, it must instead be a single
685 character, which is assumed to be a field separator for the namespec.
686 The output values are the field values. Wild cards are supported. If
687 there is no match, the output value is the empty string, " ".
688 For example, if the fieldcname has the value user.some.domain.name.,
691 the value of the expression:
692 (cname, "%s.*")
694 is user, which can be used to extract the user name from a NIS princi‐
698 pal name.
699 Similarly, use this expression to extract the third of the colon-sepa‐
702 rated fields of the shadow field:
703 (shadow, "*:*:%s:*")
705 This form can be used to extract all of the shadow fields. However, a
709 simpler way to specify that special case is:
710 (shadow, ":")
712 Values
715 lval = "(" formatspec "," namespec *("," namespec) ")"
716 rval = "(" formatspec ["," namelist ["," elide] ] ")"
717 namelist = name_or_sse *( "," name_or_sse)
719 name_or_sse = namespec | removespec | substringextract
720 removespec = list_or_name "-" namespec
721 list_or_name = "(" namespec ")" | namespec
722 formatspec =
723 formatstring = A string combining text and % field specifications
724 elide =
725 singlechar = Any character
726 The syntax above is used to produce rval values that incorporate field
730 or attribute values, in a manner like sprintf(3C), or to perform
731 assignments to lval like sscanf(3C). One important restriction is that
732 the format specifications,% plus a single character, use the designa‐
733 tions from ber_printf(3LDAP). Thus, while %s is used to extract a
734 string value, %i causes BER conversion from an integer. Formats other
735 than %s, for instance, %i, are only meaningfully defined in simple for‐
736 mat strings without any other text.
737 The following ber_printf() format characters are recognized:
740 b i n o s
742 If there are too few format specifiers, the format string may be
746 repeated as needed.
747 When used as an lval, there is a combination of pattern matching and
750 assignment, possibly to multiple fields or attributes.
751 In an assignment to an attribute, if the value of the addr field is
754 1.2.3.4, the rval:
755 ("ipNetworkNumber=%s,", addr)
757 produces the value ipNetworkNumber=1.2.3.4,, while:
761 ("(%s,%s,%s)", host, user, domain)
763 results in:
767 (assuming host="xyzzy", user="-", domain="x.y.z")
769 "(xyzzy,-,x.y.z)"
770 The elide character feature is used with attribute lists. So:
774 ("%s,", (mgrprfc822mailmember), ",")
776 concatenates all mgrprfc822mailmember values into one comma-separated
780 string, and then elides the final trailing comma. Thus, for
781 mgrprfc822mailmember=usera
783 mgrprfc822mailmember=userb
784 mgrprfc822mailmember=userc
785 the value would be:
789 usera,userb,userc
791 As a special case, to combine an LHS extraction with an RHS implicit
795 list creates multiple entries and values. So
796 ("(%s,%s,%s)", host, user, domain)=(nisNetgroupTriple)
798 creates one NIS entry for each nisNetgroupTriple value.
802 The 'removespec' form is used to exclude previously assigned fields
805 values from a list. So, if an LDAP entry contains:
806 name: foo
808 cn: foo
809 cn: foo1
810 cn: foo2
811 and the mapping file specifies :
815 myName = name, \
817 myAliases = ("%s ", (cn) - yp:myName, " ")
818 then the following assignments are carried out:
822 1. Assign value foo to myName
824 2. Assign value foo foo1 foo2 to myAliases
826 3. Remove value of myName from value myAliases
828 This results in the field values myName is set to foo, and myAliases is
831 set to foo1 foo2.
832 Assignments
834 The assignment syntax, also found at Field and Attribute Conversion
835 Syntax, is as follows:
836 fieldattrspec = lhs "=" rhs
838 lhs = lval | namespeclist
839 rhs = rval | namespec
840 namespeclist = namespec | "(" namespec *("," namespec) ")"
841 The general form of a simple assignment, which is a one-to-one mapping
845 of field to attribute, is:
846 ("%s", fieldname)=("%s", attrname)
848 As a convenient shorthand, this can also be written as:
852 fieldname=attrname
854 A list specification, which is a name enclosed in parenthesis, can be
858 used to make many-to-many assignments. The expression:
859 (fieldname)=(attrname)
861 where there are multiple instances of attrname, creates one NIS entry
865 for each such instance, differentiated by their fieldname values. The
866 following combinations of lists are allowed, but they are not particu‐
867 larly useful:
868 (attrname)=(fieldname) Equivalent to attrname=fieldname
870 attrname=(fieldname) Equivalent to attrname=fieldname
873 (fieldname)=attrname Equivalent to fieldname=attrname
876 fieldname=(attrname) Equivalent to fieldname=attrname
879 If a multi-valued RHS is assigned to a single-valued LHS, the LHS value
883 will be the first of the RHS values. If the RHS is an attribute list,
884 the first attribute is the first one returned by the LDAP server when
885 queried. Otherwise, the definition of "first"is implementation depen‐
886 dent.
887 Finally, the LHS can be an explicit list of fields or attributes, such
890 as:
891 (name1,name2,name3)
893 If the RHS is single-valued, this assigns the RHS value to all entities
897 in the list. If the RHS is multi-valued, the first value is assigned to
898 the first entity of the list, the second value to the second entity,
899 and so on. Excess values or entities are silently ignored.
900
902 Example 1 Assigning an Attribute Value to a Field
903 The following example illustrates how to assign the value of the
906 ipHostNumber attribute to the addr field
907 addr=ipHostNumber
910 Example 2 Creating Multiple NIS Entries from Multi-Valued LDAP
913 Attributes
914 An LDAP entry with:
917 cn=name1
920 cn=name2
921 cn=name3
922 and the following assignments:
926 cname=cn
929 (name)=(cn)
930 creates three NIS entries. Other attributes and fields are omitted for
934 clarity.
935 cname=name1, name=name1
938 cname=name1, name=name2
939 cname=name1, name=name3
940 Example 3 Assigning String Constants
943 The following expression sets the passwd field to x:
946 passwd=("x")
949 Example 4 Splitting Field Values to Multi-Valued Attributes
952 The expansion field contains a comma-separated list of alias member
955 names. In the following example, the expression assigns each member
956 name to an instance of mgrprfc822mailmember:
957 (mgrprfc822mailmember)=(expansion, ",")
960
963 /var/yp/NISLDAPmapping Mapping file used by the NIS server compo‐
964 nents
965
968 See attributes(5) for descriptions of the following attributes:
969 ┌─────────────────────────────┬─────────────────────────────┐
974 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
975 ├─────────────────────────────┼─────────────────────────────┤
976 │Availability │SUNWypu │
977 ├─────────────────────────────┼─────────────────────────────┤
978 │Interface Stability │Obsolete │
979 └─────────────────────────────┴─────────────────────────────┘
980
982 inityp2l(1M), makedbm(1M), ypserv(1M), ber_printf(3LDAP), sprintf(3C),
983 sscanf(3C), NIS+LDAPmapping(4), ypserv(4), attributes(5)
984 System Administration Guide: Naming and Directory Services (DNS, NIS,
987 and LDAP)
988SunOS 5.11 29 Mar 2006 NISLDAPmapping(4)