1rpc.nisd(4) File Formats rpc.nisd(4)
2
6 rpc.nisd - configuration file for NIS+ service daemon
7
9 /etc/default/rpc.nisd
10
13 The rpc.nisd file specifies configuration information for the
14 rpc.nisd(1M) server. Configuration information can come from a combina‐
15 tion of three places. It can be derived from LDAP. It can be specified
16 in the rpc.nisd file. It can be specified on the rpc.nisd(1M) command
17 line. The values in the rpc.nisd file override values obtained from the
18 LDAP server. Command line values supersede values in the configuration
19 file.
20 The NIS+LDAPmapping(4) file contains mapping information connecting
23 NIS+ object data to LDAP entries. See the NIS+LDAPmapping(4) manual
24 page for an overview of the setup needed to map NIS+ data to or from
25 LDAP.
26 Attributes
28 The rpc.nisd(1M) server recognizes the following attributes. Any values
29 specified for these attributes in the rpc.nisd file, including an empty
30 value, override values obtained from LDAP. However, the nisplusLDAPcon‐
31 fig* values are read from the rpc.nisd file or the command line only.
32 They are not obtained from LDAP.
33 The following are attributes used for initial configuration.
36 nisplusLDAPconfigDN
38 The DN for configuration information. If empty, all other nis‐
40 plusLDAPConfig* values are ignored, in the expectation that all
41 attributes are specified in this file or on the command line. When
42 nisplusLDAPConfigDN is not specified at all, the DN is derived from
43 the NIS+ domain name by default. If the domain name is x.y.z., the
44 default nisplusLDAPconfigDN is:
45 nisplusLDAPconfigDN=dc=x,dc=y,dc=z
47 nisplusLDAPconfigPreferredServerList
51 The list of servers to use for the configuration phase. There is no
53 default. The following is an example of a value for nisplusLDAPcon‐
54 figPreferredServerList:
55 nisplusLDAPconfigPreferredServerList=127.0.0.1:389
57 nisplusLDAPconfigAuthenticationMethod
61 The authentication method used to obtain the configuration informa‐
63 tion. The recognized values for nisplusLDAPconfigAuthentication‐
64 Method are:
65 none
67 No authentication attempted.
69 simple
72 Password of proxy user sent in the clear to the LDAP server.
74 sasl/cram-md5
77 Use SASL/CRAM-MD5 authentication. This authentication method
79 may not be supported by all LDAP servers. A password must be
80 supplied.
81 sasl/digest-md5
84 Use SASL/DIGEST-MD5 authentication. This authentication method
86 may not be supported by all LDAP servers. A password must be
87 supplied.
88 There is no default value. The following is an example of a value
90 for nisplusLDAPconfigAuthenticationMethod:
91 nisplusLDAPconfigAuthenticationMethod=simple
93 nisplusLDAPconfigTLS
97 The transport layer security used for the connection to the server.
99 The recognized values are:
100 none
102 No encryption of transport layer data. This is the default
104 value.
105 ssl
108 SSL encryption of transport layer data. A certificate is
110 required.
111 Export and import control restrictions may limit the availability
113 of transport layer security.
114 nisplusLDAPconfigTLSCertificateDBPath
117 The name of the file containing the certificate database. The
119 default path is /var/nis, and the default file name is cert7.db.
120 nisplusLDAPconfigProxyUser
123 The proxy user used to obtain configuration information. There is
125 no default value. If the value ends with a comma, the value of the
126 nisplusLDAPconfigDN attribute is appended. For example:
127 nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People,
129 nisplusLDAPconfigProxyPassword
133 The password that should be supplied to LDAP for the proxy user
135 when the authentication method requires one. In order to avoid hav‐
136 ing this password publically visible on the machine, the password
137 should only appear in the configuration file, and the file should
138 have an appropriate owner, group, and file mode. There is no
139 default value.
140 The following are attributes used for data retrieval. The object class
144 name used for these attributes is nisplusLDAPconfig.
145 preferredServerList
147 The list of servers to use when reading or writing mapped NIS+ data
149 from or to LDAP. There is no default value. For example:
150 preferredServerList=127.0.0.1:389
152 authenticationMethod
156 The authentication method to use when reading or writing mapped
158 NIS+ data from or to LDAP. For recognized values, see the LDAPcon‐
159 figAuthenticationMethod attribute. There is no default value. For
160 example,
161 authenticationMethod=simple
163 nisplusLDAPTLS
167 The transport layer security to use when reading or writing NIS+
169 data from or to LDAP. For recognized values, see the nisplusLDAP‐
170 configTLS attribute. The default value is none. Note that export
171 and import control restrictions may limit the availability of
172 transport layer security.
173 nisplusLDAPTLSCertificateDBPath
176 The name of the file containing the certificate DB. For recognized
178 and default values, see the nisplusLDAPconfigTLSCertificateDBPath
179 attribute.
180 defaultSearchBase
183 The default portion of the DN to use when reading or writing mapped
185 NIS+ data from or to LDAP. The default is derived from the value of
186 the baseDomain attribute, which in turn usually defaults to the
187 NIS+ domain name. If nisplusLDAPbaseDomain has the value x.y.z, the
188 default defaultSearchBase is dc=x,dc=y,dc=z. See the following
189 sample attribute value:
190 defaultSearchBase=dc=somewhere,dc=else
192 nisplusLDAPbaseDomain
196 The domain to append when NIS+ object names are not fully quali‐
198 fied. The default is the domain the rpc.nisd daemon is serving, or
199 the first such domain, if there is more than one candidate.
200 nisplusLDAPproxyUser
203 Proxy user used by the rpc.nisd to read or write from or to LDAP.
205 Assumed to have the appropriate permission to read and modify LDAP
206 data. There is no default value. If the value ends in a comma, the
207 value of the defaultSearchBase attribute is appended. For example:
208 nisplusLDAPproxyUser=cn=nisplusAdmin,ou=People,
210 nisplusLDAPproxyPassword
214 The password that should be supplied to LDAP for the proxy user
216 when the authentication method so requires. In order to avoid hav‐
217 ing this password publically visible on the machine, the password
218 should only appear in the configuration file, and the file should
219 have an appropriate owner, group, and file mode. There is no
220 default value.
221 nisplusLDAPbindTimeout
224 nisplusLDAPsearchTimeout
225 nisplusLDAPmodifyTimeout
226 nisplusLDAPaddTimeout
227 nisplusLDAPdeleteTimeout
228 Establish timeouts for LDAP bind, search, modify, add, and delete
230 operations, respectively. The default value is 15 seconds for each
231 one. Decimal values are allowed.
232 nisplusLDAPsearchTimeLimit
235 Establish a value for the LDAP_OPT_TIMELIMIT option, which sug‐
237 gests a time limit for the search operation on the LDAP server. The
238 server may impose its own constraints on possible values. See your
239 LDAP server documentation. The default is the nis‐
240 plusLDAPsearchTimeout value. Only integer values are allowed.
241 Since the nisplusLDAPsearchTimeout limits the amount of time the
243 client rpc.nisd will wait for completion of a search operation,
244 setting the nisplusLDAPsearchTimeLimit larger than the nis‐
245 plusLDAPsearchTimeout is not recommended.
246 nisplusLDAPsearchSizeLimit
249 Establish a value for the LDAP_OPT_SIZELIMIT option, which suggests
251 a size limit, in bytes, for the search results on the LDAP server.
252 The server may impose its own constraints on possible values. See
253 your LDAP server documentation. The default is zero, which means
254 unlimited. Only integer values are allowed.
255 nisplusLDAPfollowReferral
258 Determines if the rpc.nisd should follow referrals or not. Recog‐
260 nized values are yes and no. The default value is no.
261 nisplusNumberOfServiceThreads
264 Sets the maximum number of RPC service threads that the rpc.nisd
266 may use. Note that the rpc.nisd may create additional threads for
267 certain tasks, so that the actual number of threads running may be
268 larger than the nisplusNumberOfServiceThreads value.
269 The value of this attribute is a decimal integer from zero to
271 (2**31)-1, inclusive. Zero, which is the default, sets the number
272 of service threads to three plus the number of CPUs available when
273 the rpc.nisd daemon starts. For example:
274 nisplusNumberOfServiceThreads=16
276 The following attributes specify the action to be taken when some event
281 occurs. The values are all of the form event=action. The default action
282 is the first one listed for each event.
283 nisplusLDAPinitialUpdateAction
285 Provides the optional capability to update all NIS+ data from LDAP,
287 or vice versa, when the rpc.nisd starts. Depending on various fac‐
288 tors such as both NIS+ and LDAP server and network performance, as
289 well as the amount of data to be uploaded or downloaded, these
290 operations can consume very significant CPU and memory resources.
291 During upload and download, the rpc.nisd has not yet registered
292 with rpcbind, and provides no NIS+ service. When data is downloaded
293 from LDAP, any new items added to the rpc.nisd's database get a TTL
294 as for an initial load. See the description for the nisplusLDAPen‐
295 tryTtl attribute on NIS+LDAPmapping(4).
296 none
298 No initial update in either direction. This is the default.
300 from_ldap
303 Causes the rpc.nisd to fetch data for all NIS+ objects it
305 serves, and for which mapping entries are available, from the
306 LDAP repository.
307 to_ldap
310 The rpc.nisd writes all NIS+ objects for which it is the master
312 server, and for which mapping entries are available, to the
313 LDAP repository.
314 nisplusLDAPinitialUpdateOnly
318 Use in conjunction with nisplusLDAPinitialUpdateAction.
320 no
322 Following the initial update, the rpc.nisd starts serving NIS+
324 requests. This is the default.
325 yes
328 The rpc.nisd exits after the initial update. This value is
330 ignored if specified together with nisplusLDAPinitialUpdateAc‐
331 tion=none.
332 nisplusLDAPretrieveErrorAction
336 If an error occurs while trying to retrieve an entry from LDAP, one
338 of the following actions can be selected:
339 use_cached
341 Action according to nisplusLDAPrefreshError below. This is the
343 default.
344 retry
347 Retry the retrieval the number of time specified by nis‐
349 plusLDAPretrieveErrorAttempts, with the nisplusLDAPretrieveEr‐
350 rorTimeout value controlling the wait between each attempt.
351 try_again
354 unavail
355 no_such_name
356 Return NIS_TRYAGAIN, NIS_UNAVAIL, or NIS_NOSUCHNAME, respec‐
358 tively, to the client. Note that the client code may not be
359 prepared for this and can react in unexpected ways.
360 nisplusLDAPretrieveErrorAttempts
364 The number of times a failed retrieval should be retried. The
366 default is unlimited. The nisplusLDAPretrieveErrorAttempts value is
367 ignored unless nisplusLDAPretrieveErrorAction=retry.
368 nisplusLDAPretrieveErrorTimeout
371 The timeout (in seconds) between each new attempt to retrieve LDAP
373 data. The default is 15 seconds. The value for nisplusLDAPre‐
374 trieveErrorTimeout is ignored unless nisplusLDAPretrieveErrorAc‐
375 tion=retry.
376 nisplusLDAPstoreErrorAction
379 An error occurred while trying to store data to the LDAP reposi‐
381 tory.
382 retry
384 Retry operation nisplusLDAPstoreErrorAttempts times with nis‐
386 plusLDAPstoreErrorTimeout seconds between each attempt. Note
387 that this may tie up a thread in the rpc.nisd daemon.
388 system_error
391 Return NIS_SYSTEMERROR to the client.
393 unavail
396 Return NIS_UNAVAIL to the client. Note that the client code may
398 not be prepared for this and can react in unexpected ways.
399 nisplusLDAPstoreErrorAttempts
403 The number of times a failed attempt to store should be retried.
405 The default is unlimited. The value for nisplusLDAPstoreErrorAt‐
406 tempts is ignored unless nisplusLDAPstoreErrorAction=retry.
407 nisplusLDAPstoreErrortimeout
410 The timeout, in seconds, between each new attempt to store LDAP
412 data. The default is 15 seconds. The nisplusLDAPstoreErrortimeout
413 value is ignored unless nisplusLDAPstoreErrorAction=retry.
414 nisplusLDAPrefreshErrorAction
417 An error occured while trying to refresh a cache entry.
419 continue_using
421 Continue using expired cache entry, if one is available. Oth‐
423 erwise, the action is retry. This is the default.
424 retry
427 Retry operation nisplusLDAPrefreshErrorAttempts times with nis‐
429 plusLDAPrefreshErrorTimeout seconds between each attempt. Note
430 that this may tie up a thread in the rpc.nisd daemon.
431 cache_expired
434 tryagain
435 Return NIS_CACHEEXPIRED or NIS_TRYAGAIN, respectively, to the
437 client. Note that the client code may not be prepared for this
438 and could can react in unexpected ways.
439 nisplusLDAPrefreshErrorAttempts
443 The number of times a failed refresh should be retried. The default
445 is unlimited. This applies to the retry and continue_using actions,
446 but for the latter, only when there is no cached entry.
447 nisplusLDAPrefreshErrorTimeout
450 The timeout (in seconds) between each new attempt to refresh data.
452 The default is 15 seconds. The value for nisplusLDAPrefreshError‐
453 Timeout applies to the retry and continue_using actions.
454 nisplusThreadCreationErrorAction
457 The action to take when an error occured while trying to create a
459 new thread. This only applies to threads controlled by the rpc.nisd
460 daemon not to RPC service threads. An example of threads controlled
461 by the rpc.nisd daemon are those created to serve nis_list(3NSL)
462 with callback, as used by niscat(1) to enumerate tables.
463 pass_error
465 Pass on the thread creation error to the client, to the extent
467 allowed by the available NIS+ error codes. The error might be
468 NIS_NOMEMORY, or another resource shortage error. This action
469 is the default.
470 retry
473 Retry operation nisplusThreadCreationErrorAttempts times, wait‐
475 ing nisplusThreadCreationErrorTimeout seconds between each
476 attempt. Note that this may tie up a thread in the rpc.nisd
477 daemon.
478 nisplusThreadCreationErrorAttempts
482 The number of times a failed thread creation should be retried. The
484 default is unlimited. The value for nisplusThreadCreationErrorAt‐
485 tempts is ignored unless the nisplusThreadCreationErrorAc‐
486 tion=retry.
487 nisplusThreadCreationErrorTimeout
490 The number of seconds to wait between each new attempt to create a
492 thread. The default is 15 seconds. Ignored unless nisplusThreadCre‐
493 ationErrorAction=retry.
494 nisplusDumpError
497 An error occurred during a full dump of a NIS+ directory from the
499 master to a replica. The replica can:
500 retry
502 Retry operation nisplusDumpErrorAttempts times waiting nis‐
504 plusDumpErrorTimeout seconds between each attempt. Note that
505 this may tie up a thread in the rpc.nisd.
506 rollback
509 Try to roll back the changes made so far before retrying per
511 the retry action. If the rollback fails or cannot be performed
512 due to the selected ResyncServiceAction level, the retry action
513 is selected.
514 nisplusDumpErrorAttempts
518 The number of times a failed full dump should be retried. The
520 default is unlimited. When the number of retry attempts has been
521 used up, the full dump is abandoned, and will not be retried again
522 until a resync fails because no update time is available.
523 nisplusDumpErrorTimeout
526 The number of seconds to wait between each attempt to execute a
528 full dump. The default is 120 seconds.
529 nisplusResyncService
532 Type of NIS+ service to be provided by a replica during resync,
534 that is, data transfer from NIS+ master to NIS+ replica. This
535 includes both partial and full resyncs.
536 from_copy
538 Service is provided from a copy of the directory to be resynced
540 while the resync is in progress. Rollback is possible if an
541 error occurs. Note that making a copy of the directory may
542 require a significant amount of time, depending on the size of
543 the tables in the directory and available memory on the sys‐
544 tem.
545 directory_locked
548 While the resync for a directory is in progress, it is locked
550 against access. Operations to the directory are blocked until
551 the resync is done. Rollback is not possible.
552 from_live
555 The replica database is updated in place. Rollback is not pos‐
557 sible. If there are dependencies between individual updates in
558 the resync, clients may be exposed to data inconsistencies
559 during the resync. In particular, directories or tables may
560 disappear for a time during a full dump.
561 nisplusUpdateBatching
565 How updates should be batched together on the master.
567 accumulate
569 Accumulate updates for at least nisplusUpdateBatchingTimeout
571 seconds. Any update that comes in before the timeout has
572 occured will reset the timeout counter. Thus, a steady stream
573 of updates less than nisplusUpdateBatchingTimeout seconds apart
574 could delay pinging replicas indefinitely.
575 bounded_accumulate
578 Accumulate updates for at least nisplusUpdateBatchingTimeout
580 seconds. The default value for timeout is 120 seconds. Incoming
581 updates do not reset the timeout counter, so replicas will be
582 informed once the initial timeout has expired.
583 none
586 Updates are not batched. Instead, replicas are informed imme‐
588 diately of any update. While this should maximize data consis‐
589 tency between master and replicas, it can also cause consider‐
590 able overhead on both master and replicas.
591 nisplusUpdateBatchingTimeout
595 The minimum time (in seconds) during which to accumulate updates.
597 Replicas will not be pinged during this time. The default is 120
598 seconds.
599 nisplusLDAPmatchFetchAction
602 A NIS+ match operation, that is, any search other than a table enu‐
604 meration, will encounter one of the following situations:
605 1. Table believed to be entirely in cache, and all cached
607 entries are known to be valid. The cached tabled data
608 is authoritative for the match operation.
609 2. Table wholly or partially cached, but there may be indi‐
611 vidual entries that have timed out.
612 3. No cached entries for the table. Always attempt to
614 retrieve matching data from LDAP.
615 When the table is wholly or partially cached, the action for the
616 nisplusLDAPmatchFetchAction attribute controls whether or not the
617 LDAP repository is searched:
618 no_match_only
620 Only go to LDAP when there is no match at all on the search of
622 the available NIS+ data, or the match includes at least one
623 entry that has timed out.
624 always
627 Always make an LDAP lookup.
629 never
632 Never make an LDAP lookup.
634 nisplusMaxRPCRecordSize
638 Sets the maximum RPC record size that NIS+ can use over connection
640 oriented transports. The minimum record size is 9000, which is the
641 default. The default value will be used in place of any value less
642 than 9000. The value of this attribute is a decimal integer from
643 9000 to 2^31, inclusive.
644 Storing Configuration Attributes in LDAP
647 Most attributes described on this man page, as well as those from
648 NIS+LDAPmapping(4), can be stored in LDAP. In order to do so, you will
649 need to add the following definitions to your LDAP server, which are
650 described here in LDIF format suitable for use by ldapadd(1). The
651 attribute and object class OIDs are examples only.
652 dn: cn=schema
654 changetype: modify
655 add: attributetypes
656 OIDattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 \
657 NAME 'defaultSearchBase' \
658 DESC 'Default LDAP base DN used by a DUA' \
659 EQUALITY distinguishedNameMatch \
660 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
661 attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 \
662 NAME 'preferredServerList' \
663 DESC 'Preferred LDAP server host addresses used by DUA' \
664 EQUALITY caseIgnoreMatch \
665 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
666 attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 \
667 NAME 'authenticationMethod' \
668 DESC 'Authentication method used to contact the DSA' \
669 EQUALITY caseIgnoreMatch \
670 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
671 dn: cn=schema
674 changetype: modify
675 add: attributetypes
676 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.0 \
677 NAME 'nisplusLDAPTLS' \
678 DESC 'Transport Layer Security' \
679 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
680 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.1 \
681 NAME 'nisplusLDAPTLSCertificateDBPath' \
682 DESC 'Certificate file' \
683 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
684 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.2 \
685 NAME 'nisplusLDAPproxyUser' \
686 DESC 'Proxy user for data store/retrieval' \
687 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
688 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.3 \
689 NAME 'nisplusLDAPproxyPassword' \
690 DESC 'Password/key/shared secret for proxy user' \
691 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
692 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.4 \
693 NAME 'nisplusLDAPinitialUpdateAction' \
694 DESC 'Type of initial update' \
695 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
696 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.5 \
697 NAME 'nisplusLDAPinitialUpdateOnly' \
698 DESC 'Exit after update ?' \
699 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
700 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.6 \
701 NAME 'nisplusLDAPretrieveErrorAction' \
702 DESC 'Action following an LDAP search error' \
703 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
704 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.7 \
705 NAME 'nisplusLDAPretrieveErrorAttempts' \
706 DESC 'Number of times to retry an LDAP search' \
707 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
708 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.8 \
709 NAME 'nisplusLDAPretrieveErrorTimeout' \
710 DESC 'Timeout between each search attempt' \
711 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
712 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.9 \
713 NAME 'nisplusLDAPstoreErrorAction' \
714 DESC 'Action following an LDAP store error' \
715 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
716 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.10 \
717 NAME 'nisplusLDAPstoreErrorAttempts' \
718 DESC 'Number of times to retry an LDAP store' \
719 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
720 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.11 \
721 NAME 'nisplusLDAPstoreErrorTimeout' \
722 DESC 'Timeout between each store attempt' \
723 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
724 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.12 \
725 NAME 'nisplusLDAPrefreshErrorAction' \
726 DESC 'Action when refresh of NIS+ data from LDAP fails' \
727 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
728 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.13 \
729 NAME 'nisplusLDAPrefreshErrorAttempts' \
730 DESC 'Number of times to retry an LDAP refresh' \
731 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
732 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.14 \
733 NAME 'nisplusLDAPrefreshErrorTimeout' \
734 DESC 'Timeout between each refresh attempt' \
735 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
736 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.15 \
737 NAME 'nisplusNumberOfServiceThreads' \
738 DESC 'Max number of RPC service threads' \
739 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
740 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.16 \
741 NAME 'nisplusThreadCreationErrorAction' \
742 DESC 'Action when a non-RPC-service thread creation fails' \
743 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
744 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.17 \
745 NAME 'nisplusThreadCreationErrorAttempts' \
746 DESC 'Number of times to retry thread creation' \
747 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
748 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.18 \
749 NAME 'nisplusThreadCreationErrorTimeout' \
750 DESC 'Timeout between each thread creation attempt' \
751 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
752 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.19 \
753 NAME 'nisplusDumpErrorAction' \
754 DESC 'Action when a NIS+ dump fails' \
755 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
756 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.20 \
757 NAME 'nisplusDumpErrorAttempts' \
758 DESC 'Number of times to retry a failed dump' \
759 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
760 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.21 \
761 NAME 'nisplusDumpErrorTimeout' \
762 DESC 'Timeout between each dump attempt' \
763 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
764 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.22 \
765 NAME 'nisplusResyncService' \
766 DESC 'Service provided during a resync' \
767 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
768 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.23 \
769 NAME 'nisplusUpdateBatching' \
770 DESC 'Method for batching updates on master' \
771 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
772 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.24 \
773 NAME 'nisplusUpdateBatchingTimeout' \
774 DESC 'Minimum time to wait before pinging replicas' \
775 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
776 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.25 \
777 NAME 'nisplusLDAPmatchFetchAction' \
778 DESC 'Should pre-fetch be done ?' \
779 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
780 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.26 \
781 NAME 'nisplusLDAPbaseDomain' \
782 DESC 'Default domain name used in NIS+/LDAP mapping' \
783 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
784 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.27 \
785 NAME 'nisplusLDAPdatabaseIdMapping' \
786 DESC 'Defines a database id for a NIS+ object' \
787 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
788 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.28 \
789 NAME 'nisplusLDAPentryTtl' \
790 DESC 'TTL for cached objects derived from LDAP' \
791 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
792 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.29 \
793 NAME 'nisplusLDAPobjectDN' \
794 DESC 'Location in LDAP tree where NIS+ data is stored' \
795 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
796 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.30 \
797 NAME 'nisplusLDAPcolumnFromAttribute' \
798 DESC 'Rules for mapping LDAP attributes to NIS+ columns' \
799 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
800 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.31 \
801 NAME 'nisplusLDAPattributeFromColumn' \
802 DESC 'Rules for mapping NIS+ columns to LDAP attributes' \
803 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
804 dn: cn=schema
806 changetype: modify
807 add: objectclasses
808 objectclasses: ( 1.3.6.1.4.1.42.2.27.5.42.42.19.0 \
809 NAME 'nisplusLDAPconfig' \
810 DESC 'NIS+/LDAP mapping configuration' \
811 SUP top STRUCTURAL MUST ( cn ) \
812 MAY ( preferredServerList $ defaultSearchBase $
813 authenticationMethod $ nisplusLDAPTLS $
814 nisplusLDAPTLSCertificateDBPath $
815 nisplusLDAPproxyUser $ nisplusLDAPproxyPassword $
816 nisplusLDAPinitialUpdateAction $
817 nisplusLDAPinitialUpdateOnly $
818 nisplusLDAPretrieveErrorAction $
819 nisplusLDAPretrieveErrorAttempts $
820 nisplusLDAPretrieveErrorTimeout $
821 nisplusLDAPstoreErrorAction $
822 nisplusLDAPstoreErrorAttempts $
823 nisplusLDAPstoreErrorTimeout $
824 nisplusLDAPrefreshErrorAction $
825 nisplusLDAPrefreshErrorAttempts $
826 nisplusLDAPrefreshErrorTimeout $
827 nisplusNumberOfServiceThreads $
828 nisplusThreadCreationErrorAction $
829 nisplusThreadCreationErrorAttempts $
830 nisplusThreadCreationErrorTimeout $
831 nisplusDumpErrorAction $
832 nisplusDumpErrorAttempts $
833 nisplusDumpErrorTimeout $
834 nisplusResyncService $ nisplusUpdateBatching $
835 nisplusUpdateBatchingTimeout $
836 nisplusLDAPmatchFetchAction $
837 nisplusLDAPbaseDomain $
838 nisplusLDAPdatabaseIdMapping $
839 nisplusLDAPentryTtl $
840 nisplusLDAPobjectDN $
841 nisplusLDAPcolumnFromAttribute $
842 nisplusLDAPattributeFromColumn ) )
843 Create a file containing the following LDIF data. Substitute your
847 actual search base for searchBase, and your fully qualified domain name
848 for domain:
849 dn: cn=domain,searchBase
851 cn: domain
852 objectClass: top
853 objectClass: nisplusLDAPconfig
854 Use this file as input to the ldapadd(1) command in order to create the
858 NIS+/LDAP configuration entry. Initially, the entry is empty. You can
859 use the ldapmodify(1) command to add configuration attributes.
860
862 Example 1 Creating a NIS+/LDAP Configuration Entry
863 To set the nisplusNumberOfServiceThreads attribute to 32, create the
866 following file and use it as input to ldapmodify(1):
867 dn: cn=domain,searchBase
870 nisplusNumberOfServiceThreads: 32
871
874 See attributes(5) for descriptions of the following attributes:
875 ┌─────────────────────────────┬─────────────────────────────┐
880 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
881 ├─────────────────────────────┼─────────────────────────────┤
882 │Availability │SUNWnisr │
883 ├─────────────────────────────┼─────────────────────────────┤
884 │Interface Stability │(Obsolete) │
885 └─────────────────────────────┴─────────────────────────────┘
886
888 nisldapmaptest(1M), rpc.nisd(1M), NIS+LDAPmapping(4), attributes(5)
889 System Administration Guide: Naming and Directory Services (DNS, NIS,
892 and LDAP)
893SunOS 5.11 18 Feb 2003 rpc.nisd(4)