1rpc.nisd(4) File Formats rpc.nisd(4)
2
3
4
6 rpc.nisd - configuration file for NIS+ service daemon
7
9 /etc/default/rpc.nisd
10
11
13 The rpc.nisd file specifies configuration information for the
14 rpc.nisd(1M) server. Configuration information can come from a combina‐
15 tion of three places. It can be derived from LDAP. It can be specified
16 in the rpc.nisd file. It can be specified on the rpc.nisd(1M) command
17 line. The values in the rpc.nisd file override values obtained from the
18 LDAP server. Command line values supersede values in the configuration
19 file.
20
21
22 The NIS+LDAPmapping(4) file contains mapping information connecting
23 NIS+ object data to LDAP entries. See the NIS+LDAPmapping(4) manual
24 page for an overview of the setup needed to map NIS+ data to or from
25 LDAP.
26
27 Attributes
28 The rpc.nisd(1M) server recognizes the following attributes. Any values
29 specified for these attributes in the rpc.nisd file, including an empty
30 value, override values obtained from LDAP. However, the nisplusLDAPcon‐
31 fig* values are read from the rpc.nisd file or the command line only.
32 They are not obtained from LDAP.
33
34
35 The following are attributes used for initial configuration.
36
37 nisplusLDAPconfigDN
38
39 The DN for configuration information. If empty, all other nis‐
40 plusLDAPConfig* values are ignored, in the expectation that all
41 attributes are specified in this file or on the command line. When
42 nisplusLDAPConfigDN is not specified at all, the DN is derived from
43 the NIS+ domain name by default. If the domain name is x.y.z., the
44 default nisplusLDAPconfigDN is:
45
46 nisplusLDAPconfigDN=dc=x,dc=y,dc=z
47
48
49
50 nisplusLDAPconfigPreferredServerList
51
52 The list of servers to use for the configuration phase. There is no
53 default. The following is an example of a value for nisplusLDAPcon‐
54 figPreferredServerList:
55
56 nisplusLDAPconfigPreferredServerList=127.0.0.1:389
57
58
59
60 nisplusLDAPconfigAuthenticationMethod
61
62 The authentication method used to obtain the configuration informa‐
63 tion. The recognized values for nisplusLDAPconfigAuthentication‐
64 Method are:
65
66 none
67
68 No authentication attempted.
69
70
71 simple
72
73 Password of proxy user sent in the clear to the LDAP server.
74
75
76 sasl/cram-md5
77
78 Use SASL/CRAM-MD5 authentication. This authentication method
79 may not be supported by all LDAP servers. A password must be
80 supplied.
81
82
83 sasl/digest-md5
84
85 Use SASL/DIGEST-MD5 authentication. This authentication method
86 may not be supported by all LDAP servers. A password must be
87 supplied.
88
89 There is no default value. The following is an example of a value
90 for nisplusLDAPconfigAuthenticationMethod:
91
92 nisplusLDAPconfigAuthenticationMethod=simple
93
94
95
96 nisplusLDAPconfigTLS
97
98 The transport layer security used for the connection to the server.
99 The recognized values are:
100
101 none
102
103 No encryption of transport layer data. This is the default
104 value.
105
106
107 ssl
108
109 SSL encryption of transport layer data. A certificate is
110 required.
111
112 Export and import control restrictions may limit the availability
113 of transport layer security.
114
115
116 nisplusLDAPconfigTLSCertificateDBPath
117
118 The name of the file containing the certificate database. The
119 default path is /var/nis, and the default file name is cert7.db.
120
121
122 nisplusLDAPconfigProxyUser
123
124 The proxy user used to obtain configuration information. There is
125 no default value. If the value ends with a comma, the value of the
126 nisplusLDAPconfigDN attribute is appended. For example:
127
128 nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People,
129
130
131
132 nisplusLDAPconfigProxyPassword
133
134 The password that should be supplied to LDAP for the proxy user
135 when the authentication method requires one. In order to avoid hav‐
136 ing this password publically visible on the machine, the password
137 should only appear in the configuration file, and the file should
138 have an appropriate owner, group, and file mode. There is no
139 default value.
140
141
142
143 The following are attributes used for data retrieval. The object class
144 name used for these attributes is nisplusLDAPconfig.
145
146 preferredServerList
147
148 The list of servers to use when reading or writing mapped NIS+ data
149 from or to LDAP. There is no default value. For example:
150
151 preferredServerList=127.0.0.1:389
152
153
154
155 authenticationMethod
156
157 The authentication method to use when reading or writing mapped
158 NIS+ data from or to LDAP. For recognized values, see the LDAPcon‐
159 figAuthenticationMethod attribute. There is no default value. For
160 example,
161
162 authenticationMethod=simple
163
164
165
166 nisplusLDAPTLS
167
168 The transport layer security to use when reading or writing NIS+
169 data from or to LDAP. For recognized values, see the nisplusLDAP‐
170 configTLS attribute. The default value is none. Note that export
171 and import control restrictions may limit the availability of
172 transport layer security.
173
174
175 nisplusLDAPTLSCertificateDBPath
176
177 The name of the file containing the certificate DB. For recognized
178 and default values, see the nisplusLDAPconfigTLSCertificateDBPath
179 attribute.
180
181
182 defaultSearchBase
183
184 The default portion of the DN to use when reading or writing mapped
185 NIS+ data from or to LDAP. The default is derived from the value of
186 the baseDomain attribute, which in turn usually defaults to the
187 NIS+ domain name. If nisplusLDAPbaseDomain has the value x.y.z, the
188 default defaultSearchBase is dc=x,dc=y,dc=z. See the following
189 sample attribute value:
190
191 defaultSearchBase=dc=somewhere,dc=else
192
193
194
195 nisplusLDAPbaseDomain
196
197 The domain to append when NIS+ object names are not fully quali‐
198 fied. The default is the domain the rpc.nisd daemon is serving, or
199 the first such domain, if there is more than one candidate.
200
201
202 nisplusLDAPproxyUser
203
204 Proxy user used by the rpc.nisd to read or write from or to LDAP.
205 Assumed to have the appropriate permission to read and modify LDAP
206 data. There is no default value. If the value ends in a comma, the
207 value of the defaultSearchBase attribute is appended. For example:
208
209 nisplusLDAPproxyUser=cn=nisplusAdmin,ou=People,
210
211
212
213 nisplusLDAPproxyPassword
214
215 The password that should be supplied to LDAP for the proxy user
216 when the authentication method so requires. In order to avoid hav‐
217 ing this password publically visible on the machine, the password
218 should only appear in the configuration file, and the file should
219 have an appropriate owner, group, and file mode. There is no
220 default value.
221
222
223 nisplusLDAPbindTimeout
224 nisplusLDAPsearchTimeout
225 nisplusLDAPmodifyTimeout
226 nisplusLDAPaddTimeout
227 nisplusLDAPdeleteTimeout
228
229 Establish timeouts for LDAP bind, search, modify, add, and delete
230 operations, respectively. The default value is 15 seconds for each
231 one. Decimal values are allowed.
232
233
234 nisplusLDAPsearchTimeLimit
235
236 Establish a value for the LDAP_OPT_TIMELIMIT option, which sug‐
237 gests a time limit for the search operation on the LDAP server. The
238 server may impose its own constraints on possible values. See your
239 LDAP server documentation. The default is the nis‐
240 plusLDAPsearchTimeout value. Only integer values are allowed.
241
242 Since the nisplusLDAPsearchTimeout limits the amount of time the
243 client rpc.nisd will wait for completion of a search operation,
244 setting the nisplusLDAPsearchTimeLimit larger than the nis‐
245 plusLDAPsearchTimeout is not recommended.
246
247
248 nisplusLDAPsearchSizeLimit
249
250 Establish a value for the LDAP_OPT_SIZELIMIT option, which suggests
251 a size limit, in bytes, for the search results on the LDAP server.
252 The server may impose its own constraints on possible values. See
253 your LDAP server documentation. The default is zero, which means
254 unlimited. Only integer values are allowed.
255
256
257 nisplusLDAPfollowReferral
258
259 Determines if the rpc.nisd should follow referrals or not. Recog‐
260 nized values are yes and no. The default value is no.
261
262
263 nisplusNumberOfServiceThreads
264
265 Sets the maximum number of RPC service threads that the rpc.nisd
266 may use. Note that the rpc.nisd may create additional threads for
267 certain tasks, so that the actual number of threads running may be
268 larger than the nisplusNumberOfServiceThreads value.
269
270 The value of this attribute is a decimal integer from zero to
271 (2**31)-1, inclusive. Zero, which is the default, sets the number
272 of service threads to three plus the number of CPUs available when
273 the rpc.nisd daemon starts. For example:
274
275 nisplusNumberOfServiceThreads=16
276
277
278
279
280 The following attributes specify the action to be taken when some event
281 occurs. The values are all of the form event=action. The default action
282 is the first one listed for each event.
283
284 nisplusLDAPinitialUpdateAction
285
286 Provides the optional capability to update all NIS+ data from LDAP,
287 or vice versa, when the rpc.nisd starts. Depending on various fac‐
288 tors such as both NIS+ and LDAP server and network performance, as
289 well as the amount of data to be uploaded or downloaded, these
290 operations can consume very significant CPU and memory resources.
291 During upload and download, the rpc.nisd has not yet registered
292 with rpcbind, and provides no NIS+ service. When data is downloaded
293 from LDAP, any new items added to the rpc.nisd's database get a TTL
294 as for an initial load. See the description for the nisplusLDAPen‐
295 tryTtl attribute on NIS+LDAPmapping(4).
296
297 none
298
299 No initial update in either direction. This is the default.
300
301
302 from_ldap
303
304 Causes the rpc.nisd to fetch data for all NIS+ objects it
305 serves, and for which mapping entries are available, from the
306 LDAP repository.
307
308
309 to_ldap
310
311 The rpc.nisd writes all NIS+ objects for which it is the master
312 server, and for which mapping entries are available, to the
313 LDAP repository.
314
315
316
317 nisplusLDAPinitialUpdateOnly
318
319 Use in conjunction with nisplusLDAPinitialUpdateAction.
320
321 no
322
323 Following the initial update, the rpc.nisd starts serving NIS+
324 requests. This is the default.
325
326
327 yes
328
329 The rpc.nisd exits after the initial update. This value is
330 ignored if specified together with nisplusLDAPinitialUpdateAc‐
331 tion=none.
332
333
334
335 nisplusLDAPretrieveErrorAction
336
337 If an error occurs while trying to retrieve an entry from LDAP, one
338 of the following actions can be selected:
339
340 use_cached
341
342 Action according to nisplusLDAPrefreshError below. This is the
343 default.
344
345
346 retry
347
348 Retry the retrieval the number of time specified by nis‐
349 plusLDAPretrieveErrorAttempts, with the nisplusLDAPretrieveEr‐
350 rorTimeout value controlling the wait between each attempt.
351
352
353 try_again
354 unavail
355 no_such_name
356
357 Return NIS_TRYAGAIN, NIS_UNAVAIL, or NIS_NOSUCHNAME, respec‐
358 tively, to the client. Note that the client code may not be
359 prepared for this and can react in unexpected ways.
360
361
362
363 nisplusLDAPretrieveErrorAttempts
364
365 The number of times a failed retrieval should be retried. The
366 default is unlimited. The nisplusLDAPretrieveErrorAttempts value is
367 ignored unless nisplusLDAPretrieveErrorAction=retry.
368
369
370 nisplusLDAPretrieveErrorTimeout
371
372 The timeout (in seconds) between each new attempt to retrieve LDAP
373 data. The default is 15 seconds. The value for nisplusLDAPre‐
374 trieveErrorTimeout is ignored unless nisplusLDAPretrieveErrorAc‐
375 tion=retry.
376
377
378 nisplusLDAPstoreErrorAction
379
380 An error occurred while trying to store data to the LDAP reposi‐
381 tory.
382
383 retry
384
385 Retry operation nisplusLDAPstoreErrorAttempts times with nis‐
386 plusLDAPstoreErrorTimeout seconds between each attempt. Note
387 that this may tie up a thread in the rpc.nisd daemon.
388
389
390 system_error
391
392 Return NIS_SYSTEMERROR to the client.
393
394
395 unavail
396
397 Return NIS_UNAVAIL to the client. Note that the client code may
398 not be prepared for this and can react in unexpected ways.
399
400
401
402 nisplusLDAPstoreErrorAttempts
403
404 The number of times a failed attempt to store should be retried.
405 The default is unlimited. The value for nisplusLDAPstoreErrorAt‐
406 tempts is ignored unless nisplusLDAPstoreErrorAction=retry.
407
408
409 nisplusLDAPstoreErrortimeout
410
411 The timeout, in seconds, between each new attempt to store LDAP
412 data. The default is 15 seconds. The nisplusLDAPstoreErrortimeout
413 value is ignored unless nisplusLDAPstoreErrorAction=retry.
414
415
416 nisplusLDAPrefreshErrorAction
417
418 An error occured while trying to refresh a cache entry.
419
420 continue_using
421
422 Continue using expired cache entry, if one is available. Oth‐
423 erwise, the action is retry. This is the default.
424
425
426 retry
427
428 Retry operation nisplusLDAPrefreshErrorAttempts times with nis‐
429 plusLDAPrefreshErrorTimeout seconds between each attempt. Note
430 that this may tie up a thread in the rpc.nisd daemon.
431
432
433 cache_expired
434 tryagain
435
436 Return NIS_CACHEEXPIRED or NIS_TRYAGAIN, respectively, to the
437 client. Note that the client code may not be prepared for this
438 and could can react in unexpected ways.
439
440
441
442 nisplusLDAPrefreshErrorAttempts
443
444 The number of times a failed refresh should be retried. The default
445 is unlimited. This applies to the retry and continue_using actions,
446 but for the latter, only when there is no cached entry.
447
448
449 nisplusLDAPrefreshErrorTimeout
450
451 The timeout (in seconds) between each new attempt to refresh data.
452 The default is 15 seconds. The value for nisplusLDAPrefreshError‐
453 Timeout applies to the retry and continue_using actions.
454
455
456 nisplusThreadCreationErrorAction
457
458 The action to take when an error occured while trying to create a
459 new thread. This only applies to threads controlled by the rpc.nisd
460 daemon not to RPC service threads. An example of threads controlled
461 by the rpc.nisd daemon are those created to serve nis_list(3NSL)
462 with callback, as used by niscat(1) to enumerate tables.
463
464 pass_error
465
466 Pass on the thread creation error to the client, to the extent
467 allowed by the available NIS+ error codes. The error might be
468 NIS_NOMEMORY, or another resource shortage error. This action
469 is the default.
470
471
472 retry
473
474 Retry operation nisplusThreadCreationErrorAttempts times, wait‐
475 ing nisplusThreadCreationErrorTimeout seconds between each
476 attempt. Note that this may tie up a thread in the rpc.nisd
477 daemon.
478
479
480
481 nisplusThreadCreationErrorAttempts
482
483 The number of times a failed thread creation should be retried. The
484 default is unlimited. The value for nisplusThreadCreationErrorAt‐
485 tempts is ignored unless the nisplusThreadCreationErrorAc‐
486 tion=retry.
487
488
489 nisplusThreadCreationErrorTimeout
490
491 The number of seconds to wait between each new attempt to create a
492 thread. The default is 15 seconds. Ignored unless nisplusThreadCre‐
493 ationErrorAction=retry.
494
495
496 nisplusDumpError
497
498 An error occurred during a full dump of a NIS+ directory from the
499 master to a replica. The replica can:
500
501 retry
502
503 Retry operation nisplusDumpErrorAttempts times waiting nis‐
504 plusDumpErrorTimeout seconds between each attempt. Note that
505 this may tie up a thread in the rpc.nisd.
506
507
508 rollback
509
510 Try to roll back the changes made so far before retrying per
511 the retry action. If the rollback fails or cannot be performed
512 due to the selected ResyncServiceAction level, the retry action
513 is selected.
514
515
516
517 nisplusDumpErrorAttempts
518
519 The number of times a failed full dump should be retried. The
520 default is unlimited. When the number of retry attempts has been
521 used up, the full dump is abandoned, and will not be retried again
522 until a resync fails because no update time is available.
523
524
525 nisplusDumpErrorTimeout
526
527 The number of seconds to wait between each attempt to execute a
528 full dump. The default is 120 seconds.
529
530
531 nisplusResyncService
532
533 Type of NIS+ service to be provided by a replica during resync,
534 that is, data transfer from NIS+ master to NIS+ replica. This
535 includes both partial and full resyncs.
536
537 from_copy
538
539 Service is provided from a copy of the directory to be resynced
540 while the resync is in progress. Rollback is possible if an
541 error occurs. Note that making a copy of the directory may
542 require a significant amount of time, depending on the size of
543 the tables in the directory and available memory on the sys‐
544 tem.
545
546
547 directory_locked
548
549 While the resync for a directory is in progress, it is locked
550 against access. Operations to the directory are blocked until
551 the resync is done. Rollback is not possible.
552
553
554 from_live
555
556 The replica database is updated in place. Rollback is not pos‐
557 sible. If there are dependencies between individual updates in
558 the resync, clients may be exposed to data inconsistencies
559 during the resync. In particular, directories or tables may
560 disappear for a time during a full dump.
561
562
563
564 nisplusUpdateBatching
565
566 How updates should be batched together on the master.
567
568 accumulate
569
570 Accumulate updates for at least nisplusUpdateBatchingTimeout
571 seconds. Any update that comes in before the timeout has
572 occured will reset the timeout counter. Thus, a steady stream
573 of updates less than nisplusUpdateBatchingTimeout seconds apart
574 could delay pinging replicas indefinitely.
575
576
577 bounded_accumulate
578
579 Accumulate updates for at least nisplusUpdateBatchingTimeout
580 seconds. The default value for timeout is 120 seconds. Incoming
581 updates do not reset the timeout counter, so replicas will be
582 informed once the initial timeout has expired.
583
584
585 none
586
587 Updates are not batched. Instead, replicas are informed imme‐
588 diately of any update. While this should maximize data consis‐
589 tency between master and replicas, it can also cause consider‐
590 able overhead on both master and replicas.
591
592
593
594 nisplusUpdateBatchingTimeout
595
596 The minimum time (in seconds) during which to accumulate updates.
597 Replicas will not be pinged during this time. The default is 120
598 seconds.
599
600
601 nisplusLDAPmatchFetchAction
602
603 A NIS+ match operation, that is, any search other than a table enu‐
604 meration, will encounter one of the following situations:
605
606 1. Table believed to be entirely in cache, and all cached
607 entries are known to be valid. The cached tabled data
608 is authoritative for the match operation.
609
610 2. Table wholly or partially cached, but there may be indi‐
611 vidual entries that have timed out.
612
613 3. No cached entries for the table. Always attempt to
614 retrieve matching data from LDAP.
615 When the table is wholly or partially cached, the action for the
616 nisplusLDAPmatchFetchAction attribute controls whether or not the
617 LDAP repository is searched:
618
619 no_match_only
620
621 Only go to LDAP when there is no match at all on the search of
622 the available NIS+ data, or the match includes at least one
623 entry that has timed out.
624
625
626 always
627
628 Always make an LDAP lookup.
629
630
631 never
632
633 Never make an LDAP lookup.
634
635
636
637 nisplusMaxRPCRecordSize
638
639 Sets the maximum RPC record size that NIS+ can use over connection
640 oriented transports. The minimum record size is 9000, which is the
641 default. The default value will be used in place of any value less
642 than 9000. The value of this attribute is a decimal integer from
643 9000 to 2^31, inclusive.
644
645
646 Storing Configuration Attributes in LDAP
647 Most attributes described on this man page, as well as those from
648 NIS+LDAPmapping(4), can be stored in LDAP. In order to do so, you will
649 need to add the following definitions to your LDAP server, which are
650 described here in LDIF format suitable for use by ldapadd(1). The
651 attribute and object class OIDs are examples only.
652
653 dn: cn=schema
654 changetype: modify
655 add: attributetypes
656 OIDattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 \
657 NAME 'defaultSearchBase' \
658 DESC 'Default LDAP base DN used by a DUA' \
659 EQUALITY distinguishedNameMatch \
660 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
661 attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 \
662 NAME 'preferredServerList' \
663 DESC 'Preferred LDAP server host addresses used by DUA' \
664 EQUALITY caseIgnoreMatch \
665 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
666 attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 \
667 NAME 'authenticationMethod' \
668 DESC 'Authentication method used to contact the DSA' \
669 EQUALITY caseIgnoreMatch \
670 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
671
672
673 dn: cn=schema
674 changetype: modify
675 add: attributetypes
676 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.0 \
677 NAME 'nisplusLDAPTLS' \
678 DESC 'Transport Layer Security' \
679 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
680 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.1 \
681 NAME 'nisplusLDAPTLSCertificateDBPath' \
682 DESC 'Certificate file' \
683 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
684 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.2 \
685 NAME 'nisplusLDAPproxyUser' \
686 DESC 'Proxy user for data store/retrieval' \
687 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
688 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.3 \
689 NAME 'nisplusLDAPproxyPassword' \
690 DESC 'Password/key/shared secret for proxy user' \
691 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
692 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.4 \
693 NAME 'nisplusLDAPinitialUpdateAction' \
694 DESC 'Type of initial update' \
695 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
696 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.5 \
697 NAME 'nisplusLDAPinitialUpdateOnly' \
698 DESC 'Exit after update ?' \
699 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
700 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.6 \
701 NAME 'nisplusLDAPretrieveErrorAction' \
702 DESC 'Action following an LDAP search error' \
703 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
704 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.7 \
705 NAME 'nisplusLDAPretrieveErrorAttempts' \
706 DESC 'Number of times to retry an LDAP search' \
707 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
708 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.8 \
709 NAME 'nisplusLDAPretrieveErrorTimeout' \
710 DESC 'Timeout between each search attempt' \
711 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
712 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.9 \
713 NAME 'nisplusLDAPstoreErrorAction' \
714 DESC 'Action following an LDAP store error' \
715 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
716 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.10 \
717 NAME 'nisplusLDAPstoreErrorAttempts' \
718 DESC 'Number of times to retry an LDAP store' \
719 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
720 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.11 \
721 NAME 'nisplusLDAPstoreErrorTimeout' \
722 DESC 'Timeout between each store attempt' \
723 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
724 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.12 \
725 NAME 'nisplusLDAPrefreshErrorAction' \
726 DESC 'Action when refresh of NIS+ data from LDAP fails' \
727 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
728 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.13 \
729 NAME 'nisplusLDAPrefreshErrorAttempts' \
730 DESC 'Number of times to retry an LDAP refresh' \
731 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
732 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.14 \
733 NAME 'nisplusLDAPrefreshErrorTimeout' \
734 DESC 'Timeout between each refresh attempt' \
735 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
736 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.15 \
737 NAME 'nisplusNumberOfServiceThreads' \
738 DESC 'Max number of RPC service threads' \
739 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
740 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.16 \
741 NAME 'nisplusThreadCreationErrorAction' \
742 DESC 'Action when a non-RPC-service thread creation fails' \
743 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
744 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.17 \
745 NAME 'nisplusThreadCreationErrorAttempts' \
746 DESC 'Number of times to retry thread creation' \
747 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
748 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.18 \
749 NAME 'nisplusThreadCreationErrorTimeout' \
750 DESC 'Timeout between each thread creation attempt' \
751 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
752 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.19 \
753 NAME 'nisplusDumpErrorAction' \
754 DESC 'Action when a NIS+ dump fails' \
755 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
756 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.20 \
757 NAME 'nisplusDumpErrorAttempts' \
758 DESC 'Number of times to retry a failed dump' \
759 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
760 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.21 \
761 NAME 'nisplusDumpErrorTimeout' \
762 DESC 'Timeout between each dump attempt' \
763 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
764 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.22 \
765 NAME 'nisplusResyncService' \
766 DESC 'Service provided during a resync' \
767 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
768 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.23 \
769 NAME 'nisplusUpdateBatching' \
770 DESC 'Method for batching updates on master' \
771 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
772 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.24 \
773 NAME 'nisplusUpdateBatchingTimeout' \
774 DESC 'Minimum time to wait before pinging replicas' \
775 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
776 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.25 \
777 NAME 'nisplusLDAPmatchFetchAction' \
778 DESC 'Should pre-fetch be done ?' \
779 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
780 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.26 \
781 NAME 'nisplusLDAPbaseDomain' \
782 DESC 'Default domain name used in NIS+/LDAP mapping' \
783 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
784 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.27 \
785 NAME 'nisplusLDAPdatabaseIdMapping' \
786 DESC 'Defines a database id for a NIS+ object' \
787 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
788 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.28 \
789 NAME 'nisplusLDAPentryTtl' \
790 DESC 'TTL for cached objects derived from LDAP' \
791 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
792 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.29 \
793 NAME 'nisplusLDAPobjectDN' \
794 DESC 'Location in LDAP tree where NIS+ data is stored' \
795 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
796 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.30 \
797 NAME 'nisplusLDAPcolumnFromAttribute' \
798 DESC 'Rules for mapping LDAP attributes to NIS+ columns' \
799 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
800 attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.31 \
801 NAME 'nisplusLDAPattributeFromColumn' \
802 DESC 'Rules for mapping NIS+ columns to LDAP attributes' \
803 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
804
805 dn: cn=schema
806 changetype: modify
807 add: objectclasses
808 objectclasses: ( 1.3.6.1.4.1.42.2.27.5.42.42.19.0 \
809 NAME 'nisplusLDAPconfig' \
810 DESC 'NIS+/LDAP mapping configuration' \
811 SUP top STRUCTURAL MUST ( cn ) \
812 MAY ( preferredServerList $ defaultSearchBase $
813 authenticationMethod $ nisplusLDAPTLS $
814 nisplusLDAPTLSCertificateDBPath $
815 nisplusLDAPproxyUser $ nisplusLDAPproxyPassword $
816 nisplusLDAPinitialUpdateAction $
817 nisplusLDAPinitialUpdateOnly $
818 nisplusLDAPretrieveErrorAction $
819 nisplusLDAPretrieveErrorAttempts $
820 nisplusLDAPretrieveErrorTimeout $
821 nisplusLDAPstoreErrorAction $
822 nisplusLDAPstoreErrorAttempts $
823 nisplusLDAPstoreErrorTimeout $
824 nisplusLDAPrefreshErrorAction $
825 nisplusLDAPrefreshErrorAttempts $
826 nisplusLDAPrefreshErrorTimeout $
827 nisplusNumberOfServiceThreads $
828 nisplusThreadCreationErrorAction $
829 nisplusThreadCreationErrorAttempts $
830 nisplusThreadCreationErrorTimeout $
831 nisplusDumpErrorAction $
832 nisplusDumpErrorAttempts $
833 nisplusDumpErrorTimeout $
834 nisplusResyncService $ nisplusUpdateBatching $
835 nisplusUpdateBatchingTimeout $
836 nisplusLDAPmatchFetchAction $
837 nisplusLDAPbaseDomain $
838 nisplusLDAPdatabaseIdMapping $
839 nisplusLDAPentryTtl $
840 nisplusLDAPobjectDN $
841 nisplusLDAPcolumnFromAttribute $
842 nisplusLDAPattributeFromColumn ) )
843
844
845
846 Create a file containing the following LDIF data. Substitute your
847 actual search base for searchBase, and your fully qualified domain name
848 for domain:
849
850 dn: cn=domain,searchBase
851 cn: domain
852 objectClass: top
853 objectClass: nisplusLDAPconfig
854
855
856
857 Use this file as input to the ldapadd(1) command in order to create the
858 NIS+/LDAP configuration entry. Initially, the entry is empty. You can
859 use the ldapmodify(1) command to add configuration attributes.
860
862 Example 1 Creating a NIS+/LDAP Configuration Entry
863
864
865 To set the nisplusNumberOfServiceThreads attribute to 32, create the
866 following file and use it as input to ldapmodify(1):
867
868
869 dn: cn=domain,searchBase
870 nisplusNumberOfServiceThreads: 32
871
872
874 See attributes(5) for descriptions of the following attributes:
875
876
877
878
879 ┌─────────────────────────────┬─────────────────────────────┐
880 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
881 ├─────────────────────────────┼─────────────────────────────┤
882 │Availability │SUNWnisr │
883 ├─────────────────────────────┼─────────────────────────────┤
884 │Interface Stability │(Obsolete) │
885 └─────────────────────────────┴─────────────────────────────┘
886
888 nisldapmaptest(1M), rpc.nisd(1M), NIS+LDAPmapping(4), attributes(5)
889
890
891 System Administration Guide: Naming and Directory Services (DNS, NIS,
892 and LDAP)
893
894
895
896SunOS 5.11 18 Feb 2003 rpc.nisd(4)