|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
File Formats NISLDAPmapping(4)
NAME
NISLDAPmapping - mapping file used by the NIS server com-
ponents
SYNOPSIS
/var/yp/NISLDAPmapping
DESCRIPTION
The NISLDAPmapping file specifies the mapping between NIS
map entries and equivalent Directory Information Tree (DIT)
entries. The syntax of this file is based on the equivalent
NIS+ to LDAP mapping file, NIS+LDAPmapping(4).
The presence of /var/yp/NISLDAPmapping on a NIS master
server causes that server to obtain NIS data from LDAP. See
ypserv(4). If /var/yp/NISLDAPmapping is present but the con-
nection configuration file that is defined in
/etc/default/ypserv cannot be found, a warning is logged.
See ypserv(1M).
NIS slave servers always obtain their data from a NIS master
server, whether or not that server is getting data from
LDAP, and ignore the /var/yp/NISLDAPmapping file.
A simple NISLDAPmapping file is created using inityp2l(1M).
You can customize your NISLDAPmapping file as you require.
Each attribute defined below can be specified
in/var/yp/NISLDAPmappingLDAP or as an LDAP attribute. If
both are specified, then the attribute in
/var/yp/NISLDAPmapping (including empty values) takes pre-
cedence.
A continuation is indicated by a '\' (backslash) in the last
position, immediately before the newline of a line. Charac-
ters are escaped, that is, exempted from special interpreta-
tion, when preceeded by a backslash character.
The '#' (hash) character starts a comment. White space is
either ASCII space or a horizontal tab. In general, lines
consist of optional white space, an attribute name, at least
one white space character, and an attribute value.
EXTENDED DESCRIPTION
File Syntax
Repeated fields, with separator characters, are described by
the following syntax:
One or more entries
entry:entry:entry
SunOS 5.10 Last change: 29 Mar 2006 1
File Formats NISLDAPmapping(4)
entry[":"...]
Zero or more entries
[entry":"...]
Attributes
Attributes generally apply to one more more NIS maps. Map
names can be specified either on their own,that is in
passwd.byname, in which case they apply to all domains, or
for individual NIS domains, for example, in
passwd.byname,example.sun.uk. Where a map is mentioned in
more than one attribute, both versions are applied. If any
parts of the attributes are in conflict, the domain specific
version takes precedence over the non-domain specific ver-
sion.
Each domain specific attributes must appear in NISLDAPmap-
ping before any related non-domain specific attribute. If
non-domain specific attributes appear first, behavior may be
unpredictable. Errors are logged when non-domain specific
attributes are found first.
You can associate a group of map names with a databaseId. In
effect, a macro is expanded to the group of names. Use this
mechanism where the same group of names is used in many
attributes or where domain specific map names are used.
Then, you can make any changes to the domain name in one
place.
Unless otherwise noted, all elements of the syntaxes below
may be surrounded by white space. Separator characters and
white space must be escaped if they are part of syntactic
elements.
The following attributes are recognized.
nisLDAPdomainContext
The context to use for a NIS domain.
The syntax for nisLDAPdomainContext is:
NISDomainName ":" context
The following is an example of the nisLDAPdomainContext
SunOS 5.10 Last change: 29 Mar 2006 2
File Formats NISLDAPmapping(4)
attribute:
domain.one : dc=site, dc=company, dc=com
The mapping file should define the context for each
domain before any other attribute makes use of the NIS-
DomainName specified for that domain.
nisLDAPyppasswddDomains
Lists the domains for which password changes should be
made. NIS password change requests do not specify the
domains in which any given password should be changed.
In traditional NIS this information is effectively hard
coded in the NIS makefile.
The syntax for the nisLDAPyppasswddDomains attribute is:
domainname
If there are multiple domains, use multiple nisLDAPyp-
passwddDomain entries withone domainname per entry.
nisLDAPdatabaseIdMapping
Sets up an alias for a group of NIS map names. There is
no default value.
The syntax for the nisLDAPdatabaseIdMapping attribute
is:
databaseId ":" ["["indexlist"]"] mapname[" "...]
where
databaseId = Label identifying a (subset of a) NIS
object for mapping purposes.
indexlist = fieldspec[","...]
fieldspec = fieldname "=" fieldvalue
fieldname = The name of a entry field as defined in
nisLDAPnameFields.
fieldvalue = fieldvaluestring | \" fieldvaluestring \"
SunOS 5.10 Last change: 29 Mar 2006 3
File Formats NISLDAPmapping(4)
indexlist is used for those cases where it is necessary
to select a subset of entries from a NIS map. The subset
are those NIS entries that match the indexlist. If there
are multiple specifications indexed for a particular NIS
map, they are tried in the order retrieved until one
matches. Note that retrieval order usually is unspeci-
fied for multi-valued LDAP attributes. Hence, if using
indexed specifications when nisLDAPdatabaseIdMapping is
retrieved from LDAP, make sure that the subset match is
unambiguous.
If the fieldvaluestring contains white space or commas,
it must either be surrounded by double quotes, or the
special characters must be escaped. Wildcards are
allowed in the fieldvaluestring. See Wildcards
To associate the passwd.byname and passwd.byuid maps
with the passwd databaseId:
passwd:passwd.byname passwd.byuid
The passwd and passwd.adjunct databaseIds receive spe-
cial handling. In addition to its normal usage, passwd
defines which maps yppasswdd is to update when a passwd
is changed. In addition to its normal usage
passwd.adjunct defines which maps yppasswdd is to update
when an adjunct passwd is changed.
You may not alias a single map name to a different name,
as the results are unpredictable.
nisLDAPentryTtl
Establish TTLs for NIS entries derived from LDAP.
The syntax for the nisLDAPentryTtl attribute is:
mapName[" "...]":"
initialTTLlo ":" initialTTLhi ":" runningTTL
where
initialTTLlo The lower limit for the initial
TTL (in seconds) for data read
from LDAP when the ypserv
starts. If the initialTTLhi also
is specified, the actual
SunOS 5.10 Last change: 29 Mar 2006 4
File Formats NISLDAPmapping(4)
initialTTL will be randomly
selected from the interval ini-
tialTTLlo to initialTTLhi ,
inclusive. Leaving the field
empty yields the default value
of 1800 seconds.
initialTTLhi The upper limit for the initial
TTL. If left empty, defaults to
5400.
runningTTL The TTL (in seconds) for data
retrieved from LDAP while the
ypserv is running. Leave the
field empty to obtain the
default value of 3600 seconds.
If there is no specification of TTLs for a particular
map, the default values are used.
If the initialTTLlo and initialTTLhi have the same
value, the effect will be that all data known to the
ypserv at startup times out at the same time. Depending
on NIS data lookup patterns, this could cause spikes in
ypserv-to-LDAP traffic. In order to avoid that, you can
specify different initialTTLlo and initialTTLhi values,
and obtain a spread in initial TTLs.
The following is an example of the nisLDAPentryTtl
attribute used to specify that entries in the NIS host
maps read from LDAP should be valid for four hours. When
ypserv restarts, the disk database entries are valid for
between two and three hours.
hosts.byname hosts.byaddr:7200:10800:14400
nisLDAPobjectDN
Specifies the connection between a group of NIS maps and
the LDAP directory. This attribute also defines the
'order' of the NIS maps. When NIS maps are bulk copied
to or from the DIT, they are processed in the same order
as related nisLDAPobjectDN attributes appear in
/var/yp/NISLDAPmapping.
SunOS 5.10 Last change: 29 Mar 2006 5
File Formats NISLDAPmapping(4)
The syntax for the nisLDAPobjectDN attribute is:
mapName[" "...] ":" objectDN *( ";" objectDN )
where
objectDN = readObjectSpec [":"[writeObjectSpec]]
readObjectSpec = [baseAndScope [filterAttrValList]]
writeObjectSpec = [baseAndScope [attrValList]]
baseAndScope = [baseDN] ["?" [scope]]
filterAttrValList = ["?" [filter | attrValList]]]
scope = "base" | "one" | "sub"
attrValList = attribute "=" value
*("," attribute "=" value)
The baseDN defaults to the value of the nisLDAPdomain-
Context attribute for the accessed domain. If the baseDN
ends in a comma, the nisLDAPdomainContext value is
appended.
scope defaults to one. scope has no meaning and is
ignored in a writeObjectSpec.
The filter is an LDAP search filter and has no default
value.
The attrValList is a list of attribute and value pairs.
There is no default value.
As a convenience, if an attrValList is specified in a
readObjectSpec, it is converted to a search filter by
ANDing together the attributes and the values. For exam-
ple, the attribute and value list:
objectClass=posixAccount,objectClass=shadowAccount
is converted to the filter:
(&(objectClass=posixAccount)\
(objectClass=shadowAccount))
Map entries are mapped by means of the relevant mapping
rules in the nisLDAPnameFields and nisLDAPattributeFrom-
Field .
If a writeObjectSpec is omitted, the effect is one of
the following:
SunOS 5.10 Last change: 29 Mar 2006 6
File Formats NISLDAPmapping(4)
o If there is no trailing colon after the readOb-
jectSpec, then there is no write at all.
o If there is a colon after the readObjectSpec, then
writeObjectSpec equals readObjectSpec.
The following is an example of a nisLDAPobjectDN attri-
bute declaration that gets the hosts.byaddr map entries
from the ou=Hosts container under the default search
base and writes to the same place.
hosts.byaddr:ou=Hosts,?one?objectClass=ipHost:
The following is an example of a nisLDAPobjectDN attri-
bute declaration that obtains passwd map entries from
the ou=People containers under the default search base,
and also from dc=another,dc=domain.
passwd:ou=People,?one?\
objectClass=shadowAccount,\
objectClass=posixAccount:;\
ou=People,dc=another,dc=domain,?one?\
objectClass=shadowAccount,\
objectClass=posixAccount
nisLDAPnameFields
Specifies the content of entries in a NIS map and how
they should be broken into named fields. nisLDAPname-
Fields is required because unlike NIS+, NIS maps do not
store information in named fields.
The syntax for the nisLDAPnameFields attribute is as
follows:
"nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
fieldName = nameOrArrayName[","...]
nameOrArrayName = Name of field or 'array' of repeated fields.
matchspec = \" formatString \"
formatString may contains a list of %s and %a elements
each of which represents a single named field or a list
of repeated fields. A %a field is interpreted as an IPv4
address or an IPv6 address in preferred format. If an
IPv6 address in non preferred format is found, then it
is converted and a warning is logged.
SunOS 5.10 Last change: 29 Mar 2006 7
File Formats NISLDAPmapping(4)
Where there are a list of repeated fields, the entire
list is stored as one entry. The fields are broken up
into individual entries, based on the internal separa-
tor, at a latter stage. Other characters represent
separators which must be present. Any separator, includ-
ing whitespace, specified by the formatString, may be
surrounded by a number of whitespace and tab characters.
The whitespace and tab characters are ignored.
Regardless of the content of this entry some fieldNames
are reserved:
rf_key The DBM key value
rf_ipkey The DBM key value handled as an
IP address. See the discussion
of %a fields.
rf_comment Everything following the first
occurance of a symbol.
rf_comment is defined by
nisLDAPcommentChar.
rf_domain The name of the domain in which
the current NIS operation is
being carried out.
rf_searchipkey The rf_searchkey value handled
as an IP address. See the dis-
cussion of %a fields above.
rf_searchkey See the description under
nisLDAPattributeFromField below.
For example, the rpc.bynumber map has the format:
name number alias[" "...]
SunOS 5.10 Last change: 29 Mar 2006 8
File Formats NISLDAPmapping(4)
The NIS to LDAP system is instructed to break it into a
name, a number, and an array of alias field by the fol-
lowing entry in the mapping file:
nisLDAPnameFields rpc.bynumber : \
"%s %s %s", name,number,aliases)
nisLDAPsplitFields
Defines how a field, or list of fields, named by
nisLDAPnameFields is split into subfields. The original
field is compared with each line of this attribute until
one matches. When a match is found named subfields are
generated. In latter operations subfield names can be
used in the same way as other field names.
The syntax for the nisLDAPsplitFields attribute is as
follows:
"nisLDAPsplitFields" fieldName ":" splitSpec[","...]
splitSpec = "(" matchspec "," subFieldNames ")"
fieldName = Name of a field from nisLDAPnameFields
subFieldNames = subFieldname[","...]
matchspec = \" formatString \"
The netgroup memberTriples can have format (host, user,
domain) or groupname. The format is specified by the
attribute:
nisLDAPsplitField memberTriple: \
("(%s,%s,%s)", host, user, domain) , \
("%s", group)
Later operations can then use field names host, user,
domain, group or memberTriple. Because lines are pro-
cessed in order, if host, user and domain are found,
group will not be generated.
Several maps and databaseIds may contain fields that are
to be split in the same way. As a consequence, the names
of fields to be split must be unique across all maps and
databaseIds.
Only one level of spliting is supported.That is, a sub-
field cannot be split into further subfields.
SunOS 5.10 Last change: 29 Mar 2006 9
File Formats NISLDAPmapping(4)
nisLDAPrepeatedFieldSeparators
Where there is a list of repeated, splitable fields,
nisLDAPrepeatedFieldSeparators specifies which charac-
ters separate instances of the splitable field.
The syntax for the nisLDAPrepeatedFieldSeparators attri-
bute is as follows:
"nisLDAPrepeatedFieldSeparators" fieldName \"sepChar[...]\"
sepChar = A separator character.
The default value is space or tab. If repeated splitable
fields are adjacent, that is, there is no separating
character, then the following should be specified:
nisLDAPrepeatedFieldSeparators netIdEntry: ""
nisLDAPcommentChar
Specifies which character represents the start of the
special comment field in a given NIS map. If this attri-
bute is not present then the default comment character #
is used.
To specify that a map uses a asterix to mark the start
of comments.
nisLDAPcommentChar mapname : '*'
If a map cannot contain comments, then the following
attribute should be specified.
nisLDAPcommentChar mapname : ''
nisLDAPmapFlags
Indicates if YP_INTERDOMAIN or YP_SECURE entries should
be created in a map. Using nisLDAPmapFlags is equivalent
to running makedbm(1M) with the -b or the -s option.
When a map is created from the contents of the DIT, the
mapping file attribute is the only source for the
YP_INTERDOMAIN or YP_SECURE entries.
SunOS 5.10 Last change: 29 Mar 2006 10
File Formats NISLDAPmapping(4)
The syntax for the nisLDAPmapFlags attribute is as fol-
lows:
"nisLDAPmapFlags" mapname ":" ["b"]["s"]
By default neither entry is created.
nisLDAPfieldFromAttribute
Specifies how a NIS entries field values are derived
from LDAP attribute values.
The syntax for the nisLDAPfieldFromAttribute attribute
is as follows:
mapName ":" fieldattrspec *("," fieldattrspec)
The format of fieldattrspec is shown below at Field and
Attribute Conversion Syntax.
To map by direct copy and assignment the value of the
ipHostNumber attribute to the addr named field, for
example:
addr=ipHostNumber
Formats for the named field and attribute conversion
syntax are discussed below, including examples of com-
plex attribute to field conversions.
nisLDAPattributeFromField
Specifies how an LDAP attribute value is derived from a
NIS entriy field value.
The syntax for the nisLDAPattributeFromField attribute
is as follows:
mapName ":" fieldattrspec *("," fieldattrspec )
The format of fieldattrspec is shown below at Field and
Attribute Conversion Syntax.
SunOS 5.10 Last change: 29 Mar 2006 11
File Formats NISLDAPmapping(4)
As a special case, if the dn attribute value derived
from a fieldattrspec ends in a comma (","), the domains
context from nisLDAPdomainContext is appended.
Use the following example to map the value of the addr
field to the ipHostNumber attribute by direct copy and
assignment:
ipHostNumber=addr
All relevant attributes, including the dn, must be
specified.
For every map it must be possible to rapidly find a DIT
entry based on its key. There are some maps for which a
NIS to LDAP mapping for the key is not desirable, so a
key mapping cannot be specified. In these cases a map-
ping that uses the reserved rf_searchkey must be speci-
fied. Mappings that use this field name are ignored
when information is mapped into the DIT.
Field and Attribute Conversion Syntax
The general format of a fieldattrspec is:
fieldattrspec = lhs "=" rhs
lhs = lval | namespeclist
rhs = rval | [namespec]
namespeclist = namespec | "(" namespec *("," namespec) ")"
The lval and rval syntax are defined below at Values. The
format of a namespec is:
namespec
["ldap:"] attrspec [searchTriple] | ["yp:"] fieldname
[mapspec]
fieldname
field | "(" field ")"
attrspec
attribute | "(" attribute ")"
SunOS 5.10 Last change: 29 Mar 2006 12
File Formats NISLDAPmapping(4)
searchTriple
":" [baseDN] ["?" [scope] ["?" [filter]]]
baseDN Base DN for search
filter LDAP search filter
mapspec Map name
The repository specification in a namespec defaults is as
follows:
o For assignments to a field:
on the LHS yp
on the RHS ldap
NIS field values on the RHS are those that exist before
the NIS entry is modified.
o For assignments to an attribute:
on the LHS ldap
on the RHS yp
Attribute values on the RHS are those that exist before
the LDAP entry is modified.
When the field or attribute name is enclosed in parenthesis,
it denotes a list of field or attribute values. For attri-
butes, the meaning is the list of all attributes of that
name, and the interpretation depends on the context. See the
discussion at Values. The list specification is ignored when
SunOS 5.10 Last change: 29 Mar 2006 13
File Formats NISLDAPmapping(4)
a searchTriple or mapspec is supplied.
For fields, the fieldname syntax is used to map multiple
attribute instances to multiple NIS entries.
The searchTriple can be used to specify an attribute from a
location other than the read or write target. The
defaultvalues are as follows:
baseDN If baseDN is omitted, the default is the
current objectDN. If the baseDN ends in a
comma, the context of the domain is appended
from nisLDAPdomainContext .
scope one
filter Empty
Similarly, the mapspec can be used to specify a field value
from a NIS map other than the one implicitly indicated by
the mapName. If searchTriple or mapspec is explicitly speci-
fied in a namespec, the retrieval or assignment, whether
from or to LDAP or NIS, is performed without checking if
read and write are enabled for the LDAP container or NIS
map.
The ommision of the namespec in an rhs is only allowed if
the lhs is one or more attributes. The effect is to delete
the specified attribute(s). In all other situations, an
omitted namespec means that the rule is ignored.
The filter can be a value. See Values. For example, to find
the ipHostNumberthat uses the cn, you specify the following
in the filter field:
ldap:ipHostNumber:?one?("cn=%s", (cname, "%s.*"))
In order to remove ambiguity, the unmodified value of a sin-
gle field or attribute must be specified as the following
when used in the filter field.
("%s", namespec)
SunOS 5.10 Last change: 29 Mar 2006 14
File Formats NISLDAPmapping(4)
If the filter is not specified, the scope will be base, and
the baseDN is assumed to be the DN of the entry that con-
tains the attribute to be retrieved or modified. To use pre-
viously existing field or attribute values in the mapping
rules requires a lookup to find those values. Obviously,
this adds to the time required to perform the modification.
Also, there is a window between the time when a value is
retrieved and then slightly later stored back. If the values
have changed in the mean time, the change may be overwrit-
ten.
When fieldattrspecs are grouped into rule sets, in the value
of a nisLDAPfieldFromAttribute or nisLDAPattributeFromField
attribute, the evaluation of the fieldattrspecs proceed in
the listed order. However, evaluation may be done in paral-
lel for multiple fieldattrspecs. If there is an error when
evaluating a certain fieldattrspec, including retrieval or
assignment of entry or field values, the extent to which the
other fieldattrspec rules are evaluated is unspecified.
Wildcards
Where wildcard support is available, it is of the following
limited form:
* Matches any number of characters
[x] Matches the character x
[x-y] Matches any character in the range x to y,
inclusive
Combinations such as [a-cA-C0123] are also allowed, which
would match any one of a, b, c, A, B, C, 0, 1, 2, or 3.
Substring Extraction
substringextract = "(" namespec "," matchspec ")"
name = field or attribute name
matchspec =
The matchspec is a string like the sscanf(3C) format string,
except that there may be at most one format specifier, a
single %s. The output value of the substringextract is the
substring that matches the location of the %s.
SunOS 5.10 Last change: 29 Mar 2006 15
File Formats NISLDAPmapping(4)
If there is no %s in the formatstring, it must instead be a
single character, which is assumed to be a field separator
for the namespec. The output values are the field values.
Wild cards are supported. If there is no match, the output
value is the empty string, " ".
For example, if the fieldcname has the value
user.some.domain.name., the value of the expression:
(cname, "%s.*")
is user, which can be used to extract the user name from a
NIS principal name.
Similarly, use this expression to extract the third of the
colon-separated fields of the shadow field:
(shadow, "*:*:%s:*")
This form can be used to extract all of the shadow fields.
However, a simpler way to specify that special case is:
(shadow, ":")
Values
lval = "(" formatspec "," namespec *("," namespec) ")"
rval = "(" formatspec ["," namelist ["," elide] ] ")"
namelist = name_or_sse *( "," name_or_sse)
name_or_sse = namespec | removespec | substringextract
removespec = list_or_name "-" namespec
list_or_name = "(" namespec ")" | namespec
formatspec =
formatstring = A string combining text and % field specifications
elide =
singlechar = Any character
The syntax above is used to produce rval values that incor-
porate field or attribute values, in a manner like
sprintf(3C), or to perform assignments to lval like
sscanf(3C). One important restriction is that the format
specifications,% plus a single character, use the designa-
tions from ber_printf(3LDAP). Thus, while %s is used to
extract a string value, %i causes BER conversion from an
integer. Formats other than %s, for instance, %i, are only
meaningfully defined in simple format strings without any
other text.
SunOS 5.10 Last change: 29 Mar 2006 16
File Formats NISLDAPmapping(4)
The following ber_printf() format characters are recognized:
b i n o s
If there are too few format specifiers, the format string
may be repeated as needed.
When used as an lval, there is a combination of pattern
matching and assignment, possibly to multiple fields or
attributes.
In an assignment to an attribute, if the value of the addr
field is 1.2.3.4, the rval:
("ipNetworkNumber=%s,", addr)
produces the value ipNetworkNumber=1.2.3.4,, while:
("(%s,%s,%s)", host, user, domain)
results in:
(assuming host="xyzzy", user="-", domain="x.y.z")
"(xyzzy,-,x.y.z)"
The elide character feature is used with attribute lists.
So:
("%s,", (mgrprfc822mailmember), ",")
concatenates all mgrprfc822mailmember values into one
comma-separated string, and then elides the final trailing
comma. Thus, for
mgrprfc822mailmember=usera
mgrprfc822mailmember=userb
mgrprfc822mailmember=userc
the value would be:
usera,userb,userc
As a special case, to combine an LHS extraction with an RHS
implicit list creates multiple entries and values. So
SunOS 5.10 Last change: 29 Mar 2006 17
File Formats NISLDAPmapping(4)
("(%s,%s,%s)", host, user, domain)=(nisNetgroupTriple)
creates one NIS entry for each nisNetgroupTriple value.
The 'removespec' form is used to exclude previously assigned
fields values from a list. So, if an LDAP entry contains:
name: foo
cn: foo
cn: foo1
cn: foo2
and the mapping file specifies :
myName = name, \
myAliases = ("%s ", (cn) - yp:myName, " ")
then the following assignments are carried out:
1. Assign value foo to myName
2. Assign value foo foo1 foo2 to myAliases
3. Remove value of myName from value myAliases
This results in the field values myName is set to foo, and
myAliases is set to foo1 foo2.
Assignments
The assignment syntax, also found at Field and Attribute
Conversion Syntax, is as follows:
fieldattrspec = lhs "=" rhs
lhs = lval | namespeclist
rhs = rval | namespec
namespeclist = namespec | "(" namespec *("," namespec) ")"
The general form of a simple assignment, which is a one-to-
one mapping of field to attribute, is:
("%s", fieldname)=("%s", attrname)
As a convenient shorthand, this can also be written as:
SunOS 5.10 Last change: 29 Mar 2006 18
File Formats NISLDAPmapping(4)
fieldname=attrname
A list specification, which is a name enclosed in
parenthesis, can be used to make many-to-many assignments.
The expression:
(fieldname)=(attrname)
where there are multiple instances of attrname, creates one
NIS entry for each such instance, differentiated by their
fieldname values. The following combinations of lists are
allowed, but they are not particularly useful:
(attrname)=(fieldname) Equivalent to
attrname=fieldname
attrname=(fieldname) Equivalent to
attrname=fieldname
(fieldname)=attrname Equivalent to
fieldname=attrname
fieldname=(attrname) Equivalent to
fieldname=attrname
If a multi-valued RHS is assigned to a single-valued LHS,
the LHS value will be the first of the RHS values. If the
RHS is an attribute list, the first attribute is the first
one returned by the LDAP server when queried. Otherwise, the
definition of "first"is implementation dependent.
Finally, the LHS can be an explicit list of fields or attri-
butes, such as:
(name1,name2,name3)
If the RHS is single-valued, this assigns the RHS value to
all entities in the list. If the RHS is multi-valued, the
first value is assigned to the first entity of the list, the
second value to the second entity, and so on. Excess values
or entities are silently ignored.
SunOS 5.10 Last change: 29 Mar 2006 19
File Formats NISLDAPmapping(4)
EXAMPLES
Example 1: Assigning an Attribute Value to a Field
The following example illustrates how to assign the value of
the ipHostNumber attribute to the addr field
addr=ipHostNumber
Example 2: Creating Multiple NIS Entries from Multi-Valued
LDAP Attributes
An LDAP entry with:
cn=name1
cn=name2
cn=name3
and the following assignments:
cname=cn
(name)=(cn)
creates three NIS entries. Other attributes and fields are
omitted for clarity.
cname=name1, name=name1
cname=name1, name=name2
cname=name1, name=name3
Example 3: Assigning String Constants
The following expression sets the passwd field to x:
passwd=("x")
Example 4: Splitting Field Values to Multi-Valued Attributes
The expansion field contains a comma-separated list of alias
member names. In the following example, the expression
assigns each member name to an instance of
mgrprfc822mailmember:
(mgrprfc822mailmember)=(expansion, ",")
FILES
SunOS 5.10 Last change: 29 Mar 2006 20
File Formats NISLDAPmapping(4)
/var/yp/NISLDAPmapping Mapping file used by the NIS
server components
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWypu |
|_____________________________|_____________________________|
| Interface Stability | Obsolete |
|_____________________________|_____________________________|
SEE ALSO
inityp2l(1M), makedbm(1M), ypserv(1M), ber_printf(3LDAP),
sprintf(3C), sscanf(3C), NIS+LDAPmapping(4), ypserv(4),
attributes(5)
System Administration Guide: Naming and Directory Services
(DNS, NIS, and LDAP)
SunOS 5.10 Last change: 29 Mar 2006 21
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:27:27 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2878 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2489 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2408 hits)
(Suse Linux 10.1)
|
Man Pages 
