Print this page
9842 man page typos and spelling
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man4/NISLDAPmapping.4
+++ new/usr/src/man/man4/NISLDAPmapping.4
1 1 '\" te
2 2 .\" Copyright (C) 2006, Sun Microsystems, Inc. All Rights Reserved
3 3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 6 .TH NISLDAPMAPPING 4 "Feb 25, 2017"
7 7 .SH NAME
8 8 NISLDAPmapping \- mapping file used by the NIS server components
9 9 .SH SYNOPSIS
10 10 .LP
11 11 .nf
12 12 \fB/var/yp/NISLDAPmapping\fR
13 13 .fi
14 14
15 15 .SH DESCRIPTION
16 16 .LP
17 17 The \fBNISLDAPmapping\fR file specifies the mapping between NIS map entries and
18 18 equivalent Directory Information Tree (DIT) entries.
19 19 .sp
20 20 .LP
21 21 The presence of \fB/var/yp/NISLDAPmapping\fR on a NIS master server causes that
22 22 server to obtain NIS data from LDAP. See \fBypserv\fR(4). If
23 23 \fB/var/yp/NISLDAPmapping\fR is present but the connection configuration file
24 24 that is defined in \fB/etc/default/ypserv\fR cannot be found, a warning is
25 25 logged. See \fBypserv\fR(1M).
26 26 .sp
27 27 .LP
28 28 NIS slave servers always obtain their data from a NIS master server, whether or
29 29 not that server is getting data from LDAP, and ignore the
30 30 \fB/var/yp/NISLDAPmapping\fR file.
31 31 .sp
32 32 .LP
33 33 A simple \fBNISLDAPmapping\fR file is created using \fBinityp2l\fR(1M). You can
34 34 customize your \fBNISLDAPmapping\fR file as you require.
35 35 .sp
36 36 .LP
37 37 Each attribute defined below can be specified
38 38 in\fB/var/yp/NISLDAPmappingLDAP\fR or as an LDAP attribute. If both are
39 39 specified, then the attribute in \fB/var/yp/NISLDAPmapping\fR (including empty
40 40 values) takes precedence.
41 41 .sp
42 42 .LP
43 43 A continuation is indicated by a '\e' (backslash) in the last position,
44 44 immediately before the newline of a line. Characters are escaped, that is,
45 45 exempted from special interpretation, when preceded by a backslash character.
46 46 .sp
47 47 .LP
48 48 The '#' (hash) character starts a comment. White space is either ASCII space or
49 49 a horizontal tab. In general, lines consist of optional white space, an
50 50 attribute name, at least one white space character, and an attribute value.
51 51 .SH EXTENDED DESCRIPTION
52 52 .SS "File Syntax"
53 53 .LP
54 54 Repeated fields, with separator characters, are described by the following
55 55 syntax:
56 56 .sp
57 57 .ne 2
58 58 .na
59 59 \fBOne or more entries\fR
60 60 .ad
61 61 .RS 24n
62 62 entry:entry:entry
63 63 .sp
64 64 .in +2
65 65 .nf
66 66 entry[":"...]
67 67 .fi
68 68 .in -2
69 69
70 70 .RE
71 71
72 72 .sp
73 73 .ne 2
74 74 .na
75 75 \fBZero or more entries\fR
76 76 .ad
77 77 .RS 24n
78 78 .sp
79 79 .in +2
80 80 .nf
81 81 [entry":"...]
82 82 .fi
83 83 .in -2
84 84
85 85 .RE
86 86
87 87 .SS "Attributes"
88 88 .LP
89 89 Attributes generally apply to one more more NIS maps. Map names can be
90 90 specified either on their own,that is in \fBpasswd.byname\fR, in which case
91 91 they apply to all domains, or for individual NIS domains, for example, in
92 92 \fBpasswd.byname,example.sun.uk\fR. Where a map is mentioned in more than one
93 93 attribute, both versions are applied. If any parts of the attributes are in
94 94 conflict, the domain specific version takes precedence over the non-domain
95 95 specific version.
96 96 .sp
97 97 .LP
98 98 Each domain specific attributes must appear in \fBNISLDAPmapping\fR before any
99 99 related non-domain specific attribute. If non-domain specific attributes appear
100 100 first, behavior may be unpredictable. Errors are logged when non-domain
101 101 specific attributes are found first.
102 102 .sp
103 103 .LP
104 104 You can associate a group of map names with a \fBdatabaseId\fR. In effect, a
105 105 macro is expanded to the group of names. Use this mechanism where the same
106 106 group of names is used in many attributes or where domain specific map names
107 107 are used. Then, you can make any changes to the domain name in one place.
108 108 .sp
109 109 .LP
110 110 Unless otherwise noted, all elements of the syntaxes below may be surrounded by
111 111 white space. Separator characters and white space must be escaped if they are
112 112 part of syntactic elements.
113 113 .sp
114 114 .LP
115 115 The following attributes are recognized.
116 116 .sp
117 117 .ne 2
118 118 .na
119 119 \fB\fBnisLDAPdomainContext\fR\fR
120 120 .ad
121 121 .sp .6
122 122 .RS 4n
123 123 The context to use for a NIS domain.
124 124 .sp
125 125 The syntax for \fBnisLDAPdomainContext\fR is:
126 126 .sp
127 127 .in +2
128 128 .nf
129 129 NISDomainName ":" context
130 130 .fi
131 131 .in -2
132 132
133 133 The following is an example of the \fBnisLDAPdomainContext\fR attribute:
134 134 .sp
135 135 .in +2
136 136 .nf
137 137 domain.one : dc=site, dc=company, dc=com
138 138 .fi
139 139 .in -2
140 140
141 141 The mapping file should define the context for each domain before any other
142 142 attribute makes use of the \fBNISDomainName\fR specified for that domain.
143 143 .RE
144 144
145 145 .sp
146 146 .ne 2
147 147 .na
148 148 \fB\fBnisLDAPyppasswddDomains\fR\fR
149 149 .ad
150 150 .sp .6
151 151 .RS 4n
152 152 Lists the domains for which password changes should be made. NIS password
153 153 change requests do not specify the domains in which any given password should
154 154 be changed. In traditional NIS this information is effectively hard coded in
155 155 the NIS makefile.
156 156 .sp
157 157 The syntax for the \fBnisLDAPyppasswddDomains\fR attribute is:
158 158 .sp
159 159 .in +2
160 160 .nf
161 161 domainname
162 162 .fi
163 163 .in -2
164 164
165 165 If there are multiple domains, use multiple \fBnisLDAPyppasswddDomain\fR
166 166 entries with one domainname per entry.
167 167 .RE
168 168
169 169 .sp
170 170 .ne 2
171 171 .na
172 172 \fB\fBnisLDAPdatabaseIdMapping\fR\fR
173 173 .ad
174 174 .sp .6
175 175 .RS 4n
176 176 Sets up an alias for a group of NIS map names. There is no default value.
177 177 .sp
178 178 The syntax for the \fBnisLDAPdatabaseIdMapping\fR attribute is:
179 179 .sp
180 180 .in +2
181 181 .nf
182 182 databaseId ":" ["["indexlist"]"] mapname[" "...]
183 183 .fi
184 184 .in -2
185 185
186 186 where
187 187 .sp
188 188 .in +2
189 189 .nf
190 190 databaseId = Label identifying a (subset of a) NIS
191 191 object for mapping purposes.
192 192 indexlist = fieldspec[","...]
193 193 fieldspec = fieldname "=" fieldvalue
194 194 fieldname = The name of a entry field as defined in
195 195 nisLDAPnameFields.
196 196 fieldvalue = fieldvaluestring | \e" fieldvaluestring \e"
197 197 .fi
198 198 .in -2
199 199
200 200 \fBindexlist\fR is used for those cases where it is necessary to select a
201 201 subset of entries from a NIS map. The subset are those NIS entries that match
202 202 the \fBindexlist\fR. If there are multiple specifications indexed for a
203 203 particular NIS map, they are tried in the order retrieved until one matches.
204 204 Note that retrieval order usually is unspecified for multi-valued LDAP
205 205 attributes. Hence, if using indexed specifications when
206 206 \fBnisLDAPdatabaseIdMapping\fR is retrieved from LDAP, make sure that the
207 207 subset match is unambiguous.
208 208 .sp
209 209 If the \fBfieldvaluestring\fR contains white space or commas, it must either be
210 210 surrounded by double quotes, or the special characters must be escaped.
211 211 Wildcards are allowed in the \fBfieldvaluestring\fR. See Wildcards
212 212 .sp
213 213 To associate the \fBpasswd.byname\fR and \fBpasswd.byuid\fR maps with the
214 214 \fBpasswd databaseId\fR:
215 215 .sp
216 216 .in +2
217 217 .nf
218 218 passwd:passwd.byname passwd.byuid
219 219 .fi
220 220 .in -2
221 221
222 222 The \fBpasswd\fR and \fBpasswd.adjunct\fR \fBdatabaseIds\fR receive special
223 223 handling. In addition to its normal usage, \fBpasswd\fR defines which maps
224 224 \fByppasswdd\fR is to update when a \fBpasswd\fR is changed. In addition to its
225 225 normal usage \fBpasswd.adjunct\fR defines which maps \fByppasswdd\fR is to
226 226 update when an adjunct \fBpasswd\fR is changed.
227 227 .sp
228 228 You may not alias a single map name to a different name, as the results are
229 229 unpredictable.
230 230 .RE
231 231
232 232 .sp
233 233 .ne 2
234 234 .na
235 235 \fB\fBnisLDAPentryTtl\fR\fR
236 236 .ad
237 237 .sp .6
238 238 .RS 4n
239 239 Establish TTLs for NIS entries derived from LDAP.
240 240 .sp
241 241 The syntax for the \fBnisLDAPentryTtl\fR attribute is:
242 242 .sp
243 243 .in +2
244 244 .nf
245 245 mapName[" "...]":"
246 246 initialTTLlo ":" initialTTLhi ":" runningTTL
247 247 .fi
248 248 .in -2
249 249
250 250 where
251 251 .sp
252 252 .ne 2
253 253 .na
254 254 \fB\fBinitialTTLlo\fR\fR
255 255 .ad
256 256 .RS 16n
257 257 The lower limit for the initial \fBTTL\fR (in seconds) for data read from LDAP
258 258 when the \fBypserv\fR starts. If the \fBinitialTTLhi\fR also is specified, the
259 259 actual \fBinitialTTL\fR will be randomly selected from the interval
260 260 \fBinitialTTLlo\fR to \fBinitialTTLhi\fR , inclusive. Leaving the field empty
261 261 yields the default value of 1800 seconds.
262 262 .RE
263 263
264 264 .sp
265 265 .ne 2
266 266 .na
267 267 \fB\fBinitialTTLhi\fR\fR
268 268 .ad
269 269 .RS 16n
270 270 The upper limit for the initial TTL. If left empty, defaults to 5400.
271 271 .RE
272 272
273 273 .sp
274 274 .ne 2
275 275 .na
276 276 \fB\fBrunningTTL\fR\fR
277 277 .ad
278 278 .RS 16n
279 279 The TTL (in seconds) for data retrieved from LDAP while the ypserv is running.
280 280 Leave the field empty to obtain the default value of 3600 seconds.
281 281 .RE
282 282
283 283 If there is no specification of \fBTTL\fRs for a particular map, the default
284 284 values are used.
285 285 .sp
286 286 If the \fBinitialTTLlo\fR and \fBinitialTTLhi\fR have the same value, the
287 287 effect will be that all data known to the \fBypserv\fR at startup times out at
288 288 the same time. Depending on NIS data lookup patterns, this could cause spikes
289 289 in ypserv-to-LDAP traffic. In order to avoid that, you can specify different
290 290 \fBinitialTTLlo\fR and \fBinitialTTLhi\fR values, and obtain a spread in
291 291 initial TTLs.
292 292 .sp
293 293 The following is an example of the \fBnisLDAPentryTtl\fR attribute used to
294 294 specify that entries in the NIS host maps read from LDAP should be valid for
295 295 four hours. When \fBypserv\fR restarts, the disk database entries are valid for
296 296 between two and three hours.
297 297 .sp
298 298 .in +2
299 299 .nf
300 300 hosts.byname hosts.byaddr:7200:10800:14400
301 301 .fi
302 302 .in -2
303 303
304 304 .RE
305 305
306 306 .sp
307 307 .ne 2
308 308 .na
309 309 \fB\fBnisLDAPobjectDN\fR\fR
310 310 .ad
311 311 .sp .6
312 312 .RS 4n
313 313 Specifies the connection between a group of NIS maps and the LDAP directory.
314 314 This attribute also defines the 'order' of the NIS maps. When NIS maps are bulk
315 315 copied to or from the DIT, they are processed in the same order as related
316 316 \fBnisLDAPobjectDN\fR attributes appear in \fB/var/yp/NISLDAPmapping.\fR
317 317 .sp
318 318 The syntax for the \fBnisLDAPobjectDN\fR\ attribute is:
319 319 .sp
320 320 .in +2
321 321 .nf
322 322 mapName[" "...] ":" objectDN *( ";" objectDN )
323 323 .fi
324 324 .in -2
325 325
326 326 where
327 327 .sp
328 328 .in +2
329 329 .nf
330 330 objectDN = readObjectSpec [":"[writeObjectSpec]]
331 331 readObjectSpec = [baseAndScope [filterAttrValList]]
332 332 writeObjectSpec = [baseAndScope [attrValList]]
333 333 baseAndScope = [baseDN] ["?" [scope]]
334 334 filterAttrValList = ["?" [filter | attrValList]]]
335 335 scope = "base" | "one" | "sub"
336 336 attrValList = attribute "=" value
337 337 *("," attribute "=" value)
338 338 .fi
339 339 .in -2
340 340
341 341 The \fBbaseDN\fR defaults to the value of the \fBnisLDAPdomainContext\fR
342 342 attribute for the accessed domain. If the \fBbaseDN\fR ends in a comma, the
343 343 \fBnisLDAPdomainContext\fR value is appended.
344 344 .sp
345 345 \fBscope\fR defaults to one. \fBscope\fR has no meaning and is ignored in a
346 346 \fBwriteObjectSpec\fR.
347 347 .sp
348 348 The \fBfilter\fR is an LDAP search filter and has no default value.
349 349 .sp
350 350 The \fBattrValList\fR is a list of attribute and value pairs. There is no
351 351 default value.
352 352 .sp
353 353 As a convenience, if an \fBattrValList\fR is specified in a
354 354 \fBreadObjectSpec\fR, it is converted to a search filter by ANDing together the
355 355 attributes and the values. For example, the attribute and value list:
356 356 .sp
357 357 .in +2
358 358 .nf
359 359 objectClass=posixAccount,objectClass=shadowAccount
360 360 .fi
361 361 .in -2
362 362
363 363 is converted to the filter:
364 364 .sp
365 365 .in +2
366 366 .nf
367 367 (&(objectClass=posixAccount)\e
368 368 (objectClass=shadowAccount))
369 369 .fi
370 370 .in -2
371 371
372 372 Map entries are mapped by means of the relevant mapping rules in the
373 373 \fBnisLDAPnameFields\fR and \fBnisLDAPattributeFromField\fR .
374 374 .sp
375 375 If a \fBwriteObjectSpec\fR is omitted, the effect is one of the following:
376 376 .RS +4
377 377 .TP
378 378 .ie t \(bu
379 379 .el o
380 380 If there is no trailing colon after the \fBreadObjectSpec\fR, then there is no
381 381 write at all.
382 382 .RE
383 383 .RS +4
384 384 .TP
385 385 .ie t \(bu
386 386 .el o
387 387 If there is a colon after the \fBreadObjectSpec\fR, then \fBwriteObjectSpec\fR
388 388 equals \fBreadObjectSpec\fR.
389 389 .RE
390 390 The following is an example of a \fBnisLDAPobjectDN\fR attribute declaration
391 391 that gets the \fBhosts.byaddr\fR map entries from the \fBou=Hosts\fR container
392 392 under the default search base and writes to the same place.
393 393 .sp
394 394 .in +2
395 395 .nf
396 396 hosts.byaddr:ou=Hosts,?one?objectClass=ipHost:
397 397 .fi
398 398 .in -2
399 399
400 400 The following is an example of a \fBnisLDAPobjectDN\fR attribute declaration
401 401 that obtains \fBpasswd\fR map entries from the \fBou=People\fR containers under
402 402 the default search base, and also from \fBdc=another,dc=domain\fR.
403 403 .sp
404 404 .in +2
405 405 .nf
406 406 passwd:ou=People,?one?\e
407 407 objectClass=shadowAccount,\e
408 408 objectClass=posixAccount:;\e
409 409 ou=People,dc=another,dc=domain,?one?\e
410 410 objectClass=shadowAccount,\e
411 411 objectClass=posixAccount
412 412 .fi
413 413 .in -2
414 414
415 415 .RE
416 416
417 417 .sp
418 418 .ne 2
419 419 .na
420 420 \fB\fBnisLDAPnameFields\fR\fR
421 421 .ad
422 422 .sp .6
423 423 .RS 4n
424 424 Specifies the content of entries in a NIS map and how they should be broken
425 425 into named fields. \fBnisLDAPnameFields\fR is required because NIS
426 426 maps do not store information in named fields.
427 427 .sp
428 428 The syntax for the \fBnisLDAPnameFields\fR attribute is as follows:
429 429 .sp
430 430 .in +2
431 431 .nf
432 432 "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
433 433 fieldName = nameOrArrayName[","...]
434 434 nameOrArrayName = Name of field or 'array' of repeated fields.
435 435 matchspec = \e" formatString \e"
436 436 .fi
437 437 .in -2
438 438
439 439 \fBformatString\fR may contains a list of \fB%s\fR and \fB%a\fR elements each
440 440 of which represents a single named field or a list of repeated fields. A
441 441 \fB%a\fR field is interpreted as an IPv4 address or an IPv6 address in
442 442 preferred format. If an IPv6 address in non preferred format is found, then it
443 443 is converted and a warning is logged.
444 444 .sp
445 445 Where there are a list of repeated fields, the entire list is stored as one
446 446 entry. The fields are broken up into individual entries, based on the internal
447 447 separator, at a latter stage. Other characters represent separators which must
448 448 be present. Any separator, including whitespace, specified by the
449 449 \fBformatString\fR, may be surrounded by a number of whitespace and tab
450 450 characters. The whitespace and tab characters are ignored.
451 451 .sp
452 452 Regardless of the content of this entry some \fBfieldNames\fR are reserved:
453 453 .sp
454 454 .ne 2
455 455 .na
456 456 \fB\fBrf_key\fR\fR
457 457 .ad
458 458 .RS 18n
459 459 The DBM key value
460 460 .RE
461 461
462 462 .sp
463 463 .ne 2
464 464 .na
465 465 \fB\fBrf_ipkey\fR\fR
466 466 .ad
467 467 .RS 18n
468 468 The DBM key value handled as an IP address. See the discussion of \fB%a\fR
469 469 fields.
470 470 .RE
471 471
472 472 .sp
473 473 .ne 2
474 474 .na
475 475 \fB\fBrf_comment\fR\fR
476 476 .ad
477 477 .RS 18n
478 478 Everything following the first occurrence of a symbol. \fBrf_comment\fR is
479 479 defined by \fBnisLDAPcommentChar\fR.
480 480 .RE
481 481
482 482 .sp
483 483 .ne 2
484 484 .na
485 485 \fB\fBrf_domain\fR\fR
486 486 .ad
487 487 .RS 18n
488 488 The name of the domain in which the current NIS operation is being carried out.
489 489 .RE
490 490
491 491 .sp
492 492 .ne 2
493 493 .na
494 494 \fB\fBrf_searchipkey\fR\fR
495 495 .ad
496 496 .RS 18n
497 497 The \fBrf_searchkey\fR value handled as an IP address. See the discussion of
498 498 \fB%a\fR fields above.
499 499 .RE
500 500
501 501 .sp
502 502 .ne 2
503 503 .na
504 504 \fB\fBrf_searchkey\fR\fR
505 505 .ad
506 506 .RS 18n
507 507 See the description under \fBnisLDAPattributeFromField\fR below.
508 508 .RE
509 509
510 510 For example, the \fBrpc.bynumber\fR map has the format:
511 511 .sp
512 512 .in +2
513 513 .nf
514 514 name number alias[" "...]
515 515 .fi
516 516 .in -2
517 517
518 518 The NIS to LDAP system is instructed to break it into a name, a number, and an
519 519 array of alias field by the following entry in the mapping file:
520 520 .sp
521 521 .in +2
522 522 .nf
523 523 nisLDAPnameFields rpc.bynumber : \e
524 524 "%s %s %s", name,number,aliases)
525 525 .fi
526 526 .in -2
527 527
528 528 .RE
529 529
530 530 .sp
531 531 .ne 2
532 532 .na
533 533 \fB\fBnisLDAPsplitFields\fR\fR
534 534 .ad
535 535 .sp .6
536 536 .RS 4n
537 537 Defines how a field, or list of fields, named by \fBnisLDAPnameFields\fR is
538 538 split into subfields. The original field is compared with each line of this
539 539 attribute until one matches. When a match is found named subfields are
540 540 generated. In latter operations subfield names can be used in the same way as
541 541 other field names.
542 542 .sp
543 543 The syntax for the \fBnisLDAPsplitFields\fR attribute is as follows:
544 544 .sp
545 545 .in +2
546 546 .nf
547 547 "nisLDAPsplitFields" fieldName ":" splitSpec[","...]
548 548 splitSpec = "(" matchspec "," subFieldNames ")"
549 549 fieldName = Name of a field from nisLDAPnameFields
550 550 subFieldNames = subFieldname[","...]
551 551 matchspec = \e" formatString \e"
552 552 .fi
553 553 .in -2
554 554
555 555 The netgroup \fBmemberTriples\fR can have format \fB(host, user, domain)\fR or
556 556 \fBgroupname\fR. The format is specified by the attribute:
557 557 .sp
558 558 .in +2
559 559 .nf
560 560 nisLDAPsplitField memberTriple: \e
561 561 ("(%s,%s,%s)", host, user, domain) , \e
562 562 ("%s", group)
563 563 .fi
564 564 .in -2
|
↓ open down ↓ |
564 lines elided |
↑ open up ↑ |
565 565
566 566 Later operations can then use field names \fBhost\fR, \fBuser\fR, \fBdomain\fR,
567 567 \fBgroup\fR or \fBmemberTriple\fR. Because lines are processed in order, if
568 568 \fBhost\fR, \fBuser\fR and \fBdomain\fR are found, \fBgroup\fR will not be
569 569 generated.
570 570 .sp
571 571 Several maps and databaseIds may contain fields that are to be split in the
572 572 same way. As a consequence, the names of fields to be split must be unique
573 573 across all maps and databaseIds.
574 574 .sp
575 -Only one level of spliting is supported.That is, a subfield cannot be split
575 +Only one level of splitting is supported. That is, a subfield cannot be split
576 576 into further subfields.
577 577 .RE
578 578
579 579 .sp
580 580 .ne 2
581 581 .na
582 582 \fB\fBnisLDAPrepeatedFieldSeparators\fR\fR
583 583 .ad
584 584 .sp .6
585 585 .RS 4n
586 -Where there is a list of repeated, splitable fields,
586 +Where there is a list of repeated, splittable fields,
587 587 \fBnisLDAPrepeatedFieldSeparators\fR specifies which characters separate
588 -instances of the splitable field.
588 +instances of the splittable field.
589 589 .sp
590 590 The syntax for the \fBnisLDAPrepeatedFieldSeparators\fR attribute is as
591 591 follows:
592 592 .sp
593 593 .in +2
594 594 .nf
595 595 "nisLDAPrepeatedFieldSeparators" fieldName \e"sepChar[...]\e"
596 596 sepChar = A separator character.
597 597 .fi
598 598 .in -2
599 599
600 -The default value is space or tab. If repeated splitable fields are adjacent,
600 +The default value is space or tab. If repeated splittable fields are adjacent,
601 601 that is, there is no separating character, then the following should be
602 602 specified:
603 603 .sp
604 604 .in +2
605 605 .nf
606 606 nisLDAPrepeatedFieldSeparators netIdEntry: ""
607 607 .fi
608 608 .in -2
609 609
610 610 .RE
611 611
612 612 .sp
613 613 .ne 2
614 614 .na
615 615 \fB\fBnisLDAPcommentChar\fR\fR
616 616 .ad
617 617 .sp .6
618 618 .RS 4n
619 619 Specifies which character represents the start of the special comment field in
620 620 a given NIS map. If this attribute is not present then the default comment
621 621 character \fB#\fR is used.
622 622 .sp
623 623 To specify that a map uses a asterix to mark the start of comments.
624 624 .sp
625 625 .in +2
626 626 .nf
627 627 nisLDAPcommentChar mapname : '*'
628 628 .fi
629 629 .in -2
630 630
631 631 If a map cannot contain comments, then the following attribute should be
632 632 specified.
633 633 .sp
634 634 .in +2
635 635 .nf
636 636 nisLDAPcommentChar mapname : ''
637 637 .fi
638 638 .in -2
639 639
640 640 .RE
641 641
642 642 .sp
643 643 .ne 2
644 644 .na
645 645 \fB\fBnisLDAPmapFlags\fR\fR
646 646 .ad
647 647 .sp .6
648 648 .RS 4n
649 649 Indicates if \fBYP_INTERDOMAIN\fR or \fBYP_SECURE\fR entries should be created
650 650 in a map. Using \fBnisLDAPmapFlags\fR is equivalent to running
651 651 \fBmakedbm\fR(1M) with the \fB-b\fR or the \fB-s\fR option. When a map is
652 652 created from the contents of the DIT, the mapping file attribute is the only
653 653 source for the \fBYP_INTERDOMAIN\fR or \fBYP_SECURE\fR entries.
654 654 .sp
655 655 The syntax for the \fBnisLDAPmapFlags\fR attribute is as follows:
656 656 .sp
657 657 .in +2
658 658 .nf
659 659 "nisLDAPmapFlags" mapname ":" ["b"]["s"]
660 660 .fi
661 661 .in -2
662 662
663 663 By default neither entry is created.
664 664 .RE
665 665
666 666 .sp
667 667 .ne 2
668 668 .na
669 669 \fB\fBnisLDAPfieldFromAttribute\fR\fR
670 670 .ad
671 671 .sp .6
672 672 .RS 4n
673 673 Specifies how a NIS entries field values are derived from LDAP attribute
674 674 values.
675 675 .sp
676 676 The syntax for the \fBnisLDAPfieldFromAttribute\fR attribute is as follows:
677 677 .sp
678 678 .in +2
679 679 .nf
680 680 mapName ":" fieldattrspec *("," fieldattrspec)
681 681 .fi
682 682 .in -2
683 683
684 684 The format of \fBfieldattrspec\fR is shown below at Field and Attribute
685 685 Conversion Syntax.
686 686 .sp
687 687 To map by direct copy and assignment the value of the \fBipHostNumber\fR
688 688 attribute to the \fBaddr\fR named field, for example:
689 689 .sp
690 690 .in +2
691 691 .nf
692 692 addr=ipHostNumber
693 693 .fi
694 694 .in -2
695 695
696 696 Formats for the named field and attribute conversion syntax are discussed
697 697 below, including examples of complex attribute to field conversions.
698 698 .RE
699 699
700 700 .sp
701 701 .ne 2
702 702 .na
703 703 \fB\fBnisLDAPattributeFromField\fR\fR
704 704 .ad
705 705 .sp .6
706 706 .RS 4n
707 707 Specifies how an LDAP attribute value is derived from a NIS entriy field
708 708 value.
709 709 .sp
710 710 The syntax for the \fBnisLDAPattributeFromField\fR attribute is as follows:
711 711 .sp
712 712 .in +2
713 713 .nf
714 714 mapName ":" fieldattrspec *("," fieldattrspec )
715 715 .fi
716 716 .in -2
717 717
718 718 The format of \fBfieldattrspec\fR is shown below at Field and Attribute
719 719 Conversion Syntax.
720 720 .sp
721 721 As a special case, if the \fBdn\fR attribute value derived from a
722 722 \fBfieldattrspec\fR ends in a comma ("\fB,\fR"), the domains context from
723 723 \fBnisLDAPdomainContext\fR is appended.
724 724 .sp
725 725 Use the following example to map the value of the \fBaddr\fR field to the
726 726 \fBipHostNumber\fR attribute by direct copy and assignment:
727 727 .sp
728 728 .in +2
729 729 .nf
730 730 ipHostNumber=addr
731 731 .fi
732 732 .in -2
733 733
734 734 All relevant attributes, including the \fBdn\fR, must be specified.
735 735 .sp
736 736 For every map it must be possible to rapidly find a DIT entry based on its key.
737 737 There are some maps for which a NIS to LDAP mapping for the key is not
738 738 desirable, so a key mapping cannot be specified. In these cases a mapping that
739 739 uses the reserved \fBrf_searchkey\fR must be specified. Mappings that use this
740 740 field name are ignored when information is mapped into the DIT.
741 741 .RE
742 742
743 743 .SS "Field and Attribute Conversion Syntax"
744 744 .LP
745 745 The general format of a \fBfieldattrspec\fR is:
746 746 .sp
747 747 .in +2
748 748 .nf
749 749 fieldattrspec = lhs "=" rhs
750 750 lhs = lval | namespeclist
751 751 rhs = rval | [namespec]
752 752 namespeclist = namespec | "(" namespec *("," namespec) ")"
753 753 .fi
754 754 .in -2
755 755
756 756 .sp
757 757 .LP
758 758 The \fBlval\fR and \fBrval\fR syntax are defined below at Values. The format of
759 759 a \fBnamespec\fR is:
760 760 .sp
761 761 .ne 2
762 762 .na
763 763 \fB\fBnamespec\fR\fR
764 764 .ad
765 765 .RS 16n
766 766 .sp
767 767 .in +2
768 768 .nf
769 769 ["ldap:"] attrspec [searchTriple] | ["yp:"] fieldname
770 770 [mapspec]
771 771 .fi
772 772 .in -2
773 773
774 774 .RE
775 775
776 776 .sp
777 777 .ne 2
778 778 .na
779 779 \fB\fBfieldname\fR\fR
780 780 .ad
781 781 .RS 16n
782 782 .sp
783 783 .in +2
784 784 .nf
785 785 field | "(" field ")"
786 786 .fi
787 787 .in -2
788 788
789 789 .RE
790 790
791 791 .sp
792 792 .ne 2
793 793 .na
794 794 \fB\fBattrspec\fR\fR
795 795 .ad
796 796 .RS 16n
797 797 .sp
798 798 .in +2
799 799 .nf
800 800 attribute | "(" attribute ")"
801 801 .fi
802 802 .in -2
803 803
804 804 .RE
805 805
806 806 .sp
807 807 .ne 2
808 808 .na
809 809 \fB\fBsearchTriple\fR\fR
810 810 .ad
811 811 .RS 16n
812 812 .sp
813 813 .in +2
814 814 .nf
815 815 ":" [baseDN] ["?" [scope] ["?" [filter]]]
816 816 .fi
817 817 .in -2
818 818
819 819 .RE
820 820
821 821 .sp
822 822 .ne 2
823 823 .na
824 824 \fB\fBbaseDN\fR\fR
825 825 .ad
826 826 .RS 16n
827 827 Base DN for search
828 828 .RE
829 829
830 830 .sp
831 831 .ne 2
832 832 .na
833 833 \fB\fBfilter\fR\fR
834 834 .ad
835 835 .RS 16n
836 836 LDAP search filter
837 837 .RE
838 838
839 839 .sp
840 840 .ne 2
841 841 .na
842 842 \fB\fBmapspec\fR\fR
843 843 .ad
844 844 .RS 16n
845 845 Map name
846 846 .RE
847 847
848 848 .sp
849 849 .LP
850 850 The repository specification in a \fBnamespec\fR defaults is as follows:
851 851 .RS +4
852 852 .TP
853 853 .ie t \(bu
854 854 .el o
855 855 For assignments to a field:
856 856 .RS
857 857
858 858 .sp
859 859 .ne 2
860 860 .na
861 861 \fBon the \fBLHS\fR\fR
862 862 .ad
863 863 .RS 14n
864 864 yp
865 865 .RE
866 866
867 867 .sp
868 868 .ne 2
869 869 .na
870 870 \fBon the \fBRHS\fR\fR
871 871 .ad
872 872 .RS 14n
873 873 ldap
874 874 .RE
875 875
876 876 .RE
877 877
878 878 NIS field values on the \fBRHS\fR are those that exist before the NIS entry is
879 879 modified.
880 880 .RE
881 881 .RS +4
882 882 .TP
883 883 .ie t \(bu
884 884 .el o
885 885 For assignments to an attribute:
886 886 .RS
887 887
888 888 .sp
889 889 .ne 2
890 890 .na
891 891 \fBon the \fBLHS\fR\fR
892 892 .ad
893 893 .RS 14n
894 894 ldap
895 895 .RE
896 896
897 897 .sp
898 898 .ne 2
899 899 .na
900 900 \fBon the \fBRHS\fR\fR
901 901 .ad
902 902 .RS 14n
903 903 yp
904 904 .RE
905 905
906 906 .RE
907 907
908 908 Attribute values on the \fBRHS\fR are those that exist before the LDAP entry is
909 909 modified.
910 910 .RE
911 911 .sp
912 912 .LP
913 913 When the field or attribute name is enclosed in parenthesis, it denotes a list
914 914 of field or attribute values. For attributes, the meaning is the list of all
915 915 attributes of that name, and the interpretation depends on the context. See the
916 916 discussion at Values. The list specification is ignored when a
917 917 \fBsearchTriple\fR or \fBmapspec\fR is supplied.
918 918 .sp
919 919 .LP
920 920 For fields, the \fBfieldname\fR syntax is used to map multiple attribute
921 921 instances to multiple NIS entries.
922 922 .sp
923 923 .LP
924 924 The \fBsearchTriple\fR can be used to specify an attribute from a location
925 925 other than the read or write target. The defaultvalues are as follows:
926 926 .sp
927 927 .ne 2
928 928 .na
929 929 \fB\fBbaseDN\fR\fR
930 930 .ad
931 931 .RS 10n
932 932 If \fBbaseDN\fR is omitted, the default is the current \fBobjectDN\fR. If the
933 933 \fBbaseDN\fR ends in a comma, the context of the domain is appended from
934 934 \fBnisLDAPdomainContext\fR .
935 935 .RE
936 936
937 937 .sp
938 938 .ne 2
939 939 .na
940 940 \fB\fBscope\fR\fR
941 941 .ad
942 942 .RS 10n
943 943 one
944 944 .RE
945 945
946 946 .sp
947 947 .ne 2
948 948 .na
949 949 \fB\fBfilter\fR\fR
950 950 .ad
951 951 .RS 10n
952 952 Empty
953 953 .RE
954 954
955 955 .sp
956 956 .LP
957 957 Similarly, the \fBmapspec\fR can be used to specify a field value from a NIS
958 958 map other than the one implicitly indicated by the \fBmapName\fR. If
959 959 \fBsearchTriple\fR or \fBmapspec\fR is explicitly specified in a
960 960 \fBnamespec\fR, the retrieval or assignment, whether from or to LDAP or NIS, is
961 961 performed without checking if read and write are enabled for the LDAP container
962 962 or NIS map.
963 963 .sp
964 964 .LP
965 965 The omission of the \fBnamespec\fR in an \fBrhs\fR is only allowed if the
966 966 \fBlhs\fR is one or more attributes. The effect is to delete the specified
967 967 attribute(s). In all other situations, an omitted \fBnamespec\fR means that the
968 968 rule is ignored.
969 969 .sp
970 970 .LP
971 971 The \fBfilter\fR can be a value. See Values. For example, to find the
972 972 \fBipHostNumber\fRthat uses the \fBcn\fR, you specify the following in the
973 973 \fBfilter\fR field:
974 974 .sp
975 975 .in +2
976 976 .nf
977 977 ldap:ipHostNumber:?one?("cn=%s", (cname, "%s.*"))
978 978 .fi
979 979 .in -2
980 980
981 981 .sp
982 982 .LP
983 983 In order to remove ambiguity, the unmodified value of a single field or
984 984 attribute must be specified as the following when used in the \fBfilter\fR
985 985 field.
986 986 .sp
987 987 .in +2
988 988 .nf
989 989 ("%s", namespec)
990 990 .fi
991 991 .in -2
992 992
993 993 .sp
994 994 .LP
995 995 If the \fBfilter\fR is not specified, the scope will be base, and the
996 996 \fBbaseDN\fR is assumed to be the \fBDN\fR of the entry that contains the
997 997 attribute to be retrieved or modified. To use previously existing field or
998 998 attribute values in the mapping rules requires a lookup to find those values.
999 999 Obviously, this adds to the time required to perform the modification. Also,
1000 1000 there is a window between the time when a value is retrieved and then slightly
1001 1001 later stored back. If the values have changed in the mean time, the change may
1002 1002 be overwritten.
1003 1003 .sp
1004 1004 .LP
1005 1005 When \fBfieldattrspecs\fR are grouped into rule sets, in the value of a
1006 1006 \fBnisLDAPfieldFromAttribute\fR or \fBnisLDAPattributeFromField\fR attribute,
1007 1007 the evaluation of the \fBfieldattrspecs\fR proceed in the listed order.
1008 1008 However, evaluation may be done in parallel for multiple \fBfieldattrspecs\fR.
1009 1009 If there is an error when evaluating a certain \fBfieldattrspec\fR, including
1010 1010 retrieval or assignment of entry or field values, the extent to which the other
1011 1011 \fBfieldattrspec\fR rules are evaluated is unspecified.
1012 1012 .SS "Wildcards"
1013 1013 .LP
1014 1014 Where wildcard support is available, it is of the following limited form:
1015 1015 .sp
1016 1016 .ne 2
1017 1017 .na
1018 1018 \fB\fB*\fR\fR
1019 1019 .ad
1020 1020 .RS 9n
1021 1021 Matches any number of characters
1022 1022 .RE
1023 1023
1024 1024 .sp
1025 1025 .ne 2
1026 1026 .na
1027 1027 \fB\fB[x]\fR\fR
1028 1028 .ad
1029 1029 .RS 9n
1030 1030 Matches the character x
1031 1031 .RE
1032 1032
1033 1033 .sp
1034 1034 .ne 2
1035 1035 .na
1036 1036 \fB\fB[x-y]\fR\fR
1037 1037 .ad
1038 1038 .RS 9n
1039 1039 Matches any character in the range x to y, inclusive
1040 1040 .RE
1041 1041
1042 1042 .sp
1043 1043 .LP
1044 1044 Combinations such as \fB[a-cA-C0123]\fR are also allowed, which would match any
1045 1045 one of a, b, c, A, B, C, 0, 1, 2, or 3.
1046 1046 .SS "Substring Extraction"
1047 1047 .in +2
1048 1048 .nf
1049 1049 substringextract = "(" namespec "," matchspec ")"
1050 1050 name = field or attribute name
1051 1051 matchspec =
1052 1052 .fi
1053 1053 .in -2
1054 1054
1055 1055 .sp
1056 1056 .LP
1057 1057 The \fBmatchspec\fR is a string like the \fBsscanf\fR(3C) format string, except
1058 1058 that there may be at most one format specifier, a single \fB%s\fR. The output
1059 1059 value of the \fBsubstringextract\fR is the substring that matches the location
1060 1060 of the \fB%s\fR.
1061 1061 .sp
1062 1062 .LP
1063 1063 If there is no \fB%s\fR in the formatstring, it must instead be a single
1064 1064 character, which is assumed to be a field separator for the \fBnamespec\fR. The
1065 1065 output values are the field values. Wild cards are supported. If there is no
1066 1066 match, the output value is the empty string, " ".
1067 1067 .sp
1068 1068 .LP
1069 1069 For example, if the \fBfieldcname\fR has the value
1070 1070 \fBuser.some.domain.name.\fR, the value of the expression:
1071 1071 .sp
1072 1072 .in +2
1073 1073 .nf
1074 1074 (cname, "%s.*")
1075 1075 .fi
1076 1076 .in -2
1077 1077
1078 1078 .sp
1079 1079 .LP
1080 1080 is \fBuser\fR, which can be used to extract the user name from a NIS principal
1081 1081 name.
1082 1082 .sp
1083 1083 .LP
1084 1084 Similarly, use this expression to extract the third of the colon-separated
1085 1085 fields of the shadow field:
1086 1086 .sp
1087 1087 .in +2
1088 1088 .nf
1089 1089 (shadow, "*:*:%s:*")
1090 1090 .fi
1091 1091 .in -2
1092 1092
1093 1093 .sp
1094 1094 .LP
1095 1095 This form can be used to extract all of the shadow fields. However, a simpler
1096 1096 way to specify that special case is:
1097 1097 .sp
1098 1098 .in +2
1099 1099 .nf
1100 1100 (shadow, ":")
1101 1101 .fi
1102 1102 .in -2
1103 1103
1104 1104 .SS "Values"
1105 1105 .in +2
1106 1106 .nf
1107 1107 lval = "(" formatspec "," namespec *("," namespec) ")"
1108 1108 rval = "(" formatspec ["," namelist ["," elide] ] ")"
1109 1109
1110 1110 namelist = name_or_sse *( "," name_or_sse)
1111 1111 name_or_sse = namespec | removespec | substringextract
1112 1112 removespec = list_or_name "-" namespec
1113 1113 list_or_name = "(" namespec ")" | namespec
1114 1114 formatspec =
1115 1115 formatstring = A string combining text and % field specifications
1116 1116 elide =
1117 1117 singlechar = Any character
1118 1118 .fi
1119 1119 .in -2
1120 1120
1121 1121 .sp
1122 1122 .LP
1123 1123 The syntax above is used to produce \fBrval\fR values that incorporate field or
1124 1124 attribute values, in a manner like \fBsprintf\fR(3C), or to perform assignments
1125 1125 to \fBlval\fR like \fBsscanf\fR(3C). One important restriction is that the
1126 1126 format specifications,\fB%\fR plus a single character, use the designations
1127 1127 from \fBber_printf\fR(3LDAP). Thus, while \fB%s\fR is used to extract a string
1128 1128 value, \fB%i\fR causes BER conversion from an integer. Formats other than
1129 1129 \fB%s\fR, for instance, \fB%i\fR, are only meaningfully defined in simple
1130 1130 format strings without any other text.
1131 1131 .sp
1132 1132 .LP
1133 1133 The following \fBber_printf()\fR format characters are recognized:
1134 1134 .sp
1135 1135 .in +2
1136 1136 .nf
1137 1137 b i n o s
1138 1138 .fi
1139 1139 .in -2
1140 1140
1141 1141 .sp
1142 1142 .LP
1143 1143 If there are too few format specifiers, the format string may be repeated as
1144 1144 needed.
1145 1145 .sp
1146 1146 .LP
1147 1147 When used as an \fBlval\fR, there is a combination of pattern matching and
1148 1148 assignment, possibly to multiple fields or attributes.
1149 1149 .sp
1150 1150 .LP
1151 1151 In an assignment to an attribute, if the value of the \fBaddr\fR field is
1152 1152 \fB1.2.3.4\fR, the \fBrval\fR:
1153 1153 .sp
1154 1154 .in +2
1155 1155 .nf
1156 1156 ("ipNetworkNumber=%s,", addr)
1157 1157 .fi
1158 1158 .in -2
1159 1159
1160 1160 .sp
1161 1161 .LP
1162 1162 produces the value \fBipNetworkNumber=1.2.3.4,\fR, while:
1163 1163 .sp
1164 1164 .in +2
1165 1165 .nf
1166 1166 ("(%s,%s,%s)", host, user, domain)
1167 1167 .fi
1168 1168 .in -2
1169 1169
1170 1170 .sp
1171 1171 .LP
1172 1172 results in:
1173 1173 .sp
1174 1174 .in +2
1175 1175 .nf
1176 1176 (assuming host="xyzzy", user="-", domain="x.y.z")
1177 1177 "(xyzzy,-,x.y.z)"
1178 1178 .fi
1179 1179 .in -2
1180 1180
1181 1181 .sp
1182 1182 .LP
1183 1183 The elide character feature is used with attribute lists. So:
1184 1184 .sp
1185 1185 .in +2
1186 1186 .nf
1187 1187 ("%s,", (mgrprfc822mailmember), ",")
1188 1188 .fi
1189 1189 .in -2
1190 1190
1191 1191 .sp
1192 1192 .LP
1193 1193 concatenates all \fBmgrprfc822mailmember\fR values into one comma-separated
1194 1194 string, and then elides the final trailing comma. Thus, for
1195 1195 .sp
1196 1196 .in +2
1197 1197 .nf
1198 1198 mgrprfc822mailmember=usera
1199 1199 mgrprfc822mailmember=userb
1200 1200 mgrprfc822mailmember=userc
1201 1201 .fi
1202 1202 .in -2
1203 1203
1204 1204 .sp
1205 1205 .LP
1206 1206 the value would be:
1207 1207 .sp
1208 1208 .in +2
1209 1209 .nf
1210 1210 usera,userb,userc
1211 1211 .fi
1212 1212 .in -2
1213 1213
1214 1214 .sp
1215 1215 .LP
1216 1216 As a special case, to combine an \fBLHS\fR extraction with an \fBRHS\fR
1217 1217 implicit list creates multiple entries and values. So
1218 1218 .sp
1219 1219 .in +2
1220 1220 .nf
1221 1221 ("(%s,%s,%s)", host, user, domain)=(nisNetgroupTriple)
1222 1222 .fi
1223 1223 .in -2
1224 1224
1225 1225 .sp
1226 1226 .LP
1227 1227 creates one NIS entry for each \fBnisNetgroupTriple\fR value.
1228 1228 .sp
1229 1229 .LP
1230 1230 The \fB\&'removespec'\fR form is used to exclude previously assigned fields
1231 1231 values from a list. So, if an LDAP entry contains:
1232 1232 .sp
1233 1233 .in +2
1234 1234 .nf
1235 1235 name: foo
1236 1236 cn: foo
1237 1237 cn: foo1
1238 1238 cn: foo2
1239 1239 .fi
1240 1240 .in -2
1241 1241
1242 1242 .sp
1243 1243 .LP
1244 1244 and the mapping file specifies :
1245 1245 .sp
1246 1246 .in +2
1247 1247 .nf
1248 1248 myName = name, \e
1249 1249 myAliases = ("%s ", (cn) - yp:myName, " ")
1250 1250 .fi
1251 1251 .in -2
1252 1252
1253 1253 .sp
1254 1254 .LP
1255 1255 then the following assignments are carried out:
1256 1256 .RS +4
1257 1257 .TP
1258 1258 1.
1259 1259 Assign value \fBfoo\fR to \fBmyName\fR
1260 1260 .RE
1261 1261 .RS +4
1262 1262 .TP
1263 1263 2.
1264 1264 Assign value \fBfoo foo1 foo2\fR to \fBmyAliases\fR
1265 1265 .RE
1266 1266 .RS +4
1267 1267 .TP
1268 1268 3.
1269 1269 Remove value of \fBmyName\fR from value \fBmyAliases\fR
1270 1270 .RE
1271 1271 .sp
1272 1272 .LP
1273 1273 This results in the field values \fBmyName\fR is set to \fBfoo\fR, and
1274 1274 \fBmyAliases\fR is set to \fBfoo1 foo2\fR.
1275 1275 .SS "Assignments"
1276 1276 .LP
1277 1277 The assignment syntax, also found at Field and Attribute Conversion Syntax, is
1278 1278 as follows:
1279 1279 .sp
1280 1280 .in +2
1281 1281 .nf
1282 1282 fieldattrspec = lhs "=" rhs
1283 1283 lhs = lval | namespeclist
1284 1284 rhs = rval | namespec
1285 1285 namespeclist = namespec | "(" namespec *("," namespec) ")"
1286 1286 .fi
1287 1287 .in -2
1288 1288
1289 1289 .sp
1290 1290 .LP
1291 1291 The general form of a simple assignment, which is a one-to-one mapping of field
1292 1292 to attribute, is:
1293 1293 .sp
1294 1294 .in +2
1295 1295 .nf
1296 1296 ("%s", fieldname)=("%s", attrname)
1297 1297 .fi
1298 1298 .in -2
1299 1299
1300 1300 .sp
1301 1301 .LP
1302 1302 As a convenient shorthand, this can also be written as:
1303 1303 .sp
1304 1304 .in +2
1305 1305 .nf
1306 1306 fieldname=attrname
1307 1307 .fi
1308 1308 .in -2
1309 1309
1310 1310 .sp
1311 1311 .LP
1312 1312 A list specification, which is a name enclosed in parenthesis, can be used to
1313 1313 make many-to-many assignments. The expression:
1314 1314 .sp
1315 1315 .in +2
1316 1316 .nf
1317 1317 (fieldname)=(attrname)
1318 1318 .fi
1319 1319 .in -2
1320 1320
1321 1321 .sp
1322 1322 .LP
1323 1323 where there are multiple instances of \fBattrname\fR, creates one NIS entry for
1324 1324 each such instance, differentiated by their \fBfieldname\fR values. The
1325 1325 following combinations of lists are allowed, but they are not particularly
1326 1326 useful:
1327 1327 .sp
1328 1328 .ne 2
1329 1329 .na
1330 1330 \fB\fB(attrname)=(fieldname)\fR\fR
1331 1331 .ad
1332 1332 .RS 26n
1333 1333 Equivalent to \fBattrname=fieldname\fR
1334 1334 .RE
1335 1335
1336 1336 .sp
1337 1337 .ne 2
1338 1338 .na
1339 1339 \fB\fBattrname=(fieldname)\fR\fR
1340 1340 .ad
1341 1341 .RS 26n
1342 1342 Equivalent to \fBattrname=fieldname\fR
1343 1343 .RE
1344 1344
1345 1345 .sp
1346 1346 .ne 2
1347 1347 .na
1348 1348 \fB\fB(fieldname)=attrname\fR\fR
1349 1349 .ad
1350 1350 .RS 26n
1351 1351 Equivalent to \fBfieldname=attrname\fR
1352 1352 .RE
1353 1353
1354 1354 .sp
1355 1355 .ne 2
1356 1356 .na
1357 1357 \fB\fBfieldname=(attrname)\fR\fR
1358 1358 .ad
1359 1359 .RS 26n
1360 1360 Equivalent to \fBfieldname=attrname\fR
1361 1361 .RE
1362 1362
1363 1363 .sp
1364 1364 .LP
1365 1365 If a multi-valued \fBRHS\fR is assigned to a single-valued \fBLHS\fR, the
1366 1366 \fBLHS\fR value will be the first of the \fBRHS\fR values. If the \fBRHS\fR is
1367 1367 an attribute list, the first attribute is the first one returned by the LDAP
1368 1368 server when queried. Otherwise, the definition of "first"is implementation
1369 1369 dependent.
1370 1370 .sp
1371 1371 .LP
1372 1372 Finally, the \fBLHS\fR can be an explicit list of fields or attributes, such
1373 1373 as:
1374 1374 .sp
1375 1375 .in +2
1376 1376 .nf
1377 1377 (name1,name2,name3)
1378 1378 .fi
1379 1379 .in -2
1380 1380
1381 1381 .sp
1382 1382 .LP
1383 1383 If the \fBRHS\fR is single-valued, this assigns the \fBRHS\fR value to all
1384 1384 entities in the list. If the \fBRHS\fR is multi-valued, the first value is
1385 1385 assigned to the first entity of the list, the second value to the second
1386 1386 entity, and so on. Excess values or entities are silently ignored.
1387 1387 .SH EXAMPLES
1388 1388 .LP
1389 1389 \fBExample 1 \fRAssigning an Attribute Value to a Field
1390 1390 .sp
1391 1391 .LP
1392 1392 The following example illustrates how to assign the value of the
1393 1393 \fBipHostNumber\fR attribute to the \fBaddr\fR field
1394 1394
1395 1395 .sp
1396 1396 .in +2
1397 1397 .nf
1398 1398 addr=ipHostNumber
1399 1399 .fi
1400 1400 .in -2
1401 1401
1402 1402 .LP
1403 1403 \fBExample 2 \fRCreating Multiple NIS Entries from Multi-Valued LDAP Attributes
1404 1404 .sp
1405 1405 .LP
1406 1406 An LDAP entry with:
1407 1407
1408 1408 .sp
1409 1409 .in +2
1410 1410 .nf
1411 1411 cn=name1
1412 1412 cn=name2
1413 1413 cn=name3
1414 1414 .fi
1415 1415 .in -2
1416 1416
1417 1417 .sp
1418 1418 .LP
1419 1419 and the following assignments:
1420 1420
1421 1421 .sp
1422 1422 .in +2
1423 1423 .nf
1424 1424 cname=cn
1425 1425 (name)=(cn)
1426 1426 .fi
1427 1427 .in -2
1428 1428
1429 1429 .sp
1430 1430 .LP
1431 1431 creates three NIS entries. Other attributes and fields are omitted for clarity.
1432 1432
1433 1433 .sp
1434 1434 .in +2
1435 1435 .nf
1436 1436 cname=name1, name=name1
1437 1437 cname=name1, name=name2
1438 1438 cname=name1, name=name3
1439 1439 .fi
1440 1440 .in -2
1441 1441
1442 1442 .LP
1443 1443 \fBExample 3 \fRAssigning String Constants
1444 1444 .sp
1445 1445 .LP
1446 1446 The following expression sets the \fBpasswd\fR field to x:
1447 1447
1448 1448 .sp
1449 1449 .in +2
1450 1450 .nf
1451 1451 passwd=("x")
1452 1452 .fi
1453 1453 .in -2
1454 1454
1455 1455 .LP
1456 1456 \fBExample 4 \fRSplitting Field Values to Multi-Valued Attributes
1457 1457 .sp
1458 1458 .LP
1459 1459 The \fBexpansion\fR field contains a comma-separated list of alias member
1460 1460 names. In the following example, the expression assigns each member name to an
1461 1461 instance of \fBmgrprfc822mailmember\fR:
1462 1462
1463 1463 .sp
1464 1464 .in +2
1465 1465 .nf
1466 1466 (mgrprfc822mailmember)=(expansion, ",")
1467 1467 .fi
1468 1468 .in -2
1469 1469
1470 1470 .SH FILES
1471 1471 .ne 2
1472 1472 .na
1473 1473 \fB\fB/var/yp/NISLDAPmapping\fR\fR
1474 1474 .ad
1475 1475 .RS 26n
1476 1476 Mapping file used by the NIS server components
1477 1477 .RE
1478 1478
1479 1479 .SH ATTRIBUTES
1480 1480 .LP
1481 1481 See \fBattributes\fR(5) for descriptions of the following attributes:
1482 1482 .sp
1483 1483
1484 1484 .sp
1485 1485 .TS
1486 1486 box;
1487 1487 c | c
1488 1488 l | l .
1489 1489 ATTRIBUTE TYPE ATTRIBUTE VALUE
1490 1490 _
1491 1491 Interface Stability Obsolete
1492 1492 .TE
1493 1493
1494 1494 .SH SEE ALSO
1495 1495 .LP
1496 1496 \fBinityp2l\fR(1M), \fBmakedbm\fR(1M), \fBypserv\fR(1M),
1497 1497 \fBber_printf\fR(3LDAP), \fBsprintf\fR(3C), \fBsscanf\fR(3C),
1498 1498 \fBypserv\fR(4), \fBattributes\fR(5)
1499 1499 .sp
1500 1500 .LP
1501 1501 \fISystem Administration Guide: Naming and Directory Services (DNS, NIS, and
1502 1502 LDAP)\fR
|
↓ open down ↓ |
892 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX