NIS+LDAPmapping.template revision 7c478bd95313f5f23a4c958a745db2134aa03244
#pragma ident "%Z%%M% %I% %E% SMI"
#
# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Configuration file for NIS+ to LDAP mapping, used by the rpc.nisd.
# See NIS+LDAPmapping(4) for more information; see rpc.nisd(4) for
# additional attributes controlling general rpc.nisd operation,
# LDAP server(s), LDAP authentication method, etc.
#################################################################
# nisplusLDAPdatabaseIdMapping
#
# The nisplusLDAPdatabaseIdMapping attribute values establish a
# connection between a NIS+ object and a database id label used
# for identification in other mapping attributes.
#################################################################
# Standard NIS+ directories
nisplusLDAPdatabaseIdMapping basedir:
nisplusLDAPdatabaseIdMapping orgdir:org_dir
nisplusLDAPdatabaseIdMapping groupsdir:groups_dir
# Standard NIS+ groups.
nisplusLDAPdatabaseIdMapping admin:admin.groups_dir
# Add other NIS+ directory, group, or link objects here, if any.
# Standard NIS+ table objects (for the table objects themselves;
# the table entries are handled in the next section).
nisplusLDAPdatabaseIdMapping passwd_table:passwd.org_dir
nisplusLDAPdatabaseIdMapping group_table:group.org_dir
nisplusLDAPdatabaseIdMapping auto_master_table:auto_master.org_dir
nisplusLDAPdatabaseIdMapping auto_home_table:auto_home.org_dir
nisplusLDAPdatabaseIdMapping bootparams_table:bootparams.org_dir
nisplusLDAPdatabaseIdMapping ethers_table:ethers.org_dir
nisplusLDAPdatabaseIdMapping hosts_table:hosts.org_dir
nisplusLDAPdatabaseIdMapping ipnodes_table:ipnodes.org_dir
nisplusLDAPdatabaseIdMapping cred_table:cred.org_dir
nisplusLDAPdatabaseIdMapping aliases_table:mail_aliases.org_dir
nisplusLDAPdatabaseIdMapping netgroup_table:netgroup.org_dir
nisplusLDAPdatabaseIdMapping networks_table:networks.org_dir
nisplusLDAPdatabaseIdMapping netmasks_table:netmasks.org_dir
nisplusLDAPdatabaseIdMapping protocols_table:protocols.org_dir
nisplusLDAPdatabaseIdMapping rpc_table:rpc.org_dir
nisplusLDAPdatabaseIdMapping services_table:services.org_dir
nisplusLDAPdatabaseIdMapping auth_attr_table:auth_attr.org_dir
nisplusLDAPdatabaseIdMapping exec_attr_table:exec_attr.org_dir
nisplusLDAPdatabaseIdMapping prof_attr_table:prof_attr.org_dir
nisplusLDAPdatabaseIdMapping user_attr_table:user_attr.org_dir
nisplusLDAPdatabaseIdMapping audit_user_table:audit_user.org_dir
# Add other NIS+ table objects here, if any
# Standard NIS+ table entries
nisplusLDAPdatabaseIdMapping passwd:passwd.org_dir
nisplusLDAPdatabaseIdMapping group:group.org_dir
nisplusLDAPdatabaseIdMapping auto_master:auto_master.org_dir
nisplusLDAPdatabaseIdMapping auto_home:auto_home.org_dir
nisplusLDAPdatabaseIdMapping bootparams:bootparams.org_dir
nisplusLDAPdatabaseIdMapping ethers:ethers.org_dir
nisplusLDAPdatabaseIdMapping hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"]\
hosts.org_dir
nisplusLDAPdatabaseIdMapping ipnodes:[addr="*:*"]ipnodes.org_dir
# The 'cred' table entries map to different containers, depending on the data.
nisplusLDAPdatabaseIdMapping credlocal:[auth_type=LOCAL]cred.org_dir
nisplusLDAPdatabaseIdMapping creduser:[auth_type="D*", \
auth_name="unix.[0-9]*"]cred.org_dir
nisplusLDAPdatabaseIdMapping crednode:[auth_type="D*", \
auth_name="unix.[a-z]*"]cred.org_dir
nisplusLDAPdatabaseIdMapping aliases:mail_aliases.org_dir
nisplusLDAPdatabaseIdMapping netgroup:netgroup.org_dir
nisplusLDAPdatabaseIdMapping networks:networks.org_dir
nisplusLDAPdatabaseIdMapping netmasks:netmasks.org_dir
nisplusLDAPdatabaseIdMapping protocols:protocols.org_dir
nisplusLDAPdatabaseIdMapping rpc:rpc.org_dir
nisplusLDAPdatabaseIdMapping services:services.org_dir
nisplusLDAPdatabaseIdMapping auth_attr:auth_attr.org_dir
nisplusLDAPdatabaseIdMapping exec_attr:exec_attr.org_dir
nisplusLDAPdatabaseIdMapping prof_attr:prof_attr.org_dir
nisplusLDAPdatabaseIdMapping user_attr:user_attr.org_dir
nisplusLDAPdatabaseIdMapping audit_user:audit_user.org_dir
# Add other NIS+ table entry mappings here, if any
#################################################################
# nisplusLDAPentryTtl
#
# Set TTLs for mapped objects, using the database id labels from
# the nisplusLDAPdatabaseIdMapping attribute values above to
# indicate the object to which the TTLs pertain.
#################################################################
# Standard NIS+ directories
nisplusLDAPentryTtl basedir:21600:43200:43200
nisplusLDAPentryTtl orgdir:21600:43200:43200
nisplusLDAPentryTtl groupsdir:21600:43200:43200
nisplusLDAPentryTtl admin:21600:43200:43200
# Standard NIS+ tables
nisplusLDAPentryTtl passwd_table:21600:43200:43200
nisplusLDAPentryTtl group_table:21600:43200:43200
nisplusLDAPentryTtl auto_master_table:21600:43200:43200
nisplusLDAPentryTtl auto_home_table:21600:43200:43200
nisplusLDAPentryTtl bootparams_table:21600:43200:43200
nisplusLDAPentryTtl ethers_table:21600:43200:43200
nisplusLDAPentryTtl hosts_table:21600:43200:43200
nisplusLDAPentryTtl ipnodes_table:21600:43200:43200
nisplusLDAPentryTtl cred_table:21600:43200:43200
nisplusLDAPentryTtl aliases_table:21600:43200:43200
nisplusLDAPentryTtl netgroup_table:21600:43200:43200
nisplusLDAPentryTtl networks_table:21600:43200:43200
nisplusLDAPentryTtl netmasks_table:21600:43200:43200
nisplusLDAPentryTtl protocols_table:21600:43200:43200
nisplusLDAPentryTtl rpc_table:21600:43200:43200
nisplusLDAPentryTtl services_table:21600:43200:43200
nisplusLDAPentryTtl auth_attr_table:21600:43200:43200
nisplusLDAPentryTtl exec_attr_table:21600:43200:43200
nisplusLDAPentryTtl prof_attr_table:21600:43200:43200
nisplusLDAPentryTtl user_attr_table:21600:43200:43200
nisplusLDAPentryTtl audit_user_table:21600:43200:43200
# Standard NIS+ table entries
#nisplusLDAPentryTtl passwd:1800:3600:3600
#nisplusLDAPentryTtl group:1800:3600:3600
#nisplusLDAPentryTtl auto_master:1800:3600:3600
#nisplusLDAPentryTtl auto_home:1800:3600:3600
#nisplusLDAPentryTtl bootparams:1800:3600:3600
#nisplusLDAPentryTtl ethers:1800:3600:3600
#nisplusLDAPentryTtl hosts:1800:3600:3600
#nisplusLDAPentryTtl ipnodes:1800:3600:3600
#nisplusLDAPentryTtl credlocal:1800:3600:3600
#nisplusLDAPentryTtl creduser:1800:3600:3600
#nisplusLDAPentryTtl crednode:1800:3600:3600
#nisplusLDAPentryTtl aliases:1800:3600:3600
#nisplusLDAPentryTtl netgroup:1800:3600:3600
#nisplusLDAPentryTtl networks:1800:3600:3600
#nisplusLDAPentryTtl netmasks:1800:3600:3600
#nisplusLDAPentryTtl protocols:1800:3600:3600
#nisplusLDAPentryTtl rpc:1800:3600:3600
#nisplusLDAPentryTtl services:1800:3600:3600
#nisplusLDAPentryTtl auth_attr:1800:3600:3600
#nisplusLDAPentryTtl exec_attr:1800:3600:3600
#nisplusLDAPentryTtl prof_attr:1800:3600:3600
#nisplusLDAPentryTtl user_attr:1800:3600:3600
#nisplusLDAPentryTtl audit_user:1800:3600:3600
#################################################################
# nisplusLDAPobjectDN
#
# The nisplusLDAPobjectDN attribute values establish the place in
# the LDAP directory information tree where the data for mapped
# NIS+ objects reside. The NIS+ objects are identified by the
# database id labels from the nisplusLDAPdatabaseIdMapping values
# above.
#
# Before using these attribute values, make sure that the LDAP
# server(s) recognize the RFC 2307 attributes and object classes.
# Also, the nisplusObject attribute and nisplusObjectContainer
# object class must be known to the LDAP server(s) in order to
# store NIS+ objects other than NIS+ table entries in LDAP.
# See the Getting Started section on NIS+LDAPmapping(4) for
# more information.
#################################################################
# Standard NIS+ directories
nisplusLDAPobjectDN basedir:cn=basedir,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=basedir,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN orgdir:cn=orgdir,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=orgdir,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN groupsdir:cn=groupsdir,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=groupsdir,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN admin:cn=admin,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=admin,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
# Standard NIS+ tables
nisplusLDAPobjectDN passwd_table:cn=passwd,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=passwd,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN group_table:cn=group,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=group,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN auto_master_table:cn=auto_master,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=auto_master,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN auto_home_table:cn=auto_home,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=auto_home,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN bootparams_table:cn=bootparams,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=bootparams,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN ethers_table:cn=ethers,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=ethers,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN hosts_table:cn=hosts,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=hosts,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN ipnodes_table:cn=ipnodes,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=ipnodes,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN cred_table:cn=cred,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=cred,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN aliases_table:cn=aliases,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=aliases,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN netgroup_table:cn=netgroup,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=netgroup,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN networks_table:cn=networks,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=networks,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN netmasks_table:cn=netmasks,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=netmasks,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN protocols_table:cn=protocols,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=protocols,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN rpc_table:cn=rpc,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=rpc,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN services_table:cn=services,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=services,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN auth_attr_table:cn=auth_attr,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=auth_attr,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN exec_attr_table:cn=exec_attr,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=exec_attr,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN prof_attr_table:cn=prof_attr,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=prof_attr,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN user_attr_table:cn=user_attr,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=user_attr,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
nisplusLDAPobjectDN audit_user_table:cn=audit_user,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer:\
cn=audit_user,ou=nisPlus,?base?\
objectClass=nisplusObjectContainer,\
objectClass=top
# Standard NIS+ table entries
# If storing table entry owner, group, access, and/or TTL in LDAP,
# the write-portion of the nisplusLDAPobjectDN needs the following
# additional object class specification:
# objectClass=nisplusEntryData
nisplusLDAPobjectDN passwd:ou=People,?one?objectClass=shadowAccount,\
objectClass=posixAccount:\
ou=People,?one?objectClass=shadowAccount,\
objectClass=posixAccount,\
objectClass=account,objectClass=top
nisplusLDAPobjectDN group:ou=Group,?one?objectClass=posixGroup:\
ou=Group,?one?objectClass=posixGroup,\
objectClass=top
#
# For backward compatibility with Solaris 8 LDAP Naming Services,
# use these entries instead of using automountMapName:
#
#nisplusLDAPobjectDN auto_master:nismapname=auto_master,\
# ?one?objectClass=nisObject:\
# nismapname=auto_master,\
# ?one?objectClass=nisObject,\
# objectClass=top
#nisplusLDAPobjectDN auto_home:nismapname=auto_home,\
# ?one?objectClass=nisObject:\
# nismapname=auto_home,\
# ?one?objectClass=nisObject,\
# objectClass=top
nisplusLDAPobjectDN auto_master:automountmapname=auto_master,\
?one?objectClass=automount:\
automountmapname=auto_master,\
?one?objectClass=automount,\
objectClass=top
nisplusLDAPobjectDN auto_home:automountmapname=auto_home,\
?one?objectClass=automount:\
automountmapname=auto_home,\
?one?objectClass=automount,\
objectClass=top
nisplusLDAPobjectDN bootparams:ou=Ethers,?one?objectClass=bootableDevice,\
bootParameter=*:\
ou=Ethers,?one?objectClass=bootableDevice,\
objectClass=device,\
objectClass=top:\
dbid=bootparams_del
nisplusLDAPobjectDN ethers:ou=Ethers,?one?objectClass=ieee802Device,\
macAddress=*:\
ou=Ethers,?one?objectClass=ieee802Device,\
objectClass=device,\
objectClass=top:\
dbid=ethers_del
nisplusLDAPobjectDN hosts:ou=Hosts,?one?objectClass=ipHost:\
ou=Hosts,?one?objectClass=ipHost,\
objectClass=device,objectClass=top
nisplusLDAPobjectDN ipnodes:ou=Hosts,?one?objectClass=ipHost:\
ou=Hosts,?one?objectClass=ipHost,\
objectClass=device,objectClass=top
# Unless you have enabled nisplusPrincipalName in the ou=People container,
# the credlocal entries will be precisely those that have the nisKeyObject
# object class, so it's unnecessary to write credlocal entries to LDAP.
# If nisplusPrincipalName is enabled, you can add a write specification
# to the credlocal nisplusLDAPobjectDN:
#nisplusLDAPobjectDN credlocal:ou=People,?one?objectClass=nisKeyObject:\
# ou=People,?one?objectClass=nisKeyObject,\
# objectClass=nisplusAuthName
nisplusLDAPobjectDN credlocal:ou=People,?one?objectClass=nisKeyObject
# If nisplusPrincipalName/nisplusNetname are enabled, the write specifications
# for 'creduser' and 'crednode' should inlcude the nisplusAuthName object
# class. Replace the write-portion with:
# ou=People,?one?objectClass=nisKeyObject,\
# objectClass=nisplusAuthName
nisplusLDAPobjectDN creduser:ou=People,?one?objectClass=nisKeyObject:\
ou=People,?one?objectClass=nisKeyObject
nisplusLDAPobjectDN crednode:ou=Hosts,?one?objectClass=nisKeyObject:\
ou=Hosts,?one?objectClass=nisKeyObject
nisplusLDAPobjectDN aliases:ou=Aliases,?one?objectClass=mailGroup:\
ou=Aliases,?one?objectClass=mailGroup,\
objectClass=top
nisplusLDAPobjectDN netgroup:ou=Netgroup,?one?objectClass=nisNetgroup:\
ou=Netgroup,?one?objectClass=nisNetgroup,\
objectClass=top
nisplusLDAPobjectDN networks:ou=Networks,?one?objectClass=ipNetwork:\
ou=Networks,?one?objectClass=ipNetwork,\
objectClass=top
nisplusLDAPobjectDN netmasks:ou=Networks,?one?objectClass=ipNetwork,\
ipNetMaskNumber=*:\
ou=Networks,?one?objectClass=ipNetwork:\
dbid=netmasks_del
nisplusLDAPobjectDN protocols:ou=Protocols,?one?objectClass=ipProtocol:\
ou=Protocols,?one?objectClass=ipProtocol,\
objectClass=top
nisplusLDAPobjectDN rpc:ou=Rpc,?one?objectClass=oncRpc:\
ou=Rpc,?one?objectClass=oncRpc,objectClass=top
nisplusLDAPobjectDN services:ou=Services,?one?objectClass=ipService:\
ou=Services,?one?objectClass=ipService,\
objectClass=top
nisplusLDAPobjectDN auth_attr:\
ou=SolarisAuthAttr,?one?objectClass=SolarisAuthAttr:\
ou=SolarisAuthAttr,?one?objectClass=SolarisAuthAttr,\
objectClass=top
nisplusLDAPobjectDN exec_attr:\
ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
SolarisKernelSecurityPolicy=*:\
ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
objectClass=SolarisProfAttr,\
objectClass=top
nisplusLDAPobjectDN prof_attr:\
ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
SolarisAttrLongDesc=*:\
ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
objectClass=SolarisExecAttr,\
objectClass=top
nisplusLDAPobjectDN user_attr:ou=People,?one?objectClass=SolarisUserAttr,\
solarisAttrKeyValue=*:\
ou=People,?one?objectClass=SolarisUserAttr:\
dbid=user_attr_del
nisplusLDAPobjectDN audit_user:ou=People,?one?objectClass=SolarisAuditUser,\
SolarisAuditAlways=*,\
SolarisAuditNever=*:\
ou=People,?one?objectClass=SolarisAuditUser:\
dbid=audit_user_del
#################################################################
# nisplusLDAPattributeFromColumn
#
# The nisplusLDAPattributeFromColumn values establish the mapping
# of LDAP container entries to NIS+ table columns.
#
# Before using, make sure that the LDAP server(s) understand the
# RFC 2307 attributes and object classes.
# See the Getting Started section on NIS+LDAPmapping(4) for
# more information.
#################################################################
# Standard NIS+ table entries
nisplusLDAPattributeFromColumn \
passwd: dn=("uid=%s,", name), \
cn=name, \
uid=name, \
userPassword=("{crypt}%s", passwd), \
uidNumber=uid, \
gidNumber=gid, \
gecos=gcos, \
homeDirectory=home, \
loginShell=shell, \
(shadowLastChange,shadowMin,shadowMax, \
shadowWarning, shadowInactive,shadowExpire)=\
(shadow, ":")
# If owner/group/access information for NIS+ passwd entries should be
# stored in LDAP, make sure the LDAP server knows about the nisplusEntryData
# object class, add it to the write portion of the nisplusLDAPobjectDN for
# passwd, and enable the lines below.
# nisplusEntryOwner=zo_owner, \
# nisplusEntryGroup=zo_group, \
# nisplusEntryAccess=zo_access
nisplusLDAPattributeFromColumn \
group: dn=("cn=%s,", name), \
cn=name, \
userPassword=("{crypt}%s", passwd), \
gidNumber=gid, \
(memberUid)=(members, ",")
#
# For backward compatibility with Solaris 8 LDAP Naming Services,
# use these entries instead of using automountMapName:
#
#nisplusLDAPattributeFromColumn \
# auto_master: dn=("cn=%s,", key), \
# cn=key, \
# nismapentry=value, \
# nismapname=("auto_master")
#nisplusLDAPattributeFromColumn \
# auto_home: dn=("cn=%s,", key), \
# cn=key, \
# nismapentry=value, \
# nismapname=("auto_home")
nisplusLDAPattributeFromColumn \
auto_master: dn=("automountKey=%s,", key), \
automountKey=key, \
automountInformation=value
nisplusLDAPattributeFromColumn \
auto_home: dn=("automountKey=%s,", key), \
automountKey=key, \
automountInformation=value
nisplusLDAPattributeFromColumn \
bootparams: dn=("cn=%s,", key), \
cn=key, \
(bootParameter)=(value, " ")
nisplusLDAPattributeFromColumn \
bootparams_del: dn=("cn=%s,", key), \
bootParameter=
nisplusLDAPattributeFromColumn \
ethers: dn=("cn=%s,", name), \
macAddress=addr, \
cn=name
nisplusLDAPattributeFromColumn \
ethers_del: dn=("cn=%s,", name), \
macAddress=
nisplusLDAPattributeFromColumn \
hosts: dn=("cn=%s+ipHostNumber=%s,", cname, addr), \
cn=cname, \
cn=name, \
ipHostNumber=addr, \
description=comment
nisplusLDAPattributeFromColumn \
ipnodes: dn=("cn=%s+ipHostNumber=%s,", cname, addr), \
cn=cname, \
cn=name, \
ipHostNumber=addr, \
description=comment
# The cred* entries below only support principals in the local domain. In
# order to allow out-of-domain principals, read the Getting Started section
# on NIS+LDAPmapping(4) for information concerning the 'nisplusPrincipalName'
# and 'nisplusNetname' attributes. Once these have been configured for your
# LDAP server, you can replace the cred* entries with the commented ones below.
#nisplusLDAPattributeFromColumn \
# credlocal: dn=("uid=%s,", (cname, "%s.*")), \
# nisplusPrincipalName=cname, \
# uidNumber=auth_name, \
# gidNumber=public_data, \
# nisplusEntryOwner=zo_owner, \
# nisplusEntryGroup=zo_group, \
# nisplusEntryAccess=zo_access
#nisplusLDAPattributeFromColumn \
# creduser: dn=("uid=%s,", (cname, "%s.*")), \
# nisplusPrincipalName=cname, \
# nisplusNetname=auth_name, \
# nisPublicKey=("{%s}%s", \
# auth_type, public_data), \
# nisSecretKey=("{%s}%s", \
# auth_type, private_data), \
# nisplusEntryOwner=zo_owner, \
# nisplusEntryGroup=zo_group, \
# nisplusEntryAccess=zo_access
## The 'dn' setting for 'crednode' requires that there's an ipHostNumber
## available when the credentials are stored.
#nisplusLDAPattributeFromColumn \
# crednode: dn=("cn=%s+ipHostNumber=%s,", \
# (cname, "%s.*"), \
# ldap:ipHostNumber:?one?("cn=%s", (cname, "%s.*"))), \
# nisplusPrincipalName=cname, \
# nisplusNetname=auth_name, \
# nisPublicKey=("{%s}%s", \
# auth_type, public_data), \
# nisSecretKey=("{%s}%s", \
# auth_type, private_data), \
# nisplusEntryOwner=zo_owner, \
# nisplusEntryGroup=zo_group, \
# nisplusEntryAccess=zo_access
nisplusLDAPattributeFromColumn \
credlocal: dn=("uid=%s,", (cname, "%s.*")), \
uidNumber=auth_name, \
gidNumber=public_data
# If owner/group/access information for NIS+ cred LOCAL entries should be
# stored in LDAP, make sure the LDAP server knows about the nisplusEntryData
# object class, add it to the write portion of the nisplusLDAPobjectDN for
# credlocal, and enable the lines below.
# nisplusEntryOwner=zo_owner, \
# nisplusEntryGroup=zo_group, \
# nisplusEntryAccess=zo_access
nisplusLDAPattributeFromColumn \
creduser: dn=("uid=%s,", (cname, "%s.*")), \
nisPublicKey=("{%s}%s", \
auth_type, public_data), \
nisSecretKey=("{%s}%s", \
auth_type, private_data)
# If owner/group/access information for NIS+ cred user entries should be
# stored in LDAP, make sure the LDAP server knows about the nisplusEntryData
# object class, add it to the write portion of the nisplusLDAPobjectDN for
# creduser, and enable the lines below.
# nisplusEntryOwner=zo_owner, \
# nisplusEntryGroup=zo_group, \
# nisplusEntryAccess=zo_access
# The 'dn' setting for 'crednode' requires that there's an ipHostNumber
# available when the credentials are stored.
nisplusLDAPattributeFromColumn \
crednode: dn=("cn=%s+ipHostNumber=%s,", \
(cname, "%s.*"), \
ldap:ipHostNumber:?one?("cn=%s", (cname, "%s.*"))), \
nisPublicKey=("{%s}%s", \
auth_type, public_data), \
nisSecretKey=("{%s}%s", \
auth_type, private_data)
# If owner/group/access information for NIS+ cred node entries should be
# stored in LDAP, make sure the LDAP server knows about the nisplusEntryData
# object class, add it to the write portion of the nisplusLDAPobjectDN for
# crednode, and enable the lines below.
# nisplusEntryOwner=zo_owner, \
# nisplusEntryGroup=zo_group, \
# nisplusEntryAccess=zo_access
nisplusLDAPattributeFromColumn \
aliases: dn=("mail=%s,", alias), \
cn=alias, \
mail=alias, \
(mgrprfc822mailmember)= (expansion, ",")
nisplusLDAPattributeFromColumn \
netgroup: dn=("cn=%s,", name), \
cn=name, \
memberNisNetgroup=group, \
nisNetgroupTriple=("(%s,%s,%s)", \
host, user, domain), \
description=comment
nisplusLDAPattributeFromColumn \
networks: dn=("ipNetworkNumber=%s,", addr), \
cn=cname, \
cn=name, \
ipNetworkNumber=addr, \
description=comment
nisplusLDAPattributeFromColumn \
netmasks: dn=("ipNetworkNumber=%s,", addr), \
ipNetworkNumber=addr, \
ipNetmaskNumber=mask, \
description=comment
# Since netmasks share the ou=Networks container with networks, the default
# is to delete just the ipNetmaskNumber attribute.
nisplusLDAPattributeFromColumn \
netmasks_del: dn=("ipNetworkNumber=%s,", addr), \
ipNetmaskNumber=
nisplusLDAPattributeFromColumn \
protocols: dn=("cn=%s,", cname), \
cn=cname, \
cn=name, \
ipProtocolNumber=number, \
description=comment
nisplusLDAPattributeFromColumn \
rpc: dn=("cn=%s,", cname), \
cn=cname, \
cn=name, \
oncRpcNumber=number, \
description=comment
nisplusLDAPattributeFromColumn \
services: dn=("cn=%s+ipServiceProtocol=%s,",\
cname, proto), \
cn=cname, \
cn=name, \
ipServiceProtocol=proto, \
ipServicePort=port, \
description=comment
nisplusLDAPattributeFromColumn \
auth_attr: dn=("cn=%s,", name), \
cn=name, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrShortDesc=short_desc, \
SolarisAttrLongDesc=long_desc, \
SolarisAttrKeyValue=attr
nisplusLDAPattributeFromColumn \
exec_attr: dn=("cn=%s+SolarisKernelSecurityPolicy=%s+SolarisProfileType=%s+SolarisProfileId=%s,", name, policy, type, id), \
cn=name, \
SolarisKernelSecurityPolicy=policy, \
SolarisProfileType=type, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisProfileId=id, \
SolarisAttrKeyValue=attr
nisplusLDAPattributeFromColumn \
prof_attr: dn=("cn=%s,", name), \
cn=name, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrLongDesc=desc, \
SolarisAttrKeyValue=attr
nisplusLDAPattributeFromColumn \
user_attr: dn=("uid=%s,", name), \
SolarisUserQualifier=qualifier, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrKeyValue=attr
nisplusLDAPattributeFromColumn \
audit_user: dn=("uid=%s,", name), \
SolarisAuditAlways=always, \
SolarisAuditNever=never
# Since user_attr and audit_user share the ou=People container, only delete
# the user_attr/audit_user attributes proper.
nisplusLDAPattributeFromColumn \
user_attr_del: dn=("uid=%s,", name), \
SolarisUserQualifier=, \
SolarisAttrReserved1=, \
SolarisAttrReserved2=, \
SolarisAttrKeyValue=
nisplusLDAPattributeFromColumn \
audit_user_del: dn=("uid=%s,", name), \
SolarisAuditAlways=, \
SolarisAuditNever=
#################################################################
# nisplusLDAPcolumnFromAttribute
#
# The nisplusLDAPcolumnFromAttribute values establish the mapping
# from NIS+ table columns to LDAP container entries.
#
# Before using, make sure that the LDAP server(s) understand the
# RFC 2307 attributes and object classes.
# See the Getting Started section on NIS+LDAPmapping(4) for
# more information.
#################################################################
# Standard NIS+ table entries
nisplusLDAPcolumnFromAttribute \
passwd: name=uid, \
("{crypt}%s", passwd)=userPassword, \
uid=uidNumber, \
gid=gidNumber, \
gcos=gecos, \
home=homeDirectory, \
shell=loginShell, \
shadow=("%s:%s:%s:%s:%s:%s", \
shadowLastChange, \
shadowMin, \
shadowMax, \
shadowWarning, \
shadowInactive, \
shadowExpire)
# If owner/group/access information for NIS+ passwd entries should be
# retrieved from LDAP, make sure the LDAP server knows about the
# nisplusEntryData object class, and enable the lines below.
# zo_owner=nisplusEntryOwner, \
# zo_group=nisplusEntryGroup, \
# zo_access=nisplusEntryAccess
nisplusLDAPcolumnFromAttribute \
group: name=cn, \
("{crypt}%s", passwd)=userPassword, \
gid=gidNumber, \
members=("%s,", (memberUid), ",")
#
# For backward compatibility with Solaris 8 LDAP Naming Services,
# use these entries instead of using automountMapName:
#
#nisplusLDAPcolumnFromAttribute \
# auto_master: key=cn, \
# value=nismapentry
#nisplusLDAPcolumnFromAttribute \
# auto_home: key=cn, \
# value=nismapentry
nisplusLDAPcolumnFromAttribute \
auto_master: key=automountKey, \
value=automountInformation
nisplusLDAPcolumnFromAttribute \
auto_home: key=automountKey, \
value=automountInformation
nisplusLDAPcolumnFromAttribute \
bootparams: key=cn, \
value=("%s ", (bootParameter), " ")
nisplusLDAPcolumnFromAttribute \
ethers: addr=macAddress, \
name=cn
nisplusLDAPcolumnFromAttribute \
hosts: cname=cn, \
(name)=(cn), \
addr=ipHostNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
ipnodes: cname=cn, \
(name)=(cn), \
addr=ipHostNumber, \
comment=description
# The cred* entries below only support principals in the local domain. In
# order to allow out-of-domain principals, read the Getting Started section
# on NIS+LDAPmapping(4) for information concerning the 'nisplusPrincipalName'
# and 'nisplusNetname' attributes. Once these have been configured for your
# LDAP server, you can replace the cred* entries with the commented ones below.
#nisplusLDAPcolumnFromAttribute \
# credlocal: cname=nisplusPrincipalName=cname, \
# auth_type=("LOCAL"), \
# auth_name=uidNumber, \
# public_data=gidNumber, \
# zo_owner=nisplusEntryOwner, \
# zo_group=nisplusEntryGroup, \
# zo_access=nisplusEntryAccess
#nisplusLDAPcolumnFromAttribute \
# creduser: cname=nisplusPrincipalName, \
# auth_name=nisplusNetname, \
# ("{%s}%s", auth_type, public_data)= \
# nisPublicKey, \
# ("{%s}%s", auth_type, private_data)= \
# nisSecretKey, \
# zo_owner=nisplusEntryOwner, \
# zo_group=nisplusEntryGroup, \
# zo_access=nisplusEntryAccess
#nisplusLDAPcolumnFromAttribute \
# crednode: \
# cname=nisplusPrincipalName, \
# auth_name=nisplusNetname, \
# ("{%s}%s", auth_type, public_data)= \
# nisPublicKey, \
# ("{%s}%s", auth_type, private_data)= \
# nisSecretKey, \
# zo_owner=nisplusEntryOwner, \
# zo_group=nisplusEntryGroup, \
# zo_access=nisplusEntryAccess
nisplusLDAPcolumnFromAttribute \
credlocal: cname=("%s.%s", uid, \
(nis+:zo_owner[]cred.org_dir, "*.%s")), \
auth_type=("LOCAL"), \
auth_name=uidNumber, \
public_data=gidNumber
# Enable if owner/group/access information is stored in LDAP,
# and the LDAP server knows about the nisplusEntryData object class.
# zo_owner=nisplusEntryOwner, \
# zo_group=nisplusEntryGroup, \
# zo_access=nisplusEntryAccess
nisplusLDAPcolumnFromAttribute \
creduser: cname=("%s.%s", uid, \
(nis+:zo_owner[]cred.org_dir, "*.%s")), \
auth_name=("unix.%s@%s", uidNumber, \
(nis+:zo_owner[]cred.org_dir, "*.%s.")), \
("{%s}%s", auth_type, public_data)= \
nisPublicKey, \
("{%s}%s", auth_type, private_data)= \
nisSecretKey
# Enable if owner/group/access information is stored in LDAP,
# and the LDAP server knows about the nisplusEntryData object class.
# zo_owner=nisplusEntryOwner, \
# zo_group=nisplusEntryGroup, \
# zo_access=nisplusEntryAccess
# If your Hosts container store fully qualified host names, the 'cname'
# and 'auth_name' assignments below should be replaced with:
# cname=("%s.", cn), \
# auth_name=("unix.%s@%s", (cn, "%s.*"), \
# (cn, "*.%s.")) \
#
nisplusLDAPcolumnFromAttribute \
crednode: \
cname=("%s.%s", cn, \
(nis+:zo_owner[]cred.org_dir, "*.%s")), \
auth_name=("unix.%s@%s", cn, \
(nis+:zo_owner[]cred.org_dir, "*.%s.")), \
("{%s}%s", auth_type, public_data)= \
nisPublicKey, \
("{%s}%s", auth_type, private_data)= \
nisSecretKey
# Enable if owner/group/access information is stored in LDAP,
# and the LDAP server knows about the nisplusEntryData object class.
# zo_owner=nisplusEntryOwner, \
# zo_group=nisplusEntryGroup, \
# zo_access=nisplusEntryAccess
nisplusLDAPcolumnFromAttribute \
aliases: alias=mail, \
expansion= \
("%s,", (mgrprfc822mailmember), ",")
nisplusLDAPcolumnFromAttribute \
netgroup: name=cn, \
(group)=(memberNisNetgroup), \
("(%s,%s,%s)", host, user, domain)= \
(nisNetgroupTriple), \
comment=description
nisplusLDAPcolumnFromAttribute \
networks: cname=cn, \
(name)=(cn), \
addr=ipNetworkNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
netmasks: addr=ipNetworkNumber, \
mask=ipNetmaskNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
protocols: cname=cn, \
(name)=(cn), \
number=ipProtocolNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
rpc: cname=cn, \
(name)=(cn), \
number=oncRpcNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
services: cname=cn, \
(name)=(cn), \
proto=ipServiceProtocol, \
port=ipServicePort, \
comment=description
nisplusLDAPcolumnFromAttribute \
auth_attr: name=cn, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
short_desc=SolarisAttrShortDesc, \
long_desc=SolarisAttrLongDesc, \
attr=SolarisAttrKeyValue
nisplusLDAPcolumnFromAttribute \
exec_attr: name=cn, \
policy=SolarisKernelSecurityPolicy, \
type=SolarisProfileType, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
id=SolarisProfileId, \
attr=SolarisAttrKeyValue
nisplusLDAPcolumnFromAttribute \
prof_attr: name=cn, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
desc=SolarisAttrLongDesc, \
attr=SolarisAttrKeyValue
nisplusLDAPcolumnFromAttribute \
user_attr: name=cn, \
qualifier=SolarisUserQualifier, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
attr=SolarisAttrKeyValue
nisplusLDAPcolumnFromAttribute \
audit_user: name=cn, \
always=SolarisAuditAlways, \
never=SolarisAuditNever
#################################################################
# timezone and client_info
#
# The standard NIS+ "timezone" and "client_info" tables require
# definitions of object classes and attributes other than the
# RFC 2307 ones. See the Getting Started section on the
# NIS+LDAPmapping(4) man page before enabling the configuration
# below.
#################################################################
#nisplusLDAPdatabaseIdMapping client_info_table:client_info.org_dir
#nisplusLDAPdatabaseIdMapping timezone_table:timezone.org_dir
#nisplusLDAPdatabaseIdMapping client_info:client_info.org_dir
#nisplusLDAPdatabaseIdMapping timezone:timezone.org_dir
#nisplusLDAPentryTtl client_info_table:21600:43200:43200
#nisplusLDAPentryTtl timezone_table:21600:43200:43200
#nisplusLDAPentryTtl client_info:1800:3600:3600
#nisplusLDAPentryTtl timezone:1800:3600:3600
#nisplusLDAPobjectDN client_info_table:cn=client_info,ou=nisPlus,?base?\
# objectClass=nisplusObjectContainer:\
# cn=client_info,ou=nisPlus,?base?\
# objectClass=nisplusObjectContainer,\
# objectClass=top
#nisplusLDAPobjectDN timezone_table:cn=timezone,ou=nisPlus,?base?\
# objectClass=nisplusObjectContainer:\
# cn=timezone,ou=nisPlus,?base?\
# objectClass=nisplusObjectContainer,\
# objectClass=top
#nisplusLDAPobjectDN client_info:ou=ClientInfo,?one?\
# objectClass=nisplusClientInfoData:\
# ou=ClientInfo,?one?\
# objectClass=nisplusClientInfoData,\
# objectClass=top
#nisplusLDAPobjectDN timezone:ou=TimeZone,?one?\
# objectClass=nisplusTimeZoneData:\
# ou=TimeZone,?one?\
# objectClass=nisplusTimeZoneData,\
# objectClass=top
#nisplusLDAPattributeFromColumn \
# client_info: dn=("cn=%s,", client), \
# cn=client, \
# nisplusClientInfoAttr=attr, \
# nisplusClientInfoInfo=info, \
# nisplusClientInfoFlags=flags
#nisplusLDAPattributeFromColumn \
# timezone: dn=("cn=%s,", name), \
# cn=name, \
# nisplusTimeZone=tzone, \
# description=comment
#nisplusLDAPcolumnFromAttribute \
# client_info: client=cn, \
# attr=nisplusClientInfoAttr, \
# info=nisplusClientInfoInfo, \
# flags=nisplusClientInfoFlags
#nisplusLDAPcolumnFromAttribute \
# timezone: name=cn, \
# tzone=nisplusTimeZone, \
# comment=description