#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#
#
# inityp2l -- Utility to generate YP (NIS) to LDAP
# and mapping file (/var/yp/NISLDAPmapping)
#
#
# Displays message corresponding to the argument tag passed.
#
{
$PROG: [ -m mapping_file ] [ -c config_file ]
m <mapping_file> Name of the generated NISLDAP mapping file
Default is /var/yp/NISLDAPmapping
c <config_file> Name of the generated ypserv configuration file
Default is /etc/default/ypserv
EOF
;;
no_config_file_name_specified) cat <<EOF
You have not specified the config file name. You still have the
option to skip creating this file, specify a config file name, or
continue creating it with the default file name (${CONFIG_FILE}).
EOF
;;
You have not specified the mapping file name. You still have the
option to skip creating this file, specify a mapping file name, or
continue creating it with the default file name (${MAP_FILE}).
EOF
;;
new_config_file_name_help) cat <<EOF
You can either specify a new file name, or accept the default
config file name (${CONFIG_FILE}).
It is recommended not to use the default file name since this
script just helps with rapid creation of a config file. You
should examine it's content before using it.
EOF
;;
new_mapping_file_name_help) cat <<EOF
You can either specify a new file name, or accept the default
mapping file name (${MAP_FILE}).
It is recommended not to use the default file name since this
script just helps with rapid creation of a mapping file. You
should examine it's content before using it. And if there are
custom maps, then their entries in the mapping file need to be
customized too.
Also, creation of default mapping file would cause NIS components
to work in NIS to LDAP (N2L), rather than traditional NIS, mode
when next restarted.
EOF
;;
backup_config_file) cat <<EOF
The config file "${CONFIG_FILE}" already exists. It is strongly
recommended that you BACKUP this file before running $PROG.
However, even if you continue, you would be given the option to
back up this file before it gets overwritten.
EOF
;;
backup_mapping_file) cat <<EOF
The mapping file "${MAP_FILE}" already exists. It is strongly
recommended that you BACKUP this file before running $PROG.
However, even if you continue, you would be given the option to
back up this file before it gets overwritten.
EOF
;;
warn_n2l_mode) cat <<EOF
Warning : Creation of default mapping file (`basename $MAP_FILE`)
at default location (`dirname $MAP_FILE`) would cause NIS
components to work in NIS to LDAP (N2L) mode, rather than
traditional NIS mode, when next restarted.
"$PROG" assists with rapid creation of a simple N2L mapping
file. The user should examine it's content before using it.
For custom maps, this file needs to be customized which can
be done using standard text editors.
EOF
;;
config_auth_method_menu) cat <<EOF
The following are the supported Authentication Methods -
1 none
2 simple
3 sasl/cram-md5
4 sasl/digest-md5
EOF
;;
auth_method_menu) cat <<EOF
The following are the supported Authentication Methods -
1 simple
2 sasl/cram-md5
3 sasl/digest-md5
EOF
;;
tls_method_menu) cat <<EOF
The following are the supported TLS Methods -
1 none
2 ssl
EOF
;;
retrieve_error_action_menu) cat <<EOF
The following are the supported actions -
1 use_cached
2 fail
EOF
;;
store_error_action_menu) cat <<EOF
The following are the supported actions -
1 retry
2 fail
EOF
;;
HELP - No help is available for this topic.
EOF
;;
backup_config_file_cont_help) cat <<EOF
HELP - Since $PROG will overwrite the existing config file, it is
strongly recommended that you backup this file prior to
running this utility.
However, even if you continue, you would be given the option
to back up this file before it gets overwritten.
EOF
;;
backup_config_file_help) cat <<EOF
HELP - If you choose to backup the existing config file, it would be
saved with current date and time suffix in yymmdd.HH.MM.SS format.
EOF
;;
backup_mapping_file_cont_help) cat <<EOF
HELP - Since $PROG will overwrite the existing mapping file, it is
strongly recommended that you backup this file prior to running
this utility.
However, even if you continue, you would be given the option to
back up this file before it gets overwritten.
EOF
;;
backup_mapping_file_help) cat <<EOF
HELP - If you choose to backup the existing mapping file, it would be
saved with current date and time suffix in yymmdd.HH.MM.SS format.
EOF
;;
warn_n2l_mode_help) cat <<EOF
HELP - It is strongly recommended that the mapping file is created at
non-default location (other than `dirname $MAP_FILE`). After this,
it's content should be verified, custom maps should be handled,
and if NIS components are desired to run in NIS to LDAP (N2L),
then only it should be copied at the default location.
EOF
;;
nisLDAPconfigDN_help) cat <<EOF
HELP - The DN which stores the configuration information in LDAP.
There is no default value for this field. Leave empty or
undefined to get this information from config file (ypserv).
EOF
;;
HELP - List of directory servers to provide the configuration
information. There is no default. The preferred servers
must be entered IN THE ORDER you wish to have them contacted.
The preferred server list is a space separated list of IP
addresses. Providing port numbers is optional, and when not
supplied, port 389 is assumed. For an LDAP server running
on this machine, at port 389, use "127.0.0.1:389".
EOF
;;
HELP - The authentication method to be used to obtain information
from LDAP server. The supported methods are provided in menu.
EOF
;;
HELP - The transport layer security used for connection to the LDAP
server. In order to successfully use transport layer security,
the server must also support the chosen values. The supported
methods are provided in menu. Default is "$DEF_TLS".
EOF
;;
TLSCertificateDBPath_help) cat <<EOF
HELP - The absolute path name of the directory containing the certificate
database. The default value is "$DEF_TLSCertificateDBPath"
EOF
;;
nisLDAPconfigProxyUser_help) cat <<EOF
HELP - The bind DN of the proxy user used to obtain configuration
information. There is no default value. If the value ends
with a comma, the value of the nisLDAPconfigDN attribute
is appended.
EOF
;;
ProxyPassword_warn) cat <<EOF
Warning : In order to avoid having this password publicly visible
on the machine, the password should appear only in the
configuration file, and the file should have an appropriate
owner, group, and file mode.
So, once this file is ready, please modify appropriately
to make sure this file is well protected.
EOF
;;
preferredServerList_help) cat <<EOF
HELP - List of directory servers for mapping data to/from LDAP.
There is no default. The preferred servers must be entered
IN THE ORDER you wish to have them contacted. The preferred
server list is a space separated list of IP addresses.
Providing port numbers is optional, and when not supplied,
port 389 is assumed. For an LDAP server running on this
machine, at port 389, use "127.0.0.1:389".
EOF
;;
nisLDAPproxyUser_help) cat <<EOF
HELP - The bind DN of the proxy user the ypserv to read or write
from or to LDAP. Assumed to have the appropriate permission
to read and modify LDAP data. There is no default value. If
the value ends with a comma, the value of the context for
the current domain (as defined by a nisLDAPdomainContext
attribute (NISLDAPmapping(4))) is appended.
EOF
;;
nisLDAPbindTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP bind operation
will timeout. Default is $DEF_nisLDAPbindTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPsearchTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP search operation
will timeout. Default is $DEF_nisLDAPsearchTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPmodifyTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP modify operation
will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPaddTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP add operation
will timeout. Default is $DEF_nisLDAPaddTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPdeleteTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP delete operation
will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPsearchTimeLimit_help) cat <<EOF
HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which
suggests a time limit for the search operation on the LDAP
server. The server may impose its own constraints on possible
values. See your LDAP server documentation. The default is the
nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value.
Only integer values are allowed.
Since the nisLDAPsearchTimeout limits the amount of time the
client ypserv will wait for completion of a search operation,
setting the nisLDAPsearchTimeLimit larger than the
nisLDAPsearchTimeout is not recommended.
EOF
;;
nisLDAPsearchSizeLimit_help) cat <<EOF
HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which
suggests a size limit, in bytes, for the search results on
the LDAP server. The server may impose its own constraints
on possible values. See your LDAP server documentation. The
default is $DEF_nisLDAPsearchSizeLimit, which means unlimited.
Only integer values are allowed.
EOF
;;
nisLDAPfollowReferral_help) cat <<EOF
HELP - Determines if the ypserv should follow referrals or not.
Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral.
EOF
;;
HELP - If an error occurs while trying to retrieve an entry from
LDAP, one of the following actions can be selected:
use_cached : Retry the retrieval the number of time specified
by nisLDAPretrieveErrorAttempts, with the
nisLDAPretrieveErrorTimeout value controlling
the wait between each attempt.
If all attempts fail then log a warning and
return the value currently in the cache to the
client. This is the default value.
fail : Proceed as for 'use_cached' but if all attempts
fail return a YPERR_YPERR error to the client.
EOF
;;
HELP - The number of times a failed retrieval should be retried.
The default is unlimited. Note while retries are made, the
NIS daemon will be prevented from servicing further requests.
Hence, values other than 1 should be used with caution.
EOF
;;
HELP - The timeout (in seconds) between each new attempt to retrieve
LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds.
EOF
;;
nisLDAPstoreErrorAction_help) cat <<EOF
HELP - If an error occurs while trying to store data to the LDAP
repository, one of the following actions can be selected :
retry : Retry operation nisLDAPstoreErrorAttempts times with
nisLDAPstoreErrorTimeout seconds between each attempt.
Note while retries are made the NIS daemon will be
prevented from servicing further requests. Use with
caution. This is the default value.
fail : Return YPERR_YPERR error to the client.
EOF
;;
HELP - The number of times a failed attempt to store data to the
LDAP repository should be retried. The default is unlimited.
The value for nisLDAPstoreErrorAttempts is ignored unless
nisLDAPstoreErrorAction=retry.
EOF
;;
nisLDAPstoreErrorTimeout_help) cat <<EOF
HELP - The timeout (in seconds) between each new attempt to store
LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds.
The value for nisLDAPstoreErrorTimeout is ignored unless
nisLDAPstoreErrorAction=retry.
EOF
;;
selectDomain4N2L_help) cat <<EOF
HELP - Whether this domain needs to be served by YP to LDAP transition
solution. The default is no in which case the data in this
domain would not be taken care for transitioning to LDAP.
EOF
;;
HELP - If selected, this script will try to add relevant comments
in the mapping file which might help in customizing the
mapping information for custom maps.
EOF
;;
HELP - If selected, this script will try to generate mapping
information for this map assuming it is a "simple" map.
A map is assumed to be "simple" if each entry of this map
has only one "key value" entry in YP, and if each map entry
can be represented as a single DIT string in the LDAP server.
If this map is not a simple map and you do want to store it
in LDAP, you have two options :
1 - Answer yes, and this script would generate the mapping
information for this map assuming it is a simple map.
And once the execution of the script is over, you can
customize the mapping information by hand editing the
mapping file.
2 - Answer no, and this script would not generate mapping
info for this map. And once the execution of the script
is over, you can include the customized mapping
information by hand editing the mapping file.
EOF
;;
nisLDAPdomainContext_help) cat <<EOF
HELP - This parameter defines the context (default location) in
the directory tree at which all the name service entries
for this particular domain would be stored.
EOF
;;
nisLDAPyppasswddDomains_help) cat <<EOF
HELP - Lists the domains for which password changes should be
made. If this is not present then the value returned by
'domainname' will be used.
NIS password change requests do not specify the domains in
which any given password should be changed. (In traditional
NIS this information is effectively hard coded in the NIS
makefile.)
EOF
;;
custom_map_comment_char_help) cat <<EOF
HELP - If selected, it will allow you to specify a character which
would represent the start of the special 'comment' field in
a given NIS map. If this attribute is not present then the
default comment character '#' is used.
If a map cannot contain comments then the blank comment
character ('') should be specified (just hit the return key).
EOF
;;
same_comment_char_help) cat <<EOF
HELP - If selected, for a given map, it will allow you to specify
a common comment character for all the domains.
Or else by selecting NO, for the same map, you would be
given the option to specify different comment character
for different domains.
EOF
;;
secure_flag_on_help) cat <<EOF
HELP - Secure flag is set on maps which are generated with
"makedbm -s". When converting data from LDAP to YP,
it adds YP_SECURE entries.
EOF
;;
secure_flag_all_domains_help) cat <<EOF
HELP - If selected, it will allow you to set the secure flag on
for this map for all the domains.
Or else by selecting NO, you would be given the option to
set this flag, for the same map, on per domain basis.
EOF
;;
interdomain_flag_on_help) cat <<EOF
HELP - Interdomain flag is set on a set of maps which are generated
with "makedbm -b". It signals NIS servers to use the domain
name resolver for host name and address lookups for hosts
not found in the maps.
If selected, it adds YP_INTERDOMAIN entries in these maps
when converting data from LDAP to YP.
EOF
;;
HELP - If selected, it will allow you to set the interdomain flag
on for all the domains.
Or else by selecting NO, you would be given the option to
set this flag on per domain basis.
EOF
;;
initialTTLlo_help) cat <<EOF
HELP - The lower limit for the initial TTL (in seconds) for data
read from disk when the ypserv starts. If initialTTLhi also
is specified, the actual initialTTL will be randomly selected
from the interval initialTTLlo to initialTTLhi (inclusive).
Leaving the field empty yields the default value of $DEF_iTTLlo.
EOF
;;
initialTTLhi_help) cat <<EOF
HELP - The upper limit for the initial TTL (in seconds).
If left empty, defaults to "$DEF_iTTLhi".
EOF
;;
runningTTL_help) cat <<EOF
HELP - The TTL (in seconds) for data retrieved from LDAP while the
ypserv is running. If left empty, defaults to "$DEF_runTTL".
EOF
;;
default_ttl_help) cat <<EOF
HELP - The default TTL value for each map is set to :
${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}
Select yes if you want to change the current TTL value.
EOF
;;
non_default_same_ttl_help) cat <<EOF
HELP - Select yes if you want to set a new TTL value, but want
to keep it same for all the maps.
EOF
;;
HELP - Select yes if you want to set TTL value for each map, but
want to keep it same for all the domains.
EOF
;;
default_different_ttl_help) cat <<EOF
HELP - Select yes if you want to accept the default TTL
value for this map.
EOF
;;
same_ttl_across_domains_help) cat <<EOF
HELP - Select yes if you want to set TTL value for the map,
but want to keep it same for all the domains.
EOF
;;
esac
}
#
# Echo the message passed only if DEBUG is set.
# Reduces the line width significantly.
#
{
}
#
# get_ans(): gets an answer from the user.
# $2 default value
#
{
if [ -z "$2" ]
then
echo "$1 \c"
else
echo "$1 [$2] \c"
fi
read ANS
then
ANS=$2
fi
}
#
# get_ans_req(): gets an answer (required) from the user, NULL value not allowed.
#
{
do
get_ans "$@"
done
}
#
# get_integer(): Querys and verifies that number entered is integer.
# Function will repeat prompt user for integer value.
# $1 Message text.
# $2 default value.
# $3 Help argument.
#
{
NUM=""
get_ans "$1" "$2"
# Verify that value is integer.
while not_integer $ANS
do
[Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
* ) echo "Invalid value: \"${ANS}\". \c"
;;
esac
# Get a new value.
get_ans "Enter an integer value:" "$2"
done
}
#
# get_number(): Querys and verifies that number entered is numeric.
# Function will repeat prompt user for numeric value.
# $1 Message text.
# $2 default value.
# $3 Help argument.
#
{
NUM=""
get_ans "$1" "$2"
# Verify that value is numeric.
while not_numeric $ANS
do
[Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
* ) echo "Invalid value: \"${ANS}\". \c"
;;
esac
# Get a new value.
get_ans "Enter a numeric value:" "$2"
done
}
#
# get_pos_int(): Only allows positive integer.
#
# $1 - Prompt message.
# $2 - Default value (require).
# $3 - Optional help argument.
{
while :
do
get_integer "$1" "$2" "$3"
echo "Invalid number: please enter a positive integer."
else
break # Positive integer
fi
done
}
#
# get_pos_num(): Only allows positive number.
#
# $1 - Prompt message.
# $2 - Default value (require).
# $3 - Optional help argument.
{
while :
do
get_number "$1" "$2" "$3"
echo "Invalid number: please enter a positive number."
else
break # Positive number
fi
done
}
#
#
# get_passwd(): Reads a password from the user and verify with second.
#
{
# Temporary PASSWD variables
_PASS1=""
_PASS2=""
# Handle signals, so that echo can be turned back on if Ctrl-C.
# Endless loop that continues until passwd and re-entered passwd
# match.
while :
do
# Don't allow NULL for first try.
do
get_ans "$@"
done
# Get second try.
echo ""
get_ans "Re-enter passwd:"
# Test if passwords are identical.
break
fi
# Move cursor down to next line and print ERROR message.
echo ""
echo "ERROR: passwords don't match; try again."
done
# Removed signal handler
trap 1 2 3 6 15
echo ""
}
#
# get_passwd_nochk(): Reads a password from the user w/o check.
#
{
# Handle signals, so that echo can be turned back on if Ctrl-C.
get_ans "$@"
# Removed signal handler
trap 1 2 3 6 15
echo ""
}
#
# $1 - Message
# $2 - default value.
#
{
while :
do
# Display Internal ERROR if $2 not set.
if [ -z "$2" ]; then
echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional."
exit 2
fi
# Display prompt.
echo "$1 [$2] \c"
# Get the ANSWER.
read _ANSWER
_ANSWER=$2
fi
[Hh] | help | Help | \?) display_msg ${3:-sorry};;
* ) echo "Please enter y or n." ;;
esac
done
}
#
# No default value supported. Returns 1 for yes.
#
{
while :
do
echo "$@ \c"
read _ANSWER
* ) echo "Please enter y or n." ;;
esac
done
}
#
# is_integer(): Tells if a string is numeric integer.
# 0 = Integer
# 1 = NOT Integer
#
{
# Check for parameter.
if [ $# -ne 1 ]; then
return 1
fi
# Determine if integer.
if [ $? -ge 2 ]; then
return 1
fi
# Made it here, it's Numeric.
return 0
}
#
# not_integer(): Reverses the return values of is_integer. Useful
# for if and while statements that want to test for
# non-integer data.
# 0 = NOT Integer
# 1 = Integer
#
{
is_integer $1
if [ $? -eq 0 ]; then
return 1
else
return 0
fi
}
#
# is_numeric(): Tells if a string is numeric.
# 0 = Numeric
# 1 = NOT Numeric
#
{
# Check for parameter.
if [ $# -ne 1 ]; then
return 1
fi
# Determine if numeric.
if [ $? -eq 0 ]; then
return 0
fi
}
#
# not_numeric(): Reverses the return values of is_numeric. Useful
# for if and while statements that want to test for
# non-numeric data.
# 0 = NOT Numeric
# 1 = Numeric
#
{
is_numeric $1
if [ $? -eq 0 ]; then
return 1
else
return 0
fi
}
#
# domain_2_dc(): Convert a domain name into dc string.
# $1 .. Domain name.
#
{
_DOM=$1 # Domain parameter.
_FIRST=1 # Flag for first time.
export _DOM_2_DC # Make visible for others.
# Convert "."'s to spaces for "for" loop.
_DOM_2_DC="dc=${i}"
_FIRST=0
else
_DOM_2_DC="${_DOM_2_DC},dc=${i}"
fi
done
}
#
# is_root_user(): Check to see if logged in as super user.
#
{
* ) return 1 ;;
esac
}
#
# parse_arg(): Parses the command line arguments and sets the
# appropriate variables.
#
{
do
d) DEBUG=1;;
\?) echo "**ERROR: Invalid option '$OPTARG'"
exit 1;;
esac
done
if [ $# -gt 0 ]; then
echo "**ERROR: wrong usage "
exit 1
fi
}
#
# present() : Checks if the first argument exists in the
# argument list. Returns 0 if found, else 1.
#
{
_ELEMENT=$1
shift
ARG_LIST=$@
do
done
# If reached here, then the clement does not exist
return 1
}
#
# remove() : Returns a new string after removing the first
# argument in the argument list.
#
{
_ELEMENT=$1
shift
ARG_LIST=$@
NEW_LIST=""
do
done
echo $NEW_LIST
return 0
}
#
# merge_lists() : Returns a list after merging elements
# (uniquely) supplied in the argument list.
#
{
MERGED_LIST=""
do
if ! present $_VAR $MERGED_LIST; then
fi
done
echo $MERGED_LIST
return 0
}
#
# init(): initializes variables and options
#
{
# General variables.
DEBUG=0 # Set Debug OFF
MAPPING_FILE_SPECIFIED=0 # No file name passed
CONFIG_FILE_SPECIFIED=0 # No file name passed
# Prevent others from snooping
umask 077
# Set default config and mapping files.
# Set and create TMPDIR. Use a safe place to discourage hackers.
# Temporary file names to be used to prevent system starting in
# N2L mode in case something goes wrong during file creation.
TMPCONF="ypserv-tmp"
TMPMAP="NISLDAPmapping-tmp"
# Remove if the temp directory has been leftover
if [ $? -ne 0 ]; then
exit 1
fi
# Initialize the default NIS maps.
netgroup
bootparams
auth_attr
exec_attr
prof_attr
user_attr
audit_user
ypservers"
# The default TTL maps in database ID format.
DEF_TTL_MAPLIST="audit_user
auth_attr
bootparams
ethers
exec_attr
group
hosts
multihosts
ipnodes
multiipnodes
netgroup
networks
passwd
prof_attr
project
protocols
services
user_attr
ypservers"
# Initialize default values for config parameters.
# The default is unlimited, but since it prevents the NIS daemon,
# from servicing further requests, set 1 as the suggested value.
# The default is unlimited, but set 1 as the suggested value.
# Default TTL values (in seconds) for NIS MAPS for mapping file.
DEF_iTTLlo=1800
DEF_iTTLhi=5400
DEF_runTTL=3600
}
#
# config_auth_menu_handler(): Enter the authentication method
# for config server.
#
{
# Display Auth menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer.
get_ans_req " Choose one Authentication Method (h=help):"
# Determine choice.
1) _AUTHMETHOD="none"
break ;;
2) _AUTHMETHOD="simple"
break ;;
3) _AUTHMETHOD="sasl/cram-md5"
break ;;
4) _AUTHMETHOD="sasl/digest-md5"
break ;;
h) display_msg auth_help ;;
*) echo "Please enter 1-4, or h=help." ;;
esac
done
}
#
# auth_menu_handler(): Enter the Authentication method for LDAP server.
#
{
# Display Auth menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer.
get_ans_req " Choose one Authentication Method (h=help):"
# Determine choice.
1) _AUTHMETHOD="simple"
break ;;
2) _AUTHMETHOD="sasl/cram-md5"
break ;;
3) _AUTHMETHOD="sasl/digest-md5"
break ;;
h) display_msg auth_help ;;
*) echo "Please enter 1-3, or h=help." ;;
esac
done
}
#
# tls_menu_handler(): Enter the transport layer security
#
{
# Display TLS menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer.
# Default value is "none".
get_ans " Choose one Transport Layer Security Method (h=help):" "1"
# Determine choice.
1) _TLSMETHOD="none"
break ;;
2) _TLSMETHOD="ssl"
break ;;
h) display_msg tls_help ;;
*) echo "Please enter 1, 2, or h=help." ;;
esac
done
}
#
# retrieve_error_action_menu_handler(): Enter the retrieve error action
#
{
# Display retrieve error action menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer. use_cached is default
get_ans " Choose one retrieval error action (h=help):" "1"
# Determine choice.
1) _RET_ERR_ACT="use_cached"
break ;;
2) _RET_ERR_ACT="fail"
break ;;
*) echo "Please enter 1, 2, or h=help." ;;
esac
done
}
#
# store_error_action_menu_handler(): Enter the store error action
#
{
# Display store error action menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer. retry is default
get_ans " Choose one store error action (h=help):" "1"
# Determine choice.
1) _STOR_ERR_ACT="retry"
break ;;
2) _STOR_ERR_ACT="fail"
break ;;
*) echo "Please enter 1, 2, or h=help." ;;
esac
done
}
#
# cleanup(): Remove the TMPDIR and all files in it.
#
{
# Leave the temp directory if debug is set
}
# Save existing config file if elected
{
if [ -f $CONFIG_FILE ]; then
"n" "backup_config_file_cont_help"
if [ $? -eq 0 ]; then # if No, cleanup and exit.
cleanup ; exit 1
fi
"y" "backup_config_file_help"
if [ $? -eq 1 ]; then # Save the old config file with timestamp
# SCCS converts '% H %' (without spaces) in current date during putback.
# So use some other combination.
cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX}
echo " Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}"
fi
fi
}
# Save existing mapping file if elected
{
if [ -f $MAP_FILE ]; then
"n" "backup_mapping_file_cont_help"
if [ $? -eq 0 ]; then # if No, cleanup and exit.
cleanup ; exit 1
fi
"y" "backup_mapping_file_help"
if [ $? -eq 1 ]; then # if Yes, save the old map file with timestamp
# SCCS converts '% H %' (without spaces) in current date during putback.
# So use some other combination.
echo " Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}"
fi
else
"n" "warn_n2l_mode_help"
if [ $? -eq 0 ]; then
cleanup ; exit 1
fi
fi
fi
}
{
# Start with an empty file, so don't append, but overwrite here.
# Just change the name, but keep the same date and version number
# as in the ident string of this script.
echo "\
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#\
" >> $MAP_FILE
}
{
while :
do
get_ans "DN for configuration information (h=help):"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;;
* ) break ;;
esac
done
nisLDAPconfigDN="${ANS}"
# Store in config file only if a non-default value is specified.
fi
# Ask remaining config server related questions only if this
# DN is set. So, if a value is specified, set a flag.
}
{
while :
do
get_ans_req "Preferred server list for configuration information (h=help):"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;;
* ) break ;;
esac
done
}
{
_AUTHMETHOD=""
echo "Select the Authentication Method for configuration server :"
}
{
_TLSMETHOD=""
echo "Select the Transport Layer Security (TLS) for configuration server :"
# Store in config file only if a non-default value is specified.
if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
fi
}
{
while :
do
"${DEF_TLSCertificateDBPath}"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
* ) break ;;
esac
done
# Store in config file only if a non-default value is specified.
fi
}
{
while :
do
get_ans_req "Proxy user bind DN to obtain configuration information (h=help):"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;;
* ) break ;;
esac
done
}
{
get_passwd "Proxy user password to obtain configuration information :"
}
{
while :
do
get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg preferredServerList_help ;;
* ) break ;;
esac
done
}
{
_AUTHMETHOD=""
}
{
_TLSMETHOD=""
# Store in config file only if a non-default value is specified.
if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
fi
}
{
while :
do
"${DEF_nisLDAPTLSCertificateDBPath}"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
* ) break ;;
esac
done
# Store in config file only if a non-default value is specified.
fi
}
{
while :
do
get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;;
* ) break ;;
esac
done
}
{
get_passwd "Proxy user password to read/write data from/to LDAP :"
}
{
"${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then
fi
}
{
"${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then
fi
}
{
"${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then
fi
}
{
"${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then
fi
}
{
"${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then
fi
}
{
"${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then
fi
}
{
"${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then
fi
}
{
"n" "nisLDAPfollowReferral_help"
if [ $? -eq 1 ]; then
_ANS="yes"
else
_ANS="no"
fi
# Store in config file only if a non-default value is specified.
if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then
fi
}
{
_RET_ERR_ACT=""
echo "Select the action to be taken in case of LDAP retrieval error :"
# Store in config file only if a non-default value is specified.
if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then
fi
}
{
"nisLDAPretrieveErrorAttempts_help"
}
{
# if nisLDAPretrieveErrorAttempts=0, then no point in asking
# for timeout vales as it is ignored anyway.
[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0
"${DEF_nisLDAPretrieveErrorTimeout}" \
"nisLDAPretrieveErrorTimeout_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then
fi
}
{
echo "Select the action to be taken in case of LDAP store error :"
# Store in config file only if a non-default value is specified.
if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then
fi
}
{
# if nisLDAPstoreErrorAction="fail", then no point in asking
# for no. of attempts or timeout vales as they are ignored.
"nisLDAPstoreErrorAttempts_help"
}
{
# if nisLDAPstoreErrorAction="fail", then no point in asking
# for no. of attempts or timeout vales as they are ignored.
# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question.
[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0
"${DEF_nisLDAPstoreErrorTimeout}" \
"nisLDAPstoreErrorTimeout_help"
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then
fi
}
{
# To prevent from leaving a partial config file in case some error or
# signal takes place, store the output being generated in a temporary
# file first, and move it at the final destination only at the end if
# everything goes fine.
CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$
echo "Generating config file temporarily as \"${CONFIG_FILE}\""
# Truncate the file before we append anything.
# Place copyright information
# The list of domains is stored in list "VARYP_DMN_LIST"
echo "\
#
# Configuration file for ypserv(1M); see ypserv(4) for more information,
# and NISLDAPmapping(4) for configuration of NIS to LDAP mapping.
# Unless otherwise noted, commented lines show default values.
" >> $CONFIG_FILE
echo "\
# Where to look for configuration information in LDAP. Leave empty or
# undefined to use this file, in which case the values of the other
# 'nisLdapConfig*' attributes are ignored.
#
#nisLDAPconfigDN=\
" >> $CONFIG_FILE
echo "
# Server(s) for configuration information. There is no default;
# use the value on the line below for an LDAP server running on
# this machine, at port 389.
#nisLDAPconfigPreferredServerList=127.0.0.1:389\
" >> $CONFIG_FILE
echo "
# Authentication method(s) to obtain configuration information.
#\
" >> $CONFIG_FILE
echo "
# Transport layer security for configuration information
#
#nisLDAPconfigTLS=${DEF_TLS}\
" >> $CONFIG_FILE
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS
echo "
# Certificate DB for transport layer security
#
#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
" >> $CONFIG_FILE
# ask for Certificate DB only if SSL is set
if [ "${nisLDAPconfigTLS}" = "ssl" ]; then
fi
echo "
# Proxy user(s) to obtain configuration information. The line below
# is an example of the format.
#
#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\
" >> $CONFIG_FILE
# Ask proxy user bind DN only if needed.
if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser
fi
echo "
# Password for proxy user. Must be supplied if the authentication method
# requires a password. If a password appears in this file, it should be
# protected appropriately against access by unauthorized users.
#
#nisLDAPconfigProxyPassword=\
" >> $CONFIG_FILE
if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword
fi
echo "
# use the value on the line below for an LDAP server running on
# this machine, at port 389.
#preferredServerList=127.0.0.1:389\
" >> $CONFIG_FILE
echo "
#\
" >> $CONFIG_FILE
echo "
#
#nisLDAPTLS=${DEF_TLS}\
" >> $CONFIG_FILE
echo "
# Certificate DB for transport layer security
#
#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
" >> $CONFIG_FILE
# ask for Certificate DB only if SSL is set
if [ "${nisLDAPTLS}" = "ssl" ]; then
fi
echo "
# Proxy user for ypserv. Assumed to have appropriate permission to read
# format.
#
#nisLDAPproxyUser=cn=nisAdmin,ou=People,\
" >> $CONFIG_FILE
# Ask proxy user bind DN only if needed.
if [ "${authenticationMethod}" != "none" ]; then
fi
echo "
# Password for proxy user. Must be supplied if the authentication method
# requires a password. If a password appears in this file, it should be
# protected appropriately against unauthorized access.
#
#nisLDAPproxyPassword=\
" >> $CONFIG_FILE
if [ "${authenticationMethod}" != "none" ]; then
fi
echo "
#
#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\
" >> $CONFIG_FILE
echo "
#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\
" >> $CONFIG_FILE
echo "
#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\
" >> $CONFIG_FILE
echo "
#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\
" >> $CONFIG_FILE
echo "
#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\
" >> $CONFIG_FILE
echo "
#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\
" >> $CONFIG_FILE
echo "
#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\
" >> $CONFIG_FILE
echo "
# Should the ypserv follow LDAP referrals ?
#
#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\
" >> $CONFIG_FILE
echo "
# Action, number of attempts, and timeout following an LDAP retrieval error
#
#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\
" >> $CONFIG_FILE
echo "
#nisLDAPretrieveErrorAttempts=\
" >> $CONFIG_FILE
echo "
#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\
" >> $CONFIG_FILE
echo "
# Action, number of attempts, and timeout following an LDAP store error
#
#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\
" >> $CONFIG_FILE
echo "
#nisLDAPstoreErrorAttempts=\
" >> $CONFIG_FILE
echo "
#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\
" >> $CONFIG_FILE
# We are done, so move back the config file from temp. location
# to actual location.
# In case the config file name has a directory component which does
# not exist, then create it now, otherwise 'mv' will return error.
mkdir -p ${DIR_TO_CREATE}
echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)"
# Revert back the config file name in case needed.
echo "Finished creation of config file ( $_CONFIG_FILE )"
}
{
# Start with an emptty file, so don't append, but overwrite here.
# Just change the name and add the word pragma, but keep the same
# date and version number as in the ident string of this script.
echo "\
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#
#-------------------------------------------------------------------
#\
" >> $MAP_FILE
}
#
# The list of domains is stored in list "VARYP_DMN_LIST"
#
{
do
then
fi
done
# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
}
#
# Ask user which domains would be served by N2L
# The list of N2L domains is stored in global array
# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT
#
{
# Now identify those to be served by N2L
let count=0
for DMN in $VARYP_DMN_LIST
do
"n" "selectDomain4N2L_help"
if [ $? -eq 1 ]; then
let count="count + 1"
fi
done
[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]}
[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT
}
#
# Make various lists for different types of maps for each N2L domain
# and ask user if mapping information and comments need to be generated
# for custom maps.
#
# This function looks big, but since KSH does not support 2-D arrays, or
# two level of dereferencing, it forced to have so many lists and arrays.
# Lists are better for adding or removing elements, and arrays are better
# for accessing with index and in knowing the no. of elements.
#
{
# Initialize them with no maps.
# Default to don't generate custom mapping info or comment info.
let count=0
do
DMN=${N2L_DMN_LIST[count]}
# Initialize per domain lists to NULL.
ALL_MAPLIST=""
DEF_MAPLIST=""
CUST_MAPLIST=""
do
# Ignore N2L maps (those with "LDAP_" prefix and ageing.byname)
[ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]]
then
then
then
else
# If we reached here, means it is custom map.
get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \
"n" "generate_mapping_info_for_cust_map_help"
if [ $? -eq 1 ]
then
else
# If a customer map is not desired, then delete it from
# all maplist too.
fi
fi
fi
done
# Make ALL_DMN lists as they are very helpful in checking if a map exists.
# Store per domain lists in arrays.
[ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]}
let count="count + 1"
done
[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST
[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST
[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST
[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST
# Store all domain lists in array too.
# A positive customer map count implies custom mapping information
# is required. Set this flag.
[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1
# Give bit of info, and ask if comments need to be placed in mapping file
echo "
This script can place relevant information regarding custom
maps at appropriate places in the mapping file which can be
helpful in customizing this file.
"
"n" "generate_comment_info_for_cust_map_help"
[ $? -eq 1 ] && CUST_CMT_NEEDED=1
[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED
[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED
}
#
# Ask user the context for each (N2l) domain
#
{
echo "
# List domains and contexts
" >> $MAP_FILE
for DMN in ${N2L_DMN_LIST[*]}
do
while :
do
# Convert to domain in dc format for default choice
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;;
* ) break ;;
esac
done
# If a value is specified, set it, and save in mapping file too.
fi
done
}
#
# Ask user the domains for which passwords should be changed
#
{
echo "
# List domains for which passwords should be changed. If this is not
# present then the value returned by 'domainname' will be used.
" >> $MAP_FILE
for DMN in ${N2L_DMN_LIST[*]}
do
"n" "nisLDAPyppasswddDomains_help"
if [ $? -eq 1 ]; then
fi
done
echo "
#
#-------------------------------------------------------------------
#\
" >> $MAP_FILE
}
#
# Create NIS databaseId mappings (aliases)
#
{
echo '
# Associate map names with databaseIds (aliases)
# Standard maps
nisLDAPdatabaseIdMapping ethers: ethers.byaddr ethers.byname
nisLDAPdatabaseIdMapping group: group.bygid group.byname
nisLDAPdatabaseIdMapping hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \
# Special mapping to handle the YP_MULTI cases
nisLDAPdatabaseIdMapping multihosts: \
[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \
nisLDAPdatabaseIdMapping networks: networks.byaddr networks.byname
nisLDAPdatabaseIdMapping project: project.byname project.byprojid
nisLDAPdatabaseIdMapping protocols: protocols.byname protocols.bynumber
nisLDAPdatabaseIdMapping services: services.byname services.byservicename
# netid.byname is built up from the hosts and passwd files using different
# mappings. It thus has two associated nisLDAPdatabaseIdMappings.
nisLDAPdatabaseIdMapping netid.host:[number="0"] netid.byname
nisLDAPdatabaseIdMapping netid.pass:[number="[1-9]*"] netid.byname
# The next two are special databaseIds. They associate maps with databaseIds
# but additionally identify which maps contain password and password adjunct
# information for yppasswdd.
nisLDAPdatabaseIdMapping passwd: passwd.byname passwd.byuid
# mail.byaddr needs to select entries of the form x@y or x!y
nisLDAPdatabaseIdMapping mail.mapping:[rf_key="*@*", rf_key="*!*"] \
# Each entry in publickey map consists of a network user name which
# may refer to a host or a user. It also contains a default entry for nobody.
# Hence, we need three nisLDAPdatabaseIdmappings to support the three
# different types of keys.
nisLDAPdatabaseIdMapping keys.host:[rf_key="unix.[a-zA-Z]*@*"] \
nisLDAPdatabaseIdMapping keys.pass:[rf_key="unix.[0-9]*@*"] \
nisLDAPdatabaseIdMapping keys.nobody:[rf_key="nobody"] publickey.byname
# Single standard maps. No point aliasing.
# ypservers
# Other maps
# ipnodes looks identical to hosts but maps to a different context.
nisLDAPdatabaseIdMapping ipnodes:[addr="*:*"] \
# Special mapping to handle the YP_MULTI cases
nisLDAPdatabaseIdMapping multiipnodes: \
[addr="*:*,*"] \
# Other single maps. No point aliasing
# audit_user
# auth_attr
# exec_attr
# prof_attr
# user_attr
# bootparams
' >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && \
echo "
# If any custom map needs to be aliased, then it should be listed
# here in the following format :
# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...]
" >> $MAP_FILE
[ CUST_MAP_NEEDED -eq 1 ] && \
echo "\
# Not aliasing non-default/custom maps as they are assumed to be
# simple, single maps.\
" >> $MAP_FILE
for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
do
done
echo "\
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
#
# Finds the domains in which the given map exists in the supplied list.
# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are
# set globally, so they can be accessed from any where.
# Input : $1 - map, $2 - list name (just name, not the value)
#
{
_MAP=$1
_ARRAY=$2
let PRESENT_COUNT=0
let count=0
do
# Quick and dirty way to get around unavailability of 2D array
AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]} ;;
* ) echo "Invalid value: \"${_ARRAY}\". \c"
;;
esac
then
let PRESENT_COUNT="$PRESENT_COUNT + 1"
PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}"
fi
let count="count + 1"
done
[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT"
[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS"
return 0
}
#
# For a given map, find out which list it belongs to (PRESENT_IN_LIST),
# and in how many domains this map shows up (PRESENT_COUNT), and in
# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so
# they can be accessed from any where.
#
{
_MAP=$1
let PRESENT_COUNT=0
# If the map does not exist, return right away, else
# find which list it belongs to.
# If a map exists in def or auto or cust lists, then
# it also exists in "all" list.
then
return 1
then
PRESENT_IN_LIST="DEF_MAPS"
then
PRESENT_IN_LIST="CUST_MAPS"
else
# If map exists, and not in previous two lists,
# then it has to be here only.
PRESENT_IN_LIST="AUTO_CUST_MAPS"
fi
# Now we know which list the map belongs to. So, we need to
# find which are the domains in which this map exists.
# Since the above function sets the values of PRESENT_COUNT and
# PRESENT_IN_DOMAINS fields, we don't need to do anything else.
[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST"
return 0
}
#
# Check if the comment char is a single character, return 0 on success.
# Input is passed via global variable "COMMENT_CHAR"
#
{
# echo adds new line character, so adjust length appropriately
if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then
echo " Comment character has to be a blank or single character; try again."
return 1
else
return 0
fi
}
#
# Read the comment character for a MAP. Append in mapping file if valid.
# Input - $1 : MAP name
#
{
_MAP=$1
while :
do
if valid_comment_char; then
break
fi
done
}
#
# Read a seperate comment character for a MAP for each domain and
# update this information in mapping file.
# Input - $1 : MAP name, $@ : list of domains
#
{
_MAP=$1
shift
_DOMAIN_LIST="$@"
for _DMN in $_DOMAIN_LIST
do
while :
do
if valid_comment_char; then
break
fi
done
done
}
#
# This function generates custom comment entries. The output is
# appended in the mapping file.
#
{
# All the auto mounter maps are assumed to have '#' as the default comment
# char. But still list the non-default auto map entries here anyway. This
# will make it very easy in case these entries need to be changed.
for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
done
if [ CUST_MAP_NEEDED -eq 1 ]; then
"n" "custom_map_comment_char_help"
if [ $? -eq 1 ]; then
for MAP in ${ALL_DMN_CUST_MAPS[*]}
do
"n" "custom_map_comment_char_help"
if [ $? -eq 1 ]; then
if [ $PRESENT_COUNT -gt 1 ]; then
echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
"y" "same_comment_char_help"
if [ $? -eq 1 ]; then
else
fi
else
fi
fi
done
fi
fi
}
# List comment character (if any) for maps
{
echo "\
# Specify the character representing the start of comments.
" >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && echo "\
# The comment character represents the start of the special 'comment'
# field in a given NIS map. If this attribute is not present then the
# default comment character '#' is used. If a map cannot contain comments
# then the NULL ('') comment character should be specified. The format to
# specify the comment character is :
# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char'
" >> $MAP_FILE
echo "\
nisLDAPcommentChar group : ''
nisLDAPcommentChar passwd : ''
nisLDAPcommentChar ageing.byname : ''
nisLDAPcommentChar audit_user : ''
nisLDAPcommentChar auth_attr : ''
nisLDAPcommentChar exec_attr : ''
nisLDAPcommentChar user_attr : ''
nisLDAPcommentChar bootparams : ''
" >> $MAP_FILE
# Need to handle passwd.adjunct.byname map for multiple domain.
then
# Just put the syntax in comment form
else
# Find the domains in which this map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
else
# Not every domain has this map. So, list for the ones which do.
do
done
fi
fi
# passwd.adjunct.byname done
# Need to handle group.adjunct.byname map for multiple domain.
then
# Just put the syntax in comment form
else
# Find the domains in which this map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
else
# Not every domain has this map. So, list for the ones which do.
do
done
fi
fi
# group.adjunct.byname done
# Ask user for comment char for custom maps
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
#
# Generate secure flag entries
#
{
echo "\
# Specify YP_SECURE flags
" >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && echo "\
# If a map is secure, then it needs to be mentioned here
# in the following format :
# nisLDAPmapFlags mapname : s
">> $MAP_FILE
# Need to handle passwd.adjunct.byname map for multiple domain.
then
# Just put the syntax in comment form
else
# Find the domains in which this map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
else
# Not every domain has this map. So, list for the ones which do.
do
done
fi
fi
# Need to handle group.adjunct.byname map for multiple domain.
then
# Just put the syntax in comment form
else
# Find the domains in which this map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
else
# Not every domain has this map. So, list for the ones which do.
do
done
fi
fi
while :
do
"n" "secure_flag_on_help"
if [ $? -eq 0 ]; then
return 0
else
get_ans "Enter the MAP name :"
echo " Error : BLANK map name not allowed; try again"
continue
fi
# Check if the supplied map name exists, and if yes, then
# set the PRESENT attributes for further processing
case $PRESENT_COUNT in
0 ) echo " Error : $MAP not found in any domain; try again"
;;
1 ) # The map exists in only one domain.
;;
* ) # The map exists in multiple domain. Ask if this flag needs
# to be set for all domains, or some specific ones.
echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
"y" "secure_flag_all_domains_help"
if [ $? -eq 1 ]; then
else
do
get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?"
if [ $? -eq 1 ]; then
fi
done
fi
;;
esac
fi
done
}
#
# Generate interdomain flag entries
#
{
INTERDOMAIN_MAP_LIST="ipnodes
multiipnodes
hosts
multihosts
#
# Simple function to avoid duplication of code
#
{
do
done
}
echo "
# Specify YP_INTERDOMAIN flags
" >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && echo "\
# It is used to indicate NIS servers to use the domain name resolver for
# host name and address lookups for hosts not found in the maps.
# If set, it adds YP_INTERDOMAIN entries in these maps when converting
# data from LDAP to YP. It needs to be set in the following format :
# nisLDAPmapFlags mapname : b
" >> $MAP_FILE
# List one set of entries in commented form anyway as it might help
# user understand what it means.
echo "\
# set for following maps :\
" >> $MAP_FILE
do
done
# Put a blank line for indentation purpose
echo >> $MAP_FILE
"n" "interdomain_flag_on_help"
if [ $? -eq 1 ]; then
if [ $N2L_DMN_CNT -gt 1 ]; then
"y" "interdomain_flag_all_domains_help"
if [ $? -eq 1 ]; then
else
for _DMN in ${N2L_DMN_LIST[*]}
do
get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?"
if [ $? -eq 1 ]; then
do
done
fi
done
fi
else
fi
fi
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
return 0
}
#
# List SECURE and INTERDOMAIN flags
#
{
}
#
# Print one Map TTL entry in mapping file using supplied TTL.
#
{
_Map=$1
_iTtlLo=$2
_iTtlHi=$3
_runTtl=$4
echo "\
nisLDAPentryTtl ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\
" >> $MAP_FILE
return 0
}
#
# Print all the maps TTL entries of same TTL
# values using the supplied TTL triplet.
#
{
_iTTLlo=$1
_iTTLhi=$2
_runTTL=$3
for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
${ALL_DMN_AUTO_CUST_MAPS[*]}
do
then
else
# adjunct maps might not exist in all the domains.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
else
do
_STR="${_MAP},${_DMN_}"
done
fi
fi
done
return 0
}
#
# Read the initialTTLlo. Set the value in global variable.
#
{
"$DEF_iTTLlo" "initialTTLlo_help"
}
#
# Read the initialTTLhi. Set the value in global variable.
#
{
"$DEF_iTTLhi" "initialTTLhi_help"
}
#
# Read the initialTTLhi. Set the value in global variable.
#
{
"$DEF_runTTL" "runningTTL_help"
}
#
# Read one TTL triplet. Set the result in global variables.
#
{
# Just call the individual functions for each TTL.
echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}"
return 0
}
#
# Takes MAP name (with or without domain name) as argument, asks
# user for TTL values, and appends the entry in the mapping file.
#
{
_Map_="$1"
get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \
"y" "default_different_ttl_help"
if [ $? -eq 1 ]; then
else
echo "Reading TTL values for $_Map_ :"
fi
return 0
}
#
# Read only one TTL triplet for each existing MAP without asking
# different values for each domain and update the mapping file.
#
{
# Need to read only one TTL triplet for each existing MAP.
for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
${ALL_DMN_AUTO_CUST_MAPS[*]}
do
then
else
# adjunct maps might not exist in all the domains.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
else
do
_STR="${_MAP},${_DMN_}"
done
fi
fi
done
return 0
}
#
# Read TTL triplet for each default MAP (in database ID form) while
# taking care of multiple domains issue and update the mapping file.
#
{
for _MAP_ in ${DEF_TTL_MAPLIST}
do
then
for _DMN_ in ${N2L_DMN_LIST[*]}
do
_STR_="${_MAP_},${_DMN_}"
# Now process each combination one at a time.
done
else
# List only those domains in which adjunct.byname exists.
do
_STR_="${_MAP_},${_DMN_}"
done
fi
done
return 0
}
#
# Read TTL triplet for each existing custom MAP while taking
# care of multiple domains issue and update the mapping file.
#
{
for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
if [ $PRESENT_COUNT -eq 1 ]; then
# This map exists in only one domain.
# So, no need to ask for multiple domains.
else
# Handle multiple domains.
echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS"
"y" "same_ttl_across_domains_help"
if [ $? -eq 1 ]; then
# Need to read only one TTL triplet for this MAP.
else
# Need to ask for each domain
do
_STR="${_MAP_},${_DMN_}"
# Now process each combination one at a time.
done
fi
fi
done
return 0
}
#
# List the TTL values for various MAPs
#
{
echo "\
# Associate TTLs with NIS entries derived from LDAP
" >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && echo "\
# Each map has three TTL values which are specified in seconds.
# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial
# TTL (in seconds) for data read from disk when the ypserv starts.
#
# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL.
#
# 3. runningTTL (default $DEF_runTTL sec) The TTL (in seconds) for data
# retrieved from LDAP while the ypserv is running.
#
# If any value is not specified, then default value is used.
# The format of TTL entry is :
# nisLDAPentryTtl MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL
" >> $MAP_FILE
# If no maps are present, just return.
[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0
echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}"
"n" "default_ttl_help"
if [ $? -eq 0 ]; then
# Default values accepted for all the maps.
# So, just print all the maps with default TTL values.
else
echo "You would be allowed to enter the new TTL values."
"y" "non_default_same_ttl_help"
if [ $? -eq 1 ]; then
# Need to read only one TTL triplet.
# Print all the maps with new TTL triplet.
# read one ttl triplet
echo "Enter the new TTL values :"
else
if [ $N2L_DMN_CNT -eq 1 ]; then
# TTL values are different now. But we haev only one domain.
# So, no need to worry about multiple domains. Need to read
# only one TTL triplet for each existing MAP.
else
# TTL values are different now. And we have multiple domains
# too. Check if MAPS are going to have same TTL across domains.
# This is just to avoid asking too many TTL triplet inputs
echo "You would be allowed to enter different TTL values for each map."
get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
"y" "non_default_different_ttl_help"
if [ $? -eq 1 ]; then
# Need to read only one TTL triplet for each existing MAP.
else
# We have hit the worst case scenario. TTLs could be
# different per map and per domain.
fi
fi
fi
fi
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
return 0
}
#
# The custom maps for which we do not have enough
# information to be able to generate specific entries,
# we just log the message that the user needs to take
# care of those entries manually.
#
{
if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then
echo "
# Similar entries need to be created
# for following custom maps too :\
" >> $MAP_FILE
for _MAP in ${ALL_DMN_CUST_MAPS[*]}
do
done
fi
}
{
echo '
# Associate names with fields in the maps. Must be same for all domains.
nisLDAPnameFields audit_user: \
("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags)
nisLDAPnameFields auto.home: \
("%s",value)
nisLDAPnameFields auto.master: \
("%s",value)
nisLDAPnameFields auth_attr: \
("%s:%s:%s:%s:%s:%s", \
name, res1, res2, short_desc, long_desc, attrs )
nisLDAPnameFields bootparams: \
("%s", params)
nisLDAPnameFields ethers: \
("%s %s", addr, name)
nisLDAPnameFields exec_attr: \
("%s:%s:%s:%s:%s:%s:%s", \
name, policy, type, res1, res2, id, attrs)
nisLDAPnameFields group: \
("%s:%s:%s:%s", name, passwd, gid, users)
' >> $MAP_FILE
# Need to handle group.adjunct.byname map for multiple domain.
then
# Just put the syntax in comment form
echo '#nisLDAPnameFields group.adjunct.byname: \
# ("%s:%s", name, passwd)
' >> $MAP_FILE
else
# Find the domains in which this map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo 'nisLDAPnameFields group.adjunct.byname: \
("%s:%s", name, passwd)
' >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
do
echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\
(\"%s:%s\", name, passwd)
" >> $MAP_FILE
done
fi
fi
echo 'nisLDAPnameFields keys.host: \
("%s:%s", publicKey ,secretKey)
nisLDAPnameFields keys.pass: \
("%s:%s", publicKey ,secretKey)
nisLDAPnameFields keys.nobody: \
("%s:%s", publicKey ,secretKey)
nisLDAPnameFields hosts: \
("%a %s %s", addr, canonicalName, aliases)
nisLDAPnameFields multihosts: \
("%a %s %s", addr, canonicalName, aliases)
nisLDAPnameFields ipnodes: \
("%a %s %s", addr, canonicalName, aliases)
nisLDAPnameFields multiipnodes: \
("%a %s %s", addr, canonicalName, aliases)
nisLDAPnameFields mail.aliases: \
("%s", addresses)
nisLDAPnameFields mail.mapping: \
("%s", address)
# memberTriples is split into sub-fields by a latter nisLDAPsplitField
# attribute.
nisLDAPnameFields netgroup: \
("%s", memberTriples)
nisLDAPnameFields netid.host: \
("%s:%s", number, data)
nisLDAPnameFields netid.pass: \
("%s:%s", number, data)
nisLDAPnameFields netmasks.byaddr: \
("%a", mask)
nisLDAPnameFields networks: \
("%s %s %s", name, number, aliases)
nisLDAPnameFields project: \
("%s:%s:%s:%s:%s:%s", \
name, projID, comment, users, groups, attrs)
nisLDAPnameFields protocols: \
("%s %s %s", name, number, aliases)
nisLDAPnameFields rpc.bynumber: \
("%s %s %s", name, number, aliases)
nisLDAPnameFields passwd: \
("%s:%s:%s:%s:%s:%s:%s", \
name, passwd, uid, gid, gecos, home, shell)
# It is not obvious what the fields in passwd.adjunct are for. They are not
# the same as the shadow map. The following is based on information in:-
#
#
# This file implies that these are documented in getpwaent(3) but this man page
# does not seem to exist.
#
# now contained in audit_user(4) so is now unused.
#
' >> $MAP_FILE
# Need to handle passwd.adjunct.byname map for multiple domain.
then
# Just put the syntax in comment form
echo '#nisLDAPnameFields passwd.adjunct.byname: \
# ("%s:%s:%s:%s:%s:%s:%s", \
# name, passwd, min, max, def, always, \
# never)
' >> $MAP_FILE
else
# Find the domains in which this map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo 'nisLDAPnameFields passwd.adjunct.byname: \
("%s:%s:%s:%s:%s:%s:%s", \
name, passwd, min, max, def, always, \
never)
' >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
do
echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\
(\"%s:%s:%s:%s:%s:%s:%s\", \\
name, passwd, min, max, def, always, \\
never)
" >> $MAP_FILE
done
fi
fi
echo '
nisLDAPnameFields printers.conf.byname: \
("%s:%s", names, values)
nisLDAPnameFields prof_attr: \
("%s:%s:%s:%s:%s", \
name, res1, res2, desc, attrs)
nisLDAPnameFields services: \
("%s %s/%s %s", name, port, protocol, aliases)
# This map is never created but yppasswd uses the mapping to extract password
# ageing information from the DIT. The password itself is not required by this
# mechanism so is not included in the ageing mapping.
nisLDAPnameFields ageing.byname: \
("%s:%s:%s:%s:%s:%s:%s:%s", \
name, lastchg, min, max, warn, inactive, \
expire, flag)
nisLDAPnameFields timezone.byname: \
("%s %s", zoneName, hostName)
nisLDAPnameFields user_attr: \
("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs)
' >> $MAP_FILE
}
#
# List namefields for non-default auto maps and custom maps.
#
{
for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
do
echo "\
nisLDAPnameFields ${_MAP}: \\
(\"%s\",value)
" >> $MAP_FILE
done
}
{
# Put format information of "nisLDAPnameFields"
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# "nisLDAPnameFields" specifies the content of entries in a NIS map
# and how they should be broken into named fields. It is required as,
# unlike NIS+, NIS maps do not store information in named fields.
#
# Following is the syntax for nisLDAPnameFields :
#
# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
# fieldName = nameOrArrayName[","...]
# matchspec = \" formatString \"
' >> $MAP_FILE
# List the default nameField values
# List the underlying assumption
echo "\
# With the assumption that all the custom maps are simple, single
# map (single key-value pair type), below is the nisLDAPnameFields
# information for all the custom and non-default auto.* maps. If
# this assumption is not valid, then refer to the NISLDAPmapping
# man page for information on how to customize this section.
" >> $MAP_FILE
# List namefields for non-default auto maps and custom maps.
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
return 0
}
#
# List repeated field seperators
#
{
[ CUST_CMT_NEEDED -eq 1 ] && echo "
# nisLDAPrepeatedFieldSeparators : It is a character which separates
# the repeatable instnaces of splitable fields. It's format is :
#
# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\"
# sepChar = A separator character.
# Default value is space or tab.
" >> $MAP_FILE
echo "\
#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\"
" >> $MAP_FILE
}
#
# List split fields
#
{
# List the default split fields
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# nisLDAPsplitFields : It defines how a field, or list of fields,
# named by nisLDAPnameFields is split into sub fields. The original
# field is compared with each line of this attribute until one matches.
# When a match is found named sub-fields are generated. In latter
# operations sub-field names can be used in the same way as other
# field names. The format of nisLDAPsplitFields is :
#
# "nisLDAPsplitFields" fieldName ":" splitSpec[","...]
# splitSpec = "(" matchspec "," subFieldNames ")"
# fieldName = Name of a field from nisLDAPnameFields
# subFieldNames = subFieldname[","...]
# matchspec = \" formatString \"
' >> $MAP_FILE
echo '
nisLDAPsplitField memberTriples: \
("(%s,%s,%s)", host, user, domain), \
("%s", group)
' >> $MAP_FILE
}
#
# List split fields and repeated field separators.
#
{
echo "\
# Specify how to break fields up into sub fields.
" >> $MAP_FILE
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
{
echo '
# Associate maps with RDNs and object classes. Base DN comes from the
# nisLDAPdomainContext.
#
# As supplied this file gives only the most derived objectClass for each map.
# For some servers it may be necessary to add "objectClass=" statements for
# all the superclasses. This should be done here.
nisLDAPobjectDN auto.home: \
automountmapname=auto_home,?one? \
objectClass=automount:
nisLDAPobjectDN auto.master: \
automountmapname=auto_master,?one? \
objectClass=automount:
nisLDAPobjectDN auth_attr: \
ou=SolarisAuthAttr,?one? \
objectClass=SolarisAuthAttr:
nisLDAPobjectDN bootparams: \
ou=ethers,?one? \
objectClass=bootableDevice, \
bootParameter=*:\
ou=ethers,?one? \
objectClass=device, \
objectClass=bootableDevice
nisLDAPobjectDN exec_attr:\
ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
SolarisKernelSecurityPolicy=*:\
ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
objectClass=SolarisProfAttr,\
objectClass=top
nisLDAPobjectDN ethers: \
ou=ethers,?one? \
objectClass=ieee802Device, \
macAddress=*:\
ou=ethers,?one? \
objectClass=device, \
objectClass=ieee802Device
nisLDAPobjectDN group: \
ou=group,?one? \
objectClass=posixGroup:
' >> $MAP_FILE
# Need to handle group.adjunct.byname map for multiple domain.
then
# Just put the syntax in comment form
echo '#nisLDAPobjectDN group.adjunct.byname: \
# ou=group,?one? \
# objectClass=posixGroup:
' >> $MAP_FILE
else
# Find the domains in which this map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo 'nisLDAPobjectDN group.adjunct.byname: \
ou=group,?one? \
objectClass=posixGroup:
' >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
do
echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\
ou=group,?one? \\
objectClass=posixGroup:
" >> $MAP_FILE
done
fi
fi
echo 'nisLDAPobjectDN hosts: \
ou=hosts,?one? \
objectClass=ipHost:\
ou=hosts,?one? \
objectClass=device, \
objectClass=ipHost
nisLDAPobjectDN multihosts: \
ou=hosts,?one? \
objectClass=ipHost, \
ipHostNumber=*.*
nisLDAPobjectDN ipnodes: \
ou=hosts,?one? \
objectClass=ipHost:\
ou=hosts,?one? \
objectClass=device, \
objectClass=ipHost
nisLDAPobjectDN multiipnodes: \
ou=hosts,?one? \
objectClass=ipHost, \
ipHostNumber=*\:*
nisLDAPobjectDN mail.aliases: \
ou=aliases,?one? \
objectClass=mailGroup:
nisLDAPobjectDN mail.mapping: \
ou=aliases,?one? \
objectClass=mailGroup
nisLDAPobjectDN netgroup: \
ou=netgroup,?one? \
objectClass=nisNetgroup:
nisLDAPobjectDN networks: \
ou=networks,?one? \
objectClass=ipNetwork, \
cn=*:
# Must come after networks (or equivalent) that creates ipNetworks
nisLDAPobjectDN netmasks.byaddr: \
ou=networks,?one? \
objectClass=ipNetwork, \
ipNetMaskNumber=*:
nisLDAPobjectDN passwd: \
ou=people,?one? \
objectClass=posixAccount:\
ou=people,?one? \
objectClass=account, \
objectClass=shadowAccount, \
objectClass=posixAccount
' >> $MAP_FILE
# Need to handle passwd.adjunct.byname map for multiple domain.
then
# Just put the syntax in comment form
echo '#nisLDAPobjectDN passwd.adjunct.byname: \
# ou=people,?one? \
# objectClass=posixAccount:\
# ou=people,?one? \
# objectClass=account, \
# objectClass=shadowAccount, \
# objectClass=posixAccount
' >> $MAP_FILE
else
# Find the domains in which this map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo 'nisLDAPobjectDN passwd.adjunct.byname: \
ou=people,?one? \
objectClass=posixAccount:\
ou=people,?one? \
objectClass=account, \
objectClass=shadowAccount, \
objectClass=posixAccount
' >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
do
echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\
ou=people,?one? \\
objectClass=posixAccount:\\
ou=people,?one? \\
objectClass=account, \\
objectClass=shadowAccount, \\
objectClass=posixAccount
" >> $MAP_FILE
done
fi
fi
echo '# Must follow passwd
nisLDAPobjectDN netid.pass: \
ou=people,?one? \
objectClass=posixAccount
# Must follow hosts
nisLDAPobjectDN netid.host: \
ou=hosts,?one? \
objectClass=ipHost
nisLDAPobjectDN printers.conf.byname: \
ou=printers,?one? \
objectClass=printerService:\
ou=printers,?one? \
objectClass=sunPrinter, \
objectClass=printerService, \
objectClass=printerLPR, \
objectClass=printerAbstract
nisLDAPobjectDN prof_attr:\
ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
SolarisAttrLongDesc=*:\
ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
objectClass=SolarisExecAttr,\
objectClass=top
nisLDAPobjectDN project: \
ou=project,?one? \
objectClass=SolarisProject:
nisLDAPobjectDN protocols: \
ou=protocols,?one? \
objectClass=ipProtocol:
nisLDAPobjectDN rpc.bynumber: \
ou=rpc,?one? \
objectClass=oncRpc:
nisLDAPobjectDN services.byname: \
ou=services,?one? \
objectClass=ipService:
# Hence, write-disabled for services.byservicename
nisLDAPobjectDN services.byservicename: \
ou=services,?one? \
objectClass=ipService
# This map is never created but yppasswd uses the mapping to extract password
# aging information from the DIT.
nisLDAPobjectDN ageing.byname: \
ou=people,?one? \
objectClass=shadowAccount:
# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap
nisLDAPobjectDN timezone.byname: \
ou=Timezone,?one? \
objectClass=nisplusTimeZoneData:
nisLDAPobjectDN user_attr: \
ou=people,?one? \
objectClass=SolarisUserAttr:
# Must come after passwd (or equivalent) that creates posixAccounts
nisLDAPobjectDN audit_user: \
ou=people,?one? \
objectClass=SolarisAuditUser:
# Must come after hosts + passwd.
nisLDAPobjectDN keys.host: \
ou=hosts,?one? \
objectClass=NisKeyObject:
nisLDAPobjectDN keys.pass: \
ou=people,?one? \
objectClass=NisKeyObject:
nisLDAPobjectDN keys.nobody: \
ou=people,?one? \
objectClass=NisKeyObject:\
ou=people,?one? \
objectClass=account, \
objectClass=NisKeyObject
nisLDAPobjectDN ypservers: \
ou=ypservers,?one? \
objectClass=device:
' >> $MAP_FILE
}
# List all the non-default auto.* and custom maps.
{
# auto.* entries are easy.
if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
# We need to find one container for each auto.* map.
# Assume that each auto.* maps's container is auto_*.
echo "\
nisLDAPobjectDN ${_MAP}: \\
automountmapname=${_MAP_UNDERSCORE},?one? \\
objectClass=automount:
" >> $MAP_FILE
done
fi
# Since we do not have enough information to generate
# entries for other custom maps, best we can do is to
# log this map names and ask user to take care of them.
}
#
# List association of maps with RDNs and object classes.
#
{
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# nisLDAPobjectDN : It specifies the connection between group of NIS
# of the NIS maps. When NIS maps are bulk copied to or from the DIT
# they are processed in the same order as related nisLDAPobjectDN
# attributes appear in /var/yp/NISLDAPmapping.
# The format of "nisLDAPobjectDN" is :
#
# mapName[" "...] ":" objectDN *( ";" objectDN )
#
# where:
#
# objectDN = readObjectSpec [":"[writeObjectSpec]]
# readObjectSpec = [baseAndScope [filterAttrValList]]
# writeObjectSpec = [baseAndScope [attrValList]]
# baseAndScope = [baseDN] ["?" [scope]]
# filterAttrValList = ["?" [filter | attrValList]]]
# scope = "base" | "one" | "sub"
# attrValList = attribute "=" value
# *("," attribute "=" value)
' >> $MAP_FILE
# List all the default entries anyway.
# List all the non-default auto.* and custom maps.
}
#
# List all the default nisLDAPattributeFromField entries
#
{
echo '
# Describe how named fields are mapped to DIT entries.
# audit_user
nisLDAPattributeFromField audit_user: \
dn=("uid=%s,", rf_key ), \
SolarisAuditAlways=alwaysAuditFlags, \
SolarisAuditNever=neverAuditFlags
nisLDAPattributeFromField auto.home: \
dn=("automountKey=%s,", rf_key ), \
automountKey=rf_key, \
automountInformation=value
nisLDAPattributeFromField auto.master: \
dn=("automountKey=%s,", rf_key ), \
automountKey=rf_key, \
automountInformation=value
# auth_attr
nisLDAPattributeFromField auth_attr: \
dn=("cn=%s,", rf_key ), \
cn=name, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrShortDesc=short_desc, \
SolarisAttrLongDesc=long_desc, \
SolarisAttrKeyValue=attrs
# exec_attr. Because of the messy NIS keys special handling is required here
nisLDAPattributeFromField exec_attr: \
dn=("cn=%s+SolarisKernelSecurityPolicy=%s\
+SolarisProfileType=%s+SolarisProfileID=%s,", \
name, policy,type,id), \
("%s:*", cn)=rf_key, \
("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \
("*:*:%s", SolarisProfileId)=rf_key, \
solarisProfileType=type, \
solarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
solarisAttrKeyValue=attrs
# ethers
nisLDAPattributeFromField ethers.byname: \
dn=("cn=%s,", rf_key ), \
macAddress=addr
nisLDAPattributeFromField ethers.byaddr: \
dn=("cn=%s,", name ), \
macAddress=rf_key
nisLDAPattributeFromField ethers: \
cn=name, \
description=rf_comment
# bootparams. Must be done after ethers
nisLDAPattributeFromField bootparams: \
dn=("cn=%s,", rf_key ), \
cn=rf_key, \
(bootParameter)=(params, " ")
' >> $MAP_FILE
# group syntax is different when group.adjunct map is present.
# So, need to handle the various possibilities
then
# Just put the group.adjunct syntax in comment form
echo '# group
nisLDAPattributeFromField group.byname: \
dn=("cn=%s,", rf_key ), \
gidNumber=gid
nisLDAPattributeFromField group.bygid: \
dn=("cn=%s,", name ), \
gidNumber=rf_key
nisLDAPattributeFromField group: \
cn=name, \
userPassword=("{crypt}%s",passwd), \
(memberUid)=(users, ",")
#
# If you are using group.adjunct, comment the group section above
# and uncomment the following group and group.adjunct sections
#
# group
#nisLDAPattributeFromField group.byname: \
# dn=("cn=%s,", rf_key ), \
# gidNumber=gid
#nisLDAPattributeFromField group.bygid: \
# dn=("cn=%s,", name ), \
# gidNumber=rf_key
#nisLDAPattributeFromField group: \
# cn=name, \
# (memberUid)=(users, ",")
#nisLDAPattributeFromField group.adjunct.byname: \
# dn=("cn=%s,", rf_key ), \
# cn=name, \
# userPassword=("{crypt}%s",passwd)
' >> $MAP_FILE
else
# Find the domains in which group.adjunct map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# All the domains have group.adjunct map.
echo '# group
#nisLDAPattributeFromField group.byname: \
# dn=("cn=%s,", rf_key ), \
# gidNumber=gid
#nisLDAPattributeFromField group.bygid: \
# dn=("cn=%s,", name ), \
# gidNumber=rf_key
#nisLDAPattributeFromField group: \
# cn=name, \
# userPassword=("{crypt}%s",passwd), \
# (memberUid)=(users, ",")
# If you are not using group.adjunct, uncomment the group section above
# and comment the following group and group.adjunct sections
#
# group
nisLDAPattributeFromField group.byname: \
dn=("cn=%s,", rf_key ), \
gidNumber=gid
nisLDAPattributeFromField group.bygid: \
dn=("cn=%s,", name ), \
gidNumber=rf_key
nisLDAPattributeFromField group: \
cn=name, \
(memberUid)=(users, ",")
nisLDAPattributeFromField group.adjunct.byname: \
dn=("cn=%s,", rf_key ), \
cn=name, \
userPassword=("{crypt}%s",passwd)
' >> $MAP_FILE
else
# Not every domain has group.adjunct map.
# First put the password syntax with domain name for domains
# in which group.adjunct exists.
do
echo "\
# domain-specific group
nisLDAPattributeFromField group.byname,${_DMN}: \\
dn=(\"cn=%s,\", rf_key ), \\
gidNumber=gid
nisLDAPattributeFromField group.bygid,${_DMN}: \\
dn=(\"cn=%s,\", name ), \\
gidNumber=rf_key
nisLDAPattributeFromField group,${_DMN}: \\
cn=name, \\
(memberUid)=(users, \",\")
" >> $MAP_FILE
done
# Now put the other group syntax. We do not need to
# append the domain name here.
echo '
nisLDAPattributeFromField group.byname: \
dn=("cn=%s,", rf_key ), \
gidNumber=gid
nisLDAPattributeFromField group.bygid: \
dn=("cn=%s,", name ), \
gidNumber=rf_key
nisLDAPattributeFromField group: \
cn=name, \
userPassword=("{crypt}%s",passwd), \
(memberUid)=(users, ",")
' >> $MAP_FILE
# Now we need to put the group.adjunct syntax for domains
# in which this map exists.
do
echo "\
nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\
dn=(\"cn=%s,\", rf_key ), \\
cn=name, \\
userPassword=(\"{crypt}%s\",passwd)
" >> $MAP_FILE
done
fi
fi
echo '
# hosts
# Cannot forward map hosts.byname key as the YP_MULTI entries will not work.
nisLDAPattributeFromField hosts.byname: \
cn=rf_searchkey
nisLDAPattributeFromField hosts.byaddr: \
ipHostNumber=rf_searchipkey
nisLDAPattributeFromField hosts: \
ipHostNumber=addr, \
dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
cn=canonicalName, \
(cn)=(aliases, " "), \
description=rf_comment
nisLDAPattributeFromField multihosts: \
("YP_MULTI_%s", cn)=rf_searchkey
# ipnodes
# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work.
nisLDAPattributeFromField ipnodes.byname: \
cn=rf_searchkey
nisLDAPattributeFromField ipnodes.byaddr: \
ipHostNumber=rf_searchipkey
nisLDAPattributeFromField ipnodes: \
ipHostNumber=addr, \
dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
cn=canonicalName, \
(cn)=(aliases, " "), \
description=rf_comment
nisLDAPattributeFromField multiipnodes: \
("YP_MULTI_%s", cn)=rf_searchkey
nisLDAPattributeFromField mail.aliases: \
dn=("mail=%s,", rf_key), \
mail=rf_key, \
(mgrprfc822mailmember)=(addresses, ",")
#Commented out because all NIS->LDAP mappings are done by mail.aliases
#nisLDAPattributeFromField mail.mapping: \
# dn=("mail=%s,", address), \
# mail=address, \
# mgrprfc822mailmember=rf_key
nisLDAPattributeFromField mail.mapping: \
mgrprfc822mailmember=rf_searchkey
# netgroup.
#
# Only need to create DIT entries for netgroup. This contains a superset of
# the information in netgroup.byhost and netgroup.byuser
nisLDAPattributeFromField netgroup: \
dn=("cn=%s,", rf_key ), \
(memberNisNetgroup)=group, \
(nisNetgroupTriple)= \
("(%s,%s,%s)", host, user, domain), \
cn=rf_key, \
description=rf_comment
#
# supported, all NIS->LDAP mappings are set up from passwd.
#nisLDAPattributeFromField netid.pass: \
# ("unix.%s@*", uidNumber)=rf_key, \
# (gidNumber)=("%s", (data), " "), \
# description=rf_comment
nisLDAPattributeFromField netid.pass: \
("unix.%s@*", uidNumber)=rf_searchkey
#
# supported, all NIS->LDAP mappings are set up from hosts.
#nisLDAPattributeFromField netid.host: \
# dn=("cn=%s+ipHostNumber=%s,", data, \
# ldap:ipHostNumber:?one?("cn=%s", data)), \
# ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \
# ("unix.%s@*", cn)=rf_key, \
# description=rf_comment
nisLDAPattributeFromField netid.host: \
("unix.%s@*", cn)=rf_searchkey
nisLDAPattributeFromField netmasks.byaddr: \
dn=("ipNetworkNumber=%s,", rf_ipkey ), \
ipNetworkNumber=rf_ipkey, \
ipNetmaskNumber=mask, \
description=rf_comment
# networks.
nisLDAPattributeFromField networks.byname: \
dn=("ipNetworkNumber=%s,", number ), \
cn=name, \
cn=rf_key
nisLDAPattributeFromField networks.byaddr: \
dn=("ipNetworkNumber=%s,", rf_key ), \
cn=name
nisLDAPattributeFromField networks: \
(cn)=(aliases, " "), \
ipNetworkNumber=number, \
description=rf_comment
' >> $MAP_FILE
# passwd syntax is different when passwd.adjunct map is present.
# So, need to handle the various possibilities
then
# Just put the passwd.adjunct syntax in comment form
echo '# passwd
nisLDAPattributeFromField passwd.byname: \
dn=("uid=%s,", rf_key ), \
uid=rf_key, \
uidNumber=uid
nisLDAPattributeFromField passwd.byuid: \
dn=("uid=%s,", name ), \
uidNumber=rf_key, \
uid=name
nisLDAPattributeFromField passwd: \
cn=name, \
userPassword=("{crypt}%s",passwd), \
gidNumber=gid, \
gecos=gecos, \
homeDirectory=home, \
loginShell=shell
#
# If you are using passwd.adjunct, comment the passwd section above
# and uncomment the following passwd and passwd.adjunct sections
#
# passwd
#nisLDAPattributeFromField passwd.byname: \
# dn=("uid=%s,", rf_key ), \
# uid=rf_key, \
# uidNumber=uid
#nisLDAPattributeFromField passwd.byuid: \
# dn=("uid=%s,", name ), \
# uidNumber=rf_key, \
# uid=name
#nisLDAPattributeFromField passwd: \
# cn=name, \
# gidNumber=gid, \
# gecos=gecos, \
# homeDirectory=home, \
# loginShell=shell
#nisLDAPattributeFromField passwd.adjunct.byname: \
# dn=("uid=%s,", rf_key ), \
# uid=name, \
# userPassword=("{crypt}%s",passwd)
' >> $MAP_FILE
else
# Find the domains in which passwd.adjunct map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# All the domains have passwd.adjunct map. So, put the right
# passwd syntax and comment-in the passwd.adjunct syntax.
echo '# passwd
#nisLDAPattributeFromField passwd.byname: \
# dn=("uid=%s,", rf_key ), \
# uid=rf_key, \
# uidNumber=uid
#nisLDAPattributeFromField passwd.byuid: \
# dn=("uid=%s,", name ), \
# uidNumber=rf_key, \
# uid=name
#nisLDAPattributeFromField passwd: \
# cn=name, \
# userPassword=("{crypt}%s",passwd), \
# gidNumber=gid, \
# gecos=gecos, \
# homeDirectory=home, \
# loginShell=shell
# If you are not using passwd.adjunct, uncomment the passwd section above
# and comment the following passwd and passwd.adjunct sections
#
# passwd
nisLDAPattributeFromField passwd.byname: \
dn=("uid=%s,", rf_key ), \
uid=rf_key, \
uidNumber=uid
nisLDAPattributeFromField passwd.byuid: \
dn=("uid=%s,", name ), \
uidNumber=rf_key, \
uid=name
nisLDAPattributeFromField passwd: \
cn=name, \
gidNumber=gid, \
gecos=gecos, \
homeDirectory=home, \
loginShell=shell
nisLDAPattributeFromField passwd.adjunct.byname: \
dn=("uid=%s,", rf_key ), \
uid=name, \
userPassword=("{crypt}%s",passwd)
' >> $MAP_FILE
else
# Not every domain has passwd.adjunct map.
# First put the password syntax with domain name for domains
# in which passwd.adjunct exists.
do
echo "\
nisLDAPattributeFromField passwd.byname,${_DMN}: \\
dn=(\"uid=%s,\", rf_key ), \\
uid=rf_key, \\
uidNumber=uid
nisLDAPattributeFromField passwd.byuid,${_DMN}: \\
dn=(\"uid=%s,\", name ), \\
uidNumber=rf_key, \\
uid=name
nisLDAPattributeFromField passwd,${_DMN}: \\
cn=name, \\
gidNumber=gid, \\
gecos=gecos, \\
homeDirectory=home, \\
loginShell=shell
" >> $MAP_FILE
done
# Now put the other passwd syntax. We do not need to
# append the domain name here.
echo '
nisLDAPattributeFromField passwd.byname: \
dn=("uid=%s,", rf_key ), \
uid=rf_key, \
uidNumber=uid
nisLDAPattributeFromField passwd.byuid: \
dn=("uid=%s,", name ), \
uidNumber=rf_key, \
uid=name
nisLDAPattributeFromField passwd: \
cn=name, \
userPassword=("{crypt}%s",passwd), \
gidNumber=gid, \
gecos=gecos, \
homeDirectory=home, \
loginShell=shell
' >> $MAP_FILE
# Now we need to put the passwd.adjunct syntax for domains
# in which this map exists.
do
echo "\
nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\
dn=(\"uid=%s,\", rf_key ), \\
uid=name, \\
userPassword=(\"{crypt}%s\",passwd)
" >> $MAP_FILE
done
fi
fi
echo '
# This map is never created but yppasswd uses the mapping to extract password
# aging information from the DIT.
nisLDAPattributeFromField ageing.byname: \
dn=("uid=%s,", rf_key ), \
uid=name, \
shadowLastChange=lastchg, \
shadowMin=min, \
shadowMax=max, \
shadowWarning=warn, \
shadowInactive=inactive, \
shadowExpire=expire, \
shadowFlag=flag
nisLDAPattributeFromField printers.conf.byname: \
dn=("printer-uri=%s,", rf_key ), \
printer-name=rf_key, \
(printer-aliases)=(names, "|"), \
sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \
(sun-printer-kvp)=(values,":"), \
description=rf_comment
# prof_attr
nisLDAPattributeFromField prof_attr: \
dn=("cn=%s,", rf_key ), \
cn=name, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrLongDesc=desc, \
SolarisAttrKeyValue=attrs
# project
nisLDAPattributeFromField project.byname: \
dn=("SolarisProjectName=%s,", rf_key )
nisLDAPattributeFromField project.byprojid: \
dn=("SolarisProjectName=%s,", name ), \
SolarisProjectID=rf_searchkey
nisLDAPattributeFromField project: \
SolarisProjectName=name, \
SolarisProjectID=projID, \
(memberUid)=(users, ","), \
(memberGid)=(groups, ","), \
(SolarisProjectAttr)=(attrs, ";"), \
description=comment
# protocols
nisLDAPattributeFromField protocols.byname: \
ipProtocolNumber=number, \
cn=rf_searchkey
nisLDAPattributeFromField protocols.bynumber: \
ipProtocolNumber=rf_key, \
description=rf_comment
nisLDAPattributeFromField protocols: \
dn=("cn=%s,", name ), \
(cn)=(aliases, " "), \
cn=name
nisLDAPattributeFromField rpc.bynumber: \
dn=("cn=%s,", name ), \
oncRpcNumber=rf_key, \
(cn)=(aliases, " "), \
cn=name, \
description=rf_comment
# services
# services.byservicename rule is only used to speed single search
nisLDAPattributeFromField services.byservicename: \
("%s/%s", cn, ipServiceProtocol) = rf_searchkey
nisLDAPattributeFromField services.byname: \
dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \
("*/%s", ipServiceProtocol)=rf_key, \
("%s/*", ipServicePort)=rf_key, \
(cn)=(aliases, " "), \
cn=name, \
description=rf_comment
nisLDAPattributeFromField timezone.byname: \
dn=("cn=%s,", rf_key ), \
cn=hostName, \
nisplusTimeZone=zoneName, \
description=comment
# user_attr
nisLDAPattributeFromField user_attr: \
dn=("uid=%s,", rf_key ), \
uid=rf_key, \
SolarisUserAttr=qualifier, \
SolarisUserReserved1=res1, \
SolarisUserReserved2=res2, \
SolarisAttrKeyValue=attrs
nisLDAPattributeFromField keys.host: \
dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \
nisPublicKey=publicKey, \
nisSecretKey=secretKey
nisLDAPattributeFromField keys.pass: \
dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \
nisPublicKey=publicKey, \
nisSecretKey=secretKey
nisLDAPattributeFromField keys.nobody: \
dn=("uid=%s,",yp:rf_key), \
cn=rf_key, \
nisPublicKey=publicKey, \
nisSecretKey=secretKey
# ypservers. This derived from IPlanet implementation not RFC.
nisLDAPattributeFromField ypservers: \
dn=("cn=%s,", rf_key), \
cn=rf_key
' >> $MAP_FILE
}
#
# List all the non-default auto.* and custom maps.
#
{
# auto.* entries are easy.
if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
fi
for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
echo "\
# ${_MAP}
nisLDAPattributeFromField ${_MAP}: \\
dn=(\"automountKey=%s,\", rf_key ), \\
automountKey=rf_key, \\
automountInformation=value
" >> $MAP_FILE
done
# Since we do not have enough information to generate
# entries for other custom maps, best we can do is to
# log this map names and ask user to take care of them.
}
#
# List mapping of named fields to DIT entries
#
{
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# nisLDAPattributeFromField : It specifies how an LDAP attribute
# value is derived from a NIS entries field values.
#
# The format of nisLDAPattributeFromField entry is :
# mapName ":" fieldattrspec *("," fieldattrspec )
' >> $MAP_FILE
# List all the default entries anyway.
# List all the non-default auto.* and custom maps.
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
#
# List all the default nisLDAPattributeFromField entries
#
{
echo '
# Describe how named fields are mapped from DIT entries.
# audit_user
nisLDAPfieldFromAttribute audit_user: \
("uid=%s,*", rf_key)=dn, \
("uid=%s,*", name)=dn, \
alwaysAuditFlags=SolarisAuditAlways, \
neverAuditFlags=SolarisAuditNever
nisLDAPfieldFromAttribute auto.home: \
rf_key=automountKey, \
value=automountInformation
nisLDAPfieldFromAttribute auto.master: \
rf_key=automountKey, \
value=automountInformation
# auth_attr
nisLDAPfieldFromAttribute auth_attr: \
rf_key=cn, \
name=cn, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
short_desc=SolarisAttrShortDesc, \
long_desc=SolarisAttrLongDesc, \
attrs=SolarisAttrKeyValue
# Exec_attr. Because of messy NIS keys special handlind is required here
nisLDAPfieldFromAttribute exec_attr: \
rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \
solarisProfileId), \
name=cn, \
policy=SolarisKernelSecurityPolicy, \
type=SolarisProfileType, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
id=SolarisProfileId, \
attrs=SolarisAttrKeyValue
# ethers
nisLDAPfieldFromAttribute ethers.byname: \
rf_key=cn
nisLDAPfieldFromAttribute ethers.byaddr: \
rf_key=macAddress
nisLDAPfieldFromAttribute ethers: \
name=cn, \
addr=macAddress, \
rf_comment=description
# bootparams. Must be done after ethers
nisLDAPfieldFromAttribute bootparams: \
rf_key=cn, \
params=("%s ", (bootParameter), " ")
' >> $MAP_FILE
# group syntax is different when group.adjunct map is present.
# So, need to handle the various possibilities
then
# Just put the group.adjunct syntax in comment form
echo '# group
nisLDAPfieldFromAttribute group.byname: \
rf_key=cn
nisLDAPfieldFromAttribute group.bygid: \
rf_key=gidNumber
nisLDAPfieldFromAttribute group: \
gid=gidNumber, \
name=cn, \
("{crypt}%s", passwd)=userPassword, \
users=("%s,", (memberUid), ",")
#
# If you are using group.adjunct, comment the group section above
# and uncomment the following group and group.adjunct section
#
# group
#nisLDAPfieldFromAttribute group.byname: \
# rf_key=cn
#nisLDAPfieldFromAttribute group.bygid: \
# rf_key=gidNumber
#nisLDAPfieldFromAttribute group: \
# gid=gidNumber, \
# name=cn, \
# passwd=("#$%s", cn), \
# users=("%s,", (memberUid), ",")
#nisLDAPfieldFromAttribute group.adjunct.byname: \
# rf_key=cn, \
# name=cn, \
# ("{crypt}%s", passwd)=userPassword
' >> $MAP_FILE
else
# Find the domains in which group.adjunct map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# All the domains have group.adjunct map.
echo '# group
#nisLDAPfieldFromAttribute group.byname: \
# rf_key=cn
#nisLDAPfieldFromAttribute group.bygid: \
# rf_key=gidNumber
#nisLDAPfieldFromAttribute group: \
# gid=gidNumber, \
# name=cn, \
# ("{crypt}%s", passwd)=userPassword, \
# users=("%s,", (memberUid), ",")
#
# If you are not using group.adjunct, comment the group section above
# and uncomment the following group and group.adjunct sections
#
# group
nisLDAPfieldFromAttribute group.byname: \
rf_key=cn
nisLDAPfieldFromAttribute group.bygid: \
rf_key=gidNumber
nisLDAPfieldFromAttribute group: \
gid=gidNumber, \
name=cn, \
passwd=("#$%s", cn), \
users=("%s,", (memberUid), ",")
#
nisLDAPfieldFromAttribute group.adjunct.byname: \
rf_key=cn, \
name=cn, \
("{crypt}%s", passwd)=userPassword
' >> $MAP_FILE
else
# Not every domain has group.adjunct map.
do
echo "\
nisLDAPfieldFromAttribute group.byname,${_DMN}: \\
rf_key=cn
nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\
rf_key=gidNumber
nisLDAPfieldFromAttribute group,${_DMN}: \\
gid=gidNumber, \\
name=cn, \\
passwd=(\"#$%s\", cn), \\
users=(\"%s,\", (memberUid), \",\")
" >> $MAP_FILE
done
# Now put the generic group syntax. We do not need to
# append the domain name here.
echo '
nisLDAPfieldFromAttribute group.byname: \
rf_key=cn
nisLDAPfieldFromAttribute group.bygid: \
rf_key=gidNumber
nisLDAPfieldFromAttribute group: \
gid=gidNumber, \
name=cn, \
("{crypt}%s", passwd)=userPassword, \
users=("%s,", (memberUid), ",")
' >> $MAP_FILE
# Now we need to put the group.adjunct syntax for domains
# in which this map exists.
echo "#
# " >> $MAP_FILE
do
echo "\
nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\
rf_key=cn, \\
name=cn, \\
(\"{crypt}%s\", passwd)=userPassword
" >> $MAP_FILE
done
fi
fi
echo '
# hosts
nisLDAPfieldFromAttribute hosts.byaddr: \
rf_ipkey=ipHostNumber
nisLDAPfieldFromAttribute hosts.byname: \
(rf_key)=(cn)
nisLDAPfieldFromAttribute hosts: \
("cn=%s+ipHostNumber=*", canonicalName)=dn, \
addr=ipHostNumber, \
aliases=("%s ", (cn) - yp:canonicalName, " "), \
rf_comment=description
nisLDAPfieldFromAttribute multihosts: \
("cn=%s+ipHostNumber=*", canonicalName)=dn, \
(rf_key)=("YP_MULTI_%s", cn), \
aliases=("%s ", (cn) - yp:canonicalName, " "), \
rf_comment=description, \
(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
(ipHostNumber=*.*))", yp:canonicalName)), \
addr=("%s,", (yp:tmp), ",")
# ipnodes
nisLDAPfieldFromAttribute ipnodes.byaddr: \
rf_ipkey=ipHostNumber
nisLDAPfieldFromAttribute ipnodes.byname: \
(rf_key)=(cn)
nisLDAPfieldFromAttribute ipnodes: \
("cn=%s+ipHostNumber=*", canonicalName)=dn, \
addr=ipHostNumber, \
aliases=("%s ", (cn) - yp:canonicalName, " "), \
rf_comment=description
nisLDAPfieldFromAttribute multiipnodes: \
("cn=%s+ipHostNumber=*", canonicalName)=dn, \
(rf_key)=("YP_MULTI_%s", cn), \
aliases=("%s ", (cn) - yp:canonicalName, " "), \
rf_comment=description, \
(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
(ipHostNumber=*:*))", yp:canonicalName)), \
addr=("%s,", (yp:tmp), ",")
nisLDAPfieldFromAttribute mail.aliases: \
rf_key=mail, \
addresses= ("%s,", (mgrprfc822mailmember), ","), \
rf_comment=description
nisLDAPfieldFromAttribute mail.mapping: \
rf_key=mgrprfc822mailmember, \
address=mail, \
rf_comment=description
# netgroup.
nisLDAPfieldFromAttribute netgroup: \
rf_key=cn, \
(group)=(memberNisNetgroup), \
("(%s,%s,%s)", host, user, domain)= \
(nisNetgroupTriple), \
rf_comment=description
nisLDAPfieldFromAttribute netid.pass: \
number=uidNumber, \
(tmp)=("%s", gidNumber:ou=group,?one?\
("memberUid=%s", ldap:uid)), \
sgid=("%s,", (yp:tmp) - gidNumber, ","), \
data=("%s,%s", gidNumber, yp:sgid), \
data=gidNumber, \
(rf_key)=("unix.%s@%s", yp:number, yp:rf_domain)
nisLDAPfieldFromAttribute netid.host: \
("cn=%s+ipHostNumber=*", data)=dn, \
number=("0"), \
(rf_key)=("unix.%s@%s", yp:data, yp:rf_domain)
nisLDAPfieldFromAttribute netmasks.byaddr: \
("ipNetworkNumber=%s,*", rf_ipkey)=dn, \
mask=ipNetmaskNumber, \
rf_comment=description
# networks.
nisLDAPfieldFromAttribute networks.byname: \
(rf_key)=(cn)
nisLDAPfieldFromAttribute networks.byaddr: \
("ipNetworkNumber=%s,*", rf_key)=dn
nisLDAPfieldFromAttribute networks: \
name=cn, \
aliases=("%s ", (cn) - yp:name, " "), \
number=ipNetworkNumber, \
rf_comment=description
' >> $MAP_FILE
# passwd syntax is different when passwd.adjunct map is present.
# So, need to handle the various possibilities
then
# Just put the passwd.adjunct syntax in comment form
echo '# passwd
nisLDAPfieldFromAttribute passwd.byname: \
rf_key=uid
nisLDAPfieldFromAttribute passwd.byuid: \
rf_key=uidNumber
nisLDAPfieldFromAttribute passwd: \
name=uid, \
uid=uidNumber, \
("{crypt}%s", passwd)=userPassword, \
gid=gidNumber, \
gecos=gecos, \
home=homeDirectory, \
shell=loginShell
#
# If you are using passwd.adjunct, comment the passwd section above
# and uncomment the following passwd and passwd.adjunct sections
#
# passwd
#nisLDAPfieldFromAttribute passwd.byname: \
# rf_key=uid
#nisLDAPfieldFromAttribute passwd.byuid: \
# rf_key=uidNumber
#nisLDAPfieldFromAttribute passwd: \
# name=uid, \
# uid=uidNumber, \
# passwd=("##%s", uid), \
# gid=gidNumber, \
# gecos=gecos, \
# home=homeDirectory, \
# shell=loginShell
#nisLDAPfieldFromAttribute passwd.adjunct.byname: \
# rf_key=uid, \
# name=uid, \
# ("{crypt}%s", passwd)=userPassword
' >> $MAP_FILE
else
# Find the domains in which passwd.adjunct map exists.
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# All the domains have passwd.adjunct map. So, put the right
# passwd syntax and comment-in the passwd.adjunct syntax.
echo '# passwd
#nisLDAPfieldFromAttribute passwd.byname: \
# rf_key=uid
#nisLDAPfieldFromAttribute passwd.byuid: \
# rf_key=uidNumber
#nisLDAPfieldFromAttribute passwd: \
# name=uid, \
# uid=uidNumber, \
# ("{crypt}%s", passwd)=userPassword, \
# gid=gidNumber, \
# gecos=gecos, \
# home=homeDirectory, \
# shell=loginShell
#
# If you are not using passwd.adjunct, uncomment the passwd section
# above and comment the following passwd and passwd.adjunct sections
#
# passwd
nisLDAPfieldFromAttribute passwd.byname: \
rf_key=uid
nisLDAPfieldFromAttribute passwd.byuid: \
rf_key=uidNumber
nisLDAPfieldFromAttribute passwd: \
name=uid, \
uid=uidNumber, \
passwd=("##%s", uid), \
gid=gidNumber, \
gecos=gecos, \
home=homeDirectory, \
shell=loginShell
#
# passwd.adjunct Must follow passwd
#
nisLDAPfieldFromAttribute passwd.adjunct.byname: \
rf_key=uid, \
name=uid, \
("{crypt}%s", passwd)=userPassword
' >> $MAP_FILE
else
# Not every domain has passwd.adjunct map.
# First put the password syntax with domain name for domains
# in which passwd.adjunct exists.
do
echo "\
nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\
rf_key=uid
nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\
rf_key=uidNumber
nisLDAPfieldFromAttribute passwd,${_DMN}: \\
name=uid, \\
uid=uidNumber, \\
passwd=(\"##%s\", uid), \\
gid=gidNumber, \\
gecos=gecos, \\
home=homeDirectory, \\
shell=loginShell
" >> $MAP_FILE
done
# Now put the other passwd syntax. We do not need to
# append the domain name here.
echo '
nisLDAPfieldFromAttribute passwd.byname: \
rf_key=uid
nisLDAPfieldFromAttribute passwd.byuid: \
rf_key=uidNumber
nisLDAPfieldFromAttribute passwd: \
name=uid, \
uid=uidNumber, \
("{crypt}%s", passwd)=userPassword, \
gid=gidNumber, \
gecos=gecos, \
home=homeDirectory, \
shell=loginShell
' >> $MAP_FILE
# Now we need to put the passwd.adjunct syntax for domains
# in which this map exists.
echo "#
# passwd.adjunct Must follow passwd
# " >> $MAP_FILE
do
echo "\
nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\
rf_key=uid, \\
name=uid, \\
(\"{crypt}%s\", passwd)=userPassword
" >> $MAP_FILE
done
fi
fi
echo '
# This map is never created but yppasswd uses the mapping to extract password
# ageing information from the DIT.
nisLDAPfieldFromAttribute ageing.byname: \
rf_key=uid, \
name=uid, \
lastchg=shadowLastChange, \
min=shadowMin, \
max=shadowMax, \
warn=shadowWarning, \
inactive=shadowInactive, \
expire=shadowExpire, \
flag=shadowFlag
nisLDAPfieldFromAttribute printers.conf.byname: \
rf_key=printer-uri, \
names=("%s|", (printer-aliases), "|"), \
bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \
kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \
values=("%s:%s", yp:bsdaddr, yp:kvps), \
values=("%s:", yp:bsdaddr), \
values=yp:kvps, \
rf_comment=description
# prof_attr
nisLDAPfieldFromAttribute prof_attr: \
rf_key=cn, \
name=cn, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
desc=SolarisAttrLongDesc, \
attrs=SolarisAttrKeyValue
# project
nisLDAPfieldFromAttribute project.byname: \
rf_key=SolarisProjectName
nisLDAPfieldFromAttribute project.byprojid: \
rf_key=SolarisProjectID
nisLDAPfieldFromAttribute project: \
name=SolarisProjectName, \
projID=SolarisProjectID, \
comment=description, \
users=("%s,", (memberUid), ","), \
groups=("%s,", (memberGid), ","), \
attrs=("%s;", (SolarisProjectAttr), ";")
# protocols
nisLDAPfieldFromAttribute protocols.byname: \
("cn=%s,*", rf_key)=dn, \
(rf_key)=(cn)
nisLDAPfieldFromAttribute protocols.bynumber: \
rf_key=ipProtocolNumber, \
rf_comment=description
nisLDAPfieldFromAttribute protocols: \
("cn=%s,*", name)=dn, \
number=ipProtocolNumber, \
aliases=("%s ", (cn) - yp:name, " ")
nisLDAPfieldFromAttribute rpc.bynumber: \
rf_key=oncRpcNumber, \
number=oncRpcNumber, \
("cn=%s,*", name)=dn, \
aliases=("%s ", (cn) - yp:name, " "), \
rf_comment=description
# services
nisLDAPfieldFromAttribute services.byname: \
rf_key = ("%s/%s", ipServicePort, ipServiceProtocol)
nisLDAPfieldFromAttribute services.byservicename: \
(rf_key)=("%s/%s", cn, ipServiceProtocol), \
(rf_key)=(cn)
nisLDAPfieldFromAttribute services: \
("cn=%s+ipServiceProtocol=*", name)=dn, \
protocol=ipServiceProtocol, \
port=ipServicePort, \
aliases=("%s ", (cn) - yp:name, " "), \
rf_comment=description
nisLDAPfieldFromAttribute timezone.byname: \
rf_key=cn, \
hostName=cn, \
zoneName=nisplusTimeZone, \
rf_comment=description
# user_attr
nisLDAPfieldFromAttribute user_attr: \
("uid=%s,*", rf_key)=dn, \
("uid=%s,*", user)=dn, \
qualifier=SolarisUserAttr, \
res1=SolarisUserReserved1, \
res2=SolarisUserReserved2, \
attrs=SolarisAttrKeyValue
nisLDAPfieldFromAttribute keys.host: \
("cn=%s+ipHostNumber=*", cname)=dn, \
rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \
publicKey=nisPublicKey, \
secretKey=nisSecretKey
nisLDAPfieldFromAttribute keys.pass: \
rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \
publicKey=nisPublicKey, \
secretKey=nisSecretKey
nisLDAPfieldFromAttribute keys.nobody: \
rf_key=uid, \
publicKey=nisPublicKey, \
secretKey=nisSecretKey
# ypservers. This derived from IPlanet implementation not RFC.
nisLDAPfieldFromAttribute ypservers: \
rf_key=cn
' >> $MAP_FILE
}
#
# List all the non-default auto.* and custom maps.
#
{
# auto.* entries are easy.
if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
fi
for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
echo "\
# ${_MAP}
nisLDAPfieldFromAttribute ${_MAP}: \\
rf_key=automountKey, \\
value=automountInformation
" >> $MAP_FILE
done
# Since we do not have enough information to generate
# entries for other custom maps, best we can do is to
# log this map names and ask user to take care of them.
}
#
# List mapping of named fields from DIT entries
#
{
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# nisLDAPfieldFromAttribute : It specifies how a NIS entries
# field values are derived from LDAP attribute values.
#
# The format of nisLDAPfieldFromAttribute is :
# mapName ":" fieldattrspec *("," fieldattrspec)
' >> $MAP_FILE
# List all the default entries anyway.
# List all the non-default auto.* and custom maps.
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
# Main function for creating the mapping file
{
# Ask user the list of domains to be served by N2L
# If there are no N2L domains or none selected, then exit
if [ $N2L_DMN_CNT -eq 0 ]; then
echo "There are no domains to serve. No mapping file generated."
return 1
fi
while :
do
get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;;
* ) break ;;
esac
done
# Backup existing mapping file if selected
# To prevent from leaving a partial mapping file in case some error
# or signal takes place which might result in machine starting in N2L
# mode at next reboot, store the output being generated in a temporary
# file first, and move it at the final destination only at the end if
# everything goes fine.
echo "Generating mapping file temporarily as \"${MAP_FILE}\""
# Place copyright information
# Prepare various map lists for each domain
# List domains and contexts
# List domains for which passwords should be changed
# List databaseId mappings (aliases)
# List comment character for maps
# List SECURE and INTERDOMAIN flags
# List TTL values
# List name fields
# List split fields and repeated fields seperators.
# List association of maps with RDNs and object classes.
# List mapping of named fields to DIT entries
# List mapping of named fields from DIT entries
# We are done, so move back the mapping file from temp. location
# to actual location.
# In case the mapping file name has a directory component which does
# not exist, then create it now, otherwise 'mv' will return error.
mkdir -p ${DIR_TO_CREATE}
echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)"
# Revert back the mapping file name in case needed.
echo "Finished creation of mapping file ( $MAP_FILE )"
}
#
# Main function for creating config file (ypserv)
#
{
# Ask for confirmation if the file name is not specified.
if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then
get_confirm_nodef "Do you want to create the config file (y/n) ?"
[ $? -eq 0 ] && return 0
while :
do
get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}"
# If help continue, otherwise break.
[Hh] | help | Help | \?) display_msg new_config_file_name_help ;;
* ) break ;;
esac
done
CONFIG_FILE=${ANS}
[ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE
fi
# Backup existing config file if selected
# Create config file
}
#
# Main function for creating mapping file (NISLDAPmapping)
#
{
# Ask for confirmation if the file name is not specified.
if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then
get_confirm_nodef "Do you want to create the mapping file (y/n) ?"
[ $? -eq 0 ] && return 0
fi
# Create mapping file
}
###########################################
########### MAIN ###########
###########################################
# Only superuser should be able to run this script.
if [ $? -ne 0 ]; then
echo "ERROR : Only root can run $PROG"
exit 1
fi
# Initialize things
# Parse command line arguments.
parse_arg $*
# Create config file (ypserv)
# Create mapping file (NISLDAPmapping).
# Cleanup temp files and directories unless debug.
exit 0