NIS to LDAP example

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
Line 131: Line 131:
# '''ldapmodify -a -D "cn=Directory Manager" -h ''LDAP_server_IP'' -f /tmp/auto_soft.ldif
# '''ldapmodify -a -D "cn=Directory Manager" -h ''LDAP_server_IP'' -f /tmp/auto_soft.ldif
 +
 +
=== Configure the name service switch on the LDAP client ===
 +
 +
When running ''ldapclient'' to initialize the LDAP client, ''/etc/nsswitch.conf'' is overwritten with ''/etc/nsswitch.ldap''. It is likely that ''/etc/nsswitch.conf'' will have to be modified, as it does not use DNS when looking up hostnames, and only references local files when LDAP is not available.

Revision as of 21:40, 12 December 2007

In this example, I bind a Solaris 8 NIS client to a Solaris 10 DSEE 6.2 LDAP server and convert the following NIS maps to LDAP databases:

  • passwd
  • group
  • auto_master
  • Two non-standard automount maps: auto_pra and auto_soft

Contents

Save the NIS maps as text files

Save the NIS maps as text files before binding the client to the LDAP server. As soon as you use ldapclient to bind to an LDAP server, /etc/nsswitch.ldap is copied over /etc/nsswitch.conf and your NIS client is stopped.

On the NIS client: 

$ ypcat passwd > /tmp/nis_passwd_map
$ ypcat group > /tmp/nis_group_map
$ ypcat -k auto_master > /tmp/nis_auto_master_map
$ ypcat -k auto_pra > /tmp/nis_auto_pra_map
$ ypcat -k auto_soft > /tmp/nis_auto_soft_map

Bind the NIS client to the LDAP domain

Example: 

# ldapclient -P simple -d subdomain.example.com -D cn=proxyagent,ou=profile,dc=subdomain,dc=example,dc=com LDAP_server_IP
System successfully configured

Create the LDAP databases

Perform these steps on the LDAP client.

passwd 

# ldapaddent -a simple -p -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/nis_passwd_map passwd
Enter password:
382 entries added

group 

# ldapaddent -a simple -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/nis_group_map group
Enter password:
29 entries added

auto_master

auto_master NIS map: 

/vol.soft auto_soft             -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
/vol.pra auto_pra               -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp

Corresponding auto_master LDAP database (e.g., /tmp/auto_master.ldif): 

dn: automountkey=/vol.pra,automountMapName=auto_master,dc=subdomain,dc=example,dc=com
automountInformation: auto_pra -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
objectClass: top
objectClass: automount
automountKey: /vol.pra
 
dn: automountkey=/vol.soft,automountMapName=auto_master,dc=subdomain,dc=example,dc=com
automountInformation: auto_soft -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
objectClass: top
objectClass: automount
automountKey: /vol.soft

# ldapmodify -a -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/auto_master.ldif

automount

Before we can populate the non-standard auto_pra and auto_soft automounter maps, we have to add them to the automount map.

/tmp/automount.ldif: 

dn: automountMapName=auto_soft,dc=subdomain,dc=example,dc=com
automountMapName: auto_soft
objectClass: top
objectClass: automountMap

dn: automountMapName=auto_pra,dc=subdomain,dc=example,dc=com
automountMapName: auto_pra
objectClass: top
objectClass: automountMap

auto_pra

auto_pra NIS map: 

mh-cx-pra-areas nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra-areas
pra nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/pra

Corresponding auto_pra LDAP database (e.g., /tmp/auto_pra.ldif): 

dn: automountkey=pra, automountmapname=auto_pra,dc=subdomain,dc=example,dc=com
automountKey: pra
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/pra

dn: automountkey=mh-cx-pra-areas, automountmapname=auto_pra,dc=subdomain,dc=example,dc=com
automountKey: mh-cx-pra-areas
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra-areas

# ldapmodify -a -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/auto_pra.ldif

auto_soft

auto_soft NIS map: 

sybase nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/sybase
remedy nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/remedy32
local nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/local
soft nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft

Corresponding auto_soft LDAP database (e.g., /tmp/auto_soft.ldif): 

dn: automountkey=remedy, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
automountKey: remedy
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/remedy32

dn: automountkey=local, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
automountKey: local
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/local

dn: automountkey=soft, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
automountKey: soft
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft

dn: automountkey=sybase, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
automountKey: sybase
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/sybase

# ldapmodify -a -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/auto_soft.ldif

Configure the name service switch on the LDAP client

When running ldapclient to initialize the LDAP client, /etc/nsswitch.conf is overwritten with /etc/nsswitch.ldap. It is likely that /etc/nsswitch.conf will have to be modified, as it does not use DNS when looking up hostnames, and only references local files when LDAP is not available.

Retrieved from "http://brandonhutchinson.com/wiki/NIS_to_LDAP_example"
Personal tools