NIS to LDAP example

From Brandonhutchinson.com

(Difference between revisions)

Current revision

1 Overview
2 Save the NIS maps as text files
3 Bind the NIS client to the LDAP domain
4 Create the LDAP databases
5 Configure the name service switch on the LDAP client

Overview

In this example, I bind a Solaris 8 NIS client to a Solaris 10 DSEE 6.2 LDAP server and convert the following NIS maps to LDAP databases:

passwd
group
auto_master
auto_pra and auto_soft, two non-standard automount maps

Save the NIS maps as text files

Save the NIS maps as text files before binding the client to the LDAP server. As soon as you use ldapclient to bind to an LDAP server, /etc/nsswitch.ldap is copied over /etc/nsswitch.conf and your NIS client is stopped.

On the NIS client:

$ ypcat passwd > /tmp/nis_passwd_map
$ ypcat group > /tmp/nis_group_map
$ ypcat -k auto_master > /tmp/nis_auto_master_map
$ ypcat -k auto_pra > /tmp/nis_auto_pra_map
$ ypcat -k auto_soft > /tmp/nis_auto_soft_map

Bind the NIS client to the LDAP domain

Example:

# ldapclient -P simple -d subdomain.example.com -D cn=proxyagent,ou=profile,dc=subdomain,dc=example,dc=com LDAP_server_IP
System successfully configured

Create the LDAP databases

Perform these steps on the LDAP client.

passwd

# ldapaddent -a simple -p -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/nis_passwd_map passwd
Enter password:
382 entries added

group

# ldapaddent -a simple -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/nis_group_map group
Enter password:
29 entries added

auto_master

auto_master NIS map:

/vol.soft auto_soft             -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
/vol.pra auto_pra               -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp

Corresponding auto_master LDAP database (e.g., /tmp/auto_master.ldif):

dn: automountkey=/vol.pra,automountMapName=auto_master,dc=subdomain,dc=example,dc=com
automountInformation: auto_pra -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
objectClass: top
objectClass: automount
automountKey: /vol.pra
 
dn: automountkey=/vol.soft,automountMapName=auto_master,dc=subdomain,dc=example,dc=com
automountInformation: auto_soft -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
objectClass: top
objectClass: automount
automountKey: /vol.soft

# ldapmodify -a -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/auto_master.ldif

automount

Before we can populate the non-standard auto_pra and auto_soft automounter maps, we have to add them to the automount map.

/tmp/automount.ldif:

dn: automountMapName=auto_soft,dc=subdomain,dc=example,dc=com
automountMapName: auto_soft
objectClass: top
objectClass: automountMap

dn: automountMapName=auto_pra,dc=subdomain,dc=example,dc=com
automountMapName: auto_pra
objectClass: top
objectClass: automountMap

auto_pra

auto_pra NIS map:

mh-cx-pra-areas nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra-areas
pra nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/pra

Corresponding auto_pra LDAP database (e.g., /tmp/auto_pra.ldif):

dn: automountkey=pra, automountmapname=auto_pra,dc=subdomain,dc=example,dc=com
automountKey: pra
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/pra

dn: automountkey=mh-cx-pra-areas, automountmapname=auto_pra,dc=subdomain,dc=example,dc=com
automountKey: mh-cx-pra-areas
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra-areas

# ldapmodify -a -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/auto_pra.ldif

auto_soft

auto_soft NIS map:

sybase nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/sybase
remedy nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/remedy32
local nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/local
soft nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft

Corresponding auto_soft LDAP database (e.g., /tmp/auto_soft.ldif):

dn: automountkey=remedy, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
automountKey: remedy
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/remedy32

dn: automountkey=local, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
automountKey: local
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/local

dn: automountkey=soft, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
automountKey: soft
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft

dn: automountkey=sybase, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
automountKey: sybase
objectClass: top
objectClass: automount
automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/sybase

# ldapmodify -a -D "cn=Directory Manager" -h LDAP_server_IP -f /tmp/auto_soft.ldif

Configure the name service switch on the LDAP client

When running ldapclient to initialize the LDAP client, /etc/nsswitch.conf is overwritten with /etc/nsswitch.ldap. It is likely that /etc/nsswitch.conf will have to be modified, as it does not use DNS when looking up hostnames, and only references local files when LDAP is not available.

Retrieved from "http://brandonhutchinson.com/wiki/NIS_to_LDAP_example"

@@ Line 1: / Line 1: @@
+=== Overview ===
 In this example, I bind a Solaris 8 NIS client to a Solaris 10 DSEE 6.2 LDAP server and convert the following NIS maps to LDAP databases:
@@ Line 4: / Line 6: @@
 * ''group''
 * ''auto_master''
-* Two non-standard NIS automount maps--''auto_pra'' and ''auto_soft''
+* ''auto_pra'' and ''auto_soft'', two non-standard automount maps
 === Save the NIS maps as text files ===
-Save the NIS maps as text files before binding the client to the LDAP server. As soon as you use ''ldapclient'' and bind to an LDAP server, ''/etc/nsswitch.ldap'' is copied over ''/etc/nsswitch.conf'' and your NIS client is stopped.
+Save the NIS maps as text files before binding the client to the LDAP server. As soon as you use ''ldapclient'' to bind to an LDAP server, ''/etc/nsswitch.ldap'' is copied over ''/etc/nsswitch.conf'' and your NIS client is stopped.
-On the Solaris 8 NIS client:
+On the NIS client:
  $ '''ypcat passwd > /tmp/nis_passwd_map'''
@@ Line 18: / Line 20: @@
  $ '''ypcat -k auto_soft > /tmp/nis_auto_soft_map'''
-=== Bind the Solaris 8 NIS client to the LDAP domain ===
+=== Bind the NIS client to the LDAP domain ===
 Example:
@@ Line 28: / Line 30: @@
 Perform these steps on the LDAP client.
-==== passwd ====
+==== ''passwd'' ====
  # '''ldapaddent -a simple -p -D "cn=Directory Manager" -h ''LDAP_server_IP'' -f /tmp/nis_passwd_map passwd'''
@@ Line 34: / Line 36: @@
 entries added
-==== group ====
+==== ''group'' ====
  # '''ldapaddent -a simple -D "cn=Directory Manager" -h ''LDAP_server_IP'' -f /tmp/nis_group_map group'''
@@ Line 40: / Line 42: @@
 entries added
-==== auto_master ====
+==== ''auto_master'' ====
-auto_master NIS map:
+''auto_master'' NIS map:
  /vol.soft auto_soft             -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
  /vol.pra auto_pra               -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
-Corresponding auto_master LDAP map (e.g., ''/tmp/auto_master.ldif''):
+Corresponding ''auto_master'' LDAP database (e.g., ''/tmp/auto_master.ldif''):
  dn: automountkey=/vol.pra,automountMapName=auto_master,dc=subdomain,dc=example,dc=com
  automountInformation: auto_pra -rw,intr,soft,timeo=7,retrans=9,noquota,vers=2,proto=udp
@@ Line 61: / Line 63: @@
  # '''ldapmodify -a -D "cn=Directory Manager" -h ''LDAP_server_IP'' -f /tmp/auto_master.ldif
-==== automount ====
+==== ''automount'' ====
-Because
+Before we can populate the non-standard ''auto_pra'' and ''auto_soft'' automounter maps, we have to add them to the ''automount'' map.
-==== auto_pra ====
+''/tmp/automount.ldif'':
+ dn: automountMapName=auto_soft,dc=subdomain,dc=example,dc=com
+ automountMapName: auto_soft
+ objectClass: top
+ objectClass: automountMap
+ dn: automountMapName=auto_pra,dc=subdomain,dc=example,dc=com
+ automountMapName: auto_pra
+ objectClass: top
+ objectClass: automountMap
+==== ''auto_pra'' ====
+''auto_pra'' NIS map:
+ mh-cx-pra-areas nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra-areas
+ pra nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/pra
+Corresponding ''auto_pra'' LDAP database (e.g., ''/tmp/auto_pra.ldif''):
+ dn: automountkey=pra, automountmapname=auto_pra,dc=subdomain,dc=example,dc=com
+ automountKey: pra
+ objectClass: top
+ objectClass: automount
+ automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/pra
+ dn: automountkey=mh-cx-pra-areas, automountmapname=auto_pra,dc=subdomain,dc=example,dc=com
+ automountKey: mh-cx-pra-areas
+ objectClass: top
+ objectClass: automount
+ automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra-areas
+ # '''ldapmodify -a -D "cn=Directory Manager" -h ''LDAP_server_IP'' -f /tmp/auto_pra.ldif
-==== auto_soft ====
+==== ''auto_soft'' ====
-auto_soft NIS map:
+''auto_soft'' NIS map:
  sybase nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/sybase
  remedy nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/remedy32
@@ Line 75: / Line 107: @@
  soft nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft
-Corresponding auto_soft LDAP map (e.g., ''/tmp/auto_soft.ldif''):
+Corresponding ''auto_soft'' LDAP database (e.g., ''/tmp/auto_soft.ldif''):
  dn: automountkey=remedy, automountmapname=auto_soft,dc=subdomain,dc=example,dc=com
  automountKey: remedy
@@ Line 99: / Line 131: @@
  objectClass: automount
  automountInformation: nvpmmnf604:/vol/pra_mh_citrix/mh-cx-pra/soft/sybase
+ # '''ldapmodify -a -D "cn=Directory Manager" -h ''LDAP_server_IP'' -f /tmp/auto_soft.ldif
+=== Configure the name service switch on the LDAP client ===
+When running ''ldapclient'' to initialize the LDAP client, ''/etc/nsswitch.conf'' is overwritten with ''/etc/nsswitch.ldap''. It is likely that ''/etc/nsswitch.conf'' will have to be modified, as it does not use DNS when looking up hostnames, and only references local files when LDAP is not available.