NIs to LDAP conversion Service (N2l Service) Use the NIS to LDAP conversion daemon to replace the existing NIs daemon on the NIS master server. The n2l service also creates a NIS to LDAP conversion ing file on the server. The NIS ing file specifies the NIS ing between the NIS ing items and the directory information tree (DIT) equivalent items in LDAP. The NIS master server that has performed this conversion is calledN2l Server. NoNisldapmappingFiles, so they continue to work in the usual way. The slave server regularly updates its data from the n2l server, as if the n2l Server is a conventional NIS master server.
The behavior of the n2l service isYpservAndNisldapmappingConfiguration File control. ScriptInityp2lThese configuration files can be set at the beginning. Once the n2l server is created, you can directly edit these configuration files to maintain the n2l.
The n2l Service supports the following features:
In any name system, only one source of information can be an authoritative source. In traditional NIS, the NIS source is authoritative information. When using the n2l service, the authoritative data source is from the LDAP directory. As described in Chapter 9th, basic components and concepts of LDAP (Overview), the directory is managed by using the Directory management tool.
The NIS source is retained for emergency backup or uninstallation only. After using the n2l service, you can gradually remove the NIS client. Eventually, all NIS clients will be replaced by the Solaris LDAP name service client.
Other summary information is provided in the following sections:
Target User for NIs to LDAP Conversion
The NIS to LDAP conversion service should not be used.
Impact of NIs to LDAP conversion service on users
NIs to LDAP conversion terms
NIs to LDAP conversion commands, files, and ing
Supported standard Mappings
NIs to LDAP conversion tools and service management tools
NIs and LDAP services are managed by service management tools. AvailableSvcadmCommand to enable, disable, or restart these services. UseSVCsCommand to query the service status. For more information about managing LDAP and NIS using SMF, see LDAP and service management tools and NIS and service management tools. For an overview of SMF, seeSystem Administration Guide: basic administration"Management Services (overview)" in )". For more information, see the svcadm (1 m) and SVCs (1) manuals.
Target User for NIs to LDAP Conversion
You must be familiar with NIs and LDAP concepts, terms, and IDs before performing the procedures in this chapter. For more information about the NIS and LDAP name services, see the following two chapters in this book:
Chapter 2 Network Information Service (NIS) (Overview) (provides an overview of NIS)
Chapter 8th, Introduction to LDAP Name Service (Overview/reference) (provides an overview of LDAP)
The NIS to LDAP conversion service should not be used.
Do not use the n2l service in the following situations:
Data is not intended to be shared between the NIS client and the LDAP name service client.
In this case, the n2l server will act as an extremely complex NIS master server.
NIS ing is performed by the tool to modify the NIS source file (insteadYppasswd.
Recreating an NIS source from the DIT ing is an inaccurate task. This task needs to manually check the generated NIS ing. Once the n2l service is used, the re-generation function of the provided NIS source is only used to uninstall NIS or restore to NIS.
No NIS client
In this case, you can use the Solaris LDAP name to serve the client and its corresponding tools.
Impact of NIs to LDAP conversion service on users
Installing only files related to the n2l service does not change the default behavior of the NIS server. During installation, the Administrator will see some changes to the NIS manual page, and the n2l help script is added to the server.Inityp2lAndYpmap2src. However, as long as it is not running on the NIS ServerInityp2lOr if you do not manually create the n2l configuration file, the NIS component will continue to start and work in the traditional NIS mode.
RunInityp2lThen, the user will see some changes in the server and client behavior. The following is a list of NIS and LDAP user types, which indicate the situations that users of each type should notice after the n2l service is deployed.
User Type |
Impact of n2l Service |
NIS master server administrator |
The NIS master server is converted to the n2l server.NisldapmappingAndYpservThe configuration file will be installed on the n2l server. After the n2l server is created, you can use the LDAP command to manage the name information. |
NIS slave server administrator |
After the n2l conversion, the NIS slave server continues to run NIs in the normal way. WhenYpmakeCallYppushThe n2l server pushes the updated NIS ing to the slave server. See the ypmake (1 m) manual page. |
NIS client |
The NIS read operation is no different from the traditional NIS. When the Solaris LDAP name service client changes the information in the DIT, the information is copied to the NIS ing. The replication operation is completed after the configurable timeout period expires. This behavior is similar to that of a conventional NIS client that connects to the NIS slave server. If the n2l server cannot be bound to the LDAP server for reading, the n2l server will return information from its own cached copy. Alternatively, the n2l server may return an internal server error. You can configure the n2l server to respond in any of the above methods. For more information, see the ypserv (1 m) manual page. |
All users |
When the NIS client requests to change the password, the changes are immediately displayed on the n2l master server and local LDAP client. If you try to change the password on the NIS client and the LDAP server is unavailable, the change will be rejected, and the n2l server will return an internal server error. This action prevents improper information from being written to the cache. |
NIs to LDAP conversion terms
The following are terms related to implementing the n2l service.
Table 15-1 terms related to n2l Conversion
Terms |
Description |
N2l configuration file (n2l configuration file) |
YpservThe daemon is used to start the master server in n2l mode./Var/yp/nisldapmappingFile and/Var/yp/ypservFile. For more information, seeNisldapmapping(4) andYpserv(4) manual page. |
Map) |
In the context of the n2l service, the term "ing" can be used in two ways:
|
Mapping) |
The process of mutual conversion between NIs and LDAP dit items. |
Mapping File) |
Used to specify how to map between an NIS file and an LDAP FileNisldapmappingFile. |
Standard Map) |
You can use frequently-used NIS ing supported by the n2l service without manually modifying the NIS ing file. A list of supported standard mappings is provided in the supported standard mappings. |
Nonstandard map (non-standard ing) |
You can use standard NIS ing between NIs and LDAP dit (except for RFC 2307 or mappings identified in later versions. |
Custom map (custom ing) |
It is not a standard ing. When converting from NIS to LDAP, you must manually modify the ing file. |
LDAP Client) |
Any traditional LDAP client that performs read/write operations on any LDAP server. The traditional LDAP client is a system that performs read/write operations on any LDAP server. The Solaris LDAP name service client can process some custom name information. |
LDAP naming services client (LDAP name service client) |
The Solaris LDAP client that processes some custom name information. |
N2l server (n2l server) |
Use the n2l service to reconfigure the NIS master server as the n2l server. The reconfiguration process includes replacing the NIS daemon and adding a new configuration file. |
NIs to LDAP conversion commands, files, and ing
There are two utilities, two configuration files, and a ing associated with the n2l conversion.
Table 15-2 instructions on n2l commands, files, and ing
Command/file/ ing |
Description |
/Usr/lib/netsvc/yp/inityp2l |
Help createNisldapmappingAndYpservConfiguration File utility. This utility is not a common tool for managing these files. Advanced users can use the text editor to check and customizeInityp2lOutput to maintain the n2l configuration file or create a custom ing. See the inityp2l (1 m) manual page. |
/Usr/lib/netsvc/yp/ypmap2src |
A utility used to convert a standard NIS ing to an approximate equivalent NIS source file.Ypmap2srcIt is mainly used to convert the n2l conversion server to the traditional NIS. See the ypmap2src (1 m) manual page. |
/Var/yp/nisldapmapping |
Configuration file used to specify the mappings between NIS ing items and directory information tree (DIT) equivalent items in LDAP. See the nisldapmapping (4) manual page. |
/Var/yp/ypserv |
Specifies the configuration information for the NIS to LDAP conversion daemon. See The ypserv (4) manual page. |
Ageing. byname |
YppasswddA ing is used to read and write password life cycle information in the DIT when converting NIs to LDAP. |
Supported standard Mappings
By default, the n2l Service supports the mappings listed below with RFC 2307 or later versions of LDAP. You do not need to manually modify these standard mappings. Any mappings not listed in the following list on the system are considered as custom mappings and must be modified manually.
The n2l service also supportsAuto .*Ing automatically. However, because mostAuto .*The file name and content are specific to their respective network configurations. Therefore, these files are not specified in the list, but are supported as standard mappings.Auto. HomeAndAuto. MasterExcept for ing.
audit_userauth_attrauto.homeauto.masterbootparamsethers.byaddr ethers.bynameexec_attrgroup.bygid group.byname group.adjunct.bynamehosts.byaddr hosts.bynameipnodes.byaddr ipnodes.bynamemail.byaddr mail.aliasesnetgroup netgroup.byprojid netgroup.byuser netgroup.byhostnetid.bynamenetmasks.byaddrnetworks.byaddr networks.bynamepasswd.byname passwd.byuid passwd.adjunct.bynameprinters.conf.bynameprof_attrproject.byname project.byprojectidprotocols.byname protocols.bynumberpublickey.bynamerpc.bynumberservices.byname services.byservicenametimezone.bynameuser_attr |
During the transition from NIS to LDAP,YppasswddThe daemon uses n2l-specific mappings.Ageing. bynameRead and Write password life cycle information in dit. If no password is used for the lifetimeAgeing. bynameIng.