From: Bob Cregan (bob.cregan@maths.bath.ac.uk)
Date: Wed Mar 30 2005 - 03:16:43 EST
Hi
I'm having having a problem setting up a NIS+ to ldap gateway. I
have followed the instuctions found in
http://www.sun.com/blueprints/0903/817-3594.pdf
ie
1) ran idsconfig against a Sun One 5.2 directory server.
2) setup /etc/default/rpc.nisd and have seen the authenticated
connections coming in on the ldap server logs
3) edited NIS+LDAPmapping.template to remove the unecessary entries to
be put in the nisPlus container, as recommended by the blueprint.
but when I run a test I get
root:nis # nisldapmaptest -v -m NIS+LDAPmapping.test -r -t
group.org_dir name=maths name=testgr
objToLDAP: group.org_dir.maths.bath.ac.uk.
objToLDAP: group.org_dir.maths.bath.ac.uk. (no mapping)
if I remove the commented out sections from NIS+LDAPmapping.template
then I get a complaint about the nisPlus container being not setup
correctly.
ldap_add(0x887c0 (138.38.100.29),
"cn=group,ou=nisPlus,dc=maths,dc=bath,dc=ac,dc=uk") => 65 (Object class
violation)
which implies to me that the mapping is working for the group_table object.
I would be very grateful for any help as this has me climbing walls.
Thanks
Bob
The NIS+LDAPmapping file I am using is
root:nis # cat NIS+LDAPmapping.test | grep -v ^$ | grep -v ^#
nisplusLDAPdatabaseIdMapping passwd:passwd.org_dir
nisplusLDAPdatabaseIdMapping group:group.org_dir
nisplusLDAPdatabaseIdMapping auto_master:auto_master.org_dir
nisplusLDAPdatabaseIdMapping auto_home:auto_home.org_dir
nisplusLDAPdatabaseIdMapping bootparams:bootparams.org_dir
nisplusLDAPdatabaseIdMapping ethers:ethers.org_dir
nisplusLDAPdatabaseIdMapping hosts:[addr="[1-9]*.[1-9]*.[1-9]*.[1-9]*"]\
hosts.org_dir
nisplusLDAPdatabaseIdMapping ipnodes:[addr="*:*"]ipnodes.org_dir
nisplusLDAPdatabaseIdMapping credlocal:[auth_type=LOCAL]cred.org_dir
nisplusLDAPdatabaseIdMapping creduser:[auth_type="D*", \
auth_name="unix.[0-9]*"]cred.org_dir
nisplusLDAPdatabaseIdMapping crednode:[auth_type="D*", \
auth_name="unix.[a-z]*"]cred.org_dir
nisplusLDAPdatabaseIdMapping aliases:mail_aliases.org_dir
nisplusLDAPdatabaseIdMapping netgroup:netgroup.org_dir
nisplusLDAPdatabaseIdMapping networks:networks.org_dir
nisplusLDAPdatabaseIdMapping netmasks:netmasks.org_dir
nisplusLDAPdatabaseIdMapping protocols:protocols.org_dir
nisplusLDAPdatabaseIdMapping rpc:rpc.org_dir
nisplusLDAPdatabaseIdMapping services:services.org_dir
nisplusLDAPdatabaseIdMapping auth_attr:auth_attr.org_dir
nisplusLDAPdatabaseIdMapping exec_attr:exec_attr.org_dir
nisplusLDAPdatabaseIdMapping prof_attr:prof_attr.org_dir
nisplusLDAPdatabaseIdMapping user_attr:user_attr.org_dir
nisplusLDAPdatabaseIdMapping audit_user:audit_user.org_dir
nisplusLDAPentryTtl passwd:1800:3600:3600
nisplusLDAPentryTtl group:1800:3600:3600
nisplusLDAPentryTtl auto_master:1800:3600:3600
nisplusLDAPentryTtl auto_home:1800:3600:3600
nisplusLDAPentryTtl bootparams:1800:3600:3600
nisplusLDAPentryTtl ethers:1800:3600:3600
nisplusLDAPentryTtl hosts:1800:3600:3600
nisplusLDAPentryTtl ipnodes:1800:3600:3600
nisplusLDAPentryTtl credlocal:1800:3600:3600
nisplusLDAPentryTtl creduser:1800:3600:3600
nisplusLDAPentryTtl crednode:1800:3600:3600
nisplusLDAPentryTtl aliases:1800:3600:3600
nisplusLDAPentryTtl netgroup:1800:3600:3600
nisplusLDAPentryTtl networks:1800:3600:3600
nisplusLDAPentryTtl netmasks:1800:3600:3600
nisplusLDAPentryTtl protocols:1800:3600:3600
nisplusLDAPentryTtl rpc:1800:3600:3600
nisplusLDAPentryTtl services:1800:3600:3600
nisplusLDAPentryTtl auth_attr:1800:3600:3600
nisplusLDAPentryTtl exec_attr:1800:3600:3600
nisplusLDAPentryTtl prof_attr:1800:3600:3600
nisplusLDAPentryTtl user_attr:1800:3600:3600
nisplusLDAPentryTtl audit_user:1800:3600:3600
nisplusLDAPobjectDN passwd:ou=People,?one?objectClass=shadowAccount,\
objectClass=posixAccount:\
ou=People,?one?objectClass=shadowAccount,\
objectClass=posixAccount,\
objectClass=account,objectClass=top
nisplusLDAPobjectDN group:ou=Group,?one?objectClass=posixGroup:\
ou=Group,?one?objectClass=posixGroup,\
objectClass=top
nisplusLDAPobjectDN auto_master:automountmapname=auto_master,\
?one?objectClass=automount:\
automountmapname=auto_master,\
?one?objectClass=automount,\
objectClass=top
nisplusLDAPobjectDN auto_home:automountmapname=auto_home,\
?one?objectClass=automount:\
automountmapname=auto_home,\
?one?objectClass=automount,\
objectClass=top
nisplusLDAPobjectDN
bootparams:ou=Ethers,?one?objectClass=bootableDevice,\
bootParameter=*:\
ou=Ethers,?one?objectClass=bootableDevice,\
objectClass=device,\
objectClass=top:\
dbid=bootparams_del
nisplusLDAPobjectDN ethers:ou=Ethers,?one?objectClass=ieee802Device,\
macAddress=*:\
ou=Ethers,?one?objectClass=ieee802Device,\
objectClass=device,\
objectClass=top:\
dbid=ethers_del
nisplusLDAPobjectDN hosts:ou=Hosts,?one?objectClass=ipHost:\
ou=Hosts,?one?objectClass=ipHost,\
objectClass=device,objectClass=top
nisplusLDAPobjectDN ipnodes:ou=Hosts,?one?objectClass=ipHost:\
ou=Hosts,?one?objectClass=ipHost,\
objectClass=device,objectClass=top
nisplusLDAPobjectDN credlocal:ou=People,?one?objectClass=nisKeyObject
nisplusLDAPobjectDN creduser:ou=People,?one?objectClass=nisKeyObject:\
ou=People,?one?objectClass=nisKeyObject
nisplusLDAPobjectDN crednode:ou=Hosts,?one?objectClass=nisKeyObject:\
ou=Hosts,?one?objectClass=nisKeyObject
nisplusLDAPobjectDN aliases:ou=Aliases,?one?objectClass=mailGroup:\
ou=Aliases,?one?objectClass=mailGroup,\
objectClass=top
nisplusLDAPobjectDN netgroup:ou=Netgroup,?one?objectClass=nisNetgroup:\
ou=Netgroup,?one?objectClass=nisNetgroup,\
objectClass=top
nisplusLDAPobjectDN networks:ou=Networks,?one?objectClass=ipNetwork:\
ou=Networks,?one?objectClass=ipNetwork,\
objectClass=top
nisplusLDAPobjectDN netmasks:ou=Networks,?one?objectClass=ipNetwork,\
ipNetMaskNumber=*:\
ou=Networks,?one?objectClass=ipNetwork:\
dbid=netmasks_del
nisplusLDAPobjectDN protocols:ou=Protocols,?one?objectClass=ipProtocol:\
ou=Protocols,?one?objectClass=ipProtocol,\
objectClass=top
nisplusLDAPobjectDN rpc:ou=Rpc,?one?objectClass=oncRpc:\
ou=Rpc,?one?objectClass=oncRpc,objectClass=top
nisplusLDAPobjectDN services:ou=Services,?one?objectClass=ipService:\
ou=Services,?one?objectClass=ipService,\
objectClass=top
nisplusLDAPobjectDN auth_attr:\
ou=SolarisAuthAttr,?one?objectClass=SolarisAuthAttr:\
ou=SolarisAuthAttr,?one?objectClass=SolarisAuthAttr,\
objectClass=top
nisplusLDAPobjectDN exec_attr:\
ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
SolarisKernelSecurityPolicy=*:\
ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
objectClass=SolarisProfAttr,\
objectClass=top
nisplusLDAPobjectDN prof_attr:\
ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
SolarisAttrLongDesc=*:\
ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
objectClass=SolarisExecAttr,\
objectClass=top
nisplusLDAPobjectDN
user_attr:ou=People,?one?objectClass=SolarisUserAttr,\
solarisAttrKeyValue=*:\
ou=People,?one?objectClass=SolarisUserAttr:\
dbid=user_attr_del
nisplusLDAPobjectDN
audit_user:ou=People,?one?objectClass=SolarisAuditUser,\
SolarisAuditAlways=*,\
SolarisAuditNever=*:\
ou=People,?one?objectClass=SolarisAuditUser:\
dbid=audit_user_del
nisplusLDAPattributeFromColumn \
passwd: dn=("uid=%s,", name), \
cn=name, \
uid=name, \
userPassword=("{crypt}%s", passwd), \
uidNumber=uid, \
gidNumber=gid, \
gecos=gcos, \
homeDirectory=home, \
loginShell=shell, \
(shadowLastChange,shadowMin,shadowMax, \
shadowWarning,
shadowInactive,shadowExpire)=\
(shadow, ":")
nisplusLDAPattributeFromColumn \
group: dn=("cn=%s,", name), \
cn=name, \
userPassword=("{crypt}%s", passwd), \
gidNumber=gid, \
(memberUid)=(members, ",")
nisplusLDAPattributeFromColumn \
auto_master: dn=("automountKey=%s,", key), \
automountKey=key, \
automountInformation=value
nisplusLDAPattributeFromColumn \
auto_home: dn=("automountKey=%s,", key), \
automountKey=key, \
automountInformation=value
nisplusLDAPattributeFromColumn \
bootparams: dn=("cn=%s,", key), \
cn=key, \
(bootParameter)=(value, " ")
nisplusLDAPattributeFromColumn \
bootparams_del: dn=("cn=%s,", key), \
bootParameter=
nisplusLDAPattributeFromColumn \
ethers: dn=("cn=%s,", name), \
macAddress=addr, \
cn=name
nisplusLDAPattributeFromColumn \
ethers_del: dn=("cn=%s,", name), \
macAddress=
nisplusLDAPattributeFromColumn \
hosts: dn=("cn=%s+ipHostNumber=%s,", cname,
addr), \
cn=cname, \
cn=name, \
ipHostNumber=addr, \
description=comment
nisplusLDAPattributeFromColumn \
ipnodes: dn=("cn=%s+ipHostNumber=%s,", cname,
addr), \
cn=cname, \
cn=name, \
ipHostNumber=addr, \
description=comment
nisplusLDAPattributeFromColumn \
credlocal: dn=("uid=%s,", (cname, "%s.*")), \
uidNumber=auth_name, \
gidNumber=public_data
nisplusLDAPattributeFromColumn \
creduser: dn=("uid=%s,", (cname, "%s.*")), \
nisPublicKey=("{%s}%s", \
auth_type, public_data), \
nisSecretKey=("{%s}%s", \
auth_type, private_data)
nisplusLDAPattributeFromColumn \
crednode: dn=("cn=%s+ipHostNumber=%s,", \
(cname, "%s.*"), \
ldap:ipHostNumber:?one?("cn=%s", (cname,
"%s.*"))), \
nisPublicKey=("{%s}%s", \
auth_type, public_data), \
nisSecretKey=("{%s}%s", \
auth_type, private_data)
nisplusLDAPattributeFromColumn \
aliases: dn=("mail=%s,", alias), \
cn=alias, \
mail=alias, \
(mgrprfc822mailmember)= (expansion, ",")
nisplusLDAPattributeFromColumn \
netgroup: dn=("cn=%s,", name), \
cn=name, \
memberNisNetgroup=group, \
nisNetgroupTriple=("(%s,%s,%s)", \
host, user,
domain), \
description=comment
nisplusLDAPattributeFromColumn \
networks: dn=("ipNetworkNumber=%s,", addr), \
cn=cname, \
cn=name, \
ipNetworkNumber=addr, \
description=comment
nisplusLDAPattributeFromColumn \
netmasks: dn=("ipNetworkNumber=%s,", addr), \
ipNetworkNumber=addr, \
ipNetmaskNumber=mask, \
description=comment
nisplusLDAPattributeFromColumn \
netmasks_del: dn=("ipNetworkNumber=%s,", addr), \
ipNetmaskNumber=
nisplusLDAPattributeFromColumn \
protocols: dn=("cn=%s,", cname), \
cn=cname, \
cn=name, \
ipProtocolNumber=number, \
description=comment
nisplusLDAPattributeFromColumn \
rpc: dn=("cn=%s,", cname), \
cn=cname, \
cn=name, \
oncRpcNumber=number, \
description=comment
nisplusLDAPattributeFromColumn \
services: dn=("cn=%s+ipServiceProtocol=%s,",\
cname, proto), \
cn=cname, \
cn=name, \
ipServiceProtocol=proto, \
ipServicePort=port, \
description=comment
nisplusLDAPattributeFromColumn \
auth_attr: dn=("cn=%s,", name), \
cn=name, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrShortDesc=short_desc, \
SolarisAttrLongDesc=long_desc, \
SolarisAttrKeyValue=attr
nisplusLDAPattributeFromColumn \
exec_attr:
dn=("cn=%s+SolarisKernelSecurityPolicy=%s+SolarisProfileType=%s+SolarisProfileId=%s,",
name, policy, type, id), \
cn=name, \
SolarisKernelSecurityPolicy=policy, \
SolarisProfileType=type, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisProfileId=id, \
SolarisAttrKeyValue=attr
nisplusLDAPattributeFromColumn \
prof_attr: dn=("cn=%s,", name), \
cn=name, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrLongDesc=desc, \
SolarisAttrKeyValue=attr
nisplusLDAPattributeFromColumn \
user_attr: dn=("uid=%s,", name), \
SolarisUserQualifier=qualifier, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrKeyValue=attr
nisplusLDAPattributeFromColumn \
audit_user: dn=("uid=%s,", name), \
SolarisAuditAlways=always, \
SolarisAuditNever=never
nisplusLDAPattributeFromColumn \
user_attr_del: dn=("uid=%s,", name), \
SolarisUserQualifier=, \
SolarisAttrReserved1=, \
SolarisAttrReserved2=, \
SolarisAttrKeyValue=
nisplusLDAPattributeFromColumn \
audit_user_del: dn=("uid=%s,", name), \
SolarisAuditAlways=, \
SolarisAuditNever=
nisplusLDAPcolumnFromAttribute \
passwd: name=uid, \
("{crypt}%s", passwd)=userPassword, \
uid=uidNumber, \
gid=gidNumber, \
gcos=gecos, \
home=homeDirectory, \
shell=loginShell, \
shadow=("%s:%s:%s:%s:%s:%s", \
shadowLastChange, \
shadowMin, \
shadowMax, \
shadowWarning, \
shadowInactive, \
shadowExpire)
nisplusLDAPcolumnFromAttribute \
group: name=cn, \
("{crypt}%s", passwd)=userPassword, \
gid=gidNumber, \
members=("%s,", (memberUid), ",")
nisplusLDAPcolumnFromAttribute \
auto_master: key=automountKey, \
value=automountInformation
nisplusLDAPcolumnFromAttribute \
auto_home: key=automountKey, \
value=automountInformation
nisplusLDAPcolumnFromAttribute \
bootparams: key=cn, \
value=("%s ", (bootParameter), " ")
nisplusLDAPcolumnFromAttribute \
ethers: addr=macAddress, \
name=cn
nisplusLDAPcolumnFromAttribute \
hosts: cname=cn, \
(name)=(cn), \
addr=ipHostNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
ipnodes: cname=cn, \
(name)=(cn), \
addr=ipHostNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
credlocal: cname=("%s.%s", uid, \
(nis+:zo_owner[]cred.org_dir, "*.%s")), \
auth_type=("LOCAL"), \
auth_name=uidNumber, \
public_data=gidNumber
nisplusLDAPcolumnFromAttribute \
creduser: cname=("%s.%s", uid, \
(nis+:zo_owner[]cred.org_dir, "*.%s")), \
auth_name=("unix.%s@%s", uidNumber, \
(nis+:zo_owner[]cred.org_dir, "*.%s.")), \
("{%s}%s", auth_type, public_data)= \
nisPublicKey, \
("{%s}%s", auth_type, private_data)= \
nisSecretKey
nisplusLDAPcolumnFromAttribute \
crednode: \
cname=("%s.%s", cn, \
(nis+:zo_owner[]cred.org_dir, "*.%s")), \
auth_name=("unix.%s@%s", cn, \
(nis+:zo_owner[]cred.org_dir, "*.%s.")), \
("{%s}%s", auth_type, public_data)= \
nisPublicKey, \
("{%s}%s", auth_type, private_data)= \
nisSecretKey
nisplusLDAPcolumnFromAttribute \
aliases: alias=mail, \
expansion= \
("%s,", (mgrprfc822mailmember), ",")
nisplusLDAPcolumnFromAttribute \
netgroup: name=cn, \
(group)=(memberNisNetgroup), \
("(%s,%s,%s)", host, user, domain)= \
(nisNetgroupTriple), \
comment=description
nisplusLDAPcolumnFromAttribute \
networks: cname=cn, \
(name)=(cn), \
addr=ipNetworkNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
netmasks: addr=ipNetworkNumber, \
mask=ipNetmaskNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
protocols: cname=cn, \
(name)=(cn), \
number=ipProtocolNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
rpc: cname=cn, \
(name)=(cn), \
number=oncRpcNumber, \
comment=description
nisplusLDAPcolumnFromAttribute \
services: cname=cn, \
(name)=(cn), \
proto=ipServiceProtocol, \
port=ipServicePort, \
comment=description
nisplusLDAPcolumnFromAttribute \
auth_attr: name=cn, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
short_desc=SolarisAttrShortDesc, \
long_desc=SolarisAttrLongDesc, \
attr=SolarisAttrKeyValue
nisplusLDAPcolumnFromAttribute \
exec_attr: name=cn, \
policy=SolarisKernelSecurityPolicy, \
type=SolarisProfileType, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
id=SolarisProfileId, \
attr=SolarisAttrKeyValue
nisplusLDAPcolumnFromAttribute \
prof_attr: name=cn, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
desc=SolarisAttrLongDesc, \
attr=SolarisAttrKeyValue
nisplusLDAPcolumnFromAttribute \
user_attr: name=cn, \
qualifier=SolarisUserQualifier, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
attr=SolarisAttrKeyValue
nisplusLDAPcolumnFromAttribute \
audit_user: name=cn, \
always=SolarisAuditAlways, \
never=SolarisAuditNever
-- ------------------------------------------------------------ Bob Cregan Unix Systems Administrator Department of Mathematical Sciences, The University of Bath Claverton Down Bath BA2 7AY phone 01225 386068 mail bob.cregan@maths.bath.ac.uk ------------------------------------------------------------- _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:26 EDT