| Skip Navigation Links | |
| Exit Print View | |
|
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. Name Service Switch (Overview)
4. Setting Up Oracle Solaris Active Directory Clients (Tasks)
Part II NIS Setup and Administration
5. Network Information Service (Overview)
6. Setting Up and Configuring NIS (Tasks)
Password Files and Namespace Security
How to Add a New NIS User to an NIS Domain
Changing a Map's Master Server
How to Change a Map's Master Server
How to Modify Configuration Files
Modifying and Using /var/yp/Makefile
Changing Makefile Macros/Variables
Updating and Modifying Existing Maps
How to Update Maps Supplied With the Default Set
Using the cron Command for Map Transfers
Using Shell Scripts With cron and ypxfr
Directly Invoking the ypxfr Command
Using the makedbm Command to Modify a Non-Default Map
Creating New Maps From Text Files
Adding Entries to a File-Based Map
Creating Maps From Standard Input
Modifying Maps Made From Standard Input
Binding to a Specific NIS Server
How to Set a Machine's NIS Domain Name
How to Configure Machine Host Name and Address Lookup Through NIS and DNS
9. Introduction to LDAP Naming Services (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP Naming Service (Reference)
This section contains the following information:
Users can obtain information from and about the maps at any time by using the ypcat, ypwhich, and ypmatch commands. In the examples that follow, mapname refers both to the official name of a map and to its nickname, if any.
To list all the values in a map, type the following:
% ypcat mapname
To list both the keys and the values (if any) in a map, type the following:
% ypcat -k mapname
To list all the map nicknames, type any of the following commands:
% ypcat -x % ypmatch -x % ypwhich -x
To list all the available maps and their masters, type the following:
% ypwhich -m
To list the master server for a particular map, type the following:
% ypwhich -m mapname
To match a key with an entry in a map, type the following:
% ypmatch key mapname
If the item you are looking for is not a key in a map, type the following:
% ypcat mapname | grep item
where item is the information for which you are searching. To obtain information about other domains, use the -d domainname option of these commands.
If the machine requesting information for a domain other than its default does not have a binding for the requested domain, ypbind consults the /var/yp/binding/domainname/ypservers file for a list of servers for that domain. If this file does not exist it issues an RPC broadcast for a server. In this case, there must be a server for the requested domain on the same subnet as the requesting machine.
To change the master server for a selected map, you first have to build the map on the new NIS master. Since the old master server name occurs as a key-value pair in the existing map (this pair is inserted automatically by makedbm), copying the map to the new master or transferring a copy to the new master with ypxfr is insufficient. You have to reassociate the key with the new master server name. If the map has an ASCII source file, you should copy this file to the new master.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
newmaster# cd /var/yp
If this is not the case, edit the Makefile now. For this example, add an entry for a map called sites.byname.
newmaster# make sites.byname
Make sure that you comment out the section of the Makefile that made the sites.byname map so that it is no longer made there.
First, disassemble a copy of the sites.byname file by using the ypcat command. Then, run the disassembled version through makedbm.
newmaster# cd /var/yp newmaster# ypcat sites.byname | makedbm domain/sites.byname
After making the map on the new master, you must send a copy of the new map to the other slave servers. Do not use yppush, because the other slaves will try to get new copies from the old master, rather than the new one. A typical method for circumventing this is to transfer a copy of the map from the new master back to the old master. To do this, become superuser, or assume an equivalent role, on the old master server and type the following.
oldmaster# /usr/lib/netsvc/yp/ypxfr -h newmaster sites.byname
Now it is safe to run yppush. Any remaining slave servers still believe that the old master is the current master and will attempt to get the current version of the map from the old master. When clients do so, they will get the new map, which names the new master as the current master.
If this method fails, you can log in as root on each NIS server and execute the ypxfr command as shown.
NIS intelligently parses the setup files. Although this makes NIS administration easier, it does make the behavior of NIS more sensitive to changes in the setup and configuration files.
Use the procedures in this section when doing any of the following:
Adding or deleting $PWDIR/security/passwd.adjunct to allow or deny C2 security ($PWDIR is defined in /var/yp/Makefile)
Keep the following in mind.
Deleting a map or source file from an NIS master server does not automatically result in corresponding deletions from slave servers. You must delete maps and source files from slave servers by hand.
New maps do not automatically get pushed to existing slave servers. You must run ypxfr from the slaves.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# svcadm disable network/nis/server
# svcadm enable network/nis/server
You can modify the Makefile provided by default in /var/yp to suit your needs. You can add or delete maps, and you can change the names of some of the directories.
Tip - Keep an unmodified copy of the original Makefile for future reference.
To add a new NIS map, you must get copies of the ndbm files for the map into the /var/yp/domainname directory on each of the NIS servers in the domain. This is normally done for you by the Makefile. After deciding which NIS server is the master of the map, modify the Makefile on the master server so that you can conveniently rebuild the map. Different servers can be masters of different maps, but in most cases this leads to administrative confusion. Try to set only one server as the master of all maps.
Typically a human-readable text file is filtered through awk, sed, or grep to make it suitable for input to makedbm. Refer to the default Makefile for examples. See the make(1S) for general information about the make command.
Use the mechanisms already in place in the Makefile when deciding how to create dependencies that make will recognize. Be aware that make is very sensitive to the presence or absence of tabs at the beginning of lines within the dependency rules. A missing tab can invalidate an entry that is otherwise well formed.
Adding an entry to the Makefile involves the following.
Adding the name of the database to the all rule
Writing the time rule
Adding the rule for the database
For example, in order for the Makefile to work on automounter input files, you would have to add the auto_direct.time and auto_home.time maps to the NIS database.
To add these maps to the NIS database you need to modify the Makefile.
You can change the settings of the variables defined at the top of the Makefile by changing the value to the right of the equal sign (=). For instance, if you do not want to use the files located in /etc as input for the maps, but you would rather use files located in another directory, such as /var/etc/domainname, you should change DIR from DIR=/etc to DIR=/var/etc/domainname. You should also change PWDIR from PWDIR=/etc to PWDIR=/var/etc/domainname.
The variables are the following:
DIR= The directory containing all of the NIS input files except passwd and shadow. The default value is /etc. Since it is not good practice to use the files in the master server's /etc directory as NIS input files, you should change this value.
PWDIR= The directory containing the passwd and shadow NIS input files. Since it is not good practice to use the files in the master server's /etc directory as NIS input files, you should change this value.
DOM= The NIS domain name. The default value of DOM can be set by using the domainname command.
The following procedure describes how to add and delete databases from the Makefile.
This procedure requires that you have already configured an NIS master server.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
all: passwd group hosts ethers networks rpc services protocols \
netgroup bootparams aliases netid netmasks \
audit_user auth_attr exec_attr prof_attr \
auto_direct auto_home auto_direct.time auto_home.timeThe order of the entries is not relevant, but the blank space at the beginning of the continuation lines must be a Tab, not spaces.
auto_direct: auto_direct.time auto_home: auto_home.time
auto_direct.time: $(DIR)/auto_direct @(while read L; do echo $$L; done < $(DIR)/auto_direct $(CHKPIPE)) | \ (sed -e "/^#/d" -e "s/#.*$$//" -e "/^ *$$/d" $(CHKPIPE)) | \ $(MAKEDBM) - $(YPDBDIR)/$(DOM)/auto_direct; @touch auto_direct.time; @echo "updated auto_direct"; @if [ ! $(NOPUSH) ]; then $(YPPUSH) auto_direct; fi @if [ ! $(NOPUSH) ]; then echo "pushed auto_direct"; fi
where
CHKPIPE makes certain that the operations to the left of the pipe (|) are successfully completed before piping the results to next commands. If the operations to the left of the pipe do not successfully complete, the process is terminated with a NIS make terminated message.
NOPUSH prevents the makefile from calling yppush to transfer the new map to the slave servers. If NOPUSH is not set, the push is done automatically.
The while loop at the beginning is designed to eliminate any backslash-extended lines in the input file. The sed script eliminates comment and empty lines.
Follow the same procedure for all other automounter maps, such as auto_home or any other non-default maps.
# make mapname
where mapname is the name of the map you want to make.
If you do not want the Makefile to produce maps for a specific database, edit the Makefile as follows.
For example, to delete the hosts database, the hosts.time entry should be removed.
For example, to delete the hosts database, the hosts: hosts.time entry should be removed.
|