unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

rpc.nisd(4)                      File Formats                      rpc.nisd(4)



NAME
       rpc.nisd - configuration file for NIS+ service daemon

SYNOPSIS
       /etc/default/rpc.nisd

DESCRIPTION
       The   rpc.nisd   file   specifies  configuration  information  for  the
       rpc.nisd(1M) server. Configuration information can come from a combina-
       tion  of three places. It can be derived from LDAP. It can be specified
       in the rpc.nisd file. It can be specified on the  rpc.nisd(1M)  command
       line.   The  values  in the rpc.nisd file override values obtained from
       the LDAP server.  Command line values supersede values in the  configu-
       ration file.

       The  NIS+LDAPmapping(4)  file  contains  mapping information connecting
       NIS+ object data to LDAP entries.  See  the  NIS+LDAPmapping(4)  manual
       page  for  an  overview of the setup needed to map NIS+ data to or from
       LDAP.

   Attributes
       The rpc.nisd(1M) server recognizes the following attributes. Any values
       specified for these attributes in the rpc.nisd file, including an empty
       value, override values obtained from LDAP. However, the nisplusLDAPcon-
       fig*  values  are read from the rpc.nisd file or the command line only.
       They are not obtained from LDAP.

       The following are attributes used for initial configuration.

       nisplusLDAPconfigDN

           The DN for configuration information. If  empty,   all  other  nis-
           plusLDAPConfig*  values  are  ignored,  in the expectation that all
           attributes are specified in this file or on the command line.  When
           nisplusLDAPConfigDN is not specified at all, the DN is derived from
           the NIS+ domain name by default. If the domain name is x.y.z.,  the
           default nisplusLDAPconfigDN is:


           nisplusLDAPconfigDN=dc=x,dc=y,dc=z



       nisplusLDAPconfigPreferredServerList

           The list of servers to use for the configuration phase. There is no
           default. The following is an example of a value for nisplusLDAPcon-
           figPreferredServerList:


           nisplusLDAPconfigPreferredServerList=127.0.0.1:389



       nisplusLDAPconfigAuthenticationMethod

           The authentication method used to obtain the configuration informa-
           tion. The recognized  values  for  nisplusLDAPconfigAuthentication-
           Method are:


           none

               No authentication attempted.




           simple

               Password of proxy user sent in the clear to the LDAP server.



           sasl/cram-md5

               Use  SASL/CRAM-MD5  authentication.  This authentication method
               may not be supported by all LDAP servers. A  password  must  be
               supplied.



           sasl/digest-md5

               Use  SASL/DIGEST-MD5 authentication. This authentication method
               may not be supported by all LDAP servers. A  password  must  be
               supplied.


           There  is  no default value. The following is an example of a value
           for nisplusLDAPconfigAuthenticationMethod:


           nisplusLDAPconfigAuthenticationMethod=simple


       nisplusLDAPconfigTLS

           The transport layer security used for the connection to the server.
           The recognized values are:


           none

               No  encryption  of  transport  layer  data. This is the default
               value.




           ssl

               SSL encryption of  transport  layer  data.   A  certificate  is
               required.


           Export  and  import control restrictions may limit the availability
           of transport layer security.


       nisplusLDAPconfigTLSCertificateDBPath

           The name of the  file  containing  the  certificate  database.  The
           default path is /var/nis, and the default file name is cert7.db.



       nisplusLDAPconfigProxyUser

           The  proxy  user used to obtain configuration information. There is
           no default value. If the value ends with a comma, the value of  the
           nisplusLDAPconfigDN attribute is appended. For example:


           nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People,



       nisplusLDAPconfigProxyPassword

           The  password  that  should be supplied to LDAP for the proxy  user
           when the authentication method requires one. In order to avoid hav-
           ing  this  password publically visible on the machine, the password
           should only appear in the configuration file, and the  file  should
           have  an  appropriate  owner,  group,  and  file  mode. There is no
           default value.



       The following are attributes used for data retrieval. The object  class
       name used for these attributes is nisplusLDAPconfig.

       preferredServerList

           The list of servers to use when reading or writing mapped NIS+ data
           from or to LDAP. There is no default value.  For example:


           preferredServerList=127.0.0.1:389



       authenticationMethod

           The authentication method to use when  reading  or  writing  mapped
           NIS+  data from or to LDAP. For recognized values, see the LDAPcon-
           figAuthenticationMethod attribute. There is no default  value.  For
           example,


           authenticationMethod=simple



       nisplusLDAPTLS

           The  transport  layer  security to use when reading or writing NIS+
           data from or to LDAP. For recognized values,  see the  nisplusLDAP-
           configTLS  attribute.  The default value is  none. Note that export
           and import control  restrictions  may  limit  the  availability  of
           transport layer security.



       nisplusLDAPTLSCertificateDBPath

           The  name of the file containing the certificate DB. For recognized
           and default values, see  the  nisplusLDAPconfigTLSCertificateDBPath
           attribute.



       defaultSearchBase

           The default portion of the DN to use when reading or writing mapped
           NIS+ data from or to LDAP. The default is derived from the value of
           the  baseDomain  attribute,  which  in turn usually defaults to the
           NIS+ domain name. If nisplusLDAPbaseDomain has the value x.y.z, the
           default  defaultSearchBase   is  dc=x,dc=y,dc=z.  See the following
           sample attribute value:


           defaultSearchBase=dc=somewhere,dc=else



       nisplusLDAPbaseDomain

           The domain to append when NIS+ object names are  not  fully  quali-
           fied. The default is the domain the rpc.nisd daemon is  serving, or
           the first such domain, if there is more than one candidate.



       nisplusLDAPproxyUser

           Proxy user used by the rpc.nisd to read or write from or  to  LDAP.
           Assumed to have the appropriate permission  to read and modify LDAP
           data. There is no  default value. If the value ends in a comma, the
           value of the defaultSearchBase attribute is appended.  For example:


           nisplusLDAPproxyUser=cn=nisplusAdmin,ou=People,



       nisplusLDAPproxyPassword

           The  password  that should be supplied to LDAP for the proxy   user
           when the authentication method so requires. In order to avoid  hav-
           ing  this  password publically visible on the machine, the password
           should only appear in the configuration file, and the  file  should
           have  an  appropriate  owner,  group,  and  file  mode. There is no
           default value.



       nisplusLDAPbindTimeout
       nisplusLDAPsearchTimeout
       nisplusLDAPmodifyTimeout
       nisplusLDAPaddTimeout
       nisplusLDAPdeleteTimeout

           Establish timeouts for LDAP bind, search, modify, add,  and  delete
           operations,  respectively. The default value is 15 seconds for each
           one. Decimal values are allowed.







       nisplusLDAPsearchTimeLimit

           Establish a value for the LDAP_OPT_TIMELIMIT  option,   which  sug-
           gests a time limit for the search operation on the LDAP server. The
           server may impose its own constraints  on possible values. See your
           LDAP    server    documentation.    The   default   is   the   nis-
           plusLDAPsearchTimeout value. Only  integer values are allowed.

           Since the nisplusLDAPsearchTimeout limits the amount  of  time  the
           client  rpc.nisd  will  wait  for completion of a search operation,
           setting  the  nisplusLDAPsearchTimeLimit    larger  than  the  nis-
           plusLDAPsearchTimeout is not recommended.



       nisplusLDAPsearchSizeLimit

           Establish a value for the LDAP_OPT_SIZELIMIT option, which suggests
           a size limit, in bytes, for the search results on the LDAP  server.
           The server may impose its own constraints  on possible values.  See
           your LDAP server documentation. The default is  zero,  which  means
           unlimited. Only integer values are allowed.



       nisplusLDAPfollowReferral

           Determines  if the rpc.nisd should follow referrals or not.  Recog-
           nized values are yes and no. The default value is no.



       nisplusNumberOfServiceThreads

           Sets the maximum number of RPC service threads  that  the  rpc.nisd
           may  use.  Note that the rpc.nisd may create additional threads for
           certain tasks, so that the actual  number of threads running may be
           larger than the nisplusNumberOfServiceThreads value.

           The  value  of  this  attribute  is a decimal integer from  zero to
           (2**31)-1, inclusive. Zero, which is the default,  sets the  number
           of  service threads to three plus the number of CPUs available when
           the rpc.nisd daemon starts. For example:


           nisplusNumberOfServiceThreads=16



       The following attributes specify the action to be taken when some event
       occurs. The values are all of the form event=action. The default action
       is the first one listed for each event.

       nisplusLDAPinitialUpdateAction

           Provides the optional capability to update all NIS+ data from LDAP,
           or  vice versa, when the rpc.nisd starts. Depending on various fac-
           tors such as both NIS+ and LDAP server and network performance,  as
           well  as  the  amount  of  data to be uploaded or downloaded, these
           operations can consume very significant CPU and  memory  resources.
           During  upload  and  download,  the rpc.nisd has not yet registered
           with rpcbind, and provides no NIS+ service. When data is downloaded
           from LDAP, any new items added to the rpc.nisd's database get a TTL
           as for an initial load. See the description for the  nisplusLDAPen-
           tryTtl attribute on NIS+LDAPmapping(4).


           none

               No initial update in either direction. This is the default.




           from_ldap

               Causes  the  rpc.nisd  to  fetch  data  for all NIS+ objects it
               serves, and for which mapping entries are available,  from  the
               LDAP repository.



           to_ldap

               The rpc.nisd writes all NIS+ objects for which it is the master
               server, and for which mapping entries  are  available,  to  the
               LDAP repository.



       nisplusLDAPinitialUpdateOnly

           Use in conjunction with nisplusLDAPinitialUpdateAction.


           no

               Following the initial update, the rpc.nisd  starts serving NIS+
               requests. This is the default.




           yes

               The rpc.nisd exits after the initial  update.   This  value  is
               ignored  if specified together with nisplusLDAPinitialUpdateAc-
               tion=none.



       nisplusLDAPretrieveErrorAction

           If an error occurs while trying to retrieve an entry from LDAP, one
           of the following actions can be selected:


           use_cached

               Action according to nisplusLDAPrefreshError  below. This is the
               default.




           retry

               Retry the retrieval  the  number  of  time  specified  by  nis-
               plusLDAPretrieveErrorAttempts,  with the nisplusLDAPretrieveEr-
               rorTimeout value controlling the wait between each attempt.



           try_again
           unavail
           no_such_name

               Return NIS_TRYAGAIN, NIS_UNAVAIL,  or  NIS_NOSUCHNAME,  respec-
               tively,  to  the  client.  Note that the client code may not be
               prepared for this and can react in unexpected ways.





       nisplusLDAPretrieveErrorAttempts

           The number of times a  failed  retrieval  should  be  retried.  The
           default is unlimited. The nisplusLDAPretrieveErrorAttempts value is
           ignored unless nisplusLDAPretrieveErrorAction=retry.



       nisplusLDAPretrieveErrorTimeout

           The timeout (in seconds) between each new attempt to retrieve  LDAP
           data.  The  default  is  15  seconds.  The value for nisplusLDAPre-
           trieveErrorTimeout is ignored  unless   nisplusLDAPretrieveErrorAc-
           tion=retry.



       nisplusLDAPstoreErrorAction

           An  error  occured  while trying to store data to  the LDAP reposi-
           tory.


           retry

               Retry operation nisplusLDAPstoreErrorAttempts times  with  nis-
               plusLDAPstoreErrorTimeout  seconds  between  each attempt. Note
               that this may tie up a thread in the rpc.nisd daemon.




           system_error

               Return NIS_SYSTEMERROR to the client.



           unavail

               Return NIS_UNAVAIL to the client. Note that the client code may
               not be prepared for this and can react in unexpected ways.



       nisplusLDAPstoreErrorAttempts

           The  number  of  times a failed attempt to store should be retried.
           The default is unlimited. The  value  for  nisplusLDAPstoreErrorAt-
           tempts is ignored unless nisplusLDAPstoreErrorAction=retry.



       nisplusLDAPstoreErrortimeout

           The  timeout,  in  seconds,  between each new attempt to store LDAP
           data. The default is 15 seconds.  The  nisplusLDAPstoreErrortimeout
           value is ignored unless nisplusLDAPstoreErrorAction=retry.



       nisplusLDAPrefreshErrorAction

           An error occured while trying to refresh a cache entry.


           continue_using

               Continue  using expired cache entry,  if one is available. Oth-
               erwise, the  action is retry. This is the default.




           retry

               Retry operation nisplusLDAPrefreshErrorAttempts times with nis-
               plusLDAPrefreshErrorTimeout  seconds between each attempt. Note
               that this may tie up a thread in the rpc.nisd daemon.



           cache_expired
           tryagain

               Return NIS_CACHEEXPIRED or NIS_TRYAGAIN, respectively,  to  the
               client.  Note that the client code may not be prepared for this
               and could  can react in unexpected ways.




       nisplusLDAPrefreshErrorAttempts

           The number of times a failed refresh should be retried. The default
           is unlimited. This applies to the retry and continue_using actions,
           but for the latter, only when there is no cached entry.



       nisplusLDAPrefreshErrorTimeout

           The timeout (in seconds) between each new attempt to refresh  data.
           The  default  is 15 seconds. The value for nisplusLDAPrefreshError-
           Timeout applies to the retry and continue_using actions.



       nisplusThreadCreationErrorAction

           The action to take when an error occured while trying to  create  a
           new thread. This only applies to threads controlled by the rpc.nisd
           daemon not to RPC service threads. An example of threads controlled
           by  the  rpc.nisd  daemon are those created to serve nis_list(3NSL)
           with callback, as used by niscat(1) to enumerate tables.


           pass_error

               Pass on the thread creation error to the client, to the  extent
               allowed   by the available NIS+ error codes. The error might be
               NIS_NOMEMORY, or another resource shortage error.  This  action
               is the default.




           retry

               Retry operation nisplusThreadCreationErrorAttempts times, wait-
               ing  nisplusThreadCreationErrorTimeout  seconds  between   each
               attempt.  Note  that  this  may tie up a thread in the rpc.nisd
               daemon.



       nisplusThreadCreationErrorAttempts

           The number of times a failed thread creation should be retried. The
           default  is  unlimited. The value for nisplusThreadCreationErrorAt-
           tempts  is  ignored   unless   the    nisplusThreadCreationErrorAc-
           tion=retry.



       nisplusThreadCreationErrorTimeout

           The number of seconds to wait between each new attempt  to create a
           thread. The default is 15 seconds. Ignored unless nisplusThreadCre-
           ationErrorAction=retry.



       nisplusDumpError

           An  error  occured during a full dump of a NIS+ directory  from the
           master to a replica. The replica can:


           retry

               Retry operation nisplusDumpErrorAttempts  times   waiting  nis-
               plusDumpErrorTimeout  seconds  between  each attempt. Note that
               this may tie up a thread in the rpc.nisd.




           rollback

               Try to roll back the changes made so far  before  retrying  per
               the  retry action. If the rollback fails or cannot be performed
               due to the selected ResyncServiceAction level, the retry action
               is selected.



       nisplusDumpErrorAttempts

           The  number  of  times  a failed full dump should be retried.   The
           default is unlimited. When the number of retry  attempts  has  been
           used up, the full dump is abandoned, and will not  be retried again
           until a resync fails because no update time  is available.



       nisplusDumpErrorTimeout

           The number of seconds to wait between each  attempt  to  execute  a
           full dump. The default is 120 seconds.



       nisplusResyncService

           Type  of  NIS+  service  to be provided by a replica during resync,
           that is, data transfer from  NIS+  master  to  NIS+  replica.  This
           includes both partial and full resyncs.


           from_copy

               Service is provided from a copy of the directory to be resynced
               while the resync is in progress. Rollback is   possible  if  an
               error  occurs.  Note  that  making  a copy of the directory may
               require a significant amount of time, depending on the size  of
               the  tables  in the directory and available memory  on the sys-
               tem.




           directory_locked

               While the resync for a directory is in progress, it  is  locked
               against  access.  Operations to the directory are blocked until
               the resync is done. Rollback is not possible.



           from_live

               The replica database is updated in  place. Rollback is not pos-
               sible.  If there are dependencies between individual updates in
               the resync, clients may  be  exposed  to  data  inconsistencies
               during the resync. In particular, directories
                or tables may disappear for a time during a full dump.



       nisplusUpdateBatching

           How updates should be batched together on the master.


           accumulate

               Accumulate  updates  for at least  nisplusUpdateBatchingTimeout
               seconds. Any update  that  comes  in  before  the  timeout  has
               occured  will reset the timeout counter. Thus, a steady  stream
               of updates less than nisplusUpdateBatchingTimeout seconds apart
               could delay pinging  replicas indefinitely.




           bounded_accumulate

               Accumulate  updates  for  at least nisplusUpdateBatchingTimeout
               seconds. The default value for timeout is 120 seconds. Incoming
               updates  do  not reset the timeout counter, so replicas will be
               informed once the initial timeout has expired.



           none

               Updates are not batched. Instead,  replicas are informed  imme-
               diately of any update. While this should  maximize data consis-
               tency between master and replicas, it can also cause  consider-
               able overhead on both master and replicas.



       nisplusUpdateBatchingTimeout

           The  minimum time (in seconds) during which to accumulate  updates.
           Replicas will not be pinged during this time.  The default  is  120
           seconds.



       nisplusLDAPmatchFetchAction

           A NIS+ match operation, that is, any search other than a table enu-
           meration, will encounter one of the following situations:


               1.  Table believed to be entirely  in  cache,  and  all  cached
                   entries  are  known to be valid. The cached  tabled data is
                   authoritative for the match operation.


               2.  Table wholly or partially cached, but there may be individ-
                   ual entries that have timed out.


               3.  No cached entries for the table. Always attempt to retrieve
                   matching data from LDAP.


           When the table is wholly or partially cached, the  action  for  the
           nisplusLDAPmatchFetchAction  attribute  controls whether or not the
           LDAP repository is  searched:


           no_match_only           Only go to LDAP when there is no  match  at
                                   all  on  the  search  of the available NIS+
                                   data, or the match includes  at  least  one
                                   entry that has timed out.




           always                  Always make an LDAP lookup.



           never                   Never make an LDAP lookup.



       nisplusMaxRPCRecordSize

           Sets  the maximum RPC record size that NIS+ can use over connection
           oriented transports. The minimum record size is 9000, which is  the
           default.  The default value will be used in place of any value less
           than 9000. The value of this attribute is a  decimal  integer  from
           9000 to 2**31, inclusive.



   Storing Configuration Attributes in LDAP
       Most  attributes  described  on  this  man  page, as well as those from
       NIS+LDAPmapping(4), can be stored in LDAP. In order to do so, you  will
       need  to  add  the following definitions to your LDAP server, which are
       described here in LDIF format suitable for  use  by  ldapadd(1).    The
       attribute and object class OIDs are examples only.

       dn: cn=schema
       changetype: modify
       add: attributetypes
       OIDattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' \
                 DESC 'Default LDAP base DN used by a DUA' \
                 EQUALITY distinguishedNameMatch \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' \
                 DESC 'Preferred LDAP server host addresses used by DUA' \
                 EQUALITY caseIgnoreMatch \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' \
                 DESC 'Authentication method used to contact the DSA' \
                 EQUALITY caseIgnoreMatch \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )



       dn: cn=schema
       changetype: modify
       add: attributetypes
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.0 \
                 NAME 'nisplusLDAPTLS' \
                 DESC 'Transport Layer Security' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.1 \
                 NAME 'nisplusLDAPTLSCertificateDBPath' \
                 DESC 'Certificate file' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.2 \
                 NAME 'nisplusLDAPproxyUser' \
                 DESC 'Proxy user for data store/retrieval' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.3 \
                 NAME 'nisplusLDAPproxyPassword' \
                 DESC 'Password/key/shared secret for proxy user' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.4 \
                 NAME 'nisplusLDAPinitialUpdateAction' \
                 DESC 'Type of initial update' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.5 \
                 NAME 'nisplusLDAPinitialUpdateOnly' \
                 DESC 'Exit after update ?' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.6 \
                 NAME 'nisplusLDAPretrieveErrorAction' \
                 DESC 'Action following an LDAP search error' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.7 \
                 NAME 'nisplusLDAPretrieveErrorAttempts' \
                 DESC 'Number of times to retry an LDAP search' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.8 \
                 NAME 'nisplusLDAPretrieveErrorTimeout' \
                 DESC 'Timeout between each search attempt' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.9 \
                 NAME 'nisplusLDAPstoreErrorAction' \
                 DESC 'Action following an LDAP store error' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.10 \
                 NAME 'nisplusLDAPstoreErrorAttempts' \
                 DESC 'Number of times to retry an LDAP store' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.11 \
                 NAME 'nisplusLDAPstoreErrorTimeout' \
                 DESC 'Timeout between each store attempt' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.12 \
                 NAME 'nisplusLDAPrefreshErrorAction' \
                 DESC 'Action when refresh of NIS+ data from LDAP fails' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.13 \
                 NAME 'nisplusLDAPrefreshErrorAttempts' \
                 DESC 'Number of times to retry an LDAP refresh' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.14 \
                 NAME 'nisplusLDAPrefreshErrorTimeout' \
                 DESC 'Timeout between each refresh attempt' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.15 \
                 NAME 'nisplusNumberOfServiceThreads' \
                 DESC 'Max number of RPC service threads' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.16 \
                 NAME 'nisplusThreadCreationErrorAction' \
                 DESC 'Action when a non-RPC-service thread creation fails' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.17 \
                 NAME 'nisplusThreadCreationErrorAttempts' \
                 DESC 'Number of times to retry thread creation' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.18 \
                 NAME 'nisplusThreadCreationErrorTimeout' \
                 DESC 'Timeout between each thread creation attempt' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.19 \
                 NAME 'nisplusDumpErrorAction' \
                 DESC 'Action when a NIS+ dump fails' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.20 \
                 NAME 'nisplusDumpErrorAttempts' \
                 DESC 'Number of times to retry a failed dump' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.21 \
                 NAME 'nisplusDumpErrorTimeout' \
                 DESC 'Timeout between each dump attempt' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.22 \
                 NAME 'nisplusResyncService' \
                 DESC 'Service provided during a resync' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.23 \
                 NAME 'nisplusUpdateBatching' \
                 DESC 'Method for batching updates on master' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.24 \
                 NAME 'nisplusUpdateBatchingTimeout' \
                 DESC 'Minimum time to wait before pinging replicas' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.25 \
                 NAME 'nisplusLDAPmatchFetchAction' \
                 DESC 'Should pre-fetch be done ?' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.26 \
                 NAME 'nisplusLDAPbaseDomain' \
                 DESC 'Default domain name used in NIS+/LDAP mapping' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.27 \
                 NAME 'nisplusLDAPdatabaseIdMapping' \
                 DESC 'Defines a database id for a NIS+ object' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.28 \
                 NAME 'nisplusLDAPentryTtl' \
                 DESC 'TTL for cached objects derived from LDAP' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.29 \
                 NAME 'nisplusLDAPobjectDN' \
                 DESC 'Location in LDAP tree where NIS+ data is stored' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.30 \
                 NAME 'nisplusLDAPcolumnFromAttribute' \
                 DESC 'Rules for mapping LDAP attributes to NIS+ columns' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
       attributetypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.18.31 \
                 NAME 'nisplusLDAPattributeFromColumn' \
                 DESC 'Rules for mapping NIS+ columns to LDAP attributes' \
                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

       dn: cn=schema
       changetype: modify
       add: objectclasses
       objectclasses:  ( 1.3.6.1.4.1.42.2.27.5.42.42.19.0 NAME 'nisplusLDAPconfig' \
                 DESC 'NIS+/LDAP mapping configuration' \
                 SUP top STRUCTURAL MUST ( cn ) \
                 MAY ( preferredServerList $ defaultSearchBase $
                   authenticationMethod $ nisplusLDAPTLS $
                   nisplusLDAPTLSCertificateDBPath $
                   nisplusLDAPproxyUser $ nisplusLDAPproxyPassword $
                   nisplusLDAPinitialUpdateAction $
                   nisplusLDAPinitialUpdateOnly $
                   nisplusLDAPretrieveErrorAction $
                   nisplusLDAPretrieveErrorAttempts $
                   nisplusLDAPretrieveErrorTimeout $
                   nisplusLDAPstoreErrorAction $
                   nisplusLDAPstoreErrorAttempts $
                   nisplusLDAPstoreErrorTimeout $
                   nisplusLDAPrefreshErrorAction $
                   nisplusLDAPrefreshErrorAttempts $
                   nisplusLDAPrefreshErrorTimeout $
                   nisplusNumberOfServiceThreads $
                   nisplusThreadCreationErrorAction $
                   nisplusThreadCreationErrorAttempts $
                   nisplusThreadCreationErrorTimeout $
                   nisplusDumpErrorAction $
                   nisplusDumpErrorAttempts $
                   nisplusDumpErrorTimeout $
                   nisplusResyncService $ nisplusUpdateBatching $
                   nisplusUpdateBatchingTimeout $
                   nisplusLDAPmatchFetchAction $
                   nisplusLDAPbaseDomain $
                   nisplusLDAPdatabaseIdMapping $
                   nisplusLDAPentryTtl $
                   nisplusLDAPobjectDN $
                   nisplusLDAPcolumnFromAttribute $
                   nisplusLDAPattributeFromColumn ) )


       Create  a  file  containing  the  following  LDIF data. Substitute your
       actual search base for searchBase, and your fully qualified domain name
       for domain:

       dn: cn=domain,searchBase
       cn: domain
       objectClass: top
       objectClass: nisplusLDAPconfig


       Use this file as input to the ldapadd(1) command in order to create the
       NIS+/LDAP configuration entry. Initially, the entry  is empty. You  can
       use the ldapmodify(1) command to add  configuration attributes.

EXAMPLES
       Example 1: Creating a NIS+/LDAP Configuration Entry

       To  set  the  nisplusNumberOfServiceThreads attribute to 32, create the
       following file and use it as input to ldapmodify(1):

       dn: cn=domain,searchBase
       nisplusNumberOfServiceThreads: 32


ATTRIBUTES
       See attributes(5)  for descriptions of the following attributes:


       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).    ATTRIBUTE  TYPEATTRIBUTE  VALUE  AvailabilitySUNWnisr
       Interface StabilityObsolete


SEE ALSO
       nisldapmaptest(1M), rpc.nisd(1M), NIS+LDAPmapping(4), attributes(5)

       System Administration Guide: Naming and Directory Services  (DNS,  NIS,
       and LDAP)



SunOS 5.10                        18 Feb 2003                      rpc.nisd(4)