8322 nl: misleading-indentation
[unleashed/tickless.git] / usr / src / cmd / ypcmd / yp2lscripts / inityp2l.sh
blob1d3ad768a19c071d776dbffb095b93fa991c1f2f
1 #! /usr/bin/ksh
3 # CDDL HEADER START
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
20 # CDDL HEADER END
23 # Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
27 # inityp2l -- Utility to generate YP (NIS) to LDAP
28 # configuration file (/etc/default/ypserv)
29 # and mapping file (/var/yp/NISLDAPmapping)
35 # Displays message corresponding to the argument tag passed.
37 display_msg()
39 case "$1" in
40 usage) cat <<EOF
42 $PROG: [ -m mapping_file ] [ -c config_file ]
43 m <mapping_file> Name of the generated NISLDAP mapping file
44 Default is /var/yp/NISLDAPmapping
45 c <config_file> Name of the generated ypserv configuration file
46 Default is /etc/default/ypserv
48 EOF
50 no_config_file_name_specified) cat <<EOF
52 You have not specified the config file name. You still have the
53 option to skip creating this file, specify a config file name, or
54 continue creating it with the default file name (${CONFIG_FILE}).
56 EOF
58 no_mapping_file_name_specified) cat <<EOF
60 You have not specified the mapping file name. You still have the
61 option to skip creating this file, specify a mapping file name, or
62 continue creating it with the default file name (${MAP_FILE}).
64 EOF
66 new_config_file_name_help) cat <<EOF
68 You can either specify a new file name, or accept the default
69 config file name (${CONFIG_FILE}).
71 It is recommended not to use the default file name since this
72 script just helps with rapid creation of a config file. You
73 should examine it's content before using it.
75 EOF
77 new_mapping_file_name_help) cat <<EOF
79 You can either specify a new file name, or accept the default
80 mapping file name (${MAP_FILE}).
82 It is recommended not to use the default file name since this
83 script just helps with rapid creation of a mapping file. You
84 should examine it's content before using it. And if there are
85 custom maps, then their entries in the mapping file need to be
86 customized too.
88 Also, creation of default mapping file would cause NIS components
89 to work in NIS to LDAP (N2L), rather than traditional NIS, mode
90 when next restarted.
92 EOF
94 backup_config_file) cat <<EOF
96 The config file "${CONFIG_FILE}" already exists. It is strongly
97 recommended that you BACKUP this file before running $PROG.
99 However, even if you continue, you would be given the option to
100 back up this file before it gets overwritten.
104 backup_mapping_file) cat <<EOF
106 The mapping file "${MAP_FILE}" already exists. It is strongly
107 recommended that you BACKUP this file before running $PROG.
109 However, even if you continue, you would be given the option to
110 back up this file before it gets overwritten.
114 warn_n2l_mode) cat <<EOF
116 Warning : Creation of default mapping file (`basename $MAP_FILE`)
117 at default location (`dirname $MAP_FILE`) would cause NIS
118 components to work in NIS to LDAP (N2L) mode, rather than
119 traditional NIS mode, when next restarted.
121 "$PROG" assists with rapid creation of a simple N2L mapping
122 file. The user should examine it's content before using it.
123 For custom maps, this file needs to be customized which can
124 be done using standard text editors.
128 config_auth_method_menu) cat <<EOF
129 The following are the supported Authentication Methods -
130 1 none
131 2 simple
132 3 sasl/cram-md5
133 4 sasl/digest-md5
136 auth_method_menu) cat <<EOF
137 The following are the supported Authentication Methods -
138 1 simple
139 2 sasl/cram-md5
140 3 sasl/digest-md5
143 tls_method_menu) cat <<EOF
144 The following are the supported TLS Methods -
145 1 none
146 2 ssl
149 retrieve_error_action_menu) cat <<EOF
150 The following are the supported actions -
151 1 use_cached
152 2 fail
155 store_error_action_menu) cat <<EOF
156 The following are the supported actions -
157 1 retry
158 2 fail
161 sorry) cat <<EOF
163 HELP - No help is available for this topic.
167 backup_config_file_cont_help) cat <<EOF
169 HELP - Since $PROG will overwrite the existing config file, it is
170 strongly recommended that you backup this file prior to
171 running this utility.
173 However, even if you continue, you would be given the option
174 to back up this file before it gets overwritten.
178 backup_config_file_help) cat <<EOF
180 HELP - If you choose to backup the existing config file, it would be
181 saved with current date and time suffix in yymmdd.HH.MM.SS format.
185 backup_mapping_file_cont_help) cat <<EOF
187 HELP - Since $PROG will overwrite the existing mapping file, it is
188 strongly recommended that you backup this file prior to running
189 this utility.
191 However, even if you continue, you would be given the option to
192 back up this file before it gets overwritten.
196 backup_mapping_file_help) cat <<EOF
198 HELP - If you choose to backup the existing mapping file, it would be
199 saved with current date and time suffix in yymmdd.HH.MM.SS format.
203 warn_n2l_mode_help) cat <<EOF
205 HELP - It is strongly recommended that the mapping file is created at
206 non-default location (other than `dirname $MAP_FILE`). After this,
207 it's content should be verified, custom maps should be handled,
208 and if NIS components are desired to run in NIS to LDAP (N2L),
209 then only it should be copied at the default location.
213 nisLDAPconfigDN_help) cat <<EOF
215 HELP - The DN which stores the configuration information in LDAP.
216 There is no default value for this field. Leave empty or
217 undefined to get this information from config file (ypserv).
221 nisLDAPconfigPreferredServerList_help) cat <<EOF
223 HELP - List of directory servers to provide the configuration
224 information. There is no default. The preferred servers
225 must be entered IN THE ORDER you wish to have them contacted.
226 The preferred server list is a space separated list of IP
227 addresses. Providing port numbers is optional, and when not
228 supplied, port 389 is assumed. For an LDAP server running
229 on this machine, at port 389, use "127.0.0.1:389".
233 auth_help) cat <<EOF
235 HELP - The authentication method to be used to obtain information
236 from LDAP server. The supported methods are provided in menu.
240 tls_help) cat <<EOF
242 HELP - The transport layer security used for connection to the LDAP
243 server. In order to successfully use transport layer security,
244 the server must also support the chosen values. The supported
245 methods are provided in menu. Default is "$DEF_TLS".
249 TLSCertificateDBPath_help) cat <<EOF
251 HELP - The absolute path name of the directory containing the certificate
252 database. The default value is "$DEF_TLSCertificateDBPath"
256 nisLDAPconfigProxyUser_help) cat <<EOF
258 HELP - The bind DN of the proxy user used to obtain configuration
259 information. There is no default value. If the value ends
260 with a comma, the value of the nisLDAPconfigDN attribute
261 is appended.
265 ProxyPassword_warn) cat <<EOF
267 Warning : In order to avoid having this password publicly visible
268 on the machine, the password should appear only in the
269 configuration file, and the file should have an appropriate
270 owner, group, and file mode.
272 So, once this file is ready, please modify appropriately
273 to make sure this file is well protected.
277 preferredServerList_help) cat <<EOF
279 HELP - List of directory servers for mapping data to/from LDAP.
280 There is no default. The preferred servers must be entered
281 IN THE ORDER you wish to have them contacted. The preferred
282 server list is a space separated list of IP addresses.
283 Providing port numbers is optional, and when not supplied,
284 port 389 is assumed. For an LDAP server running on this
285 machine, at port 389, use "127.0.0.1:389".
289 nisLDAPproxyUser_help) cat <<EOF
291 HELP - The bind DN of the proxy user the ypserv to read or write
292 from or to LDAP. Assumed to have the appropriate permission
293 to read and modify LDAP data. There is no default value. If
294 the value ends with a comma, the value of the context for
295 the current domain (as defined by a nisLDAPdomainContext
296 attribute (NISLDAPmapping(4))) is appended.
300 nisLDAPbindTimeout_help) cat <<EOF
302 HELP - The amount of time in seconds after which an LDAP bind operation
303 will timeout. Default is $DEF_nisLDAPbindTimeout seconds.
304 Decimal values are allowed.
308 nisLDAPsearchTimeout_help) cat <<EOF
310 HELP - The amount of time in seconds after which an LDAP search operation
311 will timeout. Default is $DEF_nisLDAPsearchTimeout seconds.
312 Decimal values are allowed.
316 nisLDAPmodifyTimeout_help) cat <<EOF
318 HELP - The amount of time in seconds after which an LDAP modify operation
319 will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds.
320 Decimal values are allowed.
324 nisLDAPaddTimeout_help) cat <<EOF
326 HELP - The amount of time in seconds after which an LDAP add operation
327 will timeout. Default is $DEF_nisLDAPaddTimeout seconds.
328 Decimal values are allowed.
332 nisLDAPdeleteTimeout_help) cat <<EOF
334 HELP - The amount of time in seconds after which an LDAP delete operation
335 will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds.
336 Decimal values are allowed.
340 nisLDAPsearchTimeLimit_help) cat <<EOF
342 HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which
343 suggests a time limit for the search operation on the LDAP
344 server. The server may impose its own constraints on possible
345 values. See your LDAP server documentation. The default is the
346 nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value.
347 Only integer values are allowed.
349 Since the nisLDAPsearchTimeout limits the amount of time the
350 client ypserv will wait for completion of a search operation,
351 setting the nisLDAPsearchTimeLimit larger than the
352 nisLDAPsearchTimeout is not recommended.
356 nisLDAPsearchSizeLimit_help) cat <<EOF
358 HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which
359 suggests a size limit, in bytes, for the search results on
360 the LDAP server. The server may impose its own constraints
361 on possible values. See your LDAP server documentation. The
362 default is $DEF_nisLDAPsearchSizeLimit, which means unlimited.
363 Only integer values are allowed.
367 nisLDAPfollowReferral_help) cat <<EOF
369 HELP - Determines if the ypserv should follow referrals or not.
370 Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral.
374 nisLDAPretrieveErrorAction_help) cat <<EOF
376 HELP - If an error occurs while trying to retrieve an entry from
377 LDAP, one of the following actions can be selected:
379 use_cached : Retry the retrieval the number of time specified
380 by nisLDAPretrieveErrorAttempts, with the
381 nisLDAPretrieveErrorTimeout value controlling
382 the wait between each attempt.
384 If all attempts fail then log a warning and
385 return the value currently in the cache to the
386 client. This is the default value.
388 fail : Proceed as for 'use_cached' but if all attempts
389 fail return a YPERR_YPERR error to the client.
393 nisLDAPretrieveErrorAttempts_help) cat <<EOF
395 HELP - The number of times a failed retrieval should be retried.
396 The default is unlimited. Note while retries are made, the
397 NIS daemon will be prevented from servicing further requests.
398 Hence, values other than 1 should be used with caution.
402 nisLDAPretrieveErrorTimeout_help) cat <<EOF
404 HELP - The timeout (in seconds) between each new attempt to retrieve
405 LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds.
409 nisLDAPstoreErrorAction_help) cat <<EOF
411 HELP - If an error occurs while trying to store data to the LDAP
412 repository, one of the following actions can be selected :
414 retry : Retry operation nisLDAPstoreErrorAttempts times with
415 nisLDAPstoreErrorTimeout seconds between each attempt.
416 Note while retries are made the NIS daemon will be
417 prevented from servicing further requests. Use with
418 caution. This is the default value.
420 fail : Return YPERR_YPERR error to the client.
424 nisLDAPstoreErrorAttempts_help) cat <<EOF
426 HELP - The number of times a failed attempt to store data to the
427 LDAP repository should be retried. The default is unlimited.
429 The value for nisLDAPstoreErrorAttempts is ignored unless
430 nisLDAPstoreErrorAction=retry.
434 nisLDAPstoreErrorTimeout_help) cat <<EOF
436 HELP - The timeout (in seconds) between each new attempt to store
437 LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds.
439 The value for nisLDAPstoreErrorTimeout is ignored unless
440 nisLDAPstoreErrorAction=retry.
444 selectDomain4N2L_help) cat <<EOF
446 HELP - Whether this domain needs to be served by YP to LDAP transition
447 solution. The default is no in which case the data in this
448 domain would not be taken care for transitioning to LDAP.
452 generate_comment_info_for_cust_map_help) cat <<EOF
454 HELP - If selected, this script will try to add relevant comments
455 in the mapping file which might help in customizing the
456 mapping information for custom maps.
460 generate_mapping_info_for_cust_map_help) cat <<EOF
462 HELP - If selected, this script will try to generate mapping
463 information for this map assuming it is a "simple" map.
465 A map is assumed to be "simple" if each entry of this map
466 has only one "key value" entry in YP, and if each map entry
467 can be represented as a single DIT string in the LDAP server.
469 If this map is not a simple map and you do want to store it
470 in LDAP, you have two options :
472 1 - Answer yes, and this script would generate the mapping
473 information for this map assuming it is a simple map.
474 And once the execution of the script is over, you can
475 customize the mapping information by hand editing the
476 mapping file.
478 2 - Answer no, and this script would not generate mapping
479 info for this map. And once the execution of the script
480 is over, you can include the customized mapping
481 information by hand editing the mapping file.
485 nisLDAPdomainContext_help) cat <<EOF
487 HELP - This parameter defines the context (default location) in
488 the directory tree at which all the name service entries
489 for this particular domain would be stored.
493 nisLDAPyppasswddDomains_help) cat <<EOF
495 HELP - Lists the domains for which password changes should be
496 made. If this is not present then the value returned by
497 'domainname' will be used.
499 NIS password change requests do not specify the domains in
500 which any given password should be changed. (In traditional
501 NIS this information is effectively hard coded in the NIS
502 makefile.)
506 custom_map_comment_char_help) cat <<EOF
508 HELP - If selected, it will allow you to specify a character which
509 would represent the start of the special 'comment' field in
510 a given NIS map. If this attribute is not present then the
511 default comment character '#' is used.
513 If a map cannot contain comments then the blank comment
514 character ('') should be specified (just hit the return key).
518 same_comment_char_help) cat <<EOF
520 HELP - If selected, for a given map, it will allow you to specify
521 a common comment character for all the domains.
523 Or else by selecting NO, for the same map, you would be
524 given the option to specify different comment character
525 for different domains.
529 secure_flag_on_help) cat <<EOF
531 HELP - Secure flag is set on maps which are generated with
532 "makedbm -s". When converting data from LDAP to YP,
533 it adds YP_SECURE entries.
537 secure_flag_all_domains_help) cat <<EOF
539 HELP - If selected, it will allow you to set the secure flag on
540 for this map for all the domains.
542 Or else by selecting NO, you would be given the option to
543 set this flag, for the same map, on per domain basis.
547 interdomain_flag_on_help) cat <<EOF
549 HELP - Interdomain flag is set on a set of maps which are generated
550 with "makedbm -b". It signals NIS servers to use the domain
551 name resolver for host name and address lookups for hosts
552 not found in the maps.
554 If selected, it adds YP_INTERDOMAIN entries in these maps
555 when converting data from LDAP to YP.
559 interdomain_flag_all_domains_help) cat <<EOF
561 HELP - If selected, it will allow you to set the interdomain flag
562 on for all the domains.
564 Or else by selecting NO, you would be given the option to
565 set this flag on per domain basis.
569 initialTTLlo_help) cat <<EOF
571 HELP - The lower limit for the initial TTL (in seconds) for data
572 read from disk when the ypserv starts. If initialTTLhi also
573 is specified, the actual initialTTL will be randomly selected
574 from the interval initialTTLlo to initialTTLhi (inclusive).
576 Leaving the field empty yields the default value of $DEF_iTTLlo.
580 initialTTLhi_help) cat <<EOF
582 HELP - The upper limit for the initial TTL (in seconds).
583 If left empty, defaults to "$DEF_iTTLhi".
587 runningTTL_help) cat <<EOF
589 HELP - The TTL (in seconds) for data retrieved from LDAP while the
590 ypserv is running. If left empty, defaults to "$DEF_runTTL".
594 default_ttl_help) cat <<EOF
596 HELP - The default TTL value for each map is set to :
597 ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}
599 Select yes if you want to change the current TTL value.
603 non_default_same_ttl_help) cat <<EOF
605 HELP - Select yes if you want to set a new TTL value, but want
606 to keep it same for all the maps.
610 non_default_different_ttl_help) cat <<EOF
612 HELP - Select yes if you want to set TTL value for each map, but
613 want to keep it same for all the domains.
617 default_different_ttl_help) cat <<EOF
619 HELP - Select yes if you want to accept the default TTL
620 value for this map.
624 same_ttl_across_domains_help) cat <<EOF
626 HELP - Select yes if you want to set TTL value for the map,
627 but want to keep it same for all the domains.
632 esac
636 # Echo the message passed only if DEBUG is set.
637 # Reduces the line width significantly.
639 d_echo()
641 [ DEBUG -eq 1 ] && echo $@
646 # get_ans(): gets an answer from the user.
647 # $1 instruction/comment/description/question
648 # $2 default value
650 get_ans()
652 if [ -z "$2" ]
653 then
654 echo "$1 \c"
655 else
656 echo "$1 [$2] \c"
659 read ANS
660 if [ -z "$ANS" ]
661 then
662 ANS=$2
668 # get_ans_req(): gets an answer (required) from the user, NULL value not allowed.
669 # $@ instruction/comment/description/question
671 get_ans_req()
673 ANS="" # Set ANS to NULL.
674 while [ "$ANS" = "" ]
676 get_ans "$@"
677 [ "$ANS" = "" ] && echo "NULL value not allowed!"
678 done
683 # get_integer(): Querys and verifies that number entered is integer.
684 # Function will repeat prompt user for integer value.
685 # $1 Message text.
686 # $2 default value.
687 # $3 Help argument.
689 get_integer()
691 ANS="" # Set ANS to NULL.
692 NUM=""
694 get_ans "$1" "$2"
696 # Verify that value is integer.
697 while not_integer $ANS
699 case "$ANS" in
700 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
701 * ) echo "Invalid value: \"${ANS}\". \c"
703 esac
705 # Get a new value.
706 get_ans "Enter an integer value:" "$2"
707 done
708 NUM=$ANS
713 # get_number(): Querys and verifies that number entered is numeric.
714 # Function will repeat prompt user for numeric value.
715 # $1 Message text.
716 # $2 default value.
717 # $3 Help argument.
719 get_number()
721 ANS="" # Set ANS to NULL.
722 NUM=""
724 get_ans "$1" "$2"
726 # Verify that value is numeric.
727 while not_numeric $ANS
729 case "$ANS" in
730 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
731 * ) echo "Invalid value: \"${ANS}\". \c"
733 esac
735 # Get a new value.
736 get_ans "Enter a numeric value:" "$2"
737 done
738 NUM=$ANS
743 # get_pos_int(): Only allows positive integer.
745 # $1 - Prompt message.
746 # $2 - Default value (require).
747 # $3 - Optional help argument.
748 get_pos_int()
750 while :
752 get_integer "$1" "$2" "$3"
754 if [ $ANS -lt 0 ]; then
755 echo "Invalid number: please enter a positive integer."
756 else
757 break # Positive integer
759 done
764 # get_pos_num(): Only allows positive number.
766 # $1 - Prompt message.
767 # $2 - Default value (require).
768 # $3 - Optional help argument.
769 get_pos_num()
771 while :
773 get_number "$1" "$2" "$3"
775 if [ $ANS -lt 0 ]; then
776 echo "Invalid number: please enter a positive number."
777 else
778 break # Positive number
780 done
786 # get_passwd(): Reads a password from the user and verify with second.
787 # $@ instruction/comment/description/question
789 get_passwd()
791 [ $DEBUG -eq 1 ] && echo "In get_passwd()"
793 # Temporary PASSWD variables
794 _PASS1=""
795 _PASS2=""
797 # Handle signals, so that echo can be turned back on if Ctrl-C.
798 trap "/usr/bin/stty echo; exit" 1 2 3 6 15
800 /usr/bin/stty -echo # Turn echo OFF
802 # Endless loop that continues until passwd and re-entered passwd
803 # match.
804 while :
806 ANS="" # Set ANS to NULL.
808 # Don't allow NULL for first try.
809 while [ "$ANS" = "" ]
811 get_ans "$@"
812 [ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!"
813 done
814 _PASS1=$ANS # Store first try.
816 # Get second try.
817 echo ""
818 get_ans "Re-enter passwd:"
819 _PASS2=$ANS
821 # Test if passwords are identical.
822 if [ "$_PASS1" = "$_PASS2" ]; then
823 break
826 # Move cursor down to next line and print ERROR message.
827 echo ""
828 echo "ERROR: passwords don't match; try again."
829 done
831 /usr/bin/stty echo # Turn echo ON
833 # Removed signal handler
834 trap 1 2 3 6 15
836 echo ""
841 # get_passwd_nochk(): Reads a password from the user w/o check.
842 # $@ instruction/comment/description/question
844 get_passwd_nochk()
846 [ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()"
848 # Handle signals, so that echo can be turned back on if Ctrl-C.
849 trap "/usr/bin/stty echo; exit" 1 2 3 6 15
851 /usr/bin/stty -echo # Turn echo OFF
853 get_ans "$@"
855 /usr/bin/stty echo # Turn echo ON
857 # Removed signal handler
858 trap 1 2 3 6 15
860 echo ""
865 # get_confirm(): Get confirmation from the user. (Y/Yes or N/No)
866 # $1 - Message
867 # $2 - default value.
869 get_confirm()
871 _ANSWER=
873 while :
875 # Display Internal ERROR if $2 not set.
876 if [ -z "$2" ]; then
877 echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional."
878 exit 2
881 # Display prompt.
882 echo "$1 [$2] \c"
884 # Get the ANSWER.
885 read _ANSWER
886 if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then
887 _ANSWER=$2
889 case "$_ANSWER" in
890 [Yy] | yes | Yes | YES) return 1 ;;
891 [Nn] | no | No | NO) return 0 ;;
892 [Hh] | help | Help | \?) display_msg ${3:-sorry};;
893 * ) echo "Please enter y or n." ;;
894 esac
895 done
900 # get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No)
901 # No default value supported. Returns 1 for yes.
903 get_confirm_nodef()
905 _ANSWER=
907 while :
909 echo "$@ \c"
910 read _ANSWER
911 case "$_ANSWER" in
912 [Yy] | yes | Yes | YES) return 1 ;;
913 [Nn] | no | No | NO) return 0 ;;
914 * ) echo "Please enter y or n." ;;
915 esac
916 done
921 # is_integer(): Tells if a string is numeric integer.
922 # 0 = Integer
923 # 1 = NOT Integer
925 is_integer()
927 # Check for parameter.
928 if [ $# -ne 1 ]; then
929 return 1
932 # Determine if integer.
933 expr "$1" + 1 > /dev/null 2>&1
935 if [ $? -ge 2 ]; then
936 return 1
939 # Made it here, it's Numeric.
940 return 0
945 # not_integer(): Reverses the return values of is_integer. Useful
946 # for if and while statements that want to test for
947 # non-integer data.
948 # 0 = NOT Integer
949 # 1 = Integer
951 not_integer()
953 is_integer $1
954 if [ $? -eq 0 ]; then
955 return 1
956 else
957 return 0
963 # is_numeric(): Tells if a string is numeric.
964 # 0 = Numeric
965 # 1 = NOT Numeric
967 is_numeric()
969 # Check for parameter.
970 if [ $# -ne 1 ]; then
971 return 1
974 # Determine if numeric.
975 let _NUM="$1 + 1" > /dev/null 2>&1
977 if [ $? -eq 0 ]; then
978 return 0
985 # not_numeric(): Reverses the return values of is_numeric. Useful
986 # for if and while statements that want to test for
987 # non-numeric data.
988 # 0 = NOT Numeric
989 # 1 = Numeric
991 not_numeric()
993 is_numeric $1
994 if [ $? -eq 0 ]; then
995 return 1
996 else
997 return 0
1003 # domain_2_dc(): Convert a domain name into dc string.
1004 # $1 .. Domain name.
1006 domain_2_dc()
1008 _DOM=$1 # Domain parameter.
1009 _DOM_2_DC="" # Return value from function.
1010 _FIRST=1 # Flag for first time.
1012 export _DOM_2_DC # Make visible for others.
1014 # Convert "."'s to spaces for "for" loop.
1015 domtmp="`echo ${_DOM} | tr '.' ' '`"
1016 for i in $domtmp; do
1017 if [ $_FIRST -eq 1 ]; then
1018 _DOM_2_DC="dc=${i}"
1019 _FIRST=0
1020 else
1021 _DOM_2_DC="${_DOM_2_DC},dc=${i}"
1023 done
1028 # is_root_user(): Check to see if logged in as super user.
1030 is_root_user()
1032 case `id` in
1033 uid=0\(root\)*) return 0 ;;
1034 * ) return 1 ;;
1035 esac
1040 # parse_arg(): Parses the command line arguments and sets the
1041 # appropriate variables.
1043 parse_arg()
1045 while getopts ":dm:c:" ARG
1047 case $ARG in
1048 d) DEBUG=1;;
1050 m) MAP_FILE=$OPTARG
1051 MAPPING_FILE_SPECIFIED=1;;
1053 c) CONFIG_FILE=$OPTARG
1054 CONFIG_FILE_SPECIFIED=1;;
1056 \?) echo "**ERROR: Invalid option '$OPTARG'"
1057 display_msg usage
1058 exit 1;;
1059 esac
1060 done
1062 shift `expr $OPTIND - 1`
1063 if [ $# -gt 0 ]; then
1064 echo "**ERROR: wrong usage "
1065 display_msg usage
1066 exit 1
1072 # present() : Checks if the first argument exists in the
1073 # argument list. Returns 0 if found, else 1.
1075 present ()
1077 _ELEMENT=$1
1079 shift
1080 ARG_LIST=$@
1082 for item in $ARG_LIST
1084 [ "$_ELEMENT" = "$item" ] && return 0
1085 done
1087 # If reached here, then the clement does not exist
1088 return 1
1093 # remove() : Returns a new string after removing the first
1094 # argument in the argument list.
1096 remove ()
1098 _ELEMENT=$1
1100 shift
1101 ARG_LIST=$@
1103 NEW_LIST=""
1105 for item in $ARG_LIST
1107 [ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item"
1108 done
1110 echo $NEW_LIST
1111 return 0
1116 # merge_lists() : Returns a list after merging elements
1117 # (uniquely) supplied in the argument list.
1119 merge_lists()
1121 MERGED_LIST=""
1123 for _VAR in "$@"
1125 if ! present $_VAR $MERGED_LIST; then
1126 MERGED_LIST="$MERGED_LIST $_VAR"
1128 done
1130 echo $MERGED_LIST
1131 return 0
1136 # init(): initializes variables and options
1138 init()
1140 # General variables.
1141 DEBUG=0 # Set Debug OFF
1143 MAPPING_FILE_SPECIFIED=0 # No file name passed
1144 CONFIG_FILE_SPECIFIED=0 # No file name passed
1146 # Prevent others from snooping
1147 umask 077
1149 # Set default config and mapping files.
1150 DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping"
1151 DEFAULT_CONFIG_FILE="/etc/default/ypserv"
1153 MAP_FILE="$DEFAULT_MAP_FILE"
1154 CONFIG_FILE="$DEFAULT_CONFIG_FILE"
1156 # Set and create TMPDIR. Use a safe place to discourage hackers.
1157 TMPDIR="/var/yp/inityp2l"
1159 # Temporary file names to be used to prevent system starting in
1160 # N2L mode in case something goes wrong during file creation.
1161 TMPCONF="ypserv-tmp"
1162 TMPMAP="NISLDAPmapping-tmp"
1164 # Remove if the temp directory has been leftover
1165 [ -d "$TMPDIR" ] && rm -rf $TMPDIR
1166 mkdir $TMPDIR
1167 if [ $? -ne 0 ]; then
1168 echo ERROR : Failed to create temp directory $TMPDIR
1169 exit 1
1172 # Initialize the default NIS maps.
1173 DEFAULT_NIS_MAPS="passwd.byname
1174 passwd.byuid
1175 group.byname
1176 group.bygid
1177 hosts.byaddr
1178 hosts.byname
1179 ipnodes.byaddr
1180 ipnodes.byname
1181 ethers.byaddr
1182 ethers.byname
1183 networks.byaddr
1184 networks.byname
1185 rpc.bynumber
1186 services.byname
1187 services.byservicename
1188 printers.conf.byname
1189 project.byname
1190 project.byprojid
1191 protocols.byname
1192 protocols.bynumber
1193 netgroup
1194 netgroup.byuser
1195 netgroup.byhost
1196 bootparams
1197 mail.aliases
1198 mail.byaddr
1199 publickey.byname
1200 netid.byname
1201 netmasks.byaddr
1202 passwd.adjunct.byname
1203 group.adjunct.byname
1204 timezone.byname
1205 auth_attr
1206 exec_attr
1207 prof_attr
1208 user_attr
1209 audit_user
1210 auto.master
1211 auto.home
1212 ypservers"
1214 set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS
1216 # The default TTL maps in database ID format.
1217 DEF_TTL_MAPLIST="audit_user
1218 auto.home
1219 auto.master
1220 auth_attr
1221 bootparams
1222 ethers
1223 exec_attr
1224 group
1225 group.adjunct.byname
1226 keys.host
1227 keys.pass
1228 keys.nobody
1229 hosts
1230 multihosts
1231 ipnodes
1232 multiipnodes
1233 netgroup
1234 networks
1235 passwd
1236 passwd.adjunct.byname
1237 printers.conf.byname
1238 prof_attr
1239 project
1240 protocols
1241 services
1242 mail.aliases
1243 mail.mapping
1244 netid.host
1245 netid.pass
1246 netmasks.byaddr
1247 rpc.bynumber
1248 ageing.byname
1249 timezone.byname
1250 user_attr
1251 ypservers"
1254 # Initialize default values for config parameters.
1256 configDN_flag=0
1257 DEF_nisLDAPconfigDN=""
1258 DEF_TLS=none
1259 DEF_TLSCertificateDBPath=/var/yp/
1260 DEF_nisLDAPbindTimeout=15
1261 DEF_nisLDAPsearchTimeout=180
1262 DEF_nisLDAPmodifyTimeout=15
1263 DEF_nisLDAPaddTimeout=15
1264 DEF_nisLDAPdeleteTimeout=15
1265 DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout}
1266 DEF_nisLDAPsearchSizeLimit=0
1267 DEF_nisLDAPfollowReferral=no
1268 DEF_nisLDAPretrieveErrorAction=use_cached
1270 # The default is unlimited, but since it prevents the NIS daemon,
1271 # from servicing further requests, set 1 as the suggested value.
1272 SUG_nisLDAPretrieveErrorAttempts=1
1273 DEF_nisLDAPretrieveErrorTimeout=15
1274 DEF_nisLDAPstoreErrorAction=retry
1276 # The default is unlimited, but set 1 as the suggested value.
1277 SUG_nisLDAPstoreErrorAttempts=1
1278 DEF_nisLDAPstoreErrorTimeout=15
1280 # Default TTL values (in seconds) for NIS MAPS for mapping file.
1281 DEF_iTTLlo=1800
1282 DEF_iTTLhi=5400
1283 DEF_runTTL=3600
1289 # config_auth_menu_handler(): Enter the authentication method
1290 # for config server.
1292 config_auth_menu_handler()
1294 # Display Auth menu
1295 display_msg config_auth_method_menu
1297 # Get a Valid choice.
1298 while :
1300 # Display appropriate prompt and get answer.
1301 get_ans_req " Choose one Authentication Method (h=help):"
1303 # Determine choice.
1304 _MENU_CHOICE=$ANS
1305 case "$_MENU_CHOICE" in
1306 1) _AUTHMETHOD="none"
1307 break ;;
1308 2) _AUTHMETHOD="simple"
1309 break ;;
1310 3) _AUTHMETHOD="sasl/cram-md5"
1311 break ;;
1312 4) _AUTHMETHOD="sasl/digest-md5"
1313 break ;;
1314 h) display_msg auth_help ;;
1315 *) echo "Please enter 1-4, or h=help." ;;
1316 esac
1317 done
1322 # auth_menu_handler(): Enter the Authentication method for LDAP server.
1324 auth_menu_handler()
1326 # Display Auth menu
1327 display_msg auth_method_menu
1329 # Get a Valid choice.
1330 while :
1332 # Display appropriate prompt and get answer.
1333 get_ans_req " Choose one Authentication Method (h=help):"
1335 # Determine choice.
1336 _MENU_CHOICE=$ANS
1337 case "$_MENU_CHOICE" in
1338 1) _AUTHMETHOD="simple"
1339 break ;;
1340 2) _AUTHMETHOD="sasl/cram-md5"
1341 break ;;
1342 3) _AUTHMETHOD="sasl/digest-md5"
1343 break ;;
1344 h) display_msg auth_help ;;
1345 *) echo "Please enter 1-3, or h=help." ;;
1346 esac
1347 done
1352 # tls_menu_handler(): Enter the transport layer security
1354 tls_menu_handler()
1356 # Display TLS menu
1357 display_msg tls_method_menu
1359 # Get a Valid choice.
1360 while :
1362 # Display appropriate prompt and get answer.
1363 # Default value is "none".
1365 get_ans " Choose one Transport Layer Security Method (h=help):" "1"
1367 # Determine choice.
1368 _MENU_CHOICE=$ANS
1369 case "$_MENU_CHOICE" in
1370 1) _TLSMETHOD="none"
1371 break ;;
1372 2) _TLSMETHOD="ssl"
1373 break ;;
1374 h) display_msg tls_help ;;
1375 *) echo "Please enter 1, 2, or h=help." ;;
1376 esac
1377 done
1382 # retrieve_error_action_menu_handler(): Enter the retrieve error action
1384 retrieve_error_action_menu_handler()
1386 # Display retrieve error action menu
1387 display_msg retrieve_error_action_menu
1389 # Get a Valid choice.
1390 while :
1392 # Display appropriate prompt and get answer. use_cached is default
1393 get_ans " Choose one retrieval error action (h=help):" "1"
1395 # Determine choice.
1396 _MENU_CHOICE=$ANS
1397 case "$_MENU_CHOICE" in
1398 1) _RET_ERR_ACT="use_cached"
1399 break ;;
1400 2) _RET_ERR_ACT="fail"
1401 break ;;
1402 h) display_msg nisLDAPretrieveErrorAction_help ;;
1403 *) echo "Please enter 1, 2, or h=help." ;;
1404 esac
1405 done
1410 # store_error_action_menu_handler(): Enter the store error action
1412 store_error_action_menu_handler()
1414 # Display store error action menu
1415 display_msg store_error_action_menu
1417 # Get a Valid choice.
1418 while :
1420 # Display appropriate prompt and get answer. retry is default
1421 get_ans " Choose one store error action (h=help):" "1"
1423 # Determine choice.
1424 _MENU_CHOICE=$ANS
1425 case "$_MENU_CHOICE" in
1426 1) _STOR_ERR_ACT="retry"
1427 break ;;
1428 2) _STOR_ERR_ACT="fail"
1429 break ;;
1430 h) display_msg nisLDAPstoreErrorAction_help ;;
1431 *) echo "Please enter 1, 2, or h=help." ;;
1432 esac
1433 done
1438 # cleanup(): Remove the TMPDIR and all files in it.
1440 cleanup()
1442 [ $DEBUG -eq 1 ] && echo "In cleanup()"
1444 # Leave the temp directory if debug is set
1445 [ $DEBUG -eq 0 ] && rm -rf $TMPDIR
1449 # Save existing config file if elected
1450 check_back_config_file()
1452 if [ -f $CONFIG_FILE ]; then
1453 display_msg backup_config_file
1455 get_confirm "Do you wish to continue (y/n/h)?" \
1456 "n" "backup_config_file_cont_help"
1458 if [ $? -eq 0 ]; then # if No, cleanup and exit.
1459 cleanup ; exit 1
1462 get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \
1463 "y" "backup_config_file_help"
1465 if [ $? -eq 1 ]; then # Save the old config file with timestamp
1467 # SCCS converts '% H %' (without spaces) in current date during putback.
1468 # So use some other combination.
1469 SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
1471 cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX}
1472 echo " Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}"
1478 # Save existing mapping file if elected
1479 check_back_mapping_file()
1481 if [ -f $MAP_FILE ]; then
1482 display_msg backup_mapping_file
1484 get_confirm "Do you wish to continue (y/n/h)?" \
1485 "n" "backup_mapping_file_cont_help"
1487 if [ $? -eq 0 ]; then # if No, cleanup and exit.
1488 cleanup ; exit 1
1491 get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \
1492 "y" "backup_mapping_file_help"
1494 if [ $? -eq 1 ]; then # if Yes, save the old map file with timestamp
1496 # SCCS converts '% H %' (without spaces) in current date during putback.
1497 # So use some other combination.
1498 SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
1500 cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX}
1501 echo " Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}"
1504 else
1505 if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then
1506 display_msg warn_n2l_mode
1508 get_confirm "Do you wish to continue (y/n/h)?" \
1509 "n" "warn_n2l_mode_help"
1511 if [ $? -eq 0 ]; then
1512 cleanup ; exit 1
1519 put_config_file_copyright_info()
1522 # Start with an empty file, so don't append, but overwrite here.
1523 # Just change the name, but keep the same date and version number
1524 # as in the ident string of this script.
1526 grep "ident \"@(#)$PROG" $ABS_PROG | \
1527 sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE
1529 echo "\
1531 # CDDL HEADER START
1533 # The contents of this file are subject to the terms of the
1534 # Common Development and Distribution License (the "License").
1535 # You may not use this file except in compliance with the License.
1537 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1538 # or http://www.opensolaris.org/os/licensing.
1539 # See the License for the specific language governing permissions
1540 # and limitations under the License.
1542 # When distributing Covered Code, include this CDDL HEADER in each
1543 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1544 # If applicable, add the following below this CDDL HEADER, with the
1545 # fields enclosed by brackets "[]" replaced with your own identifying
1546 # information: Portions Copyright [yyyy] [name of copyright owner]
1548 # CDDL HEADER END
1551 # Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
1553 " >> $MAP_FILE
1557 get_nisLDAPconfigDN()
1559 while :
1562 get_ans "DN for configuration information (h=help):"
1564 # If help continue, otherwise break.
1565 case "$ANS" in
1566 [Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;;
1567 * ) break ;;
1568 esac
1569 done
1571 nisLDAPconfigDN="${ANS}"
1573 # Store in config file only if a non-default value is specified.
1574 if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then
1575 echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE
1578 # Ask remaining config server related questions only if this
1579 # DN is set. So, if a value is specified, set a flag.
1581 [ "$ANS" != "" ] && configDN_flag=1
1585 get_nisLDAPconfigPreferredServerList()
1587 while :
1590 get_ans_req "Preferred server list for configuration information (h=help):"
1592 # If help continue, otherwise break.
1593 case "$ANS" in
1594 [Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;;
1595 * ) break ;;
1596 esac
1597 done
1599 nisLDAPconfigPreferredServerList=${ANS}
1600 echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE
1604 get_nisLDAPconfigAuthenticationMethod()
1606 _AUTHMETHOD=""
1608 echo "Select the Authentication Method for configuration server :"
1609 config_auth_menu_handler
1611 nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}
1612 echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
1616 get_nisLDAPconfigTLS()
1618 _TLSMETHOD=""
1620 echo "Select the Transport Layer Security (TLS) for configuration server :"
1621 tls_menu_handler
1623 nisLDAPconfigTLS=${_TLSMETHOD}
1625 # Store in config file only if a non-default value is specified.
1626 if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
1627 echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE
1632 get_nisLDAPconfigTLSCertificateDBPath()
1634 while :
1637 get_ans "Path with TLS Certificate DB for configuration server (h=help):"\
1638 "${DEF_TLSCertificateDBPath}"
1640 # If help continue, otherwise break.
1641 case "$ANS" in
1642 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
1643 * ) break ;;
1644 esac
1645 done
1647 nisLDAPconfigTLSCertificateDBPath=${ANS}
1649 # Store in config file only if a non-default value is specified.
1650 if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
1651 echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
1656 get_nisLDAPconfigProxyUser()
1658 while :
1661 get_ans_req "Proxy user bind DN to obtain configuration information (h=help):"
1662 # If help continue, otherwise break.
1663 case "$ANS" in
1664 [Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;;
1665 * ) break ;;
1666 esac
1667 done
1669 nisLDAPconfigProxyUser=${ANS}
1670 echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE
1674 get_nisLDAPconfigProxyPassword()
1676 get_passwd "Proxy user password to obtain configuration information :"
1677 nisLDAPconfigProxyPassword=${ANS}
1679 echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE
1681 display_msg ProxyPassword_warn
1685 get_preferredServerList()
1687 while :
1690 get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):"
1692 # If help continue, otherwise break.
1693 case "$ANS" in
1694 [Hh] | help | Help | \?) display_msg preferredServerList_help ;;
1695 * ) break ;;
1696 esac
1697 done
1699 preferredServerList=${ANS}
1700 echo "preferredServerList=${ANS}" >> $CONFIG_FILE
1704 get_authenticationMethod()
1706 _AUTHMETHOD=""
1708 echo "Select the Authentication Method for mapping data to/from LDAP :"
1709 auth_menu_handler
1711 authenticationMethod=${_AUTHMETHOD}
1712 echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
1716 get_nisLDAPTLS()
1718 _TLSMETHOD=""
1720 echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :"
1721 tls_menu_handler
1723 nisLDAPTLS=${_TLSMETHOD}
1725 # Store in config file only if a non-default value is specified.
1726 if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
1727 echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE
1732 get_nisLDAPTLSCertificateDBPath()
1734 while :
1737 get_ans "Path with TLS Certificate DB for LDAP data server (h=help):"\
1738 "${DEF_nisLDAPTLSCertificateDBPath}"
1740 # If help continue, otherwise break.
1741 case "$ANS" in
1742 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
1743 * ) break ;;
1744 esac
1745 done
1747 nisLDAPTLSCertificateDBPath=${ANS}
1749 # Store in config file only if a non-default value is specified.
1750 if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
1751 echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
1756 get_nisLDAPproxyUser()
1758 while :
1761 get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):"
1763 # If help continue, otherwise break.
1764 case "$ANS" in
1765 [Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;;
1766 * ) break ;;
1767 esac
1768 done
1770 nisLDAPproxyUser=${ANS}
1771 echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE
1775 get_nisLDAPproxyPassword()
1777 get_passwd "Proxy user password to read/write data from/to LDAP :"
1778 nisLDAPproxyPassword=${ANS}
1780 echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE
1782 display_msg ProxyPassword_warn
1786 get_nisLDAPbindTimeout()
1788 get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \
1789 "${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help"
1791 nisLDAPbindTimeout=${NUM}
1793 # Store in config file only if a non-default value is specified.
1794 if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then
1795 echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE
1800 get_nisLDAPsearchTimeout()
1802 get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \
1803 "${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help"
1805 nisLDAPsearchTimeout=${NUM}
1807 # Store in config file only if a non-default value is specified.
1808 if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then
1809 echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE
1814 get_nisLDAPmodifyTimeout()
1816 get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \
1817 "${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help"
1819 nisLDAPmodifyTimeout=${NUM}
1821 # Store in config file only if a non-default value is specified.
1822 if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then
1823 echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE
1828 get_nisLDAPaddTimeout()
1830 get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \
1831 "${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help"
1833 nisLDAPaddTimeout=${NUM}
1835 # Store in config file only if a non-default value is specified.
1836 if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then
1837 echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE
1842 get_nisLDAPdeleteTimeout()
1844 get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \
1845 "${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help"
1847 nisLDAPdeleteTimeout=${NUM}
1849 # Store in config file only if a non-default value is specified.
1850 if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then
1851 echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE
1856 get_nisLDAPsearchTimeLimit()
1858 get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \
1859 "${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help"
1861 nisLDAPsearchTimeLimit=${NUM}
1863 # Store in config file only if a non-default value is specified.
1864 if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then
1865 echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE
1870 get_nisLDAPsearchSizeLimit()
1872 get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \
1873 "${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help"
1875 nisLDAPsearchSizeLimit=${NUM}
1877 # Store in config file only if a non-default value is specified.
1878 if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then
1879 echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE
1884 get_nisLDAPfollowReferral()
1886 get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \
1887 "n" "nisLDAPfollowReferral_help"
1889 if [ $? -eq 1 ]; then
1890 _ANS="yes"
1891 else
1892 _ANS="no"
1895 # Store in config file only if a non-default value is specified.
1896 if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then
1897 echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE
1902 get_nisLDAPretrieveErrorAction()
1904 _RET_ERR_ACT=""
1906 echo "Select the action to be taken in case of LDAP retrieval error :"
1907 retrieve_error_action_menu_handler
1909 nisLDAPretrieveErrorAction=${_RET_ERR_ACT}
1911 # Store in config file only if a non-default value is specified.
1912 if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then
1913 echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE
1918 get_nisLDAPretrieveErrorAttempts()
1921 get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \
1922 "$SUG_nisLDAPretrieveErrorAttempts" \
1923 "nisLDAPretrieveErrorAttempts_help"
1925 nisLDAPretrieveErrorAttempts=${NUM}
1927 echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE
1931 get_nisLDAPretrieveErrorTimeout()
1933 # if nisLDAPretrieveErrorAttempts=0, then no point in asking
1934 # for timeout vales as it is ignored anyway.
1936 [ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0
1938 get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\
1939 "${DEF_nisLDAPretrieveErrorTimeout}" \
1940 "nisLDAPretrieveErrorTimeout_help"
1942 nisLDAPretrieveErrorTimeout=${NUM}
1944 # Store in config file only if a non-default value is specified.
1945 if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then
1946 echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE
1951 get_nisLDAPstoreErrorAction()
1953 _STOR_ERR_ACT=""
1955 echo "Select the action to be taken in case of LDAP store error :"
1956 store_error_action_menu_handler
1958 nisLDAPstoreErrorAction=${_STOR_ERR_ACT}
1960 # Store in config file only if a non-default value is specified.
1961 if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then
1962 echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE
1967 get_nisLDAPstoreErrorAttempts()
1970 # if nisLDAPstoreErrorAction="fail", then no point in asking
1971 # for no. of attempts or timeout vales as they are ignored.
1973 [ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
1975 get_pos_int "Number of attempts in case of LDAP store error (h=help):" \
1976 "$SUG_nisLDAPstoreErrorAttempts" \
1977 "nisLDAPstoreErrorAttempts_help"
1979 nisLDAPstoreErrorAttempts=${NUM}
1981 echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE
1985 get_nisLDAPstoreErrorTimeout()
1988 # if nisLDAPstoreErrorAction="fail", then no point in asking
1989 # for no. of attempts or timeout vales as they are ignored.
1991 [ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
1993 # Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question.
1995 [ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0
1997 get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\
1998 "${DEF_nisLDAPstoreErrorTimeout}" \
1999 "nisLDAPstoreErrorTimeout_help"
2001 nisLDAPstoreErrorTimeout=${NUM}
2003 # Store in config file only if a non-default value is specified.
2004 if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then
2005 echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE
2011 create_config_file()
2014 # To prevent from leaving a partial config file in case some error or
2015 # signal takes place, store the output being generated in a temporary
2016 # file first, and move it at the final destination only at the end if
2017 # everything goes fine.
2019 _CONFIG_FILE=$CONFIG_FILE
2020 CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$
2022 echo "Generating config file temporarily as \"${CONFIG_FILE}\""
2024 # Truncate the file before we append anything.
2025 # Place copyright information
2026 put_config_file_copyright_info
2028 # Filter out all the YP domains in /var/yp
2029 # The list of domains is stored in list "VARYP_DMN_LIST"
2031 echo "\
2033 # Configuration file for ypserv(1M); see ypserv(4) for more information,
2034 # and NISLDAPmapping(4) for configuration of NIS to LDAP mapping.
2036 # Unless otherwise noted, commented lines show default values.
2037 " >> $CONFIG_FILE
2039 echo "\
2040 # Where to look for configuration information in LDAP. Leave empty or
2041 # undefined to use this file, in which case the values of the other
2042 # 'nisLdapConfig*' attributes are ignored.
2044 #nisLDAPconfigDN=\
2045 " >> $CONFIG_FILE
2047 get_nisLDAPconfigDN
2049 echo "
2051 # Server(s) for configuration information. There is no default;
2052 # use the value on the line below for an LDAP server running on
2053 # this machine, at port 389.
2054 #nisLDAPconfigPreferredServerList=127.0.0.1:389\
2055 " >> $CONFIG_FILE
2057 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList
2059 echo "
2061 # Authentication method(s) to obtain configuration information.
2063 " >> $CONFIG_FILE
2065 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod
2067 echo "
2069 # Transport layer security for configuration information
2071 #nisLDAPconfigTLS=${DEF_TLS}\
2072 " >> $CONFIG_FILE
2074 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS
2076 echo "
2078 # Certificate DB for transport layer security
2080 #nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
2081 " >> $CONFIG_FILE
2083 # ask for Certificate DB only if SSL is set
2084 if [ "${nisLDAPconfigTLS}" = "ssl" ]; then
2085 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath
2088 echo "
2090 # Proxy user(s) to obtain configuration information. The line below
2091 # is an example of the format.
2093 #nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\
2094 " >> $CONFIG_FILE
2096 # Ask proxy user bind DN only if needed.
2097 if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
2098 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser
2101 echo "
2103 # Password for proxy user. Must be supplied if the authentication method
2104 # requires a password. If a password appears in this file, it should be
2105 # protected appropriately against access by unauthorized users.
2107 #nisLDAPconfigProxyPassword=\
2108 " >> $CONFIG_FILE
2110 if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
2111 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword
2114 echo "
2116 # Server list for mapping data to/from LDAP. There is no default;
2117 # use the value on the line below for an LDAP server running on
2118 # this machine, at port 389.
2119 #preferredServerList=127.0.0.1:389\
2120 " >> $CONFIG_FILE
2122 get_preferredServerList
2124 echo "
2126 # Authentication method for mapping data to/from LDAP
2128 " >> $CONFIG_FILE
2130 get_authenticationMethod
2132 echo "
2134 # Transport layer security for mapping data to/from LDAP.
2136 #nisLDAPTLS=${DEF_TLS}\
2137 " >> $CONFIG_FILE
2139 get_nisLDAPTLS
2141 echo "
2143 # Certificate DB for transport layer security
2145 #nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
2146 " >> $CONFIG_FILE
2148 # ask for Certificate DB only if SSL is set
2149 if [ "${nisLDAPTLS}" = "ssl" ]; then
2150 get_nisLDAPTLSCertificateDBPath
2153 echo "
2155 # Proxy user for ypserv. Assumed to have appropriate permission to read
2156 # and/or create or modify LDAP data. The line below is an example of the
2157 # format.
2159 #nisLDAPproxyUser=cn=nisAdmin,ou=People,\
2160 " >> $CONFIG_FILE
2162 # Ask proxy user bind DN only if needed.
2163 if [ "${authenticationMethod}" != "none" ]; then
2164 get_nisLDAPproxyUser
2167 echo "
2169 # Password for proxy user. Must be supplied if the authentication method
2170 # requires a password. If a password appears in this file, it should be
2171 # protected appropriately against unauthorized access.
2173 #nisLDAPproxyPassword=\
2174 " >> $CONFIG_FILE
2176 if [ "${authenticationMethod}" != "none" ]; then
2177 get_nisLDAPproxyPassword
2180 echo "
2182 # Timeouts and time/size limits for LDAP operations.
2184 #nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\
2185 " >> $CONFIG_FILE
2187 get_nisLDAPbindTimeout
2189 echo "
2190 #nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\
2191 " >> $CONFIG_FILE
2193 get_nisLDAPsearchTimeout
2195 echo "
2196 #nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\
2197 " >> $CONFIG_FILE
2199 get_nisLDAPmodifyTimeout
2201 echo "
2202 #nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\
2203 " >> $CONFIG_FILE
2205 get_nisLDAPaddTimeout
2207 echo "
2208 #nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\
2209 " >> $CONFIG_FILE
2211 get_nisLDAPdeleteTimeout
2213 echo "
2214 #nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\
2215 " >> $CONFIG_FILE
2217 get_nisLDAPsearchTimeLimit
2219 echo "
2220 #nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\
2221 " >> $CONFIG_FILE
2223 get_nisLDAPsearchSizeLimit
2225 echo "
2227 # Should the ypserv follow LDAP referrals ?
2229 #nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\
2230 " >> $CONFIG_FILE
2232 get_nisLDAPfollowReferral
2234 echo "
2236 # Action, number of attempts, and timeout following an LDAP retrieval error
2238 #nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\
2239 " >> $CONFIG_FILE
2241 get_nisLDAPretrieveErrorAction
2243 echo "
2244 #nisLDAPretrieveErrorAttempts=\
2245 " >> $CONFIG_FILE
2247 get_nisLDAPretrieveErrorAttempts
2249 echo "
2250 #nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\
2251 " >> $CONFIG_FILE
2253 get_nisLDAPretrieveErrorTimeout
2255 echo "
2257 # Action, number of attempts, and timeout following an LDAP store error
2259 #nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\
2260 " >> $CONFIG_FILE
2262 get_nisLDAPstoreErrorAction
2264 echo "
2265 #nisLDAPstoreErrorAttempts=\
2266 " >> $CONFIG_FILE
2268 get_nisLDAPstoreErrorAttempts
2270 echo "
2271 #nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\
2272 " >> $CONFIG_FILE
2274 get_nisLDAPstoreErrorTimeout
2277 # We are done, so move back the config file from temp. location
2278 # to actual location.
2279 # In case the config file name has a directory component which does
2280 # not exist, then create it now, otherwise 'mv' will return error.
2282 DIR_TO_CREATE=`dirname ${_CONFIG_FILE}`
2283 mkdir -p ${DIR_TO_CREATE}
2285 echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)"
2286 mv $CONFIG_FILE $_CONFIG_FILE
2288 # Revert back the config file name in case needed.
2289 CONFIG_FILE=$_CONFIG_FILE
2290 echo "Finished creation of config file ( $_CONFIG_FILE )"
2295 put_mapping_file_copyright_info()
2298 # Start with an emptty file, so don't append, but overwrite here.
2299 # Just change the name and add the word pragma, but keep the same
2300 # date and version number as in the ident string of this script.
2302 grep "ident \"@(#)$PROG" $ABS_PROG | \
2303 sed "s/ ident/pragma ident/g" | \
2304 sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE
2306 echo "\
2308 # CDDL HEADER START
2310 # The contents of this file are subject to the terms of the
2311 # Common Development and Distribution License (the "License").
2312 # You may not use this file except in compliance with the License.
2314 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2315 # or http://www.opensolaris.org/os/licensing.
2316 # See the License for the specific language governing permissions
2317 # and limitations under the License.
2319 # When distributing Covered Code, include this CDDL HEADER in each
2320 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2321 # If applicable, add the following below this CDDL HEADER, with the
2322 # fields enclosed by brackets "[]" replaced with your own identifying
2323 # information: Portions Copyright [yyyy] [name of copyright owner]
2325 # CDDL HEADER END
2328 # Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
2330 #-------------------------------------------------------------------
2332 " >> $MAP_FILE
2337 # Filter out all the YP domains in /var/yp
2338 # The list of domains is stored in list "VARYP_DMN_LIST"
2340 create_all_var_yp_domain_list()
2342 VARYP_DMN_LIST=""
2344 for entry in /var/yp/*
2346 DMN=`basename $entry`
2347 if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ]
2348 then
2349 VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN"
2351 done
2353 # d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
2354 [ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
2359 # Ask user which domains would be served by N2L
2360 # The list of N2L domains is stored in global array
2361 # "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT
2363 create_n2l_domain_list()
2365 # First make a list of all the domains in /var/yp
2366 create_all_var_yp_domain_list
2368 # Now identify those to be served by N2L
2369 let count=0
2371 for DMN in $VARYP_DMN_LIST
2373 get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \
2374 "n" "selectDomain4N2L_help"
2376 if [ $? -eq 1 ]; then
2377 N2L_DMN_LIST[count]=$DMN
2378 let count="count + 1"
2381 done
2382 N2L_DMN_CNT=$count
2384 [ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]}
2385 [ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT
2390 # Make various lists for different types of maps for each N2L domain
2391 # and ask user if mapping information and comments need to be generated
2392 # for custom maps.
2394 # This function looks big, but since KSH does not support 2-D arrays, or
2395 # two level of dereferencing, it forced to have so many lists and arrays.
2396 # Lists are better for adding or removing elements, and arrays are better
2397 # for accessing with index and in knowing the no. of elements.
2399 create_map_lists()
2401 # Initialize them with no maps.
2402 ALL_DMN_ALL_MAPLIST=""
2403 ALL_DMN_DEF_MAPLIST=""
2404 ALL_DMN_CUST_MAPLIST=""
2405 ALL_DMN_AUTO_CUST_MAPLIST=""
2407 # Default to don't generate custom mapping info or comment info.
2408 CUST_MAP_NEEDED=0
2409 CUST_CMT_NEEDED=0
2411 let count=0
2413 while (( $count < $N2L_DMN_CNT ))
2415 DMN=${N2L_DMN_LIST[count]}
2416 MAPDIR=/var/yp/${DMN}
2418 # Initialize per domain lists to NULL.
2419 ALL_MAPLIST=""
2420 DEF_MAPLIST=""
2421 CUST_MAPLIST=""
2422 AUTO_CUST_MAPLIST=""
2424 for dbmfile in $MAPDIR/*.dir
2426 MAP=`basename $dbmfile .dir`
2428 # Ignore N2L maps (those with "LDAP_" prefix and ageing.byname)
2429 if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \
2430 [ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]]
2431 then
2432 ALL_MAPLIST="$ALL_MAPLIST $MAP"
2434 if present $MAP $DEFAULT_NIS_MAPS
2435 then
2436 DEF_MAPLIST="$DEF_MAPLIST $MAP"
2438 elif [[ $MAP = auto.* ]]
2439 then
2440 AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP"
2442 else
2443 # If we reached here, means it is custom map.
2444 get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \
2445 "n" "generate_mapping_info_for_cust_map_help"
2447 if [ $? -eq 1 ]
2448 then
2449 CUST_MAPLIST="$CUST_MAPLIST $MAP"
2450 else
2451 # If a customer map is not desired, then delete it from
2452 # all maplist too.
2453 ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST)
2460 done
2462 # Make ALL_DMN lists as they are very helpful in checking if a map exists.
2463 ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST)
2464 ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST)
2465 ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST)
2466 ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \
2467 $AUTO_CUST_MAPLIST)
2469 # Store per domain lists in arrays.
2470 ALL_MAPS[$count]="$ALL_MAPLIST"
2471 DEF_MAPS[$count]="$DEF_MAPLIST"
2472 CUST_MAPS[$count]="$CUST_MAPLIST"
2473 AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST"
2475 [ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]}
2476 [ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]}
2477 [ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]}
2478 [ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]}
2480 let count="count + 1"
2481 done
2483 [ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST
2484 [ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST
2485 [ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST
2486 [ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST
2488 # Store all domain lists in array too.
2489 set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST
2490 set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST
2491 set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST
2492 set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST
2494 # A positive customer map count implies custom mapping information
2495 # is required. Set this flag.
2496 [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1
2498 # Give bit of info, and ask if comments need to be placed in mapping file
2499 echo "
2500 This script can place relevant information regarding custom
2501 maps at appropriate places in the mapping file which can be
2502 helpful in customizing this file.
2505 get_confirm "Do you want such information to be generated (y/n/h)?" \
2506 "n" "generate_comment_info_for_cust_map_help"
2508 [ $? -eq 1 ] && CUST_CMT_NEEDED=1
2510 [ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED
2511 [ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED
2517 # Ask user the context for each (N2l) domain
2519 get_nisLDAPdomainContext()
2521 echo "
2522 # List domains and contexts
2523 " >> $MAP_FILE
2525 for DMN in ${N2L_DMN_LIST[*]}
2527 while :
2529 # Convert to domain in dc format for default choice
2530 domain_2_dc $DMN
2532 get_ans "Enter the naming context for $DMN domain (h=help):"\
2533 "$_DOM_2_DC"
2535 # If help continue, otherwise break.
2536 case "$ANS" in
2537 [Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;;
2538 * ) break ;;
2539 esac
2540 done
2542 # If a value is specified, set it, and save in mapping file too.
2543 if [ "$ANS" != "" ]; then
2544 echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE
2547 [ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}"
2548 done
2553 # Ask user the domains for which passwords should be changed
2555 get_nisLDAPyppasswddDomains()
2558 echo "
2559 # List domains for which passwords should be changed. If this is not
2560 # present then the value returned by 'domainname' will be used.
2561 " >> $MAP_FILE
2563 for DMN in ${N2L_DMN_LIST[*]}
2565 get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \
2566 "n" "nisLDAPyppasswddDomains_help"
2568 if [ $? -eq 1 ]; then
2569 echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE
2571 done
2573 echo "
2575 #-------------------------------------------------------------------
2577 " >> $MAP_FILE
2582 # Create NIS databaseId mappings (aliases)
2584 create_nisLDAPdatabaseIdMapping()
2586 echo '
2587 # Associate map names with databaseIds (aliases)
2589 # Standard maps
2590 nisLDAPdatabaseIdMapping ethers: ethers.byaddr ethers.byname
2591 nisLDAPdatabaseIdMapping group: group.bygid group.byname
2592 nisLDAPdatabaseIdMapping hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \
2593 hosts.byaddr hosts.byname
2594 # Special mapping to handle the YP_MULTI cases
2595 nisLDAPdatabaseIdMapping multihosts: \
2596 [addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \
2597 hosts.byname
2598 nisLDAPdatabaseIdMapping networks: networks.byaddr networks.byname
2599 nisLDAPdatabaseIdMapping project: project.byname project.byprojid
2600 nisLDAPdatabaseIdMapping protocols: protocols.byname protocols.bynumber
2601 nisLDAPdatabaseIdMapping services: services.byname services.byservicename
2603 # netid.byname is built up from the hosts and passwd files using different
2604 # mappings. It thus has two associated nisLDAPdatabaseIdMappings.
2605 nisLDAPdatabaseIdMapping netid.host:[number="0"] netid.byname
2606 nisLDAPdatabaseIdMapping netid.pass:[number="[1-9]*"] netid.byname
2608 # The next two are special databaseIds. They associate maps with databaseIds
2609 # but additionally identify which maps contain password and password adjunct
2610 # information for yppasswdd.
2611 nisLDAPdatabaseIdMapping passwd: passwd.byname passwd.byuid
2613 # mail.byaddr needs to select entries of the form x@y or x!y
2614 nisLDAPdatabaseIdMapping mail.mapping:[rf_key="*@*", rf_key="*!*"] \
2615 mail.byaddr
2617 # publickey.byname
2618 # Each entry in publickey map consists of a network user name which
2619 # may refer to a host or a user. It also contains a default entry for nobody.
2620 # Hence, we need three nisLDAPdatabaseIdmappings to support the three
2621 # different types of keys.
2622 nisLDAPdatabaseIdMapping keys.host:[rf_key="unix.[a-zA-Z]*@*"] \
2623 publickey.byname
2624 nisLDAPdatabaseIdMapping keys.pass:[rf_key="unix.[0-9]*@*"] \
2625 publickey.byname
2626 nisLDAPdatabaseIdMapping keys.nobody:[rf_key="nobody"] publickey.byname
2628 # Single standard maps. No point aliasing.
2629 # mail.aliases
2630 # netmasks.byaddr
2631 # rpc.bynumber
2632 # ypservers
2634 # Other maps
2635 # ipnodes looks identical to hosts but maps to a different context.
2636 nisLDAPdatabaseIdMapping ipnodes:[addr="*:*"] \
2637 ipnodes.byaddr ipnodes.byname
2638 # Special mapping to handle the YP_MULTI cases
2639 nisLDAPdatabaseIdMapping multiipnodes: \
2640 [addr="*:*,*"] \
2641 ipnodes.byname
2643 # Other single maps. No point aliasing
2644 # audit_user
2645 # auth_attr
2646 # exec_attr
2647 # prof_attr
2648 # user_attr
2649 # auto.home
2650 # auto.master
2651 # bootparams
2652 # timezone.byname
2653 # printers.conf.byname
2654 # passwd.adjunct.byname
2655 # group.adjunct.byname
2656 ' >> $MAP_FILE
2658 [ CUST_CMT_NEEDED -eq 1 ] && \
2659 echo "
2660 # If any custom map needs to be aliased, then it should be listed
2661 # here in the following format :
2662 # nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...]
2663 " >> $MAP_FILE
2665 [ CUST_MAP_NEEDED -eq 1 ] && \
2666 echo "\
2667 # Not aliasing non-default/custom maps as they are assumed to be
2668 # simple, single maps.\
2669 " >> $MAP_FILE
2671 for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
2673 echo "# $MAP" >> $MAP_FILE
2674 done
2676 echo "\
2678 #------------------------------------------------------------------------------
2680 " >> $MAP_FILE
2685 # Finds the domains in which the given map exists in the supplied list.
2686 # Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are
2687 # set globally, so they can be accessed from any where.
2688 # Input : $1 - map, $2 - list name (just name, not the value)
2690 find_domains()
2692 _MAP=$1
2693 _ARRAY=$2
2695 let PRESENT_COUNT=0
2696 PRESENT_IN_DOMAINS=""
2698 let count=0
2700 while (( $count < $N2L_DMN_CNT ))
2703 # Quick and dirty way to get around unavailability of 2D array
2704 case "$_ARRAY" in
2705 ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;;
2706 DEF_MAPS ) _LIST=${DEF_MAPS[$count]} ;;
2707 CUST_MAPS ) _LIST=${CUST_MAPS[$count]} ;;
2708 AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]} ;;
2709 * ) echo "Invalid value: \"${_ARRAY}\". \c"
2711 esac
2713 if present $_MAP $_LIST
2714 then
2715 let PRESENT_COUNT="$PRESENT_COUNT + 1"
2716 PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}"
2718 let count="count + 1"
2719 done
2721 [ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT"
2722 [ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS"
2724 return 0
2729 # For a given map, find out which list it belongs to (PRESENT_IN_LIST),
2730 # and in how many domains this map shows up (PRESENT_COUNT), and in
2731 # which ones (PRESENT_IN_DOMAINS). These fields are set globally, so
2732 # they can be accessed from any where.
2734 find_map_presence_details()
2736 _MAP=$1
2738 let PRESENT_COUNT=0
2739 PRESENT_IN_LIST=""
2740 PRESENT_IN_DOMAINS=""
2742 # If the map does not exist, return right away, else
2743 # find which list it belongs to.
2744 # If a map exists in def or auto or cust lists, then
2745 # it also exists in "all" list.
2747 if ! present $_MAP $ALL_DMN_ALL_MAPLIST
2748 then
2749 return 1
2751 elif present $_MAP $ALL_DMN_DEF_MAPLIST
2752 then
2753 PRESENT_IN_LIST="DEF_MAPS"
2755 elif present $_MAP $ALL_DMN_CUST_MAPLIST
2756 then
2757 PRESENT_IN_LIST="CUST_MAPS"
2759 else
2760 # If map exists, and not in previous two lists,
2761 # then it has to be here only.
2762 PRESENT_IN_LIST="AUTO_CUST_MAPS"
2765 # Now we know which list the map belongs to. So, we need to
2766 # find which are the domains in which this map exists.
2768 find_domains $_MAP $PRESENT_IN_LIST
2770 # Since the above function sets the values of PRESENT_COUNT and
2771 # PRESENT_IN_DOMAINS fields, we don't need to do anything else.
2773 [ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST"
2775 return 0
2780 # Check if the comment char is a single character, return 0 on success.
2781 # Input is passed via global variable "COMMENT_CHAR"
2783 valid_comment_char()
2785 COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c`
2787 # echo adds new line character, so adjust length appropriately
2788 if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then
2789 echo " Comment character has to be a blank or single character; try again."
2790 return 1
2791 else
2792 return 0
2798 # Read the comment character for a MAP. Append in mapping file if valid.
2799 # Input - $1 : MAP name
2801 get_comment_char()
2803 _MAP=$1
2805 while :
2807 get_ans "Specify the comment character for $_MAP :"
2808 COMMENT_CHAR=$ANS
2810 if valid_comment_char; then
2811 break
2813 done
2815 echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE
2820 # Read a seperate comment character for a MAP for each domain and
2821 # update this information in mapping file.
2822 # Input - $1 : MAP name, $@ : list of domains
2824 get_comment_char_per_domain()
2826 _MAP=$1
2827 shift
2828 _DOMAIN_LIST="$@"
2830 for _DMN in $_DOMAIN_LIST
2833 while :
2836 get_ans "Specify the comment character for $_MAP,${_DMN} :"
2837 COMMENT_CHAR=$ANS
2839 if valid_comment_char; then
2840 break
2843 done
2844 echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE
2846 done
2851 # This function generates custom comment entries. The output is
2852 # appended in the mapping file.
2854 get_custom_nisLDAPcommentChar()
2857 # All the auto mounter maps are assumed to have '#' as the default comment
2858 # char. But still list the non-default auto map entries here anyway. This
2859 # will make it very easy in case these entries need to be changed.
2861 for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
2863 echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE
2864 done
2866 if [ CUST_MAP_NEEDED -eq 1 ]; then
2867 get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \
2868 "n" "custom_map_comment_char_help"
2870 if [ $? -eq 1 ]; then
2871 for MAP in ${ALL_DMN_CUST_MAPS[*]}
2874 get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \
2875 "n" "custom_map_comment_char_help"
2877 if [ $? -eq 1 ]; then
2878 find_domains $MAP CUST_MAPS
2879 if [ $PRESENT_COUNT -gt 1 ]; then
2880 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
2882 get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \
2883 "y" "same_comment_char_help"
2885 if [ $? -eq 1 ]; then
2886 get_comment_char $MAP
2887 else
2888 get_comment_char_per_domain $MAP "$PRESENT_IN_DOMAINS"
2891 else
2892 get_comment_char $MAP
2896 done
2903 # List comment character (if any) for maps
2904 create_nisLDAPcommentChar()
2907 echo "\
2908 # Specify the character representing the start of comments.
2909 " >> $MAP_FILE
2911 [ CUST_CMT_NEEDED -eq 1 ] && echo "\
2912 # The comment character represents the start of the special 'comment'
2913 # field in a given NIS map. If this attribute is not present then the
2914 # default comment character '#' is used. If a map cannot contain comments
2915 # then the NULL ('') comment character should be specified. The format to
2916 # specify the comment character is :
2917 # nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char'
2918 " >> $MAP_FILE
2920 echo "\
2921 nisLDAPcommentChar group : ''
2922 nisLDAPcommentChar passwd : ''
2923 nisLDAPcommentChar ageing.byname : ''
2924 nisLDAPcommentChar audit_user : ''
2925 nisLDAPcommentChar auth_attr : ''
2926 nisLDAPcommentChar exec_attr : ''
2927 nisLDAPcommentChar user_attr : ''
2928 nisLDAPcommentChar bootparams : ''
2929 " >> $MAP_FILE
2931 # Need to handle passwd.adjunct.byname map for multiple domain.
2932 _MAP=passwd.adjunct.byname
2933 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2934 then
2935 # Just put the syntax in comment form
2936 echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
2937 else
2938 # Find the domains in which this map exists.
2939 find_domains $_MAP DEF_MAPS
2940 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2941 then
2942 # Don't put domain info as the map is present in all of them.
2943 echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
2944 else
2945 # Not every domain has this map. So, list for the ones which do.
2946 for _DMN in $PRESENT_IN_DOMAINS
2948 echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
2949 done
2952 # passwd.adjunct.byname done
2955 # Need to handle group.adjunct.byname map for multiple domain.
2956 _MAP=group.adjunct.byname
2957 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2958 then
2959 # Just put the syntax in comment form
2960 echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
2961 else
2962 # Find the domains in which this map exists.
2963 find_domains $_MAP DEF_MAPS
2964 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2965 then
2966 # Don't put domain info as the map is present in all of them.
2967 echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
2968 else
2969 # Not every domain has this map. So, list for the ones which do.
2970 for _DMN in $PRESENT_IN_DOMAINS
2972 echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
2973 done
2976 # group.adjunct.byname done
2978 echo "" >> $MAP_FILE
2980 # Ask user for comment char for custom maps
2981 get_custom_nisLDAPcommentChar
2983 echo "
2985 #------------------------------------------------------------------------------
2987 " >> $MAP_FILE
2992 # Generate secure flag entries
2994 create_secure_flag_entries()
2996 echo "\
2997 # Specify YP_SECURE flags
2998 " >> $MAP_FILE
3000 [ CUST_CMT_NEEDED -eq 1 ] && echo "\
3001 # If a map is secure, then it needs to be mentioned here
3002 # in the following format :
3003 # nisLDAPmapFlags mapname : s
3004 ">> $MAP_FILE
3006 # Need to handle passwd.adjunct.byname map for multiple domain.
3007 _MAP=passwd.adjunct.byname
3008 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3009 then
3010 # Just put the syntax in comment form
3011 echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
3012 else
3013 # Find the domains in which this map exists.
3014 find_domains $_MAP DEF_MAPS
3015 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3016 then
3017 # Don't put domain info as the map is present in all of them.
3018 echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
3019 else
3020 # Not every domain has this map. So, list for the ones which do.
3021 for _DMN in $PRESENT_IN_DOMAINS
3023 echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE
3024 done
3028 # Need to handle group.adjunct.byname map for multiple domain.
3029 _MAP=group.adjunct.byname
3030 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3031 then
3032 # Just put the syntax in comment form
3033 echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
3034 else
3035 # Find the domains in which this map exists.
3036 find_domains $_MAP DEF_MAPS
3037 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3038 then
3039 # Don't put domain info as the map is present in all of them.
3040 echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
3041 else
3042 # Not every domain has this map. So, list for the ones which do.
3043 for _DMN in $PRESENT_IN_DOMAINS
3045 echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE
3046 done
3050 echo "" >> $MAP_FILE
3052 STR="any" # Just to make the question look better.
3053 while :
3055 get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \
3056 "n" "secure_flag_on_help"
3058 if [ $? -eq 0 ]; then
3059 return 0
3061 else
3062 get_ans "Enter the MAP name :"
3063 MAP=$ANS
3065 if [[ $MAP = "" ]]; then
3066 echo " Error : BLANK map name not allowed; try again"
3067 continue
3070 # Check if the supplied map name exists, and if yes, then
3071 # set the PRESENT attributes for further processing
3073 find_map_presence_details $MAP
3075 case $PRESENT_COUNT in
3077 0 ) echo " Error : $MAP not found in any domain; try again"
3080 1 ) # The map exists in only one domain.
3081 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
3082 STR="another" # Just to make the question look better.
3085 * ) # The map exists in multiple domain. Ask if this flag needs
3086 # to be set for all domains, or some specific ones.
3088 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
3089 get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \
3090 "y" "secure_flag_all_domains_help"
3092 if [ $? -eq 1 ]; then
3093 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
3094 else
3096 for _DMN in $PRESENT_IN_DOMAINS
3099 get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?"
3101 if [ $? -eq 1 ]; then
3102 echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE
3105 done
3107 STR="another" # Just to make the question look better.
3110 esac
3113 done
3118 # Generate interdomain flag entries
3120 create_interdomain_flag_entries()
3123 INTERDOMAIN_MAP_LIST="ipnodes
3124 multiipnodes
3125 hosts
3126 multihosts
3127 services.byservicename"
3130 # Simple function to avoid duplication of code
3132 print_interdomain_entries()
3134 for _MAP in $INTERDOMAIN_MAP_LIST
3136 echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
3137 done
3140 echo "
3141 # Specify YP_INTERDOMAIN flags
3142 " >> $MAP_FILE
3144 [ CUST_CMT_NEEDED -eq 1 ] && echo "\
3145 # It is used to indicate NIS servers to use the domain name resolver for
3146 # host name and address lookups for hosts not found in the maps.
3147 # If set, it adds YP_INTERDOMAIN entries in these maps when converting
3148 # data from LDAP to YP. It needs to be set in the following format :
3149 # nisLDAPmapFlags mapname : b
3150 " >> $MAP_FILE
3152 # List one set of entries in commented form anyway as it might help
3153 # user understand what it means.
3155 echo "\
3156 # If \$B is set in /var/yp/Makefile, then this flag should be
3157 # set for following maps :\
3158 " >> $MAP_FILE
3160 for _MAP in $INTERDOMAIN_MAP_LIST
3162 echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
3163 done
3165 # Put a blank line for indentation purpose
3166 echo >> $MAP_FILE
3168 get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \
3169 "n" "interdomain_flag_on_help"
3171 if [ $? -eq 1 ]; then
3173 if [ $N2L_DMN_CNT -gt 1 ]; then
3175 get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \
3176 "y" "interdomain_flag_all_domains_help"
3178 if [ $? -eq 1 ]; then
3179 print_interdomain_entries
3180 else
3182 for _DMN in ${N2L_DMN_LIST[*]}
3184 get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?"
3186 if [ $? -eq 1 ]; then
3187 for _MAP in $INTERDOMAIN_MAP_LIST
3189 echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE
3190 done
3193 done
3196 else
3197 print_interdomain_entries
3201 echo "
3203 #------------------------------------------------------------------------------
3205 " >> $MAP_FILE
3207 return 0
3212 # List SECURE and INTERDOMAIN flags
3214 create_nisLDAPmapFlags()
3216 create_secure_flag_entries
3217 create_interdomain_flag_entries
3222 # Print one Map TTL entry in mapping file using supplied TTL.
3224 print_one_map_ttl_entry()
3226 _Map=$1
3227 _iTtlLo=$2
3228 _iTtlHi=$3
3229 _runTtl=$4
3231 echo "\
3232 nisLDAPentryTtl ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\
3233 " >> $MAP_FILE
3235 return 0
3240 # Print all the maps TTL entries of same TTL
3241 # values using the supplied TTL triplet.
3243 print_all_same_ttl_entries()
3245 _iTTLlo=$1
3246 _iTTLhi=$2
3247 _runTTL=$3
3249 for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
3250 ${ALL_DMN_AUTO_CUST_MAPS[*]}
3253 if [ "$_MAP" != "passwd.adjunct.byname" ] && \
3254 [ "$_MAP" != "group.adjunct.byname" ]
3255 then
3256 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
3258 else
3260 # adjunct maps might not exist in all the domains.
3261 find_domains $_MAP DEF_MAPS
3263 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3264 then
3266 # Don't put domain info as the map is present in all of them.
3267 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
3269 else
3271 for _DMN_ in $PRESENT_IN_DOMAINS
3273 _STR="${_MAP},${_DMN_}"
3274 print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL
3275 done
3279 done
3281 return 0
3285 # Read the initialTTLlo. Set the value in global variable.
3287 get_ittl_lo()
3289 get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \
3290 "$DEF_iTTLlo" "initialTTLlo_help"
3292 iTTLlo=${NUM}
3297 # Read the initialTTLhi. Set the value in global variable.
3299 get_ittl_hi()
3301 get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \
3302 "$DEF_iTTLhi" "initialTTLhi_help"
3304 iTTLhi=${NUM}
3309 # Read the initialTTLhi. Set the value in global variable.
3311 get_run_ttl()
3313 get_pos_int "Runtime TTL (in seconds) (h=help):" \
3314 "$DEF_runTTL" "runningTTL_help"
3316 runTTL=${NUM}
3321 # Read one TTL triplet. Set the result in global variables.
3323 read_one_ttl_triplet()
3325 # Just call the individual functions for each TTL.
3327 get_ittl_lo
3328 get_ittl_hi
3329 get_run_ttl
3331 [ $DEBUG -eq 1 ] && \
3332 echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}"
3334 return 0
3338 # Takes MAP name (with or without domain name) as argument, asks
3339 # user for TTL values, and appends the entry in the mapping file.
3341 process_one_map_ttl_value()
3344 _Map_="$1"
3346 get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \
3347 "y" "default_different_ttl_help"
3349 if [ $? -eq 1 ]; then
3350 print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
3351 else
3353 echo "Reading TTL values for $_Map_ :"
3354 read_one_ttl_triplet
3355 print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL
3358 return 0
3363 # Read only one TTL triplet for each existing MAP without asking
3364 # different values for each domain and update the mapping file.
3366 read_all_maps_ttl_values_no_multiple_domain_issue()
3369 # Need to read only one TTL triplet for each existing MAP.
3371 for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
3372 ${ALL_DMN_AUTO_CUST_MAPS[*]}
3375 if [ "$_MAP" != "passwd.adjunct.byname" ] && \
3376 [ "$_MAP" != "group.adjunct.byname" ]
3377 then
3378 process_one_map_ttl_value $_MAP
3380 else
3382 # adjunct maps might not exist in all the domains.
3383 find_domains $_MAP DEF_MAPS
3385 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3386 then
3388 # Don't put domain info as the map is present in all of them.
3389 process_one_map_ttl_value $_MAP
3391 else
3393 for _DMN_ in $PRESENT_IN_DOMAINS
3395 _STR="${_MAP},${_DMN_}"
3396 process_one_map_ttl_value $_STR
3397 done
3401 done
3403 return 0
3408 # Read TTL triplet for each default MAP (in database ID form) while
3409 # taking care of multiple domains issue and update the mapping file.
3411 read_default_maps_ttl_values_with_multi_domain_issue()
3414 for _MAP_ in ${DEF_TTL_MAPLIST}
3416 if [ "$_MAP_" != "passwd.adjunct.byname" ] && \
3417 [ "$_MAP_" != "group.adjunct.byname" ]
3418 then
3420 for _DMN_ in ${N2L_DMN_LIST[*]}
3422 _STR_="${_MAP_},${_DMN_}"
3423 # Now process each combination one at a time.
3424 process_one_map_ttl_value "$_STR_"
3425 done
3427 else
3428 # List only those domains in which adjunct.byname exists.
3429 find_domains $_MAP_ DEF_MAPS
3430 for _DMN_ in $PRESENT_IN_DOMAINS
3432 _STR_="${_MAP_},${_DMN_}"
3433 process_one_map_ttl_value "$_STR_"
3434 done
3436 done
3438 return 0
3443 # Read TTL triplet for each existing custom MAP while taking
3444 # care of multiple domains issue and update the mapping file.
3446 read_custom_maps_ttl_values_with_multi_domain_issue()
3449 for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]}
3452 find_map_presence_details $_MAP_
3454 if [ $PRESENT_COUNT -eq 1 ]; then
3456 # This map exists in only one domain.
3457 # So, no need to ask for multiple domains.
3459 process_one_map_ttl_value $_MAP_
3461 else
3463 # Handle multiple domains.
3465 echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS"
3467 get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
3468 "y" "same_ttl_across_domains_help"
3470 if [ $? -eq 1 ]; then
3472 # Need to read only one TTL triplet for this MAP.
3473 process_one_map_ttl_value $_MAP_
3475 else
3477 # Need to ask for each domain
3479 for _DMN_ in $PRESENT_IN_DOMAINS
3481 _STR="${_MAP_},${_DMN_}"
3483 # Now process each combination one at a time.
3484 process_one_map_ttl_value "$_STR"
3486 done
3489 done
3491 return 0
3496 # List the TTL values for various MAPs
3498 create_nisLDAPentryTtl()
3501 echo "\
3502 # Associate TTLs with NIS entries derived from LDAP
3503 " >> $MAP_FILE
3505 [ CUST_CMT_NEEDED -eq 1 ] && echo "\
3506 # Each map has three TTL values which are specified in seconds.
3507 # 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial
3508 # TTL (in seconds) for data read from disk when the ypserv starts.
3510 # 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL.
3512 # 3. runningTTL (default $DEF_runTTL sec) The TTL (in seconds) for data
3513 # retrieved from LDAP while the ypserv is running.
3515 # If any value is not specified, then default value is used.
3516 # The format of TTL entry is :
3517 # nisLDAPentryTtl MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL
3518 " >> $MAP_FILE
3520 # If no maps are present, just return.
3521 [ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0
3523 echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}"
3524 get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \
3525 "n" "default_ttl_help"
3527 if [ $? -eq 0 ]; then
3528 # Default values accepted for all the maps.
3529 # So, just print all the maps with default TTL values.
3531 print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
3533 else
3534 echo "You would be allowed to enter the new TTL values."
3535 get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \
3536 "y" "non_default_same_ttl_help"
3538 if [ $? -eq 1 ]; then
3539 # Need to read only one TTL triplet.
3540 # Print all the maps with new TTL triplet.
3542 # read one ttl triplet
3543 echo "Enter the new TTL values :"
3545 read_one_ttl_triplet
3547 print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL
3549 else
3550 if [ $N2L_DMN_CNT -eq 1 ]; then
3552 # TTL values are different now. But we haev only one domain.
3553 # So, no need to worry about multiple domains. Need to read
3554 # only one TTL triplet for each existing MAP.
3556 read_all_maps_ttl_values_no_multiple_domain_issue
3558 else
3560 # TTL values are different now. And we have multiple domains
3561 # too. Check if MAPS are going to have same TTL across domains.
3562 # This is just to avoid asking too many TTL triplet inputs
3564 echo "You would be allowed to enter different TTL values for each map."
3566 get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
3567 "y" "non_default_different_ttl_help"
3569 if [ $? -eq 1 ]; then
3571 # Need to read only one TTL triplet for each existing MAP.
3572 read_all_maps_ttl_values_no_multiple_domain_issue
3574 else
3576 # We have hit the worst case scenario. TTLs could be
3577 # different per map and per domain.
3579 read_default_maps_ttl_values_with_multi_domain_issue
3580 read_custom_maps_ttl_values_with_multi_domain_issue
3586 echo "
3588 #------------------------------------------------------------------------------
3590 " >> $MAP_FILE
3592 return 0
3597 # The custom maps for which we do not have enough
3598 # information to be able to generate specific entries,
3599 # we just log the message that the user needs to take
3600 # care of those entries manually.
3602 ask_user_to_update_the_custom_map_entries_too()
3605 if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then
3607 echo "
3608 # Similar entries need to be created
3609 # for following custom maps too :\
3610 " >> $MAP_FILE
3612 for _MAP in ${ALL_DMN_CUST_MAPS[*]}
3614 echo "# $_MAP" >> $MAP_FILE
3615 done
3620 put_default_nisLDAPnameFields()
3622 echo '
3623 # Associate names with fields in the maps. Must be same for all domains.
3624 nisLDAPnameFields audit_user: \
3625 ("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags)
3627 nisLDAPnameFields auto.home: \
3628 ("%s",value)
3630 nisLDAPnameFields auto.master: \
3631 ("%s",value)
3633 nisLDAPnameFields auth_attr: \
3634 ("%s:%s:%s:%s:%s:%s", \
3635 name, res1, res2, short_desc, long_desc, attrs )
3637 nisLDAPnameFields bootparams: \
3638 ("%s", params)
3640 nisLDAPnameFields ethers: \
3641 ("%s %s", addr, name)
3643 nisLDAPnameFields exec_attr: \
3644 ("%s:%s:%s:%s:%s:%s:%s", \
3645 name, policy, type, res1, res2, id, attrs)
3647 nisLDAPnameFields group: \
3648 ("%s:%s:%s:%s", name, passwd, gid, users)
3649 ' >> $MAP_FILE
3651 # Need to handle group.adjunct.byname map for multiple domain.
3653 _MAP=group.adjunct.byname
3654 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3655 then
3656 # Just put the syntax in comment form
3657 echo '#nisLDAPnameFields group.adjunct.byname: \
3658 # ("%s:%s", name, passwd)
3659 ' >> $MAP_FILE
3660 else
3661 # Find the domains in which this map exists.
3662 find_domains $_MAP DEF_MAPS
3663 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3664 then
3666 # Don't put domain info as the map is present in all of them.
3667 echo 'nisLDAPnameFields group.adjunct.byname: \
3668 ("%s:%s", name, passwd)
3669 ' >> $MAP_FILE
3670 else
3671 # Not every domain has this map. So, list for the ones which do.
3672 for _DMN in $PRESENT_IN_DOMAINS
3674 echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\
3675 (\"%s:%s\", name, passwd)
3676 " >> $MAP_FILE
3677 done
3681 echo 'nisLDAPnameFields keys.host: \
3682 ("%s:%s", publicKey ,secretKey)
3684 nisLDAPnameFields keys.pass: \
3685 ("%s:%s", publicKey ,secretKey)
3687 nisLDAPnameFields keys.nobody: \
3688 ("%s:%s", publicKey ,secretKey)
3690 nisLDAPnameFields hosts: \
3691 ("%a %s %s", addr, canonicalName, aliases)
3693 nisLDAPnameFields multihosts: \
3694 ("%a %s %s", addr, canonicalName, aliases)
3696 nisLDAPnameFields ipnodes: \
3697 ("%a %s %s", addr, canonicalName, aliases)
3699 nisLDAPnameFields multiipnodes: \
3700 ("%a %s %s", addr, canonicalName, aliases)
3702 nisLDAPnameFields mail.aliases: \
3703 ("%s", addresses)
3705 nisLDAPnameFields mail.mapping: \
3706 ("%s", address)
3708 # memberTriples is split into sub-fields by a latter nisLDAPsplitField
3709 # attribute.
3710 nisLDAPnameFields netgroup: \
3711 ("%s", memberTriples)
3713 nisLDAPnameFields netid.host: \
3714 ("%s:%s", number, data)
3716 nisLDAPnameFields netid.pass: \
3717 ("%s:%s", number, data)
3719 nisLDAPnameFields netmasks.byaddr: \
3720 ("%a", mask)
3722 nisLDAPnameFields networks: \
3723 ("%s %s %s", name, number, aliases)
3725 nisLDAPnameFields project: \
3726 ("%s:%s:%s:%s:%s:%s", \
3727 name, projID, comment, users, groups, attrs)
3729 nisLDAPnameFields protocols: \
3730 ("%s %s %s", name, number, aliases)
3732 nisLDAPnameFields rpc.bynumber: \
3733 ("%s %s %s", name, number, aliases)
3735 nisLDAPnameFields passwd: \
3736 ("%s:%s:%s:%s:%s:%s:%s", \
3737 name, passwd, uid, gid, gecos, home, shell)
3739 # It is not obvious what the fields in passwd.adjunct are for. They are not
3740 # the same as the shadow map. The following is based on information in:-
3742 # lib/libbc/inc/include/pwdadj.h.
3744 # This file implies that these are documented in getpwaent(3) but this man page
3745 # does not seem to exist.
3747 # It is believed that 'min','max' and 'def' labels were reserved fields in
3748 # SunOS 4.x and are now unused. 'always' and 'never' audit information is
3749 # now contained in audit_user(4) so is now unused.
3751 ' >> $MAP_FILE
3753 # Need to handle passwd.adjunct.byname map for multiple domain.
3755 _MAP=passwd.adjunct.byname
3756 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3757 then
3758 # Just put the syntax in comment form
3759 echo '#nisLDAPnameFields passwd.adjunct.byname: \
3760 # ("%s:%s:%s:%s:%s:%s:%s", \
3761 # name, passwd, min, max, def, always, \
3762 # never)
3763 ' >> $MAP_FILE
3764 else
3765 # Find the domains in which this map exists.
3766 find_domains $_MAP DEF_MAPS
3768 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3769 then
3771 # Don't put domain info as the map is present in all of them.
3772 echo 'nisLDAPnameFields passwd.adjunct.byname: \
3773 ("%s:%s:%s:%s:%s:%s:%s", \
3774 name, passwd, min, max, def, always, \
3775 never)
3776 ' >> $MAP_FILE
3777 else
3778 # Not every domain has this map. So, list for the ones which do.
3779 for _DMN in $PRESENT_IN_DOMAINS
3781 echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\
3782 (\"%s:%s:%s:%s:%s:%s:%s\", \\
3783 name, passwd, min, max, def, always, \\
3784 never)
3785 " >> $MAP_FILE
3786 done
3790 echo '
3791 nisLDAPnameFields printers.conf.byname: \
3792 ("%s:%s", names, values)
3794 nisLDAPnameFields prof_attr: \
3795 ("%s:%s:%s:%s:%s", \
3796 name, res1, res2, desc, attrs)
3798 nisLDAPnameFields services: \
3799 ("%s %s/%s %s", name, port, protocol, aliases)
3801 # This map is never created but yppasswd uses the mapping to extract password
3802 # ageing information from the DIT. The password itself is not required by this
3803 # mechanism so is not included in the ageing mapping.
3804 nisLDAPnameFields ageing.byname: \
3805 ("%s:%s:%s:%s:%s:%s:%s:%s", \
3806 name, lastchg, min, max, warn, inactive, \
3807 expire, flag)
3809 nisLDAPnameFields timezone.byname: \
3810 ("%s %s", zoneName, hostName)
3812 nisLDAPnameFields user_attr: \
3813 ("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs)
3814 ' >> $MAP_FILE
3818 # List namefields for non-default auto maps and custom maps.
3820 put_auto_and_custom_map_nisLDAPnameFields()
3822 for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
3825 echo "\
3826 nisLDAPnameFields ${_MAP}: \\
3827 (\"%s\",value)
3828 " >> $MAP_FILE
3830 done
3834 create_nisLDAPnameFields()
3836 # Put format information of "nisLDAPnameFields"
3837 [ CUST_CMT_NEEDED -eq 1 ] && echo '
3838 # "nisLDAPnameFields" specifies the content of entries in a NIS map
3839 # and how they should be broken into named fields. It is required as,
3840 # unlike NIS+, NIS maps do not store information in named fields.
3842 # Following is the syntax for nisLDAPnameFields :
3844 # "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
3845 # fieldName = nameOrArrayName[","...]
3846 # nameOrArrayName = Name of field or 'array' of repeated fields.
3847 # matchspec = \" formatString \"
3848 ' >> $MAP_FILE
3850 # List the default nameField values
3851 put_default_nisLDAPnameFields
3853 # List the underlying assumption
3854 echo "\
3855 # With the assumption that all the custom maps are simple, single
3856 # map (single key-value pair type), below is the nisLDAPnameFields
3857 # information for all the custom and non-default auto.* maps. If
3858 # this assumption is not valid, then refer to the NISLDAPmapping
3859 # man page for information on how to customize this section.
3860 " >> $MAP_FILE
3862 # List namefields for non-default auto maps and custom maps.
3863 put_auto_and_custom_map_nisLDAPnameFields
3866 echo "
3868 #------------------------------------------------------------------------------
3870 " >> $MAP_FILE
3872 return 0
3877 # List repeated field seperators
3879 create_nisLDAPrepeatedFieldSeparators()
3882 [ CUST_CMT_NEEDED -eq 1 ] && echo "
3883 # nisLDAPrepeatedFieldSeparators : It is a character which separates
3884 # the repeatable instnaces of splitable fields. It's format is :
3886 # nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\"
3887 # sepChar = A separator character.
3888 # Default value is space or tab.
3889 " >> $MAP_FILE
3891 echo "\
3892 #nisLDAPrepeatedFieldSeparators memberTriples: \" \t\"
3893 " >> $MAP_FILE
3899 # List split fields
3901 create_nisLDAPsplitField()
3903 # List the default split fields
3905 [ CUST_CMT_NEEDED -eq 1 ] && echo '
3906 # nisLDAPsplitFields : It defines how a field, or list of fields,
3907 # named by nisLDAPnameFields is split into sub fields. The original
3908 # field is compared with each line of this attribute until one matches.
3909 # When a match is found named sub-fields are generated. In latter
3910 # operations sub-field names can be used in the same way as other
3911 # field names. The format of nisLDAPsplitFields is :
3913 # "nisLDAPsplitFields" fieldName ":" splitSpec[","...]
3914 # splitSpec = "(" matchspec "," subFieldNames ")"
3915 # fieldName = Name of a field from nisLDAPnameFields
3916 # subFieldNames = subFieldname[","...]
3917 # matchspec = \" formatString \"
3918 ' >> $MAP_FILE
3920 echo '
3921 nisLDAPsplitField memberTriples: \
3922 ("(%s,%s,%s)", host, user, domain), \
3923 ("%s", group)
3924 ' >> $MAP_FILE
3929 # List split fields and repeated field separators.
3931 create_split_field_and_repeatedfield_seperators()
3934 echo "\
3935 # Specify how to break fields up into sub fields.
3936 " >> $MAP_FILE
3938 create_nisLDAPrepeatedFieldSeparators
3940 create_nisLDAPsplitField
3942 echo "
3944 #------------------------------------------------------------------------------
3946 " >> $MAP_FILE
3949 list_default_nisLDAPobjectDN()
3951 echo '
3952 # Associate maps with RDNs and object classes. Base DN comes from the
3953 # nisLDAPdomainContext.
3955 # As supplied this file gives only the most derived objectClass for each map.
3956 # For some servers it may be necessary to add "objectClass=" statements for
3957 # all the superclasses. This should be done here.
3959 nisLDAPobjectDN auto.home: \
3960 automountmapname=auto_home,?one? \
3961 objectClass=automount:
3963 nisLDAPobjectDN auto.master: \
3964 automountmapname=auto_master,?one? \
3965 objectClass=automount:
3967 nisLDAPobjectDN auth_attr: \
3968 ou=SolarisAuthAttr,?one? \
3969 objectClass=SolarisAuthAttr:
3971 nisLDAPobjectDN bootparams: \
3972 ou=ethers,?one? \
3973 objectClass=bootableDevice, \
3974 bootParameter=*:\
3975 ou=ethers,?one? \
3976 objectClass=device, \
3977 objectClass=bootableDevice
3980 nisLDAPobjectDN exec_attr:\
3981 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
3982 SolarisKernelSecurityPolicy=*:\
3983 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
3984 objectClass=SolarisProfAttr,\
3985 objectClass=top
3987 nisLDAPobjectDN ethers: \
3988 ou=ethers,?one? \
3989 objectClass=ieee802Device, \
3990 macAddress=*:\
3991 ou=ethers,?one? \
3992 objectClass=device, \
3993 objectClass=ieee802Device
3995 nisLDAPobjectDN group: \
3996 ou=group,?one? \
3997 objectClass=posixGroup:
3998 ' >> $MAP_FILE
4001 # Need to handle group.adjunct.byname map for multiple domain.
4003 _MAP=group.adjunct.byname
4004 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4005 then
4006 # Just put the syntax in comment form
4007 echo '#nisLDAPobjectDN group.adjunct.byname: \
4008 # ou=group,?one? \
4009 # objectClass=posixGroup:
4010 ' >> $MAP_FILE
4011 else
4012 # Find the domains in which this map exists.
4013 find_domains $_MAP DEF_MAPS
4014 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4015 then
4016 # Don't put domain info as the map is present in all of them.
4017 echo 'nisLDAPobjectDN group.adjunct.byname: \
4018 ou=group,?one? \
4019 objectClass=posixGroup:
4020 ' >> $MAP_FILE
4021 else
4022 # Not every domain has this map. So, list for the ones which do.
4023 for _DMN in $PRESENT_IN_DOMAINS
4025 echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\
4026 ou=group,?one? \\
4027 objectClass=posixGroup:
4028 " >> $MAP_FILE
4029 done
4034 echo 'nisLDAPobjectDN hosts: \
4035 ou=hosts,?one? \
4036 objectClass=ipHost:\
4037 ou=hosts,?one? \
4038 objectClass=device, \
4039 objectClass=ipHost
4041 nisLDAPobjectDN multihosts: \
4042 ou=hosts,?one? \
4043 objectClass=ipHost, \
4044 ipHostNumber=*.*
4046 nisLDAPobjectDN ipnodes: \
4047 ou=hosts,?one? \
4048 objectClass=ipHost:\
4049 ou=hosts,?one? \
4050 objectClass=device, \
4051 objectClass=ipHost
4053 nisLDAPobjectDN multiipnodes: \
4054 ou=hosts,?one? \
4055 objectClass=ipHost, \
4056 ipHostNumber=*\:*
4058 nisLDAPobjectDN mail.aliases: \
4059 ou=aliases,?one? \
4060 objectClass=mailGroup:
4062 nisLDAPobjectDN mail.mapping: \
4063 ou=aliases,?one? \
4064 objectClass=mailGroup
4066 nisLDAPobjectDN netgroup: \
4067 ou=netgroup,?one? \
4068 objectClass=nisNetgroup:
4070 nisLDAPobjectDN networks: \
4071 ou=networks,?one? \
4072 objectClass=ipNetwork, \
4073 cn=*:
4075 # Must come after networks (or equivalent) that creates ipNetworks
4076 nisLDAPobjectDN netmasks.byaddr: \
4077 ou=networks,?one? \
4078 objectClass=ipNetwork, \
4079 ipNetMaskNumber=*:
4081 nisLDAPobjectDN passwd: \
4082 ou=people,?one? \
4083 objectClass=posixAccount:\
4084 ou=people,?one? \
4085 objectClass=account, \
4086 objectClass=shadowAccount, \
4087 objectClass=posixAccount
4088 ' >> $MAP_FILE
4091 # Need to handle passwd.adjunct.byname map for multiple domain.
4093 _MAP=passwd.adjunct.byname
4094 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4095 then
4096 # Just put the syntax in comment form
4097 echo '#nisLDAPobjectDN passwd.adjunct.byname: \
4098 # ou=people,?one? \
4099 # objectClass=posixAccount:\
4100 # ou=people,?one? \
4101 # objectClass=account, \
4102 # objectClass=shadowAccount, \
4103 # objectClass=posixAccount
4104 ' >> $MAP_FILE
4105 else
4106 # Find the domains in which this map exists.
4107 find_domains $_MAP DEF_MAPS
4108 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4109 then
4110 # Don't put domain info as the map is present in all of them.
4111 echo 'nisLDAPobjectDN passwd.adjunct.byname: \
4112 ou=people,?one? \
4113 objectClass=posixAccount:\
4114 ou=people,?one? \
4115 objectClass=account, \
4116 objectClass=shadowAccount, \
4117 objectClass=posixAccount
4118 ' >> $MAP_FILE
4119 else
4120 # Not every domain has this map. So, list for the ones which do.
4121 for _DMN in $PRESENT_IN_DOMAINS
4123 echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\
4124 ou=people,?one? \\
4125 objectClass=posixAccount:\\
4126 ou=people,?one? \\
4127 objectClass=account, \\
4128 objectClass=shadowAccount, \\
4129 objectClass=posixAccount
4130 " >> $MAP_FILE
4131 done
4136 echo '# Must follow passwd
4137 nisLDAPobjectDN netid.pass: \
4138 ou=people,?one? \
4139 objectClass=posixAccount
4141 # Must follow hosts
4142 nisLDAPobjectDN netid.host: \
4143 ou=hosts,?one? \
4144 objectClass=ipHost
4146 nisLDAPobjectDN printers.conf.byname: \
4147 ou=printers,?one? \
4148 objectClass=printerService:\
4149 ou=printers,?one? \
4150 objectClass=sunPrinter, \
4151 objectClass=printerService, \
4152 objectClass=printerLPR, \
4153 objectClass=printerAbstract
4155 nisLDAPobjectDN prof_attr:\
4156 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
4157 SolarisAttrLongDesc=*:\
4158 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
4159 objectClass=SolarisExecAttr,\
4160 objectClass=top
4161 nisLDAPobjectDN project: \
4162 ou=project,?one? \
4163 objectClass=SolarisProject:
4165 nisLDAPobjectDN protocols: \
4166 ou=protocols,?one? \
4167 objectClass=ipProtocol:
4169 nisLDAPobjectDN rpc.bynumber: \
4170 ou=rpc,?one? \
4171 objectClass=oncRpc:
4173 nisLDAPobjectDN services.byname: \
4174 ou=services,?one? \
4175 objectClass=ipService:
4177 # Because services.byservicename contains keys of form both 'name'
4178 # and 'name/protocol' we generate the DIT just from services.byname.
4179 # Hence, write-disabled for services.byservicename
4180 nisLDAPobjectDN services.byservicename: \
4181 ou=services,?one? \
4182 objectClass=ipService
4184 # This map is never created but yppasswd uses the mapping to extract password
4185 # aging information from the DIT.
4186 nisLDAPobjectDN ageing.byname: \
4187 ou=people,?one? \
4188 objectClass=shadowAccount:
4190 # Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap
4191 nisLDAPobjectDN timezone.byname: \
4192 ou=Timezone,?one? \
4193 objectClass=nisplusTimeZoneData:
4195 nisLDAPobjectDN user_attr: \
4196 ou=people,?one? \
4197 objectClass=SolarisUserAttr:
4199 # Must come after passwd (or equivalent) that creates posixAccounts
4200 nisLDAPobjectDN audit_user: \
4201 ou=people,?one? \
4202 objectClass=SolarisAuditUser:
4204 # Must come after hosts + passwd.
4205 nisLDAPobjectDN keys.host: \
4206 ou=hosts,?one? \
4207 objectClass=NisKeyObject:
4209 nisLDAPobjectDN keys.pass: \
4210 ou=people,?one? \
4211 objectClass=NisKeyObject:
4213 nisLDAPobjectDN keys.nobody: \
4214 ou=people,?one? \
4215 objectClass=NisKeyObject:\
4216 ou=people,?one? \
4217 objectClass=account, \
4218 objectClass=NisKeyObject
4220 nisLDAPobjectDN ypservers: \
4221 ou=ypservers,?one? \
4222 objectClass=device:
4223 ' >> $MAP_FILE
4226 # List all the non-default auto.* and custom maps.
4227 list_auto_custom_nisLDAPobjectDN()
4230 # auto.* entries are easy.
4231 if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
4232 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
4234 for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
4237 # We need to find one container for each auto.* map.
4238 # Assume that each auto.* maps's container is auto_*.
4240 _MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"`
4242 echo "\
4243 nisLDAPobjectDN ${_MAP}: \\
4244 automountmapname=${_MAP_UNDERSCORE},?one? \\
4245 objectClass=automount:
4246 " >> $MAP_FILE
4247 done
4250 # Since we do not have enough information to generate
4251 # entries for other custom maps, best we can do is to
4252 # log this map names and ask user to take care of them.
4254 ask_user_to_update_the_custom_map_entries_too
4260 # List association of maps with RDNs and object classes.
4262 create_nisLDAPobjectDN()
4265 [ CUST_CMT_NEEDED -eq 1 ] && echo '
4266 # nisLDAPobjectDN : It specifies the connection between group of NIS
4267 # maps and the LDAP directory. This attribute also defines the 'order'
4268 # of the NIS maps. When NIS maps are bulk copied to or from the DIT
4269 # they are processed in the same order as related nisLDAPobjectDN
4270 # attributes appear in /var/yp/NISLDAPmapping.
4271 # The format of "nisLDAPobjectDN" is :
4273 # mapName[" "...] ":" objectDN *( ";" objectDN )
4275 # where:
4277 # objectDN = readObjectSpec [":"[writeObjectSpec]]
4278 # readObjectSpec = [baseAndScope [filterAttrValList]]
4279 # writeObjectSpec = [baseAndScope [attrValList]]
4280 # baseAndScope = [baseDN] ["?" [scope]]
4281 # filterAttrValList = ["?" [filter | attrValList]]]
4282 # scope = "base" | "one" | "sub"
4283 # attrValList = attribute "=" value
4284 # *("," attribute "=" value)
4285 ' >> $MAP_FILE
4287 # List all the default entries anyway.
4288 list_default_nisLDAPobjectDN
4290 # List all the non-default auto.* and custom maps.
4291 list_auto_custom_nisLDAPobjectDN
4296 # List all the default nisLDAPattributeFromField entries
4298 list_default_nisLDAPattributeFromField()
4300 echo '
4301 # Describe how named fields are mapped to DIT entries.
4303 # audit_user
4304 nisLDAPattributeFromField audit_user: \
4305 dn=("uid=%s,", rf_key ), \
4306 SolarisAuditAlways=alwaysAuditFlags, \
4307 SolarisAuditNever=neverAuditFlags
4309 # auto.home
4310 nisLDAPattributeFromField auto.home: \
4311 dn=("automountKey=%s,", rf_key ), \
4312 automountKey=rf_key, \
4313 automountInformation=value
4315 # auto.master
4316 nisLDAPattributeFromField auto.master: \
4317 dn=("automountKey=%s,", rf_key ), \
4318 automountKey=rf_key, \
4319 automountInformation=value
4321 # auth_attr
4322 nisLDAPattributeFromField auth_attr: \
4323 dn=("cn=%s,", rf_key ), \
4324 cn=name, \
4325 SolarisAttrReserved1=res1, \
4326 SolarisAttrReserved2=res2, \
4327 SolarisAttrShortDesc=short_desc, \
4328 SolarisAttrLongDesc=long_desc, \
4329 SolarisAttrKeyValue=attrs
4331 # exec_attr. Because of the messy NIS keys special handling is required here
4332 nisLDAPattributeFromField exec_attr: \
4333 dn=("cn=%s+SolarisKernelSecurityPolicy=%s\
4334 +SolarisProfileType=%s+SolarisProfileID=%s,", \
4335 name, policy,type,id), \
4336 ("%s:*", cn)=rf_key, \
4337 ("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \
4338 ("*:*:%s", SolarisProfileId)=rf_key, \
4339 solarisProfileType=type, \
4340 solarisAttrReserved1=res1, \
4341 SolarisAttrReserved2=res2, \
4342 solarisAttrKeyValue=attrs
4344 # ethers
4345 nisLDAPattributeFromField ethers.byname: \
4346 dn=("cn=%s,", rf_key ), \
4347 macAddress=addr
4348 nisLDAPattributeFromField ethers.byaddr: \
4349 dn=("cn=%s,", name ), \
4350 macAddress=rf_key
4351 nisLDAPattributeFromField ethers: \
4352 cn=name, \
4353 description=rf_comment
4355 # bootparams. Must be done after ethers
4356 nisLDAPattributeFromField bootparams: \
4357 dn=("cn=%s,", rf_key ), \
4358 cn=rf_key, \
4359 (bootParameter)=(params, " ")
4360 ' >> $MAP_FILE
4362 # group syntax is different when group.adjunct map is present.
4363 # So, need to handle the various possibilities
4365 _MAP=group.adjunct.byname
4367 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4368 then
4370 # Just put the group.adjunct syntax in comment form
4372 echo '# group
4373 nisLDAPattributeFromField group.byname: \
4374 dn=("cn=%s,", rf_key ), \
4375 gidNumber=gid
4376 nisLDAPattributeFromField group.bygid: \
4377 dn=("cn=%s,", name ), \
4378 gidNumber=rf_key
4379 nisLDAPattributeFromField group: \
4380 cn=name, \
4381 userPassword=("{crypt}%s",passwd), \
4382 (memberUid)=(users, ",")
4385 # If you are using group.adjunct, comment the group section above
4386 # and uncomment the following group and group.adjunct sections
4388 # group
4389 #nisLDAPattributeFromField group.byname: \
4390 # dn=("cn=%s,", rf_key ), \
4391 # gidNumber=gid
4392 #nisLDAPattributeFromField group.bygid: \
4393 # dn=("cn=%s,", name ), \
4394 # gidNumber=rf_key
4395 #nisLDAPattributeFromField group: \
4396 # cn=name, \
4397 # (memberUid)=(users, ",")
4399 # group.adjunct
4400 #nisLDAPattributeFromField group.adjunct.byname: \
4401 # dn=("cn=%s,", rf_key ), \
4402 # cn=name, \
4403 # userPassword=("{crypt}%s",passwd)
4404 ' >> $MAP_FILE
4406 else
4408 # Find the domains in which group.adjunct map exists.
4409 find_domains $_MAP DEF_MAPS
4411 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4412 then
4414 # All the domains have group.adjunct map.
4416 echo '# group
4417 #nisLDAPattributeFromField group.byname: \
4418 # dn=("cn=%s,", rf_key ), \
4419 # gidNumber=gid
4420 #nisLDAPattributeFromField group.bygid: \
4421 # dn=("cn=%s,", name ), \
4422 # gidNumber=rf_key
4423 #nisLDAPattributeFromField group: \
4424 # cn=name, \
4425 # userPassword=("{crypt}%s",passwd), \
4426 # (memberUid)=(users, ",")
4428 # If you are not using group.adjunct, uncomment the group section above
4429 # and comment the following group and group.adjunct sections
4431 # group
4432 nisLDAPattributeFromField group.byname: \
4433 dn=("cn=%s,", rf_key ), \
4434 gidNumber=gid
4435 nisLDAPattributeFromField group.bygid: \
4436 dn=("cn=%s,", name ), \
4437 gidNumber=rf_key
4438 nisLDAPattributeFromField group: \
4439 cn=name, \
4440 (memberUid)=(users, ",")
4442 # group.adjunct
4443 nisLDAPattributeFromField group.adjunct.byname: \
4444 dn=("cn=%s,", rf_key ), \
4445 cn=name, \
4446 userPassword=("{crypt}%s",passwd)
4447 ' >> $MAP_FILE
4449 else
4450 # Not every domain has group.adjunct map.
4452 # First put the password syntax with domain name for domains
4453 # in which group.adjunct exists.
4455 echo "# group" >> $MAP_FILE
4457 for _DMN in $PRESENT_IN_DOMAINS
4460 echo "\
4461 # domain-specific group
4462 nisLDAPattributeFromField group.byname,${_DMN}: \\
4463 dn=(\"cn=%s,\", rf_key ), \\
4464 gidNumber=gid
4465 nisLDAPattributeFromField group.bygid,${_DMN}: \\
4466 dn=(\"cn=%s,\", name ), \\
4467 gidNumber=rf_key
4468 nisLDAPattributeFromField group,${_DMN}: \\
4469 cn=name, \\
4470 (memberUid)=(users, \",\")
4471 " >> $MAP_FILE
4472 done
4474 # Now put the other group syntax. We do not need to
4475 # append the domain name here.
4477 echo '
4478 nisLDAPattributeFromField group.byname: \
4479 dn=("cn=%s,", rf_key ), \
4480 gidNumber=gid
4481 nisLDAPattributeFromField group.bygid: \
4482 dn=("cn=%s,", name ), \
4483 gidNumber=rf_key
4484 nisLDAPattributeFromField group: \
4485 cn=name, \
4486 userPassword=("{crypt}%s",passwd), \
4487 (memberUid)=(users, ",")
4488 ' >> $MAP_FILE
4490 # Now we need to put the group.adjunct syntax for domains
4491 # in which this map exists.
4493 echo "# group.adjunct" >> $MAP_FILE
4495 for _DMN in $PRESENT_IN_DOMAINS
4498 echo "\
4499 nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\
4500 dn=(\"cn=%s,\", rf_key ), \\
4501 cn=name, \\
4502 userPassword=(\"{crypt}%s\",passwd)
4503 " >> $MAP_FILE
4504 done
4511 echo '
4512 # hosts
4513 # Cannot forward map hosts.byname key as the YP_MULTI entries will not work.
4514 nisLDAPattributeFromField hosts.byname: \
4515 cn=rf_searchkey
4516 nisLDAPattributeFromField hosts.byaddr: \
4517 ipHostNumber=rf_searchipkey
4518 nisLDAPattributeFromField hosts: \
4519 ipHostNumber=addr, \
4520 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
4521 cn=canonicalName, \
4522 (cn)=(aliases, " "), \
4523 description=rf_comment
4525 nisLDAPattributeFromField multihosts: \
4526 ("YP_MULTI_%s", cn)=rf_searchkey
4528 # ipnodes
4529 # Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work.
4530 nisLDAPattributeFromField ipnodes.byname: \
4531 cn=rf_searchkey
4532 nisLDAPattributeFromField ipnodes.byaddr: \
4533 ipHostNumber=rf_searchipkey
4534 nisLDAPattributeFromField ipnodes: \
4535 ipHostNumber=addr, \
4536 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
4537 cn=canonicalName, \
4538 (cn)=(aliases, " "), \
4539 description=rf_comment
4541 nisLDAPattributeFromField multiipnodes: \
4542 ("YP_MULTI_%s", cn)=rf_searchkey
4544 #mail.aliases
4545 nisLDAPattributeFromField mail.aliases: \
4546 dn=("mail=%s,", rf_key), \
4547 mail=rf_key, \
4548 (mgrprfc822mailmember)=(addresses, ",")
4550 #mail.mapping
4551 #Commented out because all NIS->LDAP mappings are done by mail.aliases
4552 #nisLDAPattributeFromField mail.mapping: \
4553 # dn=("mail=%s,", address), \
4554 # mail=address, \
4555 # mgrprfc822mailmember=rf_key
4556 nisLDAPattributeFromField mail.mapping: \
4557 mgrprfc822mailmember=rf_searchkey
4559 # netgroup.
4561 # Only need to create DIT entries for netgroup. This contains a superset of
4562 # the information in netgroup.byhost and netgroup.byuser
4563 nisLDAPattributeFromField netgroup: \
4564 dn=("cn=%s,", rf_key ), \
4565 (memberNisNetgroup)=group, \
4566 (nisNetgroupTriple)= \
4567 ("(%s,%s,%s)", host, user, domain), \
4568 cn=rf_key, \
4569 description=rf_comment
4571 # netid.pass
4573 # Commented out because, unless remote domains (and thus /etc/netid) is
4574 # supported, all NIS->LDAP mappings are set up from passwd.
4575 #nisLDAPattributeFromField netid.pass: \
4576 # ("unix.%s@*", uidNumber)=rf_key, \
4577 # (gidNumber)=("%s", (data), " "), \
4578 # description=rf_comment
4579 nisLDAPattributeFromField netid.pass: \
4580 ("unix.%s@*", uidNumber)=rf_searchkey
4582 # netid.host
4584 # Commented out because, unless remote domains (and thus /etc/netid) is
4585 # supported, all NIS->LDAP mappings are set up from hosts.
4586 #nisLDAPattributeFromField netid.host: \
4587 # dn=("cn=%s+ipHostNumber=%s,", data, \
4588 # ldap:ipHostNumber:?one?("cn=%s", data)), \
4589 # ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \
4590 # ("unix.%s@*", cn)=rf_key, \
4591 # description=rf_comment
4592 nisLDAPattributeFromField netid.host: \
4593 ("unix.%s@*", cn)=rf_searchkey
4595 # netmasks.byaddr
4596 nisLDAPattributeFromField netmasks.byaddr: \
4597 dn=("ipNetworkNumber=%s,", rf_ipkey ), \
4598 ipNetworkNumber=rf_ipkey, \
4599 ipNetmaskNumber=mask, \
4600 description=rf_comment
4602 # networks.
4603 nisLDAPattributeFromField networks.byname: \
4604 dn=("ipNetworkNumber=%s,", number ), \
4605 cn=name, \
4606 cn=rf_key
4607 nisLDAPattributeFromField networks.byaddr: \
4608 dn=("ipNetworkNumber=%s,", rf_key ), \
4609 cn=name
4610 nisLDAPattributeFromField networks: \
4611 (cn)=(aliases, " "), \
4612 ipNetworkNumber=number, \
4613 description=rf_comment
4614 ' >> $MAP_FILE
4617 # passwd syntax is different when passwd.adjunct map is present.
4618 # So, need to handle the various possibilities
4620 _MAP=passwd.adjunct.byname
4622 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4623 then
4625 # Just put the passwd.adjunct syntax in comment form
4627 echo '# passwd
4628 nisLDAPattributeFromField passwd.byname: \
4629 dn=("uid=%s,", rf_key ), \
4630 uid=rf_key, \
4631 uidNumber=uid
4632 nisLDAPattributeFromField passwd.byuid: \
4633 dn=("uid=%s,", name ), \
4634 uidNumber=rf_key, \
4635 uid=name
4636 nisLDAPattributeFromField passwd: \
4637 cn=name, \
4638 userPassword=("{crypt}%s",passwd), \
4639 gidNumber=gid, \
4640 gecos=gecos, \
4641 homeDirectory=home, \
4642 loginShell=shell
4645 # If you are using passwd.adjunct, comment the passwd section above
4646 # and uncomment the following passwd and passwd.adjunct sections
4648 # passwd
4649 #nisLDAPattributeFromField passwd.byname: \
4650 # dn=("uid=%s,", rf_key ), \
4651 # uid=rf_key, \
4652 # uidNumber=uid
4653 #nisLDAPattributeFromField passwd.byuid: \
4654 # dn=("uid=%s,", name ), \
4655 # uidNumber=rf_key, \
4656 # uid=name
4657 #nisLDAPattributeFromField passwd: \
4658 # cn=name, \
4659 # gidNumber=gid, \
4660 # gecos=gecos, \
4661 # homeDirectory=home, \
4662 # loginShell=shell
4664 # passwd.adjunct
4665 #nisLDAPattributeFromField passwd.adjunct.byname: \
4666 # dn=("uid=%s,", rf_key ), \
4667 # uid=name, \
4668 # userPassword=("{crypt}%s",passwd)
4669 ' >> $MAP_FILE
4671 else
4673 # Find the domains in which passwd.adjunct map exists.
4674 find_domains $_MAP DEF_MAPS
4676 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4677 then
4679 # All the domains have passwd.adjunct map. So, put the right
4680 # passwd syntax and comment-in the passwd.adjunct syntax.
4683 echo '# passwd
4684 #nisLDAPattributeFromField passwd.byname: \
4685 # dn=("uid=%s,", rf_key ), \
4686 # uid=rf_key, \
4687 # uidNumber=uid
4688 #nisLDAPattributeFromField passwd.byuid: \
4689 # dn=("uid=%s,", name ), \
4690 # uidNumber=rf_key, \
4691 # uid=name
4692 #nisLDAPattributeFromField passwd: \
4693 # cn=name, \
4694 # userPassword=("{crypt}%s",passwd), \
4695 # gidNumber=gid, \
4696 # gecos=gecos, \
4697 # homeDirectory=home, \
4698 # loginShell=shell
4700 # If you are not using passwd.adjunct, uncomment the passwd section above
4701 # and comment the following passwd and passwd.adjunct sections
4703 # passwd
4704 nisLDAPattributeFromField passwd.byname: \
4705 dn=("uid=%s,", rf_key ), \
4706 uid=rf_key, \
4707 uidNumber=uid
4708 nisLDAPattributeFromField passwd.byuid: \
4709 dn=("uid=%s,", name ), \
4710 uidNumber=rf_key, \
4711 uid=name
4712 nisLDAPattributeFromField passwd: \
4713 cn=name, \
4714 gidNumber=gid, \
4715 gecos=gecos, \
4716 homeDirectory=home, \
4717 loginShell=shell
4719 # passwd.adjunct
4720 nisLDAPattributeFromField passwd.adjunct.byname: \
4721 dn=("uid=%s,", rf_key ), \
4722 uid=name, \
4723 userPassword=("{crypt}%s",passwd)
4724 ' >> $MAP_FILE
4726 else
4727 # Not every domain has passwd.adjunct map.
4729 # First put the password syntax with domain name for domains
4730 # in which passwd.adjunct exists.
4732 echo "# passwd" >> $MAP_FILE
4734 for _DMN in $PRESENT_IN_DOMAINS
4737 echo "\
4738 nisLDAPattributeFromField passwd.byname,${_DMN}: \\
4739 dn=(\"uid=%s,\", rf_key ), \\
4740 uid=rf_key, \\
4741 uidNumber=uid
4742 nisLDAPattributeFromField passwd.byuid,${_DMN}: \\
4743 dn=(\"uid=%s,\", name ), \\
4744 uidNumber=rf_key, \\
4745 uid=name
4746 nisLDAPattributeFromField passwd,${_DMN}: \\
4747 cn=name, \\
4748 gidNumber=gid, \\
4749 gecos=gecos, \\
4750 homeDirectory=home, \\
4751 loginShell=shell
4752 " >> $MAP_FILE
4753 done
4755 # Now put the other passwd syntax. We do not need to
4756 # append the domain name here.
4758 echo '
4759 nisLDAPattributeFromField passwd.byname: \
4760 dn=("uid=%s,", rf_key ), \
4761 uid=rf_key, \
4762 uidNumber=uid
4763 nisLDAPattributeFromField passwd.byuid: \
4764 dn=("uid=%s,", name ), \
4765 uidNumber=rf_key, \
4766 uid=name
4767 nisLDAPattributeFromField passwd: \
4768 cn=name, \
4769 userPassword=("{crypt}%s",passwd), \
4770 gidNumber=gid, \
4771 gecos=gecos, \
4772 homeDirectory=home, \
4773 loginShell=shell
4774 ' >> $MAP_FILE
4776 # Now we need to put the passwd.adjunct syntax for domains
4777 # in which this map exists.
4779 echo "# passwd.adjunct" >> $MAP_FILE
4781 for _DMN in $PRESENT_IN_DOMAINS
4784 echo "\
4785 nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\
4786 dn=(\"uid=%s,\", rf_key ), \\
4787 uid=name, \\
4788 userPassword=(\"{crypt}%s\",passwd)
4789 " >> $MAP_FILE
4790 done
4796 echo '
4797 # This map is never created but yppasswd uses the mapping to extract password
4798 # aging information from the DIT.
4799 nisLDAPattributeFromField ageing.byname: \
4800 dn=("uid=%s,", rf_key ), \
4801 uid=name, \
4802 shadowLastChange=lastchg, \
4803 shadowMin=min, \
4804 shadowMax=max, \
4805 shadowWarning=warn, \
4806 shadowInactive=inactive, \
4807 shadowExpire=expire, \
4808 shadowFlag=flag
4810 # printers.conf.byname
4811 nisLDAPattributeFromField printers.conf.byname: \
4812 dn=("printer-uri=%s,", rf_key ), \
4813 printer-name=rf_key, \
4814 (printer-aliases)=(names, "|"), \
4815 sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \
4816 (sun-printer-kvp)=(values,":"), \
4817 description=rf_comment
4819 # prof_attr
4820 nisLDAPattributeFromField prof_attr: \
4821 dn=("cn=%s,", rf_key ), \
4822 cn=name, \
4823 SolarisAttrReserved1=res1, \
4824 SolarisAttrReserved2=res2, \
4825 SolarisAttrLongDesc=desc, \
4826 SolarisAttrKeyValue=attrs
4828 # project
4829 nisLDAPattributeFromField project.byname: \
4830 dn=("SolarisProjectName=%s,", rf_key )
4831 nisLDAPattributeFromField project.byprojid: \
4832 dn=("SolarisProjectName=%s,", name ), \
4833 SolarisProjectID=rf_searchkey
4834 nisLDAPattributeFromField project: \
4835 SolarisProjectName=name, \
4836 SolarisProjectID=projID, \
4837 (memberUid)=(users, ","), \
4838 (memberGid)=(groups, ","), \
4839 (SolarisProjectAttr)=(attrs, ";"), \
4840 description=comment
4842 # protocols
4843 nisLDAPattributeFromField protocols.byname: \
4844 ipProtocolNumber=number, \
4845 cn=rf_searchkey
4846 nisLDAPattributeFromField protocols.bynumber: \
4847 ipProtocolNumber=rf_key, \
4848 description=rf_comment
4849 nisLDAPattributeFromField protocols: \
4850 dn=("cn=%s,", name ), \
4851 (cn)=(aliases, " "), \
4852 cn=name
4854 # rpc.bynumber
4855 nisLDAPattributeFromField rpc.bynumber: \
4856 dn=("cn=%s,", name ), \
4857 oncRpcNumber=rf_key, \
4858 (cn)=(aliases, " "), \
4859 cn=name, \
4860 description=rf_comment
4862 # services
4863 # services.byservicename rule is only used to speed single search
4864 nisLDAPattributeFromField services.byservicename: \
4865 ("%s/%s", cn, ipServiceProtocol) = rf_searchkey
4867 nisLDAPattributeFromField services.byname: \
4868 dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \
4869 ("*/%s", ipServiceProtocol)=rf_key, \
4870 ("%s/*", ipServicePort)=rf_key, \
4871 (cn)=(aliases, " "), \
4872 cn=name, \
4873 description=rf_comment
4875 # timezone.byname
4876 nisLDAPattributeFromField timezone.byname: \
4877 dn=("cn=%s,", rf_key ), \
4878 cn=hostName, \
4879 nisplusTimeZone=zoneName, \
4880 description=comment
4882 # user_attr
4883 nisLDAPattributeFromField user_attr: \
4884 dn=("uid=%s,", rf_key ), \
4885 uid=rf_key, \
4886 SolarisUserAttr=qualifier, \
4887 SolarisUserReserved1=res1, \
4888 SolarisUserReserved2=res2, \
4889 SolarisAttrKeyValue=attrs
4891 # publickey.byname
4892 nisLDAPattributeFromField keys.host: \
4893 dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \
4894 nisPublicKey=publicKey, \
4895 nisSecretKey=secretKey
4897 nisLDAPattributeFromField keys.pass: \
4898 dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \
4899 nisPublicKey=publicKey, \
4900 nisSecretKey=secretKey
4902 nisLDAPattributeFromField keys.nobody: \
4903 dn=("uid=%s,",yp:rf_key), \
4904 cn=rf_key, \
4905 nisPublicKey=publicKey, \
4906 nisSecretKey=secretKey
4908 # ypservers. This derived from IPlanet implementation not RFC.
4909 nisLDAPattributeFromField ypservers: \
4910 dn=("cn=%s,", rf_key), \
4911 cn=rf_key
4912 ' >> $MAP_FILE
4916 # List all the non-default auto.* and custom maps.
4918 list_auto_and_custom_nisLDAPattributeFromField()
4921 # auto.* entries are easy.
4922 if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
4923 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
4926 for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
4928 echo "\
4929 # ${_MAP}
4930 nisLDAPattributeFromField ${_MAP}: \\
4931 dn=(\"automountKey=%s,\", rf_key ), \\
4932 automountKey=rf_key, \\
4933 automountInformation=value
4934 " >> $MAP_FILE
4935 done
4937 # Since we do not have enough information to generate
4938 # entries for other custom maps, best we can do is to
4939 # log this map names and ask user to take care of them.
4941 ask_user_to_update_the_custom_map_entries_too
4947 # List mapping of named fields to DIT entries
4949 create_nisLDAPattributeFromField()
4952 [ CUST_CMT_NEEDED -eq 1 ] && echo '
4953 # nisLDAPattributeFromField : It specifies how an LDAP attribute
4954 # value is derived from a NIS entries field values.
4956 # The format of nisLDAPattributeFromField entry is :
4957 # mapName ":" fieldattrspec *("," fieldattrspec )
4958 ' >> $MAP_FILE
4960 # List all the default entries anyway.
4961 list_default_nisLDAPattributeFromField
4963 # List all the non-default auto.* and custom maps.
4964 list_auto_and_custom_nisLDAPattributeFromField
4966 echo "
4968 #------------------------------------------------------------------------------
4970 " >> $MAP_FILE
4975 # List all the default nisLDAPattributeFromField entries
4977 list_default_nisLDAPfieldFromAttribute()
4979 echo '
4980 # Describe how named fields are mapped from DIT entries.
4982 # audit_user
4983 nisLDAPfieldFromAttribute audit_user: \
4984 ("uid=%s,*", rf_key)=dn, \
4985 ("uid=%s,*", name)=dn, \
4986 alwaysAuditFlags=SolarisAuditAlways, \
4987 neverAuditFlags=SolarisAuditNever
4989 # auto.home
4990 nisLDAPfieldFromAttribute auto.home: \
4991 rf_key=automountKey, \
4992 value=automountInformation
4994 # auto.master
4995 nisLDAPfieldFromAttribute auto.master: \
4996 rf_key=automountKey, \
4997 value=automountInformation
4999 # auth_attr
5000 nisLDAPfieldFromAttribute auth_attr: \
5001 rf_key=cn, \
5002 name=cn, \
5003 res1=SolarisAttrReserved1, \
5004 res2=SolarisAttrReserved2, \
5005 short_desc=SolarisAttrShortDesc, \
5006 long_desc=SolarisAttrLongDesc, \
5007 attrs=SolarisAttrKeyValue
5009 # Exec_attr. Because of messy NIS keys special handlind is required here
5010 nisLDAPfieldFromAttribute exec_attr: \
5011 rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \
5012 solarisProfileId), \
5013 name=cn, \
5014 policy=SolarisKernelSecurityPolicy, \
5015 type=SolarisProfileType, \
5016 res1=SolarisAttrReserved1, \
5017 res2=SolarisAttrReserved2, \
5018 id=SolarisProfileId, \
5019 attrs=SolarisAttrKeyValue
5022 # ethers
5023 nisLDAPfieldFromAttribute ethers.byname: \
5024 rf_key=cn
5025 nisLDAPfieldFromAttribute ethers.byaddr: \
5026 rf_key=macAddress
5027 nisLDAPfieldFromAttribute ethers: \
5028 name=cn, \
5029 addr=macAddress, \
5030 rf_comment=description
5032 # bootparams. Must be done after ethers
5033 nisLDAPfieldFromAttribute bootparams: \
5034 rf_key=cn, \
5035 params=("%s ", (bootParameter), " ")
5036 ' >> $MAP_FILE
5038 # group syntax is different when group.adjunct map is present.
5039 # So, need to handle the various possibilities
5041 _MAP=group.adjunct.byname
5043 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
5044 then
5046 # Just put the group.adjunct syntax in comment form
5048 echo '# group
5049 nisLDAPfieldFromAttribute group.byname: \
5050 rf_key=cn
5051 nisLDAPfieldFromAttribute group.bygid: \
5052 rf_key=gidNumber
5053 nisLDAPfieldFromAttribute group: \
5054 gid=gidNumber, \
5055 name=cn, \
5056 ("{crypt}%s", passwd)=userPassword, \
5057 users=("%s,", (memberUid), ",")
5060 # If you are using group.adjunct, comment the group section above
5061 # and uncomment the following group and group.adjunct section
5063 # group
5064 #nisLDAPfieldFromAttribute group.byname: \
5065 # rf_key=cn
5066 #nisLDAPfieldFromAttribute group.bygid: \
5067 # rf_key=gidNumber
5068 #nisLDAPfieldFromAttribute group: \
5069 # gid=gidNumber, \
5070 # name=cn, \
5071 # passwd=("#$%s", cn), \
5072 # users=("%s,", (memberUid), ",")
5074 # group.adjunct
5075 #nisLDAPfieldFromAttribute group.adjunct.byname: \
5076 # rf_key=cn, \
5077 # name=cn, \
5078 # ("{crypt}%s", passwd)=userPassword
5079 ' >> $MAP_FILE
5081 else
5083 # Find the domains in which group.adjunct map exists.
5084 find_domains $_MAP DEF_MAPS
5086 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
5087 then
5089 # All the domains have group.adjunct map.
5092 echo '# group
5093 #nisLDAPfieldFromAttribute group.byname: \
5094 # rf_key=cn
5095 #nisLDAPfieldFromAttribute group.bygid: \
5096 # rf_key=gidNumber
5097 #nisLDAPfieldFromAttribute group: \
5098 # gid=gidNumber, \
5099 # name=cn, \
5100 # ("{crypt}%s", passwd)=userPassword, \
5101 # users=("%s,", (memberUid), ",")
5104 # If you are not using group.adjunct, comment the group section above
5105 # and uncomment the following group and group.adjunct sections
5107 # group
5108 nisLDAPfieldFromAttribute group.byname: \
5109 rf_key=cn
5110 nisLDAPfieldFromAttribute group.bygid: \
5111 rf_key=gidNumber
5112 nisLDAPfieldFromAttribute group: \
5113 gid=gidNumber, \
5114 name=cn, \
5115 passwd=("#$%s", cn), \
5116 users=("%s,", (memberUid), ",")
5119 # group.adjunct
5120 nisLDAPfieldFromAttribute group.adjunct.byname: \
5121 rf_key=cn, \
5122 name=cn, \
5123 ("{crypt}%s", passwd)=userPassword
5124 ' >> $MAP_FILE
5126 else
5127 # Not every domain has group.adjunct map.
5129 echo "# group" >> $MAP_FILE
5131 for _DMN in $PRESENT_IN_DOMAINS
5134 echo "\
5135 nisLDAPfieldFromAttribute group.byname,${_DMN}: \\
5136 rf_key=cn
5137 nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\
5138 rf_key=gidNumber
5139 nisLDAPfieldFromAttribute group,${_DMN}: \\
5140 gid=gidNumber, \\
5141 name=cn, \\
5142 passwd=(\"#$%s\", cn), \\
5143 users=(\"%s,\", (memberUid), \",\")
5144 " >> $MAP_FILE
5145 done
5147 # Now put the generic group syntax. We do not need to
5148 # append the domain name here.
5150 echo '
5151 nisLDAPfieldFromAttribute group.byname: \
5152 rf_key=cn
5153 nisLDAPfieldFromAttribute group.bygid: \
5154 rf_key=gidNumber
5155 nisLDAPfieldFromAttribute group: \
5156 gid=gidNumber, \
5157 name=cn, \
5158 ("{crypt}%s", passwd)=userPassword, \
5159 users=("%s,", (memberUid), ",")
5160 ' >> $MAP_FILE
5162 # Now we need to put the group.adjunct syntax for domains
5163 # in which this map exists.
5165 echo "#
5166 # group.adjunct
5167 # " >> $MAP_FILE
5169 for _DMN in $PRESENT_IN_DOMAINS
5172 echo "\
5173 nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\
5174 rf_key=cn, \\
5175 name=cn, \\
5176 (\"{crypt}%s\", passwd)=userPassword
5177 " >> $MAP_FILE
5179 done
5185 echo '
5186 # hosts
5187 nisLDAPfieldFromAttribute hosts.byaddr: \
5188 rf_ipkey=ipHostNumber
5189 nisLDAPfieldFromAttribute hosts.byname: \
5190 (rf_key)=(cn)
5191 nisLDAPfieldFromAttribute hosts: \
5192 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5193 addr=ipHostNumber, \
5194 aliases=("%s ", (cn) - yp:canonicalName, " "), \
5195 rf_comment=description
5197 nisLDAPfieldFromAttribute multihosts: \
5198 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5199 (rf_key)=("YP_MULTI_%s", cn), \
5200 aliases=("%s ", (cn) - yp:canonicalName, " "), \
5201 rf_comment=description, \
5202 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
5203 (ipHostNumber=*.*))", yp:canonicalName)), \
5204 addr=("%s,", (yp:tmp), ",")
5206 # ipnodes
5207 nisLDAPfieldFromAttribute ipnodes.byaddr: \
5208 rf_ipkey=ipHostNumber
5209 nisLDAPfieldFromAttribute ipnodes.byname: \
5210 (rf_key)=(cn)
5211 nisLDAPfieldFromAttribute ipnodes: \
5212 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5213 addr=ipHostNumber, \
5214 aliases=("%s ", (cn) - yp:canonicalName, " "), \
5215 rf_comment=description
5217 nisLDAPfieldFromAttribute multiipnodes: \
5218 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5219 (rf_key)=("YP_MULTI_%s", cn), \
5220 aliases=("%s ", (cn) - yp:canonicalName, " "), \
5221 rf_comment=description, \
5222 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
5223 (ipHostNumber=*:*))", yp:canonicalName)), \
5224 addr=("%s,", (yp:tmp), ",")
5226 #mail.aliases
5227 nisLDAPfieldFromAttribute mail.aliases: \
5228 rf_key=mail, \
5229 addresses= ("%s,", (mgrprfc822mailmember), ","), \
5230 rf_comment=description
5232 #mail.mapping
5233 nisLDAPfieldFromAttribute mail.mapping: \
5234 rf_key=mgrprfc822mailmember, \
5235 address=mail, \
5236 rf_comment=description
5238 # netgroup.
5239 nisLDAPfieldFromAttribute netgroup: \
5240 rf_key=cn, \
5241 (group)=(memberNisNetgroup), \
5242 ("(%s,%s,%s)", host, user, domain)= \
5243 (nisNetgroupTriple), \
5244 rf_comment=description
5246 # netid.pass
5247 nisLDAPfieldFromAttribute netid.pass: \
5248 number=uidNumber, \
5249 (tmp)=("%s", gidNumber:ou=group,?one?\
5250 ("memberUid=%s", ldap:uid)), \
5251 sgid=("%s,", (yp:tmp) - gidNumber, ","), \
5252 data=("%s,%s", gidNumber, yp:sgid), \
5253 data=gidNumber, \
5254 (rf_key)=("unix.%s@%s", yp:number, yp:rf_domain)
5256 # netid.host
5257 nisLDAPfieldFromAttribute netid.host: \
5258 ("cn=%s+ipHostNumber=*", data)=dn, \
5259 number=("0"), \
5260 (rf_key)=("unix.%s@%s", yp:data, yp:rf_domain)
5262 # netmasks.byaddr
5263 nisLDAPfieldFromAttribute netmasks.byaddr: \
5264 ("ipNetworkNumber=%s,*", rf_ipkey)=dn, \
5265 mask=ipNetmaskNumber, \
5266 rf_comment=description
5268 # networks.
5269 nisLDAPfieldFromAttribute networks.byname: \
5270 (rf_key)=(cn)
5271 nisLDAPfieldFromAttribute networks.byaddr: \
5272 ("ipNetworkNumber=%s,*", rf_key)=dn
5273 nisLDAPfieldFromAttribute networks: \
5274 name=cn, \
5275 aliases=("%s ", (cn) - yp:name, " "), \
5276 number=ipNetworkNumber, \
5277 rf_comment=description
5278 ' >> $MAP_FILE
5280 # passwd syntax is different when passwd.adjunct map is present.
5281 # So, need to handle the various possibilities
5283 _MAP=passwd.adjunct.byname
5285 if ! present $_MAP $ALL_DMN_DEF_MAPLIST
5286 then
5288 # Just put the passwd.adjunct syntax in comment form
5290 echo '# passwd
5291 nisLDAPfieldFromAttribute passwd.byname: \
5292 rf_key=uid
5293 nisLDAPfieldFromAttribute passwd.byuid: \
5294 rf_key=uidNumber
5295 nisLDAPfieldFromAttribute passwd: \
5296 name=uid, \
5297 uid=uidNumber, \
5298 ("{crypt}%s", passwd)=userPassword, \
5299 gid=gidNumber, \
5300 gecos=gecos, \
5301 home=homeDirectory, \
5302 shell=loginShell
5305 # If you are using passwd.adjunct, comment the passwd section above
5306 # and uncomment the following passwd and passwd.adjunct sections
5308 # passwd
5309 #nisLDAPfieldFromAttribute passwd.byname: \
5310 # rf_key=uid
5311 #nisLDAPfieldFromAttribute passwd.byuid: \
5312 # rf_key=uidNumber
5313 #nisLDAPfieldFromAttribute passwd: \
5314 # name=uid, \
5315 # uid=uidNumber, \
5316 # passwd=("##%s", uid), \
5317 # gid=gidNumber, \
5318 # gecos=gecos, \
5319 # home=homeDirectory, \
5320 # shell=loginShell
5322 # passwd.adjunct
5323 #nisLDAPfieldFromAttribute passwd.adjunct.byname: \
5324 # rf_key=uid, \
5325 # name=uid, \
5326 # ("{crypt}%s", passwd)=userPassword
5327 ' >> $MAP_FILE
5329 else
5331 # Find the domains in which passwd.adjunct map exists.
5332 find_domains $_MAP DEF_MAPS
5334 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
5335 then
5337 # All the domains have passwd.adjunct map. So, put the right
5338 # passwd syntax and comment-in the passwd.adjunct syntax.
5341 echo '# passwd
5342 #nisLDAPfieldFromAttribute passwd.byname: \
5343 # rf_key=uid
5344 #nisLDAPfieldFromAttribute passwd.byuid: \
5345 # rf_key=uidNumber
5346 #nisLDAPfieldFromAttribute passwd: \
5347 # name=uid, \
5348 # uid=uidNumber, \
5349 # ("{crypt}%s", passwd)=userPassword, \
5350 # gid=gidNumber, \
5351 # gecos=gecos, \
5352 # home=homeDirectory, \
5353 # shell=loginShell
5356 # If you are not using passwd.adjunct, uncomment the passwd section
5357 # above and comment the following passwd and passwd.adjunct sections
5359 # passwd
5360 nisLDAPfieldFromAttribute passwd.byname: \
5361 rf_key=uid
5362 nisLDAPfieldFromAttribute passwd.byuid: \
5363 rf_key=uidNumber
5364 nisLDAPfieldFromAttribute passwd: \
5365 name=uid, \
5366 uid=uidNumber, \
5367 passwd=("##%s", uid), \
5368 gid=gidNumber, \
5369 gecos=gecos, \
5370 home=homeDirectory, \
5371 shell=loginShell
5374 # passwd.adjunct Must follow passwd
5376 nisLDAPfieldFromAttribute passwd.adjunct.byname: \
5377 rf_key=uid, \
5378 name=uid, \
5379 ("{crypt}%s", passwd)=userPassword
5380 ' >> $MAP_FILE
5382 else
5383 # Not every domain has passwd.adjunct map.
5385 # First put the password syntax with domain name for domains
5386 # in which passwd.adjunct exists.
5388 echo "# passwd" >> $MAP_FILE
5390 for _DMN in $PRESENT_IN_DOMAINS
5393 echo "\
5394 nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\
5395 rf_key=uid
5396 nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\
5397 rf_key=uidNumber
5398 nisLDAPfieldFromAttribute passwd,${_DMN}: \\
5399 name=uid, \\
5400 uid=uidNumber, \\
5401 passwd=(\"##%s\", uid), \\
5402 gid=gidNumber, \\
5403 gecos=gecos, \\
5404 home=homeDirectory, \\
5405 shell=loginShell
5406 " >> $MAP_FILE
5407 done
5409 # Now put the other passwd syntax. We do not need to
5410 # append the domain name here.
5412 echo '
5413 nisLDAPfieldFromAttribute passwd.byname: \
5414 rf_key=uid
5415 nisLDAPfieldFromAttribute passwd.byuid: \
5416 rf_key=uidNumber
5417 nisLDAPfieldFromAttribute passwd: \
5418 name=uid, \
5419 uid=uidNumber, \
5420 ("{crypt}%s", passwd)=userPassword, \
5421 gid=gidNumber, \
5422 gecos=gecos, \
5423 home=homeDirectory, \
5424 shell=loginShell
5425 ' >> $MAP_FILE
5427 # Now we need to put the passwd.adjunct syntax for domains
5428 # in which this map exists.
5430 echo "#
5431 # passwd.adjunct Must follow passwd
5432 # " >> $MAP_FILE
5434 for _DMN in $PRESENT_IN_DOMAINS
5437 echo "\
5438 nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\
5439 rf_key=uid, \\
5440 name=uid, \\
5441 (\"{crypt}%s\", passwd)=userPassword
5442 " >> $MAP_FILE
5444 done
5450 echo '
5451 # This map is never created but yppasswd uses the mapping to extract password
5452 # ageing information from the DIT.
5453 nisLDAPfieldFromAttribute ageing.byname: \
5454 rf_key=uid, \
5455 name=uid, \
5456 lastchg=shadowLastChange, \
5457 min=shadowMin, \
5458 max=shadowMax, \
5459 warn=shadowWarning, \
5460 inactive=shadowInactive, \
5461 expire=shadowExpire, \
5462 flag=shadowFlag
5464 # printers.conf.byname
5465 nisLDAPfieldFromAttribute printers.conf.byname: \
5466 rf_key=printer-uri, \
5467 names=("%s|", (printer-aliases), "|"), \
5468 bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \
5469 kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \
5470 values=("%s:%s", yp:bsdaddr, yp:kvps), \
5471 values=("%s:", yp:bsdaddr), \
5472 values=yp:kvps, \
5473 rf_comment=description
5475 # prof_attr
5476 nisLDAPfieldFromAttribute prof_attr: \
5477 rf_key=cn, \
5478 name=cn, \
5479 res1=SolarisAttrReserved1, \
5480 res2=SolarisAttrReserved2, \
5481 desc=SolarisAttrLongDesc, \
5482 attrs=SolarisAttrKeyValue
5484 # project
5485 nisLDAPfieldFromAttribute project.byname: \
5486 rf_key=SolarisProjectName
5487 nisLDAPfieldFromAttribute project.byprojid: \
5488 rf_key=SolarisProjectID
5489 nisLDAPfieldFromAttribute project: \
5490 name=SolarisProjectName, \
5491 projID=SolarisProjectID, \
5492 comment=description, \
5493 users=("%s,", (memberUid), ","), \
5494 groups=("%s,", (memberGid), ","), \
5495 attrs=("%s;", (SolarisProjectAttr), ";")
5497 # protocols
5498 nisLDAPfieldFromAttribute protocols.byname: \
5499 ("cn=%s,*", rf_key)=dn, \
5500 (rf_key)=(cn)
5501 nisLDAPfieldFromAttribute protocols.bynumber: \
5502 rf_key=ipProtocolNumber, \
5503 rf_comment=description
5504 nisLDAPfieldFromAttribute protocols: \
5505 ("cn=%s,*", name)=dn, \
5506 number=ipProtocolNumber, \
5507 aliases=("%s ", (cn) - yp:name, " ")
5509 # rpc.bynumber
5510 nisLDAPfieldFromAttribute rpc.bynumber: \
5511 rf_key=oncRpcNumber, \
5512 number=oncRpcNumber, \
5513 ("cn=%s,*", name)=dn, \
5514 aliases=("%s ", (cn) - yp:name, " "), \
5515 rf_comment=description
5517 # services
5518 nisLDAPfieldFromAttribute services.byname: \
5519 rf_key = ("%s/%s", ipServicePort, ipServiceProtocol)
5520 nisLDAPfieldFromAttribute services.byservicename: \
5521 (rf_key)=("%s/%s", cn, ipServiceProtocol), \
5522 (rf_key)=(cn)
5523 nisLDAPfieldFromAttribute services: \
5524 ("cn=%s+ipServiceProtocol=*", name)=dn, \
5525 protocol=ipServiceProtocol, \
5526 port=ipServicePort, \
5527 aliases=("%s ", (cn) - yp:name, " "), \
5528 rf_comment=description
5530 # timezone.byname
5531 nisLDAPfieldFromAttribute timezone.byname: \
5532 rf_key=cn, \
5533 hostName=cn, \
5534 zoneName=nisplusTimeZone, \
5535 rf_comment=description
5537 # user_attr
5538 nisLDAPfieldFromAttribute user_attr: \
5539 ("uid=%s,*", rf_key)=dn, \
5540 ("uid=%s,*", user)=dn, \
5541 qualifier=SolarisUserAttr, \
5542 res1=SolarisUserReserved1, \
5543 res2=SolarisUserReserved2, \
5544 attrs=SolarisAttrKeyValue
5546 # publickey.byname
5547 nisLDAPfieldFromAttribute keys.host: \
5548 ("cn=%s+ipHostNumber=*", cname)=dn, \
5549 rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \
5550 publicKey=nisPublicKey, \
5551 secretKey=nisSecretKey
5553 nisLDAPfieldFromAttribute keys.pass: \
5554 rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \
5555 publicKey=nisPublicKey, \
5556 secretKey=nisSecretKey
5558 nisLDAPfieldFromAttribute keys.nobody: \
5559 rf_key=uid, \
5560 publicKey=nisPublicKey, \
5561 secretKey=nisSecretKey
5563 # ypservers. This derived from IPlanet implementation not RFC.
5564 nisLDAPfieldFromAttribute ypservers: \
5565 rf_key=cn
5566 ' >> $MAP_FILE
5571 # List all the non-default auto.* and custom maps.
5573 list_auto_and_custom_nisLDAPfieldFromAttribute()
5576 # auto.* entries are easy.
5577 if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
5578 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
5581 for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
5583 echo "\
5584 # ${_MAP}
5585 nisLDAPfieldFromAttribute ${_MAP}: \\
5586 rf_key=automountKey, \\
5587 value=automountInformation
5588 " >> $MAP_FILE
5589 done
5591 # Since we do not have enough information to generate
5592 # entries for other custom maps, best we can do is to
5593 # log this map names and ask user to take care of them.
5595 ask_user_to_update_the_custom_map_entries_too
5601 # List mapping of named fields from DIT entries
5603 create_nisLDAPfieldFromAttribute()
5606 [ CUST_CMT_NEEDED -eq 1 ] && echo '
5607 # nisLDAPfieldFromAttribute : It specifies how a NIS entries
5608 # field values are derived from LDAP attribute values.
5610 # The format of nisLDAPfieldFromAttribute is :
5611 # mapName ":" fieldattrspec *("," fieldattrspec)
5612 ' >> $MAP_FILE
5614 # List all the default entries anyway.
5615 list_default_nisLDAPfieldFromAttribute
5617 # List all the non-default auto.* and custom maps.
5618 list_auto_and_custom_nisLDAPfieldFromAttribute
5620 echo "
5622 #------------------------------------------------------------------------------
5624 " >> $MAP_FILE
5629 # Main function for creating the mapping file
5630 create_mapping_file()
5632 # Ask user the list of domains to be served by N2L
5633 create_n2l_domain_list
5635 # If there are no N2L domains or none selected, then exit
5636 if [ $N2L_DMN_CNT -eq 0 ]; then
5637 echo "There are no domains to serve. No mapping file generated."
5638 return 1
5641 while :
5643 get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}"
5645 # If help continue, otherwise break.
5646 case "$ANS" in
5647 [Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;;
5648 * ) break ;;
5649 esac
5650 done
5652 MAP_FILE=${ANS}
5653 [ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE
5655 # Backup existing mapping file if selected
5656 check_back_mapping_file
5658 # To prevent from leaving a partial mapping file in case some error
5659 # or signal takes place which might result in machine starting in N2L
5660 # mode at next reboot, store the output being generated in a temporary
5661 # file first, and move it at the final destination only at the end if
5662 # everything goes fine.
5664 _MAP_FILE=$MAP_FILE
5665 MAP_FILE=${TMPDIR}/${TMPMAP}.$$
5667 echo "Generating mapping file temporarily as \"${MAP_FILE}\""
5669 # Place copyright information
5670 put_mapping_file_copyright_info
5673 # Prepare various map lists for each domain
5674 create_map_lists
5676 # List domains and contexts
5677 get_nisLDAPdomainContext
5679 # List domains for which passwords should be changed
5680 get_nisLDAPyppasswddDomains
5682 # List databaseId mappings (aliases)
5683 create_nisLDAPdatabaseIdMapping
5685 # List comment character for maps
5686 create_nisLDAPcommentChar
5688 # List SECURE and INTERDOMAIN flags
5689 create_nisLDAPmapFlags
5691 # List TTL values
5692 create_nisLDAPentryTtl
5694 # List name fields
5695 create_nisLDAPnameFields
5697 # List split fields and repeated fields seperators.
5698 create_split_field_and_repeatedfield_seperators
5700 # List association of maps with RDNs and object classes.
5701 create_nisLDAPobjectDN
5703 # List mapping of named fields to DIT entries
5704 create_nisLDAPattributeFromField
5706 # List mapping of named fields from DIT entries
5707 create_nisLDAPfieldFromAttribute
5710 # We are done, so move back the mapping file from temp. location
5711 # to actual location.
5712 # In case the mapping file name has a directory component which does
5713 # not exist, then create it now, otherwise 'mv' will return error.
5715 DIR_TO_CREATE=`dirname ${_MAP_FILE}`
5716 mkdir -p ${DIR_TO_CREATE}
5718 echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)"
5719 mv $MAP_FILE $_MAP_FILE
5721 # Revert back the mapping file name in case needed.
5722 MAP_FILE=$_MAP_FILE
5723 echo "Finished creation of mapping file ( $MAP_FILE )"
5729 # Main function for creating config file (ypserv)
5731 process_config_file()
5733 # Ask for confirmation if the file name is not specified.
5735 if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then
5736 display_msg no_config_file_name_specified
5738 get_confirm_nodef "Do you want to create the config file (y/n) ?"
5740 [ $? -eq 0 ] && return 0
5742 while :
5744 get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}"
5746 # If help continue, otherwise break.
5747 case "$ANS" in
5748 [Hh] | help | Help | \?) display_msg new_config_file_name_help ;;
5749 * ) break ;;
5750 esac
5751 done
5753 CONFIG_FILE=${ANS}
5754 [ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE
5758 # Backup existing config file if selected
5759 check_back_config_file
5761 # Create config file
5762 create_config_file
5767 # Main function for creating mapping file (NISLDAPmapping)
5769 process_mapping_file()
5771 # Ask for confirmation if the file name is not specified.
5773 if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then
5774 display_msg no_mapping_file_name_specified
5776 get_confirm_nodef "Do you want to create the mapping file (y/n) ?"
5778 [ $? -eq 0 ] && return 0
5783 # Create mapping file
5784 create_mapping_file
5787 ###########################################
5788 ########### MAIN ###########
5789 ###########################################
5791 PROG=`basename $0` # Program name
5792 ABS_PROG=$0 # absolute path needed
5794 # Only superuser should be able to run this script.
5795 is_root_user
5796 if [ $? -ne 0 ]; then
5797 echo "ERROR : Only root can run $PROG"
5798 exit 1
5801 # Initialize things
5802 init
5804 # Parse command line arguments.
5805 parse_arg $*
5807 # Create config file (ypserv)
5808 process_config_file
5810 # Create mapping file (NISLDAPmapping).
5811 process_mapping_file
5813 # Cleanup temp files and directories unless debug.
5814 [ $DEBUG -eq 0 ] && cleanup
5816 exit 0