1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
There are two classes of configuration information which the plugin
uses: configuration for the plugin as a whole, and configuration for
individual maps.
Configuration for the plugin as a whole is stored in the same entry
which instructs the server to load the plugin. These attributes are
recognized:
* nis-max-dgram-size
This sets the maximum size of a response that the server will attempt
to send to clients which issued a query over UDP. The default value
is 1024 bytes.
* nis-max-value-size
This sets the maximum size of a value that the server will attempt to
send to clients which issued a query over TCP. This primarily comes
into play when the client attempts to enumerate the contents of a map
using the yp_all() function. While the server attempts to respond in
chunks of roughly 4 kB at a time, exceptions are made up to a point.
The default value is 262144 (256 kB).
* nis-tcp-wrappers-name
This sets the name the server will use when evaluating hosts.allow
and hosts.deny files to determine if the client should be allowed
access. The default is "nis-plugin".
* nis-securenet
This multi-valued attribute provides information about which networks
are allowed to access the service. If no values are present (this is
the default), all clients are allowed access. Any values which are
present are interpreted as a netmask and a network block address.
The value "255.0.0.0 127.0.0.0" is one valid example.
* nsslapd-pluginarg0
This sets the port on which the server should listen for client
request. By default, the server will use an arbitrariliy-chosen
privileged port, but this option is provided to allow administrators
to run the service on systems which have firewalls configured.
In combination with the settings the directory server itself needs in
order to be able to load a postoperation plugin, an example entry might
look like this:
dn: cn=NIS Server, cn=plugins, cn=config
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: NIS Server
nsslapd-pluginpath: /usr/lib/dirsrv/plugins/nisserver-plugin.so
nsslapd-plugininitfunc: nis_plugin_init
nsslapd-plugintype: postoperation
nsslapd-pluginenabled: on
nsslapd-pluginid: nis-server
nsslapd-version: 0.0
nsslapd-pluginvendor: redhat.com
nsslapd-plugindescription: NIS Server Plugin
nsslapd-pluginarg0: 876
nis-tcp-wrappers-name: nis-server
nis-max-dgram-size: 2048
nis-max-value-size: 1048576
Configuration for individual maps should be stored in entries directly
beneath the plugin's entry. These attributes are recognized:
* nis-domain
The NIS domain in which this map appears. The server will claim to
support any domain for which it has at least one map configured.
There is no default value, and a single map will appear in multiple
domains if this attribute has multiple values.
* nis-map
The name of this map in the domain. There is no default value, and a
single map will appear with multiple names if this attribute has
multiple values.
* nis-base
The entry under which directory server entries which should be
converted into NIS map entries can be found. There is no default
setting. If this attribute has more than one value, the resulting
NIS map will include every entry which can be found by searching
under all of the specified entries.
* nis-secure
Indicates that the contents of this map should only be visible to
clients whose queries originated from port numbers below 1024. The
default setting for all maps is "no".
* nis-filter
The filter which is used to select entries for conversion.
* nis-key-format
A format specifier which the plugin will use to convert the contents
of the directory server entry into a key for the NIS map. If the
expression fails to evaluate, or evaluates to more than one value,
the entry will be ignored. This can be used to ensure a 1-to-1
mapping between entries in the directory server and a NIS map.
* nis-keys-format
A format specifier which the plugin will use to convert the contents
of the directory server entry into a set of keys for the NIS map.
The resulting NIS map will include a key for each value to which the
expression evaluates. This can be used to allow for an arbitrary
number of NIS map entries to be created for a given directory server
entry.
* nis-value-format
A format specifier which the plugin will use to convert the contents
of the directory server entry into a NIS map entry's value. If the
entry will have multiple keys, each key will use the same value.
* nis-values-format
A format specifier which the plugin will use to convert the contents
of the directory server entry into values for NIS map entries.
Typically this will be used in combination with a "nis-keys-format"
setting to generate a set of key/value pairs for a single directory
server entry. If there are fewer values than keys, the values will
be reused.
* nis-disallowed-chars
A list of characters which, if found in an attribute value, will
cause that attribute value to be ignored when evaluating keys and
values.
The nis-filter, nis-key-format, nis-keys-format, nis-value-format, and
nis-values-format settings all have defaults which vary based on the
name of the NIS map, but the defaults can always be overridden. An
example map definition might look like this:
dn: nis-domain=example.com+map=email.byname,cn=NIS Server,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: example.com
nis-map: email.byname
nis-base: cn=Users, cn=Accounts, dc=example, dc=com
nis-filter: (&(mail=*)(uid=*))
nis-key-format: %{uid}
nis-value-format: %{uid}:%{mail}
nis-disallowed-chars: :
nis-secure: no
|
