[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Network Information Services (NIS and NIS+) Guide

Appendix B. Migrating from NIS and NIS+ to RFC 2307-compliant LDAP services

AIX 5.2 introduces a new name resolution method, NIS_LDAP, which uses the schema defined by RFC 2307. This appendix describes the process of migrating from NIS or NIS+ to the new method.

Considerations

Server Setup

To prepare the server, you will need to do the following:

  1. Install the ldap.server and ldap.client packages.
  2. Use the mksecldap command to configure the server. An example follows:
    mksecldap -s -a cn=admin -p adminpwd -S rfc2307 -u NONE

    The -u NONE option prevents the mksecldap command from migrating users and groups. If users and groups are to be migrated from NIS or NIS+, this is necessary. See the mksecldap command description in AIX 5L Version 5.2 Commands Reference for more details.

Migrating Data to LDAP

Data is migrated to the LDAP directory using the nistoldif command. The nistoldif command can operate in two modes: it can output LDIF data, or it can write the data directly to the server. The nistoldif command will not add a user or a group with a UID or GID that conflicts with one already on the server.

Note
You may have to increase the size of the partition containing the database that LDAP is using. By default, this will be the /home directory. If not enough space is allocated, and you are migrating data to the server, the nistoldif command will fail. In this case, increase the size of the partition and rerun the nistoldif command.

For more information, see the nistoldif command description in AIX 5L Version 5.2 Commands Reference.

Migrating Data from NIS

If you are migrating data from the default NIS domain, the nistoldif command will use this data by default. If you wish to use a NIS domain other than the default, you should use the -y flag to specify a domain. Following is an example:

nistoldif -h server1.ibm.com -a cn=admin -p adminpwd -d cn=aixdata

This migrates NIS maps from the default domain to the LDAP server server1.ibm.com under the cn=aixdata DN. If no NIS maps are present, it will fall back to the data in the /etc directory. The -f flag changes the fallback directory.

See the nistoldif command description in AIX 5L Version 5.2 Commands Reference for more details.

Migrating Data from NIS+

The nistoldif command cannot directly migrate data from NIS+ to the server (or to LDIF). In this case, the data must be extracted from the tables using the nisaddent command. An example follows:

/usr/lib/nis/nisaddent -d -t table tabletype > filename

These files must have the same name as the files in the /etc directory that would contain the data. For example, the data from the hosts.org_dir file must be dumped into a file called hosts. They should all be placed in the same directory. The nistoldif command will have to be run once for each directory containing some of the files.

Migration from hierarchical domains must be handled differently. The administrator must be careful to get the correct maps from each subdomain. A non-root master server by default takes its data from the domain of which it is a member, not the domain it is serving. For example, if lilac belonged to domain wiz.com and was the master server for subdomain1.wiz.com, lilac would take data from wiz.com. The nistoldif command must be run for each set of data.

For example, to move the domain wiz.com with subdomains subdomain1.wiz.com and subdomain2.wiz.com, the nistoldif command would have to be run three times, once for each set of data. In this case, the administrator may also want to use the LDIF option and check the data before uploading it to the server. If the server was set up to use cn=aixdata as the suffix, the procedure would then be as follows:

nistoldif -f /wizdatapath -d "cn=aixdata" > out.ldif

nistoldif -f /sub1datapath -d "cn=aixdata" >> out.ldif

nistoldif -f /sub2datapath -d "cn=aixdata" >> out.ldif

Add the data in out.ldif to the server after reviewing it.

For more information, see the nisaddent and nistoldif command descriptions in AIX 5L Version 5.2 Commands Reference.

Client Setup

The server must be set up before the client. Client setup depends on the migrated data being on the server.

Once the data has been migrated to the server, each client must be set up using the mksecldap command.

mksecldap -c -a cn=admin -p adminpwd -h server1.ibm.com

This sets up the local system to use the LDAP server on server1.ibm.com.

See the mksecldap command description in AIX 5L Version 5.2 Commands Reference for more details.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]