Commands Reference, Volume 4

nistoldif Command

Purpose

Migrate user, group, name resolution, and rpc data to rfc 2307-compliant form.

Syntax

nistoldif -d Suffix [ -a BindDN -h Host -p Password [-n Port ] ] [ -f Directory ] [ -y domain ] [ -S Schema ] [ -k KeyPath -w SSLPassword ] [ -s Maps ]

Description

The nistoldif command converts the data from passwd, group, hosts, services, protocols, rpc, networks, and netgroup into forms compliant with rfc2307. It will first attempt to read data from NIS, and if it cannot find a NIS map it will fall back to the flat files.

If the server information (the -a, -h, and -p flags) is given on the command line, data will be written directly to the server. If any data conflicts with an entry already on the server, either because the entry already exists, or because the uid or gid already exists, a warning will be printed. If the server information is not given, the data will be written to stdout in LDIF. In either case, nistoldif does not add an entry for the suffix itself; if that entry does not exist, attempts to add data to the server will fail. This entry will be added during server setup, usually by the mksecldap command.

Translation is not exact. Because of the limitations of the rfc2307 definitions, some attributes are defined in a case-insensitive way; for example, TCP, Tcp, and tcp are all the same protcol name to the LDAP server. Uids and gids greater than 2^31-1 will be translated to their negative twos complement equivalent for storage.

Flags

-a	Specifies the administrative bind DN used to connect to the LDAP server. If this flag is used, -h and -p must also be used, and data will be written directly to the LDAP server.
-d	Specifies the suffix that the data should be added under.
-f	Specifies the directory to look for flat files in. If this flag is not used, nistoldif will look for flat files in /etc.
-h	Specifies the host name which is running the LDAP server. If this flag is used, -a and -p must also be used, and data will be written directly to the LDAP server.
-k	Specifies the SSL key path. If this flag is used, -w must also be used.
-n	Specifies the port to connect to the LDAP server on. If this flag is used, -a, -h and -p must also be used; if it is not used, the default LDAP port is used.
-p	Specifies the password used to connect to the LDAP server. If this flag is used, -a and -h must also be used, and data will be written directly to the LDAP server.
-s	Specifies a set of maps to be written to the server. This flag should be followed by a list of letters representing the maps that should be migrated. If this flag is not used, all maps will be migrated. The letters are: e for netgroup, g for group, h for hosts, n for networks, p for protocols, r for rpc, s for services, and u for passwd.
-S	Specifies the LDAP schema to use for users and groups. This can be either RFC2307 or RFC2307AIX; RFC2307AIX gives extended AIX schema support. If this flag is not used, RFC2307 is the default.
-w	Specifies the SSL password. If this flag is used, -k must also be used.
-y	Specifies the NIS domain to read maps from. If this flag is not used, the default domain will be used.

Exit Status

This command returns the following exit values:

0: No errors occured. Note that failure to find a map is not considered an error.
>0: An error occurred.

Security

Access Control: Only the root user can run this command.

Examples

To migrate the NIS maps from the domain austin.ibm.com (falling back to the flat files in /tmp/etc) to LDIF under the suffix cn=aixdata, type:
```
nistoldif -d cn=aixdata -y austin.ibm.com -f /tmp/etc > ldif.out
```
To migrate the hosts and services maps from the default domain (falling back to the flat files in /etc) to the LDAP server ldap.austin.ibm.com with administrator bind DNcn=root and password secret under the suffix cn=aixdata, type:
```
nistoldif -d cn=aixdata -h ldap.austin.ibm.com -a cn=root -p secret -s hs
```

Files

/usr/sbin/nistoldif

Contains the nistoldif command.

Related Information

The mksecldap command.