[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Files Reference

LDAP Attribute Mapping File Format


Defines AIX to LDAP attribute name mapping to support configurable LDAP server schema.


These map files are used by the /usr/lib/security/LDAP module and the secldapclntd daemon for translation between AIX attribute names to LDAP attribute names. Each entry in a mapping file represents a translation for an attribute. A entry has four space seperated fields:

AIX_Attribute_Name AIX_Attribute_Type LDAP_Attribute_Name LDAP_Value_Type
AIX_Attribute_Name Specifies the AIX attribute name.
AIX_Attribute_Type Specifies the AIX attribute type. Values are SEC_CHAR, SEC_INT, SEC_LIST, and SEC_BOOL.
LDAP_Attribute_Name Specifies the LDAP attribute name.
LDAP_Value_Type Specifies the LDAP value type. Values are s for single value and m for multi-value.


AIX ships 3 sets of attribute mapping files to the /etc/security/ldap directory. The first set includes aixuser.map, aixgroup.map, and aixid.map. This set is for use with the AIX specific schema (aixAccount and aixAccessGroup object classes). The second set includes 2307user.map and 2307group.map, and is for use with the nisSchema (posixAccount and posixGroup object classes defined in RFC 2307). The third set includes aix2307user.map and aix2307group.map, and is for use with nisSchema with full AIX support (posixAccount and posixGroup object classes, plus aixAuxAccount and aixAuxGroup object classes).

aixuser.map Specifies mapping for the aixAccount objectclass.
aixgroup.map Specifies mapping for the aixAccessGroup objectclass.
aixid.map Specifies mapping for the aixAdmin objectclass.
2307user.map Specifies mapping for the posixAccount objectclass.
2307group.map Specifies mapping for the posixGroup objectclass.
aix2307user.map Specifies mapping for the posixAccount and aixAuxAccount object-classes.
aix2307group.map Specifies mapping for the posixGroup and aixAuxGroup objectclasses.

The aixid.map contains attribute mappings for user and group IDs. The IDs are used when one creates a new LDAP user/group with the mkuser or mkgroup command.

If an LDAP server uses schema which is not covered by the above 3 sets, you must come up with your own map set. In this case, you must edit the /etc/security/ldap.cfg file to configure the client manually.

Related Information

The mksecldap command and secldapclntd daemon.

The start-secldapclntd, stop-secldapclntd, restart-secldapclntd, ls-secldapclntd and flush-secldapclntd commands.

The /etc/security/ldap/ldap.cfg file.

LDAP Exploitation of the Security Subsystem in AIX 5L Version 5.2 System Management Concepts: Operating System and Devices.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]