[Freeipa-users] NIS maps via FreeIPA
Nalin Dahyabhai
nalin at redhat.com
Wed Jan 4 21:13:26 UTC 2012
On Tue, Dec 27, 2011 at 09:06:22AM -0500, Boris Epstein wrote:
> How do I control which NIS maps FreeIPA makes available? Specifically
> I may need passwd.byname.
The the set of maps that the NIS service provides is controlled by the
entries listed under the directory server's configuration entry for the
plugin (cn=NIS Server, cn=plugins, cn=config), and they're typically
named "nis-domain=$DOMAIN+nis-map=$MAP".
To remove a map (or a whole domain), you can remove the entries, either
by stopping the directory server and editing its dse.ldif file directly,
or by using the 'ldapdelete' command, like so:
ldapdelete -H ldaps://ipa.example.com -D 'cn=Directory Manager' -x \
"nis-domain=$DOMAIN+nis-map=$MAP,cn=NIS Server,cn=plugins,cn=config"
To add a map, you'd create an entry for the map and define how the NIS
server plugin will massage the contents of directory server entries to
create entries in the map -- there are predefined defaults for a number
of maps, so you don't often need to do that, but it's there's more to it
than I can fully describe here. The documentation in the slapi-nis
package should cover it in depth, though.
> Also, how do I control what sort of encryption it uses for passwords?
I'm assuming you're referring to how user passwords are hashed. The
directory server component uses the value of the "passwordStorageScheme"
attribute in the "cn=config" entry to control how it hashes passwords.
The default should be "SSHA" if it's not set, but I'm guessing you'll
want to try "CRYPT" (without quotes). It won't affect any passwords
that have already been set, but it should affect passwords changes made
in the future.
HTH,
Nalin
More information about the Freeipa-users
mailing list