nisldapd is a software daemon written in C for *nix systems that, given a properly configured ypserv, slapd and syslog environment, can provide user and group information via NIS/YP which is published in an LDAP datastore. The daemon sleep()'s on a timer, and runs only if there have been changes made to the LDAP datastore that are relevant to NIS/YP. It does not modify LDAP in any way. It works really well in my environment, so if you are either successful or not, I would like to hear about it. You can email me here.
News04/10/2004: nisldapd should now compile on Solaris, as the BSD 4.4 daemon() function has been implemented internally. Fixed a problem with a file descriptor that was not being closed, eventually running out of available fd's and shutting down the service. Implemented support for idmaps and removed a couple of unneeded config variables. Significant code cleanup. Released as Version 0.1.2. This is the version you want to use.
05/09/2004: Fixed a problem with passwd/group entry deletes (they didn't happen), as well as a problem with gecos and homeDirectory attributes getting transposed. Repackaged and released as nisldapd Version 0.1.1.
05/09/2004: Documentation updates, repackaged and re-released as Version 0.1.
04/09/2004: nisldapd Version 0.1 Released.
/usr/local/bin/nisldapd/nisldapd [options]
Where [options] are some combination of:
-o oneshot mode. This option will generate 2 files in your CWD, passwd.oneshot and group.oneshot, from your LDAP datastore, and exit. This can be useful for testing, or just to generate a one-time passwd or group file.
-f [file path] nisldapd by default looks to /etc/nisldapd.conf for configuration information. To change this behavior, use the -f command line option.
-v verbose logging. This is more like debug logging, useful when stepping through the code, otherwise it's probably too much noise.
-h help. Display the command line options available (what your reading now) and exit.
I built and run this software on Linux, Fedora Core 1. Besides the password file format, I had it working with OpenBSD 3.2.
linklist-1.1.0.tar.gz. nisldapd's Makefile looks for it in /usr/local/include and /usr/local/lib.
A working ypserv installation running on the machine that you want to run nisldapd on.
ypserv needs to be configured so that it can find it's passwd and group files in a location other than /etc.
To do that, I modified my ypserv's Makefile, which was located at /var/yp/Makefile, and changed the YPPWDDIR parameter from
YPPWDDIR = /etc
to
YPPWDDIR = /var/yp/ypfiles/etc
NOTE: nisldapd.conf has a parameter, etcFilesBasePath, which needs to be set to the same path.
OpenLDAP Client Libraries. nisldapd's Makefile looks for them in /usr/local/include and /usr/local/lib.
A working LDAP server installation, but it can be running on any IP-reachable system. I used OpenLDAP.
LDAP version 2 binds must be enabled for now.
This is why SSL/TLS is not yet supported, and why it is recommended to run a replica of your LDAP server on the same host running nisldapd.
Newer versions of OpenLDAP do not allow version 2 binds by default.
To enable them in OpenLDAP, you need to modify slapd.conf, adding the following:
allow bind_v2
and restart the service.
syslogd must be configured to log messages produced from the LDAP server. By default, OpenLDAP logs to the syslog facility local4.
I modified /etc/syslog.conf as follows:
local4.* /var/log/openldap.mods.log
and restarted the service
NOTE: nisldapd.conf has a parameter, ldapReplog, which needs to be set to the same path.
NOTE: nisldapd prunes the file pointed to by ldapReplog.
If you are also logging LDAP to syslog for accounting or troubleshooting, you likely want to add another file for local4.* to write to.
nisldapd does not export LDAP-based userPassword values.
If you want to use nisldapd and network password authentication, you can't use NIS for the password authentication part.
Not without a little programming effort anyway. Very little actually, the majority of the code is either commented out or exists in other (nowhere near usable/complete) bits of code I could make available.
I use Radius with an LDAP backend (freeradius) for network authentication on my BSD systems and LDAP for my Linux systems.
Get a copy of linklist-1.1.0.tar.gz from here, or use the one included with this distribution.
It is released under the Artistic License.
Install as follows:
#tar -zxvf linklist-1.1.0.tar.gz
#cd linklist-1.1.0
#make
This should create a shared library for linklist-1.1.0 in /usr/local/lib and headers in /usr/local/include.
Configure ypserv as described in REQUIREMENTS.
Configure OpenLDAP as described in REQUIREMENTS.
Configure syslogd as described in REQUIREMENTS.
In the base nisldapd/ directory, run the following:
#make
#make install
NOTE: make clean will remove object files and such.
This should leave you with a working nisldapd installation in /usr/local/bin/nisldapd/.
Startup and shutdown scripts are installed at /usr/local/bin/nisldapdstart.sh and /usr/local/bin/nisldapdstop.sh.
I added /usr/local/bin/nisldapdstart.sh to /etc/rc.local to get nisldapd to start at system boot time.
If you have any questions, problems or suggestions, please drop me an email at j0j0 at riod dot ca.
None yet in 0.1.2!
nisldapd-0.1.2.tar.gzCURRENT
nisldapd-0.1.tar.gzLDAP V3 binds (allowing TLS/SSL binds)
Better signal handling