Adding Users and Hosts to an Existing Trusted Network
If you have users who are defined in NIS maps, you can
add them to your network.
To add hosts and labels to hosts, see the following procedures:
Add an NIS User to the LDAP Server
Before You Begin
You must be superuser, in the root role, or in the Primary Administrator
role.
- From the NIS database, gather the information that you need.
- Create a file from the user's entry in the aliases database.
% ypcat -k aliases | grep login-name > aliases.name
- Create a file from the user's entry in the passwd database.
% ypcat -k passwd | grep "Full Name" > passwd.name
- Create a file from the user's entry in the auto_home_ database.
% ypcat -k auto_home | grep login-name > auto_home_label
- Reformat the information for LDAP and Trusted Extensions.
- Use the sed command to reformat the aliases entry.
% sed 's/ /:/g' aliases.login-name > aliases
- Use the nawk command to reformat the passwd entry.
% nawk -F: '{print $1":x:"$3":"$4":"$5":"$6":"$7}' passwd.name > passwd
- Use the nawk command to create a shadow entry.
% nawk -F: '{print $1":"$2":6445::::::"}' passwd.name > shadow
- Use the nawk command to create a user_attr entry.
% nawk -F: '{print $1"::::lock_after_retries=yes-or-no;profiles=user-profile, ...;
labelview=int-or-ext,show-or-hide;min_label=min-label;
clearance=max-label;type=normal;roles=role-name,...;
auths=auth-name,..."}' passwd.name > user_attr
- Copy the modified files to the /tmp directory on the LDAP server.
# cp aliases auto_home_internal passwd shadow user_attr /tmp/name
- Add the entries in the files in Step 3 to the databases on
the LDAP server.
# /usr/sbin/ldapaddent -D "cn=directory manager" -w DM-password \
-a simple -f /tmp/name/aliases aliases
# /usr/sbin/ldapaddent -D "cn=directory manager" -w DM-password \
-a simple -f /tmp/name/auto_home_internal auto_home_internal
# /usr/sbin/ldapaddent -D "cn=directory manager" -w DM-password \
-a simple -f /tmp/name/passwd passwd
# /usr/sbin/ldapaddent -D "cn=directory manager" -w DM-password \
-a simple -f /tmp/name/shadow shadow
# /usr/sbin/ldapaddent -D "cn=directory manager" -w DM-password \
-a simple -f /tmp/name/user_attr user_attr
Example 4-6 Adding a User From an NIS Database to the LDAP Server
In the following example, the administrator adds a new user to the
trusted network. The user's information is stored originally in an NIS database. To protect
the LDAP server password, the administrator runs the ldapaddent commands on the server.
In Trusted Extensions, the new user can allocate devices and assume the Operator
role. Because the user can assume a role, the user account does
not get locked out. The user's minimum label is PUBLIC. The label at which
the user works is INTERNAL, so jan is added to the auto_home_internal database.
The auto_home_internal database automounts jan's home directory with read-write permissions .
On the LDAP server, the administrator extracts user information from NIS databases.
# ypcat -k aliases | grep jan.doe > aliases.jan
# ypcat passwd | grep "Jan Doe" > passwd.jan
# ypcat -k auto_home | grep jan.doe > auto_home_internal
Then, the administrator reformats the entries for LDAP.
# sed 's/ /:/g' aliases.jan > aliases
# nawk -F: '{print $1":x:"$3":"$4":"$5":"$6":"$7}' passwd.jan > passwd
# nawk -F: '{print $1":"$2":6445::::::"}' passwd.jan > shadow
Then, the administrator creates a user_attr entry for Trusted Extensions.
# nawk -F: '{print $1"::::lock_after_retries=no;profiles=Media User;
labelview=internal,showsl;min_label=0x0002-08-08;
clearance=0x0004-08-78;type=normal;roles=oper;
auths=solaris.device.allocate"}' passwd.jan > user_attr
Then, the administrator copies the files to the /tmp/jan directory.
# cp aliases auto_home_internal passwd shadow user_attr /tmp/jan
Finally, the administrator populates the server with the files in the /tmp/jan directory.
# /usr/sbin/ldapaddent -D "cn=directory manager" -w a2b3c4d5e6 \
-a simple -f /tmp/jan/aliases aliases
# /usr/sbin/ldapaddent -D "cn=directory manager" -w a2b3c4d5e6 \
-a simple -f /tmp/jan/auto_home_internal auto_home_internal
# /usr/sbin/ldapaddent -D "cn=directory manager" -w a2b3c4d5e6 \
-a simple -f /tmp/jan/passwd passwd
# /usr/sbin/ldapaddent -D "cn=directory manager" -w a2b3c4d5e6 \
-a simple -f /tmp/jan/shadow shadow
# /usr/sbin/ldapaddent -D "cn=directory manager" -w a2b3c4d5e6 \
-a simple -f /tmp/jan/user_attr user_attr