Exports user, group, name resolution, and rpc data to rfc 2307-compliant form.
nistoldif -d Suffix [ -a BindDN -h Host -p Password [-n Port ] ] [ -f Directory ] [ -y domain ] [ -S Schema ] [ -k KeyPath -w SSLPassword ] [ -s Maps ] [ -m ldap_mapname ]
The nistoldif command converts the data from passwd, group, hosts, services, protocols, rpc, networks, netgroup, and automount into forms compliant with rfc2307. It will first attempt to read data from NIS, and if it cannot find a NIS map it will fall back to the flat files.
If the server information (the -a, -h, and -p flags) is given on the command line, data will be written directly to the server. If any data conflicts with an entry already on the server, either because the entry already exists, or because the uid or gid already exists, a warning will be printed. If the server information is not given, the data will be written to stdout in LDIF. In either case, nistoldif does not add an entry for the suffix itself; if that entry does not exist, attempts to add data to the server will fail. This entry will be added during server setup, usually by the mksecldap command.
Translation is not exact. Because of the limitations of the rfc2307 definitions, some attributes are defined in a case-insensitive way; for example, TCP, Tcp, and tcp are all the same protcol name to the LDAP server. Uids and gids greater than 2^31-1 will be translated to their negative twos complement equivalent for storage.
The nistoldif command reads the /etc/security/ldap/sectoldif.cfg file to determine what to name the sub-trees that the passwd, group, hosts, services, protocols, rpc, networks and netgroup data will be exported to. The names specified in the file will be used to create sub-trees under the base DN specified with the -d flag. For more information, see the /etc/security/ldap/sectoldif.cfg file documentation.
Item | Description |
---|---|
-a | Specifies the administrative bind DN used to connect to the LDAP server. If this flag is used, -h and -p must also be used, and data will be written directly to the LDAP server. |
-d | Specifies the suffix that the data should be added under. |
-f | Specifies the directory to look for flat files in, or the name of the automount map file. If this flag is not used, nistoldif will look for files in /etc. This flag is required for automount maps. |
-h | Specifies the host name which is running the LDAP server. If this flag is used, -a and -p must also be used, and data will be written directly to the LDAP server. This flag will be ignored for automount data. |
-k | Specifies the SSL key path. If this flag is used, -w must also be used. |
-m | Specifies the automount map on the LDAP server. |
-n | Specifies the port to connect to the LDAP server on. If this flag is used, -a, -h and -p must also be used; if it is not used, the default LDAP port is used. |
-p | Specifies the password used to connect to the LDAP server. If this flag is used, -a and -h must also be used, and data will be written directly to the LDAP server. |
-s | Specifies a set of maps to be written to the server. This flag should be followed by a list of letters representing the maps that should be migrated. If this flag is not used, all maps will be migrated. The letters are: a for automount, e for netgroup, g for group, h for hosts, n for networks, p for protocols, r for rpc, s for services, and u for passwd. |
-S | Specifies the LDAP schema to use for users and groups. This can be either RFC2307 or RFC2307AIX; RFC2307AIX gives extended AIX® schema support. If this flag is not used, RFC2307 is the default. |
-w | Specifies the SSL password. If this flag is used, -k must also be used. |
-y | Specifies the NIS domain to read maps from. If this flag is not used, the default domain will be used. |
This command returns the following exit values:
Access Control: Only the root user can run this command.
nistoldif -d cn=aixdata -y austin.ibm.com -f /tmp/etc > ldif.out
nistoldif -d cn=aixdata -h ldap.austin.ibm.com -a cn=root -p secret -s hs
nistoldif -s a -f /etc/auto_master > ldif.out
# cat /tmp/del_user1.ldif
dn: automountKey=user1,automountMapName=auto_home,dc=austin,dc=ibm,dc=com
changetype: delete
Then run the following command: ldapmodify -f /tmp/del_user1.ldif
# cat /tmp/ch_user2.ldif
dn: automountKey=user2,automountMapName=auto_home,dc=austin,dc=ibm,dc=com
changetype: modify
replace: automountInformation
automountInformation: /home/user2
The run the following
command: ldapmodify -f /tmp/ch_user2.ldif
Item | Description |
---|---|
/usr/sbin/nistoldif | Contains the nistoldif command. |