Classnotes | LDAP01 | RecentChanges | Preferences There have been a number of recent RFCs which define approaches for using LDAP as a Network Information Service. The most prevalent is RFC 2307, which, while considered "experimental", is the most widely supported Schema across LDAP implimentations. RFC 2307 defines a mapping between various network information items and an appropriate attribute or objectClass in LDAP.
The schemas we require for this mapping are nis.schema and cosine.schema, so we must be sure to add them to our slapd.conf file:
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
RFC 2307 defines an objectClass known as posixAccount. It is this objectClass that specifies what entries are needed in identifying a user or users. Figure 6-3 on page 105 details the mappings of this object class between it and the /etc/passwd file. (Note, although implied in the figure, the encrypted password does, in fact, come from the shadow file, if enabled, on the system.)
Once we have decided upon this schema, it would help to provide indexes to support calls to getpwuid(), getpwnam() and getgrgid() (which are commonly used calls in many programs):
# Better support *NIX APIs
index cn,uid eq
index uidNumber eq
index gidNumber eq
