On Tue, Dec 27, 2011 at 09:06:22AM -0500, Boris Epstein wrote: > How do I control which NIS maps FreeIPA makes available? Specifically > I may need passwd.byname.
The the set of maps that the NIS service provides is controlled by the entries listed under the directory server's configuration entry for the plugin (cn=NIS Server, cn=plugins, cn=config), and they're typically named "nis-domain=$DOMAIN+nis-map=$MAP". To remove a map (or a whole domain), you can remove the entries, either by stopping the directory server and editing its dse.ldif file directly, or by using the 'ldapdelete' command, like so: ldapdelete -H ldaps://ipa.example.com -D 'cn=Directory Manager' -x \ "nis-domain=$DOMAIN+nis-map=$MAP,cn=NIS Server,cn=plugins,cn=config" To add a map, you'd create an entry for the map and define how the NIS server plugin will massage the contents of directory server entries to create entries in the map -- there are predefined defaults for a number of maps, so you don't often need to do that, but it's there's more to it than I can fully describe here. The documentation in the slapi-nis package should cover it in depth, though. > Also, how do I control what sort of encryption it uses for passwords? I'm assuming you're referring to how user passwords are hashed. The directory server component uses the value of the "passwordStorageScheme" attribute in the "cn=config" entry to control how it hashes passwords. The default should be "SSHA" if it's not set, but I'm guessing you'll want to try "CRYPT" (without quotes). It won't affect any passwords that have already been set, but it should affect passwords changes made in the future. HTH, Nalin _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users