LDAP Attribute Mapping File Format
Purpose
Defines AIX® to LDAP attribute name mapping to support configurable LDAP server schema.
Description
AIX_Attribute_Name AIX_Attribute_Type LDAP_Attribute_Name LDAP_Value_Type LDAP_Value_Unit| Item | Description |
|---|---|
| AIX_Attribute_Name | Specifies the AIX attribute name. |
| AIX_Attribute_Type | Specifies the AIX attribute type. Values are SEC_CHAR, SEC_INT, SEC_LIST, and SEC_BOOL. |
| LDAP_Attribute_Name | Specifies the LDAP attribute name. |
| LDAP_Value_Type | Specifies the LDAP value type. Values are s for single value and m for multi-value. |
| LDAP_Value_Unit | Specifies the LDAP value unit for some attributes. The following values are available for the
maxage, minage, maxexpires, and the pwdwarntime attributes:
The following values are available for the cpu, cpu_hard, fsize,
fsize_hard, rss, rss_hard, stack, and the stack_hard attributes:
The following values are available for the lastupdate attribute:
Note: The attributes of Microsoft Active Directory Server, such as
pwdLastSet,
store values only in the UTC unit, that is,these attribute values of the Microsoft Active Directory
Server do not support any other units.For all of the other attributes, the value is N/A. If no unit mapping is required, the values are also N/A. |
| TO_BE_CACHED | Specifies whether this attribute is to be cached. Valid values are yes and no. Default is yes. |
Files
AIX includes the following sets of attribute mapping files in the /etc/security/ldap directory:
| Item | Description |
|---|---|
| aixuser.map | Specifies the mapping for the aixAccount object class. |
| aixgroup.map | Specifies the mapping for the aixAccessGroup object class. |
| aixid.map | Specifies the mapping for the aixAdmin object class. |
| Item | Description |
|---|---|
| 2307user.map | Specifies the mapping for the posixAccount object class. |
| 2307group.map | Specifies the mapping for the posixGroup object class. |
| Item | Description |
|---|---|
| 2307aixuser.map | Specifies the mapping for the posixAccount object class and the aixAuxAccount object class. |
| 2307aixgroup.map | Specifies the mapping for the posixGroup object class and the aixAuxGroup object class. |
| Item | Description |
|---|---|
| sfu30user.map | Specifies the mapping for the user object class. |
| sfu30group.map | Specifies the mapping for the group object class. |
| Item | Description |
|---|---|
| sfur2user.map | Specifies the mapping for the user object class. |
| sfur2group.map | Specifies the mapping for the group object class. |
The mksecldap command, at LDAP client configuration, will automatically figure out the server type and select the corresponding mapping files to use. If an LDAP server uses schema that is not included in these mapping files under the /etc/security/ldap directory, you must configure the LDAP client manually by creating your own mapping sets and edit the /etc/security/ldap.cfg file to use your mapping files.
The user and group maps might contain an entry that is used to designate the required object class that each user or group must have. This object class will be used in the filter for searches performed on user or group entries. As an example, listed below are the default entries for the keyobjectclass in the aix2307user.map and aix2307group.map files.
aix2307user.map:
keyobjectclass SEC_CHAR posixgroup s na yes
aix2307group.map:
keyobjectclass SEC_CHAR posixaccount s na yesThe aixid.map contains attribute mappings for user and group IDs. The IDs are used when one creates a new LDAP user/group with the mkuser or mkgroup command.