attradmin(1Mbnu)


attradmin -- attribute map database administration

Synopsis

attradmin [-A attr_name [-l local_attr]]
attradmin -A attr_name -a -r remote_attr -l local_attr
attradmin -A attr_name -d [-r remote_attr] -l local_attr
attradmin -A attr_name -I attr_descr
attradmin -A attr_name [-Dcf]

Description

The attradmin command allows an administrator to display and update attribute mapping database entries. Attribute mapping databases are used by attrmap(3iac) to map remote attributes into local ones.

Options

The options to attradmin have the following meanings:

-A attr_name
Specify the name of the attribute.

-l local_attr
Specify the local value of the attribute into which the remote attribute value maps.

-a
Add an entry to a map. The attribute name and the local and remote attribute values must be specified.

-r remote_attr
Specify the value of the attribute on the remote machine.

-d
Delete entries from a map. The attribute map filename and the local attribute value must be specified. Use of the remote attribute value is optional. If only the local attribute value is specified, all entries mapping to that local attribute value are deleted. If the remote attribute value is also specified, only a particular map entry is deleted.

-I attr_descr
Install a new attribute map. A remote attribute value format descriptor attr_descr must be specified for the new attribute. The format descriptor is a string that describes the format of remote_attr; it includes field numbers, the letter ``M'' to indicate the field is mandatory, and field separators.

-D
Delete an attribute map file. The attribute map filename must be specified.

-c
Check consistency of a map file. The attribute map filename must be specified.

-f
Fix an inconsistent attribute map file. The attribute map filename must be specified.

Files

/etc/idmap/attrmap/attr_name.map
map file for attribute attr_name

/var/adm/log/idmap.log
log file

Usage

All update operations are logged (whether successful or not) in the file /var/adm/log/idmap.log.

When no options are specified, attradmin lists the names of all installed attribute map files on the system. If an attribute map filename is specified, attradmin lists all entries in the map file. If an attribute map filename and a local attribute value are specified, attradmin lists all file entries that map to the specified local attribute value.

Transparent mapping may be achieved by using a regular expression including the metacharacters *, [ and ] in remote_attr, and a field specifier in local_attr. A field specifier % followed by a field number can be entered for local_attr to indicate that the value of local_attr is the same as the value in the specified field of remote_attr. If %i is entered for local_attr, attempts by attrmap to map remote_attr will fail.

When attrmap searches for a remote_attr, it sequentially scans the attribute map file. Therefore, the ordering of remote attributes in this file is critical.

Remote attributes are sorted on the highest numbered field first. Entries with explicit values in this field appear first in the file. Entries which include regular expressions in this field are sorted from the most specific to the least specific based on the position of the metacharacters in the pattern. The more to the left the metacharacter is in the pattern, the less specific the pattern is. For example, s* is less specific than sf*. Regular expressions containing square brackets are considered more specific than expressions with asterisks and therefore come first in the file.

If two or more entries have patterns which are equally specific, the specificity of the next lower numbered field is examined. Fields are examined from highest to lowest until the remote attributes can be differentiated.

Examples

The following command installs a new attribute map that maps GIDs:

attradmin -A GID -I M2:M1

In any format descriptor, the field numbers indicate the order of significance of the fields, where higher numbered fields contain entities of greater significance to the network. In the format descriptor M2:M1, the first field contains the remote machine name. M1 contains the value of the remote attribute. When a machine name is specified, it precedes the attribute value, and the fields are separated by a colon.

The following command line adds an entry to the GID database that maps any user on the remote machine macha into the local system with the same GID. %1 indicates that the value of local_attr is the same as the value in the remote_attr field that has 1 as its field number:

attradmin -A GID -a -r "macha:*" -l %1

The following command line adds an entry to the GID database that maps all GIDs from 100 to 119 on macha to GID 1 on the local system:

attradmin -A GID -a -r "macha:1[01][0-9]" -l 1

The attradmin command will ensure that the second entry is found first in the map file, no matter which of the above two entries was actually added first.

References

attrmap(3iac), idadmin(1Mbnu), namemap(3iac), uidadmin(1bnu)
30 January 1998
© 1998 The Santa Cruz Operation, Inc. All rights reserved.