ypAnything

ypAnything is an NIS gateway to non NIS sources, such as an LDAP server or a database. It's intended use is to allow platforms without adequate PAM and NSS support to authenticate to a unified directory service.

ypAnything's intended platform is a Linux box using GNU development tools. It runs successfully on AIX and Solaris with a few tweaks. The source code is small and generic so porting it to new environments should be a simple task.

The distribution tar file contains the following:

Unpack the distribution TAR file into the desired directory.

ypAnything comes with a precompiled executible. Should this executible not work and you need to recompile ypAnything, you will need gcc, flex, and bison installed on your server.

To compile ypAnything go to the src directory and run the 'make' command. If it is successful, the binary 'ypanything' will be built in the parent directory.

Before testing, make sure that that you are not currently running ypbind or ypserv. Also make sure that you *are* running portmapper. Then follow the following shell session as root (NOTE: This example was run on a Redhat box. If you are running a different distribution then the procedures may vary slightly):

[root@test-box ypanything-1.1]# cd /usr/local

[root@test-box ypanything-1.1]# tar -xzf ypanything-1.1.tgz

[root@test-box ypanything-1.1]# cd ypanything-1.1

[root@test-box ypanything-1.1]# domainname "test.domain1"

[root@test-box ypanything-1.1]# ./ypanything -d -f ./basic.conf

ypAnything version 1.1, Copyright (C) 2004 Jeff McElroy jmcelroy11@sio.midco.net
ypAnything comes with ABSOLUTELY NO WARRANTY; for details see the file
'COPYING'. This is free software, and you are welcome to redistribute
it under certain conditions; see the file 'COPYING' for details.

[root@test-box ypanything-1.1]# /etc/rc.d/init.d/ypbind start
Binding to the NIS domain...                               [  OK  ]
Listening for an NIS domain server: test-box.radux.com

[root@test-box ypanything-1.1]# finger ypanything

Login: ypuser1                          Name: ypanything test user1
Directory: /tmp                         Shell: /bin/bash
Never logged in.
No mail.
No Plan.

Login: ypuser2                          Name: ypanything test user2
Directory: /tmp                         Shell: /bin/bash
Never logged in.
No mail.
No Plan.

[root@test-box ypanything-1.1]# /etc/rc.d/init.d/ypbind stop

Shutting down NIS services:                                [  OK  ]

[root@test-box ypanything-1.1]# killall ypanything

[root@test-box ypanything-1.1]# domainname ""

When ypAnything starts, it reads the configuration file given with the '-f' argument. This configuration file specifies what domains ypAnything should handle; what maps are contained in each domain; and how the data for those maps should be gathered.

In our example, basic.conf specifies that ypAnything should handle two NIS domains: 'test.domain1' and 'test.domain2'.

Lets take a closer look at the NIS domain 'test.domain1'. This domain consists of four NIS maps: passwd.byname, passwd.byuid, group.byname, and group.bygid. The first two maps are configured in the the stanza:

map "passwd" {
        script        "./basic.passwd.sh"  # script to run.

        refresh       30                   # delay in seconds
                                           # between refreshes.

        memblock_size 8192                 # internal settings
        ioblock_size  4096

        deliminator   ":"                  # field deliminator

        index "byname" {                   # the login is the first
                field 1                    #  field in passwd
        }
        index "byuid" {                    # the userid is the third
                field 3                    #  field in passwd
        }
}

This stanza states that every 30 seconds the script ./basic.passwd.sh should be run. The output of this script is in the same format as the file /etc/passwd. It is split into fields using a ':' (colon) as the delimator. The output is stored in memory and indexed by name (field 1) and by uid (field 3). When a lookup occurs on the NIS map passwd.byname, the first field is searched. If a lookup on the NIS map passwd.byuid is occurs then the third field is searched.

The NIS maps group.byname and group.bygid are handled in the same manner as the passwd maps.

The first step in configuring ypAnything is to write a script for each NIS map you wish to support. The output of these tables should closely resemble the UNIX configuration file that corrosponds to the NIS maps.

After you are satisfied with your scripts, edit the configuration file appropriately to periodically call your scripts. Rather than starting from scratch, Follow the examples given in basic.conf and ldap.conf.

If you write NIS support for a new source. Please submit it to jmcelroy11@sio.midco.net so That it can added to the distribution. You will get full credit for this and become famous.