attradmin(1M) attradmin(1M)
NAME
attradmin - attribute map database administration
SYNOPSIS
attradmin [-A attr_name [-l local_attr]]
attradmin -A attr_name -a -r remote_attr -l local_attr
attradmin -A attr_name -d [-r remote_attr] -l local_attr
attradmin -A attr_name -I attr_descr
attradmin -A attr_name [-Dcf]
DESCRIPTION
The attradmin command allows an administrator to display and
update attribute mapping database entries. Attribute mapping
databases are used by attrmap(3I) to map remote attributes
into local ones.
Files
/etc/idmap/attrmap/attr_name.map map file for
attribute attr_name
/var/adm/log/idmap.log log file
USAGE
All update operations are logged (whether successful or not)
in the file /var/adm/log/idmap.log.
The options to attradmin have the following meanings:
-A attr_name
Specify the name of the attribute.
-l local_attr
Specify the local value of the attribute into which
the remote attribute value maps.
-a Add an entry to a map. The attribute name and the
local and remote attribute values must be specified.
-r remote_attr
Specify the value of the attribute on the remote
machine.
-d Delete entries from a map. The attribute map
filename and the local attribute value must be
specified. Use of the remote attribute value is
optional. If only the local attribute value is
specified, all entries mapping to that local
Copyright 1994 Novell, Inc. Page 1
attradmin(1M) attradmin(1M)
attribute value are deleted. If the remote attribute
value is also specified, only a particular map entry
is deleted.
-I attr_descr
Install a new attribute map. A remote attribute
value format descriptor attr_descr must be specified
for the new attribute. The format descriptor is a
string that describes the format of remote_attr; it
includes field numbers, the letter M to indicate the
field is mandatory, and field separators.
-D Delete an attribute map file. The attribute map
filename must be specified.
-c Check consistency of a map file. The attribute map
filename must be specified.
-f Fix an inconsistent attribute map file. The
attribute map filename must be specified.
When no options are specified, attradmin lists the names of
all installed attribute map files on the system. If an
attribute map filename is specified, attradmin lists all
entries in the map file. If an attribute map filename and a
local attribute value are specified, attradmin lists all file
entries that map to the specified local attribute value.
Transparent mapping may be achieved by using a regular
expression including the metacharacters *, [, ] in remote_attr
and a field specifier in local_attr. A field specifier %
followed by a field number can be entered for local_attr to
indicate that the value of local_attr is the same as the value
in the specified field of remote_attr. If %i is entered for
local_attr, attempts by attrmap to map the remote_attr will
fail.
When attrmap searches for a remote_attr, it sequentially scans
the attribute map file. Therefore, the ordering of remote
attributes in this file is critical.
Remote attributes are sorted on the highest numbered field
first. Entries with explicit values in this field appear
first in the file. Entries which include regular expressions
in this field are sorted from the most specific to the least
specific based on the position of the metacharacters in the
Copyright 1994 Novell, Inc. Page 2
attradmin(1M) attradmin(1M)
pattern. The more to the left the metacharacter is in the
pattern, the less specific the pattern is. For example, s* is
less specific than sf*. Regular expressions containing
brackets, [], are considered more specific than expressions
with asterisks and therefore come first in the file.
If two or more entries have patterns which are equally
specific, the specificity of the next lower numbered field is
examined. Fields are examined from highest to lowest until
the remote attributes can be differentiated.
Examples
The following command line installs a new attribute map that
maps GIDs:
attradmin -A gid -I M2:M1
In any format descriptor, the field numbers indicate the order
of significance of the fields, where higher numbered fields
contain entities of greater significance on the network. In
the format descriptor M2:M1, the first field contains the
remote machine name. M1 contains the value of the remote
attribute. When a machine name is specified, it precedes the
attribute value, and the fields are separated by a colon.
The following command line adds an entry to the GID database
that maps any user on the remote machine macha into the local
system with the same GID. %1 indicates that the value of
local_attr is the same as the value in the remote_attr field
that has 1 as its field number:
attradmin -A gid -a -r "macha:*" -l %1
The following command line adds an entry to the GID database
that maps all GIDs from 100 to 119 on macha to GID 1 on the
local system:
attradmin -A gid -a -r "macha:1[01][0-9]" -l 1
The attradmin command will insure that the second entry is
found first in the map file, no matter which of the above two
entries was actually added first.
REFERENCES
attrmap(3I), idadmin(1M), namemap(3I), uidadmin(1)
Copyright 1994 Novell, Inc. Page 3