Valid on UNIX
The sebuildla utility creates a lookaside database for use by the CA ControlMinder daemon, seosd. The seosd daemon uses the database to translate UNIX UIDs to user names, GIDs to group names, host IP addresses to host names, and service ports to port names. The database contains only the number to name translation. sebuildla also lets you add information from the LDAP Directory Information Tree (DIT) to the user lookaside database.
Important! To set up sebuildla and the required LDAP configuration settings you must to be familiar with LDAP and be able to execute the ldapsearch command. We recommend that you read the man pages for ldap(1), ldapsearch(1) and the information about setting up in the documentation for your LDAP client. Also, before you use sebuildla to build the lookaside databases, specify the full path of the lookaside database, in the lookaside_path configuration setting.
The first time you build the lookaside database, use the following command:
sebuildla ‑a
This creates all of its components. Single files of the database can be updated later by using the relevant switches.
If you installed CA ControlMinder on a NIS, NIS+, or DNS server, you should place calls to the sebuildla utility in the related makefiles.
Note: By default, the lookaside database files (groupdb.la, hostdb.la, servdb.la, and userdb.la) are protected against all user access other than access with the sebuildla program.
The sebuildla utility scans the resolution mechanisms in the system, such as /etc files and NIS, to build the lookaside databases.
Note: For CA ControlMinder to resolve host names to fully qualified names, the resolv.conf file must have either the domain or search configuration option defined. For more information about the resolv.conf file, see the man pages for this file.
For example, if the /etc/nsswitch.conf file contains the following line for hosts, information is retrieved from the local machine's files first (/etc/hosts); it then retrieves information from the DNS and then the NIS:
hosts: files dns nis
If the file contains the following line instead, information is retrieved only from your local machine's files. The look aside database will contain only the hosts that are in /etc/hosts:
hosts: files
Note: If a host has a fully qualified name, sebuildla uses it.
Variations in machine configuration may cause instances where sebuildla does not list all the names of a local environment. In this case, you can use sebuildla to load all the required entries from a list file. To do this, create a list file with each object name on a separate line. The utility reads this list file and ensures that all the objects in the list file are added to the relevant lookaside database if necessary. sebuildla ignores duplicate objects.
The following table lists the files sebuildla uses to build each lookaside database.
|
Objects in |
Are added to the |
|---|---|
|
ACInstallDir/ladb/userlist |
users lookaside database |
|
ACInstallDir/ladb/grouplist |
groups lookaside database |
|
ACInstallDir/ladb/hostlist |
hosts lookaside database |
|
ACInstallDir/ladb/servlist |
services lookaside database |
In the format of the files in the ACInstallDir/ladb directory:
You can use dbmgr -dump -r to create the list files. For example, to create a list of the hosts defined in class HOST in the local database, enter:
dbmgr -dump ‑r l HOST > /opt/CA/AccessControl/ladb/hostlist
The ‑l switch makes a single request from DNS for a list of all hosts in the default domain, instead of querying the DNS server for the FQDN of each host entry as it is obtained. The fast load option is effectual only if DNS is installed. Only host names in the default domain are made fully qualified. Fully qualified names are left as such. Host names scanned from the system mechanism that are not fully qualified, and are not found in the default domain, are left unqualified. Host names loaded from the hostlist file that are not fully qualified are discarded.
This command has the following format:
sebuildla switch [options]
Specifies the mode of operation for the utility. Can be one of the following:
Creates all the lookaside database files.
Creates a hosts lookaside database file excluding the DNS.
Creates a groups lookaside database file.
Creates a hosts lookaside database file with the DNS.
Displays the help for this utility.
Collects information from an LDAP Directory Information Tree (DIT) and appends it to the users lookaside database it creates from the primary user data source (-u switch). You can only use this switch in conjunction with the -u switch or the -a switch so it is most useful when the LDAP DIT provides additional user data and is not used as the system's naming service.
Before you use this switch, follow these steps:
The time it takes to retrieve information from the LDAP service depends on how fast the LDAP service is, and how much user data is stored in the DIT. You can adjust the ldap_timeout token in the [seos] section of the seos.ini file to account for these aspects.
Creates a services lookaside database file.
Creates a users lookaside database file.
Note: You can specify the -n switch in conjunction with the -u switch to add user data that is collected from an LDAP service.
Lists the contents of the groups lookaside database files.
Lists the contents of the hosts lookaside database files.
Lists the contents of the services lookaside database files.
Lists the contents of the users lookaside database files.
Specifies optional modifiers that change the way the utility displays its information. Can be one or more of the following:
Loads the lookaside database using only the list file. This excludes the resolution mechanism of the system.
Fast loads the lookaside database (hosts only) when using the ‑h switch.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|