| View previous topic :: View next topic |
| Author |
Message |
zuki
n00b
Joined: 05 Sep 2003
Posts: 32
Location: Kahla/Thuringia/Germany
|
 Posted: Wed Oct 05, 2005 10:28 am Post subject: [solved]autofs and ldap "newstyle" |
 |
|
Hi,
I try to setup gentoo to get the autofs stuff from ldap. I used the "new style" autofs shema for that.
Here is my config:
| Quote: |
# @(#)$Id: ldap.conf,v 2.42 2005/05/20 05:33:55 lukeh Exp $
host ldapserver
base dc=example,dc=com
scope sub
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute uniquemember
pam_password crypt
nss_base_passwd dc=example,dc=com?one
nss_base_shadow dc=example,dc=com?one
nss_base_group dc=example,dc=com?one
|
| Code: | # /etc/nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: ldap
aliases: files
|
| Code: | # Config file for /etc/init.d/autofs
# e.g. localoptions='rsize=8192,wsize=8192'
localoptions=''
# additional options for automount, ie. timeout
daemonoptions='--timeout 60'
# NIS
#nis_mapname='auto.master'
# LDAP
# By default autofs-ldap-auto-master will check the old style structure defined
# here, and if that fails, it will check the new style structure before
# failing. If this generates too much traffic for you, just change to use the
# new style here.
ldap_mapname='auto.master'
# This is the classic style:
#ldap_map_oc='nisMap'
#ldap_entry_oc='nisObject'
#ldap_map_key='nisMapName'
#ldap_entry_key='cn'
#ldap_value='nisMapEntry'
# This is the new style:
ldap_map_oc='automountMap'
ldap_entry_oc='automount'
ldap_map_key='ou'
ldap_entry_key='cn'
ldap_value='automountInformation' |
And here is the ldif from the ldap entries:
| Code: |
dn: ou=auto.master,dc=example,dc=com
objectClass: top
objectClass: automountMap
ou: auto.master
dn: ou=auto.home,dc=example,dc=com
objectClass: top
objectClass: automountMap
ou: auto.home
dn: ou=auto.groups,dc=example,dc=com
objectClass: top
objectClass: automountMap
ou: auto.groups
dn: cn=/User,ou=auto.master,dc=example,dc=com
objectClass: top
objectClass: automount
cn: /User
description: User dirs
automountInformation: ldap ldapserver:ou=auto.home,dc=example,dc=com
dn: cn=/Net/Groups,ou=auto.master,dc=example,dc=com
objectClass: top
objectClass: automount
cn: /Net/Groups
description: Gruppenverzeichnisse
automountInformation: ldap ldapserver:ou=auto.groups,dc=example,dc=com
dn: cn=Services,ou=auto.groups,dc=example,dc=com
objectClass: top
objectClass: automount
cn: Services
automountInformation: -rw,rsize=16384,wsize=8192,intr,timeo=20 172.0.3.1:/mnt/Local/Groups/Services
dn: cn=homes,ou=auto.home,dc=example,dc=com
objectClass: top
objectClass: automount
cn: homes
automountInformation: -rw,rsize=16384,wsize=8192,intr,timeo=20 172.0.3.1:/mnt/Local/Homes
|
The user and groups works as expected. But the autofs gives me a "failed to load map, exiting" in /var/log/messages.
The folder /Net is created (but not /Net/Groups/ as it should) by autofs but not the /User.
I dont know where to search for more errors...
Thank you for any help!
_________________
open world, open mind, open future
Last edited by zuki on Fri Oct 07, 2005 12:36 pm; edited 1 time in total |
|
| Back to top |
|
 |
aceFruchtsaft
Guru
Joined: 16 May 2004
Posts: 438
Location: Vienna, Austria
|
| Posted: Wed Oct 05, 2005 7:24 pm Post subject: |
|
|
Try to adapt your LDIF to look something like this:
| Code: |
dn: ou=Mounts,dc=sample,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Mounts
dn: ou=auto.master,ou=Mounts,dc=sample,dc=org
objectClass: top
objectClass: automountMap
ou: auto.master
dn: cn=/home,ou=auto.master,ou=Mounts,dc=sample,dc=org
objectClass: automount
cn: /home
automountInformation: ldap://ldap.sample.org/ou=auto.home,ou=Mounts,dc=sample,dc=org
dn: ou=auto.home,ou=Mounts,dc=sample,dc=org
objectClass: top
objectClass: automountMap
ou: auto.home
dn: cn=user1,ou=auto.home,ou=Mounts,dc=sample,dc=org
objectClass: automount
cn: user1
automountInformation: fileserver.sample.org:/home/user1
|
Where
ldap.sample.org is the DNS name of you ldap machine,
fileserver.sample.org is the DNS name of your NFS server
and all mount points are defined in ou=Mounts,dc=sample,dc=org.
Notice the different syntax in automountInformation.
This setup works for me, but it also took me ages to get it to work. You might want to look at the sample files provided by the autofs package if you haven't already done so. |
|
| Back to top |
|
|
zuki
n00b
Joined: 05 Sep 2003
Posts: 32
Location: Kahla/Thuringia/Germany
|
| Posted: Thu Oct 06, 2005 6:34 am Post subject: |
|
|
Thank you. That works with gentoo.
But what the hell.....
with SuSE Linux this example doesnt work. Why they cant be in the same way?
Thats the way SuSE like it:
automountInformation: ldap ldap-server.example.com:ou=auto.home,dc=example,dc=com
And thats the way gentoo loves it:
automountInformation: ldap://ldap-server.example.com/ou=auto.home,dc=example,dc=com
Thank you for your help. So I have to provide 2 different maps in ldap !?!?!....
.... thank you.
_________________
open world, open mind, open future |
|
| Back to top |
|
|
zuki
n00b
Joined: 05 Sep 2003
Posts: 32
Location: Kahla/Thuringia/Germany
|
| Posted: Thu Oct 06, 2005 6:43 am Post subject: |
|
|
And debian:
ldap:hostname:ou=auto.share,dc.....
So it is a nice way to integrate differnent linux´z in one network with the same maps.... And if you have differnt maps all the wrong maps in ldap will produce a lot of errors in syslog......
What the hell? Is every distribution fight against the others? Just like: "If we are in one room please dont talk to me!".
Thats not the way linux should work.
_________________
open world, open mind, open future |
|
| Back to top |
|
|
aceFruchtsaft
Guru
Joined: 16 May 2004
Posts: 438
Location: Vienna, Austria
|
| Posted: Thu Oct 06, 2005 4:12 pm Post subject: |
|
|
| Do you have the same automounter/autofs versions on both Gentoo and SuSE? I don't think Gentoo would change the standard syntax. |
|
| Back to top |
|
|
zuki
n00b
Joined: 05 Sep 2003
Posts: 32
Location: Kahla/Thuringia/Germany
|
| Posted: Fri Oct 07, 2005 7:34 am Post subject: |
|
|
In both:
4.1.3
I have also checked the changelog, but there is nothing about the ldap syntax. Only:
| Quote: |
- added check for executable existance in getldapmounts in init script
- init script fix for Debian (Thorild Selen).
- fix to init script for reload option (Michael Blandford).
|
_________________
open world, open mind, open future |
|
| Back to top |
|
|
zuki
n00b
Joined: 05 Sep 2003
Posts: 32
Location: Kahla/Thuringia/Germany
|
| Posted: Fri Oct 07, 2005 10:48 am Post subject: |
|
|
Thatz from the SUSE:
cat /usr/share/doc/packages/autofs4/README.SuSE.ldap
| Code: |
Autofs with ldap
----------------
There are two ways to get the required data for autofs from a ldap server.
1. With the autofs.schema (Linux only)
You can find the schema at /usr/share/doc/packages/autofs4/autofs.schema
Here is an example ldif:
--------------------- begin --------------------------------------------------
dn: ou=auto.master,dc=example,dc=com
objectClass: top
objectClass: automountMap
ou: auto.master
dn: cn=/home,ou=auto.master,dc=example,dc=com
objectClass: top
objectClass: automount
cn: /home
automountInformation: ldap ldap-server.example.com:ou=auto.home,dc=example,dc=com
----SNIP------
|
Thats from Gentoo:
zcat /usr/share/doc/autofs-4.1.3-r4/README.ldap.gz
| Code: |
----SNIP------
The map syntax has been changed a bit as well. It is (square
bracketed terms are optional as usual) [//ldaphost/]basedn. If
you need to specify a different port then you need to change
your configured defaults. For example, in Openldap this is in
/etc/openldap/ldap.conf.
----SNIP------
|
zcat /usr/share/doc/autofs-4.1.3-r4/samples/ldap-automount-auto.master.gz
| Code: |
#
# ident $Id: ldap-automount-auto.master,v 1.2 2003/12/10 14:54:33 raven Exp $
#
dn: ou=auto.master,dc=bogus
objectClass: top
objectClass: automountMap
ou: auto.master
dn: cn=/ldap,ou=auto.master,dc=bogus
objectClass: automount
cn: /ldap
automountInformation: ldap://budgie/ou=auto.indirect,dc=bogus
|
Same sh** in SuSE 10.....
_________________
open world, open mind, open future |
|
| Back to top |
|
|
zuki
n00b
Joined: 05 Sep 2003
Posts: 32
Location: Kahla/Thuringia/Germany
|
| Posted: Fri Oct 07, 2005 12:03 pm Post subject: |
|
|
Now I have found a ?bug IMHO. I think I have understand how it works, so let me try to explain:
The /usr/lib/autofs/autofs-ldap-auto-master gives back the ldap entries. As standard from the ou=auto.master:
| Code: |
root@nowhere:#/usr/lib/autofs/autofs-ldap-auto-master
/User ldap://ldap-server.example.com/ou=auto.home,dc=example,dc=com
|
And from this entry it gets the mount options:
e.g: -rw,rsize=16384,wsize=8192,intr,timeo=20 172.0.3.1:/mnt/Local/User
So SUSE doesnt care about some options in the init script:
| Code: |
function getmounts_ldap()
{
/usr/lib/autofs/autofs-ldap-auto-master | (
while read dir prog map; do
echo "$DAEMON $daemonoptions $dir $prog \"$map\""
done
)
}
|
But Gentoo do it:
| Code: |
function getldapmounts()
{
autofs_lam=/usr/lib/autofs/autofs-ldap-auto-master
if [ -f $autofs_lam -a -x $autofs_lam ]; then
${autofs_lam} \
-m ${ldap_map_oc} -e ${ldap_entry_oc} \
-n ${ldap_map_key} -k ${ldap_entry_key} \
-v ${ldap_value} 2> /dev/null
fi
}
|
So you can define the right map in /etc/conf.d/autofs:
| Quote: |
ldap_mapname='auto.standardmaster'
|
So now I have 2 different maps:
auto.master in the SUSE style (ldap ldap-server.example.com:ou=auto.home,dc=example,dc=com)
and auto.standardmaster in the original style (ldap://ldap-server.example.com/ou=auto.home,dc=example,dc=com)
But here comes the bug:
Gentoo doesnt use the ldap_mapname in the init script as you can see in the example above.
here is the right way to do it:
| Code: |
function getldapmounts()
{
autofs_lam=/usr/lib/autofs/autofs-ldap-auto-master
if [ -f $autofs_lam -a -x $autofs_lam ]; then
${autofs_lam} \
-m ${ldap_map_oc} -e ${ldap_entry_oc} \
-n ${ldap_map_key} -k ${ldap_entry_key} \
-v ${ldap_value} ${ldap_mapname} 2> /dev/null
fi
}
|
And all works fine. Now its time to inform the maintainer of the autofs package. Maybe I fill out a bug report....
thank you.
_________________
open world, open mind, open future |
|
| Back to top |
|
|
rek2
Guru
Joined: 05 Jan 2003
Posts: 477
Location: Boston USA/Barcelona Spain
|
|
| Back to top |
|
|
zuki
n00b
Joined: 05 Sep 2003
Posts: 32
Location: Kahla/Thuringia/Germany
|
|
| Back to top |
|
|
rek2
Guru
Joined: 05 Jan 2003
Posts: 477
Location: Boston USA/Barcelona Spain
|
|
| Back to top |
|
|
rek2
Guru
Joined: 05 Jan 2003
Posts: 477
Location: Boston USA/Barcelona Spain
|
| Posted: Fri Oct 21, 2005 7:05 am Post subject: |
|
|
ok sooo from above with ldiff should I use?
I used one of the examples.. but is not working.. so I may try yours..
do you always need the auto.master?
I rename it to auto.home and inside added two home dirs to automount to try it, but it didnt work. here are the config files. and ldiff.
matrix ~ # more ldap-automount-auto.home
#
# ident $Id: ldap-automount-auto.home,v 1.2 2003/12/10 14:54:33 raven Exp $
#
dn: ou=auto.home,dc=lan,dc=xxxxxl,dc=com
objectClass: top
objectClass: automountMap
ou: auto.home
dn: cn=/home/sfincke,ou=auto.home,dc=lan,dc=xxxxx,dc=com
objectClass: automount
cn: /home/sfincke
automountInformation: matrix.lan.xxxx.com:/home/sfincke
dn: cn=/home/rek2,ou=auto.home,dc=lan,dc=xxxx,dc=com
objectClass: automount
cn: /home/rek2
automountInformation: matrix.lan.xxxx.com:/home/rek2
ldap_mapname='auto.home'
# This is the classic style:
#ldap_map_oc='nisMap'
#ldap_entry_oc='nisObject'
#ldap_map_key='nisMapName'
#ldap_entry_key='cn'
#ldap_value='nisMapEntry'
# This is the new style:
ldap_map_oc='automountMap'
ldap_entry_oc='automount'
ldap_map_key='ou'
ldap_entry_key='cn'
ldap_value='automountInformation'
_________________
http://www.dailyradical.org
http://www.binaryfreedom.info
use jabber!!! sing on now, register an account:
http://jabber.binaryfreedom.info |
|
| Back to top |
|
|
rek2
Guru
Joined: 05 Jan 2003
Posts: 477
Location: Boston USA/Barcelona Spain
|
|
| Back to top |
|
|
rek2
Guru
Joined: 05 Jan 2003
Posts: 477
Location: Boston USA/Barcelona Spain
|
|
| Back to top |
|
|
chris.c.hogan
Apprentice
Joined: 02 Oct 2005
Posts: 189
|
| Posted: Thu Mar 30, 2006 10:37 pm Post subject: |
|
|
| zuki wrote: | And debian:
ldap:hostname:ou=auto.share,dc.....
So it is a nice way to integrate differnent linux´z in one network with the same maps.... And if you have differnt maps all the wrong maps in ldap will produce a lot of errors in syslog......
What the hell? Is every distribution fight against the others? Just like: "If we are in one room please dont talk to me!".
Thats not the way linux should work. |
This isn't too far off from the way Gentoo handles it. I finally have my ldap-autofs configuration working. However, the format for automountinformation under auto.master took a while to figure out. All of the documentation says the server name is optional. So I didn't add it. However, the devil is in the details. "//servername/" is optional. "ldap:" is not. So "ldap:ou=auto.share,dc..." works. "ldap://ou=..." , "ldap:/ou=...", and "ou=..." do not.
That said, if Debian uses "ldap:hostname:ou=" then "ldap:ou=" might work as well. At that point you have an entry that works in both systems. As for SuSE, their incompatibility is one of the reasons I stopped using it. |
|
| Back to top |
|
|
chris.c.hogan
Apprentice
Joined: 02 Oct 2005
Posts: 189
|
| Posted: Thu Mar 30, 2006 10:44 pm Post subject: |
|
|
| rek2 wrote: | ok sooo from above with ldiff should I use?
I used one of the examples.. but is not working.. so I may try yours..
do you always need the auto.master?
I rename it to auto.home and inside added two home dirs to automount to try it, but it didnt work. here are the config files. and ldiff.
|
Not sure if you still need help. However, the autofs init script finds your maps by searching your ldap server for an auto.master entry. If you want it to search for something different, see https://bugs.gentoo.org/show_bug.cgi?id=108374 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
