[Freeipa-devel] automount in LDAP

[Simo Sorce]

On Thu, 2008-11-06 at 10:02 -0500, Rob Crittenden wrote:
> Simo Sorce wrote:
> > How do clients choose which server to connect to ?
> 
> Hardcoded in /etc/sysconfig/autofs on Fedora and RHEL.
> 
> > Is there any concept like that in automount ? Should we care ?
> 
> AFAIK there is no accomodation for this. We'd either have to provide 
> separate areas (in the dn) to store the maps or the end-user would need 
> to carefully configure things.

I think providing separate areas then is paramount. Admins should be
able to define "locations" and the maps would be created inside these
location. This way admins can set different automount options for
clients located in different places. I am sure clients in Australia are
not going to use the same automount maps as for clients in Baltimore.

> LDAP for autofs is configured on Fedora (the only thing I've 
> experimented with so far) in /etc/sysconfig/autofs. You can specify the 
> server and the search base.
> 
> To accomodate geographic areas we could use a separate basedn for each 
> one, something like:
> 
> cn=australia,cn=autoumount,$SUFFIX
> cn=baltimore,cn=automount,$SUFFIX

Yes I think this is needed.
After if someone wants to use the same configuration for all client he
can create a "cn=default" area and just configure all clients to use it.

> autofs issues a query like this when starting up:
> 
> SRCH base="$SEARCH_BASE_FROM_AUTOFS_CONF" scope=2 
> filter="(&(objectClass=automountMap)(automountMapName=auto.master))" 
> attrs="automountMapName"
> 
> So this still wouldn't work if you travel from Europe to the U.S. You 
> wouldn't automatically mount the local servers.

Well maybe SSSD can be used to fetch the proper basedn at startup,
modify /etc/sysconfig/autofs and restart autofs before the user logs in.

I think that might work, and might even be a policy connected to the
location the client is in.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York