[Freeipa-users] Automount cross-location support

Sigbjorn Lie sigbjorn at nixtra.com
Sun May 26 19:40:03 UTC 2013


On 24/05/13 23:48, Nalin Dahyabhai wrote:
> On Fri, May 24, 2013 at 12:01:04PM +0200, Sigbjorn Lie wrote:
>> The compat module would have to be extended to support displaying selected automount maps from one
>> location in a different location. I do not know the internals of the compat plugin so what I'm
>> asking might be unable/hard to achieve with the compat plugin - I was referring to it because of
>> it's ability to mirror one part of the ldap tree to a different part of the ldap tree.
> The compat plugin's usually used to make a group of entries appear
> somewhere else, which isn't _quite_ the same thing as making part of the
> tree show up elsewhere, since the tree structure isn't preserved, but if
> you don't mind "flattening" of the results when your source is split up
> in the hierarchy of a subtree, that won't be a problem.
>
> Otherwise, yeah, if that newly-created part of the tree, where the
> plugin's making the fake entries appear, happens to be under a subtree
> which autofs is searching for a given map's contents, then I don't see a
> reason why it shouldn't work.  The configuration for the compat plugin
> would probably simply copy specific attributes rather than doing any
> real manipulation their values, much like we do for user entries under
> cn=users,cn=compat.  I guess you could either "tag" entries for
> inclusion in a way that they'd match the filter which the compat
> plugin's configured to use when searching for source entries, or grab
> all of the entries in that given source area.
>
> Whenever you added a new automount location, you'd need to add a new
> mostly-boilerplate configuration entry under "cn=Schema Compatibility,
> cn=plugins, cn=config" to have that same group of entries with the same
> contents show up in the new location's part of the tree, but that would
> be about it.
>
> Also, if you're not rewriting attribute values, you could probably also
> ccomplish it with managed entries, since it plays in a similar area.  Or
> perhaps it could be done with just referrals, though that depends on the
> client to follow them.
>
>

I did some testing on this. I added an entry to  "cn=Schema 
Compatibility, cn=plugins, cn=config", and defined the various settings 
for the compat plugin. It worked as a charm, the requested automountmaps 
we're mirrored. However, one glitch when I attempt to actually use it. 
Setting "schema-compat-container-group" to cn=default hides all the 
existing keys in automount location default. Setting it to a level below 
the cn=default, and the automounter does not see the entries with the 
error below. It seem like the automounter can only handle a single level 
of a tree, and does not search subtrees.

"get_query_dn: lookup(ldap): failed to find query dn under search base dns"

I don't think the flatten trees does any harm, it's already flat, as 
long as the container-group could be set to cn=default,cn=automount. 
However it would require logic within the IPA framework to follow any 
"automountinformation=-fstype=autofs auto_anothermapname" and also 
create setup for the additional "auto_anothermapname" in the compat 
plugin. And again the idea seem flawed when the additional maps cannot 
sit under the same schema-compat-container-group.

Is there any way to have several entries in the schema compatibility 
plugin to share the same level of schema-compat-container-group?


Regards,
Siggi










More information about the Freeipa-users mailing list