Help with automounting from a LDAP server

Help with automounting from a LDAP server

[Krishnakumar B]

Hi,

Are there any standard practices to follow for automounting from a LDAP
server without using local files, for both the NFS server and the clients?
The NFS clients part seems straightforward.  However it is not clear how
autofs mounts directories residing on the local filesystem on the NFS
server.

For example if I have the following setup:

1. I export /export/home from the NFS server, nfs.example.com
2. The NFS server is also configured to use the LDAP server to get
   automount information, i.e, automount: ldap in /etc/nsswitch.conf
3. auto_home is setup on the LDAP server to spit out something equivalent to:

*  -rw,hard,intr,rsize=8192,wsize=8192,nosuid nfs.example.com:/export/home

Will autofs on nfs.example.com recognize the local mount /export/home and
use a loopback mount for /home?  If so, do people recommend using the same
approach (using a direct mount) for /var/spool/mail on nfs.example.com?  If
not, why not?

Is there any way to disable specify exclude clauses in the mount options to
autofs?  For example, can I specify some option to autofs so that on a
particular machine autofs will not use the automount entry from the
directory server.

Thanks,
kitty.

-- 
Krishnakumar B <kitty at dre dot vanderbilt dot edu>
Institute for Software Integrated Systems, Dept. of EECS, Vanderbilt University

Re: Help with automounting from a LDAP server

[Ian Kent]

On Mon, 10 Jan 2005, Krishnakumar B wrote:

> Hi,
> 
> Are there any standard practices to follow for automounting from a LDAP
> server without using local files, for both the NFS server and the clients?
> The NFS clients part seems straightforward.  However it is not clear how
> autofs mounts directories residing on the local filesystem on the NFS
> server.

autofs should perform a bind mount if the mount is on the local machine.

> 
> For example if I have the following setup:
> 
> 1. I export /export/home from the NFS server, nfs.example.com
> 2. The NFS server is also configured to use the LDAP server to get
>    automount information, i.e, automount: ldap in /etc/nsswitch.conf
> 3. auto_home is setup on the LDAP server to spit out something equivalent to:
> 
> *  -rw,hard,intr,rsize=8192,wsize=8192,nosuid nfs.example.com:/export/home
> 
> Will autofs on nfs.example.com recognize the local mount /export/home and
> use a loopback mount for /home?  If so, do people recommend using the same
> approach (using a direct mount) for /var/spool/mail on nfs.example.com?  If
> not, why not?

Can't do that at present.
Direct mounts are not fully implemented.

> 
> Is there any way to disable specify exclude clauses in the mount options to
> autofs?  For example, can I specify some option to autofs so that on a
> particular machine autofs will not use the automount entry from the
> directory server.

Not that I know of.

Ian

Re: Help with automounting from a LDAP server

[Timo Felbinger]

On Mon, Jan 10, 2005 at 01:29:23AM -0600, Krishnakumar B wrote:
> 
> For example if I have the following setup:
> 
> 1. I export /export/home from the NFS server, nfs.example.com
> 2. The NFS server is also configured to use the LDAP server to get
>    automount information, i.e, automount: ldap in /etc/nsswitch.conf
> 3. auto_home is setup on the LDAP server to spit out something equivalent to:
> 
> *  -rw,hard,intr,rsize=8192,wsize=8192,nosuid nfs.example.com:/export/home
> 
> Will autofs on nfs.example.com recognize the local mount /export/home and
> use a loopback mount for /home?

Yes.

> If so, do people recommend using the same
> approach (using a direct mount) for /var/spool/mail on nfs.example.com?  If
> not, why not?
> 
> Is there any way to disable specify exclude clauses in the mount options to
> autofs?  For example, can I specify some option to autofs so that on a
> particular machine autofs will not use the automount entry from the
> directory server.

I don't know a way to specify exclude clauses in the mount options, but
you might be able to do something equivalent in the LDAP query itself:
I've written a patch for autofs-4.1.3 to give more flexibility with LDAP
requests; in particular, it allows to specify arbitrary search filter
expressions, so you should be able to include something along the lines of
!(hostname=$MYSELF) into the query, if that is what you need. The patched
version of modules/lookup_ldap.c is available at
  http://www.timof.qipc.org/autofs-4.1.3-patch

Regards,

Timo Felbinger


-- 
Timo Felbinger                  <Timo.Felbinger@physik.uni-potsdam.de>
Quantum Physics Group           http://www.quantum.physik.uni-potsdam.de
Institut fuer Physik            Tel: +49 331 977 1793      Fax: -1767
Universitaet Potsdam, Germany

Re: Help with automounting from a LDAP server

[Jim Carter]

On Mon, 10 Jan 2005, Krishnakumar B wrote:

> ...  However it is not clear how
> autofs mounts directories residing on the local filesystem on the NFS
> server.
> 
> For example if I have the following setup:
> 
> 1. I export /export/home from the NFS server, nfs.example.com
> 2. The NFS server is also configured to use the LDAP server to get
>    automount information, i.e, automount: ldap in /etc/nsswitch.conf
> 3. auto_home is setup on the LDAP server to spit out something equivalent to:
> 
> *  -rw,hard,intr,rsize=8192,wsize=8192,nosuid nfs.example.com:/export/home
> 
> Will autofs on nfs.example.com recognize the local mount /export/home and
> use a loopback mount for /home?  

It works for me.  I use NIS, not LDAP, for the map, but it should work the 
same for any map type.  The automount daemon specifically identifies 
attempted NFS mounts on the local machine and substitutes bind mounts (on 
Linux).  

> If so, do people recommend using the same
> approach (using a direct mount) for /var/spool/mail on nfs.example.com?  If
> not, why not?

There's no problem if the mail user agent and delivery agent are both on 
the machine that has the mailbox, reaching it either by its own name or via 
a bind/loopback mount.  However, if either one is on another host, file 
locking is not completely effective; most likely there is a short window 
during which both programs can get the lock.  The more common symptom is 
truncated incoming messages; trashed non-deleted messages are also 
possible.  My most recent test of this was last year on Linux kernel 2.4.21 
with kernel NFS; I also tested it a number of years ago on SunOS 3.x.


James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu  http://www.math.ucla.edu/~jimc (q.v. for PGP key)

Re: Help with automounting from a LDAP server

[Krishnakumar B]

Hi,

Thanks for all the followups.

On Tuesday, 11 January 2005, Ian Kent  wrote:
> On Mon, 10 Jan 2005, Krishnakumar B wrote:
>

[...]

>> Will autofs on nfs.example.com recognize the local mount /export/home and
>> use a loopback mount for /home?  If so, do people recommend using the same
>> approach (using a direct mount) for /var/spool/mail on nfs.example.com?  If
>> not, why not?
>
> Can't do that at present.  Direct mounts are not fully implemented.

My manpage for autofs(5) claims the following:

UNSUPPORTED
       This version of the automounter supports direct maps for FILE, NIS
       and LDAP maps only and handles SunOS-style replicated filesystems
       only to the extent that mount(8) does.

So is my manpage wrong, or does "direct maps" mean something other than
"direct mounts"?  Or are you referring to the following limitation (from
README.direct v1.3).

NOTE: Due to current design limitations, direct maps will take over an
entire directory hierarchy.  What this means is, if your direct map key is
/usr/share/bilbo, then /usr will become an automount mount point, mounting
over the existing /usr.


I am using the following version of autofs with Linux-2.4.28.

tango % dpkg -S /usr/share/man/man5/autofs.5.gz
autofs: /usr/share/man/man5/autofs.5.gz
tango %
 
tango % dpkg -p autofs
Package: autofs
Priority: extra
Section: utils
Installed-Size: 428
Maintainer: Steinar H. Gunderson <sesse@debian.org>
Architecture: i386
Version: 4.1.3-8
DDepends: libc6 (>= 2.3.2.ds1-4)
Recommends: nfs-common
ConCflicts: samba (<< 2.0.6-1)
Filename: pool/main/a/autofs/autofs_4.1.3-8_i386.deb
Size: 96350
MD5sum: 42aef00313ebe91c572bcdeb04708914
Description: A kernel-based automounter for Linux
 Autofs controls the operation of the automount daemons. The automount
 daemons automatically mount filesystems when they are used and unmount
 them after a period of inactivity. This is done based on a set of
 pre-configured maps.
 .
 The kernel automounter implements an almost complete SunOS style
 automounter under Linux. Automounter version 4 (autofs4) has to be enabled
 when compiling the kernel. Debian packaged kernels have it enabled.

-kitty.
             
-- 
Krishnakumar B <kitty at dre dot vanderbilt dot edu>
Institute for Software Integrated Systems, Dept. of EECS, Vanderbilt University

Re: Help with automounting from a LDAP server

[Ian Kent]

On Tue, 11 Jan 2005, Krishnakumar B wrote:

> > Can't do that at present.  Direct mounts are not fully implemented.
> 
> My manpage for autofs(5) claims the following:
> 
> UNSUPPORTED
>        This version of the automounter supports direct maps for FILE, NIS
>        and LDAP maps only and handles SunOS-style replicated filesystems
>        only to the extent that mount(8) does.

Perhaps I need to change this to be more accurate.

> 
> So is my manpage wrong, or does "direct maps" mean something other than
> "direct mounts"?  Or are you referring to the following limitation (from
> README.direct v1.3).
> 
> NOTE: Due to current design limitations, direct maps will take over an
> entire directory hierarchy.  What this means is, if your direct map key is
> /usr/share/bilbo, then /usr will become an automount mount point, mounting
> over the existing /usr.

I'm refering to the design limitation mentioned in this note.

This will continue to be the case in 4.1.4 (in fact 4.1.x).

I plan on creating a 4.2.0 development branch at some point fairly soon. 
This will be the top priority for that development.

Ian

Re: Help with automounting from a LDAP server

[abo]

sorry about this newbie question, but can you explain what exactly
direct mounts/maps is?

thx


On Tue, 11 Jan 2005 16:39:40 +0800 (WST)
Ian Kent <raven@themaw.net> wrote:

> On Tue, 11 Jan 2005, Krishnakumar B wrote:
> 
> > > Can't do that at present.  Direct mounts are not fully
implemented.
> > 
> > My manpage for autofs(5) claims the following:
> > 
> > UNSUPPORTED
> >        This version of the automounter supports direct maps for
FILE, NIS
> >        and LDAP maps only and handles SunOS-style replicated
filesystems
> >        only to the extent that mount(8) does.
> 
> Perhaps I need to change this to be more accurate.
> 
> > 
> > So is my manpage wrong, or does "direct maps" mean something other
than
> > "direct mounts"?  Or are you referring to the following limitation
(from
> > README.direct v1.3).
> > 
> > NOTE: Due to current design limitations, direct maps will take over
an
> > entire directory hierarchy.  What this means is, if your direct map
key is
> > /usr/share/bilbo, then /usr will become an automount mount point,
mounting
> > over the existing /usr.
> 
> I'm refering to the design limitation mentioned in this note.
> 
> This will continue to be the case in 4.1.4 (in fact 4.1.x).
> 
> I plan on creating a 4.2.0 development branch at some point fairly
soon. 
> This will be the top priority for that development.
> 
> Ian
> 
> _______________________________________________
> autofs mailing list
> autofs@linux.kernel.org
> http://linux.kernel.org/mailman/listinfo/autofs

Re: Help with automounting from a LDAP server

[raven]

On Tue, 11 Jan 2005, abo wrote:

> sorry about this newbie question, but can you explain what exactly
> direct mounts/maps is?

That's a little difficult but ...

An example of an indirect map might be:

in the master map

/home	/etc/auto.indirect

and auto.indirect might have

user1	server1:/home/userdir1
user2	server1:/home/userdir2
....

An example of a direct map might be:

/-	/etc/auto.direct

and in auto.direct might have

/nfs/apps/geoapp1	server1:/apps/geoapplication
/nfs/apps/geoapp2	server2:/apps/application2
/nfs/data/mydata	data1:/data/north/mydata
/global/data/theirdata	other:/data/test
...

Direct mount maps always have /- in the master map whereas indirect maps 
always have their base directory.
Direct mount keys are always full paths wheras in an indirect mount the 
key is always a single directory component.

You can't have nested mounts in a direct map either.

Check out Managing NFS and NIS 2nd edition, O'Reilly, chapter 13.

>
> thx
>
>
> On Tue, 11 Jan 2005 16:39:40 +0800 (WST)
> Ian Kent <raven@themaw.net> wrote:
>
>> On Tue, 11 Jan 2005, Krishnakumar B wrote:
>>
>>>> Can't do that at present.  Direct mounts are not fully
> implemented.
>>>
>>> My manpage for autofs(5) claims the following:
>>>
>>> UNSUPPORTED
>>>        This version of the automounter supports direct maps for
> FILE, NIS
>>>        and LDAP maps only and handles SunOS-style replicated
> filesystems
>>>        only to the extent that mount(8) does.
>>
>> Perhaps I need to change this to be more accurate.
>>
>>>
>>> So is my manpage wrong, or does "direct maps" mean something other
> than
>>> "direct mounts"?  Or are you referring to the following limitation
> (from
>>> README.direct v1.3).
>>>
>>> NOTE: Due to current design limitations, direct maps will take over
> an
>>> entire directory hierarchy.  What this means is, if your direct map
> key is
>>> /usr/share/bilbo, then /usr will become an automount mount point,
> mounting
>>> over the existing /usr.
>>
>> I'm refering to the design limitation mentioned in this note.
>>
>> This will continue to be the case in 4.1.4 (in fact 4.1.x).
>>
>> I plan on creating a 4.2.0 development branch at some point fairly
> soon.
>> This will be the top priority for that development.
>>
>> Ian
>>
>> _______________________________________________
>> autofs mailing list
>> autofs@linux.kernel.org
>> http://linux.kernel.org/mailman/listinfo/autofs
>
> _______________________________________________
> autofs mailing list
> autofs@linux.kernel.org
> http://linux.kernel.org/mailman/listinfo/autofs
>