AutoFS problem with OpenLDAP server

AutoFS problem with OpenLDAP server

[Erich Weiler]

Greetings all-

I have a strange problem with AutoFS under Fedora Core 5.  Can't seem to 
automount via ldap the way I should be able to.  If I have:

automount: files ldap

in /etc/nsswitch.conf, and have:

/projects 
ldap://ldapserver.domain.com/nisMapName=auto.projects,dc=domain,dc=com

in /etc/auto.master, everything works.  However, I don't want my clients 
to be configured this way because I have two redundant OpenLDAP servers 
and would like AutoFS to automatically try a second LDAP server if the 
first one goes down.  So I put this in /etc/nsswitch.conf:

automount: ldap

and tried to restart AutoFS, and got the error:

[root@sunbright default]# /etc/init.d/autofs start
Starting automount: No Mountpoints Defined                 [  OK  ]
[root@sunbright default]#

But there ARE automount maps in OpenLDAP, as the first method works.  If 
I try the "automount" command manually, I get this in the logs:

Jul 26 13:06:34 sunbright automount[22965]: starting automounter version 
4.1.4-19, path = /projects, maptype = ldap, mapname = 
nisMapName=auto.projects,dc=domain,dc=com
Jul 26 13:06:34 starbright automount[22965]: lookup(ldap): couldn't bind 
to default server

The server does accept anonymous lookups.  I even watched the traffic 
(via tcpdump) from the client to the server and there was no traffic at 
all!  Seems the client isn't even trying to contact any of my LDAP 
servers.

Does anyone have any ideas as to what's happening?  Like I said I would 
like the automounter to try each of my 3 servers in order listed in 
/etc/ldap.conf, so manually specifying one server in /etc/auto.master 
isn't very appealing...

Thanks in advance for any insight!

ciao, erich

Re: AutoFS problem with OpenLDAP server

[Erich Weiler]

OK, I figured out that AutoFS looks at "/etc/openldap/ldap.conf" and NOT 
"/etc/ldap.conf".  I'm one step closer.  However, when I copy my 
ldap.conf over to /etc/openldap/ldap.conf, and do a "/etc/init.d/autofs 
start", it still gives me the:

Starting automount: No Mountpoints Defined

Error at the command line.  I *DO* see traffic to the Openldap server 
this time though, and in the OpenLDAP logs I see:

ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
     filter: (&(?=undefined)(?=undefined))
ber_scanf fmt ({M}}) ber:
     attrs: automountMapName automountInformation
==> limits_get: conn=10642 op=6 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("dc=domain,dc=com")

So it looks like the automounter is searching for "automountMapName" and 
"automountInformation".  Which is bad, because my maps are in the form 
of "nisMapName" and "nisMapEntry".  Does anyone know if there is an easy 
way to tell the automounter to look for the other attributes?  Or do I 
have to try to set up some kind of aliasing on my OpenLDAP server?

Thanks for your patience with me!

ciao, erich

Erich Weiler wrote:
> Greetings all-
> 
> I have a strange problem with AutoFS under Fedora Core 5.  Can't seem to 
> automount via ldap the way I should be able to.  If I have:
> 
> automount: files ldap
> 
> in /etc/nsswitch.conf, and have:
> 
> /projects 
> ldap://ldapserver.domain.com/nisMapName=auto.projects,dc=domain,dc=com
> 
> in /etc/auto.master, everything works.  However, I don't want my clients 
> to be configured this way because I have two redundant OpenLDAP servers 
> and would like AutoFS to automatically try a second LDAP server if the 
> first one goes down.  So I put this in /etc/nsswitch.conf:
> 
> automount: ldap
> 
> and tried to restart AutoFS, and got the error:
> 
> [root@sunbright default]# /etc/init.d/autofs start
> Starting automount: No Mountpoints Defined                 [  OK  ]
> [root@sunbright default]#
> 
> But there ARE automount maps in OpenLDAP, as the first method works.  If 
> I try the "automount" command manually, I get this in the logs:
> 
> Jul 26 13:06:34 sunbright automount[22965]: starting automounter version 
> 4.1.4-19, path = /projects, maptype = ldap, mapname = 
> nisMapName=auto.projects,dc=domain,dc=com
> Jul 26 13:06:34 starbright automount[22965]: lookup(ldap): couldn't bind 
> to default server
> 
> The server does accept anonymous lookups.  I even watched the traffic 
> (via tcpdump) from the client to the server and there was no traffic at 
> all!  Seems the client isn't even trying to contact any of my LDAP servers.
> 
> Does anyone have any ideas as to what's happening?  Like I said I would 
> like the automounter to try each of my 3 servers in order listed in 
> /etc/ldap.conf, so manually specifying one server in /etc/auto.master 
> isn't very appealing...
> 
> Thanks in advance for any insight!
> 
> ciao, erich
> 

-- 
===================================
Erich Weiler
UNIX Systems Administrator
School of Engineering
University of California Santa Cruz
weiler@soe.ucsc.edu
===================================

Re: AutoFS problem with OpenLDAP server

[Jeff Moyer]

==> Regarding Re: [autofs] AutoFS problem with OpenLDAP server; Erich Weiler <weiler@soe.ucsc.edu> adds:

weiler> OK, I figured out that AutoFS looks at "/etc/openldap/ldap.conf" and NOT 
weiler> "/etc/ldap.conf".  I'm one step closer.  However, when I copy my 
weiler> ldap.conf over to /etc/openldap/ldap.conf, and do a "/etc/init.d/autofs 
weiler> start", it still gives me the:

weiler> Starting automount: No Mountpoints Defined

weiler> Error at the command line.  I *DO* see traffic to the Openldap server 
weiler> this time though, and in the OpenLDAP logs I see:

weiler> ber_scanf fmt ({mm}) ber:
weiler> ber_scanf fmt ({mm}) ber:
weiler>      filter: (&(?=undefined)(?=undefined))
weiler> ber_scanf fmt ({M}}) ber:
weiler>      attrs: automountMapName automountInformation
==> limits_get: conn=10642 op=6 dn="[anonymous]"
weiler> => bdb_search
weiler> bdb_dn2entry("dc=domain,dc=com")

weiler> So it looks like the automounter is searching for
weiler> "automountMapName" and "automountInformation".  Which is bad,
weiler> because my maps are in the form of "nisMapName" and "nisMapEntry".
weiler> Does anyone know if there is an easy way to tell the automounter to
weiler> look for the other attributes?  Or do I have to try to set up some
weiler> kind of aliasing on my OpenLDAP server?

The autofs init script in autofs v4 will invoke a command,
autofs-ldap-auto-master, to determine if there is an auto.master available
on your ldap server.  It should try 3 schemas before giving up.

You didn't mention whether you actually had an auto.master in ldap.  Do you?

-Jeff

Re: AutoFS problem with OpenLDAP server

[Erich Weiler]

Hi Jeff,

> The autofs init script in autofs v4 will invoke a command,
> autofs-ldap-auto-master, to determine if there is an auto.master available
> on your ldap server.  It should try 3 schemas before giving up.
> 
> You didn't mention whether you actually had an auto.master in ldap.  Do you?

No, I don't have an auto.master in LDAP, I guess I was figuring Linux's 
AutoFS would kind of figure it out like it does with Solaris.  So AutoFS 
requires a auto.master in LDAP?  Do you know what I need to do to tweak 
this by any chance?

Thanks for the response!

ciao, erich

Re: AutoFS problem with OpenLDAP server

[Erich Weiler]

Somehow I feel I didn't send this correctly last time, resending:

Hi Jeff,

 > The autofs init script in autofs v4 will invoke a command,
 > autofs-ldap-auto-master, to determine if there is an auto.master 
available
 > on your ldap server.  It should try 3 schemas before giving up.
 >
 > You didn't mention whether you actually had an auto.master in ldap. 
Do you?

No, I don't have an auto.master in LDAP, I guess I was figuring Linux's 
AutoFS would kind of figure it out like it does with Solaris.  So AutoFS 
requires a auto.master in LDAP?  Do you know what I need to do to tweak 
this by any chance?  Or maybe point me to a how-to or something of that 
nature?

Thanks for the response!

ciao, erich