autofs5 + ldap + ldap replication

autofs5 + ldap + ldap replication

[Rich West]

We have an LDAP infrastructure where all of the automount maps 
(auto.master and auto.home) are pulled out of LDAP.  In this instance, 
we have two LDAP servers, one primary, and the other is a replica.  The 
clients are all Fedora/Redhat systems.  Most of them are running 
autofs4, and a few newer ones are running autofs5.

/etc/openldap/ldap.conf has both the primary and replica hosts in the URI.

The problem we are having is with the client hosts running autofs5.  For 
some reason, if we have the replica host first in the URI line, autofs5 
is unable to get any automount data. All of the other LDAP related stuff 
works just fine with both entries (in /etc/ldap.conf and in 
/etc/openldap/ldap.conf).  I was able to narrow things down to the 
replica host itself.  If I just had the replica address in the URI, 
autofs5 doesn't seem to like it.
Jul 14 22:18:09 myhost automount[12143]: Starting automounter version 
5.0.1-0.rc3.31, master map auto.master
Jul 14 22:18:09 myhost automount[12143]: using kernel protocol version 5.00
Jul 14 22:18:09 myhost automount[12143]: mounted indirect mount on /misc 
with timeout 60, freq 15 seconds
Jul 14 22:18:09 myhost automount[12143]: mounted indirect mount on /net 
with timeout 60, freq 15 seconds
Jul 14 22:18:09 myhost automount[12143]: read_file_source_instance: file 
map /etc/ldap not found
Jul 14 22:18:09 myhost automount[12143]: lookup_init: lookup(ldap): 
failed to get query dn
Jul 14 22:18:09 myhost automount[12143]: mount_autofs_indirect: failed 
to read map for /home
Jul 14 22:18:09 myhost automount[12143]: handle_mounts: mount of /home 
failed!
Jul 14 22:18:09 myhost automount[12143]: master_do_mount: failed to 
startup mount

The exact same configuration works fine on the older systems running 
autofs4.

I've confirmed that everything is ok with both the primary and the 
replica (this works for all of the autofs4 based hosts).  phpMyAdmin 
happily browses to the replica's contents.  I can perform ldapsearch's 
with no problems from all of the hosts.  When running automount with the 
"-d" and "-v" flags on the autofs5 hosts, I get the above message in 
/var/log/messages and I see the following ldap query:
Jul 14 22:18:09 myhost slapd[5410]: conn=315 fd=9 ACCEPT from 
IP=192.168.0.100:35494 (IP=0.0.0.0:389)
Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=0 BIND dn="" method=128
Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=0 RESULT tag=97 err=0 text=
Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=1 SRCH 
base="dc=mydomain,dc=com" scope=2 deref=0 
filter="(&(objectClass=automountMap)(ou=auto.master))"
Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=1 SRCH attr=1.1
Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=2 UNBIND
Jul 14 22:18:09 myhost slapd[5410]: conn=315 fd=9 closed
Jul 14 22:18:09 myhost slapd[5410]: conn=316 fd=9 ACCEPT from 
IP=192.168.0.100:35495 (IP=0.0.0.0:389)
Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=0 BIND dn="" method=128
Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=0 RESULT tag=97 err=0 text=
Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=1 SRCH 
base="ou=auto.master,dc=mydomain,dc=com" scope=2 deref=0 
filter="(objectClass=automount)"
Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=1 SRCH attr=cn 
automountInformation
Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=2 UNBIND
Jul 14 22:18:09 myhost slapd[5410]: conn=316 fd=9 closed
Jul 14 22:18:09 myhost slapd[5410]: conn=317 fd=9 ACCEPT from 
IP=192.168.0.100:35496 (IP=0.0.0.0:389)
Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=0 BIND dn="" method=128
Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=0 RESULT tag=97 err=0 text=
Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=1 SRCH 
base="dc=mydomain,dc=com" scope=2 deref=0 
filter="(&(objectClass=automountMap)(ou=ldap))"
Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=1 SRCH attr=1.1
Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=1 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=2 UNBIND
Jul 14 22:18:09 myhost slapd[5410]: conn=317 fd=9 closed

I'm at a loss.  I'm just trying to get the LDAP redundancy in place, but 
autofs5 just doesn't seem to want to play nice.  Any pointers in the 
right direction would be happily appreciated!

-Rich

Re: autofs5 + ldap + ldap replication

[jehan procaccia]

Isn't it the problem of defining which attributes to use in automountmap ?
I had this resolved (in fedora 7) by uncommenting the necessary 
attributes in /etc/sysconfig/autofs , have you check that ?

in /etc/sysconfig/autofs for mine autofs ldap maps I had to uncomment these:

# Other common LDAP nameing
#
MAP_OBJECT_CLASS="automountMap"
ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="ou"
ENTRY_ATTRIBUTE="cn"
VALUE_ATTRIBUTE="automountInformation"


Rich West a écrit :
> We have an LDAP infrastructure where all of the automount maps 
> (auto.master and auto.home) are pulled out of LDAP.  In this instance, 
> we have two LDAP servers, one primary, and the other is a replica.  The 
> clients are all Fedora/Redhat systems.  Most of them are running 
> autofs4, and a few newer ones are running autofs5.
>
> /etc/openldap/ldap.conf has both the primary and replica hosts in the URI.
>
> The problem we are having is with the client hosts running autofs5.  For 
> some reason, if we have the replica host first in the URI line, autofs5 
> is unable to get any automount data. All of the other LDAP related stuff 
> works just fine with both entries (in /etc/ldap.conf and in 
> /etc/openldap/ldap.conf).  I was able to narrow things down to the 
> replica host itself.  If I just had the replica address in the URI, 
> autofs5 doesn't seem to like it.
> Jul 14 22:18:09 myhost automount[12143]: Starting automounter version 
> 5.0.1-0.rc3.31, master map auto.master
> Jul 14 22:18:09 myhost automount[12143]: using kernel protocol version 5.00
> Jul 14 22:18:09 myhost automount[12143]: mounted indirect mount on /misc 
> with timeout 60, freq 15 seconds
> Jul 14 22:18:09 myhost automount[12143]: mounted indirect mount on /net 
> with timeout 60, freq 15 seconds
> Jul 14 22:18:09 myhost automount[12143]: read_file_source_instance: file 
> map /etc/ldap not found
> Jul 14 22:18:09 myhost automount[12143]: lookup_init: lookup(ldap): 
> failed to get query dn
> Jul 14 22:18:09 myhost automount[12143]: mount_autofs_indirect: failed 
> to read map for /home
> Jul 14 22:18:09 myhost automount[12143]: handle_mounts: mount of /home 
> failed!
> Jul 14 22:18:09 myhost automount[12143]: master_do_mount: failed to 
> startup mount
>
> The exact same configuration works fine on the older systems running 
> autofs4.
>
> I've confirmed that everything is ok with both the primary and the 
> replica (this works for all of the autofs4 based hosts).  phpMyAdmin 
> happily browses to the replica's contents.  I can perform ldapsearch's 
> with no problems from all of the hosts.  When running automount with the 
> "-d" and "-v" flags on the autofs5 hosts, I get the above message in 
> /var/log/messages and I see the following ldap query:
> Jul 14 22:18:09 myhost slapd[5410]: conn=315 fd=9 ACCEPT from 
> IP=192.168.0.100:35494 (IP=0.0.0.0:389)
> Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=0 BIND dn="" method=128
> Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=0 RESULT tag=97 err=0 text=
> Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=1 SRCH 
> base="dc=mydomain,dc=com" scope=2 deref=0 
> filter="(&(objectClass=automountMap)(ou=auto.master))"
> Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=1 SRCH attr=1.1
> Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=1 SEARCH RESULT tag=101 
> err=0 nentries=1 text=
> Jul 14 22:18:09 myhost slapd[5410]: conn=315 op=2 UNBIND
> Jul 14 22:18:09 myhost slapd[5410]: conn=315 fd=9 closed
> Jul 14 22:18:09 myhost slapd[5410]: conn=316 fd=9 ACCEPT from 
> IP=192.168.0.100:35495 (IP=0.0.0.0:389)
> Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=0 BIND dn="" method=128
> Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=0 RESULT tag=97 err=0 text=
> Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=1 SRCH 
> base="ou=auto.master,dc=mydomain,dc=com" scope=2 deref=0 
> filter="(objectClass=automount)"
> Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=1 SRCH attr=cn 
> automountInformation
> Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=1 SEARCH RESULT tag=101 
> err=0 nentries=1 text=
> Jul 14 22:18:09 myhost slapd[5410]: conn=316 op=2 UNBIND
> Jul 14 22:18:09 myhost slapd[5410]: conn=316 fd=9 closed
> Jul 14 22:18:09 myhost slapd[5410]: conn=317 fd=9 ACCEPT from 
> IP=192.168.0.100:35496 (IP=0.0.0.0:389)
> Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=0 BIND dn="" method=128
> Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=0 RESULT tag=97 err=0 text=
> Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=1 SRCH 
> base="dc=mydomain,dc=com" scope=2 deref=0 
> filter="(&(objectClass=automountMap)(ou=ldap))"
> Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=1 SRCH attr=1.1
> Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=1 SEARCH RESULT tag=101 
> err=0 nentries=0 text=
> Jul 14 22:18:09 myhost slapd[5410]: conn=317 op=2 UNBIND
> Jul 14 22:18:09 myhost slapd[5410]: conn=317 fd=9 closed
>
> I'm at a loss.  I'm just trying to get the LDAP redundancy in place, but 
> autofs5 just doesn't seem to want to play nice.  Any pointers in the 
> right direction would be happily appreciated!
>
> -Rich
>
> _______________________________________________
> autofs mailing list
> autofs@linux.kernel.org
> http://linux.kernel.org/mailman/listinfo/autofs
>   

Re: autofs5 + ldap + ldap replication

[Ian Kent]

On Sat, 2007-07-14 at 22:26 -0400, Rich West wrote:
> We have an LDAP infrastructure where all of the automount maps 
> (auto.master and auto.home) are pulled out of LDAP.  In this instance, 
> we have two LDAP servers, one primary, and the other is a replica.  The 
> clients are all Fedora/Redhat systems.  Most of them are running 
> autofs4, and a few newer ones are running autofs5.

Version information for autofs would be good.
I looks like we're not getting all the debug info in the log, are you
sending all priorities of facility daemon to the log?

Ian

Re: autofs5 + ldap + ldap replication

[Rich West]

Ian Kent wrote:
> On Sat, 2007-07-14 at 22:26 -0400, Rich West wrote:
>   
>> We have an LDAP infrastructure where all of the automount maps 
>> (auto.master and auto.home) are pulled out of LDAP.  In this instance, 
>> we have two LDAP servers, one primary, and the other is a replica.  The 
>> clients are all Fedora/Redhat systems.  Most of them are running 
>> autofs4, and a few newer ones are running autofs5.
>>     
>
> Version information for autofs would be good.
> I looks like we're not getting all the debug info in the log, are you
> sending all priorities of facility daemon to the log?
>   

The Fedora Core 5 clients are using autofs 4.1.4, and the Fedora Core 6
clients are using 5.0.1 (RC3).

As far as logging goes, what is the log facility used for autofs?  I've
got syslog splitting apart some of the messages to separate files
(local2 is designated for named for us, with local4 designated to LDAP,
&etc).

-Rich

Re: autofs5 + ldap + ldap replication

[Rich West]

The autofs5 client doesn't seem to have a problem connecting to the
master LDAP server.  It is only having problems connecting to the
replica (and yes, I do have those settings).

As I dug in to it further, it is definitely the case where only autofs5
can't get its maps from the replica server.  All other things (password
auth, etc) work fine with the master and the replica..  Our autofs4
clients happily work with the master and/or the replica.

-Rich

>
>> Isn't it the problem of defining which attributes to use in
>> automountmap ?
>> I had this resolved (in fedora 7) by uncommenting the necessary
>> attributes in /etc/sysconfig/autofs , have you check that ?
>>
>> in /etc/sysconfig/autofs for mine autofs ldap maps I had to uncomment
>> these:
>>
>> # Other common LDAP nameing
>> #
>> MAP_OBJECT_CLASS="automountMap"
>> ENTRY_OBJECT_CLASS="automount"
>> MAP_ATTRIBUTE="ou"
>> ENTRY_ATTRIBUTE="cn"
>> VALUE_ATTRIBUTE="automountInformation"
>>
>
>

Re: autofs5 + ldap + ldap replication

[Jeff Moyer]

==> On Mon, 16 Jul 2007 14:26:48 -0400, Rich West <Rich.West@wesmo.com> said:

Rich> Ian Kent wrote:
>> On Sat, 2007-07-14 at 22:26 -0400, Rich West wrote:
>> 
>>> We have an LDAP infrastructure where all of the automount maps 
>>> (auto.master and auto.home) are pulled out of LDAP.  In this instance, 
>>> we have two LDAP servers, one primary, and the other is a replica.  The 
>>> clients are all Fedora/Redhat systems.  Most of them are running 
>>> autofs4, and a few newer ones are running autofs5.
>>> 
>> 
>> Version information for autofs would be good.
>> I looks like we're not getting all the debug info in the log, are you
>> sending all priorities of facility daemon to the log?
>> 

Rich> The Fedora Core 5 clients are using autofs 4.1.4, and the Fedora Core 6
Rich> clients are using 5.0.1 (RC3).

Rich> As far as logging goes, what is the log facility used for autofs?  I've
Rich> got syslog splitting apart some of the messages to separate files
Rich> (local2 is designated for named for us, with local4 designated to LDAP,
Rich> &etc).

Autofs uses the daemon facility.

-Jeff

Re: autofs5 + ldap + ldap replication

[Rich West]

Jeff Moyer wrote:
> ==> On Mon, 16 Jul 2007 14:26:48 -0400, Rich West <Rich.West@wesmo.com> said:
>
> Rich> Ian Kent wrote:
>   
>>> On Sat, 2007-07-14 at 22:26 -0400, Rich West wrote:
>>>
>>>       
>>>> We have an LDAP infrastructure where all of the automount maps 
>>>> (auto.master and auto.home) are pulled out of LDAP.  In this instance, 
>>>> we have two LDAP servers, one primary, and the other is a replica.  The 
>>>> clients are all Fedora/Redhat systems.  Most of them are running 
>>>> autofs4, and a few newer ones are running autofs5.
>>>>
>>>>         
>>> Version information for autofs would be good.
>>> I looks like we're not getting all the debug info in the log, are you
>>> sending all priorities of facility daemon to the log?
>>>
>>>       
>
> Rich> The Fedora Core 5 clients are using autofs 4.1.4, and the Fedora Core 6
> Rich> clients are using 5.0.1 (RC3).
>
> Rich> As far as logging goes, what is the log facility used for autofs?  I've
> Rich> got syslog splitting apart some of the messages to separate files
> Rich> (local2 is designated for named for us, with local4 designated to LDAP,
> Rich> &etc).
>
> Autofs uses the daemon facility.

Ok.. grabbed that and dropped that in to a file of its own..  Where the
heck is it getting the mapname of "ldap"?

Thanks!
-Rich



Jul 16 15:21:08 myhost automount[1852]: Starting automounter version
5.0.1-0.rc3.31, master map auto.master
Jul 16 15:21:08 myhost automount[1852]: using kernel protocol version 5.00
Jul 16 15:21:08 myhost automount[1852]: lookup_nss_read_master: reading
master files auto.master
Jul 16 15:21:08 myhost automount[1852]: parse_init: parse(sun): init
gathered global options: (null)
Jul 16 15:21:08 myhost automount[1852]: mount_init: mount(bind):
bind_works = 1 Jul 16 15:21:08 myhost automount[1852]:
lookup_read_master: lookup(file): read entry /misc
Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
lookup(file): read entry /net
Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
lookup(file): read entry +auto.master
Jul 16 15:21:08 myhost automount[1852]: lookup_nss_read_master: reading
master files auto.master
Jul 16 15:21:08 myhost automount[1852]: parse_init: parse(sun): init
gathered global options: (null)
Jul 16 15:21:08 myhost automount[1852]: lookup_nss_read_master: reading
master ldap auto.master
Jul 16 15:21:08 myhost automount[1852]: parse_server_string:
lookup(ldap): Attempting to parse LDAP information from string
"auto.master".
Jul 16 15:21:08 myhost automount[1852]: parse_server_string:
lookup(ldap): mapname auto.master
Jul 16 15:21:08 myhost automount[1852]: parse_ldap_config: ldap
authentication configured with the following options:
Jul 16 15:21:08 myhost automount[1852]: parse_ldap_config: use_tls: 0,
tls_required: 0, auth_required: 1, sasl_mech: (null)
Jul 16 15:21:08 myhost automount[1852]: parse_ldap_config: user: (null),
secret: unspecified, client principal: (null)
Jul 16 15:21:08 myhost automount[1852]: do_connect: auth_required: 1,
sasl_mech (null)
Jul 16 15:21:08 myhost automount[1852]: do_connect: lookup(ldap): ldap
anonymous bind returned 0
Jul 16 15:21:08 myhost automount[1852]: get_query_dn: lookup(ldap):
query dn ou=auto.master,dc=mydomain,dc=com
Jul 16 15:21:08 myhost automount[1852]: unbind_ldap_connection: use_tls: 0
Jul 16 15:21:08 myhost automount[1852]: parse_init: parse(sun): init
gathered global options: (null)
Jul 16 15:21:08 myhost automount[1852]: do_connect: auth_required: 1,
sasl_mech (null)
Jul 16 15:21:08 myhost automount[1852]: do_connect: lookup(ldap): ldap
anonymous bind returned 0
Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
lookup(ldap): searching for "(objectclass=automount)" under
"ou=auto.master,dc=mydomain,dc=com"
Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
lookup(ldap): examining entries
Jul 16 15:21:08 myhost automount[1852]: master_echo: .
Jul 16 15:21:08 myhost automount[1852]: master_echo: .
Jul 16 15:21:08 myhost automount[1852]: master_echo: :
Jul 16 15:21:08 myhost automount[1852]: master_echo: .
Jul 16 15:21:08 myhost automount[1852]: unbind_ldap_connection: use_tls: 0
Jul 16 15:21:08 myhost automount[1852]: master_do_mount: mounting /misc
Jul 16 15:21:08 myhost automount[1852]: lookup_nss_read_map: reading map
file /etc/auto.misc
Jul 16 15:21:08 myhost automount[1852]: parse_init: parse(sun): init
gathered global options: (null)
Jul 16 15:21:08 myhost automount[1852]: mount_init: mount(bind):
bind_works = 1
Jul 16 15:21:08 myhost automount[1852]: mounted indirect mount on /misc
with timeout 60, freq 15 seconds
Jul 16 15:21:08 myhost automount[1852]: master_do_mount: mounting /net
Jul 16 15:21:08 myhost automount[1852]: lookup_nss_read_map: reading map
hosts (null)
Jul 16 15:21:08 myhost automount[1852]: parse_init: parse(sun): init
gathered global options: (null)
Jul 16 15:21:08 myhost automount[1852]: mounted indirect mount on /net
with timeout 60, freq 15 seconds
Jul 16 15:21:08 myhost automount[1852]: master_do_mount: mounting /home
Jul 16 15:21:08 myhost automount[1852]: lookup_nss_read_map: reading map
files ldap
Jul 16 15:21:08 myhost automount[1852]: read_file_source_instance: file
map /etc/ldap not found
Jul 16 15:21:08 myhost automount[1852]: lookup_nss_read_map: reading map
ldap ldap
Jul 16 15:21:08 myhost automount[1852]: parse_server_string:
lookup(ldap): Attempting to parse LDAP information from string "ldap".
Jul 16 15:21:08 myhost automount[1852]: parse_server_string:
lookup(ldap): mapname ldap
Jul 16 15:21:08 myhost automount[1852]: parse_ldap_config: ldap
authentication configured with the following options:
Jul 16 15:21:08 myhost automount[1852]: parse_ldap_config: use_tls: 0,
tls_required: 0, auth_required: 1, sasl_mech: (null)
Jul 16 15:21:08 myhost automount[1852]: parse_ldap_config: user: (null),
secret: unspecified, client principal: (null)
Jul 16 15:21:08 myhost automount[1852]: do_connect: auth_required: 1,
sasl_mech (null)
Jul 16 15:21:08 myhost automount[1852]: do_connect: lookup(ldap): ldap
anonymous bind returned 0
Jul 16 15:21:08 myhost automount[1852]: get_query_dn: lookup(ldap):
query succeeded, no matches for (&(objectclass=automountMap)(ou=ldap))
Jul 16 15:21:08 myhost automount[1852]: unbind_ldap_connection: use_tls: 0
Jul 16 15:21:08 myhost automount[1852]: lookup_init: lookup(ldap):
failed to get query dn
Jul 16 15:21:08 myhost automount[1852]: do_read_map: lookup module ldap
failed
Jul 16 15:21:08 myhost automount[1852]: mount_autofs_indirect: failed to
read map for /home
Jul 16 15:21:08 myhost automount[1852]: handle_mounts: mount of /home
failed!
Jul 16 15:21:08 myhost automount[1852]: master_do_mount: failed to
startup mount
Jul 16 15:21:24 myhost automount[1852]: st_expire: state 1 path /net
Jul 16 15:21:24 myhost automount[1852]: expire_proc: exp_proc =
1077037376 path /net
Jul 16 15:21:24 myhost automount[1852]: expire_cleanup: got thid
1077037376 path /net stat 0
Jul 16 15:21:24 myhost automount[1852]: expire_cleanup: sigchld: exp
1077037376 finished, switching from 2 to 1
Jul 16 15:21:24 myhost automount[1852]: st_ready: st_ready(): state = 2
path /net
Jul 16 15:21:36 myhost automount[1852]: st_expire: state 1 path /misc
Jul 16 15:21:36 myhost automount[1852]: expire_proc: exp_proc =
1077037376 path /misc
Jul 16 15:21:36 myhost automount[1852]: expire_cleanup: got thid
1077037376 path /misc stat 0
Jul 16 15:21:36 myhost automount[1852]: expire_cleanup: sigchld: exp
1077037376 finished, switching from 2 to 1
Jul 16 15:21:36 myhost automount[1852]: st_ready: st_ready(): state = 2
path /misc
Jul 16 15:21:39 myhost automount[1852]: st_expire: state 1 path /net
Jul 16 15:21:39 myhost automount[1852]: expire_proc: exp_proc =
1077037376 path /net
Jul 16 15:21:39 myhost automount[1852]: expire_cleanup: got thid
1077037376 path /net stat 0
Jul 16 15:21:39 myhost automount[1852]: expire_cleanup: sigchld: exp
1077037376 finished, switching from 2 to 1
Jul 16 15:21:39 myhost automount[1852]: st_ready: st_ready(): state = 2
path /net
Jul 16 15:21:40 myhost automount[1852]: do_notify_state: signal 15
Jul 16 15:21:40 myhost automount[1852]: master_notify_state_change: sig
15 switching /misc from 1 to 5
Jul 16 15:21:40 myhost automount[1852]: st_prepare_shutdown: state 1
path /misc
Jul 16 15:21:40 myhost automount[1852]: expire_proc: exp_proc =
1078090048 path /misc
Jul 16 15:21:40 myhost automount[1852]: expire_cleanup: got thid
1078090048 path /misc stat 0
Jul 16 15:21:40 myhost automount[1852]: expire_cleanup: sigchld: exp
1078090048 finished, switching from 5 to 7
Jul 16 15:21:40 myhost automount[1852]: umount_multi: path /misc incl 0
Jul 16 15:21:40 myhost automount[1852]: master_notify_state_change: sig
15 switching /net from 1 to 5
Jul 16 15:21:40 myhost automount[1852]: st_prepare_shutdown: state 1
path /net
Jul 16 15:21:40 myhost automount[1852]: expire_proc: exp_proc =
1078090048 path /net
Jul 16 15:21:40 myhost automount[1852]: expire_cleanup: got thid
1078090048 path /net stat 0
Jul 16 15:21:40 myhost automount[1852]: expire_cleanup: sigchld: exp
1078090048 finished, switching from 5 to 7
Jul 16 15:21:40 myhost automount[1852]: umount_multi: path /net incl 0
Jul 16 15:21:40 myhost automount[1852]: umounted indirect mount /misc
Jul 16 15:21:40 myhost automount[1852]: umounted indirect mount /net
Jul 16 15:21:40 myhost automount[1852]: shut down path /misc
Jul 16 15:21:40 myhost automount[1852]: shut down path /net

Re: autofs5 + ldap + ldap replication

[Ian Kent]

On Mon, 2007-07-16 at 15:54 -0400, Rich West wrote:
> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
> lookup(ldap): searching for "(objectclass=automount)" under
> "ou=auto.master,dc=mydomain,dc=com"
> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
> lookup(ldap): examining entries
> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> Jul 16 15:21:08 myhost automount[1852]: master_echo: :
> Jul 16 15:21:08 myhost automount[1852]: master_echo: .

This is a parse error that's not being handled.
What autofs is getting from the LDAP server can't be the same as what
it's getting from the master if the master is working.

Can you give us an example of the output from an LDAP search to both the
servers please.

Ian

Re: autofs5 + ldap + ldap replication

[Rich West]

Ian Kent wrote:
> On Mon, 2007-07-16 at 15:54 -0400, Rich West wrote:
>   
>> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
>> lookup(ldap): searching for "(objectclass=automount)" under
>> "ou=auto.master,dc=mydomain,dc=com"
>> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
>> lookup(ldap): examining entries
>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
>> Jul 16 15:21:08 myhost automount[1852]: master_echo: :
>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
>>     
>
> This is a parse error that's not being handled.
> What autofs is getting from the LDAP server can't be the same as what
> it's getting from the master if the master is working.
>
> Can you give us an example of the output from an LDAP search to both the
> servers please.


Sorry for the long delay.. I missed this one.

Both servers are running the same version of openldap.  You have the
output from the bad search.  I turned up logging and reloaded autofs on
the master server and got the following (was that what you were looking
for?):

Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=0 BIND dn=""
method=128
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=0 RESULT tag=97
err=0 text=
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=1 SRCH
base="ou=auto.home,dc=mydomain,dc=com" scope=2 deref=0
filter="(&(objectClass=nisObject)(cn=testmount))"
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=1 SRCH attr=cn
nisMapEntry
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=1 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=2 UNBIND
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 fd=44 closed
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 fd=44 ACCEPT from
IP=10.0.0.10:36741 (IP=0.0.0.0:389)
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=0 BIND dn=""
method=128
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=0 RESULT tag=97
err=0 text=
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=1 SRCH
base="ou=auto.home,dc=mydomain,dc=com" scope=2 deref=0
filter="(&(objectClass=automount)(cn=testmount))"
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=1 SRCH attr=cn
automountInformation
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=2 UNBIND
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 fd=44 closed
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 fd=44 ACCEPT from
IP=10.0.0.10:36742 (IP=0.0.0.0:389)
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=0 BIND dn=""
method=128
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=0 RESULT tag=97
err=0 text=
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=1 SRCH
base="ou=auto.home,dc=mydomain,dc=com" scope=2 deref=0
filter="(&(objectClass=automount)(?=undefined))"
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=1 SRCH
attr=automountKey automountInformation
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=1 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=2 UNBIND
Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 fd=44 closed

-Rich

Re: autofs5 + ldap + ldap replication

[Ian Kent]

On Mon, 2007-07-23 at 12:37 -0400, Rich West wrote:
> Ian Kent wrote:
> > On Mon, 2007-07-16 at 15:54 -0400, Rich West wrote:
> >   
> >> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
> >> lookup(ldap): searching for "(objectclass=automount)" under
> >> "ou=auto.master,dc=mydomain,dc=com"
> >> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
> >> lookup(ldap): examining entries
> >> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> >> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> >> Jul 16 15:21:08 myhost automount[1852]: master_echo: :
> >> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> >>     
> >
> > This is a parse error that's not being handled.
> > What autofs is getting from the LDAP server can't be the same as what
> > it's getting from the master if the master is working.
> >
> > Can you give us an example of the output from an LDAP search to both the
> > servers please.
> 
> 
> Sorry for the long delay.. I missed this one.
> 
> Both servers are running the same version of openldap.  You have the
> output from the bad search.  I turned up logging and reloaded autofs on
> the master server and got the following (was that what you were looking
> for?):

I was hoping to get the output from an ldapsearch for one of the maps
from both servers.

> 
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=0 BIND dn=""
> method=128
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=0 RESULT tag=97
> err=0 text=
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=1 SRCH
> base="ou=auto.home,dc=mydomain,dc=com" scope=2 deref=0
> filter="(&(objectClass=nisObject)(cn=testmount))"
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=1 SRCH attr=cn
> nisMapEntry
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=1 SEARCH RESULT
> tag=101 err=0 nentries=0 text=
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 op=2 UNBIND
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57194 fd=44 closed
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 fd=44 ACCEPT from
> IP=10.0.0.10:36741 (IP=0.0.0.0:389)
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=0 BIND dn=""
> method=128
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=0 RESULT tag=97
> err=0 text=
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=1 SRCH
> base="ou=auto.home,dc=mydomain,dc=com" scope=2 deref=0
> filter="(&(objectClass=automount)(cn=testmount))"
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=1 SRCH attr=cn
> automountInformation
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=1 SEARCH RESULT
> tag=101 err=0 nentries=1 text=
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 op=2 UNBIND
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57195 fd=44 closed
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 fd=44 ACCEPT from
> IP=10.0.0.10:36742 (IP=0.0.0.0:389)
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=0 BIND dn=""
> method=128
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=0 RESULT tag=97
> err=0 text=
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=1 SRCH
> base="ou=auto.home,dc=mydomain,dc=com" scope=2 deref=0
> filter="(&(objectClass=automount)(?=undefined))"
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=1 SRCH
> attr=automountKey automountInformation
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=1 SEARCH RESULT
> tag=101 err=0 nentries=0 text=
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 op=2 UNBIND
> Jul 23 12:34:35 mymasterhost slapd[9859]: conn=57196 fd=44 closed

This doesn't really say much at all except that a couple of queries were
done.

Ian

Re: autofs5 + ldap + ldap replication

[Ian Kent]

On Tue, 2007-07-24 at 11:48 +0800, Ian Kent wrote:
> On Mon, 2007-07-23 at 12:37 -0400, Rich West wrote:
> > Ian Kent wrote:
> > > On Mon, 2007-07-16 at 15:54 -0400, Rich West wrote:
> > >   
> > >> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
> > >> lookup(ldap): searching for "(objectclass=automount)" under
> > >> "ou=auto.master,dc=mydomain,dc=com"
> > >> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
> > >> lookup(ldap): examining entries
> > >> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> > >> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> > >> Jul 16 15:21:08 myhost automount[1852]: master_echo: :
> > >> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> > >>     
> > >
> > > This is a parse error that's not being handled.
> > > What autofs is getting from the LDAP server can't be the same as what
> > > it's getting from the master if the master is working.
> > >
> > > Can you give us an example of the output from an LDAP search to both the
> > > servers please.
> > 
> > 
> > Sorry for the long delay.. I missed this one.
> > 
> > Both servers are running the same version of openldap.  You have the
> > output from the bad search.  I turned up logging and reloaded autofs on
> > the master server and got the following (was that what you were looking
> > for?):
> 
> I was hoping to get the output from an ldapsearch for one of the maps
> from both servers.

Actually, the parse fail happened for the master map.
How about an ldapsearch for that on bothe servers.

Ian

Re: autofs5 + ldap + ldap replication

[Rich West]

Ian Kent wrote:
> On Tue, 2007-07-24 at 11:48 +0800, Ian Kent wrote:
>   
>> On Mon, 2007-07-23 at 12:37 -0400, Rich West wrote:
>>     
>>> Ian Kent wrote:
>>>       
>>>> On Mon, 2007-07-16 at 15:54 -0400, Rich West wrote:
>>>>   
>>>>         
>>>>> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
>>>>> lookup(ldap): searching for "(objectclass=automount)" under
>>>>> "ou=auto.master,dc=mydomain,dc=com"
>>>>> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
>>>>> lookup(ldap): examining entries
>>>>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
>>>>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
>>>>> Jul 16 15:21:08 myhost automount[1852]: master_echo: :
>>>>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
>>>>>     
>>>>>           
>>>> This is a parse error that's not being handled.
>>>> What autofs is getting from the LDAP server can't be the same as what
>>>> it's getting from the master if the master is working.
>>>>
>>>> Can you give us an example of the output from an LDAP search to both the
>>>> servers please.
>>>>         
>>> Sorry for the long delay.. I missed this one.
>>>
>>> Both servers are running the same version of openldap.  You have the
>>> output from the bad search.  I turned up logging and reloaded autofs on
>>> the master server and got the following (was that what you were looking
>>> for?):
>>>       
>> I was hoping to get the output from an ldapsearch for one of the maps
>> from both servers.
>>     
>
> Actually, the parse fail happened for the master map.
> How about an ldapsearch for that on bothe servers.

Ok.. Sorry about that, too.

master#> ldapsearch -x -b ou=auto.master,dc=mydomain,dc=com
'(objectclass=automount)' -LLL -h localhost
dn: cn=/home,ou=auto.master,dc=wesmo,dc=com
objectClass: automount
cn: /home
automountInformation: ldap:ldap.wesmo.com:ou=auto.home,dc=wesmo,dc=com


replica#> ldapsearch -x -b ou=auto.master,dc=mydomain,dc=com
'(objectclass=automount)' -LLL -h localhost
dn: cn=/home,ou=auto.master,dc=mydomain,dc=com
objectClass: automount
cn: /home
automountInformation: ldap ldap.mydomain.com:ou=auto.home,dc=mydomain,dc=com

I just noticed that the replica is returning "ldap ldap.mydomain.com"
which is missing the colon between "ldap" and "ldap.mydomain.com". 
That's odd.  When I look at things from phpldapadmin, the entries look
exactly the same on both machines.  The master server is a Fedora Core 5
box, and the replica is a Fedora Core 6 box.

-Rich

Re: autofs5 + ldap + ldap replication

[Rich West]

>
> Ian Kent wrote:
> > On Tue, 2007-07-24 at 11:48 +0800, Ian Kent wrote:
> >   
> >> On Mon, 2007-07-23 at 12:37 -0400, Rich West wrote:
> >>     
> >>> Ian Kent wrote:
> >>>       
> >>>> On Mon, 2007-07-16 at 15:54 -0400, Rich West wrote:
> >>>>   
> >>>>         
> >>>>> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
> >>>>> lookup(ldap): searching for "(objectclass=automount)" under
> >>>>> "ou=auto.master,dc=mydomain,dc=com"
> >>>>> Jul 16 15:21:08 myhost automount[1852]: lookup_read_master:
> >>>>> lookup(ldap): examining entries
> >>>>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> >>>>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> >>>>> Jul 16 15:21:08 myhost automount[1852]: master_echo: :
> >>>>> Jul 16 15:21:08 myhost automount[1852]: master_echo: .
> >>>>>     
> >>>>>           
> >>>> This is a parse error that's not being handled.
> >>>> What autofs is getting from the LDAP server can't be the same as what
> >>>> it's getting from the master if the master is working.
> >>>>
> >>>> Can you give us an example of the output from an LDAP search to both the
> >>>> servers please.
> >>>>         
> >>> Sorry for the long delay.. I missed this one.
> >>>
> >>> Both servers are running the same version of openldap.  You have the
> >>> output from the bad search.  I turned up logging and reloaded autofs on
> >>> the master server and got the following (was that what you were looking
> >>> for?):
> >>>       
> >> I was hoping to get the output from an ldapsearch for one of the maps
> >> from both servers.
> >>     
> >
> > Actually, the parse fail happened for the master map.
> > How about an ldapsearch for that on bothe servers.
>
> Ok.. Sorry about that, too.
>
> master#> ldapsearch -x -b ou=auto.master,dc=mydomain,dc=com
> '(objectclass=automount)' -LLL -h localhost
> dn: cn=/home,ou=auto.master,dc=mydomain,dc=com
> objectClass: automount
> cn: /home
> automountInformation: ldap:ldap.mydomain.com:ou=auto.home,dc=mydomain,dc=com
>
>
> replica#> ldapsearch -x -b ou=auto.master,dc=mydomain,dc=com
> '(objectclass=automount)' -LLL -h localhost
> dn: cn=/home,ou=auto.master,dc=mydomain,dc=com
> objectClass: automount
> cn: /home
> automountInformation: ldap ldap.mydomain.com:ou=auto.home,dc=mydomain,dc=com
>
> I just noticed that the replica is returning "ldap ldap.mydomain.com"
> which is missing the colon between "ldap" and "ldap.mydomain.com". 
> That's odd.  When I look at things from phpldapadmin, the entries look
> exactly the same on both machines.  The master server is a Fedora Core 5
> box, and the replica is a Fedora Core 6 box.

After some tinkering I did finally figure things out.  It had to do with 
the automountInformation field.

In the LDAP database, I had:
automountInformation: ldap:ldap.mydomain.com:ou=auto.home,dc=mydomain,dc=com

I found (on an obscure posting elsewhere) that I could get it to work 
via this entry:
automountInformation: ldap:ou=auto.home,dc=mydomain,dc=com

Basically, I eliminated the LDAP server from the entry.  I'm going to 
hazard a guess, but, since autofs sees that it is an ldap entry, it just 
uses the system's bindings in order to resolve the ou...  Anyhow, it 
works like a champ on FC5, FC6, and FC7.

-Rich

Re: autofs5 + ldap + ldap replication

[Jim Summers]

Rich West wrote:
>> Ian Kent wrote:
>>> On Tue, 2007-07-24 at 11:48 +0800, Ian Kent wrote:
>>>   
> After some tinkering I did finally figure things out.  It had to do with 
> the automountInformation field.
> 
> In the LDAP database, I had:
> automountInformation: ldap:ldap.mydomain.com:ou=auto.home,dc=mydomain,dc=com
> 
> I found (on an obscure posting elsewhere) that I could get it to work 
> via this entry:
> automountInformation: ldap:ou=auto.home,dc=mydomain,dc=com
> 
> Basically, I eliminated the LDAP server from the entry.  I'm going to 
> hazard a guess, but, since autofs sees that it is an ldap entry, it just 
> uses the system's bindings in order to resolve the ou...  Anyhow, it 
> works like a champ on FC5, FC6, and FC7.

Hi Rich,

Where are you setting the ldap server?  I have my ldap config in 
/etc/ldap.conf.  when  i start autofs with the following map in /etc/auto.master:

/home   ldap:ou=auto.home,dc=it,dc=ou,dc=edu

i see the following in my debug file:

Aug  7 08:58:35 leech automount[11991]: master_do_mount: mounting /home
Aug  7 08:58:35 leech automount[11991]: lookup_nss_read_map: reading map ldap 
ou=auto.home,dc=it,dc=ou,dc=edu
Aug  7 08:58:35 leech automount[11991]: parse_server_string: lookup(ldap): 
Attempting to parse LDAP information from string 
"ou=auto.home,dc=it,dc=ou,dc=edu".
Aug  7 08:58:35 leech automount[11991]: parse_server_string: lookup(ldap): 
server "(default)", base dn "ou=auto.home,dc=it,dc=ou,dc=edu"

.....

Aug  7 09:24:34 leech automount[3283]: lookup_init: lookup(ldap): cannot 
connect to server

not sure where to specify default server.  in this case, for replication, i 
guess a list of servers.  in ldap.conf i have:

uri ldaps://serve0 ldaps://serve1

so i am not sure that autofs will handle the ssl connections.

this would be really useful to get working so that the mounts have some 
failover potential.

ideas / suggestions?

tia


> 
> -Rich
> 
> _______________________________________________
> autofs mailing list
> autofs@linux.kernel.org
> http://linux.kernel.org/mailman/listinfo/autofs

-- 
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------

Re: autofs5 + ldap + ldap replication

[Rich West]

Jim Summers wrote:
> Rich West wrote:
>   
>>> Ian Kent wrote:
>>>       
>>>> On Tue, 2007-07-24 at 11:48 +0800, Ian Kent wrote:
>>>>   
>>>>         
>> After some tinkering I did finally figure things out.  It had to do with 
>> the automountInformation field.
>>
>> In the LDAP database, I had:
>> automountInformation: ldap:ldap.mydomain.com:ou=auto.home,dc=mydomain,dc=com
>>
>> I found (on an obscure posting elsewhere) that I could get it to work 
>> via this entry:
>> automountInformation: ldap:ou=auto.home,dc=mydomain,dc=com
>>
>> Basically, I eliminated the LDAP server from the entry.  I'm going to 
>> hazard a guess, but, since autofs sees that it is an ldap entry, it just 
>> uses the system's bindings in order to resolve the ou...  Anyhow, it 
>> works like a champ on FC5, FC6, and FC7.
>>     
>
> Hi Rich,
>
> Where are you setting the ldap server?  I have my ldap config in 
> /etc/ldap.conf.  when  i start autofs with the following map in /etc/auto.master:
>
> /home   ldap:ou=auto.home,dc=it,dc=ou,dc=edu
>
> i see the following in my debug file:
>
> Aug  7 08:58:35 leech automount[11991]: master_do_mount: mounting /home
> Aug  7 08:58:35 leech automount[11991]: lookup_nss_read_map: reading map ldap 
> ou=auto.home,dc=it,dc=ou,dc=edu
> Aug  7 08:58:35 leech automount[11991]: parse_server_string: lookup(ldap): 
> Attempting to parse LDAP information from string 
> "ou=auto.home,dc=it,dc=ou,dc=edu".
> Aug  7 08:58:35 leech automount[11991]: parse_server_string: lookup(ldap): 
> server "(default)", base dn "ou=auto.home,dc=it,dc=ou,dc=edu"
>
> .....
>
> Aug  7 09:24:34 leech automount[3283]: lookup_init: lookup(ldap): cannot 
> connect to server
>
> not sure where to specify default server.  in this case, for replication, i 
> guess a list of servers.  in ldap.conf i have:
>
> uri ldaps://serve0 ldaps://serve1
>
> so i am not sure that autofs will handle the ssl connections.
>
> this would be really useful to get working so that the mounts have some 
> failover potential.
>
> ideas / suggestions?
>
> tia
>
>
>   

I have it in both /etc/ldap.conf and /etc/openldap/ldap.conf, and the
format is the same:
uri <type>://host:port/
For example:
uri ldap://ldap1.mydomain.com:389/ ldap://ldap2.mydomain.com:389/

The only difference I have between the two files is that uri is
capitalized in /etc/openldap/ldap.conf.  I am not sure if there is any
case sensitivity here, but the default file had it capitalized and I
just didn't take the chance. :)

Autofs (along with most of the clients) uses /etc/openldap/ldap.conf. 
/etc/ldap.conf is primarily used by the nss_ldap/pam_ldap for user
authentication.

The only thing I have not yet adjusted is the 'failover period' that you
referred to.  I don't know what would be a good value for the amount of
time to allow before failing over to the replica, and I don't yet know
where that value in order to adjust it.  It's not an autofs
configuration option from what I can tell...

-Rich

Re: autofs5 + ldap + ldap replication

[Jim Summers]

Rich West wrote:
> Jim Summers wrote:
>> Rich West wrote:
>>   
>>>> Ian Kent wrote:
>>>>       
>>>>> On Tue, 2007-07-24 at 11:48 +0800, Ian Kent wrote:
>>>>>   
>>>>>         
>>> After some tinkering I did finally figure things out.  It had to do with 
>>> the automountInformation field.
>>>
>>> In the LDAP database, I had:
>>> automountInformation: ldap:ldap.mydomain.com:ou=auto.home,dc=mydomain,dc=com
>>>
>>> I found (on an obscure posting elsewhere) that I could get it to work 
>>> via this entry:
>>> automountInformation: ldap:ou=auto.home,dc=mydomain,dc=com
>>>
>>> Basically, I eliminated the LDAP server from the entry.  I'm going to 
>>> hazard a guess, but, since autofs sees that it is an ldap entry, it just 
>>> uses the system's bindings in order to resolve the ou...  Anyhow, it 
>>> works like a champ on FC5, FC6, and FC7.
>>>     
>> Hi Rich,
>>
>> Where are you setting the ldap server?  I have my ldap config in 
>> /etc/ldap.conf.  when  i start autofs with the following map in /etc/auto.master:
>>
>> /home   ldap:ou=auto.home,dc=it,dc=ou,dc=edu
>>
>> i see the following in my debug file:
>>
>> Aug  7 08:58:35 leech automount[11991]: master_do_mount: mounting /home
>> Aug  7 08:58:35 leech automount[11991]: lookup_nss_read_map: reading map ldap 
>> ou=auto.home,dc=it,dc=ou,dc=edu
>> Aug  7 08:58:35 leech automount[11991]: parse_server_string: lookup(ldap): 
>> Attempting to parse LDAP information from string 
>> "ou=auto.home,dc=it,dc=ou,dc=edu".
>> Aug  7 08:58:35 leech automount[11991]: parse_server_string: lookup(ldap): 
>> server "(default)", base dn "ou=auto.home,dc=it,dc=ou,dc=edu"
>>
>> .....
>>
>> Aug  7 09:24:34 leech automount[3283]: lookup_init: lookup(ldap): cannot 
>> connect to server
>>
>> not sure where to specify default server.  in this case, for replication, i 
>> guess a list of servers.  in ldap.conf i have:
>>
>> uri ldaps://serve0 ldaps://serve1
>>
>> so i am not sure that autofs will handle the ssl connections.
>>
>> this would be really useful to get working so that the mounts have some 
>> failover potential.
>>
>> ideas / suggestions?
>>
>> tia
>>
>>
>>   
> 
> I have it in both /etc/ldap.conf and /etc/openldap/ldap.conf, and the
> format is the same:
> uri <type>://host:port/
> For example:
> uri ldap://ldap1.mydomain.com:389/ ldap://ldap2.mydomain.com:389/
> 
> The only difference I have between the two files is that uri is
> capitalized in /etc/openldap/ldap.conf.  I am not sure if there is any
> case sensitivity here, but the default file had it capitalized and I
> just didn't take the chance. :)
> 
> Autofs (along with most of the clients) uses /etc/openldap/ldap.conf. 
> /etc/ldap.conf is primarily used by the nss_ldap/pam_ldap for user
> authentication.
> 
> The only thing I have not yet adjusted is the 'failover period' that you
> referred to.  I don't know what would be a good value for the amount of
> time to allow before failing over to the replica, and I don't yet know
> where that value in order to adjust it.  It's not an autofs
> configuration option from what I can tell...

That worked.  I have been symlinking the /etc/ to /etc/openldap.  I broke the 
link and then created a separate file in /etc/openldap and all is well now.  I 
have seen timelimit and idle_timelimit but neither seem appropriate for an 
adjustment to the bind timeout.  I'll post if i come across anything.

thanks again.

> 
> -Rich

-- 
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------

Re: autofs5 + ldap + ldap replication

[Ian Kent]

On Tue, 2007-08-07 at 11:52 -0500, Jim Summers wrote:
> Rich West wrote:
> > Jim Summers wrote:
> > 
> > I have it in both /etc/ldap.conf and /etc/openldap/ldap.conf, and the
> > format is the same:
> > uri <type>://host:port/
> > For example:
> > uri ldap://ldap1.mydomain.com:389/ ldap://ldap2.mydomain.com:389/

btw, /etc/ldap.conf is used by nss_ldap which openldap and autofs don't
use.

/etc/openldap/ldap.conf is the one used by the openldap tools and the
ldap libraries and so is the place to list the servers.

Ian