basedn in /etc/sysconfig/autofs

basedn in /etc/sysconfig/autofs

[wengang wang]

Hi,
A custom complained that:
//<==
In RHEL4 it was possible to set a "basedn" variable in the
/etc/sysconfig/autofs file which served as a basedn for LDAP lookups
performed by the automounter.

However, this has been removed in RHEL5.
//<==
It is true that setting it in /etc/openldap/ldap.conf is an alternative, 
the custom doesn't want do as that because /etc/openldap/ldap.conf is 
automatically edited by the redhat config tools authconfig and 
system-config-authentication.
So I want to know for what the basedn is removed from 
/etc/sysconfig/autofs.  I checked all the change logs and readmes in 
autofs-5.0.1, but didn't find basedn metioned.

thanks,
wengang.

Re: basedn in /etc/sysconfig/autofs

[Ian Kent]

On Wed, 2007-09-05 at 10:15 +0800, wengang wang wrote:
> Hi,
> A custom complained that:
> //<==
> In RHEL4 it was possible to set a "basedn" variable in the
> /etc/sysconfig/autofs file which served as a basedn for LDAP lookups
> performed by the automounter.
> 
> However, this has been removed in RHEL5.
> //<==
> It is true that setting it in /etc/openldap/ldap.conf is an alternative, 

No.

> the custom doesn't want do as that because /etc/openldap/ldap.conf is 
> automatically edited by the redhat config tools authconfig and 
> system-config-authentication.
> So I want to know for what the basedn is removed from 
> /etc/sysconfig/autofs.  I checked all the change logs and readmes in 
> autofs-5.0.1, but didn't find basedn metioned.

In version 5 the base dn is calculated, depending on how you specify the
map.

Describe the problem and I'll try and give a sensible answer.

Ian

Re: basedn in /etc/sysconfig/autofs

[Simon Gao]

Ian Kent wrote:
> On Wed, 2007-09-05 at 10:15 +0800, wengang wang wrote:
>   
>> Hi,
>> A custom complained that:
>> //<==
>> In RHEL4 it was possible to set a "basedn" variable in the
>> /etc/sysconfig/autofs file which served as a basedn for LDAP lookups
>> performed by the automounter.
>>
>> However, this has been removed in RHEL5.
>> //<==
>> It is true that setting it in /etc/openldap/ldap.conf is an alternative, 
>>     
>
> No.
>
>   
>> the custom doesn't want do as that because /etc/openldap/ldap.conf is 
>> automatically edited by the redhat config tools authconfig and 
>> system-config-authentication.
>> So I want to know for what the basedn is removed from 
>> /etc/sysconfig/autofs.  I checked all the change logs and readmes in 
>> autofs-5.0.1, but didn't find basedn metioned.
>>     
>
> In version 5 the base dn is calculated, depending on how you specify the
> map.
>
> Describe the problem and I'll try and give a sensible answer.
>
> Ian
>   
I also have a related question about basedn in /etc/sysconfig/autofs.

You can put in root level basedn like "dc=example,dc=com", or more lower
level like "ou=autofs,ou=services,dc=example,dc=com". Would later case
help the search by being more specific and therefore getting autofs map
lot quicker? Or it makes not significant difference?

Simon

Re: basedn in /etc/sysconfig/autofs

[Wolfe, Allan]

Multiple search paths would be beneficial as well for service search
descriptor support.   e.g.:
"ou=autofs,ou=services,dc=example,dc=com:ou=autofs_group1,ou=services,dc
=example,dc=com"

-----Original Message-----
From: autofs-bounces@linux.kernel.org
[mailto:autofs-bounces@linux.kernel.org] On Behalf Of Simon Gao
Sent: Wednesday, September 05, 2007 12:44 PM
To: Ian Kent
Cc: autofs@linux.kernel.org
Subject: Re: [autofs] basedn in /etc/sysconfig/autofs

Ian Kent wrote:
> On Wed, 2007-09-05 at 10:15 +0800, wengang wang wrote:
>   
>> Hi,
>> A custom complained that:
>> //<==
>> In RHEL4 it was possible to set a "basedn" variable in the 
>> /etc/sysconfig/autofs file which served as a basedn for LDAP lookups 
>> performed by the automounter.
>>
>> However, this has been removed in RHEL5.
>> //<==
>> It is true that setting it in /etc/openldap/ldap.conf is an 
>> alternative,
>>     
>
> No.
>
>   
>> the custom doesn't want do as that because /etc/openldap/ldap.conf is

>> automatically edited by the redhat config tools authconfig and 
>> system-config-authentication.
>> So I want to know for what the basedn is removed from 
>> /etc/sysconfig/autofs.  I checked all the change logs and readmes in 
>> autofs-5.0.1, but didn't find basedn metioned.
>>     
>
> In version 5 the base dn is calculated, depending on how you specify 
> the map.
>
> Describe the problem and I'll try and give a sensible answer.
>
> Ian
>   
I also have a related question about basedn in /etc/sysconfig/autofs.

You can put in root level basedn like "dc=example,dc=com", or more lower
level like "ou=autofs,ou=services,dc=example,dc=com". Would later case
help the search by being more specific and therefore getting autofs map
lot quicker? Or it makes not significant difference?

Simon

_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs
-----------------------------------------

Anadarko Confidentiality Notice:  
This electronic transmission and any attached documents or other
writings are intended only for the person or entity to which it is
addressed and may contain information that is privileged,
confidential or otherwise protected from disclosure.  If you have
received this communication in error, please immediately notify
sender by return e-mail and destroy the communication. Any
disclosure, copying, distribution or the taking of any action
concerning the contents of this communication or any attachments by
anyone other than the named recipient is strictly prohibited.

Re: basedn in /etc/sysconfig/autofs

[wengang wang]

[-- Attachment #1.1: Type: text/plain, Size: 10102 bytes --]

Hi Ian,

here is the exchangings:

**** PLAKDAWA 
<https://bug.oraclecorp.com/pls/bug/WEBBUG_EDIT.User_Profile?p_username=PLAKDAWA> 
<mailto:porus.lakdawala@oracle.com?subject=Bug%23%206315017%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP&body=Bug%23%20%3Ca%20href=http://bug.us.oracle.com/pls/bug/webbug_print.show?c_rptno=6315017%3E6315017%3C/a%3E%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP> 
07/31/07 04:41 pm ****
In RHEL4 it was possible to set a "basedn" variable in the
/etc/sysconfig/autofs file which served as a basedn for LDAP lookups
performed by the automounter.

However, this has been removed in RHEL5.

This functionality is critical for us because we separate automounter 
maps by
region, but look up accounts and groups in the entire directory. So 
different
basedn are required for each of these lookups.

Can this functonality please be restored?

Thank you.
****** BBARBE 
<https://bug.oraclecorp.com/pls/bug/WEBBUG_EDIT.User_Profile?p_username=BBARBE> 
<mailto:bert.barbe@oracle.com?subject=Bug%23%206315017%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP&body=Bug%23%20%3Ca%20href=http://bug.us.oracle.com/pls/bug/webbug_print.show?c_rptno=6315017%3E6315017%3C/a%3E%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP> 
08/01/07 03:58 am ****
/@ BASEDN was introduced in the following errata /
/@ http://rhn.redhat.com/errata/RHBA-2006-0464.html/
/@ It is present in Update 4 and up/
****** PLAKDAWA 
<https://bug.oraclecorp.com/pls/bug/WEBBUG_EDIT.User_Profile?p_username=PLAKDAWA> 
<mailto:porus.lakdawala@oracle.com?subject=Bug%23%206315017%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP&body=Bug%23%20%3Ca%20href=http://bug.us.oracle.com/pls/bug/webbug_print.show?c_rptno=6315017%3E6315017%3C/a%3E%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP> 
08/13/07 10:47 am ****
We set the autofs basedn using /etc/sysconfig/autofs.

We do not use /etc/openldap/ldap.conf because this file is automatically
edited by the redhat config tools authconfig and
system-config-authentication. These tools setup identical basedn entries 
for
the two files /etc/ldap.conf and /etc/openldap/ldap.conf.

The /etc/sysconfig/autofs settings for us in RHEL AS4 are as follows:

[porus@rattlebag ~]$ cat /etc/sysconfig/autofs
# Define custom options in /etc/sysconfig/autofs
# Use LOCALOPTIONS for defining variables, e.g. OSREL
# Use DAEMONOPTIONS to define the unmount timeout
# Define UNDERSCORETODOT as 1 to convert
#     auto_home to auto.home and auto_mnt to auto.mnt
# Mount options, e.g. rsize=8192, should go in auto.master or
#     the auto_* map entry for a specific mount point
#
LOCALOPTIONS=""
DAEMONOPTIONS="--timeout=60"
LDAPAUTOMASTER=""
#  UNDERSCORETODOT changes auto_home to auto.home and auto_mnt to auto.mnt
UNDERSCORETODOT=1
DISABLE_DIRECT=1
# Only source one master map if set to 1.  This would mimic Sun behaviour.
# The default is 0 to maintain backwards compatibility.
ONE_AUTO_MASTER=0
# List of directories to be ghosted, separated by white space.
GHOSTDIRS=""
# Base DN to use when searching for the master map
BASEDN=ou=sc,ou=ca,ou=na,dc=hyperion,dc=com

****** PLAKDAWA 
<https://bug.oraclecorp.com/pls/bug/WEBBUG_EDIT.User_Profile?p_username=PLAKDAWA> 
<mailto:porus.lakdawala@oracle.com?subject=Bug%23%206315017%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP&body=Bug%23%20%3Ca%20href=http://bug.us.oracle.com/pls/bug/webbug_print.show?c_rptno=6315017%3E6315017%3C/a%3E%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP> 
08/14/07 02:06 pm ****
Just to give you a little more information: Our automount schema is 
based on
the "automountmapname", "automountkey" and "automountinformation" 
attributes.
This works properly with the relevant settings in the /etc/sysconfig/autofs
file on RHEL5 if the basedn is set manually in the /etc/openldap/ldap.conf
file. However, since the openldap/ldap.conf file can be used by other
applications, we don't want our automounter's basedn to depend on this.

The LDAP attributes of the automount maps are as shown below:

[porus@rattlebag ~]$ ldapsearch -LLL -x -b
"ou=sc,ou=ca,ou=na,dc=hyperion,dc=com" "automountmapname=auto_nfshome"
dn: automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto_nfshome
 
[porus@rattlebag ~]$ ldapsearch -LLL -x -b
"automountmapname=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com"
"automountkey=plakdawa"
dn:
automountkey=plakdawa,automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=h
 yperion,dc=com
automountInformation: scfs3:/vol/vol2/homes/&
automountKey: plakdawa
objectClass: top
objectClass: automount
**** PLAKDAWA 
<https://bug.oraclecorp.com/pls/bug/WEBBUG_EDIT.User_Profile?p_username=PLAKDAWA> 
<mailto:porus.lakdawala@oracle.com?subject=Bug%23%206315017%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP&body=Bug%23%20%3Ca%20href=http://bug.us.oracle.com/pls/bug/webbug_print.show?c_rptno=6315017%3E6315017%3C/a%3E%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP> 
08/14/07 02:12 pm ****
I am not certain if the lab server will be reachable from your subnets. We
are part of hyperion (was recently acquired by Oracle). Please try the
/@ following IP address /

/@ Name:   labldap02.hyperion.com/
Address: 172.27.33.46

The LDAP basedn for all account lookups is "dc=hyperion,dc=com".

The LDAP basedn for automount lookups is
"ou=sc,ou=ca,ou=na,dc=hyperion,dc=com"
**** WWG 
<https://bug.oraclecorp.com/pls/bug/WEBBUG_EDIT.User_Profile?p_username=WWG> 
<mailto:wen.gang.wang@oracle.com?subject=Bug%23%206315017%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP&body=Bug%23%20%3Ca%20href=http://bug.us.oracle.com/pls/bug/webbug_print.show?c_rptno=6315017%3E6315017%3C/a%3E%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP> 
08/15/07 12:34 am ****
/@ yes, as you said, BASEDN set in /etc/sysconfig/autofs doesn't work./
/@ while, you can specify the auto master entry by add one line in to /
/@ /etc/sysconfig/autofs/
/@ 
DEFAULT_MASTER_MAP_NAME="//172.27.33.46/automountmapname=auto_nfshome,ou=sc,ou/ 

/@ =ca,ou=na,dc=hyperion,dc=com"/
**** PLAKDAWA 
<https://bug.oraclecorp.com/pls/bug/WEBBUG_EDIT.User_Profile?p_username=PLAKDAWA> 
<mailto:porus.lakdawala@oracle.com?subject=Bug%23%206315017%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP&body=Bug%23%20%3Ca%20href=http://bug.us.oracle.com/pls/bug/webbug_print.show?c_rptno=6315017%3E6315017%3C/a%3E%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP> 
08/20/07 11:46 am ****
We have multiple automount maps in ou=sc,ou=ca,ou=na,dc=hyperion,dc=com.

So should the DEFAULT_MASTER_MAP_NAME be set to the auto.master map?

[porus@rattlebag ~]$ ldapsearch -LLL -x -b
"ou=sc,ou=ca,ou=na,dc=hyperion,dc=com" "objectclass=automountmap"
dn: automountMapName=auto_automnt,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
automountMapName: auto_automnt
objectClass: top
objectClass: automountMap

dn: automountMapName=auto_master,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
automountMapName: auto_master
objectClass: top
objectClass: automountMap

dn: automountMapName=auto.master,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
automountMapName: auto.master
objectClass: top
objectClass: automountMap

dn: automountMapName=auto_scfs3,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto_scfs3

dn: automountMapName=auto_scfs4,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto_scfs4

dn: automountMapName=auto_nar200,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto_nar200

dn: automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto_nfshome

dn: automountMapName=auto_products,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto_products
**** PLAKDAWA 
<https://bug.oraclecorp.com/pls/bug/WEBBUG_EDIT.User_Profile?p_username=PLAKDAWA> 
<mailto:porus.lakdawala@oracle.com?subject=Bug%23%206315017%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP&body=Bug%23%20%3Ca%20href=http://bug.us.oracle.com/pls/bug/webbug_print.show?c_rptno=6315017%3E6315017%3C/a%3E%20-%20BASEDN%20NO%20LONGER%20AVAILABLE%20TO%20SET%20FOR%20AUTOFS%20WITH%20LDAP> 
08/20/07 11:51 am ****
The other issue with the DEFAULT_MASTER_MAP_NAME is that providing the full
URL, will prevent the failover to the secondary LDAP server should the one
mentioned in the URL fail. Or is it possible to add secondary entries?

over.

thanks
wengang.

Ian Kent wrote:
> On Wed, 2007-09-05 at 10:15 +0800, wengang wang wrote:
>   
>> Hi,
>> A custom complained that:
>> //<==
>> In RHEL4 it was possible to set a "basedn" variable in the
>> /etc/sysconfig/autofs file which served as a basedn for LDAP lookups
>> performed by the automounter.
>>
>> However, this has been removed in RHEL5.
>> //<==
>> It is true that setting it in /etc/openldap/ldap.conf is an alternative, 
>>     
>
> No.
>
>   
>> the custom doesn't want do as that because /etc/openldap/ldap.conf is 
>> automatically edited by the redhat config tools authconfig and 
>> system-config-authentication.
>> So I want to know for what the basedn is removed from 
>> /etc/sysconfig/autofs.  I checked all the change logs and readmes in 
>> autofs-5.0.1, but didn't find basedn metioned.
>>     
>
> In version 5 the base dn is calculated, depending on how you specify the
> map.
>
> Describe the problem and I'll try and give a sensible answer.
>
> Ian
>
>
>   

-- 
Wengang Wang
Member of Technical Staff
Oracle Asia R&D Center
Open Source Technologies Development

Tel:      +86 10 8278 6265
Mobile:   +86 13381078925


[-- Attachment #1.2.1: Type: text/html, Size: 12878 bytes --]

[-- Attachment #1.2.2: mailto.gif --]
[-- Type: image/gif, Size: 96 bytes --]

[-- Attachment #2: Type: text/plain, Size: 140 bytes --]

_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs

Re: basedn in /etc/sysconfig/autofs

[Ian Kent]

On Wed, 2007-09-05 at 10:43 -0700, Simon Gao wrote:
> Ian Kent wrote:
> > On Wed, 2007-09-05 at 10:15 +0800, wengang wang wrote:
> >   
> >> Hi,
> >> A custom complained that:
> >> //<==
> >> In RHEL4 it was possible to set a "basedn" variable in the
> >> /etc/sysconfig/autofs file which served as a basedn for LDAP lookups
> >> performed by the automounter.
> >>
> >> However, this has been removed in RHEL5.
> >> //<==
> >> It is true that setting it in /etc/openldap/ldap.conf is an alternative, 
> >>     
> >
> > No.
> >
> >   
> >> the custom doesn't want do as that because /etc/openldap/ldap.conf is 
> >> automatically edited by the redhat config tools authconfig and 
> >> system-config-authentication.
> >> So I want to know for what the basedn is removed from 
> >> /etc/sysconfig/autofs.  I checked all the change logs and readmes in 
> >> autofs-5.0.1, but didn't find basedn metioned.
> >>     
> >
> > In version 5 the base dn is calculated, depending on how you specify the
> > map.
> >
> > Describe the problem and I'll try and give a sensible answer.
> >
> > Ian
> >   
> I also have a related question about basedn in /etc/sysconfig/autofs.
> 
> You can put in root level basedn like "dc=example,dc=com", or more lower
> level like "ou=autofs,ou=services,dc=example,dc=com". Would later case
> help the search by being more specific and therefore getting autofs map
> lot quicker? Or it makes not significant difference?

This configuration option is RHEL4 specific.
I would need to revisit that code to answer that.
Perhaps Jeff will be able to help.

Ian

Re: basedn in /etc/sysconfig/autofs

[Ian Kent]

On Wed, 2007-09-05 at 12:57 -0500, Wolfe, Allan wrote:
> Multiple search paths would be beneficial as well for service search
> descriptor support.   e.g.:
> "ou=autofs,ou=services,dc=example,dc=com:ou=autofs_group1,ou=services,dc
> =example,dc=com"

I'm about to start work on this so specification of (multiple) basedn
will be possible.

> 
> -----Original Message-----
> From: autofs-bounces@linux.kernel.org
> [mailto:autofs-bounces@linux.kernel.org] On Behalf Of Simon Gao
> Sent: Wednesday, September 05, 2007 12:44 PM
> To: Ian Kent
> Cc: autofs@linux.kernel.org
> Subject: Re: [autofs] basedn in /etc/sysconfig/autofs
> 
> Ian Kent wrote:
> > On Wed, 2007-09-05 at 10:15 +0800, wengang wang wrote:
> >   
> >> Hi,
> >> A custom complained that:
> >> //<==
> >> In RHEL4 it was possible to set a "basedn" variable in the 
> >> /etc/sysconfig/autofs file which served as a basedn for LDAP lookups 
> >> performed by the automounter.
> >>
> >> However, this has been removed in RHEL5.
> >> //<==
> >> It is true that setting it in /etc/openldap/ldap.conf is an 
> >> alternative,
> >>     
> >
> > No.
> >
> >   
> >> the custom doesn't want do as that because /etc/openldap/ldap.conf is
> 
> >> automatically edited by the redhat config tools authconfig and 
> >> system-config-authentication.
> >> So I want to know for what the basedn is removed from 
> >> /etc/sysconfig/autofs.  I checked all the change logs and readmes in 
> >> autofs-5.0.1, but didn't find basedn metioned.
> >>     
> >
> > In version 5 the base dn is calculated, depending on how you specify 
> > the map.
> >
> > Describe the problem and I'll try and give a sensible answer.
> >
> > Ian
> >   
> I also have a related question about basedn in /etc/sysconfig/autofs.
> 
> You can put in root level basedn like "dc=example,dc=com", or more lower
> level like "ou=autofs,ou=services,dc=example,dc=com". Would later case
> help the search by being more specific and therefore getting autofs map
> lot quicker? Or it makes not significant difference?
> 
> Simon
> 
> _______________________________________________
> autofs mailing list
> autofs@linux.kernel.org
> http://linux.kernel.org/mailman/listinfo/autofs
> -----------------------------------------
> 
> Anadarko Confidentiality Notice:  
> This electronic transmission and any attached documents or other
> writings are intended only for the person or entity to which it is
> addressed and may contain information that is privileged,
> confidential or otherwise protected from disclosure.  If you have
> received this communication in error, please immediately notify
> sender by return e-mail and destroy the communication. Any
> disclosure, copying, distribution or the taking of any action
> concerning the contents of this communication or any attachments by
> anyone other than the named recipient is strictly prohibited.

Re: basedn in /etc/sysconfig/autofs

[Ian Kent]

On Thu, 2007-09-06 at 10:01 +0800, wengang wang wrote:
> Hi Ian,
> 
> here is the exchangings:

It's not clear from this what the problem is.

snip ...

> *** PLAKDAWA  08/14/07 02:06 pm *** 
> Just to give you a little more information: Our automount schema is
> based on 
> the "automountmapname", "automountkey" and "automountinformation"
> attributes. 
> This works properly with the relevant settings in
> the /etc/sysconfig/autofs 
> file on RHEL5 if the basedn is set manually in
> the /etc/openldap/ldap.conf 

But doesn't work if you don't set basdn in ldap.conf?
Are you saying that there are multiple master maps and maps of the same
name under different basedns in this setup?

> file. However, since the openldap/ldap.conf file can be used by other 
> applications, we don't want our automounter's basedn to depend on
> this. 
> 
> The LDAP attributes of the automount maps are as shown below: 
> 
> [porus@rattlebag ~]$ ldapsearch -LLL -x -b 
> "ou=sc,ou=ca,ou=na,dc=hyperion,dc=com"
> "automountmapname=auto_nfshome" 
> dn:
> automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com 
> objectClass: top 
> objectClass: automountMap 
> automountMapName: auto_nfshome 
>   
> [porus@rattlebag ~]$ ldapsearch -LLL -x -b 
> "automountmapname=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com" 
> "automountkey=plakdawa" 
> dn: 
> automountkey=plakdawa,automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=h 
>  yperion,dc=com 
> automountInformation: scfs3:/vol/vol2/homes/& 
> automountKey: plakdawa 
> objectClass: top 
> objectClass: automount 

snip ...

> *** PLAKDAWA  08/20/07 11:51 am *** 
> The other issue with the DEFAULT_MASTER_MAP_NAME is that providing the full 
> URL, will prevent the failover to the secondary LDAP server should the one 
> mentioned in the URL fail. Or is it possible to add secondary entries?

It's possible to specify the map (master or other) without the server
name.

eg.
MASTER_MAP_NAME="ou=auto.master,dc=themaw,dc=net"

This will then use the above basedn for finding the master map.

However, this can't be used when autofs searches for the basedn for the
maps referred to in the above master map which may not be a sensible
thing to do but cannot be practically done another way. 

The only workaround for this at the moment would be to specify the
basedn in the master map entries as well as in the master map as above.

eg.
# /ldap, auto.master, themaw.net
dn: cn=/ldap,ou=auto.master,dc=themaw,dc=net
objectClass: automount
cn: /ldap
automountInformation: ou=auto.indirect,dc=themaw,dc=net

Ian

Re: basedn in /etc/sysconfig/autofs

[Jeff Moyer]

Ian Kent <raven@themaw.net> writes:

> On Wed, 2007-09-05 at 10:43 -0700, Simon Gao wrote:
>> I also have a related question about basedn in /etc/sysconfig/autofs.
>> 
>> You can put in root level basedn like "dc=example,dc=com", or more lower
>> level like "ou=autofs,ou=services,dc=example,dc=com". Would later case
>> help the search by being more specific and therefore getting autofs map
>> lot quicker? Or it makes not significant difference?
>
> This configuration option is RHEL4 specific.
> I would need to revisit that code to answer that.
> Perhaps Jeff will be able to help.

Well, since it is the search base, yes, confining it more will limit
the scope of the search.

-Jeff

Re: basedn in /etc/sysconfig/autofs

[Simon Gao]

Jeff Moyer wrote:
> Ian Kent <raven@themaw.net> writes:
>
>   
>> On Wed, 2007-09-05 at 10:43 -0700, Simon Gao wrote:
>>     
>>> I also have a related question about basedn in /etc/sysconfig/autofs.
>>>
>>> You can put in root level basedn like "dc=example,dc=com", or more lower
>>> level like "ou=autofs,ou=services,dc=example,dc=com". Would later case
>>> help the search by being more specific and therefore getting autofs map
>>> lot quicker? Or it makes not significant difference?
>>>       
>> This configuration option is RHEL4 specific.
>> I would need to revisit that code to answer that.
>> Perhaps Jeff will be able to help.
>>     
>
> Well, since it is the search base, yes, confining it more will limit
> the scope of the search.
>
> -Jeff
>   
So for autofs 5.0.1 on RHEL 5, one can add basedn line to
/etc/sysconfig/autofs? Just curious what's the reason to remove it or
not include it as default in the first place?

Simon

Re: basedn in /etc/sysconfig/autofs

[Ian Kent]

On Thu, 2007-09-06 at 15:44 -0700, Simon Gao wrote:
> Jeff Moyer wrote:
> > Ian Kent <raven@themaw.net> writes:
> >
> >   
> >> On Wed, 2007-09-05 at 10:43 -0700, Simon Gao wrote:
> >>     
> >>> I also have a related question about basedn in /etc/sysconfig/autofs.
> >>>
> >>> You can put in root level basedn like "dc=example,dc=com", or more lower
> >>> level like "ou=autofs,ou=services,dc=example,dc=com". Would later case
> >>> help the search by being more specific and therefore getting autofs map
> >>> lot quicker? Or it makes not significant difference?
> >>>       
> >> This configuration option is RHEL4 specific.
> >> I would need to revisit that code to answer that.
> >> Perhaps Jeff will be able to help.
> >>     
> >
> > Well, since it is the search base, yes, confining it more will limit
> > the scope of the search.
> >
> > -Jeff
> >   
> So for autofs 5.0.1 on RHEL 5, one can add basedn line to
> /etc/sysconfig/autofs? Just curious what's the reason to remove it or
> not include it as default in the first place?
> 

No you can't.

This config item isn't part of upstream autofs 4, it's RHEL specific, so
it wasn't "removed" it just wasn't present in the code base that version
5 started from.

The primary driver for the LDAP changes were to reduce the number of
queries to the server (from 9 to 1) and what we have in version 5 is
what we ended up with.

In any case this will be added to version 5.

Ian

Re: basedn in /etc/sysconfig/autofs

[wengang wang]

[-- Attachment #1.1: Type: text/plain, Size: 3412 bytes --]

Hi Ian,

reply from custom:
==>
Just to clarify:
 
1. We use different basedn for authentication and automount in our 
directory. The basedn for authentoication is used from /etc/ldap.conf. 
However we need to specify a separate basedn for automount maps because 
they are regional.
 
2. We do not have multiple master maps just one.
 
If it possible to use the MASTER_MAP_NAME without specifying the server 
then that should solve our problem. I will test this and let you know if 
it works.
<==

thanks,
wengang.

Ian Kent wrote:
> On Thu, 2007-09-06 at 10:01 +0800, wengang wang wrote:
>   
>> Hi Ian,
>>
>> here is the exchangings:
>>     
>
> It's not clear from this what the problem is.
>
> snip ...
>
>   
>> *** PLAKDAWA  08/14/07 02:06 pm *** 
>> Just to give you a little more information: Our automount schema is
>> based on 
>> the "automountmapname", "automountkey" and "automountinformation"
>> attributes. 
>> This works properly with the relevant settings in
>> the /etc/sysconfig/autofs 
>> file on RHEL5 if the basedn is set manually in
>> the /etc/openldap/ldap.conf 
>>     
>
> But doesn't work if you don't set basdn in ldap.conf?
> Are you saying that there are multiple master maps and maps of the same
> name under different basedns in this setup?
>
>   
>> file. However, since the openldap/ldap.conf file can be used by other 
>> applications, we don't want our automounter's basedn to depend on
>> this. 
>>
>> The LDAP attributes of the automount maps are as shown below: 
>>
>> [porus@rattlebag ~]$ ldapsearch -LLL -x -b 
>> "ou=sc,ou=ca,ou=na,dc=hyperion,dc=com"
>> "automountmapname=auto_nfshome" 
>> dn:
>> automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com 
>> objectClass: top 
>> objectClass: automountMap 
>> automountMapName: auto_nfshome 
>>   
>> [porus@rattlebag ~]$ ldapsearch -LLL -x -b 
>> "automountmapname=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com" 
>> "automountkey=plakdawa" 
>> dn: 
>> automountkey=plakdawa,automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=h 
>>  yperion,dc=com 
>> automountInformation: scfs3:/vol/vol2/homes/& 
>> automountKey: plakdawa 
>> objectClass: top 
>> objectClass: automount 
>>     
>
> snip ...
>
>   
>> *** PLAKDAWA  08/20/07 11:51 am *** 
>> The other issue with the DEFAULT_MASTER_MAP_NAME is that providing the full 
>> URL, will prevent the failover to the secondary LDAP server should the one 
>> mentioned in the URL fail. Or is it possible to add secondary entries?
>>     
>
> It's possible to specify the map (master or other) without the server
> name.
>
> eg.
> MASTER_MAP_NAME="ou=auto.master,dc=themaw,dc=net"
>
> This will then use the above basedn for finding the master map.
>
> However, this can't be used when autofs searches for the basedn for the
> maps referred to in the above master map which may not be a sensible
> thing to do but cannot be practically done another way. 
>
> The only workaround for this at the moment would be to specify the
> basedn in the master map entries as well as in the master map as above.
>
> eg.
> # /ldap, auto.master, themaw.net
> dn: cn=/ldap,ou=auto.master,dc=themaw,dc=net
> objectClass: automount
> cn: /ldap
> automountInformation: ou=auto.indirect,dc=themaw,dc=net
>
> Ian
>
>
>   

-- 
Wengang Wang
Member of Technical Staff
Oracle Asia R&D Center
Open Source Technologies Development

Tel:      +86 10 8278 6265
Mobile:   +86 13381078925


[-- Attachment #1.2: Type: text/html, Size: 4892 bytes --]

[-- Attachment #2: Type: text/plain, Size: 140 bytes --]

_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs

Re: basedn in /etc/sysconfig/autofs

[Ian Kent]

On Mon, 2007-09-10 at 09:44 +0800, wengang wang wrote:
> Hi Ian,
> 
> reply from custom:
> ==>
> Just to clarify:
>  
> 1. We use different basedn for authentication and automount in our
> directory. The basedn for authentoication is used from /etc/ldap.conf.
> However we need to specify a separate basedn for automount maps
> because they are regional.
>  
> 2. We do not have multiple master maps just one.
>  
> If it possible to use the MASTER_MAP_NAME without specifying the
> server then that should solve our problem. I will test this and let
> you know if it works.

It is and the master map will be found ok in this case but be aware that
the same issue will exist for the entries in the master map themselves
because reading the master map is distinct from reading the maps
themselves.

For example:

automountInformation: auto_map

may not find the right map if there are multiple instances of this map
name in LDAP.

But if the master map entry has something like:

automountInformation: ou=auto_map,dc=themaw,dc=net

will use the information in the map entry to work out the map basedn.

> <==
> 
> thanks,
> wengang.
> 
> Ian Kent wrote: 
> > On Thu, 2007-09-06 at 10:01 +0800, wengang wang wrote:
> >   
> > > Hi Ian,
> > > 
> > > here is the exchangings:
> > >     
> > 
> > It's not clear from this what the problem is.
> > 
> > snip ...
> > 
> >   
> > > *** PLAKDAWA  08/14/07 02:06 pm *** 
> > > Just to give you a little more information: Our automount schema is
> > > based on 
> > > the "automountmapname", "automountkey" and "automountinformation"
> > > attributes. 
> > > This works properly with the relevant settings in
> > > the /etc/sysconfig/autofs 
> > > file on RHEL5 if the basedn is set manually in
> > > the /etc/openldap/ldap.conf 
> > >     
> > 
> > But doesn't work if you don't set basdn in ldap.conf?
> > Are you saying that there are multiple master maps and maps of the same
> > name under different basedns in this setup?
> > 
> >   
> > > file. However, since the openldap/ldap.conf file can be used by other 
> > > applications, we don't want our automounter's basedn to depend on
> > > this. 
> > > 
> > > The LDAP attributes of the automount maps are as shown below: 
> > > 
> > > [porus@rattlebag ~]$ ldapsearch -LLL -x -b 
> > > "ou=sc,ou=ca,ou=na,dc=hyperion,dc=com"
> > > "automountmapname=auto_nfshome" 
> > > dn:
> > > automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com 
> > > objectClass: top 
> > > objectClass: automountMap 
> > > automountMapName: auto_nfshome 
> > >   
> > > [porus@rattlebag ~]$ ldapsearch -LLL -x -b 
> > > "automountmapname=auto_nfshome,ou=sc,ou=ca,ou=na,dc=hyperion,dc=com" 
> > > "automountkey=plakdawa" 
> > > dn: 
> > > automountkey=plakdawa,automountMapName=auto_nfshome,ou=sc,ou=ca,ou=na,dc=h 
> > >  yperion,dc=com 
> > > automountInformation: scfs3:/vol/vol2/homes/& 
> > > automountKey: plakdawa 
> > > objectClass: top 
> > > objectClass: automount 
> > >     
> > 
> > snip ...
> > 
> >   
> > > *** PLAKDAWA  08/20/07 11:51 am *** 
> > > The other issue with the DEFAULT_MASTER_MAP_NAME is that providing the full 
> > > URL, will prevent the failover to the secondary LDAP server should the one 
> > > mentioned in the URL fail. Or is it possible to add secondary entries?
> > >     
> > 
> > It's possible to specify the map (master or other) without the server
> > name.
> > 
> > eg.
> > MASTER_MAP_NAME="ou=auto.master,dc=themaw,dc=net"
> > 
> > This will then use the above basedn for finding the master map.
> > 
> > However, this can't be used when autofs searches for the basedn for the
> > maps referred to in the above master map which may not be a sensible
> > thing to do but cannot be practically done another way. 
> > 
> > The only workaround for this at the moment would be to specify the
> > basedn in the master map entries as well as in the master map as above.
> > 
> > eg.
> > # /ldap, auto.master, themaw.net
> > dn: cn=/ldap,ou=auto.master,dc=themaw,dc=net
> > objectClass: automount
> > cn: /ldap
> > automountInformation: ou=auto.indirect,dc=themaw,dc=net
> > 
> > Ian
> > 
> > 
> >   
> 
> -- 
> Wengang Wang
> Member of Technical Staff
> Oracle Asia R&D Center
> Open Source Technologies Development
> 
> Tel:      +86 10 8278 6265
> Mobile:   +86 13381078925