master_notify: syntax error in map near [ bogus option ]

master_notify: syntax error in map near [ bogus option ]

[Knops, Manfred]

Hello,

please can you help me.
I configured autofs in version 5.0.1 on a Fedora release 7 (Moonshine) 
system to use ldap for the automount information.

The configuration is:
[userB@hostB ~]# egrep -v "^$|^#" /etc/sysconfig/autofs
MASTER_MAP_NAME="auto.master"
TIMEOUT=300
BROWSE_MODE="yes"
APPEND_OPTIONS="yes"
LOGGING="debug"
MAP_OBJECT_CLASS="automountMap"
ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="automountMapName"
ENTRY_ATTRIBUTE="automountKey"
VALUE_ATTRIBUTE="automountInformation"
AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf"

[userB@hostB ~]# tail -n 8 /etc/autofs_ldap_auth.conf
<autofs_ldap_sasl_conf
         usetls="no"
         tlsrequired="no"
         authrequired="yes"
         authtype="DIGEST-MD5"
         user="ldap"
         secret="ldap"
/>

[userB@hostB ~]# egrep -v "^$|^#" /etc/auto.master
+auto.master


The automount info's are:
[userB@hostB ~]# ldapsearch "(objectClass=automountMap)"
...
...
# auto.master, automount, abaqus.de
dn: automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automountMap
automountMapName: auto.master
description: This chapter is analog to the file /etc/auto.master

# auto.home, automount, abaqus.de
dn: automountMapName=auto.home,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automountMap
automountMapName: auto.home
description: This chapter is analog to /etc/auto.home

[userB@hostB ~]# ldapsearch 
"(&(objectClass=automount)(|(automountKey=/home)(automountKey=/net)))"
...
...
# /net, auto.master, automount, abaqus.de
dn: 
automountKey=/net,automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automount
automountKey: /net
automountInformation: /etc/auto.net --timeout=60

# /home, auto.master, automount, abaqus.de
dn: 
automountKey=/home,automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automount
automountKey: /home
automountInformation: ldap 
192.168.1.2:automountMapName=auto.home,ou=automount,dc=abaqus,dc=de 
--timeout=60

[userB@hostB ~]# ldapsearch "(&(objectClass=automount)(automountKey=userA))"
...
...
# userA, auto.home, automount, abaqus.de
dn: 
automountKey=userA,automountMapName=auto.home,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automount
automountKey: userA
automountInformation: -fstype=nfs,hard,intr,nodev,nosuid hostA:/home/userA
description: ldap entry for /etc/auto.home

When I start I got this information in /var/log/message:
Jan  3 13:37:52 kerberos automount[12728]: Starting automounter version 
5.0.1-31, master map auto.master
Jan  3 13:37:52 kerberos automount[12728]: using kernel protocol version 
5.00
Jan  3 13:37:52 kerberos automount[12728]: master_error: syntax error 
while parsing map.
Jan  3 13:37:52 kerberos automount[12728]: master_notify: syntax error 
in map near [ bogus option ]
Jan  3 13:37:52 kerberos automount[12728]: master_error: syntax error 
while parsing map.
Jan  3 13:37:52 kerberos automount[12728]: master_read_master: no mounts 
in table

On Opensuse 10.3 this configuration works.
Please can anyone tell me, what does it means syntax error in map near [ 
bogus option ].

With best regard
Manfred
-- 
Manfred Knops
Abaqus Deutschland GmbH
Elisabethstrasse 16
D-52062 Aachen

Re: master_notify: syntax error in map near [ bogus option ]

[Knops, Manfred]

Knops, Manfred wrote:
> (...)
> # /home, auto.master, automount, abaqus.de
> dn: 
> automountKey=/home,automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
> objectClass: top
> objectClass: automount
> automountKey: /home
> automountInformation: ldap 
> 192.168.1.2:automountMapName=auto.home,ou=automount,dc=abaqus,dc=de 
> --timeout=60
[root@kerberos ~]# tail /tmp/automount.ldif
dn: 
automountKey=/home,automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automount
automountKey: /home
automountInformation: 
ldap://192.168.1.2/automountMapName=auto.home,ou=automount,dc=abaqus,dc=de

I found one mistake by myself. I changed the automountInformation for /home.
I changed from "ldap 192.168.1.2:auto..." to "ldap://192.168.1.2/auto...".

Now I have a sasl problem.
Jan  3 16:18:55 hostB automount[12904]: Starting automounter version 
5.0.1-31, master map auto.master
Jan  3 16:18:55 hostB automount[12904]: using kernel protocol version 5.00
Jan  3 16:18:55 hostB automount[12904]: No worthy mechs found
Jan  3 16:18:55 hostB automount[12904]: sasl_bind_mech: sasl_client 
start failed with error: SASL(-4): no mechanism available: No worthy 
mechs found
Jan  3 16:18:55 hostB automount[12904]: lookup_init: lookup(ldap): 
cannot initialize authentication setup
Jan  3 16:18:55 hostB automount[12904]: mount_autofs_indirect: failed to 
read map for /home
Jan  3 16:18:55 hostB automount[12904]: handle_mounts: mount of /home 
failed!
Jan  3 16:18:55 hostB automount[12904]: master_do_mount: failed to 
startup mount
Jan  3 16:18:55 hostB automount[12904]: mounted indirect mount on /net 
with timeout 60, freq 15 seconds
Jan  3 16:18:55 hostB automount[12904]: ghosting enabled
Jan  3 16:19:56 hostB automount[12904]: attempting to mount entry /net/gnome
Jan  3 16:19:56 hostB automount[12904]: mounted /net/gnome
Jan  3 16:20:09 hostB automount[12904]: mount still busy /net
Jan  3 16:20:40 hostB last message repeated 2 times
Jan  3 16:21:11 hostB last message repeated 2 times
Jan  3 16:21:26 hostB automount[12904]: expiring path /net/gnome
Jan  3 16:21:26 hostB automount[12904]: umounted offset mount 
/net/gnome/backup/opt-abaqus/server
Jan  3 16:21:26 hostB automount[12904]: expired /net/gnome

If someone has an idea, please feel free to help me.

With best regards
Manfred
-- 
Manfred Knops
Abaqus Deutschland GmbH
Elisabethstrasse 16
D-52062 Aachen

Re: master_notify: syntax error in map near [ bogus option ]

[Ian Kent]

On Thu, 2008-01-03 at 16:28 +0100, Knops, Manfred wrote:
> Knops, Manfred wrote:
> > (...)
> > # /home, auto.master, automount, abaqus.de
> > dn: 
> > automountKey=/home,automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
> > objectClass: top
> > objectClass: automount
> > automountKey: /home
> > automountInformation: ldap 
> > 192.168.1.2:automountMapName=auto.home,ou=automount,dc=abaqus,dc=de 
> > --timeout=60
> [root@kerberos ~]# tail /tmp/automount.ldif
> dn: 
> automountKey=/home,automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
> objectClass: top
> objectClass: automount
> automountKey: /home
> automountInformation: 
> ldap://192.168.1.2/automountMapName=auto.home,ou=automount,dc=abaqus,dc=de
> 
> I found one mistake by myself. I changed the automountInformation for /home.
> I changed from "ldap 192.168.1.2:auto..." to "ldap://192.168.1.2/auto...".

Not really a mistake. Version 5 is more strict about this but don't be
surprised if it starts to work again in later revisions because lot of
people do seem to use this even though it's not specified as valid.

The valid formats are ldap:[server:]dn or, more recently,
ldap:[//server/]dn, although the man page seems a little unclear now I
look at it. There are further restrictions on the dn in that it needs to
be either a map name alone or a full dn string including the base.

> 
> Now I have a sasl problem.
> Jan  3 16:18:55 hostB automount[12904]: Starting automounter version 
> 5.0.1-31, master map auto.master
> Jan  3 16:18:55 hostB automount[12904]: using kernel protocol version 5.00
> Jan  3 16:18:55 hostB automount[12904]: No worthy mechs found
> Jan  3 16:18:55 hostB automount[12904]: sasl_bind_mech: sasl_client 
> start failed with error: SASL(-4): no mechanism available: No worthy 
> mechs found
> Jan  3 16:18:55 hostB automount[12904]: lookup_init: lookup(ldap): 
> cannot initialize authentication setup
> Jan  3 16:18:55 hostB automount[12904]: mount_autofs_indirect: failed to 
> read map for /home
> Jan  3 16:18:55 hostB automount[12904]: handle_mounts: mount of /home 
> failed!
> Jan  3 16:18:55 hostB automount[12904]: master_do_mount: failed to 
> startup mount
> Jan  3 16:18:55 hostB automount[12904]: mounted indirect mount on /net 
> with timeout 60, freq 15 seconds
> Jan  3 16:18:55 hostB automount[12904]: ghosting enabled
> Jan  3 16:19:56 hostB automount[12904]: attempting to mount entry /net/gnome
> Jan  3 16:19:56 hostB automount[12904]: mounted /net/gnome
> Jan  3 16:20:09 hostB automount[12904]: mount still busy /net
> Jan  3 16:20:40 hostB last message repeated 2 times
> Jan  3 16:21:11 hostB last message repeated 2 times
> Jan  3 16:21:26 hostB automount[12904]: expiring path /net/gnome
> Jan  3 16:21:26 hostB automount[12904]: umounted offset mount 
> /net/gnome/backup/opt-abaqus/server
> Jan  3 16:21:26 hostB automount[12904]: expired /net/gnome
> 
> If someone has an idea, please feel free to help me.

Does this same connection information work OK for ldapsearch?

Ian

Re: master_notify: syntax error in map near [ bogus option ]

[Knops, Manfred]

Ian Kent wrote:
> (...)
> Not really a mistake. Version 5 is more strict about this but don't be
> surprised if it starts to work again in later revisions because lot of
> people do seem to use this even though it's not specified as valid.
> 
> The valid formats are ldap:[server:]dn or, more recently,
> ldap:[//server/]dn, although the man page seems a little unclear now I
> look at it. There are further restrictions on the dn in that it needs to
> be either a map name alone or a full dn string including the base.
Ok, thank you for this information. I checked the documenation on 
opensuse 10.3. They use version 5.0.2. And they wrote:

dn: cn=/mounts,nisMapName=auto.master,ou=AUTOFS,dc=example,dc=org
objectClass: nisObject
nisMapName: auto.master
cn: /mounts
nisMapEntry: ldap 
ldapserver.example.org:nisMapName=auto.mounts,ou=AUTOFS,dc=example,dc=org

So I will try to use ldap://server/dn on opensuse to make ldap 
replication possible.

> (...)
> Does this same connection information work OK for ldapsearch?
Yes, it works.
[userB@hostB ~]# ldapsearch -v "(objectClass=automountMap)"
ldap_initialize( <DEFAULT> )
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: ldap
SASL SSF: 128
SASL installing layers
filter: (objectClass=automountMap)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3[root@kerberos ~]# ldapwhoami -U ldap -X u:ldap
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:ldap
SASL SSF: 128
SASL installing layers
dn:uid=ldap,ou=users,dc=abaqus,dc=de
Result: Success (0)

# base <> with scope subtree
# filter: (objectClass=automountMap)
# requesting: ALL
#

# auto.home, automount, abaqus.de
dn: automountMapName=auto.home,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automountMap
automountMapName: auto.home
description: This chapter is analog to /etc/auto.home

# auto.master, automount, abaqus.de
dn: automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automountMap
automountMapName: auto.master
description: This chapter is analog to the file /etc/auto.master

# search result
search: 3
result: 0 Success

# numResponses: 3
# numEntries: 2



testsaslauthd also works fine:
[userB@hostB ~]# testsaslauthd -u ldap -p ldap
0: OK "Success."



ldapwhoami also works fine:
[userB@hostB ~]# ldapwhoami -U ldap -X u:ldap
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:ldap
SASL SSF: 128
SASL installing layers
dn:uid=ldap,ou=users,dc=abaqus,dc=de
Result: Success (0)


It also work for automount. Because /net mount with /etc/auto.net works:
Jan  4 09:35:19 kerberos automount[18890]: mounted indirect mount on 
/net with timeout 60, freq 15 seconds

He got this information from ldap:
[userB@hostB ~]# ldapsearch 
"(&(objectClass=automount)(automountKey=/net))" -LLL
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: ldap
SASL SSF: 128
SASL installing layers
dn: 
automountKey=/net,automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
objectClass: top
objectClass: automount
automountKey: /net
automountInformation: /etc/auto.net --timeout=60

He also notice that /home are a mount point. He found this information 
in ldap. So he got a connection. But he doesn't read the mount options:
Jan  4 09:35:19 kerberos automount[18890]: mount_autofs_indirect: failed 
to read map for /home

And I don't know why.
Manfred

Re: master_notify: syntax error in map near [ bogus option ]

[Ian Kent]

On Mon, 2008-01-07 at 08:06 +0100, Knops, Manfred wrote:
> Ian Kent wrote:
> > (...)
> > Not really a mistake. Version 5 is more strict about this but don't be
> > surprised if it starts to work again in later revisions because lot of
> > people do seem to use this even though it's not specified as valid.
> > 
> > The valid formats are ldap:[server:]dn or, more recently,
> > ldap:[//server/]dn, although the man page seems a little unclear now I
> > look at it. There are further restrictions on the dn in that it needs to
> > be either a map name alone or a full dn string including the base.
> Ok, thank you for this information. I checked the documenation on 
> opensuse 10.3. They use version 5.0.2. And they wrote:

OK, there's nearly 50 patches going into 5.0.3, maybe more by the time
it gets released so it's going to be a bit hard to work out what's going
on.

We usually get most useful information from debug logs.
See http://people.redhat.com/jmoyer for instructions to collect it.
Ensure that daemon.* is actually being logged.

> 
> dn: cn=/mounts,nisMapName=auto.master,ou=AUTOFS,dc=example,dc=org
> objectClass: nisObject
> nisMapName: auto.master
> cn: /mounts
> nisMapEntry: ldap 
> ldapserver.example.org:nisMapName=auto.mounts,ou=AUTOFS,dc=example,dc=org


> 
> So I will try to use ldap://server/dn on opensuse to make ldap 
> replication possible.
> 
> > (...)
> > Does this same connection information work OK for ldapsearch?
> Yes, it works.
> [userB@hostB ~]# ldapsearch -v "(objectClass=automountMap)"
> ldap_initialize( <DEFAULT> )
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> SASL username: ldap
> SASL SSF: 128
> SASL installing layers
> filter: (objectClass=automountMap)
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3[root@kerberos ~]# ldapwhoami -U ldap -X u:ldap
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> SASL username: u:ldap
> SASL SSF: 128
> SASL installing layers
> dn:uid=ldap,ou=users,dc=abaqus,dc=de
> Result: Success (0)
> 
> # base <> with scope subtree
> # filter: (objectClass=automountMap)
> # requesting: ALL
> #
> 
> # auto.home, automount, abaqus.de
> dn: automountMapName=auto.home,ou=automount,dc=abaqus,dc=de
> objectClass: top
> objectClass: automountMap
> automountMapName: auto.home
> description: This chapter is analog to /etc/auto.home
> 
> # auto.master, automount, abaqus.de
> dn: automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
> objectClass: top
> objectClass: automountMap
> automountMapName: auto.master
> description: This chapter is analog to the file /etc/auto.master
> 
> # search result
> search: 3
> result: 0 Success
> 
> # numResponses: 3
> # numEntries: 2
> 
> 
> 
> testsaslauthd also works fine:
> [userB@hostB ~]# testsaslauthd -u ldap -p ldap
> 0: OK "Success."
> 
> 
> 
> ldapwhoami also works fine:
> [userB@hostB ~]# ldapwhoami -U ldap -X u:ldap
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> SASL username: u:ldap
> SASL SSF: 128
> SASL installing layers
> dn:uid=ldap,ou=users,dc=abaqus,dc=de
> Result: Success (0)
> 
> 
> It also work for automount. Because /net mount with /etc/auto.net works:
> Jan  4 09:35:19 kerberos automount[18890]: mounted indirect mount on 
> /net with timeout 60, freq 15 seconds
> 
> He got this information from ldap:
> [userB@hostB ~]# ldapsearch 
> "(&(objectClass=automount)(automountKey=/net))" -LLL
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> SASL username: ldap
> SASL SSF: 128
> SASL installing layers
> dn: 
> automountKey=/net,automountMapName=auto.master,ou=automount,dc=abaqus,dc=de
> objectClass: top
> objectClass: automount
> automountKey: /net
> automountInformation: /etc/auto.net --timeout=60
> 
> He also notice that /home are a mount point. He found this information 
> in ldap. So he got a connection. But he doesn't read the mount options:
> Jan  4 09:35:19 kerberos automount[18890]: mount_autofs_indirect: failed 
> to read map for /home

I didn't see the master map entry for the auto.home map or any entries
for it above.

Might be a good idea to post all the actual (or carefully edited for
privacy) maps to give a full overview and of course the debug log so we
can see what is happening.

Ian