[Freeipa-devel] automount in LDAP
Rob Crittenden
rcritten at redhat.com
Wed Nov 5 21:49:57 UTC 2008
Nalin Dahyabhai wrote:
> On Tue, Nov 04, 2008 at 11:22:48PM -0500, Rob Crittenden wrote:
>> I'm trying to wrap my head around automount over LDAP and how we would
>> want an API over XML-RPC to support it.
>>
>> At its core there are 2 types of objects we'll deal with: maps and keys
>>
>> That part is easy enough. I can implement add-map and add-key methods.
>> The problem is producing something actually usable to a client.
>>
>> The thing is, the admin will need a certain amount of automount
>> knowledge to create a usable setup. Do we want to mirror the LDAP
>> objects or provide an interface to be useful, or both?
>
> I know it's going to be more work, but you may end up having to do both.
>
>> So an example is in order. Here is an example of a simple non-home
>> shared directory. It creates the maps auto.master and auto.share and
>> exports the NFS share /share/builds.
>>
>> dn: automountmapname=auto.master,cn=accounts,dc=example,dc=com
>> objectClass: automountMap
>> objectClass: top
>> automountMapName: auto.master
>>
>> dn:
>> automountkey=/share,automountmapname=auto.master,cn=accounts,dc=example,dc
>> =com
>> objectClass: automount
>> objectClass: top
>> automountKey: /share
>> automountInformation: ldap:automountmapname=auto.share,
>> cn=accounts,dc=example
>> ,dc=com
>>
>> dn: automountmapname=auto.share,cn=accounts,dc=example,dc=com
>> objectClass: automountMap
>> objectClass: top
>> automountMapName: auto.share
>>
>> dn:
>> automountkey=builds,automountmapname=auto.share,cn=accounts,dc=example,dc=
>> com
>> automountInformation: somehost:/share/builds
>> objectClass: automount
>> objectClass: top
>> automountKey: builds
>>
>> So assuming I'm reading this right, and that is a bit of a leap, this
>> shows there are two kinds of keys. One defines a search point (/share)
>> and one defines a mount point (builds). And it requires knowledge of how
>> automount wants to format shares.
>
> Looks right to me. You'll see fewer maps storing directory paths (only
> auto.master and auto.direct come to mind) than subdirectory names. The
> first group are typically known as "direct" maps, and the latter group
> as "indirect" maps.
>
>> And also, this assumes we use a schema with automountkey/automountmap
>> instead of cn and ou.
>
> Yes, and it's actually what I prefer. Using these particular attributes
> means that keys can be case-sensitive (automountKey is defined to be so
> in the schema, while cn and ou are not). Automount map information
> stored in files and NIS maps treats the keys as case-sensitive, too, and
> any deviation from that behavior when you're moving to LDAP is
> surprising (and, it turns out, often upsetting).
>
>> Adding shares can be left as an exercise to the user by just exporting a
>> way to add maps and keys, or we can try to impose some sort of order on
>> this. What that might look like I don't know.
>>
>> Feedback welcome.
>
> The only opinion I have to offer is this: people do exceptionally weird
> things with autofs maps, so the less constraints you force, the happier
> people will be. If you can manage to offer default settings that don't
> push people toward weirdness, though, the situation might look better in
> the future.
>
Ok, here is some LDIF that will define some defaults. I haven't tackled
auto.home yet.
dn: cn=automount,$SUFFIX
objectClass: nsContainer
cn: automount
dn: automountmapname=auto.master,cn=automount,$SUFFIX
objectClass: automountMap
automountMapName: auto.master
dn: automountkey=/-,automountmapname=auto.master,cn=automount,$SUFFIX
objectClass: automount
automountKey: /-
automountInformation: ldap:automountmapname=auto.direct,cn=automount,$SUFFIX
dn: automountmapname=auto.direct,cn=automount,$SUFFIX
objectClass: automountMap
automountMapName: auto.direct
So adding a new direct mount is as simple as:
ipa automount-addkey --key=share --info=server:/share auto.direct
Nalin, if I create an auto.home map that handles /home is that going to
confuse local accounts who exist on /home? That happens on Solaris and
has always driven me nuts.
rob
More information about the Freeipa-devel
mailing list