[Freeipa-devel] automount in LDAP

Rob Crittenden rcritten at redhat.com
Thu Nov 6 18:43:25 UTC 2008 

Simo Sorce wrote:
> On Thu, 2008-11-06 at 10:02 -0500, Rob Crittenden wrote:
>> Simo Sorce wrote:
>>> How do clients choose which server to connect to ?
>> Hardcoded in /etc/sysconfig/autofs on Fedora and RHEL.
>>
>>> Is there any concept like that in automount ? Should we care ?
>> AFAIK there is no accomodation for this. We'd either have to provide 
>> separate areas (in the dn) to store the maps or the end-user would need 
>> to carefully configure things.
> 
> I think providing separate areas then is paramount. Admins should be
> able to define "locations" and the maps would be created inside these
> location. This way admins can set different automount options for
> clients located in different places. I am sure clients in Australia are
> not going to use the same automount maps as for clients in Baltimore.
> 
>> LDAP for autofs is configured on Fedora (the only thing I've 
>> experimented with so far) in /etc/sysconfig/autofs. You can specify the 
>> server and the search base.
>>
>> To accomodate geographic areas we could use a separate basedn for each 
>> one, something like:
>>
>> cn=australia,cn=autoumount,$SUFFIX
>> cn=baltimore,cn=automount,$SUFFIX
> 
> Yes I think this is needed.
> After if someone wants to use the same configuration for all client he
> can create a "cn=default" area and just configure all clients to use it.

Ok, I think that should be simple enough to achieve. I think what I'll 
do is add an optional attribute 'location' and if that is not set, put 
the entry into 'default'.

When someone does automount-newlocation I'll create the default 
auto_master and /- entries. I should be able to use the ldap-updater 
code to make this easy (thanks to Martin for suggesting making it a 
library).

> Well maybe SSSD can be used to fetch the proper basedn at startup,
> modify /etc/sysconfig/autofs and restart autofs before the user logs in.
> 
> I think that might work, and might even be a policy connected to the
> location the client is in.

Yes, I think laptops put the only kink into this from a 
user-perspective. SSSD will need to recognize that they are in a 
different location and configure the machine accordingly.

rob

More information about the Freeipa-devel mailing list