[Freeipa-devel] automount in LDAP

Simo Sorce ssorce at redhat.com
Fri Nov 7 17:00:36 UTC 2008 

On Fri, 2008-11-07 at 09:25 -0500, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Thu, 2008-11-06 at 10:02 -0500, Rob Crittenden wrote:
> >> Simo Sorce wrote:
> >>> How do clients choose which server to connect to ?
> >> Hardcoded in /etc/sysconfig/autofs on Fedora and RHEL.
> >>
> >>> Is there any concept like that in automount ? Should we care ?
> >> AFAIK there is no accomodation for this. We'd either have to provide 
> >> separate areas (in the dn) to store the maps or the end-user would need 
> >> to carefully configure things.
> > 
> > I think providing separate areas then is paramount. Admins should be
> > able to define "locations" and the maps would be created inside these
> > location. This way admins can set different automount options for
> > clients located in different places. I am sure clients in Australia are
> > not going to use the same automount maps as for clients in Baltimore.
> 
> If we add some sort of location identifier for automount what 
> implications does this have for other features? Do we want to have 
> per-location settings for anything else?

We might going on I think.

> My plan is to embed the location into the DN of the automount map and 
> key names using cn.

Seem sensible, another, perhaps better, way could be to have the
location as an attribute in the object so that the same maps could be
used in multiple locations by simply adding a new value.

But for this to work automount's ldap code would need to be able to use
additional custom filters, is that possible?

> For the UI we'll need some method of selecting/managing this list of 
> locations (drop-down box comes to mind). I'm not sure if storing this 
> separately is a good idea or not.

I am not sure what is the best method from a UI perspective, how would
you like to manage this property ?
I think you may want to see all data and then just have a list of
locations it applies to ("list" in case assuming we use a multivalue
attribute to store the location and not embed it in the DN).

> I just want to avoid any short-term choices I make don't have long-term 
> consequences.

Yes, thanks for doing that, it is important to always keep in mind
future developments, as data migration is always a pain if you later
have to change something, even more so in a distributed environment
where there are multiple servers involved.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list