[Freeipa-devel] automount in LDAP

[Rob Crittenden]

Dmitri Pal wrote:
> Simo Sorce wrote:
>> On Fri, 2008-11-07 at 20:35 -0500, Dmitri Pal wrote:
>>
>>  
>>>> Determining the location of the client is indeed only a precondition to
>>>> determine which services to use. Depending on the service you want to
>>>> use, policies on which server is appropriate to contact may vary.
>>>>
>>>> Simo.
>>>>
>>>>         
>>> I would say they are two independent things: which server to connect 
>>> and which policies to get.
>>>     
>>
>> I think you misunderstood my comment, I will try to rephrase.
>>
>> Depending on what kind of service (not server) you want to connect to
>> (ldap, nfs, http, ssh, ftp, mysql, voip, imap, smtp, ....) the admins
>> may decide that different servers are the ones you should connect to,
>> depending on which location your machine is located.
>>
>> If you are in Europe and there are servers in Madrid, Berlin, London
>> that offer nfs and imap, admins may have a policy (not in the sense of
>> IPA policies, I mean company policy) for which nfs is always going to be
>> served from the server in Madrid, while imap can be served either from
>> London or Berlin, whichever is closest to you.
>>
>> So for this decision to happen, location is just a precondition, further
>> configuration directives are needed to determine what should be the
>> client preferences. (For some services this will be done through DNS
>> discovery, while in some cases an IPA policy might override DNS
>> mechanisms).
>>
>> (I am willfully completely ignoring the fact that currently most Linux
>> apps cannot dynamically change their configuration this way, but IPA
>> components should move toward this goal).
>>
>> Simo.
>>
>>   
> Ok I got it.
> Sounds like a good idea to keep in mind for future.
> This is definitely not something we would be able to solve in v2.

And this is what I meant by poor choices now affecting the future :-)

Right now I'm sort of waving my hand saying 'location will be in the DN 
of the automount entry' but I don't yet say where I'm storing location 
other than in the DN. This will require the UI to fetch all the 
automount entries and sift thru the names to determine the list of 
locations to present to a user.

On the command-line it would be easier as we'd just pass along the 
location requested, though this would be prone to typos.

We could live with this for now and in the future store location in some 
central point. It wouldn't affect the UI, just make the processing a bit 
less intensive.

I'm thinking of just setting location as a cn in the DN, so a map DN 
would look like:

dn: automountmapname=auto.direct, cn=Baltimore, cn=automount, 
dc=example, dc=com

or

dn: automountmapname=auto.direct, cn=default, cn=automount, dc=example, 
dc=com

I should probably treat the location cn as case-sensitive since that is 
what the cn attribute defines.

rob