<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 06/30/2011 12:04 PM, Ondrej Valousek wrote:
<blockquote cite="mid:4E0C9E8F.6010208@s3group.cz" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
Hmm,<br>
To me, these instructions are very vague - for example it
completely omits LDAP security configuration for the automounter
(stored in /etc/autofs_ldap_auth.conf). How does the automounter
bind to the ldap server? Anonymously?<br>
I would not recommend it.<br>
<br>
I would recommend to configure automounter to use the host/
principal in the local Kerberos system database and bind using
SASL/GSSAPI instead. It is more secure and elegant solution.<br>
<br>
</blockquote>
<br>
<br>
Sure but the point is to give you an example of how to do it with
IPA. I .e. to demonstrate the IPA specific context which is the
"location".<br>
We do not control the autofs on the client side so the configuration
of it is out of scope of the IPA documentation. <br>
<br>
Good description on how to set up the autofs with GSSAPI or using
other security mechanisms is always welcome but it has no specifics
to IPA (unless I am missing something). It is nothing different from
any other kerberos enabled LDAP server so any generic guidelines
documented in autofs (I assume they exist) should apply. <br>
<br>
Thanks<br>
Dmitri<br>
<br>
<blockquote cite="mid:4E0C9E8F.6010208@s3group.cz" type="cite">
Ondrej<br>
<br>
<br>
On 30.06.2011 17:26, Adam Young wrote:
<blockquote cite="mid:4E0C95BA.9060004@redhat.com" type="cite">
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
Good point. <br>
<br>
Take a look at the test day instructions, I found them very
useful for setting up both SUDO and automount.<br>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount">https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount</a><br>
<br>
<br>
On 06/30/2011 11:08 AM, Ondrej Valousek wrote:
<blockquote cite="mid:4E0C9153.6000602@s3group.cz" type="cite">
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
<br>
<br>
On 30.06.2011 16:55, Rob Crittenden wrote:
<blockquote cite="mid:4E0C8E60.8000806@redhat.com" type="cite">Look
at the output of this for details: ipa help automount <br>
</blockquote>
<br>
I see, thanks!<br>
It would be nice to update man pages like:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html">http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html</a><br>
to say something like:<br>
<pre class="programlisting">LDAP_URI=<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="ldap:///dc=example,dc=com">"ldap:///dc=example,dc=com"</a>
SEARCH_BASE="cn=<location>,cn=automount,dc=example,dc=com"
</pre>
So people know more automounter's ability to locate ldap
server via DNS SRV....<br>
<br>
Thanks!<br>
Ondrej<br>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>