[Freeipa-devel] automount in LDAP

Nalin Dahyabhai nalin at redhat.com
Wed Nov 5 17:20:13 UTC 2008 

On Tue, Nov 04, 2008 at 11:22:48PM -0500, Rob Crittenden wrote:
> I'm trying to wrap my head around automount over LDAP and how we would  
> want an API over XML-RPC to support it.
>
> At its core there are 2 types of objects we'll deal with: maps and keys
>
> That part is easy enough. I can implement add-map and add-key methods.  
> The problem is producing something actually usable to a client.
>
> The thing is, the admin will need a certain amount of automount  
> knowledge to create a usable setup. Do we want to mirror the LDAP  
> objects or provide an interface to be useful, or both?

I know it's going to be more work, but you may end up having to do both.

> So an example is in order. Here is an example of a simple non-home  
> shared directory. It creates the maps auto.master and auto.share and  
> exports the NFS share /share/builds.
>
> dn: automountmapname=auto.master,cn=accounts,dc=example,dc=com
> objectClass: automountMap
> objectClass: top
> automountMapName: auto.master
>
> dn:  
> automountkey=/share,automountmapname=auto.master,cn=accounts,dc=example,dc
>  =com
> objectClass: automount
> objectClass: top
> automountKey: /share
> automountInformation: ldap:automountmapname=auto.share,  
> cn=accounts,dc=example
>  ,dc=com
>
> dn: automountmapname=auto.share,cn=accounts,dc=example,dc=com
> objectClass: automountMap
> objectClass: top
> automountMapName: auto.share
>
> dn:  
> automountkey=builds,automountmapname=auto.share,cn=accounts,dc=example,dc=
>  com
> automountInformation: somehost:/share/builds
> objectClass: automount
> objectClass: top
> automountKey: builds
>
> So assuming I'm reading this right, and that is a bit of a leap, this  
> shows there are two kinds of keys. One defines a search point (/share)  
> and one defines a mount point (builds). And it requires knowledge of how  
> automount wants to format shares.

Looks right to me.  You'll see fewer maps storing directory paths (only
auto.master and auto.direct come to mind) than subdirectory names.  The
first group are typically known as "direct" maps, and the latter group
as "indirect" maps.

> And also, this assumes we use a schema with automountkey/automountmap  
> instead of cn and ou.

Yes, and it's actually what I prefer.  Using these particular attributes
means that keys can be case-sensitive (automountKey is defined to be so
in the schema, while cn and ou are not).  Automount map information
stored in files and NIS maps treats the keys as case-sensitive, too, and
any deviation from that behavior when you're moving to LDAP is
surprising (and, it turns out, often upsetting).

> Adding shares can be left as an exercise to the user by just exporting a  
> way to add maps and keys, or we can try to impose some sort of order on  
> this. What that might look like I don't know.
>
> Feedback welcome.

The only opinion I have to offer is this: people do exceptionally weird
things with autofs maps, so the less constraints you force, the happier
people will be.  If you can manage to offer default settings that don't
push people toward weirdness, though, the situation might look better in
the future.

Nalin

More information about the Freeipa-devel mailing list