[Freeipa-users] Automount cross-location support
Nalin Dahyabhai
nalin at redhat.com
Fri May 24 21:48:11 UTC 2013
On Fri, May 24, 2013 at 12:01:04PM +0200, Sigbjorn Lie wrote:
> The compat module would have to be extended to support displaying selected automount maps from one
> location in a different location. I do not know the internals of the compat plugin so what I'm
> asking might be unable/hard to achieve with the compat plugin - I was referring to it because of
> it's ability to mirror one part of the ldap tree to a different part of the ldap tree.
The compat plugin's usually used to make a group of entries appear
somewhere else, which isn't _quite_ the same thing as making part of the
tree show up elsewhere, since the tree structure isn't preserved, but if
you don't mind "flattening" of the results when your source is split up
in the hierarchy of a subtree, that won't be a problem.
Otherwise, yeah, if that newly-created part of the tree, where the
plugin's making the fake entries appear, happens to be under a subtree
which autofs is searching for a given map's contents, then I don't see a
reason why it shouldn't work. The configuration for the compat plugin
would probably simply copy specific attributes rather than doing any
real manipulation their values, much like we do for user entries under
cn=users,cn=compat. I guess you could either "tag" entries for
inclusion in a way that they'd match the filter which the compat
plugin's configured to use when searching for source entries, or grab
all of the entries in that given source area.
Whenever you added a new automount location, you'd need to add a new
mostly-boilerplate configuration entry under "cn=Schema Compatibility,
cn=plugins, cn=config" to have that same group of entries with the same
contents show up in the new location's part of the tree, but that would
be about it.
Also, if you're not rewriting attribute values, you could probably also
ccomplish it with managed entries, since it plays in a similar area. Or
perhaps it could be done with just referrals, though that depends on the
client to follow them.
HTH,
Nalin
More information about the Freeipa-users
mailing list