[Freeipa-users] Automount cross-location support

Dmitri Pal dpal at redhat.com
Fri May 24 22:30:38 UTC 2013 

On 05/24/2013 05:48 PM, Nalin Dahyabhai wrote:
> On Fri, May 24, 2013 at 12:01:04PM +0200, Sigbjorn Lie wrote:
>> The compat module would have to be extended to support displaying selected automount maps from one
>> location in a different location. I do not know the internals of the compat plugin so what I'm
>> asking might be unable/hard to achieve with the compat plugin - I was referring to it because of
>> it's ability to mirror one part of the ldap tree to a different part of the ldap tree.
> The compat plugin's usually used to make a group of entries appear
> somewhere else, which isn't _quite_ the same thing as making part of the
> tree show up elsewhere, since the tree structure isn't preserved, but if
> you don't mind "flattening" of the results when your source is split up
> in the hierarchy of a subtree, that won't be a problem.
>
> Otherwise, yeah, if that newly-created part of the tree, where the
> plugin's making the fake entries appear, happens to be under a subtree
> which autofs is searching for a given map's contents, then I don't see a
> reason why it shouldn't work.  The configuration for the compat plugin
> would probably simply copy specific attributes rather than doing any
> real manipulation their values, much like we do for user entries under
> cn=users,cn=compat.  I guess you could either "tag" entries for
> inclusion in a way that they'd match the filter which the compat
> plugin's configured to use when searching for source entries, or grab
> all of the entries in that given source area.
>
> Whenever you added a new automount location, you'd need to add a new
> mostly-boilerplate configuration entry under "cn=Schema Compatibility,
> cn=plugins, cn=config" to have that same group of entries with the same
> contents show up in the new location's part of the tree, but that would
> be about it.
>
> Also, if you're not rewriting attribute values, you could probably also
> ccomplish it with managed entries, since it plays in a similar area.  Or
> perhaps it could be done with just referrals, though that depends on the
> client to follow them.
>
> HTH,
>
> Nalin
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Thanks Nalin.
Sounds like another HOW TO is brewing here.


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list