Hi, On Tue, 2016-05-24 at 20:43 -0400, Daniel Richard G. wrote: > I want to have an autofs mount for these so that they are accessible, > but I need to query a "unixHomeDirectory" attribute in LDAP (homedirs > are spread across multiple servers so I can't just construct a path > from the username) and the "homeDirectory" slot is already spoken > for.
The tricky bit here is that autofs, while partially configured in /etc/nsswitch.conf does not use the C library NSS layer for these lookups. You can use LDAP to export automounter maps but these will not go through nslcd. Maybe I don't understand your use case completely. > My company LDAP server has a "thumbnailPhoto" attribute for each > user, which is some kind of base64-encoded image that is likely the > same user photo shown in the Outlook mail client. > It would be lovely to show this as a "user picture" in LightDM, or > perhaps elsewhere in the Linux desktop, without needing to configure > a separate LDAP client to get at it. The problem here is that this also does not go through the NSS subsystem so will not reach nslcd. Extracting these pictures and updating local copies should be pretty simple with a small script. A long time ago I made something like that for gdm (probably no longer works with the most recent version), see https://arthurdejong.org/ldapgdmfaces/ > An "automount" map is supported by libnss-ldap, and while first-class > support for this in libnss-ldapd would be nice, I can foresee greater > flexibility in being able to specify multiple sources for automount > definitions (e.g. "automount1", "automount2", ...) I understand that the automounter map in nss_ldap is mainly for platforms that use the NSS layer for this. On Linux auotfs uses a custom lookup module that works well (supports mapping attributes etc.). The autofs-ldap package is reasonably flexible and I've seen environments where all automounter maps are in LDAP. At one point I did have a look into providing an autofs lookup module that would direct requests to nslcd but the main benefit would be to centralise configuration while that may not always be what you want (e.g. having automounter maps on a different LDAP server than user accounts). I would gladly help integrating an autofs lookup module and automounter map support in nslcd but for me personally the current software solution works without any real problems. For some background see: https://bugs.debian.org/638007 Anyway, patches for implementing automounter lookups in nslcd and perhaps an autofs lookup module are welcome and I will do my best to try to integrate them into nss-pam-ldapd. Thanks, -- -- arthur - [email protected] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
