Hi,

On 30.06.2011 17:29, Dmitri Pal wrote:
Can you please rephrase? Do you mean that instead of documenting what we already have or in addition to it, we should also document how to configure automount with DNS?
Does DNS allow specifying the search base?
Can you please point on any doc/man page that describes how to configure DNS for automount. We might add it as a reference into the doc. Is this what you are looking for?

First of all, I believe you guys in Redhat did a great job with the IPA.
Why? Because with all the install scripts and the framework around it, you managed to integrate all services (DNS, Kerberos, LDAP) into simply manageable Identity management for Linux.

Normal IT admin no longer has to dig various howtos in the Internet. Just run the install script and you get something very similar to Active Directory - robust and standard-based system.

The key thing is for me the simplicity and the scripts around it. One should no 
longer be afraid of setting up all the services separately.
From the client's prospective, You already covered Kerberos configuration and 
NSS, that's fine.

Because of the reasons I outlined above I also believe that the *ipa-client-install* script should take care of the automounter, too (or at least offer the autofs configuration) - and this includes everything.

As a helping hand I offer my adds to your existing howtos (I have already 
checked its functionality).

[root@draco etc]# cat /etc/sysconfig/autofs:
...
LDAP_URI="ldap:///dc=example,dc=com";     # let the automounter discover LDAP 
server on its own
....

[root@draco etc]# cat /etc/autofs_ldap_auth.conf
<autofs_ldap_sasl_conf
     usetls="no"
     tlsrequired="no"
     authrequired="yes"
     authtype="GSSAPI"
     clientprinc="host/draco.prague.s3group....@example.com"  # taken from 
klist -k
/>

This is I believe the best configuration you can get for autofs. It is not difficult (as you can see) so the ipa-client-install script should be able to take care of it automatically.

And finally, regarding your question - see man auto.master. The DNS SRV lookup ability was added there because I asked autofs maintainer Ian Kent from Redhat to do it and he was kind enough to implement it for us (he actually grabbed a piece of Samba code to make it working). If you feel there should be something more (like you mentioned getting the search base from DNS as well), talk to him, I am sure he will help you.

The ldap server SRV lookup has been there for quite some time so it is in 
RHEL5/6 already.
Thanks!

Ondrej
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to