On Thu, May 23, 2013 17:23, Rob Crittenden wrote:
> Sigbjorn Lie wrote:
>
>> Hi,
>>
>>
>> I opened a RFE request almost 2 years ago for automount cross-location
>> support, and recently I
>> discovered how it can be integrated.
>>
>> https://fedorahosted.org/freeipa/ticket/1699
>>
>>
>>
>> It is possible to reference a LDAP map from outside what is set in the
>> BASE_DN in
>> /etc/sysconfig/autofs.
>>
>>
>> Consider the following. The BASE_DN is set to:
>> cn=default,cn=automount,dc=example,dc=com
>>
>>
>> Add an entry to the auto.master in location "default" like this and restart
>> automount:
>> /test2 ldap
>> automountmapname=auto_test2,cn=secondlocation,cn=automount,dc=example,dc=com
>>
>>
>> I tested this on RHEL 6.4 and it worked just fine. Maps from the default
>> location and the
>> specificed "test2" map is read and the entries are mounted successfully.
>>
>> Now I can do this manually, but it would be nice to have this integrated in
>> the IPA framework.
>>
>>
>> The only downside to this implementation is that I am not sure if this will
>> work across
>> platforms. It might be a Linux automount feature only. Using features of
>> 389ds such as the
>> compat module to mirror maps between automount maps would work on any
>> platform.
>
> It may be that the basedn for autofs is just to find the maps. For keys
> it can use the value directly because they point to real entries.
>
> Its good to know that this works, but we still need some way internally
> to detangle these and present the values in a way that it is easy to pick and
> choose.
>
> I suppose one idea would be to create a new kind of map share, common.
> This would only allow ldap keys which could point to any valid key.
>
Yes, a "common" / "linked" map type sounds like a good way to go.
>
> A common map could be added to any location.
>
>
> I'm not sure how we'd represent this using compat though.
>
The compat module would have to be extended to support displaying selected
automount maps from one
location in a different location. I do not know the internals of the compat
plugin so what I'm
asking might be unable/hard to achieve with the compat plugin - I was referring
to it because of
it's ability to mirror one part of the ldap tree to a different part of the
ldap tree.
Regards,
Siggi
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
