On 24/05/13 23:48, Nalin Dahyabhai wrote:
On Fri, May 24, 2013 at 12:01:04PM +0200, Sigbjorn Lie wrote:
The compat module would have to be extended to support displaying selected 
automount maps from one
location in a different location. I do not know the internals of the compat 
plugin so what I'm
asking might be unable/hard to achieve with the compat plugin - I was referring 
to it because of
it's ability to mirror one part of the ldap tree to a different part of the 
ldap tree.
The compat plugin's usually used to make a group of entries appear
somewhere else, which isn't _quite_ the same thing as making part of the
tree show up elsewhere, since the tree structure isn't preserved, but if
you don't mind "flattening" of the results when your source is split up
in the hierarchy of a subtree, that won't be a problem.

Otherwise, yeah, if that newly-created part of the tree, where the
plugin's making the fake entries appear, happens to be under a subtree
which autofs is searching for a given map's contents, then I don't see a
reason why it shouldn't work.  The configuration for the compat plugin
would probably simply copy specific attributes rather than doing any
real manipulation their values, much like we do for user entries under
cn=users,cn=compat.  I guess you could either "tag" entries for
inclusion in a way that they'd match the filter which the compat
plugin's configured to use when searching for source entries, or grab
all of the entries in that given source area.

Whenever you added a new automount location, you'd need to add a new
mostly-boilerplate configuration entry under "cn=Schema Compatibility,
cn=plugins, cn=config" to have that same group of entries with the same
contents show up in the new location's part of the tree, but that would
be about it.

Also, if you're not rewriting attribute values, you could probably also
ccomplish it with managed entries, since it plays in a similar area.  Or
perhaps it could be done with just referrals, though that depends on the
client to follow them.



I did some testing on this. I added an entry to "cn=Schema Compatibility, cn=plugins, cn=config", and defined the various settings for the compat plugin. It worked as a charm, the requested automountmaps we're mirrored. However, one glitch when I attempt to actually use it. Setting "schema-compat-container-group" to cn=default hides all the existing keys in automount location default. Setting it to a level below the cn=default, and the automounter does not see the entries with the error below. It seem like the automounter can only handle a single level of a tree, and does not search subtrees.

"get_query_dn: lookup(ldap): failed to find query dn under search base dns"

I don't think the flatten trees does any harm, it's already flat, as long as the container-group could be set to cn=default,cn=automount. However it would require logic within the IPA framework to follow any "automountinformation=-fstype=autofs auto_anothermapname" and also create setup for the additional "auto_anothermapname" in the compat plugin. And again the idea seem flawed when the additional maps cannot sit under the same schema-compat-container-group.

Is there any way to have several entries in the schema compatibility plugin to share the same level of schema-compat-container-group?


Regards,
Siggi







_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to