On Tue, 02 Jun 2015, swartz wrote:
I have a environment that spans across multiple physical locations where
there is a mix of Linux and Solaris workstations/servers. So far we've been
managing accounts (/etc/password) via Puppet.
Problem: FreeIPA allows to store only one homedir path.
Q: Is there a way to store/set a different home path based on the system
that the user is logged into?
Yes, this is a feature of FreeIPA 4.1, called ID Views.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html
See also my talk at SambaXP this year:
https://www.samba.org/~ab/sambaxp/2015/freeipa_idviews.pdf
While ID Views were designed for supporting Active Directory users
(where you may not have POSIX attributes in the directory), they can be
used for augmenting IPA users too -- just create a separate view and
apply it to the host you need. SSSD has to be recent enough to apply the
view locally at that host.
For Solars and other systems, use compat tree integration.
As an example, I have user Bob.
On a Linux box Bob has homedir at /home/b/bob
On a Solaris this is likely /export/home/bob
While on some other odd system it could be /mnt/nas/users/bob
The contents in each of the above locations differs for Bob.
There are NAS boxes that hold data for specific groups that are mounted on
few machines only. We can't use NAS as central homedir storage for number
of reasons. Mounting exported filesystems as subdirs under main homedir
isn't an option either. Many odd-ball systems don't export their
filesystems. Mounting all homedirs locations isn't necessary on all
machines. Performance issues over network., etc, etc.
Is there a way to handle such scenario as outline above? I would welcome
any input/ideas.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
