[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
extend remote server with local (subordinate) entries
Hi,
I use the configuration below to extend a given remote LDAP database
with a relatively small number of local records. Specifically, the
local database adds new (posix) groups and new autofs maps, adding to
the ones already given by the remote server. (see the original thread
at: http://www.openldap.org/lists/openldap-software/200802/msg00128.html)
...
moduleload back_ldap
moduleload back_bdb
...
backend bdb
backend ldap
...
# bdb backend, configured as a subordinate of the main server
database bdb
suffix "dc=SUB,dc=EXAMPLE,dc=COM"
readonly on
subordinate
...
# ldap backend, with the right DN base
database ldap
lastmod off
suffix "dc=EXAMPLE,dc=COM"
uri "ldaps://REMOTE_SERVER/"
...
The extension of groups works like charm, without any modification to
the clients' setup (/etc/ldap/ldap.conf).
However, the additional maps aren't observed by the autofs-ldap method
and are therefore not working for users.
Running on Debian (unstable), autofs-ldap-auto-master gives:
/home ldap:ou=auto.home,ou=AutoFS,dc=EXANPLE,dc=COM
/proj ldap:ou=auto.proj,ou=AutoFS,dc=EXAMPLE,dc=COM
A remote LDAP entry for /proj looks like:
dn: cn=blast,ou=auto.proj,ou=AutoFS,dc=EXAMPLE,dc=COM
objectClass: automount
cn: blast
automountInformation: -rw blast:/export/blast
A local (added to the subtree SUB) entry for /proj looks like:
dn: cn=extra,ou=auto.proj,ou=AutoFS,dc=SUB,dc=EXAMPLE,dc=COM
objectClass: automount
cn: extra
automountInformation: -rw extra:/export/extra
Problem is, that autofs only "sees" entries of the first type; if I
run automount manually (prepending "dc=SUB," to the default way it
is otherwise invoked):
/usr/sbin/automount --pid-file=/var/run/autofs/_proj.pid --timeout=300 /proj
ldap ou=auto.proj,ou=AutoFS,dc=SUB,dc=EXAMPLE,dc=COM
then I can make it see the second type, but then it ignores the first
type. Note that the same technique works for adding more groups. So I
suspect the problem is that somehow autofs does not consider subtrees
as valid results for its query to ldap.
Any ideas how to fix this ? (or perhaps suggestion how to arrange the
entire setup differently and still have the same end result).
Thanks,
Oren.