[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: extend remote server with local (subordinate) entries

To: openldap-technical@openldap.org
Subject: Re: extend remote server with local (subordinate) entries
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Fri, 22 Feb 2008 08:18:01 +0100
In-reply-to: <47BE0730.5050701@cs.columbia.edu> (Oren Laadan's message of "Thu, 21 Feb 2008 18:20:16 -0500")
References: <47BE0730.5050701@cs.columbia.edu>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Oren Laadan <orenl@cs.columbia.edu> writes:

> Hi,
>
> I use the configuration below to extend a given remote LDAP database
> with a relatively small number of local records. Specifically, the
> local database adds new (posix) groups and new autofs maps, adding to
> the ones already given by the remote server. (see the original thread
> at: http://www.openldap.org/lists/openldap-software/200802/msg00128.html)
>
>> ...
>> moduleload      back_ldap
>> moduleload      back_bdb
>> ...
>> backend         bdb
>> backend         ldap
>> ...
>> # bdb backend, configured as a subordinate of the main server
>> database        bdb
>> suffix          "dc=SUB,dc=EXAMPLE,dc=COM"
>> readonly        on
>> subordinate
>> ...
>> # ldap backend, with the right DN base
>> database        ldap
>> lastmod         off
>> suffix          "dc=EXAMPLE,dc=COM"
>> uri             "ldaps://REMOTE_SERVER/"
>> ...
>>
>
> The extension of groups works like charm, without any modification to
> the clients' setup (/etc/ldap/ldap.conf).
> However, the additional maps aren't observed by the autofs-ldap method
> and are therefore not working for users.
>
> Running on Debian (unstable), autofs-ldap-auto-master gives:
>
>   /home ldap:ou=auto.home,ou=AutoFS,dc=EXANPLE,dc=COM
>   /proj ldap:ou=auto.proj,ou=AutoFS,dc=EXAMPLE,dc=COM
>
> A remote LDAP entry for /proj looks like:
>
>   dn: cn=blast,ou=auto.proj,ou=AutoFS,dc=EXAMPLE,dc=COM
>   objectClass: automount
>   cn: blast
>   automountInformation: -rw blast:/export/blast
>
> A local (added to the subtree SUB) entry for /proj looks like:
>
>   dn: cn=extra,ou=auto.proj,ou=AutoFS,dc=SUB,dc=EXAMPLE,dc=COM
>   objectClass: automount
>   cn: extra
>   automountInformation: -rw extra:/export/extra
>
> Problem is, that autofs only "sees" entries of the first type; if I
> run automount manually (prepending "dc=SUB," to the default way it
> is otherwise invoked):
>
>   /usr/sbin/automount --pid-file=/var/run/autofs/_proj.pid --timeout=300 /proj
> ldap ou=auto.proj,ou=AutoFS,dc=SUB,dc=EXAMPLE,dc=COM
>
> then I can make it see the second type, but then it ignores the first
> type. Note that the same technique works for adding more groups. So I
> suspect the problem is that somehow autofs does not consider subtrees
> as valid results for its query to ldap.
>
> Any ideas how to fix this ?  (or perhaps suggestion how to arrange the
> entire setup differently and still have the same end result).

This presumably is an autofs problem, but you may have a look at
slapo-rmw(5) and slapo-translucent(5).

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Follow-Ups:
- Re: extend remote server with local (subordinate) entries
  - From: Oren Laadan <orenl@cs.columbia.edu>

References:
- extend remote server with local (subordinate) entries
  - From: Oren Laadan <orenl@cs.columbia.edu>

Prev by Date: me
Next by Date: Re: OpenLdap unstable on RHEL5 & Centos5 with db4
Index(es):
- Chronological
- Thread