Find the answer to your Linux question:
Results 1 to 2 of 2
Hi everyone! I got a little problem with automounting the ldap-users homedirs. Perhaps anyone of you has an idea: On my SLOX 4.1 (as ldap-server) I use the autofs.schema for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2004
    Posts
    1

    ldap, nfs and automount


    Hi everyone!

    I got a little problem with automounting the ldap-users homedirs.
    Perhaps anyone of you has an idea:

    On my SLOX 4.1 (as ldap-server) I use the autofs.schema for autofs 4.0.

    slox-ip: 213.252.21.211
    nfs-ip: 213.252.21.212
    client-username: besi
    client-os: suse 9.1 pro
    ------------
    My ldap-entries are as follows:

    dn: ou=auto.master,dc=sirlsped,dc=com
    objectClass: top
    objectClass: automountMap
    ou: auto.master

    dn: cn=/home,ou=auto.master,dc=sirlsped,dc=com
    objectClass: top
    objectClass: automount
    cn: /home
    automountinformation: ldap:213.252.21.211:ou=auto.home,dc=sirlsped,dc=co m

    dn: ou=auto.home,dc=sirlsped,dc=com
    objectClass: top
    objectClass: automountMap
    ou: auto.home

    dn: cn=besi,ou=auto.home,dc=sirlsped,dc=com
    objectClass: top
    objectClass: automount
    cn: besi
    automountinformation: -fstype=nfs,hard,intr,nodev,nosuid
    213.252.21.212:/home/exports/besi
    -------------
    My nnswitch.conf looks like that:
    passwd: compat
    group: compat
    automount: ldap
    passwd_compat: ldap
    group_compat: ldap
    ----------------------------
    The ldap.conf on the client machine looks like that:
    host sirloxs.sirlsped.com (which has the ip 213.252.21.211)
    base dc=sirlsped,dc=com
    ----------------------------
    The exports-file on the nfs looks like that:
    /home/exports 213.252.21.0/255.255.255.0(rw,async) *.sirlsped.com/rw,async)
    ----------------------------
    The hosts.allow-file on the nfs looks like that:
    portmap: 213.252.21.0/255.255.255.0
    mountd: 213.252.21.0/255.255.255.0
    -----------------------------
    Now when I login as 'besi' on the client machine, kde cannot start because
    it cannot find the homedir for th user.
    But when I login as root, mount the homedir like this:
    automount /home ldap 213.252.21.211:cn=besi,ou=auto.home,dc=sirlsped,dc =com
    it mounts the directory and i can change user to 'besi'. But when I reboot
    the client and want to login in as 'besi' again, the automount doent work
    again.

    Any ideas, what could be wrong?

    FYI: my slapd.conf looks like this:
    #
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/dnszone.schema
    include /etc/openldap/schema/dhcp.schema
    include /etc/openldap/schema/samba.schema
    include /etc/openldap/schema/suse-email-server.schema
    include /etc/openldap/schema/autofs.schema

    # Define global ACLs to disable default read access.
    access to *
    by peername="ip=127\.0\.0\.1" read
    by peername="ip=213\.252\.21" read
    by peername="ip=213\.252\.21" auth
    by peername="ip=213\.252\.21" write
    by users read
    by * none

    #
    # Check, if entries will match to db
    #
    schemacheck on

    loglevel 0
    sizelimit 1000
    #threads 32

    pidfile /var/run/slapd.pid
    argsfile /var/run/slapd.args
    password-hash {crypt}

    TLSCertificateFile /etc/ssl/certs/cert.pem
    TLSCertificateKeyFile /etc/ssl/certs/skey.pem
    TLSCACertificateFile /etc/ssl/CA/usedCA.pem

    ################################################## #####################
    # ldbm database definitions
    ################################################## #####################

    # ******************************* System Backend **********************
    database ldbm
    cachesize 30000
    directory /var/lib/ldap
    lastmod on
    mode 0600

    suffix "dc=sirlsped,dc=com"
    rootdn "uid=cyrus,dc=sirlsped,dc=com"

    # ******************************* System Backend **********************

    #
    # cleartext passwords, especially for the rootdn,
    # should be avoid. See slapd.conf(5) for details.

    # Don't put all your energy in a senseless searching
    #
    index uid,fn,memberuid,gidnumber,alias,relayClientcert eq
    index objectclass,uidnumber,mailenabled,relativeDomainNa me eq
    index
    zoneName,vaddress,reject,comFireGroupID,smtpDomain ,MTALocaldomain eq
    index cn,sn,givenname eq,sub

    # Access controll
    #

    # Private AddressBook
    access to dn="ou=addr,uid=(.*),dc=sirlsped,dc=com"
    by dn="uid=$1,dc=sirlsped,dc=com" write
    by peername="ip=213\.252\.21" write
    by * none

    # allow rootDSE queries
    access to dn=""
    by peername="ip=213\.252\.21" read
    by * read

    # To let PAM authenticate
    access to attr=userpassword
    by self write
    by peername="ip=213\.252\.21" auth
    by peername="ip=213\.252\.21" read
    by anonymous auth
    by * none

    access to attr=shadowLastChange
    by self write
    by peername="ip=213\.252\.21" read
    by * read

    # only the Admin is allowed to change the members of the addressadmins group
    access to dn.base="cn=AddressAdmins,o=AddressBook,dc=sirlspe d,dc=com"
    by users read
    by * none

    # only the members of the AddressAdmins group are allowed to write to the
    # Public Address Book
    access to dn.subtree="o=AddressBook,dc=sirlsped,dc=com"
    by group="cn=AddressAdmins,o=AddressBook,dc=sirlsped, dc=com" write
    by peername="ip=213\.252\.21" write
    by users read
    by * none

    # handle write access to the personal data (system address book)
    # - first look at the OpenLDAPaci attribute
    # - if that doesn't exist or the user-dn is not in the subject clause,
    # give write access to the owner of the entry and read acces to anyone else
    access to dn="uid=[^,]+,dc=sirlsped,dc=com"
    attr=c,cn,telephoneNumber,facsimileTelephoneNumber ,pager,title,givenname,sn,l,description,mail,stree t,postalCode,st,homePhone,ou,initials,mobile,label edURI,SuSETimeZone,faxDID,smsDID,printID,birthDay, jpegphoto,logindestination,entry,objectclass
    by aci write break
    by self write
    by users read
    by peername="ip=213\.252\.21" write
    by peername="ip=127\.0\.0\.1" read
    by * none

    # if the above break statement is reached add read access for everyone
    access to dn="uid=[^,]+,dc=sirlsped,dc=com"
    attr=c,cn,telephoneNumber,facsimileTelephoneNumber ,pager,title,givenname,sn,l,description,mail,stree t,postalCode,st,homePhone,ou,initials,mobile,label edURI,SuSETimeZone,faxDID,smsDID,printID,birthDay, jpegphoto,logindestination,entry,objectclass
    by users +rsc
    by peername="ip=127\.0\.0\.1" +rsc
    by peername="ip=213\.252\.21" +rsc
    by * none

    access to dn="uid=[^,]+,dc=sirlsped,dc=com"
    attr=comFireTaskDays,comFireAppointmentDays,FUMSCl ientConfig,preferredLanguage,userPKCS12
    by self write
    by peername="ip=127\.0\.0\.1" write
    by peername="ip=213\.252\.21" read
    by * none

    access to attr=lmPassword,ntPassword
    by peername="ip=213\.252\.21" read
    by * none

    allow bind_v2 bind_anon_dn
    ----------------

  2. #2
    Just Joined!
    Join Date
    Mar 2006
    Posts
    4
    Gee I wish someone would reply to this.

    Same problem (but in Ubuntu). Odd problem.

    I have a situation where I have a server and 40 client machines. The client machine NFS their /home/ dir. Logins via LDAP on the client machines choke because of 'invalid octet' values when attempting to chmod 600? I don't have an error log handy.

    --

    A RH problem at expert-sexchange indicates that something named rhnsd must be running at boot and that chkconfig --level 2345 rhnsd off would fix it. Good luck applying that to any other distro.

    --

    autofs + ldap

    and the reply:

    Re: autofs + ldap
    Last edited by yeago; 02-17-2008 at 10:11 PM. Reason: because I ****ing want to.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •