Autofs in LDAP configuration – for Linux and Solaris

If you have LDAP server as user repository it is also good to have NFS server to store their home directories. To avoid autofs map configuration on every host, you can use LDAP service to store maps. I assume that NFS server (NFSHOME) is already installed, LDAP server and client are configured (see previous posts).
What do you need to do:

1. Enable nis.schema in LDAP server – you need to have nisObject and nisMap structural object classes and nisMapEntry, nisMapName attributes – schema is included in standard OpenLDAP distribution (/etc/openldap/schema).

2. Add nis maps to LDAP server – for Solaris:

dn: nisMapName=auto_master,ou=service,dc=mycompany,dc=com
objectClass: top
objectClass: nisMap
nisMapName: auto_master
dn: nisMapName=auto_home,ou=service,dc=mycompany,dc=com
objectClass: top
objectClass: nisMap
nisMapName: auto_home

for Linux – mind the dot (.) instead of underscore (_):

dn: nisMapName=auto.master,ou=service,dc=mycompany,dc=com
objectClass: top
objectClass: nisMap
nisMapName: auto.master
dn: nisMapName=auto.home,ou=service,dc=mycompany,dc=com
objectClass: top
objectClass: nisMap
nisMapName: auto.home

3. Add nis objects to LDAP server – in this case /home/user will be mapped to /app/nethomes/user on NFSHOME server – there is a wildcard (cn=*), but you can configure map for each user separatelly:

dn: cn=/home,nisMapName=auto_master,ou=service,dc=mycompany,dc=com
objectClass: top
objectClass: nisObject
cn: /home
nisMapEntry: auto_home -nosuid,nobrowse
nisMapName: auto_master
dn: cn=*,nisMapName=auto_home,ou=service,dc=mycompany,dc=com
objectClass: top
objectClass: nisObject
cn: *
nisMapEntry: -rw,sync,quota,vers=4 NFSHOME:/app/nethomes/&
nisMapName: auto_home

for Linux – change underscore to dot (auto_home -> auto.home etc.)

4. Solaris only – add proper entries to attributeMap, objectclassMap and serviceSearchDescriptor in your DUA profile:

dn: cn=dev,ou=profile,dc=mycompany,dc=com
objectClass: DUAConfigProfile
objectClass: top
cn: dev
attributeMap: automount:automountKey=cn
attributeMap: automount:automountInformation=nisMapEntry
attributeMap: automount:automountMapName=nisMapName
objectclassMap: automount:automount=nisObject
objectclassMap: automount:automountMap=nisMap
serviceSearchDescriptor: auto_master:ou=service,dc=capgemini,dc=com?sub?nisMapName=auto_master
serviceSearchDescriptor: auto_home:ou=service,dc=capgemini,dc=com?sub?nisMapName=auto_home

5. Add nisDomainObject and nisDomain attribute to your domain object – this is optional, but I remember that I had some warnings when it was not defined. Below you have schema and entry ldifs:

dn: cn={6}nisdomain,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {6}nisdomain
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain
 ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN
 'user defined' )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'Associa
 tes a NIS domain with a naming context' SUP top AUXILIARY MUST nisDomain X-
 ORIGIN 'user defined' )
dn: dc=mycompany,dc=com
objectClass: top
objectClass: nisDomainObject
objectClass: dcObject
objectClass: domain
dc: mycompany
nisDomain: mycompany.com

Client configuration in separate posts.

Useful links:
https://community.oracle.com/thread/1914905?start=0&tstart=0
https://community.oracle.com/thread/1910088?start=0&tstart=0
http://shanit.blogspot.de/2009/03/solaris-10-autofs.html

You may also like...

Leave a Reply