If you have LDAP server as user repository it is also good to have NFS server to store their home directories. To avoid autofs map configuration on every host, you can use LDAP service to store maps. I assume that NFS server (NFSHOME) is already installed, LDAP server and client are configured (see previous posts).
\nWhat do you need to do:<\/p>\n
1. Enable 2. Add nis maps to LDAP server – for Solaris:<\/p>\n for Linux – mind the dot (.) instead of underscore (_):<\/p>\n 3. Add nis objects to LDAP server – in this case for Linux – change underscore to dot (auto_home -> auto.home etc.)<\/p>\n 4. Solaris only – add proper entries to attributeMap, objectclassMap and serviceSearchDescriptor in your DUA profile:<\/p>\n 5. Add nisDomainObject and nisDomain attribute to your domain object – this is optional, but I remember that I had some warnings when it was not defined. Below you have schema and entry ldifs:<\/p>\n Client configuration in separate posts.<\/p>\n Useful links: If you have LDAP server as user repository it is also good to have NFS server to store their home directories. To avoid autofs map configuration on every host, you can use LDAP service...<\/p>\n","protected":false},"author":1,"featured_media":627,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[115,98,108],"tags":[6,99,44,9],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1267%2C1073&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-b3","jetpack-related-posts":[{"id":719,"url":"https:\/\/drfugazi.eu.org\/en\/linux-ldap-autofs-client-configuration\/","url_meta":{"origin":685,"position":0},"title":"Linux LDAP autofs client configuration","author":"drfugazi","date":"Wednesday May 10th, 2017","format":false,"excerpt":"There is a plenty of Linux distributions, so there is not my point to describe how to configure autofs in every one of them. This description is based on RedHat\/CentOS, but it can be applied to other distributions with very small changes. If you have local users and their directories\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/10\/linux-logo.jpg?fit=300%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":599,"url":"https:\/\/drfugazi.eu.org\/en\/ldap-server-for-solaris-and-linux-clients\/","url_meta":{"origin":685,"position":1},"title":"LDAP server for Solaris and Linux clients","author":"drfugazi","date":"Thursday June 2nd, 2016","format":false,"excerpt":"Few months ago I received a task to set up LDAP authentication for Solaris 10, Solaris 11 and Linux machines in Customer's infrastructure. As LDAP server was chosen OpenLDAP 2.4.x in Master-Slave configuration with SSL\/TLS support. Servers was installed on Virtual Machines with CentOS 6.7. I will not describe LDAP\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"LDAP DIT","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":692,"url":"https:\/\/drfugazi.eu.org\/en\/solaris-ldap-autofs-client-configuration\/","url_meta":{"origin":685,"position":2},"title":"Solaris LDAP autofs client configuration","author":"drfugazi","date":"Thursday December 15th, 2016","format":false,"excerpt":"Last time I wrote about autofs configuration on LDAP server, now it is time to configure autofs client in Solaris. I assume that in DUAConfigProfile, objectClasses and attributes are already defined. You can check this with simply commands: [bash] % ldaplist -l auto_master dn: automountMapName=auto_master,ou=service,dc=mycompany,dc=com automountMapName: auto_master objectClass: automountMap objectClass:\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":729,"url":"https:\/\/drfugazi.eu.org\/en\/sudoers-in-ldap\/","url_meta":{"origin":685,"position":3},"title":"Sudoers in LDAP","author":"drfugazi","date":"Wednesday June 28th, 2017","format":false,"excerpt":"In addition to the standard sudoers file, sudo may be configured via LDAP. This can be especially useful for synchronizing sudoers in a large, distributed environment. You need to have LDAP server and client configured, if you do not have already, see my previous posts. LDAP schema extension for sudo\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2017\/06\/sudo-sudoers-make-me-sandwich.jpg?fit=360%2C299&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":210,"url":"https:\/\/drfugazi.eu.org\/en\/","url_meta":{"origin":685,"position":4},"title":"openldap-2.4.23","author":"drfugazi","date":"Monday August 16th, 2010","format":false,"excerpt":"OpenLDAP jest Open Sourceow\u0105 implementacj\u0105 us\u0142ugi katalogowej opartej na protokole LDAP (Lightweight Directory Access Protocol) Suita zawiera: slapd - samodzielnie dzia\u0142aj\u0105cy demon LDAP (serwer); biblioteki implementuj\u0105ce protok\u00f3\u0142 LDAP; narz\u0119dzia, programy u\u017cytkowe i przyk\u0142adowe klienty. \u0179r\u00f3d\u0142o: http:\/\/www.openldap.org\/","rel":"","context":"In \"Compilation\"","block_context":{"text":"Compilation","link":"https:\/\/drfugazi.eu.org\/en\/tag\/kompilacja\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":373,"url":"https:\/\/drfugazi.eu.org\/en\/budowa-systemu-pocztowego\/","url_meta":{"origin":685,"position":5},"title":"Building mail system","author":"drfugazi","date":"Monday August 13th, 2012","format":false,"excerpt":"This description is based on my experience, which I gained during mail system implementation on University of Silesia (Katowice\/Poland). In the first stage there was about 3 000 of users, now the system is handling about 40 k of mail users. Whole system (exluding Sophos AV) is based on Open\u2026","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/685"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=685"}],"version-history":[{"count":6,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/685\/revisions"}],"predecessor-version":[{"id":691,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/685\/revisions\/691"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media\/627"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}nis.schema<\/code> in LDAP server – you need to have nisObject and nisMap structural object classes and nisMapEntry, nisMapName attributes – schema is included in standard OpenLDAP distribution (\/etc\/openldap\/schema).<\/p>\n\r\ndn: nisMapName=auto_master,ou=service,dc=mycompany,dc=com\r\nobjectClass: top\r\nobjectClass: nisMap\r\nnisMapName: auto_master<\/pre>\n
\r\ndn: nisMapName=auto_home,ou=service,dc=mycompany,dc=com\r\nobjectClass: top\r\nobjectClass: nisMap\r\nnisMapName: auto_home<\/pre>\n
\r\ndn: nisMapName=auto.master,ou=service,dc=mycompany,dc=com\r\nobjectClass: top\r\nobjectClass: nisMap\r\nnisMapName: auto.master<\/pre>\n
\r\ndn: nisMapName=auto.home,ou=service,dc=mycompany,dc=com\r\nobjectClass: top\r\nobjectClass: nisMap\r\nnisMapName: auto.home<\/pre>\n
\/home\/user<\/code> will be mapped to \/app\/nethomes\/user<\/code> on NFSHOME server – there is a wildcard (cn=*<\/code>), but you can configure map for each user separatelly:<\/p>\n\r\ndn: cn=\/home,nisMapName=auto_master,ou=service,dc=mycompany,dc=com\r\nobjectClass: top\r\nobjectClass: nisObject\r\ncn: \/home\r\nnisMapEntry: auto_home -nosuid,nobrowse\r\nnisMapName: auto_master<\/pre>\n
\r\ndn: cn=*,nisMapName=auto_home,ou=service,dc=mycompany,dc=com\r\nobjectClass: top\r\nobjectClass: nisObject\r\ncn: *\r\nnisMapEntry: -rw,sync,quota,vers=4 NFSHOME:\/app\/nethomes\/&\r\nnisMapName: auto_home<\/pre>\n
\r\ndn: cn=dev,ou=profile,dc=mycompany,dc=com\r\nobjectClass: DUAConfigProfile\r\nobjectClass: top\r\ncn: dev<\/pre>\n
\r\nattributeMap: automount:automountKey=cn\r\nattributeMap: automount:automountInformation=nisMapEntry\r\nattributeMap: automount:automountMapName=nisMapName\r\nobjectclassMap: automount:automount=nisObject\r\nobjectclassMap: automount:automountMap=nisMap\r\nserviceSearchDescriptor: auto_master:ou=service,dc=capgemini,dc=com?sub?nisMapName=auto_master\r\nserviceSearchDescriptor: auto_home:ou=service,dc=capgemini,dc=com?sub?nisMapName=auto_home\r\n<\/pre>\n
\r\ndn: cn={6}nisdomain,cn=schema,cn=config\r\nobjectClass: olcSchemaConfig\r\ncn: {6}nisdomain\r\nolcAttributeTypes: {0}( 1.3.6.1.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain\r\n ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN\r\n 'user defined' )\r\nolcObjectClasses: {0}( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'Associa\r\n tes a NIS domain with a naming context' SUP top AUXILIARY MUST nisDomain X-\r\n ORIGIN 'user defined' )<\/pre>\n\r\ndn: dc=mycompany,dc=com\r\nobjectClass: top\r\nobjectClass: nisDomainObject\r\nobjectClass: dcObject\r\nobjectClass: domain\r\ndc: mycompany\r\nnisDomain: mycompany.com<\/pre>\n
\nhttps:\/\/community.oracle.com\/thread\/1914905?start=0&tstart=0<\/a>
\nhttps:\/\/community.oracle.com\/thread\/1910088?start=0&tstart=0<\/a>
\nhttp:\/\/shanit.blogspot.de\/2009\/03\/solaris-10-autofs.html<\/a><\/p>","protected":false},"excerpt":{"rendered":"