Re: OpenLDAP <-> iPlanet cooperation

Hi Ric:

What version of Iplanet are you using? If it is 5.1, I have one tip, check your automount schema on the server side. The automount should be nis compatible otherwise it will fail, not only with linux but also with any solaris 8 clients.

 /var/ds5/slapd-<server>/config/schema/11rfc2307.ldif is the key.

Cheers, Susana

Tibbetts, Ric wrote:

I'm faced with a situation that I'm not sure how to resolve.
I need to set up Linux workstations to run autofs through LDAP. Currently, the Suns are all set up that way.

(prior to this project, I'd never worked with LDAP, so my knowledge on the subject is extremely sparse).

So far, I have a Linux client (running RedHat 8.0 + OpenLDAP), that authenticates through the Sun based iPlanet Directory Server. It handles logins just fine. But I can't get the automounter to work for home directories.

Per information I've found in various places, I've added the following to /etc/auto.master

/home ldap:ldap.mlb.esid.northgrum.com:nisMapName=auto_home,dc=eng,dc=mlb,dc=northgrum,dc=com

starting autofs then produces the following in /var/log/messages:

Feb 11 11:32:39 aurora automount[1336]: starting automounter version 3.1.7, path = /home, maptype = ldap, mapname = ldap.mlb.esid.northgrum.com:nisMapName=auto_home,dc=eng,dc=mlb,dc=northgrum,dc=com

Feb 11 11:32:40 aurora autofs: automount startup succeeded
Feb 11 11:32:40 aurora automount[1336]: using kernel protocol version 3

So far so good.


#> service autofs status

Configured Mount Points:
/usr/sbin/automount /home ldap ldap.mlb.esid.northgrum.com:nisMapName=auto_home,dc=eng,dc=mlb,dc=northgrum,dc=com

Active Mount Points:
/usr/sbin/automount /home ldap ldap.mlb.esid.northgrum.com:nisMapName=auto_home,dc=eng,dc=mlb,dc=northgrum,dc=com


Then I try to log in:

Feb 11 11:32:51 aurora login(pam_unix)[826]: session opened for user tibberi by LOGIN(uid=0)
Feb 11 11:32:51 aurora automount[1336]: attempting to mount entry /home/tibberi
Feb 11 11:32:52 aurora automount[1343]: lookup(ldap): query succeeded, no matches for (&(objectclass=nisObject)(cn=/))
Feb 11 11:32:52 aurora automount[1343]: lookup(ldap): query succeeded, no matches for (&(objectclass=automount)(cn=/))
Feb 11 11:32:52 aurora -- tibberi[826]: LOGIN ON tty3 BY tibberi

Not so good. I get no home dir. What I don't understand is where the cn=/ is coming from.
I've checked the LDAP server, and it shows that the line in auto.master is a valid string.

I don't know what's going wrong. Can someone shed some light on this?

Much thanks in advance!

    Ric Tibbetts