[Date Prev][Date Next] [Chronological] [Thread] [Top]

extend remote server with local (subordinate) entries

To: openldap-technical@openldap.org
Subject: extend remote server with local (subordinate) entries
From: Oren Laadan <orenl@cs.columbia.edu>
Date: Thu, 21 Feb 2008 18:20:16 -0500
Organization: Columbia University
User-agent: Thunderbird 2.0.0.9 (X11/20071031)

Hi,

I use the configuration below to extend a given remote LDAP database
with a relatively small number of local records. Specifically, the
local database adds new (posix) groups and new autofs maps, adding to
the ones already given by the remote server. (see the original thread
at: http://www.openldap.org/lists/openldap-software/200802/msg00128.html)

...
moduleload      back_ldap
moduleload      back_bdb
...
backend         bdb
backend         ldap
...
# bdb backend, configured as a subordinate of the main server
database        bdb
suffix          "dc=SUB,dc=EXAMPLE,dc=COM"
readonly        on
subordinate
...
# ldap backend, with the right DN base
database        ldap
lastmod         off
suffix          "dc=EXAMPLE,dc=COM"
uri             "ldaps://REMOTE_SERVER/"
...


The extension of groups works like charm, without any modification to
the clients' setup (/etc/ldap/ldap.conf).
However, the additional maps aren't observed by the autofs-ldap method
and are therefore not working for users.

Running on Debian (unstable), autofs-ldap-auto-master gives:

  /home ldap:ou=auto.home,ou=AutoFS,dc=EXANPLE,dc=COM
  /proj ldap:ou=auto.proj,ou=AutoFS,dc=EXAMPLE,dc=COM

A remote LDAP entry for /proj looks like:

  dn: cn=blast,ou=auto.proj,ou=AutoFS,dc=EXAMPLE,dc=COM
  objectClass: automount
  cn: blast
  automountInformation: -rw blast:/export/blast

A local (added to the subtree SUB) entry for /proj looks like:

  dn: cn=extra,ou=auto.proj,ou=AutoFS,dc=SUB,dc=EXAMPLE,dc=COM
  objectClass: automount
  cn: extra
  automountInformation: -rw extra:/export/extra

Problem is, that autofs only "sees" entries of the first type; if I
run automount manually (prepending "dc=SUB," to the default way it
is otherwise invoked):

  /usr/sbin/automount --pid-file=/var/run/autofs/_proj.pid --timeout=300 /proj
ldap ou=auto.proj,ou=AutoFS,dc=SUB,dc=EXAMPLE,dc=COM

then I can make it see the second type, but then it ignores the first
type. Note that the same technique works for adding more groups. So I
suspect the problem is that somehow autofs does not consider subtrees
as valid results for its query to ldap.

Any ideas how to fix this ?  (or perhaps suggestion how to arrange the
entire setup differently and still have the same end result).

Thanks,

Oren.

Follow-Ups:
- Re: extend remote server with local (subordinate) entries
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: query regarding user names and passwords
Next by Date: Re: Help with SASL/GSSAPI to remote Kerberos server
Index(es):
- Chronological
- Thread