Hi,
I use the configuration below to extend a given remote LDAP database with a relatively small number of local records. Specifically, the local database adds new (posix) groups and new autofs maps, adding to the ones already given by the remote server. (see the original thread at: http://www.openldap.org/lists/openldap-software/200802/msg00128.html)
... moduleload back_ldap moduleload back_bdb ... backend bdb backend ldap ... # bdb backend, configured as a subordinate of the main server database bdb suffix "dc=SUB,dc=EXAMPLE,dc=COM" readonly on subordinate ... # ldap backend, with the right DN base database ldap lastmod off suffix "dc=EXAMPLE,dc=COM" uri "ldaps://REMOTE_SERVER/" ...
The extension of groups works like charm, without any modification to the clients' setup (/etc/ldap/ldap.conf). However, the additional maps aren't observed by the autofs-ldap method and are therefore not working for users.
Running on Debian (unstable), autofs-ldap-auto-master gives:
/home ldap:ou=auto.home,ou=AutoFS,dc=EXANPLE,dc=COM /proj ldap:ou=auto.proj,ou=AutoFS,dc=EXAMPLE,dc=COM
A remote LDAP entry for /proj looks like:
dn: cn=blast,ou=auto.proj,ou=AutoFS,dc=EXAMPLE,dc=COM objectClass: automount cn: blast automountInformation: -rw blast:/export/blast
A local (added to the subtree SUB) entry for /proj looks like:
dn: cn=extra,ou=auto.proj,ou=AutoFS,dc=SUB,dc=EXAMPLE,dc=COM objectClass: automount cn: extra automountInformation: -rw extra:/export/extra
Problem is, that autofs only "sees" entries of the first type; if I run automount manually (prepending "dc=SUB," to the default way it is otherwise invoked):
/usr/sbin/automount --pid-file=/var/run/autofs/_proj.pid --timeout=300 /proj ldap ou=auto.proj,ou=AutoFS,dc=SUB,dc=EXAMPLE,dc=COM
then I can make it see the second type, but then it ignores the first type. Note that the same technique works for adding more groups. So I suspect the problem is that somehow autofs does not consider subtrees as valid results for its query to ldap.
Any ideas how to fix this ? (or perhaps suggestion how to arrange the entire setup differently and still have the same end result).
Thanks,
Oren.