Bug 441026
| Summary: | Autofs does not include LDAP schema for Fedora Directory Server | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | W. Michael Petullo <mike> | ||||||
| Component: | Directory Server | Assignee: | Rich Megginson <rmeggins> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 1.1.1 | CC: | ikent, jgalipea, jmoyer, ssorce | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | 8.1 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2009-04-29 23:03:40 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 249650, 467277, 493682 | ||||||||
| Attachments: |
|
||||||||
|
Description
W. Michael Petullo
2008-04-05 10:19:57 UTC
I'm not sure what you are asking here? There are several common schema that autofs can use. Current versions of autofs will try and discover which schema is in use. There can be a clash between attribute names if the rfc2307bis schema needs to be used and so the LDAP server configuration needs to be done by the LDAP administrator. It is inappropriate for the autofs package to change the LDAP configuration in any way on production systems. It is inappropriate for autofs to add schema files at the location a directory server stores its schema files as that location may change without warning. The OIDs in the schema that autofs places in its doc directory may or may not be correct, I don't know. I need more information before doing anything on this issue. Ian And, since autofs is essentially a client package it might not even be installed on a directory server. Reassigning to fedora-ds-base, based on Ian's comments. I think that it follows that the autofs schema should be added to the fedora-ds-base package or a new fedora-ds-schema-autofs package. Created attachment 308174 [details]
FDS-compatible Schema for autofs
For reference, I have used the attached schema to serve automount maps using
fedora-ds-base-1.1.0.1-4.fc9.i386. I used the following steps:
1. Install the schema as /etc/dirsrv/slapd-<DOMAIN>/schema/75autofs.ldif
2. Add the following to the LDAP database using "ldapadd -x -D cn="Directory
Manager" -W -f <PATH TO LDIF>" :
dn: ou=auto.master,dc=<DOMAIN1>,dc=<DOMAIN2>
ou: auto.master
objectClass: top
objectClass: automountMap
dn: cn=/home,ou=auto.master,dc=<DOMAIN1>,dc=<DOMAIN2>
objectClass: automount
cn: /home
automountInformation: ldaps:<LDAP SERVER
NAME>:ou=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2>
dn: ou=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2>
ou: auto.home
objectClass: top
objectClass: organizationalUnit
objectClass: automountmap
dn: cn=<USER>,ou=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2>
cn: <USER>
objectClass: automount
automountInformation: <NFS SERVER NAME>:/home/<USER>
The example given in comment #4 looks right to me. The other schema that should be configured (and I'm not sure whether it is or not) is the one defined by rfc2307bis. A sample configuration follows. A third schema supported by autofs simply uses the nisMap, nisMapName, nisObject types and should already be supported by the directory server. dn: automountMapName=auto.master,dc=<DOMAIN1>,dc=<DOMAIN2> automountMapName: auto.master objectClass: top objectClass: automountMap dn: automountKey=/home,automountMapName=auto.master,dc=<DOMAIN1>,dc=<DOMAIN2> objectClass: automount automountKey: /home automountInformation: auto.home dn: automountMapName=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2> automountMapName: auto.home objectClass: top objectClass: automountMap dn: automountKey=<USER>,automountMapName=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2> automountKey: <USER> objectClass: automount automountInformation: <NFS SERVER NAME>:/home/<USER> Fedora DS 1.1 includes the rfc3207bis schema - /usr/share/dirsrv/data/10rfc2307bis.ldif - the reason for not including it with the rest of the schema is that many apps still expect the old incompatible rfc2307 schema, and there is a lot of old data using the old rfc2307 schema that would break if we just replaced it with the new schema. And, it is not trivial to automatically migrate all of that old data. That being said, if users "know what they are doing", they can migrate their data, replace the schema file, and use the new rfc2307bis schema. Jeff, do you think it's a good idea to include the autofs schema with Fedora DS? (In reply to comment #6) > Fedora DS 1.1 includes the rfc3207bis schema - > /usr/share/dirsrv/data/10rfc2307bis.ldif - the reason for not including it with > the rest of the schema is that many apps still expect the old incompatible > rfc2307 schema, and there is a lot of old data using the old rfc2307 schema that > would break if we just replaced it with the new schema. And, it is not trivial > to automatically migrate all of that old data. OK, I was unaware of this incompatibility. Thanks for elucidating. > That being said, if users "know what they are doing", they can migrate their > data, replace the schema file, and use the new rfc2307bis schema. > > Jeff, do you think it's a good idea to include the autofs schema with Fedora DS? Absolutely. Thank you! So, as I understand it, 10rfc2307bis.ldif will remain in /usr/share/dirsrv/data and must be installed by hand into /etc/dirsrv/.../schema? Will the autofs schema go in /etc/dirsrv/schema or /usr/share/dirsrv/data? I'd like to see something installed in /etc/dirsrv/schema so that it works out of the box. (In reply to comment #8) > So, as I understand it, 10rfc2307bis.ldif will remain in /usr/share/dirsrv/data > and must be installed by hand into /etc/dirsrv/.../schema? Yes. There are just too many people using the old schema. It would wreak havoc if we just replaced the old with the new. > > Will the autofs schema go in /etc/dirsrv/schema or /usr/share/dirsrv/data? I'd > like to see something installed in /etc/dirsrv/schema so that it works out of > the box. Yes, it will go in the regular schema directory. Can we get this added in time for Fedora 10? The fedora-ds-base-1.1.1-2.fc10 package does not install the autofs schema. Created attachment 320577 [details]
cvs commit log
Reviewed by: nkinder (Thanks!)
Fix Description: Pieter D.J. Krul has contributed many schema files that
have been tested in production environments. They are divided into two
groups - those that conflict with existing schema in DS, CertSys, and
IPA, and those which do not. The latter are installed in the default
schema directory to be available for new instances - the former are
installed in the data directory just as the rfc2307bis schema. The
schema provided cover autofs and rfc4876, as in the bug reports, and
more. Here is the full list of new files:
60trust.ldif 60pureftpd.ldif 60sudo.ldif 60nis.ldif 60samba.ldif
60mozilla.ldif
60samba3.ldif 60krb5kdc.ldif 60sabayon.ldif 60kerberos.ldif
60rfc4876.ldif 60inetmail.ldif 60rfc3712.ldif 60eduperson.ldif
60rfc2739.ldif 60changelog.ldif 60radius.ldif 60autofs.ldif 60qmail.ldif
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - document the new schema
As comment 11 states, the schemas are now in the upstream source tree. See also http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/schema/?root=dirsec. fix verfied DS 8.1 - RHEL 4 [root@jennyv4 data]# ls -al /usr/share/dirsrv/data/10rfc2307bis.ldif -rw-r--r-- 1 root root 10025 Apr 1 19:58 /usr/share/dirsrv/data/10rfc2307bis.ldif An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html |