Description of problem: Autofs supports LDAP-hosted maps. However, the autofs package does not install a schema for Fedora Directory Server (FDS) to use. Version-Release number of selected component (if applicable): 5.0.2-27 How reproducible: Every time Steps to Reproduce: 1. Install the fedora-ds-base and autofs packages 2. Try to add an automount map to LDAP Actual results: I can not add autofs maps to FDS-hosted LDAP database because no autofs schema exists. I had to manually install a schema after installing the autofs package. Expected results: The autofs package should install a schema so that FDS can host automount maps. Additional info: See http://directory.fedoraproject.org/wiki/Howto:Automount for more information. There is also a message thread discussing this at https://www.redhat.com/archives/freeipa-devel/2008-April/msg00020.html.
I'm not sure what you are asking here? There are several common schema that autofs can use. Current versions of autofs will try and discover which schema is in use. There can be a clash between attribute names if the rfc2307bis schema needs to be used and so the LDAP server configuration needs to be done by the LDAP administrator. It is inappropriate for the autofs package to change the LDAP configuration in any way on production systems. It is inappropriate for autofs to add schema files at the location a directory server stores its schema files as that location may change without warning. The OIDs in the schema that autofs places in its doc directory may or may not be correct, I don't know. I need more information before doing anything on this issue. Ian
And, since autofs is essentially a client package it might not even be installed on a directory server.
Reassigning to fedora-ds-base, based on Ian's comments. I think that it follows that the autofs schema should be added to the fedora-ds-base package or a new fedora-ds-schema-autofs package.
Created attachment 308174 [details] FDS-compatible Schema for autofs For reference, I have used the attached schema to serve automount maps using fedora-ds-base-1.1.0.1-4.fc9.i386. I used the following steps: 1. Install the schema as /etc/dirsrv/slapd-<DOMAIN>/schema/75autofs.ldif 2. Add the following to the LDAP database using "ldapadd -x -D cn="Directory Manager" -W -f <PATH TO LDIF>" : dn: ou=auto.master,dc=<DOMAIN1>,dc=<DOMAIN2> ou: auto.master objectClass: top objectClass: automountMap dn: cn=/home,ou=auto.master,dc=<DOMAIN1>,dc=<DOMAIN2> objectClass: automount cn: /home automountInformation: ldaps:<LDAP SERVER NAME>:ou=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2> dn: ou=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2> ou: auto.home objectClass: top objectClass: organizationalUnit objectClass: automountmap dn: cn=<USER>,ou=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2> cn: <USER> objectClass: automount automountInformation: <NFS SERVER NAME>:/home/<USER>
The example given in comment #4 looks right to me. The other schema that should be configured (and I'm not sure whether it is or not) is the one defined by rfc2307bis. A sample configuration follows. A third schema supported by autofs simply uses the nisMap, nisMapName, nisObject types and should already be supported by the directory server. dn: automountMapName=auto.master,dc=<DOMAIN1>,dc=<DOMAIN2> automountMapName: auto.master objectClass: top objectClass: automountMap dn: automountKey=/home,automountMapName=auto.master,dc=<DOMAIN1>,dc=<DOMAIN2> objectClass: automount automountKey: /home automountInformation: auto.home dn: automountMapName=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2> automountMapName: auto.home objectClass: top objectClass: automountMap dn: automountKey=<USER>,automountMapName=auto.home,dc=<DOMAIN1>,dc=<DOMAIN2> automountKey: <USER> objectClass: automount automountInformation: <NFS SERVER NAME>:/home/<USER>
Fedora DS 1.1 includes the rfc3207bis schema - /usr/share/dirsrv/data/10rfc2307bis.ldif - the reason for not including it with the rest of the schema is that many apps still expect the old incompatible rfc2307 schema, and there is a lot of old data using the old rfc2307 schema that would break if we just replaced it with the new schema. And, it is not trivial to automatically migrate all of that old data. That being said, if users "know what they are doing", they can migrate their data, replace the schema file, and use the new rfc2307bis schema. Jeff, do you think it's a good idea to include the autofs schema with Fedora DS?
(In reply to comment #6) > Fedora DS 1.1 includes the rfc3207bis schema - > /usr/share/dirsrv/data/10rfc2307bis.ldif - the reason for not including it with > the rest of the schema is that many apps still expect the old incompatible > rfc2307 schema, and there is a lot of old data using the old rfc2307 schema that > would break if we just replaced it with the new schema. And, it is not trivial > to automatically migrate all of that old data. OK, I was unaware of this incompatibility. Thanks for elucidating. > That being said, if users "know what they are doing", they can migrate their > data, replace the schema file, and use the new rfc2307bis schema. > > Jeff, do you think it's a good idea to include the autofs schema with Fedora DS? Absolutely. Thank you!
So, as I understand it, 10rfc2307bis.ldif will remain in /usr/share/dirsrv/data and must be installed by hand into /etc/dirsrv/.../schema? Will the autofs schema go in /etc/dirsrv/schema or /usr/share/dirsrv/data? I'd like to see something installed in /etc/dirsrv/schema so that it works out of the box.
(In reply to comment #8) > So, as I understand it, 10rfc2307bis.ldif will remain in /usr/share/dirsrv/data > and must be installed by hand into /etc/dirsrv/.../schema? Yes. There are just too many people using the old schema. It would wreak havoc if we just replaced the old with the new. > > Will the autofs schema go in /etc/dirsrv/schema or /usr/share/dirsrv/data? I'd > like to see something installed in /etc/dirsrv/schema so that it works out of > the box. Yes, it will go in the regular schema directory.
Can we get this added in time for Fedora 10? The fedora-ds-base-1.1.1-2.fc10 package does not install the autofs schema.
Created attachment 320577 [details] cvs commit log Reviewed by: nkinder (Thanks!) Fix Description: Pieter D.J. Krul has contributed many schema files that have been tested in production environments. They are divided into two groups - those that conflict with existing schema in DS, CertSys, and IPA, and those which do not. The latter are installed in the default schema directory to be available for new instances - the former are installed in the data directory just as the rfc2307bis schema. The schema provided cover autofs and rfc4876, as in the bug reports, and more. Here is the full list of new files: 60trust.ldif 60pureftpd.ldif 60sudo.ldif 60nis.ldif 60samba.ldif 60mozilla.ldif 60samba3.ldif 60krb5kdc.ldif 60sabayon.ldif 60kerberos.ldif 60rfc4876.ldif 60inetmail.ldif 60rfc3712.ldif 60eduperson.ldif 60rfc2739.ldif 60changelog.ldif 60radius.ldif 60autofs.ldif 60qmail.ldif Platforms tested: RHEL5 Flag Day: no Doc impact: yes - document the new schema
As comment 11 states, the schemas are now in the upstream source tree. See also http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/schema/?root=dirsec.
fix verfied DS 8.1 - RHEL 4 [root@jennyv4 data]# ls -al /usr/share/dirsrv/data/10rfc2307bis.ldif -rw-r--r-- 1 root root 10025 Apr 1 19:58 /usr/share/dirsrv/data/10rfc2307bis.ldif
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html