Description of problem: We are trying to get Fedora to properly automount home directories on our network, using LDAP for the automount information. However, it fails to read the LDAP data, as it appears to be using an incorrect entry from /etc/sysconfig/autofs Version-Release number of selected component (if applicable): 5.0.3-36 How reproducible: Always (at least on our network) Steps to Reproduce: 1. /etc/syconfig/autofs (values for our network): # # Define default options for autofs. # # MASTER_MAP_NAME - default map name for the master map. # #MASTER_MAP_NAME="auto.master" # # TIMEOUT - set the default mount timeout (default 600). # TIMEOUT=300 # # NEGATIVE_TIMEOUT - set the default negative timeout for # failed mount attempts (default 60). # #NEGATIVE_TIMEOUT=60 # # UMOUNT_WAIT - time to wait for a response from umount(8). # #UMOUNT_WAIT=12 # # BROWSE_MODE - maps are browsable by default. # BROWSE_MODE="no" # # APPEND_OPTIONS - append to global options instead of replace. # #APPEND_OPTIONS="yes" # # LOGGING - set default log level "none", "verbose" or "debug" # #LOGGING="none" LOGGING="debug" # # Define base dn for map dn lookup. # # Define server URIs # # LDAP_URI - space seperated list of server uris of the form # <proto>://<server>[/] where <proto> can be ldap # or ldaps. The option can be given multiple times. # Map entries that include a server name override # this option. # #LDAP_URI="" LDAP_URI="ldap://10.120.1.3 ldap://10.120.1.2" # # LDAP__TIMEOUT - timeout value for the synchronous API calls # (default is LDAP library default). # #LDAP_TIMEOUT=-1 # # LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8). # #LDAP_NETWORK_TIMEOUT=8 # # SEARCH_BASE - base dn to use for searching for map search dn. # Multiple entries can be given and they are checked # in the order they occur here. # #SEARCH_BASE="" SEARCH_BASE="dc=css,dc=tayloru,dc=edu" # # Define the LDAP schema to used for lookups # # If no schema is set autofs will check each of the schemas # below in the order given to try and locate an appropriate # basdn for lookups. If you want to minimize the number of # queries to the server set the values here. # #MAP_OBJECT_CLASS="nisMap" #ENTRY_OBJECT_CLASS="nisObject" #MAP_ATTRIBUTE="nisMapName" #ENTRY_ATTRIBUTE="cn" #VALUE_ATTRIBUTE="nisMapEntry" # # Other common LDAP nameing # MAP_OBJECT_CLASS="automountMap" ENTRY_OBJECT_CLASS="automount" MAP_ATTRIBUTE="ou" ENTRY_ATTRIBUTE="cn" VALUE_ATTRIBUTE="automountInformation" # #MAP_OBJECT_CLASS="automountMap" #ENTRY_OBJECT_CLASS="automount" #MAP_ATTRIBUTE="automountMapName" #ENTRY_ATTRIBUTE="automountKey" #VALUE_ATTRIBUTE="automountInformation" # # AUTH_CONF_FILE - set the default location for the SASL # authentication configuration file. # #AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf" # # General global options # #OPTIONS="" # 2. /etc/init.d/autofs restart Actual results: in /var/log/messages: Jan 15 10:30:14 asahel automount[24942]: autofs stopped Jan 15 10:30:14 asahel automount[24971]: Starting automounter version 5.0.2-31, master map auto.master Jan 15 10:30:14 asahel automount[24971]: using kernel protocol version 5.00 Jan 15 10:30:14 asahel automount[24971]: lookup_nss_read_master: reading master ldap auto.master Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master". Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): mapname auto.master Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null) Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null) Jan 15 10:30:14 asahel automount[24971]: find_server: trying server ldap://10.120.1.3 Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): check search base list Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): found search base under dc=css,dc=tayloru,dc=edu Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): found query dn ou=auto.master,dc=css,dc=tayloru,dc=edu Jan 15 10:30:14 asahel automount[24971]: connected to uri ldap://10.120.1.3 Jan 15 10:30:14 asahel automount[24971]: parse_init: parse(sun): init gathered global options: (null) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 15 10:30:14 asahel automount[24971]: lookup_read_master: lookup(ldap): searching for "(objectclass=automount)" under "ou=auto.master,dc=css,dc=tayloru,dc=edu" Jan 15 10:30:14 asahel automount[24971]: lookup_read_master: lookup(ldap): examining entries Jan 15 10:30:14 asahel automount[24971]: master_do_mount: mounting /auto Jan 15 10:30:14 asahel automount[24971]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-auto Jan 15 10:30:14 asahel automount[24971]: lookup_nss_read_map: reading map ldap ldap:10.120.1.2:ou=auto.auto,dc=css,dc=tayloru,dc=edu Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:10.120.1.2:ou=auto.auto,dc=css,dc=tayloru,dc=edu". Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): server "ldap://10.120.1.2/", base dn "ou=auto.auto,dc=css,dc=tayloru,dc=edu" Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null) Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): query succeeded, no matches for (objectclass=automountMap) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): failed to get query dn Jan 15 10:30:14 asahel automount[24971]: lookup(ldap): couldn't connect to server ldap://10.120.1.2/ Jan 15 10:30:14 asahel automount[24971]: do_read_map: lookup module ldap failed Jan 15 10:30:14 asahel automount[24971]: mount_autofs_indirect: failed to read map for /auto Jan 15 10:30:14 asahel automount[24971]: handle_mounts: mount of /auto failed! Jan 15 10:30:14 asahel automount[24971]: master_do_mount: failed to startup mount Jan 15 10:30:14 asahel automount[24971]: master_do_mount: mounting /home Jan 15 10:30:14 asahel automount[24971]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-home Jan 15 10:30:14 asahel automount[24971]: lookup_nss_read_map: reading map ldap ldap:10.120.1.2:ou=auto.home,dc=css,dc=tayloru,dc=edu Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:10.120.1.2:ou=auto.home,dc=css,dc=tayloru,dc=edu". Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): server "ldap://10.120.1.2/", base dn "ou=auto.home,dc=css,dc=tayloru,dc=edu" Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null) Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): query succeeded, no matches for (objectclass=automountMap) Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): failed to get query dn Jan 15 10:30:14 asahel automount[24971]: lookup(ldap): couldn't connect to server ldap://10.120.1.2/ Jan 15 10:30:14 asahel automount[24971]: do_read_map: lookup module ldap failed Jan 15 10:30:14 asahel automount[24971]: mount_autofs_indirect: failed to read map for /home Jan 15 10:30:14 asahel automount[24971]: handle_mounts: mount of /home failed! Jan 15 10:30:14 asahel automount[24971]: master_do_mount: failed to startup mount Jan 15 10:30:14 asahel automount[24971]: no mounts in table It appears that it searches for MAP_OBJECT_CLASS where it should be searching for ENTRY_OBJECT_CLASS Expected results: It should find the value with ENTRY_OBJECT_CLASS and set our mountpoints. This does indeed happen on Gentoo, which we have on some of our other machines, so our LDAP configuration should be OK.
Can you post your LDAP map please.
Ian, My name is Noah, and I work with Jeremy. I'm assuming when you say LDAP map, you want to see what's in our LDAP directory. In LDIF form, here are relevant entries: auto.master: dn: ou=auto.master,dc=css,dc=tayloru,dc=edu ou: auto.master objectClass: top objectClass: automountMap dn: cn=/auto,ou=auto.master,dc=css,dc=tayloru,dc=edu objectClass: automount cn: /auto automountInformation: ldap:10.120.1.3,10.120.1.2:ou=auto.auto,dc=css,dc=taylor u,dc=edu dn: cn=/home,ou=auto.master,dc=css,dc=tayloru,dc=edu objectClass: automount cn: /home automountInformation: ldap:10.120.1.3,10.120.1.2:ou=auto.home,dc=css,dc=taylor u,dc=edu auto.auto: dn: ou=auto.auto,dc=css,dc=tayloru,dc=edu ou: auto.auto objectClass: top objectClass: organizationalUnit dn: cn=mail,ou=auto.auto,dc=css,dc=tayloru,dc=edu objectClass: automount cn: mail automountInformation: -rw,soft,tcp mary:/var/spool/mail auto.home: dn: ou=auto.home,dc=css,dc=tayloru,dc=edu ou: auto.home objectClass: top objectClass: organizationalUnit dn: cn=users5,ou=auto.home,dc=css,dc=tayloru,dc=edu objectClass: automount cn: users5 automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet er:/export/users/users5 dn: cn=scratch,ou=auto.home,dc=css,dc=tayloru,dc=edu objectClass: automount cn: scratch automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet er:/export/scratch dn: cn=users,ou=auto.home,dc=css,dc=tayloru,dc=edu objectClass: automount cn: users automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet er:/export/users dn: cn=submit,ou=auto.home,dc=css,dc=tayloru,dc=edu objectClass: automount cn: submit automountInformation: -rw,soft,tcp,rsize=4096,wsize=4096,retrans=30 peter:/exp ort/submit dn: cn=projects,ou=auto.home,dc=css,dc=tayloru,dc=edu objectClass: automount cn: projects automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet er:/export/projects
(In reply to comment #2) > Ian, > > My name is Noah, and I work with Jeremy. Hi, > > I'm assuming when you say LDAP map, you want to see what's in our LDAP > directory. In LDIF form, here are relevant entries: Yep. > > auto.master: > > dn: ou=auto.master,dc=css,dc=tayloru,dc=edu > ou: auto.master > objectClass: top > objectClass: automountMap > > dn: cn=/auto,ou=auto.master,dc=css,dc=tayloru,dc=edu > objectClass: automount > cn: /auto > automountInformation: ldap:10.120.1.3,10.120.1.2:ou=auto.auto,dc=css,dc=taylor > u,dc=edu > > dn: cn=/home,ou=auto.master,dc=css,dc=tayloru,dc=edu > objectClass: automount > cn: /home > automountInformation: ldap:10.120.1.3,10.120.1.2:ou=auto.home,dc=css,dc=taylor > u,dc=edu > > auto.auto: > > dn: ou=auto.auto,dc=css,dc=tayloru,dc=edu > ou: auto.auto > objectClass: top > objectClass: organizationalUnit Where is the: objectClass: automountMap for this map? > > dn: cn=mail,ou=auto.auto,dc=css,dc=tayloru,dc=edu > objectClass: automount > cn: mail > automountInformation: -rw,soft,tcp mary:/var/spool/mail > > auto.home: > > dn: ou=auto.home,dc=css,dc=tayloru,dc=edu > ou: auto.home > objectClass: top > objectClass: organizationalUnit and the: objectClass: automountMap for this map? > > dn: cn=users5,ou=auto.home,dc=css,dc=tayloru,dc=edu > objectClass: automount > cn: users5 > automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet > er:/export/users/users5 > > dn: cn=scratch,ou=auto.home,dc=css,dc=tayloru,dc=edu > objectClass: automount > cn: scratch > automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet > er:/export/scratch > > dn: cn=users,ou=auto.home,dc=css,dc=tayloru,dc=edu > objectClass: automount > cn: users > automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet > er:/export/users > > dn: cn=submit,ou=auto.home,dc=css,dc=tayloru,dc=edu > objectClass: automount > cn: submit > automountInformation: -rw,soft,tcp,rsize=4096,wsize=4096,retrans=30 peter:/exp > ort/submit > > dn: cn=projects,ou=auto.home,dc=css,dc=tayloru,dc=edu > objectClass: automount > cn: projects > automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet > er:/export/projects
(In reply to comment #3) > (In reply to comment #2) > > Ian, > > > > My name is Noah, and I work with Jeremy. > > Hi, Hi, thanks for your help! > [..] > > dn: ou=auto.auto,dc=css,dc=tayloru,dc=edu > > ou: auto.auto > > objectClass: top > > objectClass: organizationalUnit > > Where is the: > objectClass: automountMap > for this map? > [..] > > dn: ou=auto.home,dc=css,dc=tayloru,dc=edu > > ou: auto.home > > objectClass: top > > objectClass: organizationalUnit > > and the: > objectClass: automountMap > for this map? Looks like that was the problem. Those entries don't have objectClass: automountMap, and had been working for at least the past four years on gentoo, fedora, and redhat machines alike. Did something change in recent versions of autofs to make objectClass checking more strict? Also, when the log said reading map ldap ldap:10.120.1.2:ou=auto.auto,dc=css,dc=tayloru,dc=edu and then "query succeeded, no matches for (objectclass=automountMap)" we took that to mean that automount was (incorrectly) looking for objectclass=automountMap with "one" scope in ou=auto.auto,... It looks like instead it's doing a base scope search. Is that correct? Thanks again for your help!
(In reply to comment #4) > > Looks like that was the problem. Those entries don't have objectClass: > automountMap, and had been working for at least the past four years on gentoo, > fedora, and redhat machines alike. Did something change in recent versions of > autofs to make objectClass checking more strict? > Yes, but not recently. The objectclass was always required and I believe you could get away without it in version 4 but version 5 needs to be more strict. For example, when using nsswitch sources autofs has only the map name to work with. So we get the base dn when a map is first opened for a few reasons, to get the base of the map dn, as an entry validation, to ensure we get only entries that belong to the the map we want and to limit the search. This seemed reasonable enough since the objectclass has, in theory, always been required. Sorry for the inconvenience. Ian
For the discussion it looks like this is NOTABUG. If that wasn't the result of our discussion please re-open this bug. Ian
I seem to be experiencing a similar issue, except when I try to add the missing "objectClass: automountMap", I receive the following error: LDAP: error code 65 - invalid structural object class chain (organizationalUnit/automountMap) Here is the debug.log: Jan 6 13:55:58 beast automount[8255]: Starting automounter version 5.0.1-0.rc2.143.el5_5.6, master map auto.master Jan 6 13:55:58 beast automount[8255]: using kernel protocol version 5.01 Jan 6 13:55:58 beast automount[8255]: lookup_nss_read_master: reading master ldap auto.master Jan 6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master". Jan 6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): mapname auto.master Jan 6 13:55:58 beast automount[8255]: parse_init: parse(sun): init gathered global options: (null) Jan 6 13:55:58 beast automount[8255]: find_server: trying server uri ldap://172.16.0.112/ Jan 6 13:55:58 beast automount[8255]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 6 13:55:58 beast automount[8255]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 6 13:55:58 beast automount[8255]: get_query_dn: lookup(ldap): check search base list Jan 6 13:55:58 beast automount[8255]: get_query_dn: lookup(ldap): found search base under dc=domain,dc=com Jan 6 13:55:58 beast automount[8255]: get_query_dn: lookup(ldap): found query dn ou=auto.master,dc=domain,dc=com Jan 6 13:55:58 beast automount[8255]: connected to uri ldap://172.16.0.112/ Jan 6 13:55:58 beast automount[8255]: lookup_read_master: lookup(ldap): searching for "(objectclass=automount)" under "ou=auto.master,dc=domain,dc=com" Jan 6 13:55:58 beast automount[8255]: lookup_read_master: lookup(ldap): examining entries Jan 6 13:55:58 beast automount[8255]: master_do_mount: mounting /u Jan 6 13:55:58 beast automount[8255]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-u Jan 6 13:55:58 beast automount[8255]: lookup_nss_read_map: reading map ldap ldap:ldap-server:ou=auto.u,dc=domain,dc=com Jan 6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:ldap-server:ou=auto.u,dc=domain,dc=com". Jan 6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): server "ldap://ldap-server/", base dn "ou=auto.u,dc=domain,dc=com" Jan 6 13:55:58 beast automount[8255]: parse_init: parse(sun): init gathered global options: (null) Jan 6 13:55:58 beast automount[8255]: mounted indirect on /u with timeout 60, freq 15 seconds Jan 6 13:55:58 beast automount[8255]: st_ready: st_ready(): state = 0 path /u Jan 6 13:55:58 beast automount[8255]: master_do_mount: mounting /y Jan 6 13:55:58 beast automount[8255]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-y Jan 6 13:55:58 beast automount[8255]: lookup_nss_read_map: reading map ldap ldap:ldap-server:ou=auto.y,dc=domain,dc=com Jan 6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:ldap-server:ou=auto.y,dc=domain,dc=com". Jan 6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): server "ldap://ldap-server/", base dn "ou=auto.y,dc=domain,dc=com" Jan 6 13:55:58 beast automount[8255]: parse_init: parse(sun): init gathered global options: (null) Jan 6 13:55:58 beast automount[8255]: mounted indirect on /y with timeout 60, freq 15 seconds Jan 6 13:55:58 beast automount[8255]: st_ready: st_ready(): state = 0 path /y Jan 6 13:55:59 beast automount[8255]: handle_packet: type = 3 Jan 6 13:55:59 beast automount[8255]: handle_packet_missing_indirect: token 7622, name user, request pid 8292 Jan 6 13:55:59 beast automount[8255]: attempting to mount entry /u/user Jan 6 13:55:59 beast automount[8255]: lookup_mount: lookup(ldap): looking up user Jan 6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 6 13:55:59 beast automount[8255]: get_query_dn: lookup(ldap): query succeeded, no matches for (objectclass=automountMap) Jan 6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): failed to get query dn Jan 6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 6 13:55:59 beast automount[8255]: get_query_dn: lookup(ldap): query succeeded, no matches for (objectclass=automountMap) Jan 6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): failed to get query dn Jan 6 13:55:59 beast automount[8255]: lookup(ldap): couldn't connect to server ldap://ldap-server/ Jan 6 13:55:59 beast automount[8255]: lookup(ldap): lookup for user failed: connection failed Jan 6 13:55:59 beast automount[8255]: key "user" not found in map source(s). Jan 6 13:55:59 beast automount[8255]: ioctl_send_fail: token = 7622 Jan 6 13:55:59 beast automount[8255]: failed to mount /u/user
(In reply to comment #7) > I seem to be experiencing a similar issue, except when I try to add the missing > "objectClass: automountMap", I receive the following error: > > LDAP: error code 65 - invalid structural object class chain > (organizationalUnit/automountMap) Do you have the appropriate schema definitions? What is the ldif you are trying to load into LDAP? Ian
Hey, Ive posted the schema that we are using & the ldif, autofs portion, TYIA! [root@beast ~]# rpm -qa |grep -i autofs autofs-5.0.1-0.rc2.143.el5_5.6 [root@beast ~]# cat /usr/share/doc/autofs-5.0.1/autofs.schema # # $id$ # # Depends upon core.schema and cosine.schema # OID Base is 1.3.6.1.4.1.2312.4 # # Attribute types are under 1.3.6.1.4.1.2312.4.1 # Object classes are under 1.3.6.1.4.1.2312.4.2 # Syntaxes are under 1.3.6.1.4.1.2312.4.3 # Attribute Type Definitions attributetype ( 1.3.6.1.1.1.1.25 NAME 'automountInformation' DESC 'Information used by the autofs automounter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) objectclass ( 1.3.6.1.1.1.1.13 NAME 'automount' SUP top STRUCTURAL DESC 'An entry in an automounter map' MUST ( cn $ automountInformation $ objectclass ) MAY ( description ) ) objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL DESC 'An group of related automount objects' MUST ( ou ) ) # auto.master, domain.com dn: ou=auto.master,dc=domain,dc=com ou: auto.master objectClass: top objectClass: automountMap # /u, auto.master, domain.com dn: cn=/u,ou=auto.master,dc=domain,dc=com objectClass: automount cn: /u automountInformation: ldap:ldap-server:ou=auto.u,dc=domain,dc=com --timeout 60 # /y, auto.master, domain.com dn: cn=/y,ou=auto.master,dc=domain,dc=com objectClass: automount cn: /y automountInformation: ldap:ldap-server:ou=auto.y,dc=domain,dc=com --timeout 60 # auto.u, domain.com dn: ou=auto.u,dc=domain,dc=com ou: auto.u objectClass: top objectClass: organizationalUnit # user, auto.u, domain.com dn: cn=user,ou=auto.u,dc=domain,dc=com objectClass: automount automountInformation: -rw,soft,intr file-server-ct:/local/home/user cn: user cn: * # auto.y, domain.com dn: ou=auto.y,dc=domain,dc=com ou: auto.y objectClass: top objectClass: organizationalUnit # user, auto.y, domain.com dn: cn=user,ou=auto.y,dc=domain,dc=com objectClass: automount cn: user automountInformation: -rw,soft,noquota,intr smoker:/local/home/user
correction (no cn:*) # user, auto.u, domain.com dn: cn=user,ou=auto.u,dc=domain,dc=com objectClass: automount cn: user automountInformation: -rw,soft,intr file-server-ct:/local/home/user
(In reply to comment #9) > Hey, > Ive posted the schema that we are using & the ldif, autofs portion, TYIA! snip ... > > # auto.master, domain.com > dn: ou=auto.master,dc=domain,dc=com > ou: auto.master > objectClass: top > objectClass: automountMap > > # /u, auto.master, domain.com > dn: cn=/u,ou=auto.master,dc=domain,dc=com > objectClass: automount > cn: /u > automountInformation: ldap:ldap-server:ou=auto.u,dc=domain,dc=com --timeout 60 > > # /y, auto.master, domain.com > dn: cn=/y,ou=auto.master,dc=domain,dc=com > objectClass: automount > cn: /y > automountInformation: ldap:ldap-server:ou=auto.y,dc=domain,dc=com --timeout 60 > > > # auto.u, domain.com > dn: ou=auto.u,dc=domain,dc=com > ou: auto.u > objectClass: top > objectClass: organizationalUnit Maybe this should be: objectClass: automountMap instead of organizationalUnit, or is not being able to do that the source of your problem? > > # user, auto.u, domain.com > dn: cn=user,ou=auto.u,dc=domain,dc=com > objectClass: automount > automountInformation: -rw,soft,intr file-server-ct:/local/home/user > cn: user > cn: * > > > # auto.y, domain.com > dn: ou=auto.y,dc=domain,dc=com > ou: auto.y > objectClass: top > objectClass: organizationalUnit And here too. > > # user, auto.y, domain.com > dn: cn=user,ou=auto.y,dc=domain,dc=com > objectClass: automount > cn: user > automountInformation: -rw,soft,noquota,intr smoker:/local/home/user
I was suspicious of that attribute value, I realized I was unable to modify the value on the fly, I had to export ldif, removed ou's auto.y & auto.u including its sub entries, from ldap, modify exported ldif, then re-import. Issue resolved. Thank You!
I am noticing another issue, some users directories mount correctly, while others don't. Once again any assistance is greatly appreciated, thank you. USER01 works fine. [root@beast log]# su - USER01 -bash-3.2$ exit logout USER02 has the issue. [root@beast log]# su - USER02 su: warning: cannot change directory to /u/USER02: Permission denied -bash: /u/USER02/.bash_profile: Permission denied -bash-3.2$ exit logout -bash: /u/USER02/.bash_logout: Permission denied USER01 LOG Jan 13 13:05:27 beast automount[23331]: handle_packet: type = 3 Jan 13 13:05:27 beast automount[23331]: handle_packet_missing_indirect: token 24475, name USER01, request pid 379 Jan 13 13:05:27 beast automount[23331]: attempting to mount entry /u/USER01 Jan 13 13:05:27 beast automount[23331]: lookup_mount: lookup(ldap): looking up USER01 Jan 13 13:05:27 beast automount[23331]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 13 13:05:27 beast automount[23331]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 13 13:05:27 beast automount[23331]: lookup_one: lookup(ldap): searching for "(&(objectclass=automount)(|(cn=USER01)(cn=/)(cn=\2A)))" under "ou=auto.u,dc=domain,dc=com" Jan 13 13:05:27 beast automount[23331]: lookup_one: lookup(ldap): getting first entry for cn="USER01" Jan 13 13:05:27 beast automount[23331]: lookup_one: lookup(ldap): examining first entry Jan 13 13:05:27 beast last message repeated 31 times Jan 13 13:05:27 beast automount[23331]: lookup_mount: lookup(ldap): USER01 -> -rw,soft,intr file-server-ct:/local/home/USER01 Jan 13 13:05:27 beast automount[23331]: parse_mount: parse(sun): expanded entry: -rw,soft,intr file-server-ct:/local/home/USER01 Jan 13 13:05:27 beast automount[23331]: parse_mount: parse(sun): gathered options: rw,soft,intr Jan 13 13:05:27 beast automount[23331]: parse_mount: parse(sun): dequote("file-server-ct:/local/home/USER01") -> file-server-ct:/local/home/USER01 Jan 13 13:05:27 beast automount[23331]: parse_mount: parse(sun): core of entry: options=rw,soft,intr, loc=file-server-ct:/local/home/USER01 Jan 13 13:05:27 beast automount[23331]: sun_mount: parse(sun): mounting root /u, mountpoint USER01, what file-server-ct:/local/home/USER01, fstype nfs, options rw,soft,intr Jan 13 13:05:27 beast automount[23331]: mount_mount: mount(nfs): root=/u name=USER01 what=file-server-ct:/local/home/USER01, fstype=nfs, options=rw,soft,intr Jan 13 13:05:27 beast automount[23331]: mount_mount: mount(nfs): nfs options="rw,soft,intr", nosymlink=0, ro=0 Jan 13 13:05:27 beast automount[23331]: mount_mount: mount(nfs): calling mkdir_path /u/USER01 Jan 13 13:05:27 beast automount[23331]: mount_mount: mount(nfs): calling mount -t nfs -s -o rw,soft,intr file-server-ct:/local/home/USER01 /u/USER01 Jan 13 13:05:27 beast automount[23331]: mount(nfs): mounted file-server-ct:/local/home/USER01 on /u/USER01 Jan 13 13:05:27 beast automount[23331]: ioctl_send_ready: token = 24475 Jan 13 13:05:27 beast automount[23331]: mounted /u/USER01 USER02 LOG Jan 13 13:05:32 beast automount[23331]: handle_packet: type = 3 Jan 13 13:05:32 beast automount[23331]: handle_packet_missing_indirect: token 24476, name USER02, request pid 421 Jan 13 13:05:32 beast automount[23331]: attempting to mount entry /u/USER02 Jan 13 13:05:32 beast automount[23331]: lookup_mount: lookup(ldap): looking up USER02 Jan 13 13:05:32 beast automount[23331]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 13 13:05:32 beast automount[23331]: do_bind: lookup(ldap): ldap anonymous bind returned 0 Jan 13 13:05:32 beast automount[23331]: lookup_one: lookup(ldap): searching for "(&(objectclass=automount)(|(cn=USER02)(cn=/)(cn=\2A)))" under "ou=auto.u,dc=domain,dc=com" Jan 13 13:05:32 beast automount[23331]: lookup_one: lookup(ldap): getting first entry for cn="USER02" Jan 13 13:05:32 beast automount[23331]: lookup_one: lookup(ldap): examining first entry Jan 13 13:05:32 beast last message repeated 31 times Jan 13 13:05:32 beast automount[23331]: lookup_mount: lookup(ldap): USER02 -> -rw,soft,intr file-server-ct:/local/home/NOTUSER02 Jan 13 13:05:32 beast automount[23331]: parse_mount: parse(sun): expanded entry: -rw,soft,intr file-server-ct:/local/home/NOTUSER02 Jan 13 13:05:32 beast automount[23331]: parse_mount: parse(sun): gathered options: rw,soft,intr Jan 13 13:05:32 beast automount[23331]: parse_mount: parse(sun): dequote("file-server-ct:/local/home/NOTUSER02") -> file-server-ct:/local/home/NOTUSER02 Jan 13 13:05:32 beast automount[23331]: parse_mount: parse(sun): core of entry: options=rw,soft,intr, loc=file-server-ct:/local/home/NOTUSER02 Jan 13 13:05:32 beast automount[23331]: sun_mount: parse(sun): mounting root /u, mountpoint USER02, what file-server-ct:/local/home/NOTUSER02, fstype nfs, options rw,soft,intr Jan 13 13:05:32 beast automount[23331]: mount_mount: mount(nfs): root=/u name=USER02 what=file-server-ct:/local/home/NOTUSER02, fstype=nfs, options=rw,soft,intr Jan 13 13:05:32 beast automount[23331]: mount_mount: mount(nfs): nfs options="rw,soft,intr", nosymlink=0, ro=0 Jan 13 13:05:32 beast automount[23331]: mount_mount: mount(nfs): calling mkdir_path /u/USER02 Jan 13 13:05:32 beast automount[23331]: mount_mount: mount(nfs): calling mount -t nfs -s -o rw,soft,intr file-server-ct:/local/home/NOTUSER02 /u/USER02 Jan 13 13:05:32 beast automount[23331]: mount(nfs): mounted file-server-ct:/local/home/NOTUSER02 on /u/USER02 Jan 13 13:05:32 beast automount[23331]: ioctl_send_ready: token = 24476 Jan 13 13:05:32 beast automount[23331]: mounted /u/USER02 MANUALLY RAN QUERY FOR USER01 (USER01 shows up first & the rest of the users in the ou show below (I didnt post the complete output) ldapsearch -x -b 'dc=domain,dc=com' '(&(objectclass=automount)(|(cn=USER01)(cn=/)(cn=\2A)))' | less # extended LDIF # # LDAPv3 # base <dc=domain,dc=com> with scope subtree # filter: (&(objectclass=automount)(|(cn=USER01)(cn=/)(cn=\2A))) # requesting: ALL # # USER01, auto.y, domain.com dn: cn=USER01,ou=auto.y,dc=domain,dc=com automountInformation: -rw,soft,noquota,intr smoker:/local/home/USER01 objectClass: automount cn: USER01 # USER01, auto.u, domain.com dn: cn=USER01,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server-ct:/local/home/USER01 objectClass: automount cn: USER01 # NOTUSER02, auto.u, domain.com dn: cn=NOTUSER02,ou=auto.u,dc=domain,dc=com objectClass: automount cn: NOTUSER02 cn: * automountInformation: -rw,soft,intr file-server-ct:/local/home/NOTUSER02 # SOMEOTHERUSER1, auto.u, domain.com dn: cn=SOMEOTHERUSER1,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server:/local/home/SOMEOTHERUSER1 objectClass: automount cn: SOMEOTHERUSER1 cn: * # SOMEOTHERUSER2, auto.u, domain.com dn: cn=SOMEOTHERUSER2,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server:/local/home/SOMEOTHERUSER2 objectClass: automount cn: SOMEOTHERUSER2 cn: * MANUALLY RAN QUERY FOR USER02 (USER02 does not show up first) ldapsearch -x -b 'dc=domain,dc=com' '(&(objectclass=automount)(|(cn=USER02)(cn=/)(cn=\2A)))' | less # extended LDIF # # LDAPv3 # base <dc=domain,dc=com> with scope subtree # filter: (&(objectclass=automount)(|(cn=USER02)(cn=/)(cn=\2A))) # requesting: ALL # # NOTUSER02, auto.u, domain.com dn: cn=NOTUSER02,ou=auto.u,dc=domain,dc=com objectClass: automount cn: NOTUSER02 cn: * automountInformation: -rw,soft,intr file-server:/local/home/NOTUSER02 # SOMEOTHERUSER1, auto.u, domain.com dn: cn=SOMEOTHERUSER1,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server:/local/home/SOMEOTHERUSER1 objectClass: automount cn: SOMEOTHERUSER1 cn: * # SOMEOTHERUSER2, auto.u, domain.com dn: cn=SOMEOTHERUSER2,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server:/local/home/SOMEOTHERUSER2 objectClass: automount cn: SOMEOTHERUSER2 cn: * # USER02, auto.u, domain.com dn: cn=USER02,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server:/local/home/USER02 objectClass: automount cn: USER02
(In reply to comment #13) > I am noticing another issue, some users directories mount correctly, while > others don't. Once again any assistance is greatly appreciated, thank you. This version of autofs is old. Maybe it would be a good idea to get a more recent source rpm and build it against F10. > > USER01 works fine. > > [root@beast log]# su - USER01 > -bash-3.2$ exit > logout > > USER02 has the issue. > > [root@beast log]# su - USER02 > su: warning: cannot change directory to /u/USER02: Permission denied > -bash: /u/USER02/.bash_profile: Permission denied > -bash-3.2$ exit > logout > -bash: /u/USER02/.bash_logout: Permission denied > snip ... > > MANUALLY RAN QUERY FOR USER01 (USER01 shows up first & the rest of the users in > the ou show below (I didnt post the complete output) > ldapsearch -x -b 'dc=domain,dc=com' > '(&(objectclass=automount)(|(cn=USER01)(cn=/)(cn=\2A)))' | less But these queries are supposed to be done against a specific based dn, ou=<map name>,dc=domain,dc=com in this case. Calculating the base dn might not be being done properly in this version. Ian
Hey Ian, I upgraded, still experiencing the same issue. [root@beast log]# automount --version Linux automount version 5.0.5 Directories: config dir: /etc/sysconfig maps dir: /etc modules dir: /usr/lib64/autofs Compile options: DISABLE_MOUNT_LOCKING ENABLE_IGNORE_BUSY_MOUNTS WITH_HESIOD WITH_LDAP WITH_SASL LIBXML2_WORKAROUND I see the dn search now includes specific ou but the end results are still the same... Jan 14 14:48:27 beast automount[7908]: handle_packet: type = 3 Jan 14 14:48:27 beast automount[7908]: handle_packet_missing_indirect: token 24760, name USER02, request pid 8205 Jan 14 14:48:27 beast automount[7908]: attempting to mount entry /u/USER02 Jan 14 14:48:27 beast automount[7908]: lookup_mount: lookup(ldap): looking up USER02 Jan 14 14:48:27 beast automount[7908]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) Jan 14 14:48:27 beast automount[7908]: do_bind: lookup(ldap): ldap simple bind returned 0 Jan 14 14:48:27 beast automount[7908]: lookup_one: lookup(ldap): searching for "(&(objectclass=automount)(|(cn=USER02)(cn=/)(cn=\2A)))" under "ou=auto.u,dc=domain,dc=com" Jan 14 14:48:27 beast automount[7908]: lookup_one: lookup(ldap): getting first entry for cn="USER02" Jan 14 14:48:27 beast automount[7908]: lookup_one: lookup(ldap): examining first entry Jan 14 14:48:27 beast last message repeated 31 times Jan 14 14:48:27 beast automount[7908]: lookup_mount: lookup(ldap): USER02 -> -rw,soft,intr file-server-ct:/local/home/NOTUSER02 Jan 14 14:48:27 beast automount[7908]: parse_mount: parse(sun): expanded entry: -rw,soft,intr file-server-ct:/local/home/NOTUSER02 Jan 14 14:48:27 beast automount[7908]: parse_mount: parse(sun): gathered options: rw,soft,intr Jan 14 14:48:27 beast automount[7908]: parse_mount: parse(sun): dequote("file-server-ct:/local/home/NOTUSER02") -> file-server-ct:/local/home/NOTUSER02 Jan 14 14:48:27 beast automount[7908]: parse_mount: parse(sun): core of entry: options=rw,soft,intr, loc=file-server-ct:/local/home/NOTUSER02 Jan 14 14:48:27 beast automount[7908]: sun_mount: parse(sun): mounting root /u, mountpoint USER02, what file-server-ct:/local/home/NOTUSER02, fstype nfs, options rw,soft,intr Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): root=/u name=USER02 what=file-server-ct:/local/home/NOTUSER02, fstype=nfs, options=rw,soft,intr Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): nfs options="rw,soft,intr", nosymlink=0, ro=0 Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): calling mkdir_path /u/USER02 Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): calling mount -t nfs -s -o rw,soft,intr file-server-ct:/local/home/NOTUSER02 /u/USER02 Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): mounted file-server-ct:/local/home/NOTUSER02 on /u/USER02 Jan 14 14:48:27 beast automount[7908]: ioctl_send_ready: token = 24760 Jan 14 14:48:27 beast automount[7908]: mounted /u/USER02
Hey, Any thoughts on the above issue? Thanks again for your help on this. Dan
(In reply to comment #16) > Hey, > Any thoughts on the above issue? Thanks again for your help on this. Maybe the constructed query is not correct. Can you post another ldapsearch for USER02 which includes -b "ou=auto.u,dc=domain,dc=com" and see what we get. Also, post the result of another search with "(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))" as the filter and see what we get.
> Maybe the constructed query is not correct. > Can you post another ldapsearch for USER02 which includes > -b "ou=auto.u,dc=domain,dc=com" and see what we get. [root@beast ~]# ldapsearch -x -b 'ou=auto.u,dc=domain,dc=com' '(cn=USER02)' # extended LDIF # # LDAPv3 # base <ou=auto.u,dc=domain,dc=com> with scope subtree # filter: (cn=USER02) # requesting: ALL # # USER02, auto.u, domain.com dn: cn=USER02,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server-ct:/local/home/USER02 objectClass: automount cn: USER02 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 > Also, post the result of another search with > "(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))" > as the filter and see what we get. [root@beast ~]# ldapsearch -x -b 'ou=auto.u,dc=domain,dc=com' '(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))' # extended LDIF # # LDAPv3 # base <ou=auto.u,dc=domain,dc=com> with scope subtree # filter: (&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A)))) # requesting: ALL # # NOTUSER02, auto.u, domain.com dn: cn=NOTUSER02,ou=auto.u,dc=domain,dc=com objectClass: automount cn: NOTUSER02 cn: * automountInformation: -rw,soft,intr file-server-ct:/local/home/NOTUSER02 # SOMEOTHERUSER1, auto.u, domain.com dn: cn=SOMEOTHERUSER1,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server-ct:/local/home/SOMEOTHERUSER1 objectClass: automount cn: SOMEOTHERUSER1 cn: * # SOMEOTHERUSER2, auto.u, domain.com dn: cn=SOMEOTHERUSER2,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server-ct:/local/home/SOMEOTHERUSER2 objectClass: automount cn: SOMEOTHERUSER2 cn: * # USER02, auto.u, domain.com dn: cn=USER02,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server-ct:/local/home/USER02 objectClass: automount cn: USER02 # SOMEOTHERUSER3, auto.u, domain.com dn: cn=SOMEOTHERUSER3,ou=auto.u,dc=domain,dc=com automountInformation: -rw,soft,intr file-server-ct:/local/home/SOMEOTHERUSER3 objectClass: automount cn: SOMEOTHERUSER3 cn: * snip ... # search result search: 2 result: 0 Success # numResponses: 33 # numEntries: 32
(In reply to comment #18) > > Maybe the constructed query is not correct. > > Can you post another ldapsearch for USER02 which includes > > -b "ou=auto.u,dc=domain,dc=com" and see what we get. > > [root@beast ~]# ldapsearch -x -b 'ou=auto.u,dc=domain,dc=com' '(cn=USER02)' > # extended LDIF > # > # LDAPv3 > # base <ou=auto.u,dc=domain,dc=com> with scope subtree > # filter: (cn=USER02) > # requesting: ALL > # > > # USER02, auto.u, domain.com > dn: cn=USER02,ou=auto.u,dc=domain,dc=com > automountInformation: -rw,soft,intr > file-server-ct:/local/home/USER02 > objectClass: automount > cn: USER02 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > > Also, post the result of another search with > > "(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))" > > as the filter and see what we get. > > [root@beast ~]# ldapsearch -x -b 'ou=auto.u,dc=domain,dc=com' > '(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))' > # extended LDIF > # > # LDAPv3 > # base <ou=auto.u,dc=domain,dc=com> with scope subtree > # filter: (&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A)))) > # requesting: ALL > # > > # NOTUSER02, auto.u, domain.com > dn: cn=NOTUSER02,ou=auto.u,dc=domain,dc=com > objectClass: automount > cn: NOTUSER02 > cn: * Why is the wildcard listed here? Is it really included in the entry? If it is then the entry will match any key passed.