Bug 480190 - AutoFS LDAP mounting doesn't work
AutoFS LDAP mounting doesn't work
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: autofs (Show other bugs)
10
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Ian Kent
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-15 11:59 EST by Jeremy Erickson
Modified: 2011-01-20 01:16 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-27 02:52:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeremy Erickson 2009-01-15 11:59:20 EST
Description of problem:
We are trying to get Fedora to properly automount home directories on our network, using LDAP for the automount information.  However, it fails to read the LDAP data, as it appears to be using an incorrect entry from /etc/sysconfig/autofs

Version-Release number of selected component (if applicable):
5.0.3-36

How reproducible: Always (at least on our network)


Steps to Reproduce:
1.
/etc/syconfig/autofs (values for our network):
#
# Define default options for autofs.
#
# MASTER_MAP_NAME - default map name for the master map.
#
#MASTER_MAP_NAME="auto.master"
#
# TIMEOUT - set the default mount timeout (default 600).
#
TIMEOUT=300
#
# NEGATIVE_TIMEOUT - set the default negative timeout for
#                    failed mount attempts (default 60).
#
#NEGATIVE_TIMEOUT=60
#
# UMOUNT_WAIT - time to wait for a response from umount(8).
#
#UMOUNT_WAIT=12
#
# BROWSE_MODE - maps are browsable by default.
#
BROWSE_MODE="no"
#
# APPEND_OPTIONS - append to global options instead of replace.
#
#APPEND_OPTIONS="yes"
#
# LOGGING - set default log level "none", "verbose" or "debug"
#
#LOGGING="none"
LOGGING="debug"
#
# Define base dn for map dn lookup.
#
# Define server URIs
#
# LDAP_URI - space seperated list of server uris of the form
#            <proto>://<server>[/] where <proto> can be ldap
#            or ldaps. The option can be given multiple times.
#            Map entries that include a server name override
#            this option.
#
#LDAP_URI=""
LDAP_URI="ldap://10.120.1.3 ldap://10.120.1.2"
#
# LDAP__TIMEOUT - timeout value for the synchronous API  calls
#                 (default is LDAP library default).
#
#LDAP_TIMEOUT=-1
#
# LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8).
#
#LDAP_NETWORK_TIMEOUT=8
#
# SEARCH_BASE - base dn to use for searching for map search dn.
#               Multiple entries can be given and they are checked
#               in the order they occur here.
#
#SEARCH_BASE=""
SEARCH_BASE="dc=css,dc=tayloru,dc=edu"
#
# Define the LDAP schema to used for lookups
#
# If no schema is set autofs will check each of the schemas
# below in the order given to try and locate an appropriate
# basdn for lookups. If you want to minimize the number of
# queries to the server set the values here.
#
#MAP_OBJECT_CLASS="nisMap"
#ENTRY_OBJECT_CLASS="nisObject"
#MAP_ATTRIBUTE="nisMapName"
#ENTRY_ATTRIBUTE="cn"
#VALUE_ATTRIBUTE="nisMapEntry"
#
# Other common LDAP nameing
#
MAP_OBJECT_CLASS="automountMap"
ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="ou"
ENTRY_ATTRIBUTE="cn"
VALUE_ATTRIBUTE="automountInformation"
#
#MAP_OBJECT_CLASS="automountMap"
#ENTRY_OBJECT_CLASS="automount"
#MAP_ATTRIBUTE="automountMapName"
#ENTRY_ATTRIBUTE="automountKey"
#VALUE_ATTRIBUTE="automountInformation"
#
# AUTH_CONF_FILE - set the default location for the SASL
#                          authentication configuration file.
#
#AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf"
#
# General global options
#
#OPTIONS=""
#



2.
/etc/init.d/autofs restart
  
Actual results:
in /var/log/messages:

Jan 15 10:30:14 asahel automount[24942]: autofs stopped
Jan 15 10:30:14 asahel automount[24971]: Starting automounter version 5.0.2-31, master map auto.master
Jan 15 10:30:14 asahel automount[24971]: using kernel protocol version 5.00
Jan 15 10:30:14 asahel automount[24971]: lookup_nss_read_master: reading master ldap auto.master
Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master".
Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): mapname auto.master
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null)
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null)
Jan 15 10:30:14 asahel automount[24971]: find_server: trying server ldap://10.120.1.3
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): check search base list
Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): found search base under dc=css,dc=tayloru,dc=edu
Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): found query dn ou=auto.master,dc=css,dc=tayloru,dc=edu
Jan 15 10:30:14 asahel automount[24971]: connected to uri ldap://10.120.1.3
Jan 15 10:30:14 asahel automount[24971]: parse_init: parse(sun): init gathered global options: (null)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan 15 10:30:14 asahel automount[24971]: lookup_read_master: lookup(ldap): searching for "(objectclass=automount)" under "ou=auto.master,dc=css,dc=tayloru,dc=edu"
Jan 15 10:30:14 asahel automount[24971]: lookup_read_master: lookup(ldap): examining entries
Jan 15 10:30:14 asahel automount[24971]: master_do_mount: mounting /auto
Jan 15 10:30:14 asahel automount[24971]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-auto
Jan 15 10:30:14 asahel automount[24971]: lookup_nss_read_map: reading map ldap ldap:10.120.1.2:ou=auto.auto,dc=css,dc=tayloru,dc=edu
Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:10.120.1.2:ou=auto.auto,dc=css,dc=tayloru,dc=edu".
Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): server "ldap://10.120.1.2/", base dn "ou=auto.auto,dc=css,dc=tayloru,dc=edu"
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null)
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): query succeeded, no matches for (objectclass=automountMap)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): failed to get query dn
Jan 15 10:30:14 asahel automount[24971]: lookup(ldap): couldn't connect to server ldap://10.120.1.2/
Jan 15 10:30:14 asahel automount[24971]: do_read_map: lookup module ldap failed
Jan 15 10:30:14 asahel automount[24971]: mount_autofs_indirect: failed to read map for /auto
Jan 15 10:30:14 asahel automount[24971]: handle_mounts: mount of /auto failed!
Jan 15 10:30:14 asahel automount[24971]: master_do_mount: failed to startup mount
Jan 15 10:30:14 asahel automount[24971]: master_do_mount: mounting /home
Jan 15 10:30:14 asahel automount[24971]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-home
Jan 15 10:30:14 asahel automount[24971]: lookup_nss_read_map: reading map ldap ldap:10.120.1.2:ou=auto.home,dc=css,dc=tayloru,dc=edu
Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:10.120.1.2:ou=auto.home,dc=css,dc=tayloru,dc=edu".
Jan 15 10:30:14 asahel automount[24971]: parse_server_string: lookup(ldap): server "ldap://10.120.1.2/", base dn "ou=auto.home,dc=css,dc=tayloru,dc=edu"
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null)
Jan 15 10:30:14 asahel automount[24971]: parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan 15 10:30:14 asahel automount[24971]: get_query_dn: lookup(ldap): query succeeded, no matches for (objectclass=automountMap)
Jan 15 10:30:14 asahel automount[24971]: do_bind: lookup(ldap): failed to get query dn
Jan 15 10:30:14 asahel automount[24971]: lookup(ldap): couldn't connect to server ldap://10.120.1.2/
Jan 15 10:30:14 asahel automount[24971]: do_read_map: lookup module ldap failed
Jan 15 10:30:14 asahel automount[24971]: mount_autofs_indirect: failed to read map for /home
Jan 15 10:30:14 asahel automount[24971]: handle_mounts: mount of /home failed!
Jan 15 10:30:14 asahel automount[24971]: master_do_mount: failed to startup mount
Jan 15 10:30:14 asahel automount[24971]: no mounts in table


It appears that it searches for MAP_OBJECT_CLASS where it should be searching for ENTRY_OBJECT_CLASS

Expected results:
It should find the value with ENTRY_OBJECT_CLASS and set our mountpoints.  This does indeed happen on Gentoo, which we have on some of our other machines, so our LDAP configuration should be OK.
Comment 1 Ian Kent 2009-01-16 07:36:37 EST
Can you post your LDAP map please.
Comment 2 Noah Sheppard 2009-01-16 10:50:18 EST
Ian,

My name is Noah, and I work with Jeremy.

I'm assuming when you say LDAP map, you want to see what's in our LDAP directory. In LDIF form, here are relevant entries:

auto.master:

dn: ou=auto.master,dc=css,dc=tayloru,dc=edu
ou: auto.master
objectClass: top
objectClass: automountMap

dn: cn=/auto,ou=auto.master,dc=css,dc=tayloru,dc=edu
objectClass: automount
cn: /auto
automountInformation: ldap:10.120.1.3,10.120.1.2:ou=auto.auto,dc=css,dc=taylor
 u,dc=edu

dn: cn=/home,ou=auto.master,dc=css,dc=tayloru,dc=edu
objectClass: automount
cn: /home
automountInformation: ldap:10.120.1.3,10.120.1.2:ou=auto.home,dc=css,dc=taylor
 u,dc=edu

auto.auto:

dn: ou=auto.auto,dc=css,dc=tayloru,dc=edu
ou: auto.auto
objectClass: top
objectClass: organizationalUnit

dn: cn=mail,ou=auto.auto,dc=css,dc=tayloru,dc=edu
objectClass: automount
cn: mail
automountInformation: -rw,soft,tcp mary:/var/spool/mail

auto.home:

dn: ou=auto.home,dc=css,dc=tayloru,dc=edu
ou: auto.home
objectClass: top
objectClass: organizationalUnit

dn: cn=users5,ou=auto.home,dc=css,dc=tayloru,dc=edu
objectClass: automount
cn: users5
automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet
 er:/export/users/users5

dn: cn=scratch,ou=auto.home,dc=css,dc=tayloru,dc=edu
objectClass: automount
cn: scratch
automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet
 er:/export/scratch

dn: cn=users,ou=auto.home,dc=css,dc=tayloru,dc=edu
objectClass: automount
cn: users
automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet 
 er:/export/users

dn: cn=submit,ou=auto.home,dc=css,dc=tayloru,dc=edu
objectClass: automount
cn: submit
automountInformation: -rw,soft,tcp,rsize=4096,wsize=4096,retrans=30 peter:/exp
 ort/submit

dn: cn=projects,ou=auto.home,dc=css,dc=tayloru,dc=edu
objectClass: automount
cn: projects
automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet
 er:/export/projects
Comment 3 Ian Kent 2009-01-16 11:05:38 EST
(In reply to comment #2)
> Ian,
> 
> My name is Noah, and I work with Jeremy.

Hi,

> 
> I'm assuming when you say LDAP map, you want to see what's in our LDAP
> directory. In LDIF form, here are relevant entries:

Yep.

> 
> auto.master:
> 
> dn: ou=auto.master,dc=css,dc=tayloru,dc=edu
> ou: auto.master
> objectClass: top
> objectClass: automountMap
> 
> dn: cn=/auto,ou=auto.master,dc=css,dc=tayloru,dc=edu
> objectClass: automount
> cn: /auto
> automountInformation: ldap:10.120.1.3,10.120.1.2:ou=auto.auto,dc=css,dc=taylor
>  u,dc=edu
> 
> dn: cn=/home,ou=auto.master,dc=css,dc=tayloru,dc=edu
> objectClass: automount
> cn: /home
> automountInformation: ldap:10.120.1.3,10.120.1.2:ou=auto.home,dc=css,dc=taylor
>  u,dc=edu
> 
> auto.auto:
> 
> dn: ou=auto.auto,dc=css,dc=tayloru,dc=edu
> ou: auto.auto
> objectClass: top
> objectClass: organizationalUnit

Where is the:
objectClass: automountMap
for this map?

> 
> dn: cn=mail,ou=auto.auto,dc=css,dc=tayloru,dc=edu
> objectClass: automount
> cn: mail
> automountInformation: -rw,soft,tcp mary:/var/spool/mail
> 
> auto.home:
> 
> dn: ou=auto.home,dc=css,dc=tayloru,dc=edu
> ou: auto.home
> objectClass: top
> objectClass: organizationalUnit

and the:
objectClass: automountMap
for this map?

> 
> dn: cn=users5,ou=auto.home,dc=css,dc=tayloru,dc=edu
> objectClass: automount
> cn: users5
> automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet
>  er:/export/users/users5
> 
> dn: cn=scratch,ou=auto.home,dc=css,dc=tayloru,dc=edu
> objectClass: automount
> cn: scratch
> automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet
>  er:/export/scratch
> 
> dn: cn=users,ou=auto.home,dc=css,dc=tayloru,dc=edu
> objectClass: automount
> cn: users
> automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet 
>  er:/export/users
> 
> dn: cn=submit,ou=auto.home,dc=css,dc=tayloru,dc=edu
> objectClass: automount
> cn: submit
> automountInformation: -rw,soft,tcp,rsize=4096,wsize=4096,retrans=30 peter:/exp
>  ort/submit
> 
> dn: cn=projects,ou=auto.home,dc=css,dc=tayloru,dc=edu
> objectClass: automount
> cn: projects
> automountInformation: -rw,soft,tcp,nolock,rsize=4096,wsize=4096,retrans=30 pet
>  er:/export/projects
Comment 4 Noah Sheppard 2009-01-16 12:34:02 EST
(In reply to comment #3)
> (In reply to comment #2)
> > Ian,
> > 
> > My name is Noah, and I work with Jeremy.
> 
> Hi,
Hi, thanks for your help!

> [..] 
> > dn: ou=auto.auto,dc=css,dc=tayloru,dc=edu
> > ou: auto.auto
> > objectClass: top
> > objectClass: organizationalUnit
> 
> Where is the:
> objectClass: automountMap
> for this map?
> [..]
> > dn: ou=auto.home,dc=css,dc=tayloru,dc=edu
> > ou: auto.home
> > objectClass: top
> > objectClass: organizationalUnit
> 
> and the:
> objectClass: automountMap
> for this map?

Looks like that was the problem.  Those entries don't have objectClass: automountMap, and had been working for at least the past four years on gentoo, fedora, and redhat machines alike.  Did something change in recent versions of autofs to make objectClass checking more strict?

Also, when the log said

    reading map ldap ldap:10.120.1.2:ou=auto.auto,dc=css,dc=tayloru,dc=edu

and then
    
    "query succeeded, no matches for (objectclass=automountMap)"

we took that to mean that automount was (incorrectly) looking for objectclass=automountMap with "one" scope in ou=auto.auto,...  It looks like instead it's doing a base scope search.  Is that correct?

Thanks again for your help!
Comment 5 Ian Kent 2009-01-17 22:14:38 EST
(In reply to comment #4)
> 
> Looks like that was the problem.  Those entries don't have objectClass:
> automountMap, and had been working for at least the past four years on gentoo,
> fedora, and redhat machines alike.  Did something change in recent versions of
> autofs to make objectClass checking more strict?
> 

Yes, but not recently.

The objectclass was always required and I believe you could
get away without it in version 4 but version 5 needs to be
more strict.

For example, when using nsswitch sources autofs has only the
map name to work with. So we get the base dn when a map is
first opened for a few reasons, to get the base of the map
dn, as an entry validation, to ensure we get only entries
that belong to the the map we want and to limit the search.

This seemed reasonable enough since the objectclass has, in
theory, always been required.

Sorry for the inconvenience.
Ian
Comment 6 Ian Kent 2009-02-27 02:52:01 EST
For the discussion it looks like this is NOTABUG.
If that wasn't the result of our discussion please re-open this bug.

Ian
Comment 7 dquiles86 2011-01-06 13:59:17 EST
I seem to be experiencing a similar issue, except when I try to add the missing "objectClass: automountMap", I receive the following error: 

LDAP: error code 65 - invalid structural object class chain (organizationalUnit/automountMap)

Here is the debug.log:

Jan  6 13:55:58 beast automount[8255]: Starting automounter version 5.0.1-0.rc2.143.el5_5.6, master map auto.master
Jan  6 13:55:58 beast automount[8255]: using kernel protocol version 5.01
Jan  6 13:55:58 beast automount[8255]: lookup_nss_read_master: reading master ldap auto.master
Jan  6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master".
Jan  6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): mapname auto.master
Jan  6 13:55:58 beast automount[8255]: parse_init: parse(sun): init gathered global options: (null)
Jan  6 13:55:58 beast automount[8255]: find_server: trying server uri ldap://172.16.0.112/
Jan  6 13:55:58 beast automount[8255]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan  6 13:55:58 beast automount[8255]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan  6 13:55:58 beast automount[8255]: get_query_dn: lookup(ldap): check search base list
Jan  6 13:55:58 beast automount[8255]: get_query_dn: lookup(ldap): found search base under dc=domain,dc=com
Jan  6 13:55:58 beast automount[8255]: get_query_dn: lookup(ldap): found query dn ou=auto.master,dc=domain,dc=com
Jan  6 13:55:58 beast automount[8255]: connected to uri ldap://172.16.0.112/
Jan  6 13:55:58 beast automount[8255]: lookup_read_master: lookup(ldap): searching for "(objectclass=automount)" under "ou=auto.master,dc=domain,dc=com"
Jan  6 13:55:58 beast automount[8255]: lookup_read_master: lookup(ldap): examining entries
Jan  6 13:55:58 beast automount[8255]: master_do_mount: mounting /u
Jan  6 13:55:58 beast automount[8255]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-u
Jan  6 13:55:58 beast automount[8255]: lookup_nss_read_map: reading map ldap ldap:ldap-server:ou=auto.u,dc=domain,dc=com
Jan  6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:ldap-server:ou=auto.u,dc=domain,dc=com".
Jan  6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): server "ldap://ldap-server/", base dn "ou=auto.u,dc=domain,dc=com"
Jan  6 13:55:58 beast automount[8255]: parse_init: parse(sun): init gathered global options: (null)
Jan  6 13:55:58 beast automount[8255]: mounted indirect on /u with timeout 60, freq 15 seconds
Jan  6 13:55:58 beast automount[8255]: st_ready: st_ready(): state = 0 path /u
Jan  6 13:55:58 beast automount[8255]: master_do_mount: mounting /y
Jan  6 13:55:58 beast automount[8255]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-y
Jan  6 13:55:58 beast automount[8255]: lookup_nss_read_map: reading map ldap ldap:ldap-server:ou=auto.y,dc=domain,dc=com
Jan  6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:ldap-server:ou=auto.y,dc=domain,dc=com".
Jan  6 13:55:58 beast automount[8255]: parse_server_string: lookup(ldap): server "ldap://ldap-server/", base dn "ou=auto.y,dc=domain,dc=com"
Jan  6 13:55:58 beast automount[8255]: parse_init: parse(sun): init gathered global options: (null)
Jan  6 13:55:58 beast automount[8255]: mounted indirect on /y with timeout 60, freq 15 seconds
Jan  6 13:55:58 beast automount[8255]: st_ready: st_ready(): state = 0 path /y
Jan  6 13:55:59 beast automount[8255]: handle_packet: type = 3
Jan  6 13:55:59 beast automount[8255]: handle_packet_missing_indirect: token 7622, name user, request pid 8292
Jan  6 13:55:59 beast automount[8255]: attempting to mount entry /u/user
Jan  6 13:55:59 beast automount[8255]: lookup_mount: lookup(ldap): looking up user
Jan  6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan  6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan  6 13:55:59 beast automount[8255]: get_query_dn: lookup(ldap): query succeeded, no matches for (objectclass=automountMap)
Jan  6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): failed to get query dn
Jan  6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan  6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan  6 13:55:59 beast automount[8255]: get_query_dn: lookup(ldap): query succeeded, no matches for (objectclass=automountMap)
Jan  6 13:55:59 beast automount[8255]: do_bind: lookup(ldap): failed to get query dn
Jan  6 13:55:59 beast automount[8255]: lookup(ldap): couldn't connect to server ldap://ldap-server/
Jan  6 13:55:59 beast automount[8255]: lookup(ldap): lookup for user failed: connection failed
Jan  6 13:55:59 beast automount[8255]: key "user" not found in map source(s).
Jan  6 13:55:59 beast automount[8255]: ioctl_send_fail: token = 7622
Jan  6 13:55:59 beast automount[8255]: failed to mount /u/user
Comment 8 Ian Kent 2011-01-09 23:09:53 EST
(In reply to comment #7)
> I seem to be experiencing a similar issue, except when I try to add the missing
> "objectClass: automountMap", I receive the following error: 
> 
> LDAP: error code 65 - invalid structural object class chain
> (organizationalUnit/automountMap)

Do you have the appropriate schema definitions?
What is the ldif you are trying to load into LDAP?

Ian
Comment 9 dquiles86 2011-01-10 01:24:09 EST
Hey,
  Ive posted the schema that we are using & the ldif, autofs portion, TYIA!

[root@beast ~]# rpm -qa |grep -i autofs
autofs-5.0.1-0.rc2.143.el5_5.6

[root@beast ~]# cat /usr/share/doc/autofs-5.0.1/autofs.schema
#
# $id$
#
# Depends upon core.schema and cosine.schema

# OID Base is 1.3.6.1.4.1.2312.4
#
# Attribute types are under 1.3.6.1.4.1.2312.4.1
# Object classes are under 1.3.6.1.4.1.2312.4.2
# Syntaxes are under 1.3.6.1.4.1.2312.4.3

# Attribute Type Definitions

attributetype ( 1.3.6.1.1.1.1.25 NAME 'automountInformation'
        DESC 'Information used by the autofs automounter'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

objectclass ( 1.3.6.1.1.1.1.13 NAME 'automount' SUP top STRUCTURAL
        DESC 'An entry in an automounter map'
        MUST ( cn $ automountInformation $ objectclass )
        MAY ( description ) )

objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL
        DESC 'An group of related automount objects'
        MUST ( ou ) )



# auto.master, domain.com
dn: ou=auto.master,dc=domain,dc=com
ou: auto.master
objectClass: top
objectClass: automountMap

# /u, auto.master, domain.com
dn: cn=/u,ou=auto.master,dc=domain,dc=com
objectClass: automount
cn: /u
automountInformation: ldap:ldap-server:ou=auto.u,dc=domain,dc=com --timeout 60

# /y, auto.master, domain.com
dn: cn=/y,ou=auto.master,dc=domain,dc=com
objectClass: automount
cn: /y
automountInformation: ldap:ldap-server:ou=auto.y,dc=domain,dc=com --timeout 60


# auto.u, domain.com
dn: ou=auto.u,dc=domain,dc=com
ou: auto.u
objectClass: top
objectClass: organizationalUnit

# user, auto.u, domain.com
dn: cn=user,ou=auto.u,dc=domain,dc=com
objectClass: automount
automountInformation: -rw,soft,intr             file-server-ct:/local/home/user
cn: user
cn: *


# auto.y, domain.com
dn: ou=auto.y,dc=domain,dc=com
ou: auto.y
objectClass: top
objectClass: organizationalUnit

# user, auto.y, domain.com
dn: cn=user,ou=auto.y,dc=domain,dc=com
objectClass: automount
cn: user
automountInformation: -rw,soft,noquota,intr            smoker:/local/home/user
Comment 10 dquiles86 2011-01-10 01:35:14 EST
correction (no cn:*)

# user, auto.u, domain.com
dn: cn=user,ou=auto.u,dc=domain,dc=com
objectClass: automount
cn: user
automountInformation: -rw,soft,intr             file-server-ct:/local/home/user
Comment 11 Ian Kent 2011-01-10 02:18:11 EST
(In reply to comment #9)
> Hey,
>   Ive posted the schema that we are using & the ldif, autofs portion, TYIA!
snip ...

> 
> # auto.master, domain.com
> dn: ou=auto.master,dc=domain,dc=com
> ou: auto.master
> objectClass: top
> objectClass: automountMap
> 
> # /u, auto.master, domain.com
> dn: cn=/u,ou=auto.master,dc=domain,dc=com
> objectClass: automount
> cn: /u
> automountInformation: ldap:ldap-server:ou=auto.u,dc=domain,dc=com --timeout 60
> 
> # /y, auto.master, domain.com
> dn: cn=/y,ou=auto.master,dc=domain,dc=com
> objectClass: automount
> cn: /y
> automountInformation: ldap:ldap-server:ou=auto.y,dc=domain,dc=com --timeout 60
> 
> 
> # auto.u, domain.com
> dn: ou=auto.u,dc=domain,dc=com
> ou: auto.u
> objectClass: top
> objectClass: organizationalUnit

Maybe this should be:
objectClass: automountMap

instead of organizationalUnit, or is not being able to do that
the source of your problem?

> 
> # user, auto.u, domain.com
> dn: cn=user,ou=auto.u,dc=domain,dc=com
> objectClass: automount
> automountInformation: -rw,soft,intr             file-server-ct:/local/home/user
> cn: user
> cn: *
> 
> 
> # auto.y, domain.com
> dn: ou=auto.y,dc=domain,dc=com
> ou: auto.y
> objectClass: top
> objectClass: organizationalUnit

And here too.

> 
> # user, auto.y, domain.com
> dn: cn=user,ou=auto.y,dc=domain,dc=com
> objectClass: automount
> cn: user
> automountInformation: -rw,soft,noquota,intr            smoker:/local/home/user
Comment 12 dquiles86 2011-01-11 00:32:35 EST
I was suspicious of that attribute value, I realized I was unable to modify the value on the fly, I had to export ldif, removed ou's auto.y & auto.u including its sub entries, from ldap, modify exported ldif, then re-import. Issue resolved. Thank You!
Comment 13 dquiles86 2011-01-13 13:29:09 EST
I am noticing another issue, some users directories mount correctly, while others don't. Once again any assistance is greatly appreciated, thank you.

USER01 works fine.

[root@beast log]# su - USER01
-bash-3.2$ exit
logout

USER02 has the issue.

[root@beast log]# su - USER02
su: warning: cannot change directory to /u/USER02: Permission denied
-bash: /u/USER02/.bash_profile: Permission denied
-bash-3.2$ exit
logout
-bash: /u/USER02/.bash_logout: Permission denied


USER01 LOG
Jan 13 13:05:27 beast automount[23331]: handle_packet: type = 3
Jan 13 13:05:27 beast automount[23331]: handle_packet_missing_indirect: token 24475, name USER01, request pid 379
Jan 13 13:05:27 beast automount[23331]: attempting to mount entry /u/USER01
Jan 13 13:05:27 beast automount[23331]: lookup_mount: lookup(ldap): looking up USER01
Jan 13 13:05:27 beast automount[23331]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan 13 13:05:27 beast automount[23331]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan 13 13:05:27 beast automount[23331]: lookup_one: lookup(ldap): searching for "(&(objectclass=automount)(|(cn=USER01)(cn=/)(cn=\2A)))" under "ou=auto.u,dc=domain,dc=com"
Jan 13 13:05:27 beast automount[23331]: lookup_one: lookup(ldap): getting first entry for cn="USER01"
Jan 13 13:05:27 beast automount[23331]: lookup_one: lookup(ldap): examining first entry
Jan 13 13:05:27 beast last message repeated 31 times
Jan 13 13:05:27 beast automount[23331]: lookup_mount: lookup(ldap): USER01 -> -rw,soft,intr file-server-ct:/local/home/USER01
Jan 13 13:05:27 beast automount[23331]: parse_mount: parse(sun): expanded entry: -rw,soft,intr file-server-ct:/local/home/USER01
Jan 13 13:05:27 beast automount[23331]: parse_mount: parse(sun): gathered options: rw,soft,intr
Jan 13 13:05:27 beast automount[23331]: parse_mount: parse(sun): dequote("file-server-ct:/local/home/USER01") -> file-server-ct:/local/home/USER01
Jan 13 13:05:27 beast automount[23331]: parse_mount: parse(sun): core of entry: options=rw,soft,intr, loc=file-server-ct:/local/home/USER01
Jan 13 13:05:27 beast automount[23331]: sun_mount: parse(sun): mounting root /u, mountpoint USER01, what file-server-ct:/local/home/USER01, fstype nfs, options rw,soft,intr
Jan 13 13:05:27 beast automount[23331]: mount_mount: mount(nfs): root=/u name=USER01 what=file-server-ct:/local/home/USER01, fstype=nfs, options=rw,soft,intr
Jan 13 13:05:27 beast automount[23331]: mount_mount: mount(nfs): nfs options="rw,soft,intr", nosymlink=0, ro=0
Jan 13 13:05:27 beast automount[23331]: mount_mount: mount(nfs): calling mkdir_path /u/USER01
Jan 13 13:05:27 beast automount[23331]: mount_mount: mount(nfs): calling mount -t nfs -s -o rw,soft,intr file-server-ct:/local/home/USER01 /u/USER01
Jan 13 13:05:27 beast automount[23331]: mount(nfs): mounted file-server-ct:/local/home/USER01 on /u/USER01
Jan 13 13:05:27 beast automount[23331]: ioctl_send_ready: token = 24475
Jan 13 13:05:27 beast automount[23331]: mounted /u/USER01

USER02 LOG
Jan 13 13:05:32 beast automount[23331]: handle_packet: type = 3
Jan 13 13:05:32 beast automount[23331]: handle_packet_missing_indirect: token 24476, name USER02, request pid 421
Jan 13 13:05:32 beast automount[23331]: attempting to mount entry /u/USER02
Jan 13 13:05:32 beast automount[23331]: lookup_mount: lookup(ldap): looking up USER02
Jan 13 13:05:32 beast automount[23331]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan 13 13:05:32 beast automount[23331]: do_bind: lookup(ldap): ldap anonymous bind returned 0
Jan 13 13:05:32 beast automount[23331]: lookup_one: lookup(ldap): searching for "(&(objectclass=automount)(|(cn=USER02)(cn=/)(cn=\2A)))" under "ou=auto.u,dc=domain,dc=com"
Jan 13 13:05:32 beast automount[23331]: lookup_one: lookup(ldap): getting first entry for cn="USER02"
Jan 13 13:05:32 beast automount[23331]: lookup_one: lookup(ldap): examining first entry
Jan 13 13:05:32 beast last message repeated 31 times
Jan 13 13:05:32 beast automount[23331]: lookup_mount: lookup(ldap): USER02 -> -rw,soft,intr file-server-ct:/local/home/NOTUSER02
Jan 13 13:05:32 beast automount[23331]: parse_mount: parse(sun): expanded entry: -rw,soft,intr file-server-ct:/local/home/NOTUSER02
Jan 13 13:05:32 beast automount[23331]: parse_mount: parse(sun): gathered options: rw,soft,intr
Jan 13 13:05:32 beast automount[23331]: parse_mount: parse(sun): dequote("file-server-ct:/local/home/NOTUSER02") -> file-server-ct:/local/home/NOTUSER02
Jan 13 13:05:32 beast automount[23331]: parse_mount: parse(sun): core of entry: options=rw,soft,intr, loc=file-server-ct:/local/home/NOTUSER02
Jan 13 13:05:32 beast automount[23331]: sun_mount: parse(sun): mounting root /u, mountpoint USER02, what file-server-ct:/local/home/NOTUSER02, fstype nfs, options rw,soft,intr
Jan 13 13:05:32 beast automount[23331]: mount_mount: mount(nfs): root=/u name=USER02 what=file-server-ct:/local/home/NOTUSER02, fstype=nfs, options=rw,soft,intr
Jan 13 13:05:32 beast automount[23331]: mount_mount: mount(nfs): nfs options="rw,soft,intr", nosymlink=0, ro=0
Jan 13 13:05:32 beast automount[23331]: mount_mount: mount(nfs): calling mkdir_path /u/USER02
Jan 13 13:05:32 beast automount[23331]: mount_mount: mount(nfs): calling mount -t nfs -s -o rw,soft,intr file-server-ct:/local/home/NOTUSER02 /u/USER02
Jan 13 13:05:32 beast automount[23331]: mount(nfs): mounted file-server-ct:/local/home/NOTUSER02 on /u/USER02
Jan 13 13:05:32 beast automount[23331]: ioctl_send_ready: token = 24476
Jan 13 13:05:32 beast automount[23331]: mounted /u/USER02

MANUALLY RAN QUERY FOR USER01 (USER01 shows up first & the rest of the users in the ou show below (I didnt post the complete output)
ldapsearch -x -b 'dc=domain,dc=com' '(&(objectclass=automount)(|(cn=USER01)(cn=/)(cn=\2A)))' | less

# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=com> with scope subtree
# filter: (&(objectclass=automount)(|(cn=USER01)(cn=/)(cn=\2A)))
# requesting: ALL
#

# USER01, auto.y, domain.com
dn: cn=USER01,ou=auto.y,dc=domain,dc=com
automountInformation: -rw,soft,noquota,intr            smoker:/local/home/USER01
objectClass: automount
cn: USER01

# USER01, auto.u, domain.com
dn: cn=USER01,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server-ct:/local/home/USER01
objectClass: automount
cn: USER01

# NOTUSER02, auto.u, domain.com
dn: cn=NOTUSER02,ou=auto.u,dc=domain,dc=com
objectClass: automount
cn: NOTUSER02
cn: *
automountInformation: -rw,soft,intr file-server-ct:/local/home/NOTUSER02

# SOMEOTHERUSER1, auto.u, domain.com
dn: cn=SOMEOTHERUSER1,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server:/local/home/SOMEOTHERUSER1
objectClass: automount
cn: SOMEOTHERUSER1
cn: *

# SOMEOTHERUSER2, auto.u, domain.com
dn: cn=SOMEOTHERUSER2,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server:/local/home/SOMEOTHERUSER2
objectClass: automount
cn: SOMEOTHERUSER2
cn: *


MANUALLY RAN QUERY FOR USER02 (USER02 does not show up first)
ldapsearch -x -b 'dc=domain,dc=com' '(&(objectclass=automount)(|(cn=USER02)(cn=/)(cn=\2A)))' | less

# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=com> with scope subtree
# filter: (&(objectclass=automount)(|(cn=USER02)(cn=/)(cn=\2A)))
# requesting: ALL
#

# NOTUSER02, auto.u, domain.com
dn: cn=NOTUSER02,ou=auto.u,dc=domain,dc=com
objectClass: automount
cn: NOTUSER02
cn: *
automountInformation: -rw,soft,intr file-server:/local/home/NOTUSER02

# SOMEOTHERUSER1, auto.u, domain.com
dn: cn=SOMEOTHERUSER1,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server:/local/home/SOMEOTHERUSER1
objectClass: automount
cn: SOMEOTHERUSER1
cn: *

# SOMEOTHERUSER2, auto.u, domain.com
dn: cn=SOMEOTHERUSER2,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server:/local/home/SOMEOTHERUSER2
objectClass: automount
cn: SOMEOTHERUSER2
cn: *

# USER02, auto.u, domain.com
dn: cn=USER02,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server:/local/home/USER02
objectClass: automount
cn: USER02
Comment 14 Ian Kent 2011-01-14 03:54:54 EST
(In reply to comment #13)
> I am noticing another issue, some users directories mount correctly, while
> others don't. Once again any assistance is greatly appreciated, thank you.

This version of autofs is old.
Maybe it would be a good idea to get a more recent source rpm
and build it against F10.
 
> 
> USER01 works fine.
> 
> [root@beast log]# su - USER01
> -bash-3.2$ exit
> logout
> 
> USER02 has the issue.
> 
> [root@beast log]# su - USER02
> su: warning: cannot change directory to /u/USER02: Permission denied
> -bash: /u/USER02/.bash_profile: Permission denied
> -bash-3.2$ exit
> logout
> -bash: /u/USER02/.bash_logout: Permission denied
> 

snip ...

> 
> MANUALLY RAN QUERY FOR USER01 (USER01 shows up first & the rest of the users in
> the ou show below (I didnt post the complete output)
> ldapsearch -x -b 'dc=domain,dc=com'
> '(&(objectclass=automount)(|(cn=USER01)(cn=/)(cn=\2A)))' | less

But these queries are supposed to be done against a specific
based dn, ou=<map name>,dc=domain,dc=com in this case. Calculating
the base dn might not be being done properly in this version.

Ian
Comment 15 dquiles86 2011-01-14 14:52:59 EST
Hey Ian,
I upgraded, still experiencing the same issue.

[root@beast log]# automount --version

Linux automount version 5.0.5

Directories:
	config dir:	/etc/sysconfig
	maps dir:	/etc
	modules dir:	/usr/lib64/autofs

Compile options:
  DISABLE_MOUNT_LOCKING ENABLE_IGNORE_BUSY_MOUNTS WITH_HESIOD WITH_LDAP 
  WITH_SASL LIBXML2_WORKAROUND 


I see the dn search now includes specific ou but the end results are still the same...

Jan 14 14:48:27 beast automount[7908]: handle_packet: type = 3
Jan 14 14:48:27 beast automount[7908]: handle_packet_missing_indirect: token 24760, name USER02, request pid 8205
Jan 14 14:48:27 beast automount[7908]: attempting to mount entry /u/USER02
Jan 14 14:48:27 beast automount[7908]: lookup_mount: lookup(ldap): looking up USER02
Jan 14 14:48:27 beast automount[7908]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
Jan 14 14:48:27 beast automount[7908]: do_bind: lookup(ldap): ldap simple bind returned 0
Jan 14 14:48:27 beast automount[7908]: lookup_one: lookup(ldap): searching for "(&(objectclass=automount)(|(cn=USER02)(cn=/)(cn=\2A)))" under "ou=auto.u,dc=domain,dc=com"
Jan 14 14:48:27 beast automount[7908]: lookup_one: lookup(ldap): getting first entry for cn="USER02"
Jan 14 14:48:27 beast automount[7908]: lookup_one: lookup(ldap): examining first entry
Jan 14 14:48:27 beast last message repeated 31 times
Jan 14 14:48:27 beast automount[7908]: lookup_mount: lookup(ldap): USER02 -> -rw,soft,intr file-server-ct:/local/home/NOTUSER02
Jan 14 14:48:27 beast automount[7908]: parse_mount: parse(sun): expanded entry: -rw,soft,intr file-server-ct:/local/home/NOTUSER02
Jan 14 14:48:27 beast automount[7908]: parse_mount: parse(sun): gathered options: rw,soft,intr
Jan 14 14:48:27 beast automount[7908]: parse_mount: parse(sun): dequote("file-server-ct:/local/home/NOTUSER02") -> file-server-ct:/local/home/NOTUSER02
Jan 14 14:48:27 beast automount[7908]: parse_mount: parse(sun): core of entry: options=rw,soft,intr, loc=file-server-ct:/local/home/NOTUSER02
Jan 14 14:48:27 beast automount[7908]: sun_mount: parse(sun): mounting root /u, mountpoint USER02, what file-server-ct:/local/home/NOTUSER02, fstype nfs, options rw,soft,intr
Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): root=/u name=USER02 what=file-server-ct:/local/home/NOTUSER02, fstype=nfs, options=rw,soft,intr
Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): nfs options="rw,soft,intr", nosymlink=0, ro=0
Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): calling mkdir_path /u/USER02
Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): calling mount -t nfs -s -o rw,soft,intr file-server-ct:/local/home/NOTUSER02 /u/USER02
Jan 14 14:48:27 beast automount[7908]: mount_mount: mount(nfs): mounted file-server-ct:/local/home/NOTUSER02 on /u/USER02
Jan 14 14:48:27 beast automount[7908]: ioctl_send_ready: token = 24760
Jan 14 14:48:27 beast automount[7908]: mounted /u/USER02
Comment 16 dquiles86 2011-01-18 13:09:46 EST
Hey,
   Any thoughts on the above issue? Thanks again for your help on this.

Dan
Comment 17 Ian Kent 2011-01-19 01:23:00 EST
(In reply to comment #16)
> Hey,
>    Any thoughts on the above issue? Thanks again for your help on this.

Maybe the constructed query is not correct.
Can you post another ldapsearch for USER02 which includes
-b "ou=auto.u,dc=domain,dc=com" and see what we get.

Also, post the result of another search with 
"(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))"
as the filter and see what we get.
Comment 18 dquiles86 2011-01-19 10:54:30 EST
> Maybe the constructed query is not correct.
> Can you post another ldapsearch for USER02 which includes
> -b "ou=auto.u,dc=domain,dc=com" and see what we get.

[root@beast ~]# ldapsearch -x -b 'ou=auto.u,dc=domain,dc=com' '(cn=USER02)'
# extended LDIF
#
# LDAPv3
# base <ou=auto.u,dc=domain,dc=com> with scope subtree
# filter: (cn=USER02)
# requesting: ALL
#

# USER02, auto.u, domain.com
dn: cn=USER02,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server-ct:/local/home/USER02
objectClass: automount
cn: USER02

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


> Also, post the result of another search with 
> "(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))"
> as the filter and see what we get.

[root@beast ~]# ldapsearch -x -b 'ou=auto.u,dc=domain,dc=com' '(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))'
# extended LDIF
#
# LDAPv3
# base <ou=auto.u,dc=domain,dc=com> with scope subtree
# filter: (&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))
# requesting: ALL
#

# NOTUSER02, auto.u, domain.com
dn: cn=NOTUSER02,ou=auto.u,dc=domain,dc=com
objectClass: automount
cn: NOTUSER02
cn: *
automountInformation: -rw,soft,intr file-server-ct:/local/home/NOTUSER02

# SOMEOTHERUSER1, auto.u, domain.com
dn: cn=SOMEOTHERUSER1,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server-ct:/local/home/SOMEOTHERUSER1
objectClass: automount
cn: SOMEOTHERUSER1
cn: *

# SOMEOTHERUSER2, auto.u, domain.com
dn: cn=SOMEOTHERUSER2,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server-ct:/local/home/SOMEOTHERUSER2
objectClass: automount
cn: SOMEOTHERUSER2
cn: *

# USER02, auto.u, domain.com
dn: cn=USER02,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server-ct:/local/home/USER02
objectClass: automount
cn: USER02

# SOMEOTHERUSER3, auto.u, domain.com
dn: cn=SOMEOTHERUSER3,ou=auto.u,dc=domain,dc=com
automountInformation: -rw,soft,intr             file-server-ct:/local/home/SOMEOTHERUSER3
objectClass: automount
cn: SOMEOTHERUSER3
cn: *

snip ...

# search result
search: 2
result: 0 Success

# numResponses: 33
# numEntries: 32
Comment 19 Ian Kent 2011-01-20 01:16:39 EST
(In reply to comment #18)
> > Maybe the constructed query is not correct.
> > Can you post another ldapsearch for USER02 which includes
> > -b "ou=auto.u,dc=domain,dc=com" and see what we get.
> 
> [root@beast ~]# ldapsearch -x -b 'ou=auto.u,dc=domain,dc=com' '(cn=USER02)'
> # extended LDIF
> #
> # LDAPv3
> # base <ou=auto.u,dc=domain,dc=com> with scope subtree
> # filter: (cn=USER02)
> # requesting: ALL
> #
> 
> # USER02, auto.u, domain.com
> dn: cn=USER02,ou=auto.u,dc=domain,dc=com
> automountInformation: -rw,soft,intr            
> file-server-ct:/local/home/USER02
> objectClass: automount
> cn: USER02
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> 
> 
> > Also, post the result of another search with 
> > "(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))"
> > as the filter and see what we get.
> 
> [root@beast ~]# ldapsearch -x -b 'ou=auto.u,dc=domain,dc=com'
> '(&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))'
> # extended LDIF
> #
> # LDAPv3
> # base <ou=auto.u,dc=domain,dc=com> with scope subtree
> # filter: (&(objectclass=automount)(|(cn=USER02)(|(cn=/)(cn=\2A))))
> # requesting: ALL
> #
> 
> # NOTUSER02, auto.u, domain.com
> dn: cn=NOTUSER02,ou=auto.u,dc=domain,dc=com
> objectClass: automount
> cn: NOTUSER02
> cn: *

Why is the wildcard listed here?
Is it really included in the entry?

If it is then the entry will match any key passed.

Note You need to log in before you can comment on or make changes to this bug.