[SunHELP] Automount/Solaris8/Iplanet LDAP

Goonie3001 goonie3001 at yahoo.de
Tue Jan 29 12:03:37 CST 2002 

Hey guys,

I have set up several Solaris 8 clients to use an iplanet directory server
5.1 for user authentication which works fine. Then I put the automounter
maps in the ldap directory and changed the nsswitch.conf file accordingly.
The information from the auto_master map is retrieved correctly from the
directory because I can see the configured autofs file systems are added to
the /etc/mnttab file. However If I try to access an automounted mount point
I will get the error message "permission denied". Running the local
automountd in debug mode during accessing the mount point I noticed that it
is querying ldap for some information but did not get right answer (see the
debug output).
I am aware of Solaris Bug ID: 4379906 regarding problems with automounter
and ldap if you use wildcards like * or & in the maps but the appropriate
patch has already been installed and anyhow I do not use any wildcards.

My ldif files of the automounter maps are:

AUTO_MASTER.LDIF:

dn: cn=,nisMapName=auto_master,dc=ish,dc=de
objectClass: nisObject
cn:
nisMapEntry:
nisMapName: auto_master

dn: cn=/testdir2,nisMapName=auto_master,dc=ish,dc=de
objectClass: nisObject
cn: /auto_home
nisMapEntry: auto_home
nisMapName: auto_master

AUTO_HOME.LDIF:

dn: nisMapName=auto_home,dc=ish,dc=de
objectClass: top
objectClass: nisMap
nisMapName: auto_home

dn: cn=thomas,nisMapName=auto_home,dc=ish,dc=de
objectClass: nisObject
cn: thomas
nisMapEntry: -nobrowse solldap:/export/home/thomas
nisMapName: auto_home

---------------------

The debug of the automountd output shows that automountd is searching for a
(cn=a) object and this fails. There is a invisible character prior to the
"a" !?! I saw this viewing this file with different editors.

# automountd -TTTTTv
t6	READDIR REQUEST	: auto_home @ 100001

t6	READDIR REPLY	: status=0
t6	LOOKUP REQUEST: Mon Jan 28 23:52:19 2002
t6	  name=thomas[] map=auto_home opts= path=/testdir2 direct=0
t6	LOOKUP REPLY    : status=0
t6	MOUNT REQUEST:   Mon Jan 28 23:52:19 2002
t6	  name=thomas[] map=auto_home opts= path=/testdir2 direct=0
t6	  PUSH /etc/auto_home
t6	getmapent_ldap called
t6	getmapent_ldap: key=[ thomas ]
t6	ldap_match called
t6	ldap_match: key =[ thomas ]
t6	ldap_match: ldapkey =[ thomas ]
t6	ldap_match: searchfilter =[
(&(objectClass=nisObject)(nisMapName=auto_home)(cn=thomas)) ]
t6	  ldap_match: Requesting list for
(&(objectClass=nisObject)(nisMapName=auto_home)(cn=thomas))
t6	  ldap_match: __ns_ldap_list OK
t6	ldap_match called
t6	ldap_match: key =[ a ]
t6	ldap_match: ldapkey =[ a ]
t6	ldap_match: searchfilter =[
(&(objectClass=nisObject)(nisMapName=auto_home)(cn=a)) ]
t6	  ldap_match: Requesting list for
(&(objectClass=nisObject)(nisMapName=auto_home)(cn=a))
t6	  ldap_match: __ns_ldap_list FAILED (2)
t6	getmapent_ldap: exiting ...

And this is seen on the ldap server. It receives a query for (cn=\02a):

[28/Jan/2002:22:47:24 +0100] conn=371 fd=47 slot=47 connection from
172.16.224.208 to 172.16.224.212
...
[28/Jan/2002:22:47:24 +0100] conn=371 op=2 SRCH
base="nismapname=auto_home,dc=ish,dc=de" scope=1
filter="(&(objectClass=nisObject)(nisMapName=auto_home)(cn=thomas))"
attrs=ALL
[28/Jan/2002:22:47:24 +0100] conn=371 op=2 SORT cn uid (1)
[28/Jan/2002:22:47:24 +0100] conn=371 op=2 VLV 0:999:0:0 1:1 (0)
[28/Jan/2002:22:47:24 +0100] conn=371 op=2 RESULT err=0 tag=101 nentries=1
etime=0 notes=U
[28/Jan/2002:22:47:24 +0100] conn=371 op=3 UNBIND
...
[28/Jan/2002:22:47:24 +0100] conn=372 fd=47 slot=47 connection from
172.16.224.208 to 172.16.224.212
...
[28/Jan/2002:22:47:24 +0100] conn=372 op=2 SRCH
base="nismapname=auto_home,dc=ish,dc=de" scope=1
filter="(&(objectClass=nisObject)(nisMapName=auto_home)(cn=\02a))" attrs=ALL
[28/Jan/2002:22:47:24 +0100] conn=372 op=2 SORT cn uid (0)
[28/Jan/2002:22:47:24 +0100] conn=372 op=2 VLV 0:999:0:0 0:0 (0)
[28/Jan/2002:22:47:24 +0100] conn=372 op=2 RESULT err=0 tag=101 nentries=0
etime=0 notes=U
[28/Jan/2002:22:47:24 +0100] conn=372 op=3 UNBIND

We are trying to get aoutmounter working with ldap for weeks now and
switched from openldap to iplanet because I have read that a lot of users
got it running. Any ideas?

cheers,

Thomas

More information about the SunHELP mailing list