There has been a lot of confusion around this issue (mostly on my
part). I think one of the problems is that rfc2307 support from OS
vendors is now deprecated in favor of rfc2307bis
http://www.ietf.org/internet-drafts/draft-howard-rfc2307bis-01.txt,
which is still in Internet Draft phase (and is due to expire very
quickly). A new draft is being worked on with the goal of generating a
new RFC. The bis draft has one problem with it, in that it requires the
use of the authPassword attribute (defined in RFC 3112
http://www.ietf.org/rfc/rfc3112.txt). FDS does not support this (and
neither does OpenLDAP AFAICT). I have attached a file called
10rfc2307bis.ldif. This is the schema from the 2307bis I-D in FDS
schema format.
The preferred way to map the automount information is to use the
automount attributes and objectclasses in the RFC 2307bis draft schema.
The problem is that I don't know all of the vendor support. So far I've
been unable to find out what RHEL3 and RHEL4 support. I've been told
that Solaris has support for the bis schema.
If you like, you can replace the 10rfc2307.ldif schema supplied with FDS
with the attached file, and see what happens.
Vsevolod (Simon) Ilyushchenko wrote:
Hi,
I've just ran into the issue described here:
http://www.ldapguru.org/modules/newbb/viewtopic.php?viewmode=flat&top...
The problem is that both Fedora and Solaris would like to use object
class named "automount" for automount entries, but they define it
differently. The solution suggested above is to modify the relevant
object classes so that they contain the superset of the attributes for
both platforms.
You (Rich) and others say that there should be a transition to
nisObject/nisMap structure, but I still don't know where Fedora stands
in this regard.
Thanks,
Simon
Rich Megginson wrote on 07/13/2005 03:51 PM:
>> OK, I'll reconfigure my entries. Does Fedora automounter understand
>> the netgroups structure?
>
>
>
> I'm trying to find out some information about this.
dn: cn=schema
attributetypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'An integer uniquely
identifying a user in an administrative domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'An integer uniquely
identifying a group in an administrative domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the
common name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute path
to the home directory' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the
login shell' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 )
attributetypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 )
attributetypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup
triple' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service port
number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Service
protocol name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP protocol
number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC
number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 addresses as
a dotted decimal omitting leading zeros or IPv6 addresses as defined in RFC2373'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network
omitting leading zeros, eg. 192.168' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
)
attributetypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask
omitting leading zeros, eg. 255.255.255.0' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address in
maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd
parameter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a generic
NIS map' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
attributetypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic NIS
entry' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS public
key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secret
key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map
Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key
value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automount
information' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY DESC
'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidNumber $
gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) )
objectclasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY DESC
'Additional attributes for shadow passwords' MUST uid MAY ( userPassword $
description $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag ) )
objectclasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY DESC
'Abstraction of a group of accounts' MUST gidNumber MAY ( userPassword $ memberUid
$ description ) )
objectclasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL DESC
'Abstraction an Internet Protocol service. Maps an IP port and protocol (such as tcp
or udp) to one or more names; the distinguished value of the cn attribute denotes the
service's canonical name' MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY
description )
objectclasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL DESC
'Abstraction of an IP protocol. Maps a protocol number to one or more names. The
distinguished value of the cn attribute denotes the protocol canonical name' MUST ( cn
$ ipProtocolNumber ) MAY description )
objectclasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL DESC
'Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call (RPC)
binding. This class maps an ONC RPC number to a name. The distinguished value of the cn
attribute denotes the RPC service canonical name' MUST ( cn $ oncRpcNumber ) MAY
description )
objectclasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY DESC
'Abstraction of a host, an IP device. The distinguished value of the cn attribute
denotes the host's canonical name. Device SHOULD be used as a structural class'
MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $ description $ manager ) )
objectclasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL DESC
'Abstraction of a network. The distinguished value of the cn attribute denotes the
network canonical name' MUST ipNetworkNumber MAY ( cn $ ipNetmaskNumber $ l $
description $ manager ) )
objectclasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL DESC
'Abstraction of a netgroup. May refer to other netgroups' MUST cn MAY (
nisNetgroupTriple $ memberNisNetgroup $ description ) )
objectclasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL DESC 'A
generic abstraction of a NIS map' MUST nisMapName MAY description )
objectclasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL DESC 'An
entry in a NIS map' MUST ( cn $ nisMapEntry $ nisMapName ) MAY description )
objectclasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY DESC
'A device with a MAC address; device SHOULD be used as a structural class' MAY
macAddress )
objectclasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY DESC
'A device with boot parameters; device SHOULD be used as a structural class' MAY (
bootFile $ bootParameter ) )
objectclasses: ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY DESC
'An object with a public and secret key' MUST ( cn $ nisPublicKey $ nisSecretKey )
MAY ( uidNumber $ description ) )
objectclasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY DESC
'Associates a NIS domain with a naming context' MUST nisDomain )
objectclasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL MUST (
automountMapName ) MAY description )
objectclasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL DESC
'Automount information' MUST ( automountKey $ automountInformation ) MAY
description )