The search base parameter for autofs was intented to be set for each domain separately, but it fails to do so. The value of the first occurence of the parameter somehow is set for all domain sections.
I'm posting example configuration below. There are 2 domains, and in this case the ldap_autofs_search_base parameter of the "skp.fids" domain overrides the rest of the occurencies. If you just switch the precedence in the domain defintions "fids, skp.fids", then the oposite is valid.
I have used subdomain in the example and it might be confusing, but nevertheles, I did bunch of tests including completely different domains with same results. In a contrary the sudo_search_base is working just fine.
I tried including scope as well, but it didnt help. I was tracking the ldap request on the ldap server side when autofs service is restarted. It always searches for one record, there is no additional request for the other domain (I'm posting the logs too)
Hi,
The search base parameter for autofs was intented to be set for each domain separately, but it fails to do so. The value of the first occurence of the parameter somehow is set for all domain sections.
I'm posting example configuration below. There are 2 domains, and in this case the ldap_autofs_ search_ base parameter of the "skp.fids" domain overrides the rest of the occurencies. If you just switch the precedence in the domain defintions "fids, skp.fids", then the oposite is valid.
I have used subdomain in the example and it might be confusing, but nevertheles, I did bunch of tests including completely different domains with same results. In a contrary the sudo_search_base is working just fine.
I tried including scope as well, but it didnt help. I was tracking the ldap request on the ldap server side when autofs service is restarted. It always searches for one record, there is no additional request for the other domain (I'm posting the logs too)
CONFIGURATION
[sssd] retries = 3
config_file_version = 2
reconnection_
sbus_timeout = 30
services = nss, pam, sudo, autofs
domains = skp.fids, fids
[nss] retries = 3
filter_groups = root
filter_users = root
reconnection_
[pam] retries = 3
reconnection_
[autofs]
[domain/skp.fids]
; Using enumerate = true leads to high load and slow response
enumerate = false
cache_credentials = false
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
autofs_provider = ldap
ldap_uri = ldap:// ldap.skp. fids search_ base = ou=sudoers, dc=skp, dc=fids search_ base = ou=automount, ou=admin, dc=skp, dc=fids
ldap_search_base = dc=skp,dc=fids
ldap_sudo_
ldap_autofs_
ldap_tls_reqcert = never
krb5_kdcip = kerberos.skp.fids principle = kadmin/changepw lifetime = 5d
krb5_realm = SKP.FIDS
krb5_changepw_
krb5_auth_timeout = 15
krb5_renewable_
[domain/fids]
; Using enumerate = true leads to high load and slow response
enumerate = false
cache_credentials = false
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
autofs_provider = ldap
ldap_uri = ldap:// ldap.skp. fids
ldap_search_base = dc=fids
ldap_uri = ldap:// ldap.skp. fids search_ base = ou=sudoers,dc=fids search_ base = ou=automount, ou=admin, dc=fids
ldap_search_base = dc=fids
ldap_sudo_
ldap_autofs_
ldap_tls_reqcert = never
krb5_kdcip = kerberos.skp.fids principle = kadmin/changepw lifetime = 5d
krb5_realm = FIDS
krb5_changepw_
krb5_auth_timeout = 15
krb5_renewable_
LOGS (this is the only request in the logs)
... automount, ou=admin, dc=fids" scope=2 deref=0 filter= "(&(ou= auto.master) (objectClass= automountMap) )" 168.91. 101:36298 (IP=0.0.0.0:389) auto.master, ou=automount, ou=admin, dc=fids" scope=2 deref=0 filter= "(&(cn= *)(objectClass= automount) )" ation automount, ou=admin, dc=fids" scope=2 deref=0 filter= "(&(ou= auto.home) (objectClass= automountMap) )" auto.home, ou=automount, ou=admin, dc=fids" scope=2 deref=0 filter= "(&(cn= *)(objectClass= automount) )" ation sudoers, dc=fids" scope=2 deref=0
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=1 SRCH base="ou=
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=1 SRCH attr=objectClass ou
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 22 12:15:41 vav slapd[1294]: conn=1077 fd=25 ACCEPT from IP=192.
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=2 SRCH base="ou=
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=2 SRCH attr=objectClass cn automountInform
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=3 SRCH base="ou=
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=3 SRCH attr=objectClass ou
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=4 SRCH base="ou=
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=4 SRCH attr=objectClass cn automountInform
Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 22 12:15:49 vav slapd[1294]: conn=1077 op=5 SRCH base="ou=
...