OpenDirectory and Automounter

  • So .. I have been battling Opendirectory for some time now .. and finally have some notes that i wanna commit.

General Automounting

There is a bit of documentation on the net about this here .. that discusses the use of LDAP to do automounting. This document talks about how you can create entries in the LDAP database, using something like Apache Directory Studio or even Workgroup Administrator ( which you can get from Apple’s site .. it’s in the Admin Tools download which is freely available ). The section on “Maps in Directory Services” is fairly invaluable.. And it’s gonna help me make a template for ADS and for OSS unixes so that they can ‘bind’ to OD ( or LDAP ) .. but I digress.

This is all well and good .. but doesn’t really talk about the ‘cn=mounts,dc=yourco,dc=com’ entry being created by Server Admin. I wanted to expound on this a bit.

cn=mounts

When a ‘share point’ is created using Server Admin, and you select ‘Enable Automount’ .. a corresponding (somewhat) entry is made in the LDAP database for your clients to be able to auto-magically mount things. These entries have the following syntax:

  • objectClass – There should be 2 entries in there …
    • objectClass: mount (structural)
    • objectclass: top (abstract)
  • cn – this is the common name of the mount, and should be the actual sharepoint (vs the mountpoint) in the host that’s sharing the data. So for example:
    • if you’re exposing /Users ( off the root ).. it will look like
      cn: server.yourco.com:/Users
    • if you’re exposing /Volumes/Raid-Drive/Users ( we’ll revisit this one soon … ).. it will look like
      cn: server.yourco.com:/Volumes/Raid-Drive/Users
  • mountOption: net – so I wanted to address this one. This value is created if you select ‘Use for: User home folders and group folders” in the Sharing -> Share Point -> Enable Automount -> Edit box. This changes the behavior of mountDirectory. If this is enabled, this exposes the mount using a ‘fully qualified path’ that begins with /Network/Servers, adds the FQDN, and then ends with the cn So for example:
    • If you exposed /Volumes/Raid-Drive/Users .. and you enabled mountOption:net ,the system will try to mount this at /Network/Servers/server.yourco.com/Volumes/Raid-Drive/Users.
    • If you exposed /Volumes/Raid-Drive/Users and you did not enable mountOption: net , the system will try to mount this at mountDirectory
  • mountOption: url==afp://AUTH=NO%20USER%20AUTHENT@server.yourco.com/Users – This actual defines the mount .. much like NFS. There is a *very* interesting parts to this.
    • AUTH=NO%20USER%20AUTHENT This part defines that to see the mountpoint using the finder.. you *MUST* have “Guest Access Enabled” for AFP in the Server Admin -> AFP -> Settings -> Access screen. Don’t worry .. this doesn’t let anyone mount it unless you enable guest access per mount. I am experimenting disabling this so that only authenticated users can see it.. more to come.
    • afp .. you can also use smb and nfs for this option.. tho the mount options may change with them. I’ll try to document these later.
    • If you exposed /Volumes/Raid-Drive/Users and you did not enable mountOption: net , the system will try to mount this at mountDirectory
  • mountDirectory – this is where on the client we’ll be mounting things. Be careful with this one not to squash existing mounts .. automountd will happily overmount /Users on your clients if you put that here. So for example you might have:
    • > if you wanna mount that /Users/directory .. you might mount it:
      cn: server.yourco.com:/Network/Users
    • if you’ve got mountOption: net exposing /Volumes/Raid-Drive/Users ( we’ll revisit this one soon … ).. it will look like
      cn: server.yourco.com:/Volumes/Raid-Drive/Users

I will add more to this as I expand knowledge.

This entry was posted in OSX. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.