This article is one part in a multi-part series about how to have centralized logins and home directories with Mac OS 10.6 using an Ubuntu 9.10 server, LDAP & Automounter. You can find the parent article here.
Important Note: Unless stated otherwise, all the commands in this procedure should be run as root. To become root from a typical admin user, just type sudo su and enter your password. You can also just stay the regular user and put the word sudo in front of every command. I’m using to a root prompt and that drives me crazy, so I just su to root.
It turns out that along with slapd.d instead of slapd.conf and ldif files instead of schema files, the latest version of slapd also has a completely different schema structure for automount information. If you try to use the old syntax (dn: ou=auto.master,ou=Automount,dc=edu,dc=example,dc=org) ldapadd complains that this syntax is no longer supported and to use the new automountKey syntax. Alright… Where is THAT documented? I scoured the web and found nothing, not even on the LDAP documentation site. I got so desparate I started reading the RFC — and it didn’t help! Then I stumbled up this web page. It seemed to know what it was talking about, but I was still confused. I sent out a tweet that I was still confused with LDAP. Can you believe that Rajeev Karamchedu (the author of the aforementioned web page) started following me on Twitter only a few hours earlier! (He had seen me speak before, saw me on one of the people he follows on Twitter and just started to follow me. An hour or so later I’m tweeting about LDAP problems. He reached out. Not only did he help me debug my problem, he actually did a video skype session with me during which he turned his laptop around and did a whiteboard lecture on why what he did worked! SERIOUS KUDOS TO RAJEEV KARAMCHEDU FOR THE FINAL PIECE TO THIS PUZZLE!
You need to create the LDAP equivalents to /etc/auto_master and /etc/auto_home.
1. First, make sure the Mac client is configured to look in LDAP for its automount information. Make sure that the only uncommented line in the /etc/auto_master file on the Mac is the following:
+auto_master
This tells it to look in LDAP for any automounter information it needs.
2. Decide what directory will be mounted under /home
For example, in my configuration, nfsserver:/biglun/smbhome/curtis will be mounted whenever anyone asks for /home/curtis on a Mac client.
3. Create the file /tmp/auto.ldif and put the following into it, substituting the appropriate values in the last line:
| dn: automountMapName=auto_master,dc=home,dc=com objectClass: top objectClass: automountMap automountMapName: auto_master dn: automountKey=/home,automountMapName=auto_master,dc=home,dc=com dn: automountMapName=auto_home,dc=home,dc=com dn: automountKey=*,automountMapName=auto_home,dc=home,dc=com |
You can test automounter without using an LDAP login. First, after you’ve made this configuration, you need to reboot the Mac. (You can also just type automount -vc, but I saw that not work for me once or twice, so I just say reboot.) Login and cd to /home/valid-directory. It should mount that directory automatically for you. If that doesn’t work, then something is wrong.
Now that you have the automounter information in LDAP, the final step is to create a test user so you can test the setup.
Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at Sullivan Strickler, which helps companies manage their legacy data
Awesome article Curtis. One question for you though about this step, is this file (auto.ldif) created on the mac or ubuntu? And if its on the mac end and if its in /tmp, it will be erased upon rebooting the mac, so I’m not sure where it goes… Other than that, everything is working fine.
Agree with Sky – awesome article. I’ve been trying for years to get my linux server to server home directories and logins for ages. I sort of had it working, but gave up. Then tried to used LDAP – which I have to say is the most complicated thing in the world, and I started with another page, but came across yours when I tried to integrate with OS X. Apple seem to have gone very microsofty with the control panel -> accounts -> 24 more nested levels….
Also, 100% agree with all those outdated articles on the web about LDAP. Very frustrating, leading to hours of wasted time.
@Sky — the last step was an ldapadd for the auto.ldif file you have created on the server side linux box
One last point — I couldn’t get the Mac to auto-mount the home directories so I changed the last line to
automountInformation: -fstype=nfs,rw,hard,intr,nodev,exec,nosuid,rsize=8192,wsize=8192 yourserver:/home/&
and that worked for me.