autofs_ldap_auth.conf - Linux
Overview
autofs_ldap_auth.conf is a configuration file for the autofs_ldap_auth module, used for LDAP authentication in autofs file systems. It provides secure and centralized authentication for NFS shares mounted via autofs.
Syntax
/etc/autofs_ldap_auth.conf
Options/Flags
- ldapuri: LDAP server URI (required)
- basedn: LDAP search base DN (required)
- serverroot: Mount point for LDAP server (required)
- uids: UID ranges to be used for LDAP mappings (optional)
- gids: GID ranges to be used for LDAP mappings (optional)
- usermap: LDAP attribute used for user authentication (defaults to "uid")
- groupmap: LDAP attribute used for group authentication (defaults to "gidNumber")
- timeout: LDAP search timeout in seconds (defaults to 5)
- ldapcacert: Path to LDAP CA certificate (defaults to "/etc/ssl/certs/ca-certificates.crt")
- ldapcert: Path to LDAP client certificate (defaults to "/etc/ssl/private/autofs-ldap-auth.pem")
- ldapkey: Path to LDAP client key (defaults to "/etc/ssl/private/autofs-ldap-auth.key")
- ldapsec: SSL/TLS security mechanism used (defaults to "start_tls")
Examples
Simple Configuration
Mount NFS shares from the LDAP server using the user and group mappings provided by the LDAP attributes:
ldapuri = ldap://ldap.example.com
basedn = dc=example,dc=com
serverroot = /autofs/ldap
uids = 10000-65535
gids = 10000-65535
Complex Configuration
Configure LDAP authentication with custom search attributes and SSL security:
usermap = sAMAccountName
groupmap = cn
ldapsec = ldaps
ldapcacert = /path/to/ldap-ca.crt
ldapcert = /path/to/autofs-ldap-auth.pem
ldapkey = /path/to/autofs-ldap-auth.key
timeout = 10
Common Issues
- LDAP Authentication Failure: Ensure proper credentials and connectivity to the LDAP server. Verify that LDAP settings in the configuration file are correct.
- UID/GID Conflicts: Avoid overlapping UID or GID ranges. Ensure they do not conflict with existing local user and group IDs.
- Mount Failure: Confirm that the NFS server is accessible and the share is properly exported. Check file permissions and firewall rules.
Integration
- Use autofs_ldap_auth.conf with the autofs service to mount remote LDAP-authenticated file systems.
- Integrate with LDAP server for secure user authentication and group management.
- Combine with NFS to provide file sharing with LDAP authentication.
Related Commands
- autofs
- ldapsearch
- autofs_ldap_mount