autofs_ldap_auth.conf - Linux

Overview

autofs_ldap_auth.conf is a configuration file for the autofs_ldap_auth module, used for LDAP authentication in autofs file systems. It provides secure and centralized authentication for NFS shares mounted via autofs.

Syntax

/etc/autofs_ldap_auth.conf

Options/Flags

  • ldapuri: LDAP server URI (required)
  • basedn: LDAP search base DN (required)
  • serverroot: Mount point for LDAP server (required)
  • uids: UID ranges to be used for LDAP mappings (optional)
  • gids: GID ranges to be used for LDAP mappings (optional)
  • usermap: LDAP attribute used for user authentication (defaults to "uid")
  • groupmap: LDAP attribute used for group authentication (defaults to "gidNumber")
  • timeout: LDAP search timeout in seconds (defaults to 5)
  • ldapcacert: Path to LDAP CA certificate (defaults to "/etc/ssl/certs/ca-certificates.crt")
  • ldapcert: Path to LDAP client certificate (defaults to "/etc/ssl/private/autofs-ldap-auth.pem")
  • ldapkey: Path to LDAP client key (defaults to "/etc/ssl/private/autofs-ldap-auth.key")
  • ldapsec: SSL/TLS security mechanism used (defaults to "start_tls")

Examples

Simple Configuration

Mount NFS shares from the LDAP server using the user and group mappings provided by the LDAP attributes:

ldapuri = ldap://ldap.example.com
basedn = dc=example,dc=com
serverroot = /autofs/ldap
uids = 10000-65535
gids = 10000-65535

Complex Configuration

Configure LDAP authentication with custom search attributes and SSL security:

usermap = sAMAccountName
groupmap = cn
ldapsec = ldaps
ldapcacert = /path/to/ldap-ca.crt
ldapcert = /path/to/autofs-ldap-auth.pem
ldapkey = /path/to/autofs-ldap-auth.key
timeout = 10

Common Issues

  • LDAP Authentication Failure: Ensure proper credentials and connectivity to the LDAP server. Verify that LDAP settings in the configuration file are correct.
  • UID/GID Conflicts: Avoid overlapping UID or GID ranges. Ensure they do not conflict with existing local user and group IDs.
  • Mount Failure: Confirm that the NFS server is accessible and the share is properly exported. Check file permissions and firewall rules.

Integration

  • Use autofs_ldap_auth.conf with the autofs service to mount remote LDAP-authenticated file systems.
  • Integrate with LDAP server for secure user authentication and group management.
  • Combine with NFS to provide file sharing with LDAP authentication.

Related Commands

  • autofs
  • ldapsearch
  • autofs_ldap_mount