Just a general question. Now the autofs module has gone
from Yast I was wondering if you have automounts in LDAP
how do people actually do it now ?
We wrote our own python thing that combines creating users
and automounts in LDAP but it was a bit of a pain.
Just curious - we can’t be the only people in the world using
LDAP for user accounts and automap
Ta
Mal
Oops! I never noticed that there was an “autofs” module in Yast. I just used “autofs”.
I edited “/etc/auto.master” and any files that referred to. Then I used the service manager to enable and start “autofs” and “rpcbind”.
Okay, I’m not using LDAP. But I think that’s automatic if “/etc/nsswitch.conf” is suitably configured.
Oops! I never noticed that there was an “autofs” module in Yast. I just used “autofs”.
Same here.
@interele: Are there any particular aspects that this module did for automounting with LDAP which are missed, or harder without it? (I’m not sure what it did that might have made configuration easier.)
Yes, using local files are OK but if you have a central LDAP server
for all the machines/users/automount/etc there is now no nice way to
add automount entries We have kept an old Suse 11 box running as our
LDAP server as that still has it but it’s getting a bit ratty now. The only
way apart from my ‘wonderful’ python program ( it works, but a decent
programmer would probably cry if they looked at it - if python had ‘goto’
I would have probably used it ) is to build a ldif file and use ldapadd
which is incredibly user unfriendly.
I asked about this when it was dropped - when Yast was redeveloped
some time ago - and I was told they didn’t have the resources to port it.
Which I suppose is fair enough but it is rather like Microsoft saying
‘Well we’ve stopped supporting shared drives’.
This is one of my personal gripes. How are we going to get Linux/openSuse
into schools ( as we are ) or small to medium businesses if you don’t
have a gui/user friendly way to add home directories. You can’t really
put the auto.master and auto.home files on hundreds of machines particularly
if you have people coming and going all the time.
Well, that’s my moan for Friday
Best wishes
Mal
After some searching, found it, with YaST information: openSUSE Security Guide -->> Authentication: <https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.ldap.html>.
Which doesn’t really help with your auto-mount issue but, at least the user management is explained there.
For remote simultaneous system administration, take a look at the “Salt” package: <https://software.opensuse.org/package/salt>.
There was a feature announcement for Leap 42.3: <https://en.opensuse.org/Features_42.3#AutoYaST>:
But the new jewel of the AutoYaST crown is its brand new integration with SaltStack and other configuration management systems introduced by the new addition to the Leap family: the yast2-configuration-manager package. Now AutoYaST can take care of the system installation (partitioning, network setup, etc.) and then delegate the system configuration to one of those widely used external tools.
<https://github.com/yast/yast-configuration-management> – possibly part of AutoYaST2: <https://software.opensuse.org/package/autoyast2>.
By the way, these days it’s “openLDAP” and, there’s this bit of SUSE (not ‘open’) information: <https://www.netiq.com/communities/cool-solutions/suse-linux-point-service-ldap-management-dummies/>.
[HR][/HR]I was beginning to think that, “Kolab” <https://kolab.org/> would be the only way to go but, that may well be an overkill.
And, you’re correct (no longer politically correct to say “right” ;)), it is difficult to find “cheap” LDAP administration tools – the tools in the market-place are mostly bound to the commercial Linux distributions, such as “SUSE”.
Maybe someone in the SUSE sponsored openSUSE admin world, could be asked to provide information on how the openSUSE user environment is managed; I only know that, the introduction of SDDM caused more than a little bit of trouble with the login screens having to deal with the amount of users in the openSUSE office and network.
Thanks for clarifying further. I gleamed a bit of this tedious process from reading this Ubuntu AutofsLDAP guide and this ancient Novell coolsolutions guide. The ldif creation/editing is indeed tedious, and it would be good to have a minimal GUI utility to help with this for large-scale use.
Well, that’s my moan for Friday
Best wishes
Mal
Perfectly valid IMHO. 
I wonder if FusionDirectory (open source project for LDAP administration with web interface) might be helpful here?
https://www.fusiondirectory.org/
It has a quick demo to let one get a feel for it. I had a quick look with respect adding/editing users with their online demo, but I don’t know nearly enough to evaluate properly.
openSUSE packages available:
https://software.opensuse.org/package/fusiondirectory
FusionDirectory is a combination of system-administrator and end-user web interface, designed to handle LDAP based setups. Provided is access to posix, shadow, samba, proxy, and Kerberos accounts. It is able to manage the Postfix/Cyrus server combination and can write user adapted sieve scripts.
Now that does look interesting
Many thanks for digging that out
I will have a go on Monday
Ta
Mal
Very good. I’d be interested in your getting your feedback with this.
Well, it’s interesting. If you were keeping everything including the kitchen sink in LDAP
then it’s probably the tool for you. If you are looking just to replace the missing autofs
module then it’s massive overkill.
Many thanks for finding this as it’s something that I think will be right for a lot of people.
I will however fiddle with my python script and make it less embarrassing as it just makes
users and home directories and nothing else. The next trick will be to automatically make
the home directory on a remote NFS server as the user is made… I have no idea how to
do that currently.
If any one wants my script ( providing they don’t mock my code ) they are welcome to a copy.
Many thanks
Mal
Thanks for the feedback/assessment.
I will however fiddle with my python script and make it less embarrassing as it just makes
users and home directories and nothing else. The next trick will be to automatically make
the home directory on a remote NFS server as the user is made… I have no idea how to
do that currently.
I’m not a sysadmin, and I’m out of my depth with this, however I wonder if the pam_mkhomedir PAM module might be your friend here? From the man page…
DESCRIPTION
The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins. This allows users
to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre-creating a large
number of directories. The skeleton directory (usually /etc/skel/) is used to copy default files and also sets a umask for the
creation.
The new users home directory will not be removed after logout of the user.
This thread may be of interest to you…
https://forums.opensuse.org/showthread.php/513077-Home-for-LDAP-users
If any one wants my script ( providing they don’t mock my code ) they are welcome to a copy.
Many thanks
Mal
If I were you, I’d consider sharing it by way of a new thread in the programming/scripting forum with a view to seeking support from others who may be able to help you improve it and craft it to meet your additional needs perhaps. That’s the creative and collaborative spirit of open source IMO.
That works if you are making the home directories locally. As students
can theoretically ‘hot desk’ 8 or 9 times a day we have to have a central
NFS server. I think I will have to run a script on the NFS server and periodically
check the LDAP for new entries and then create the home directory from that.
I think I will package this all up and call it openSUSE school version 
Best wishes
Mal
Given that, we’re talking about a school room system with thin clients here, I would suggest to not go overboard on security – the students will share everything anyway …
On the NFS server, be liberal with the group privileges and shared directories – use the T-bit on shared directories with discretion and only when really needed.
You’re right, if the students can create login credentials “on the fly” then, a cron job to run your script at least once per day is probably the best way to go.
It would be nice if it could be done at first login rather than manually though. Something that triggers ‘mkhomedir_helper $USER’ on the server when needed perhaps.