Features/SSSDAutoFSSupport

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
Line 9: Line 9:
  
 
== Summary ==
 
== Summary ==
 +
Integrate SSSD and autofs for looking up automounter data stored in cetralized remote directories such as LDAP.
 
<!-- A sentence or two summarizing what this feature is and what it will do.  This information is used for the overall feature summary page for each release. -->
 
<!-- A sentence or two summarizing what this feature is and what it will do.  This information is used for the overall feature summary page for each release. -->
  
 
== Owner ==
 
== Owner ==
 
<!--This should link to your home wiki page so we know who you are-->
 
<!--This should link to your home wiki page so we know who you are-->
* Name: [[User:FASAcountName| Your Name]]
+
* Name: [[User:jhrozek| Jakub Hrozek]]
  
 
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or  technical issues need to be resolved-->
 
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or  technical issues need to be resolved-->
* Email: <your email address so we can contact you, invite you to meetings, etc.>
+
* Email: <jhrozek@redhat.com>
  
 
== Current status ==
 
== Current status ==
* Targeted release: [[Releases/<number> | Fedora <number> ]]  
+
* Targeted release: [[Releases/17 | Fedora 17 ]]  
* Last updated: (DATE)
+
* Last updated: 2011-12-13
* Percentage of completion: XX%
+
* Percentage of completion: 10% (Design done and signed-off by both parties. Needs implementation, review and testing)
  
 
<!-- CHANGE THE "FedoraVersion" TEMPLATES ABOVE TO PLAIN NUMBERS WHEN YOU COMPLETE YOUR PAGE. -->
 
<!-- CHANGE THE "FedoraVersion" TEMPLATES ABOVE TO PLAIN NUMBERS WHEN YOU COMPLETE YOUR PAGE. -->
  
 
== Detailed Description ==
 
== Detailed Description ==
 +
Autofs is able to look up maps stored in LDAP. However, autofs does all the lookups on its own. Even though autofs uses the nsswitch.conf configuration file, there is no glibc interface such as those for retreiving users and groups and by extension no nscd caching.
 +
 +
The goal of this feature is to integrate autofs and SSSD in a more centralized manner to be able to leverage all the benefits SSSD brings over performing the lookups in autofs directly (see below for more details).
 +
 
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
 
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
 +
The benefits of the integration are:
 +
 +
* unified configuration of LDAP servers, timeout parameters, DNS SRV lookups in one place (sssd.conf)
 +
* only one connection to the LDAP server open resulting in less load on the LDAP server
 +
* caching of the data - again, less load on the LDAP server
 +
* offline access - even though if the client cannot connect to the LDAP server chances are that the NFS server is unreachable as well
 +
* back end abstraction - data may be stored in NIS or other databases and accessed by the automounter transparently
 +
 
<!-- What is the benefit to the platform?  If this is a major capability update, what has changed?  If this is a new feature, what capabilities does it bring? Why will Fedora become a better distribution or project because of this feature?-->
 
<!-- What is the benefit to the platform?  If this is a major capability update, what has changed?  If this is a new feature, what capabilities does it bring? Why will Fedora become a better distribution or project because of this feature?-->
  
 
== Scope ==
 
== Scope ==
 +
This feature needs work on both the SSSD side and autofs side. A very detailed design documents is available on the [[https://fedorahosted.org/sssd/wiki/DesignDocs/AutofsIntegration SSSD wiki]]
 +
 +
The autofs developers need to create a new autofs lookup module that would be specific to SSSD. A lookup module is implemented for each information source and provides access to the infromation source - there is a module for plain files, a module for LDAP etc. The lookup module that would load the libnss_sss library and use the provided API to fetch data from SSSD transparently.
 +
 +
SSSD developers need to provide the API in the libnss_sss library and corresponding code for actually downloading and storing the data on the back end side of SSSD.
 +
 
<!-- What work do the developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
 
<!-- What work do the developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
  

Revision as of 21:23, 13 December 2011


Contents

Feature Name

SSSD AutoFS Integration

Summary

Integrate SSSD and autofs for looking up automounter data stored in cetralized remote directories such as LDAP.

Owner

  • Email: <jhrozek@redhat.com>

Current status

  • Targeted release: Fedora 17
  • Last updated: 2011-12-13
  • Percentage of completion: 10% (Design done and signed-off by both parties. Needs implementation, review and testing)


Detailed Description

Autofs is able to look up maps stored in LDAP. However, autofs does all the lookups on its own. Even though autofs uses the nsswitch.conf configuration file, there is no glibc interface such as those for retreiving users and groups and by extension no nscd caching.

The goal of this feature is to integrate autofs and SSSD in a more centralized manner to be able to leverage all the benefits SSSD brings over performing the lookups in autofs directly (see below for more details).


Benefit to Fedora

The benefits of the integration are:

  • unified configuration of LDAP servers, timeout parameters, DNS SRV lookups in one place (sssd.conf)
  • only one connection to the LDAP server open resulting in less load on the LDAP server
  • caching of the data - again, less load on the LDAP server
  • offline access - even though if the client cannot connect to the LDAP server chances are that the NFS server is unreachable as well
  • back end abstraction - data may be stored in NIS or other databases and accessed by the automounter transparently


Scope

This feature needs work on both the SSSD side and autofs side. A very detailed design documents is available on the [SSSD wiki]

The autofs developers need to create a new autofs lookup module that would be specific to SSSD. A lookup module is implemented for each information source and provides access to the infromation source - there is a module for plain files, a module for LDAP etc. The lookup module that would load the libnss_sss library and use the provided API to fetch data from SSSD transparently.

SSSD developers need to provide the API in the libnss_sss library and corresponding code for actually downloading and storing the data on the back end side of SSSD.


How To Test

User Experience

Dependencies

Contingency Plan

Documentation

Release Notes

Comments and Discussion