SSSD AutoFS Integration
Integrate SSSD and autofs for looking up automounter data stored in cetralized remote directories such as LDAP.
- Name: Jakub Hrozek
- Email: <email@example.com>
- Targeted release: Fedora 17
- Last updated: 2011-12-13
- Percentage of completion: 10% (Design done and signed-off by both parties. Needs implementation, review and testing)
Autofs is able to look up maps stored in LDAP. However, autofs does all the lookups on its own. Even though autofs uses the nsswitch.conf configuration file, there is no glibc interface such as those for retreiving users and groups and by extension no nscd caching.
The goal of this feature is to integrate autofs and SSSD in a more centralized manner to be able to leverage all the benefits SSSD brings over performing the lookups in autofs directly (see below for more details).
Benefit to Fedora
The benefits of the integration are:
- unified configuration of LDAP servers, timeout parameters, DNS SRV lookups in one place (sssd.conf)
- only one connection to the LDAP server open resulting in less load on the LDAP server
- caching of the data - again, less load on the LDAP server
- offline access - even though if the client cannot connect to the LDAP server chances are that the NFS server is unreachable as well
- back end abstraction - data may be stored in NIS or other databases and accessed by the automounter transparently
This feature needs work on both the SSSD side and autofs side. A very detailed design documents is available on the [SSSD wiki]
The autofs developers need to create a new autofs lookup module that would be specific to SSSD. A lookup module is implemented for each information source and provides access to the infromation source - there is a module for plain files, a module for LDAP etc. The lookup module that would load the libnss_sss library and use the provided API to fetch data from SSSD transparently.
SSSD developers need to provide the API in the libnss_sss library and corresponding code for actually downloading and storing the data on the back end side of SSSD.