The OS X directory service uses the search path to retrieve owner, group, and automount information. A config looks like this:
$ dscl localhost -read /Search
CSPSearchPath: /Local/Default /BSD/local /LDAPv3/main.ldap.example.com
DHCPLDAPDefault: off
LSPSearchPath: /Local/Default /BSD/local
NSPSearchPath: /Local/Default /BSD/local
ReadOnlyNode: ReadOnly
SearchPath: /Local/Default /BSD/local /LDAPv3/main.ldap.example.com
SearchPolicy: dsAttrTypeStandard:CSPSearchPath
The SearchPolicy tells you which one will be used - in this case the Custom Search Path or CSPSearchPath (LSPSearchPath and NSPSearchPath are read-only), which will look in /Local/Default then /BSD/local then in the LDAP server main.ldap.example.com. This is roughly the equivalent of nsswitch.conf on linux. You can also see the same information in Directory Utility:
"/System/Library/CoreServices/Directory Utility.app/Contents/MacOS/Directory Utility"
This app is used to configure the services that the mac will talk to for authentication (LDAP, NIS, Local, AD etc.), you can access that config on the command line with:
sudo defaults read /Library/Preferences/DirectoryService/DirectoryService
Automounts are kept in /etc/auto_master and you can get it to look in LDAP for the mounting info by adding '+auto_master' to the config. It will look for an automount map (see /etc/autofs.conf for more configuration options):
dn: ou=auto.master,ou=automount,ou=admin,dc=example,dc=com
ou: auto.master
objectClass: top
objectClass: automountMap
And shares identified by cn:
dn: cn=/home,ou=auto.master,ou=automount,ou=admin,dc=example,dc=com
cn: /home
objectClass: top
objectClass: automount
automountInformation: -nosuid home.nfs:/home
You can dump a full list of shares with a LDAP search like this:
ldapsearch -LLLx -b ou=auto.master,ou=automount,ou=admin,dc=example,dc=com
or via dscl like this:
dscl localhost -readall /LDAPv3/main.ldap.example.com/Automount
No comments:
Post a Comment