IBM Support

IBM AIX: How to configure AIX LDAP Client to use automount maps over the LDAP Server

How To


Summary

This document gives step-by-step instructions to set up AIX LDAP Client to automount NFS shares by using the automount maps that are defined over the LDAP Server.

Environment

Information required to gather:
 - What is the suffix to use as the "Automount Base DN"?
 - What is the LDAP server hostname/Ip-address?
 - What is the LDAP server binddn and bindpwd (admin and password)?

Note: AIX automount supports only two automount map name attributes, which are nisMapName and automountMapName. If your automount map names don't have either one of these attributes, AIX is not going to find the map file.

Steps


1) Configure AIX as LDAP Client:
<If AIX is already configured as an LDAP Client, you can skip this step>

First, you need to configure AIX as an LDAP client.

You can follow the instructions here:
https://www.ibm.com/support/pages/node/6551164
 
You need to follow the "LDAP client configuration" section.

2) Automount configurations:

A) After successfully configuring AIX as an LDAP client, you'll need to modify the automountbasedn entry within the /etc/security/ldap/ldap.cfg file by specifying the suffix to use in-order to search for the automount maps.
Example:
# cat /etc/security/ldap/ldap.cfg | grep -i automountbasedn
automountbasedn:cn=aixdata

B) Then restart the secldapclntd daemon to pick up the changes:
# restart-secldapclntd

C) Afterward, verify that you're able to query:
# lsldap -a automount
dn: nisMapName=auto_home,cn=aixdata
objectClass: top
objectClass: nisMap
nisMapName: auto_home

In which here the nisMapName attribute is used.

For the automountMapName, the output would be similar to:
#lsldap -a automount
dn: automountMapName=auto_home,cn=aixdata
objectClass: automountMap
objectClass: top
automountMapName: auto_home

You can also query by using ldapsearch command:
To query automountMapName name attribute:
# ldapsearch -h <LDAP_Server_Hostname/Ipaddress> -D <bindDN> -w <bindpwd> -b "" -s sub objectclass=* | grep -p automount
automountMapName=auto_home,cn=aixdata
objectClass=automountMap
objectClass=top
automountMapName=auto_home

automountKey=testuser,automountMapName=auto_home,cn=aixdata
objectClass=automount
objectClass=top
automountKey=testuser
automountInformation=tcp80:/home/&

To query nisMapName name attribute:
# ldapsearch -h <LDAP_Server_Hostname/Ipaddress> -D <bindDN> -w <bindpwd> -b "" -s sub objectclass=* | grep -p nisMapName
nisMapName=auto_home,cn=aixdata
objectClass=nisMap
objectClass=top
nisMapName=auto_home

CN=testuser,nisMapName=auto_home,cn=aixdata
objectClass=top
objectClass=nisObject
nisMapEntry=tcp80:/home/&
nisMapName=auto_home
cn=testuser
 
D) Make sure that the /etc/irs.conf file is configured correctly to point it to the map files on the LDAP server by adding the entry:
# cat /etc/irs.conf
automount nis_ldap

It is possible to specify more than one name service, in the order that it needs to be used, by using a whitespace separated list.

For example, to indicate the usage of LDAP maps first, followed by local files, the automount entry would be the following:
# cat /etc/irs.conf
automount nis_ldap files

E) For the local "/etc/auto_master" file, it must not reference to the remote map files as "/etc/auto_home", just auto_home, and make sure to use relative names for remote maps.
Example:
# cat /etc/auto_master
/home auto_home -rw,hard,intr

Using a syntax such as "/etc/auto_home" would make it look for local files and not the remote map files.

3) Start automount service:
If the automountd daemon is already up and running, stop and start the service:
# stopsrc -s automountd

Verify that it is no longer operative and running:
# lssrc -s automountd
Subsystem         Group            PID          Status
 automountd       autofs                        inoperative
 
# ps -ef | grep -i automount

Start the automount process:
# /usr/sbin/automount

Verify that the automount service is running:
# lssrc -s automountd
Subsystem         Group            PID          Status
 automountd       autofs           2621888      active

# ps -ef | grep -i automount
    root  2621888  3670410   0 04:41:40      -  0:00 /usr/sbin/automountd

# mount | grep -i auto
         auto_home        /home           autofs Nov 14 06:18 rw,hard,intr,ignore

Now attempt to access a directory within the "/home" directory and verify that it is mounted successfully as well:
# cd /home/testuser
Accessed the NFS file system

# mount
  node       mounted        mounted over    vfs       date        options      
-------- ---------------  ---------------  ------ ------------ ---------------
         /dev/hd4         /                jfs2   Jul 27 01:43 rw,log=/dev/hd8
         /dev/hd2         /usr             jfs2   Jul 27 01:43 rw,log=/dev/hd8
         /dev/hd9var      /var             jfs2   Jul 27 01:43 rw,log=/dev/hd8
                       <...>
         auto_home        /home           autofs Nov 15 03:43 rw,hard,intr,ignore
tcp80   /home/testuser    /home/testuser    nfs3   Nov 15 03:43 rw,hard,intr

Now, The automount daemon mounted the NFS file system "/home/testuser" from NFS server tcp80.

Document Location

Worldwide


[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvwwAAA","label":"Communication Applications-\u003EAutomount"},{"code":"a8m3p000000hBBEAA2","label":"Communication Applications-\u003ELDAP"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions"}]

Document Information

More support for:
AIX

Component:
Communication Applications->Automount, Communication Applications->LDAP

Software version:
All Versions

Operating system(s):
AIX

Document number:
7075958

Modified date:
05 December 2023

UID

ibm17075958

Manage My Notification Subscriptions

Page Feedback