[OpenAFS] OAFS/LDAP Integration & List Archive weirdness

Kevin openafs@gnosys.biz
Mon, 8 Mar 2004 10:17:51 -0500 

Hi All-

Many thanks to Andrew Bacchi and David Miller for 
recently suggesting LDAP integration with OAFS and MIT 
KRB5 to me.

I now have my client machines configured with PAM and 
the pam_unix2 library to do authentication against the 
KDC and then obtain user data (uidNumber, gidNumber, 
home directory, loginShell, etc.) from an OpenLDAP 
server.  This seems to work well for me thus far (I've 
not yet created any real users in the AFS system, 
though).

Now that I have this much integrated though, I was 
wondering about further LDAP integration with OAFS and 
so spent some time searching the list archives, the 
TWiki, Google, etc. for information on this.

On the list archives, I found a thread back in March 
2001 started by Leif Johansson on the subject of 
putting some of the data that goes in pts into an LDAP 
directory instead: 
https://lists.central.org/pipermail/info-afs/2001-March/000123.html

This generated some discussion on the list and it 
sounded like there was some real interest in doing so 
at the time.  However, I see no recent discussion 
about this subject.  Was anything done in regards to 
this issue or was it deemed a bad idea after all?

I've seen some pretty recent statements on the list 
that the OAFS docs might not have the latest 
information on some issues, and I'm just curious to 
know if there are any other ways that I can ease the 
task of maintaining this network using LDAP 
integration, specifically with regard to OAFS.

I will ultimately be adding WinXPP and MacOSX clients 
to this network (right now only Linux boxes), and 
would like to keep as much user data in a single 
centralized location as possible, and LDAP seems like 
a good way to do so.

How are other folks doing this?  Specific details (like 
the structure of your Directory Information Trees in 
LDAP) would be most helpful to me.

The second half of the subject is simply to report what 
seems to be some very odd behavior in the web archive 
of this list.

It showed up for me most clearly as I was trying to 
read the thread started by Theo van den Bout on Thu, 
22 Jan 2004 16:26:05 +0100 with subject "OpenAFS + 
Linux +XP" using the web interface (I only just joined 
the list early last month so I don't have these in my 
own archive).

If I sort the month by thread, then the resulting index 
shows this thread as six separate threads all with the 
same subject and they're not adjacent to eachother so 
it's quite difficult to follow the thread from one 
article to the next using the index sorted by thread.  
And if I link to the first article in the thread and 
then follow the links entitled, "Next message:" then I 
walk through the thread and miss several articles.

Is this normal behavior?  It's different from what I 
would expect, and so I thought I'd mention it in case 
nobody else is aware of it.  Or perhaps it's doing 
what it should and I'm just not seeing what it should 
be doing?

TIA for any thoughts on LDAP integration with OAFS.

-Kevin