1

Is there a way to ignore or alter the LDAP homeDirectory on select Linux clients, i.e. workstations?

End Goal:

I'm trying to use our LDAP user database, while keeping the home directories on the SSDs of our workstation, but mounting our shared home directory under the same path.

Background:

I'm working on a heterogeneous HPC cluster + workstation environment, which share NFS and LDAP. The LDAP configuration includes the homeDirectory attribute, which is correctly read on all machines to be on the NFS share (or BeeGFS on the clusters).

The ldap server is running openldap, while the workstations are running nscd with the appropriate /etc/pam.d/common-password and /etc/nsswitch.conf changes. Additionally, I've set up a test workstation with nslcd, in order to alter the homeDirectory value via /etc/nslcd.conf, as described in LDAP Users Home Directories.

For the cluster nodes, everything is peachy, and the home directories are on the shared network drive (via BeeGFS in this case).

For the workstations, I'd like to use the local SSDs for local home directories, but still mount the cluster home directories under their exact paths, since many users use absolute paths. I don't mind the different ~user and $HOME paths.

What's the proper way of overriding the homeDirectory attribute machine-wise?

Community
  • 1
Erik E. Lorenz
  • 123
  • 8
  • Additional information on the test workstation: nscd seemed to shadow nslcd, so I disabled it (duh). Accordung to `nslcd -d`, homeDirectory is changed properly. Now, the system doesn't seem to take to nslcd as well as I'd like: It accepts connections, but the system does not try to connect to nslcd. I must be missing a vital configuration of pam or something – Erik E. Lorenz Apr 12 '19 at 11:13

2 Answers2

2

If you use SSSD, there is an override_homedir option that allows you to replace the value that is provided via LDAP. It supports templates so you can set it to something like /my/new/home/%u, etc.

bodgit
  • 4,751
  • 16
  • 27
0

Consider not mangling homeDirectory and mounting both where documented in the directory. /home might be on local disk, then mount /home/cluster or whatever on top of that.

Users may be confused if the same path is shared on one box but not on the other. Where you can, be consistent across the network which entire trees ( /home /srv /var etc.) are mounted shares and which are local.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34
  • How does this approach differ from our current setup? We're currently mounting each share at the same path, which contains the cluster home directories. While this is fine for the headless HPC Clusters, it slows the workstations to a crawl due to application caching and temporary files. Forcing the cache directories onto the SSD (XDG_CACHE_DIR, mounting to /tmp/$USER-cache/, ...) only helps so much, since it doesn't include the actual working directories. Hence, I'd like to provide a local working directory on the machines at `home/$USER`, preserving our absolute paths. – Erik E. Lorenz Apr 13 '19 at 08:53
  • Maybe I misread that. Are you proposing machine-local home directories on the (diskless) cluster nodes? – Erik E. Lorenz Apr 13 '19 at 08:58
  • I'm proposing local disk mounts where you want them, and network shares where you want them. Nothing prevents `/home` from being local disk and `/home/cluster` from being a share. – John Mahowald Apr 13 '19 at 12:05
  • I don't quite see how that's different from our current setup. The user directories are inside `/home/cluster/$uid` and we can't change them server-side. How would you enable a local `/home/$uid` directories on specific machines for LDAP users, when LDAP sets homeDirectory to `/home/cluster/$uid`? – Erik E. Lorenz Apr 14 '19 at 14:19