X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/a593e0644a0d3790b6332b5bc9b3d4b42f7aa32c..035c19c46c9f78dc6adf515b8418f9d0b55c709d:/blog/data/2009-03-29-ldap-schema-needed.txt diff --git a/blog/data/2009-03-29-ldap-schema-needed.txt b/blog/data/2009-03-29-ldap-schema-needed.txt index b2bf817732..314eaade5f 100644 --- a/blog/data/2009-03-29-ldap-schema-needed.txt +++ b/blog/data/2009-03-29-ldap-schema-needed.txt @@ -1,30 +1,36 @@ -Title: Time to replace the LDAP schemas in RFC 2307 -Tags: nuug, english, debian edu, debian -Date: 2009-03-29 12:00 -Publish: 2010-01-01 +Title: Time for new LDAP schemas replacing RFC 2307? +Tags: nuug, english, debian edu, debian, ldap +Date: 2009-03-29 20:30 -The state of standardized LDAP schemas on Linux is far from optimal. -In Debian Edu, we would like to store information about users, SMB -clients/hosts, filegroups, netgroups (users and hosts), DHCP and DNS -configuration, and LTSP configuration in LDAP. These objects have a -lot in common, but with the current LDAP schemas it is not possible to -have one object per entity. For example, one need to have at least -three LDAP objects for a given computer, one with the SMB related -stuff, one with DNS information and another with DHCP information. In -addition, it is impossible to implement quick queries for netgroup -membership, because of the way NIS triples are implemented. I believe -it is time for a few RFC specifications to cleam up this mess. The -old RFC 2307 do not scale when it comes to netgroups, and the schema -used by DNS servers and DHCP servers do not integrate properly with -RFC 2307 and each other. +

The state of standardized LDAP schemas on Linux is far from +optimal. There is RFC 2307 documenting one way to store NIS maps in +LDAP, and a modified version of this normally called RFC 2307bis, with +some modifications to be compatible with Active Directory. The RFC +specification handle the content of a lot of system databases, but do +not handle DNS zones and DHCP configuration.

-I would like to have one computer object representing each computer in +

In Debian Edu/Skolelinux, +we would like to store information about users, SMB clients/hosts, +filegroups, netgroups (users and hosts), DHCP and DNS configuration, +and LTSP configuration in LDAP. These objects have a lot in common, +but with the current LDAP schemas it is not possible to have one +object per entity. For example, one need to have at least three LDAP +objects for a given computer, one with the SMB related stuff, one with +DNS information and another with DHCP information. The schemas +provided for DNS and DHCP are impossible to combine into one LDAP +object. In addition, it is impossible to implement quick queries for +netgroup membership, because of the way NIS triples are implemented. +It just do not scale. I believe it is time for a few RFC +specifications to cleam up this mess.

+ +

I would like to have one LDAP object representing each computer in the network, and this object can then keep the SMB (ie host key), DHCP (mac address/name) and DNS (name/IP address) settings in one place. -It need to be efficently stored to make sure it scale well. +It need to be efficently stored to make sure it scale well.

-I would also like to have a quick way to map from a user or computer -and to the net group this user or computer is a member. +

I would also like to have a quick way to map from a user or +computer and to the net group this user or computer is a member.

-Active Directory have done a better job than unix heads like myself in -this regard. Time to start a new IETF work goup? +

Active Directory have done a better job than unix heads like myself +in this regard, and the unix side need to catch up. Time to start a +new IETF work group?