X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/cb0d7087b5127c9154e71bc21a536677bf18af5d..40ff9fcec918fec87e73eae321520cbe14e9032f:/blog/index.rss
diff --git a/blog/index.rss b/blog/index.rss
index 1d5b80f851..bcb8a035c6 100644
--- a/blog/index.rss
+++ b/blog/index.rss
@@ -6,6 +6,171 @@
http://people.skolelinux.org/pere/blog/
+
+ Combining PowerDNS and ISC DHCP LDAP objects
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ Wed, 14 Jul 2010 23:45:00 +0200
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
+
+ Idea for storing LTSP configuration in LDAP
+ http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html
+ http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html
+ Sun, 11 Jul 2010 22:00:00 +0200
+
+<p>Vagrant mentioned on IRC today that ltsp_config now support
+sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
+clients, and that this can be used to fetch configuration from LDAP if
+Debian Edu choose to store configuration there.</p>
+
+<p>Armed with this information, I got inspired and wrote a test module
+to get configuration from LDAP. The idea is to look up the MAC
+address of the client in LDAP, and look for attributes on the form
+ltspconfigsetting=value, and use this to export SETTING=value to the
+LTSP clients.</p>
+
+<p>The goal is to be able to store the LTSP configuration attributes
+in a "computer" LDAP object used by both DNS and DHCP, and thus
+allowing us to store all information about a computer in one place.</p>
+
+<p>This is a untested draft implementation, and I welcome feedback on
+this approach. A real LDAP schema for the ltspClientAux objectclass
+need to be written. Comments, suggestions, etc?</p>
+
+<blockquote><pre>
+# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
+#
+# Fetch LTSP client settings from LDAP based on MAC address
+#
+# Uses ethernet address as stored in the dhcpHost objectclass using
+# the dhcpHWAddress attribute or ethernet address stored in the
+# ieee802Device objectclass with the macAddress attribute.
+#
+# This module is written to be schema agnostic, and only depend on the
+# existence of attribute names.
+#
+# The LTSP configuration variables are saved directly using a
+# ltspConfig prefix and uppercasing the rest of the attribute name.
+# To set the SERVER variable, set the ltspConfigServer attribute.
+#
+# Some LDAP schema should be created with all the relevant
+# configuration settings. Something like this should work:
+#
+# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
+# SUP top
+# AUXILIARY
+# MAY ( ltspConfigServer $ ltsConfigSound $ ... )
+
+LDAPSERVER=$(debian-edu-ldapserver)
+if [ "$LDAPSERVER" ] ; then
+ LDAPBASE=$(debian-edu-ldapserver -b)
+ for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
+ filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
+ ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
+ grep '^ltspConfig' | while read attr value ; do
+ # Remove prefix and convert to upper case
+ attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
+ # bass value on to clients
+ eval "$attr=$value; export $attr"
+ done
+ done
+fi
+</pre></blockquote>
+
+<p>I'm not sure this shell construction will work, because I suspect
+the while block might end up in a subshell causing the variables set
+there to not show up in ltsp-config, but if that is the case I am sure
+the code can be restructured to make sure the variables are passed on.
+I expect that can be solved with some testing. :)</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
+
+ jXplorer, a very nice LDAP GUI
+ http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html
+ http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html
+ Fri, 9 Jul 2010 12:55:00 +0200
+
+<p>Since
+<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my
+last post</a> about available LDAP tools in Debian, I was told about a
+LDAP GUI that is even better than luma. The java application
+<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of
+moving LDAP objects and subtrees using drag-and-drop, and can
+authenticate using Kerberos. I have only tested the Kerberos
+authentication, but do not have a LDAP setup allowing me to rewrite
+LDAP with my test user yet. It is
+<a href="http://packages.qa.debian.org/j/jxplorer.html">available in
+Debian</a> testing and unstable at the moment. The only problem I
+have with it is how it handle errors. If something go wrong, its
+non-intuitive behaviour require me to go through some query work list
+and remove the failing query. Nothing big, but very annoying.</p>
+
+
+
MS Word krøller det til for politiet?
http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html
@@ -526,242 +691,5 @@ håndheves strengt.</p>
-
- Officeshots taking shape
- http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html
- http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html
- Sun, 13 Jun 2010 11:40:00 +0200
-
-<p>For those of us caring about document exchange and
-interoperability, <a href="http://www.officeshots.org/">OfficeShots</a>
-is a great service. It is to ODF documents what
-<a href="http://browsershots.org/">BrowserShots</a> is for web
-pages.</p>
-
-<p>A while back, I was contacted by Knut Yrvin at the part of Nokia
-that used to be Trolltech, who wanted to help the OfficeShots project
-and wondered if the University of Oslo where I work would be
-interested in supporting the project. I helped him to navigate his
-request to the right people at work, and his request was answered with
-a spot in the machine room with power and network connected, and Knut
-arranged funding for a machine to fill the spot. The machine is
-administrated by the OfficeShots people, so I do not have daily
-contact with its progress, and thus from time to time check back to
-see how the project is doing.</p>
-
-<p>Today I had a look, and was happy to see that the Dell box in our
-machine room now is the host for several virtual machines running as
-OfficeShots factories, and the project is able to render ODF documents
-in 17 different document processing implementation on Linux and
-Windows. This is great.</p>
-
-
-
-
- Lenny->Squeeze upgrades, removals by apt and aptitude
- http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html
- http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html
- Sun, 13 Jun 2010 09:05:00 +0200
-
-<p>My
-<a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">testing
-of Debian upgrades</a> from Lenny to Squeeze continues, and I've
-finally made the upgrade logs available from
-<a href="http://people.skolelinux.org/pere/debian-upgrade-testing/">http://people.skolelinux.org/pere/debian-upgrade-testing/</a>.
-I am now testing dist-upgrade of Gnome and KDE in a chroot using both
-apt and aptitude, and found their differences interesting. This time
-I will only focus on their removal plans.</p>
-
-<p>After installing a Gnome desktop and the laptop task, apt-get wants
-to remove 72 packages when dist-upgrading from Lenny to Squeeze. The
-surprising part is that it want to remove xorg and all
-xserver-xorg-video* drivers. Clearly not a good choice, but I am not
-sure why. When asking aptitude to do the same, it want to remove 129
-packages, but most of them are library packages I suspect are no
-longer needed. Both of them want to remove bluetooth packages, which
-I do not know. Perhaps these bluetooth packages are obsolete?</p>
-
-<p>For KDE, apt-get want to remove 82 packages, among them kdebase
-which seem like a bad idea and xorg the same way as with Gnome. Asking
-aptitude for the same, it wants to remove 192 packages, none which are
-too surprising.</p>
-
-<p>I guess the removal of xorg during upgrades should be investigated
-and avoided, and perhaps others as well. Here are the complete list
-of planned removals. The complete logs is available from the URL
-above. Note if you want to repeat these tests, that the upgrade test
-for kde+apt-get hung in the tasksel setup because of dpkg asking
-conffile questions. No idea why. I worked around it by using
-'<tt>echo >> /proc/<em>pidofdpkg</em>/fd/0</tt>' to tell dpkg to
-continue.</p>
-
-<p><b>apt-get gnome 72</b>
-<br>bluez-gnome cupsddk-drivers deskbar-applet gnome
- gnome-desktop-environment gnome-network-admin gtkhtml3.14
- iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-1-0
- libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
- nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
- serpentine swfdec-mozilla update-manager xorg xserver-xorg
- xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
- xserver-xorg-input-kbd xserver-xorg-input-mouse
- xserver-xorg-input-synaptics xserver-xorg-input-wacom
- xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
- xserver-xorg-video-ati xserver-xorg-video-chips
- xserver-xorg-video-cirrus xserver-xorg-video-cyrix
- xserver-xorg-video-dummy xserver-xorg-video-fbdev
- xserver-xorg-video-glint xserver-xorg-video-i128
- xserver-xorg-video-i740 xserver-xorg-video-imstt
- xserver-xorg-video-intel xserver-xorg-video-mach64
- xserver-xorg-video-mga xserver-xorg-video-neomagic
- xserver-xorg-video-nsc xserver-xorg-video-nv
- xserver-xorg-video-openchrome xserver-xorg-video-r128
- xserver-xorg-video-radeon xserver-xorg-video-radeonhd
- xserver-xorg-video-rendition xserver-xorg-video-s3
- xserver-xorg-video-s3virge xserver-xorg-video-savage
- xserver-xorg-video-siliconmotion xserver-xorg-video-sis
- xserver-xorg-video-sisusb xserver-xorg-video-tdfx
- xserver-xorg-video-tga xserver-xorg-video-trident
- xserver-xorg-video-tseng xserver-xorg-video-v4l
- xserver-xorg-video-vesa xserver-xorg-video-vga
- xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9
- xulrunner-1.9-gnome-support</p>
-
-<p><b>aptitude gnome 129</b>
-
-<br>bluez-gnome bluez-utils cpp-4.3 cupsddk-drivers dhcdbd
- djvulibre-desktop finger gnome-app-install gnome-mount
- gnome-network-admin gnome-spell gnome-vfs-obexftp
- gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
- libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
- libcamel1.2-11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
- libdirectfb-1.0-0 libdvdread3 libedataserver1.2-9 libeel2-2.20
- libeel2-data libepc-1.0-1 libepc-ui-1.0-1 libfaad0 libgail-common
- libgd2-noxpm libgda3-3 libgda3-common libgdl-1-0 libgdl-1-common
- libggz2 libggzcore9 libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0
- libgnomecups1.0-1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-0
- libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common
- libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-0
- libgtksourceview-common libgtksourceview1.0-0 libgucharmap6
- libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++10
- libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
- libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-2.2
- libosp5 libparted1.8-10 libpoppler-glib3 libpoppler3 libpt-1.10.10
- libpt-1.10.10-plugins-alsa libpt-1.10.10-plugins-v4l libraw1394-8
- libsensors3 libslab0 libsmbios2 libsoup2.2-8 libssh2-1
- libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 libtotem-plparser10
- libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
- libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
- libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
- openoffice.org-writer2latex openssl-blacklist p7zip
- python-4suite-xml python-eggtrayicon python-gnome2-desktop
- python-gnome2-extras python-gtkhtml2 python-gtkmozembed
- python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
- swfdec-mozilla totem-gstreamer update-manager wodim
- xserver-xorg-video-cyrix xserver-xorg-video-imstt
- xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
- zip</p>
-
-<p><b>apt-get kde 82</b>
-
-<br>cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
- kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
- kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
- kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
- kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
- libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
- xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
- xserver-xorg-input-kbd xserver-xorg-input-mouse
- xserver-xorg-input-synaptics xserver-xorg-input-wacom
- xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
- xserver-xorg-video-ati xserver-xorg-video-chips
- xserver-xorg-video-cirrus xserver-xorg-video-cyrix
- xserver-xorg-video-dummy xserver-xorg-video-fbdev
- xserver-xorg-video-glint xserver-xorg-video-i128
- xserver-xorg-video-i740 xserver-xorg-video-imstt
- xserver-xorg-video-intel xserver-xorg-video-mach64
- xserver-xorg-video-mga xserver-xorg-video-neomagic
- xserver-xorg-video-nsc xserver-xorg-video-nv
- xserver-xorg-video-openchrome xserver-xorg-video-r128
- xserver-xorg-video-radeon xserver-xorg-video-radeonhd
- xserver-xorg-video-rendition xserver-xorg-video-s3
- xserver-xorg-video-s3virge xserver-xorg-video-savage
- xserver-xorg-video-siliconmotion xserver-xorg-video-sis
- xserver-xorg-video-sisusb xserver-xorg-video-tdfx
- xserver-xorg-video-tga xserver-xorg-video-trident
- xserver-xorg-video-tseng xserver-xorg-video-v4l
- xserver-xorg-video-vesa xserver-xorg-video-vga
- xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9</p>
-
-<p><b>aptitude kde 192</b>
-<br>bluez-utils cpp-4.3 cupsddk-drivers cvs dcoprss dhcdbd
- djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
- ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
- kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
- kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
- kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
- kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
- kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
- kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
- kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
- kghostview khelpcenter khexedit kiconedit kitchensync klatin
- klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
- kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
- krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
- ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
- kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
- kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
- libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
- libavahi-core5 libavc1394-0 libavcodec51 libbluetooth2
- libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
- libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
- libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0
- libicu38 libiec61883-0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
- libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
- libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
- libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
- libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
- libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-8 libsmbios2
- libssh2-1 libsuitesparse-3.1.0 libtalloc1 libtiff-tools
- libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
- libxerces2-java-gcj libxtrap6 mpeglib networkstatus
- openoffice.org-writer2latex pmount poster psutils quanta quanta-data
- superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
- texlive-common texlive-doc-base texlive-fonts-recommended
- xserver-xorg-video-cyrix xserver-xorg-video-imstt
- xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
- xulrunner-1.9</p>
-
-
-
-
-
- à pne trådløsnett er et samfunnsgode
- http://people.skolelinux.org/pere/blog/__pne_tr__dl__snett_er_et_samfunnsgode.html
- http://people.skolelinux.org/pere/blog/__pne_tr__dl__snett_er_et_samfunnsgode.html
- Sat, 12 Jun 2010 12:45:00 +0200
-
-<p>Veldig glad for å oppdage via
-<a href="http://yro.slashdot.org/story/10/06/11/1841256/Finland-To-Legalize-Use-of-Unsecured-Wi-Fi">Slashdot</a>
-at folk i Finland har forstått at åpne trådløsnett er et samfunnsgode.
-Jeg ser på åpne trådløsnett som et fellesgode på linje med retten til
-ferdsel i utmark og retten til å bevege seg i strandsonen. Jeg har
-glede av åpne trådløsnett når jeg finner dem, og deler gladelig nett
-med andre så lenge de ikke forstyrrer min bruk av eget nett.
-Nettkapasiteten er sjelden en begrensning ved normal browsing og enkel
-SSH-innlogging (som er min vanligste nettbruk), og nett kan brukes til
-så mye positivt og nyttig (som nyhetslesing, sjekke været, kontakte
-slekt og venner, holde seg oppdatert om politiske saker, kontakte
-organisasjoner og politikere, etc), at det for meg er helt urimelig å
-blokkere dette for alle som ikke gjør en flue fortred. De som mener
-at potensialet for misbruk er grunn nok til å hindre all den positive
-og lovlydige bruken av et åpent trådløsnett har jeg dermed ingen
-forståelse for. En kan ikke eksistensen av forbrytere styre hvordan
-samfunnet skal organiseres. Da får en et kontrollsamfunn de færreste
-ønsker å leve i, og det at vi har et samfunn i Norge der tilliten til
-hverandre er høy gjør at samfunnet fungerer ganske godt. Det bør vi
-anstrenge oss for å beholde.</p>
-
-
-