New entry about LDAP.

diff --git a/blog/data/2010-07-14-ldap-dnsdhcp.txt b/blog/data/2010-07-14-ldap-dnsdhcp.txt
new file mode 100644 (file)
index 0000000..4f0fbfa
--- /dev/null
+++ b/blog/data/2010-07-14-ldap-dnsdhcp.txt
@@ -0,0 +1,62 @@
+Title: Combining PowerDNS and ISC DHCP LDAP objects
+Tags: english, debian, debian edu, nuug, ldap
+Date: 2010-07-14 23:45
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry.  If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcpHost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup.  It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email.  The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+  dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,\
+dc=no
+  cn: hostname
+  objectClass: dhcpHost
+  objectclass: domainrelatedobject
+  objectclass: dnsDomainAux
+  associateddomain: hostname.intern
+  arecord: 10.11.12.13
+  dhcpHWAddress: ethernet 00:00:00:00:00:00
+  dhcpStatements: fixed-address hostname
+  ldapConfigSound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcpHWAddress and dhcpStatements entries
+before asking DNS to resolve the fixed-adddress.  LTSP will use
+dhcpHWAddress or associateddomain and the ldapConfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcpHost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that.  If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content.  I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>