<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</div>
<div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.</div>
<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
</div>
<div class="tags">
<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</div>
<div class="tags">
<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
</div>
<div class="tags">
<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
</div>
<div class="tags">
<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
</div>
<div class="tags">
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+ <head>
+ <title>Petter Reinholdtsen: Entries Tagged ldap</title>
+ <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
+ <link rel="alternate" title="RSS Feed" href="ldap.rss" type="application/rss+xml">
+ </head>
+ <body>
+
+ <div class="title">
+ <h1>
+ <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
+
+ </h1>
+
+ </div>
+
+ <p>Entries tagged "ldap".</p>
+
+
+
+
+<div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">Time for new LDAP schemas replacing RFC 2307?</a>
+ </div>
+ <div class="date">
+ 2009-03-29 20:30
+ </div>
+
+ <div class="body">
+
+<p>The state of standardized LDAP schemas on Linux is far from
+optimal. There is RFC 2307 documenting one way to store NIS maps in
+LDAP, and a modified version of this normally called RFC 2307bis, with
+some modifications to be compatible with Active Directory. The RFC
+specification handle the content of a lot of system databases, but do
+not handle DNS zones and DHCP configuration.</p>
+
+<p>In <a href="http://www.skolelinux.org/">Debian Edu/Skolelinux</a>,
+we would like to store information about users, SMB clients/hosts,
+filegroups, netgroups (users and hosts), DHCP and DNS configuration,
+and LTSP configuration in LDAP. These objects have a lot in common,
+but with the current LDAP schemas it is not possible to have one
+object per entity. For example, one need to have at least three LDAP
+objects for a given computer, one with the SMB related stuff, one with
+DNS information and another with DHCP information. The schemas
+provided for DNS and DHCP are impossible to combine into one LDAP
+object. In addition, it is impossible to implement quick queries for
+netgroup membership, because of the way NIS triples are implemented.
+It just do not scale. I believe it is time for a few RFC
+specifications to cleam up this mess.</p>
+
+<p>I would like to have one LDAP object representing each computer in
+the network, and this object can then keep the SMB (ie host key), DHCP
+(mac address/name) and DNS (name/IP address) settings in one place.
+It need to be efficently stored to make sure it scale well.</p>
+
+<p>I would also like to have a quick way to map from a user or
+computer and to the net group this user or computer is a member.</p>
+
+<p>Active Directory have done a better job than unix heads like myself
+in this regard, and the unix side need to catch up. Time to start a
+new IETF work group?</p>
+
+ </div>
+ <div class="tags">
+
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+
+ </div>
+</div>
+<div class="padding"></div>
+
+<div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</a>
+ </div>
+ <div class="date">
+ 2010-06-24 00:35
+ </div>
+
+ <div class="body">
+
+<p>A while back, I
+<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained
+about the fact</a> that it is not possible with the provided schemas
+for storing DNS and DHCP information in LDAP to combine the two sets
+of information into one LDAP object representing a computer.</p>
+
+<p>In the mean time, I discovered that a simple fix would be to make
+the dhcpHost object class auxiliary, to allow it to be combined with
+the dNSDomain object class, and thus forming one object for one
+computer when storing both DHCP and DNS information in LDAP.</p>
+
+<p>If I understand this correctly, it is not safe to do this change
+without also changing the assigned number for the object class, and I
+do not know enough about LDAP schema design to do that properly for
+Debian Edu.</p>
+
+<p>Anyway, for future reference, this is how I believe we could change
+the
+<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP
+schema</a> to solve at least part of the problem with the LDAP schemas
+available today from IETF.</p>
+
+<pre>
+--- dhcp.schema (revision 65192)
++++ dhcp.schema (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+ NAME 'dhcpHost'
+ DESC 'This represents information about a particular client'
+- SUP top
++ SUP top AUXILIARY
+ MUST cn
+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+</pre>
+
+<p>I very much welcome clues on how to do this properly for Debian
+Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
+package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+ </div>
+ <div class="tags">
+
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+
+ </div>
+</div>
+<div class="padding"></div>
+
+ <p style="text-align: right;"><a href="ldap.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS Feed" width="36" height="14"></a></p>
+
+
+
+
+<div id="sidebar">
+
+<h2>Archive</h2>
+<ul>
+
+<li>2010
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (13)</a></li>
+
+</ul></li>
+
+<li>2009
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
+
+</ul></li>
+
+<li>2008
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
+
+</ul></li>
+
+</ul>
+
+
+
+<h2>Tags</h2>
+<ul>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (28)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (27)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (40)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (7)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (2)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (2)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (69)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (78)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (13)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (13)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (9)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (6)</a></li>
+
+</ul>
+
+</div>
+</body>
+</html>
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
+ <channel>
+ <title>Petter Reinholdtsen - Entries tagged ldap</title>
+ <description>Entries tagged ldap</description>
+ <link>http://people.skolelinux.org/pere/blog/</link>
+
+
+ <item>
+ <title>Time for new LDAP schemas replacing RFC 2307?</title>
+ <link>http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html</guid>
+ <pubDate>Sun, 29 Mar 2009 20:30:00 +0200</pubDate>
+ <description>
+<p>The state of standardized LDAP schemas on Linux is far from
+optimal. There is RFC 2307 documenting one way to store NIS maps in
+LDAP, and a modified version of this normally called RFC 2307bis, with
+some modifications to be compatible with Active Directory. The RFC
+specification handle the content of a lot of system databases, but do
+not handle DNS zones and DHCP configuration.</p>
+
+<p>In <a href="http://www.skolelinux.org/">Debian Edu/Skolelinux</a>,
+we would like to store information about users, SMB clients/hosts,
+filegroups, netgroups (users and hosts), DHCP and DNS configuration,
+and LTSP configuration in LDAP. These objects have a lot in common,
+but with the current LDAP schemas it is not possible to have one
+object per entity. For example, one need to have at least three LDAP
+objects for a given computer, one with the SMB related stuff, one with
+DNS information and another with DHCP information. The schemas
+provided for DNS and DHCP are impossible to combine into one LDAP
+object. In addition, it is impossible to implement quick queries for
+netgroup membership, because of the way NIS triples are implemented.
+It just do not scale. I believe it is time for a few RFC
+specifications to cleam up this mess.</p>
+
+<p>I would like to have one LDAP object representing each computer in
+the network, and this object can then keep the SMB (ie host key), DHCP
+(mac address/name) and DNS (name/IP address) settings in one place.
+It need to be efficently stored to make sure it scale well.</p>
+
+<p>I would also like to have a quick way to map from a user or
+computer and to the net group this user or computer is a member.</p>
+
+<p>Active Directory have done a better job than unix heads like myself
+in this regard, and the unix side need to catch up. Time to start a
+new IETF work group?</p>
+</description>
+ </item>
+
+ <item>
+ <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
+ <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
+ <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>
+ <description>
+<p>A while back, I
+<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained
+about the fact</a> that it is not possible with the provided schemas
+for storing DNS and DHCP information in LDAP to combine the two sets
+of information into one LDAP object representing a computer.</p>
+
+<p>In the mean time, I discovered that a simple fix would be to make
+the dhcpHost object class auxiliary, to allow it to be combined with
+the dNSDomain object class, and thus forming one object for one
+computer when storing both DHCP and DNS information in LDAP.</p>
+
+<p>If I understand this correctly, it is not safe to do this change
+without also changing the assigned number for the object class, and I
+do not know enough about LDAP schema design to do that properly for
+Debian Edu.</p>
+
+<p>Anyway, for future reference, this is how I believe we could change
+the
+<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP
+schema</a> to solve at least part of the problem with the LDAP schemas
+available today from IETF.</p>
+
+<pre>
+--- dhcp.schema (revision 65192)
++++ dhcp.schema (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+ NAME 'dhcpHost'
+ DESC 'This represents information about a particular client'
+- SUP top
++ SUP top AUXILIARY
+ MUST cn
+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+</pre>
+
+<p>I very much welcome clues on how to do this properly for Debian
+Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
+package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+</description>
+ </item>
+
+ </channel>
+</rss>
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
</div>
<div class="tags">
<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
projects / homepage.git / commitdiff