From: Petter Reinholdtsen Date: Wed, 14 Jul 2010 21:45:00 +0000 (+0000) Subject: New entry about LDAP. X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/commitdiff_plain/a72b3ef9a721da51330cabf8b7578efe01c5641b?hp=e22781370f42c3479c619ecbc275ef2e7c64099e New entry about LDAP. --- diff --git a/blog/data/2010-07-14-ldap-dnsdhcp.txt b/blog/data/2010-07-14-ldap-dnsdhcp.txt new file mode 100644 index 0000000000..4f0fbfa882 --- /dev/null +++ b/blog/data/2010-07-14-ldap-dnsdhcp.txt @@ -0,0 +1,62 @@ +Title: Combining PowerDNS and ISC DHCP LDAP objects +Tags: english, debian, debian edu, nuug, ldap +Date: 2010-07-14 23:45 + +

For a while now, I have wanted to find a way to change the DNS and +DHCP services in Debian Edu to use the same LDAP objects for a given +computer, to avoid the possibility of having a inconsistent state for +a computer in LDAP (as in DHCP but no DNS entry or the other way +around) and make it easier to add computers to LDAP.

+ +

I've looked at how powerdns and dhcpd is using LDAP, and using this +information finally found a solution that seem to work.

+ +

The old setup required three LDAP objects for a given computer. +One forward DNS entry, one reverse DNS entry and one DHCP entry. If +we switch powerdns to use its strict LDAP method (ldap-method=strict +in pdns-debian-edu.conf), the forward and reverse DNS entries are +merged into one while making it impossible to transfer the reverse map +to a slave DNS server.

+ +

If we also replace the object class used to get the DNS related +attributes to one allowing these attributes to be combined with the +dhcpHost object class, we can merge the DNS and DHCP entries into one. +I've written such object class in the dnsdomainaux.schema file (need +proper OIDs, but that is a minor issue), and tested the setup. It +seem to work.

+ +

With this test setup in place, we can get away with one LDAP object +for both DNS and DHCP, and even the LTSP configuration I suggested in +an earlier email. The combined LDAP object will look something like +this:

+ +
+  dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,\
+dc=no
+  cn: hostname
+  objectClass: dhcpHost
+  objectclass: domainrelatedobject
+  objectclass: dnsDomainAux
+  associateddomain: hostname.intern
+  arecord: 10.11.12.13
+  dhcpHWAddress: ethernet 00:00:00:00:00:00
+  dhcpStatements: fixed-address hostname
+  ldapConfigSound: Y
+
+ +

The DNS server uses the associateddomain and arecord entries, while +the DHCP server uses the dhcpHWAddress and dhcpStatements entries +before asking DNS to resolve the fixed-adddress. LTSP will use +dhcpHWAddress or associateddomain and the ldapConfig* attributes.

+ +

I am not yet sure if I can get the DHCP server to look for its +dhcpHost in a different location, to allow us to put the objects +outside the "DHCP Config" subtree, but hope to figure out a way to do +that. If I can't figure out a way to do that, we can still get rid of +the hosts subtree and move all its content into the DHCP Config tree +(which probably should be renamed to be more related to the new +content. I suspect cn=dnsdhcp,ou=services or something like that +might be a good place to put it.

+ +

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.