diff --git a/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html b/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html
index f0e5907d23..18c56e7e97 100644
--- a/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html
+++ b/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html
@@ -69,7 +69,7 @@ similar to how they use the Xsession.d framework today.
diff --git a/blog/Automatic_Munin_and_Nagios_configuration.html b/blog/Automatic_Munin_and_Nagios_configuration.html
index 012c917b18..c0a87dcf4e 100644
--- a/blog/Automatic_Munin_and_Nagios_configuration.html
+++ b/blog/Automatic_Munin_and_Nagios_configuration.html
@@ -96,7 +96,7 @@ everything is taken care of.
diff --git a/blog/Avisene_i_endring.html b/blog/Avisene_i_endring.html
index c5a12f6003..8a5940f5ca 100644
--- a/blog/Avisene_i_endring.html
+++ b/blog/Avisene_i_endring.html
@@ -57,7 +57,7 @@ eksisterer. Det blir spennende å se hva vi ender opp med.
For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.
+
+
I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.
+
+
The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.
+
+
If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.
+
+
With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:
The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.
+
+
I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.
+
+
If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.
diff --git a/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html b/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html
index 6541feb2c6..f1a326275f 100644
--- a/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html
+++ b/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html
@@ -65,7 +65,7 @@ and have just a few weeks or months to make it happen.
diff --git a/blog/Debian_boots_quicker_and_quicker.html b/blog/Debian_boots_quicker_and_quicker.html
index ae8afd4340..23cb518634 100644
--- a/blog/Debian_boots_quicker_and_quicker.html
+++ b/blog/Debian_boots_quicker_and_quicker.html
@@ -97,7 +97,7 @@ insserv'. Will need to test if that work. :)
diff --git a/blog/Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html b/blog/Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html
index 83d87d80a0..b5d7b6946c 100644
--- a/blog/Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html
+++ b/blog/Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html
@@ -82,7 +82,7 @@ der for å se hva de har.
diff --git a/blog/FAD_lanserer_reiseregningsskjema_som_fri_programvare.html b/blog/FAD_lanserer_reiseregningsskjema_som_fri_programvare.html
index 4859ddc0ad..9ca03b9b34 100644
--- a/blog/FAD_lanserer_reiseregningsskjema_som_fri_programvare.html
+++ b/blog/FAD_lanserer_reiseregningsskjema_som_fri_programvare.html
@@ -128,7 +128,7 @@ gjorde det litt vanskeligere for brukeren.
diff --git a/blog/F__rste_NUUG_fordrag_sendt_p___TV.html b/blog/F__rste_NUUG_fordrag_sendt_p___TV.html
index 1fab32f8fe..b2c5c701fe 100644
--- a/blog/F__rste_NUUG_fordrag_sendt_p___TV.html
+++ b/blog/F__rste_NUUG_fordrag_sendt_p___TV.html
@@ -68,7 +68,7 @@ meg, Tollef og alle andre de som deltok på møtet på TV.
diff --git a/blog/Fiksgatami_begynner____ta_form.html b/blog/Fiksgatami_begynner____ta_form.html
index 2cbcd7114c..d4493e6a97 100644
--- a/blog/Fiksgatami_begynner____ta_form.html
+++ b/blog/Fiksgatami_begynner____ta_form.html
@@ -69,7 +69,7 @@ med dem. Dette blir bra.
diff --git a/blog/Fildeling_er_lovlig___ulovlig_fildeling_er_ulovlig.html b/blog/Fildeling_er_lovlig___ulovlig_fildeling_er_ulovlig.html
index 5f5766122a..c783b5310c 100644
--- a/blog/Fildeling_er_lovlig___ulovlig_fildeling_er_ulovlig.html
+++ b/blog/Fildeling_er_lovlig___ulovlig_fildeling_er_ulovlig.html
@@ -67,7 +67,7 @@ og fildeling av slike filer er fullt ut lovlig.
diff --git a/blog/Frikanalen_og_jul_i_studentr__det.html b/blog/Frikanalen_og_jul_i_studentr__det.html
index e6f7adf320..4178f16de6 100644
--- a/blog/Frikanalen_og_jul_i_studentr__det.html
+++ b/blog/Frikanalen_og_jul_i_studentr__det.html
@@ -90,7 +90,7 @@ NUUG lykkes med å få ut sine opptak med like stor suksess.
diff --git a/blog/Hva_er_egentlig_en___pen_standard_.html b/blog/Hva_er_egentlig_en___pen_standard_.html
index 5b6088fd4d..6ba9b8ab4a 100644
--- a/blog/Hva_er_egentlig_en___pen_standard_.html
+++ b/blog/Hva_er_egentlig_en___pen_standard_.html
@@ -149,7 +149,7 @@ av en standard for at en standard skal kunne kalles fri og åpen.
diff --git a/blog/Hvorfor_jeg_ikke_bruker_eFaktura.html b/blog/Hvorfor_jeg_ikke_bruker_eFaktura.html
index 7d62fe75bb..42de555e90 100644
--- a/blog/Hvorfor_jeg_ikke_bruker_eFaktura.html
+++ b/blog/Hvorfor_jeg_ikke_bruker_eFaktura.html
@@ -79,7 +79,7 @@ liker rett og slett ikke dagens faktureringsmodeller.
diff --git a/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html b/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html
index 6a55567e65..528b66abfe 100644
--- a/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html
+++ b/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html
@@ -59,7 +59,7 @@ bakgrunnskunnskapen kan jeg godt tro at IDG er inne på noe.
diff --git a/blog/Internet_leverand__rer_er_ikke_vokterne_av_sine_kunders_nettbruk.html b/blog/Internet_leverand__rer_er_ikke_vokterne_av_sine_kunders_nettbruk.html
index 5bb20f2180..912cfd098b 100644
--- a/blog/Internet_leverand__rer_er_ikke_vokterne_av_sine_kunders_nettbruk.html
+++ b/blog/Internet_leverand__rer_er_ikke_vokterne_av_sine_kunders_nettbruk.html
@@ -75,7 +75,7 @@ publiseres med mer brukervennlige vilkår, som CC-BY og lignende.
diff --git a/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html b/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
index aaa639b7ef..e5ff923f3d 100644
--- a/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
+++ b/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
@@ -74,7 +74,7 @@ but I am pretty sure that waiting for each other is not it.
diff --git a/blog/Kerberos_for_Debian_Edu_Squeeze_.html b/blog/Kerberos_for_Debian_Edu_Squeeze_.html
index 8d67c9ccc6..61b8b42319 100644
--- a/blog/Kerberos_for_Debian_Edu_Squeeze_.html
+++ b/blog/Kerberos_for_Debian_Edu_Squeeze_.html
@@ -87,7 +87,7 @@ up in a few days.
diff --git a/blog/Korrupsjon_p___h__yeste_niv___.html b/blog/Korrupsjon_p___h__yeste_niv___.html
index 08ab00e0d2..74a7f32de1 100644
--- a/blog/Korrupsjon_p___h__yeste_niv___.html
+++ b/blog/Korrupsjon_p___h__yeste_niv___.html
@@ -67,7 +67,7 @@ Sverige blir søndagskolefortellinger i sammenligning.
diff --git a/blog/LUMA__a_very_nice_LDAP_GUI.html b/blog/LUMA__a_very_nice_LDAP_GUI.html
index 4a317bb906..b3e8756ac0 100644
--- a/blog/LUMA__a_very_nice_LDAP_GUI.html
+++ b/blog/LUMA__a_very_nice_LDAP_GUI.html
@@ -81,7 +81,7 @@ changes, it will not be an option for Debian Edu based on Squeeze.
diff --git a/blog/Litt_om_valgfusk_og_problemet_med_elektronisk_stemmegiving.html b/blog/Litt_om_valgfusk_og_problemet_med_elektronisk_stemmegiving.html
index 1edb3ba159..8b1dd51ba1 100644
--- a/blog/Litt_om_valgfusk_og_problemet_med_elektronisk_stemmegiving.html
+++ b/blog/Litt_om_valgfusk_og_problemet_med_elektronisk_stemmegiving.html
@@ -80,7 +80,7 @@ inneholdt i Iran hvis de ikke hadde hemmelige valg?
diff --git a/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html b/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html
index b0dc9e881d..f1f4474dc5 100644
--- a/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html
+++ b/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html
@@ -105,7 +105,7 @@ ser jeg mye korrespondanse mellom påtrykk og magnetstripe.
diff --git a/blog/Norge_trenger_en_personvernforening.html b/blog/Norge_trenger_en_personvernforening.html
index 9fd9fa47e3..52b290e8e2 100644
--- a/blog/Norge_trenger_en_personvernforening.html
+++ b/blog/Norge_trenger_en_personvernforening.html
@@ -64,7 +64,7 @@ nå får vi se om noen er enig.
diff --git a/blog/Opphavet_til_Skolelinux_prosjektet.html b/blog/Opphavet_til_Skolelinux_prosjektet.html
index 9191fe46cf..347ceb7193 100644
--- a/blog/Opphavet_til_Skolelinux_prosjektet.html
+++ b/blog/Opphavet_til_Skolelinux_prosjektet.html
@@ -79,7 +79,7 @@ Resten er historie. :)
diff --git a/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html b/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
index 7b4e674897..a0ac1d14e9 100644
--- a/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
+++ b/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
@@ -77,7 +77,7 @@ list of usertagged bugs related to this.
diff --git a/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html b/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
index 9a55995bb8..c97132e90b 100644
--- a/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
+++ b/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
@@ -90,7 +90,7 @@ list of usertagged bugs related to this.
diff --git a/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html b/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
index a4f099d8f8..480bf03cd0 100644
--- a/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
+++ b/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
@@ -86,7 +86,7 @@ list of usertagged bugs related to this.
diff --git a/blog/Regjerningen_forlater_prinsippet_om_ingen_royalty_betaling_i_standardkatalogen_versjon_2.html b/blog/Regjerningen_forlater_prinsippet_om_ingen_royalty_betaling_i_standardkatalogen_versjon_2.html
index 2f620cbe2d..a214b09ebc 100644
--- a/blog/Regjerningen_forlater_prinsippet_om_ingen_royalty_betaling_i_standardkatalogen_versjon_2.html
+++ b/blog/Regjerningen_forlater_prinsippet_om_ingen_royalty_betaling_i_standardkatalogen_versjon_2.html
@@ -80,7 +80,7 @@ høringsuttalelse, men ser ut til å ha blitt ignorert.
diff --git a/blog/Reprap_bygging_i_p__sken.html b/blog/Reprap_bygging_i_p__sken.html
index b5531106ff..b739eb7fe7 100644
--- a/blog/Reprap_bygging_i_p__sken.html
+++ b/blog/Reprap_bygging_i_p__sken.html
@@ -104,7 +104,7 @@ kommer til å bruke denne plasttypen som håndterer temperaturer mellom
diff --git a/blog/Reprap_pakke_tapt_i_posten.html b/blog/Reprap_pakke_tapt_i_posten.html
index 9ea854be40..f0f2376bf2 100644
--- a/blog/Reprap_pakke_tapt_i_posten.html
+++ b/blog/Reprap_pakke_tapt_i_posten.html
@@ -60,7 +60,7 @@ lenge alt er klart til Go Open
diff --git a/blog/Sikkerhet_til_sj__s_trenger_sj__kart_uten_bruksbegresninger.html b/blog/Sikkerhet_til_sj__s_trenger_sj__kart_uten_bruksbegresninger.html
index c30ea042be..9da2440bbd 100644
--- a/blog/Sikkerhet_til_sj__s_trenger_sj__kart_uten_bruksbegresninger.html
+++ b/blog/Sikkerhet_til_sj__s_trenger_sj__kart_uten_bruksbegresninger.html
@@ -104,7 +104,7 @@ det viser at behovet for fribruks-sjøkart er til stedet.
diff --git a/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html b/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
index 981dd4da98..68fcbc9b6c 100644
--- a/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
+++ b/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
@@ -76,7 +76,7 @@ application that do not use open network protocol or open formats.
diff --git a/blog/Taking_over_sysvinit_development.html b/blog/Taking_over_sysvinit_development.html
index c25cbe16af..4ccddfa61b 100644
--- a/blog/Taking_over_sysvinit_development.html
+++ b/blog/Taking_over_sysvinit_development.html
@@ -73,7 +73,7 @@ distributions are moving to upstart as a syvinit replacement.
diff --git a/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html b/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
index e75edba73e..35c2de5070 100644
--- a/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
+++ b/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
@@ -69,7 +69,7 @@ be the only one fitting our needs. :/
diff --git a/blog/Vitenskapens_dogmer___.html b/blog/Vitenskapens_dogmer___.html
index 90fddd5ae2..a1ee72b446 100644
--- a/blog/Vitenskapens_dogmer___.html
+++ b/blog/Vitenskapens_dogmer___.html
@@ -119,7 +119,7 @@ skyskrapere. Takke meg til en tur til månen.
diff --git a/blog/When_web_browser_developers_make_a_video_player___.html b/blog/When_web_browser_developers_make_a_video_player___.html
index fa7dfc5fad..dfcd987df5 100644
--- a/blog/When_web_browser_developers_make_a_video_player___.html
+++ b/blog/When_web_browser_developers_make_a_video_player___.html
@@ -93,7 +93,7 @@ sure hope it was using the announced Ogg Theora support. :)
diff --git a/blog/archive/2008/11/index.html b/blog/archive/2008/11/index.html
index 2813cebd76..c9840581fe 100644
--- a/blog/archive/2008/11/index.html
+++ b/blog/archive/2008/11/index.html
@@ -214,7 +214,7 @@ lenge alt er klart til Go Open
diff --git a/blog/archive/2009/03/index.html b/blog/archive/2009/03/index.html
index 2a72c04c01..fb1045a6e6 100644
--- a/blog/archive/2009/03/index.html
+++ b/blog/archive/2009/03/index.html
@@ -714,7 +714,7 @@ application that do not use open network protocol or open formats.
diff --git a/blog/archive/2009/08/index.html b/blog/archive/2009/08/index.html
index 1e8ed879dc..0b00d91d21 100644
--- a/blog/archive/2009/08/index.html
+++ b/blog/archive/2009/08/index.html
@@ -227,7 +227,7 @@ det viser at behovet for fribruks-sjøkart er til stedet.
diff --git a/blog/archive/2010/02/index.html b/blog/archive/2010/02/index.html
index 7d40089f30..4fed066f24 100644
--- a/blog/archive/2010/02/index.html
+++ b/blog/archive/2010/02/index.html
@@ -80,7 +80,7 @@ and have just a few weeks or months to make it happen.
diff --git a/blog/archive/2010/05/index.html b/blog/archive/2010/05/index.html
index f96cb28b09..df43334e3c 100644
--- a/blog/archive/2010/05/index.html
+++ b/blog/archive/2010/05/index.html
@@ -615,7 +615,7 @@ list of usertagged bugs related to this.
diff --git a/blog/archive/2010/06/index.html b/blog/archive/2010/06/index.html
index b97229f804..0f510462b8 100644
--- a/blog/archive/2010/06/index.html
+++ b/blog/archive/2010/06/index.html
@@ -1014,7 +1014,7 @@ changes, it will not be an option for Debian Edu based on Squeeze.
diff --git a/blog/archive/2010/07/07.rss b/blog/archive/2010/07/07.rss
index cf51388abc..c4bff2cff0 100644
--- a/blog/archive/2010/07/07.rss
+++ b/blog/archive/2010/07/07.rss
@@ -437,6 +437,72 @@ there to not show up in ltsp-config, but if that is the case I am sure
the code can be restructured to make sure the variables are passed on.
I expect that can be solved with some testing. :)</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
+
+ Combining PowerDNS and ISC DHCP LDAP objects
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ Wed, 14 Jul 2010 23:45:00 +0200
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>
diff --git a/blog/archive/2010/07/index.html b/blog/archive/2010/07/index.html
index 7f28dba1b2..ffebaf5891 100644
--- a/blog/archive/2010/07/index.html
+++ b/blog/archive/2010/07/index.html
@@ -515,6 +515,85 @@ please contact us on debian-edu@lists.debian.org.
+ Tags: debian, debian edu, english, ldap, nuug.
+
+
+
+
+
+
For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.
+
+
I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.
+
+
The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.
+
+
If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.
+
+
With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:
The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.
+
+
I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.
+
+
If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.
For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.
+
+
I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.
+
+
The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.
+
+
If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.
+
+
With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:
The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.
+
+
I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.
+
+
If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.
For those of us caring about document exchange and
-interoperability, OfficeShots
-is a great service. It is to ODF documents what
-BrowserShots is for web
-pages.
-
-
A while back, I was contacted by Knut Yrvin at the part of Nokia
-that used to be Trolltech, who wanted to help the OfficeShots project
-and wondered if the University of Oslo where I work would be
-interested in supporting the project. I helped him to navigate his
-request to the right people at work, and his request was answered with
-a spot in the machine room with power and network connected, and Knut
-arranged funding for a machine to fill the spot. The machine is
-administrated by the OfficeShots people, so I do not have daily
-contact with its progress, and thus from time to time check back to
-see how the project is doing.
-
-
Today I had a look, and was happy to see that the Dell box in our
-machine room now is the host for several virtual machines running as
-OfficeShots factories, and the project is able to render ODF documents
-in 17 different document processing implementation on Linux and
-Windows. This is great.
diff --git a/blog/index.rss b/blog/index.rss
index 961899c3d6..bcb8a035c6 100644
--- a/blog/index.rss
+++ b/blog/index.rss
@@ -6,6 +6,72 @@
http://people.skolelinux.org/pere/blog/
+
+ Combining PowerDNS and ISC DHCP LDAP objects
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ Wed, 14 Jul 2010 23:45:00 +0200
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
Idea for storing LTSP configuration in LDAP
http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html
@@ -625,36 +691,5 @@ håndheves strengt.</p>
-
- Officeshots taking shape
- http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html
- http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html
- Sun, 13 Jun 2010 11:40:00 +0200
-
-<p>For those of us caring about document exchange and
-interoperability, <a href="http://www.officeshots.org/">OfficeShots</a>
-is a great service. It is to ODF documents what
-<a href="http://browsershots.org/">BrowserShots</a> is for web
-pages.</p>
-
-<p>A while back, I was contacted by Knut Yrvin at the part of Nokia
-that used to be Trolltech, who wanted to help the OfficeShots project
-and wondered if the University of Oslo where I work would be
-interested in supporting the project. I helped him to navigate his
-request to the right people at work, and his request was answered with
-a spot in the machine room with power and network connected, and Knut
-arranged funding for a machine to fill the spot. The machine is
-administrated by the OfficeShots people, so I do not have daily
-contact with its progress, and thus from time to time check back to
-see how the project is doing.</p>
-
-<p>Today I had a look, and was happy to see that the Dell box in our
-machine room now is the host for several virtual machines running as
-OfficeShots factories, and the project is able to render ODF documents
-in 17 different document processing implementation on Linux and
-Windows. This is great.</p>
-
-
-
diff --git a/blog/jXplorer__a_very_nice_LDAP_GUI.html b/blog/jXplorer__a_very_nice_LDAP_GUI.html
index 25f0d65177..6c50eba0d8 100644
--- a/blog/jXplorer__a_very_nice_LDAP_GUI.html
+++ b/blog/jXplorer__a_very_nice_LDAP_GUI.html
@@ -65,7 +65,7 @@ and remove the failing query. Nothing big, but very annoying.
diff --git a/blog/tags/debian edu/debian edu.rss b/blog/tags/debian edu/debian edu.rss
index b5c7dc040e..fb211e7fc4 100644
--- a/blog/tags/debian edu/debian edu.rss
+++ b/blog/tags/debian edu/debian edu.rss
@@ -1772,6 +1772,72 @@ there to not show up in ltsp-config, but if that is the case I am sure
the code can be restructured to make sure the variables are passed on.
I expect that can be solved with some testing. :)</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
+
+ Combining PowerDNS and ISC DHCP LDAP objects
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ Wed, 14 Jul 2010 23:45:00 +0200
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>
diff --git a/blog/tags/debian edu/index.html b/blog/tags/debian edu/index.html
index 3a1fd0edf6..9214a83818 100644
--- a/blog/tags/debian edu/index.html
+++ b/blog/tags/debian edu/index.html
@@ -2202,6 +2202,85 @@ please contact us on debian-edu@lists.debian.org.
+ Tags: debian, debian edu, english, ldap, nuug.
+
+
For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.
+
+
I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.
+
+
The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.
+
+
If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.
+
+
With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:
The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.
+
+
I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.
+
+
If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.
diff --git a/blog/tags/debian/debian.rss b/blog/tags/debian/debian.rss
index a5f50ba557..e8cb53e864 100644
--- a/blog/tags/debian/debian.rss
+++ b/blog/tags/debian/debian.rss
@@ -1464,6 +1464,72 @@ there to not show up in ltsp-config, but if that is the case I am sure
the code can be restructured to make sure the variables are passed on.
I expect that can be solved with some testing. :)</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
+
+ Combining PowerDNS and ISC DHCP LDAP objects
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ Wed, 14 Jul 2010 23:45:00 +0200
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>
diff --git a/blog/tags/debian/index.html b/blog/tags/debian/index.html
index 292dd4715a..a694247c57 100644
--- a/blog/tags/debian/index.html
+++ b/blog/tags/debian/index.html
@@ -1894,6 +1894,85 @@ please contact us on debian-edu@lists.debian.org.
+ Tags: debian, debian edu, english, ldap, nuug.
+
+
For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.
+
+
I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.
+
+
The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.
+
+
If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.
+
+
With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:
The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.
+
+
I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.
+
+
If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.
diff --git a/blog/tags/english/english.rss b/blog/tags/english/english.rss
index e8bb6954c0..8687fc630d 100644
--- a/blog/tags/english/english.rss
+++ b/blog/tags/english/english.rss
@@ -2404,6 +2404,72 @@ there to not show up in ltsp-config, but if that is the case I am sure
the code can be restructured to make sure the variables are passed on.
I expect that can be solved with some testing. :)</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
+
+ Combining PowerDNS and ISC DHCP LDAP objects
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ Wed, 14 Jul 2010 23:45:00 +0200
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>
diff --git a/blog/tags/english/index.html b/blog/tags/english/index.html
index e86b40666d..0532b69065 100644
--- a/blog/tags/english/index.html
+++ b/blog/tags/english/index.html
@@ -3003,6 +3003,85 @@ please contact us on debian-edu@lists.debian.org.
+ Tags: debian, debian edu, english, ldap, nuug.
+
+
For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.
+
+
I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.
+
+
The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.
+
+
If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.
+
+
With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:
The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.
+
+
I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.
+
+
If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.
diff --git a/blog/tags/fiksgatami/index.html b/blog/tags/fiksgatami/index.html
index daba082722..e1c21fab8f 100644
--- a/blog/tags/fiksgatami/index.html
+++ b/blog/tags/fiksgatami/index.html
@@ -86,7 +86,7 @@ med dem. Dette blir bra.
For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.
+
+
I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.
+
+
The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.
+
+
If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.
+
+
With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:
The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.
+
+
I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.
+
+
If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.
diff --git a/blog/tags/ldap/ldap.rss b/blog/tags/ldap/ldap.rss
index 1a0be32c57..d48a096d1c 100644
--- a/blog/tags/ldap/ldap.rss
+++ b/blog/tags/ldap/ldap.rss
@@ -438,6 +438,72 @@ there to not show up in ltsp-config, but if that is the case I am sure
the code can be restructured to make sure the variables are passed on.
I expect that can be solved with some testing. :)</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
+
+ Combining PowerDNS and ISC DHCP LDAP objects
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ Wed, 14 Jul 2010 23:45:00 +0200
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>
diff --git a/blog/tags/lenker/index.html b/blog/tags/lenker/index.html
index 64a7601530..14f71c32b9 100644
--- a/blog/tags/lenker/index.html
+++ b/blog/tags/lenker/index.html
@@ -86,7 +86,7 @@ Word 2007 håndterer ODF dårlig
For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.
+
+
I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.
+
+
The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.
+
+
If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.
+
+
With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:
The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.
+
+
I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.
+
+
If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.
diff --git a/blog/tags/nuug/nuug.rss b/blog/tags/nuug/nuug.rss
index ff0ecc7c6c..03f27a294a 100644
--- a/blog/tags/nuug/nuug.rss
+++ b/blog/tags/nuug/nuug.rss
@@ -3539,6 +3539,72 @@ there to not show up in ltsp-config, but if that is the case I am sure
the code can be restructured to make sure the variables are passed on.
I expect that can be solved with some testing. :)</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+
+
+
+ Combining PowerDNS and ISC DHCP LDAP objects
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
+ Wed, 14 Jul 2010 23:45:00 +0200
+
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>
diff --git a/blog/tags/opphavsrett/index.html b/blog/tags/opphavsrett/index.html
index 3708cde698..ef134df639 100644
--- a/blog/tags/opphavsrett/index.html
+++ b/blog/tags/opphavsrett/index.html
@@ -730,7 +730,7 @@ anstrenge oss for å beholde.
diff --git a/blog/tags/reprap/index.html b/blog/tags/reprap/index.html
index 7675480b19..8629933b08 100644
--- a/blog/tags/reprap/index.html
+++ b/blog/tags/reprap/index.html
@@ -523,7 +523,7 @@ kommer til å bruke denne plasttypen som håndterer temperaturer mellom
diff --git a/blog/tags/video/index.html b/blog/tags/video/index.html
index 3674698dfe..11f524322b 100644
--- a/blog/tags/video/index.html
+++ b/blog/tags/video/index.html
@@ -534,7 +534,7 @@ meg, Tollef og alle andre de som deltok på møtet på TV.
diff --git a/blog/tags/vitenskap/index.html b/blog/tags/vitenskap/index.html
index f4ade3de5f..218ea44ac1 100644
--- a/blog/tags/vitenskap/index.html
+++ b/blog/tags/vitenskap/index.html
@@ -136,7 +136,7 @@ skyskrapere. Takke meg til en tur til månen.