I very much welcome clues on how to do this properly for Debian Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit.

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

Tags: debian, debian edu, english, ldap, nuug.

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

diff --git a/blog/index.html b/blog/index.html index 56f54685ab..5fcd71a758 100644 --- a/blog/index.html +++ b/blog/index.html @@ -62,6 +62,9 @@ available today from IETF.

I very much welcome clues on how to do this properly for Debian Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit.

+ +

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

diff --git a/blog/index.rss b/blog/index.rss index 92983f7a04..2bc4be5a5f 100644 --- a/blog/index.rss +++ b/blog/index.rss @@ -51,6 +51,9 @@ available today from IETF. I very much welcome clues on how to do this properly for Debian Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit. + +If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org. diff --git a/blog/tags/debian edu/debian edu.rss b/blog/tags/debian edu/debian edu.rss index 91127cd2d1..04987c6a10 100644 --- a/blog/tags/debian edu/debian edu.rss +++ b/blog/tags/debian edu/debian edu.rss @@ -1325,6 +1325,9 @@ available today from IETF. I very much welcome clues on how to do this properly for Debian Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit. + +If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org. diff --git a/blog/tags/debian edu/index.html b/blog/tags/debian edu/index.html index 8704a29749..d4cff56b26 100644 --- a/blog/tags/debian edu/index.html +++ b/blog/tags/debian edu/index.html @@ -1683,6 +1683,9 @@ available today from IETF.

Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit.

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

diff --git a/blog/tags/debian/debian.rss b/blog/tags/debian/debian.rss index 72542b3df3..59b924faf2 100644 --- a/blog/tags/debian/debian.rss +++ b/blog/tags/debian/debian.rss @@ -1224,6 +1224,9 @@ available today from IETF. I very much welcome clues on how to do this properly for Debian Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit. + +If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org. diff --git a/blog/tags/debian/index.html b/blog/tags/debian/index.html index fb450adbde..ca4dc5fed9 100644 --- a/blog/tags/debian/index.html +++ b/blog/tags/debian/index.html @@ -1595,6 +1595,9 @@ available today from IETF.

Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit.

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

diff --git a/blog/tags/english/english.rss b/blog/tags/english/english.rss index 1183baede9..e1e98f4af2 100644 --- a/blog/tags/english/english.rss +++ b/blog/tags/english/english.rss @@ -1957,6 +1957,9 @@ available today from IETF. I very much welcome clues on how to do this properly for Debian Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit. + +If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org. diff --git a/blog/tags/english/index.html b/blog/tags/english/index.html index 69cd3ba554..44c3cb4126 100644 --- a/blog/tags/english/index.html +++ b/blog/tags/english/index.html @@ -2484,6 +2484,9 @@ available today from IETF.

Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit.

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

diff --git a/blog/tags/ldap/index.html b/blog/tags/ldap/index.html new file mode 100644 index 0000000000..bce537ab9c --- /dev/null +++ b/blog/tags/ldap/index.html @@ -0,0 +1,272 @@ + + + + Petter Reinholdtsen: Entries Tagged ldap + + + + + +

+ Petter Reinholdtsen + +

+ +

Entries tagged "ldap".

+ + + + +

+ Time for new LDAP schemas replacing RFC 2307? +

+ 2009-03-29 20:30 +

+ +

The state of standardized LDAP schemas on Linux is far from +optimal. There is RFC 2307 documenting one way to store NIS maps in +LDAP, and a modified version of this normally called RFC 2307bis, with +some modifications to be compatible with Active Directory. The RFC +specification handle the content of a lot of system databases, but do +not handle DNS zones and DHCP configuration.

+ +

In Debian Edu/Skolelinux, +we would like to store information about users, SMB clients/hosts, +filegroups, netgroups (users and hosts), DHCP and DNS configuration, +and LTSP configuration in LDAP. These objects have a lot in common, +but with the current LDAP schemas it is not possible to have one +object per entity. For example, one need to have at least three LDAP +objects for a given computer, one with the SMB related stuff, one with +DNS information and another with DHCP information. The schemas +provided for DNS and DHCP are impossible to combine into one LDAP +object. In addition, it is impossible to implement quick queries for +netgroup membership, because of the way NIS triples are implemented. +It just do not scale. I believe it is time for a few RFC +specifications to cleam up this mess.

+ +

I would like to have one LDAP object representing each computer in +the network, and this object can then keep the SMB (ie host key), DHCP +(mac address/name) and DNS (name/IP address) settings in one place. +It need to be efficently stored to make sure it scale well.

+ +

I would also like to have a quick way to map from a user or +computer and to the net group this user or computer is a member.

+ +

Active Directory have done a better job than unix heads like myself +in this regard, and the unix side need to catch up. Time to start a +new IETF work group?

+ +

+ + + + Tags: debian, debian edu, english, ldap, nuug. + +

+ +

+ Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object +

+ 2010-06-24 00:35 +

+ +

A while back, I +complained +about the fact that it is not possible with the provided schemas +for storing DNS and DHCP information in LDAP to combine the two sets +of information into one LDAP object representing a computer.

+ +

In the mean time, I discovered that a simple fix would be to make +the dhcpHost object class auxiliary, to allow it to be combined with +the dNSDomain object class, and thus forming one object for one +computer when storing both DHCP and DNS information in LDAP.

+ +

If I understand this correctly, it is not safe to do this change +without also changing the assigned number for the object class, and I +do not know enough about LDAP schema design to do that properly for +Debian Edu.

+ +

Anyway, for future reference, this is how I believe we could change +the +DHCP +schema to solve at least part of the problem with the LDAP schemas +available today from IETF.

+ +

+--- dhcp.schema    (revision 65192)
++++ dhcp.schema    (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+        NAME 'dhcpHost'
+        DESC 'This represents information about a particular client'
+-       SUP top
++       SUP top AUXILIARY
+        MUST cn
+        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+

+ +

I very much welcome clues on how to do this properly for Debian +Edu/Squeeze. We provide the DHCP schema in our debian-edu-config +package, and should thus be free to rewrite it as we see fit.

+ +

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

+ +

+ + + + Tags: debian, debian edu, english, ldap, nuug. + +

+ +

+ + + + + + + diff --git a/blog/tags/ldap/ldap.rss b/blog/tags/ldap/ldap.rss new file mode 100644 index 0000000000..bf8879529d --- /dev/null +++ b/blog/tags/ldap/ldap.rss @@ -0,0 +1,102 @@ + + + + Petter Reinholdtsen - Entries tagged ldap + Entries tagged ldap + http://people.skolelinux.org/pere/blog/ + + + + Time for new LDAP schemas replacing RFC 2307? + http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html + http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html + Sun, 29 Mar 2009 20:30:00 +0200 + +The state of standardized LDAP schemas on Linux is far from +optimal. There is RFC 2307 documenting one way to store NIS maps in +LDAP, and a modified version of this normally called RFC 2307bis, with +some modifications to be compatible with Active Directory. The RFC +specification handle the content of a lot of system databases, but do +not handle DNS zones and DHCP configuration. + +In <a href="http://www.skolelinux.org/">Debian Edu/Skolelinux</a>, +we would like to store information about users, SMB clients/hosts, +filegroups, netgroups (users and hosts), DHCP and DNS configuration, +and LTSP configuration in LDAP. These objects have a lot in common, +but with the current LDAP schemas it is not possible to have one +object per entity. For example, one need to have at least three LDAP +objects for a given computer, one with the SMB related stuff, one with +DNS information and another with DHCP information. The schemas +provided for DNS and DHCP are impossible to combine into one LDAP +object. In addition, it is impossible to implement quick queries for +netgroup membership, because of the way NIS triples are implemented. +It just do not scale. I believe it is time for a few RFC +specifications to cleam up this mess. + +I would like to have one LDAP object representing each computer in +the network, and this object can then keep the SMB (ie host key), DHCP +(mac address/name) and DNS (name/IP address) settings in one place. +It need to be efficently stored to make sure it scale well. + +I would also like to have a quick way to map from a user or +computer and to the net group this user or computer is a member. + +Active Directory have done a better job than unix heads like myself +in this regard, and the unix side need to catch up. Time to start a +new IETF work group? + + + + + Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object + http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html + http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html + Thu, 24 Jun 2010 00:35:00 +0200 + +A while back, I +<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained +about the fact</a> that it is not possible with the provided schemas +for storing DNS and DHCP information in LDAP to combine the two sets +of information into one LDAP object representing a computer. + +In the mean time, I discovered that a simple fix would be to make +the dhcpHost object class auxiliary, to allow it to be combined with +the dNSDomain object class, and thus forming one object for one +computer when storing both DHCP and DNS information in LDAP. + +If I understand this correctly, it is not safe to do this change +without also changing the assigned number for the object class, and I +do not know enough about LDAP schema design to do that properly for +Debian Edu. + +Anyway, for future reference, this is how I believe we could change +the +<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP +schema</a> to solve at least part of the problem with the LDAP schemas +available today from IETF. + +<pre> +--- dhcp.schema (revision 65192) ++++ dhcp.schema (working copy) +@@ -376,7 +376,7 @@ + objectclass ( 2.16.840.1.113719.1.203.6.6 + NAME 'dhcpHost' + DESC 'This represents information about a particular client' +- SUP top ++ SUP top AUXILIARY + MUST cn + MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) + X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') ) +</pre> + +I very much welcome clues on how to do this properly for Debian +Edu/Squeeze. We provide the DHCP schema in our debian-edu-config +package, and should thus be free to rewrite it as we see fit. + +If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org. + + + + + diff --git a/blog/tags/nuug/index.html b/blog/tags/nuug/index.html index 3a21208eb0..e4f5d32d93 100644 --- a/blog/tags/nuug/index.html +++ b/blog/tags/nuug/index.html @@ -4214,6 +4214,9 @@ available today from IETF.

Edu/Squeeze. We provide the DHCP schema in our debian-edu-config package, and should thus be free to rewrite it as we see fit.

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

+ Petter Reinholdtsen + +

Archive

Tags