blog/data/2010-07-14-ldap-dnsdhcp.txt

   1 Title: Combining PowerDNS and ISC DHCP LDAP objects
   2 Tags: english, debian, debian edu, nuug, ldap
   3 Date: 2010-07-14 23:45
   4
   5 <p>For a while now, I have wanted to find a way to change the DNS and
   6 DHCP services in Debian Edu to use the same LDAP objects for a given
   7 computer, to avoid the possibility of having a inconsistent state for
   8 a computer in LDAP (as in DHCP but no DNS entry or the other way
   9 around) and make it easier to add computers to LDAP.</p>
  10
  11 <p>I've looked at how powerdns and dhcpd is using LDAP, and using this
  12 information finally found a solution that seem to work.</p>
  13
  14 <p>The old setup required three LDAP objects for a given computer.
  15 One forward DNS entry, one reverse DNS entry and one DHCP entry.  If
  16 we switch powerdns to use its strict LDAP method (ldap-method=strict
  17 in pdns-debian-edu.conf), the forward and reverse DNS entries are
  18 merged into one while making it impossible to transfer the reverse map
  19 to a slave DNS server.</p>
  20
  21 <p>If we also replace the object class used to get the DNS related
  22 attributes to one allowing these attributes to be combined with the
  23 dhcphost object class, we can merge the DNS and DHCP entries into one.
  24 I've written such object class in the dnsdomainaux.schema file (need
  25 proper OIDs, but that is a minor issue), and tested the setup.  It
  26 seem to work.</p>
  27
  28 <p>With this test setup in place, we can get away with one LDAP object
  29 for both DNS and DHCP, and even the LTSP configuration I suggested in
  30 an earlier email.  The combined LDAP object will look something like
  31 this:</p>
  32
  33 <blockquote><pre>
  34   dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
  35   cn: hostname
  36   objectClass: dhcphost
  37   objectclass: domainrelatedobject
  38   objectclass: dnsdomainaux
  39   associateddomain: hostname.intern
  40   arecord: 10.11.12.13
  41   dhcphwaddress: ethernet 00:00:00:00:00:00
  42   dhcpstatements: fixed-address hostname
  43   ldapconfigsound: Y
  44 </pre></blockquote>
  45
  46 <p>The DNS server uses the associateddomain and arecord entries, while
  47 the DHCP server uses the dhcphwaddress and dhcpstatements entries
  48 before asking DNS to resolve the fixed-adddress.  LTSP will use
  49 dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
  50
  51 <p>I am not yet sure if I can get the DHCP server to look for its
  52 dhcphost in a different location, to allow us to put the objects
  53 outside the "DHCP Config" subtree, but hope to figure out a way to do
  54 that.  If I can't figure out a way to do that, we can still get rid of
  55 the hosts subtree and move all its content into the DHCP Config tree
  56 (which probably should be renamed to be more related to the new
  57 content.  I suspect cn=dnsdhcp,ou=services or something like that
  58 might be a good place to put it.</p>
  59
  60 <p>If you want to help out with implementing this for Debian Edu,
  61 please contact us on debian-edu@lists.debian.org.</p>