5679
Comment: Added information on the dhcp3-sever-ldap package recently built
|
5779
comparing new dchp3-server-ldap with Gosa's one
|
Deletions are marked like this. | Additions are marked like this. |
Line 15: | Line 15: |
* A patched version of the current Lenny dhcp3-server version is available at http://linex.educarex.es/dhcpd-ldap/ . The package includes a dhcpd.schema with its documentation | * A patched version of the current Lenny dhcp3-server version is available at http://linex.educarex.es/dhcpd-ldap/ . The package is called dhcp3-server-ldap, and has the same patch Gosa has but upgraded to this dhcpd version. It includes a dhcpd.schema with its documentation |
Migrating some of the main services configuration from plain text files to a LDAP backend.
(This is a skeleton to get some initial ideas and resources. Much work and decissions have to be done)
Configs that might be moved:
DCHPD
There are three possible aproaches:
Using a cron script that fetches information from LDAP and re-create dhcpd configs. There is [http://www1.ietf.org/mail-archive/web/dhcwg/current/msg05629.html some previous] art work. Not tested at all recently.
Using [https://oss.gonicus.de/labs/gosa/wiki/PluginInstallationDNS dhcp3-server-ldap], from the GOsa project. A dhcp3 patched server.
- Someone should review this package, and find out why it is not in the debian repositories yet.
- gosa Comes with it's own schema named dhcp.schema,
- Patching dhcpd3-server to be able to use LDAP as a backend:
A patched version of the current Lenny dhcp3-server version is available at http://linex.educarex.es/dhcpd-ldap/ . The package is called dhcp3-server-ldap, and has the same patch Gosa has but upgraded to this dhcpd version. It includes a dhcpd.schema with its documentation
[http://www.lunytune.net/isc-ldap.html ISC DHCPD ldap patch] has been upgraded and fixed to be used with this dhcpd version
Documentation on how to use it is available at http://skalyanasundaram.wordpress.com/dhcp/dhcp-with-ldap-support/
- A new dhcpd server able to work with LDAP instead of config files: not known application doing this at the moment
DNS
Alternatives: powerdns(pdns-backend-ldap) ldapdns ldap2dns [https://oss.gonicus.de/labs/gosa/wiki/PluginInstallationDNS ldap2zone]
Ldap2dns
a tool that generates zone files out of ldap data, contains it's own schema called dns.schema
Powerdns
The currently most advanced aproximation is using PowerDNS with a ldap backend. Packages are available in Debian to implement it.
powerdns's best advantage is that it uses ldap directly. That means that there is no need for cronjobs and scripts to convert ldap data into config files, before reloading services.
schema requirements. the standard cosine.schema (allready in our config) implements most dns requirements. The exception beeing PTR records that are needed for revers lookups. In order to support the PTR record, one must add the dnsdomain2.schema included in the pdns-backend-ldap package.
implementing powerdns
In order to test powerdns on your own installation you can follow these instructions.
- backup your bind configuration
tar -czvf /skole/backup/bind.tgz /etc/bind /var/cache/bind
- install the powerdns packages.
aptitude install pdns-backend-ldap pdns-doc pdns-recursor pdns-server
- Write the powerdns configuration
Add this as the file etc/powerdns/pdns.d/pdns-debian-edu.conf
# LDAP server configuration # Do not use a hostname here, unless you also add that name to the /etc/hosts file. ldap-host=10.0.2.2 ldap-method=tree ldap-basedn=ou=hosts,dc=skole,dc=skolelinux,dc=no #start the ldap backend on boot. launch=ldap #ACL that allow recursion from this server, and the network. allow-recursion=10.0.2.0/23, 127.0.0.1 #Only recurse if question cannot be answered locally lazy-recursion=yes #IP Addresses of recursive nameservers, eg your ISP's servers. This example uses the pdns-recursor running localy on a custom port. recursor=127.0.0.1:1553
- Configure pdns-recursor to run on a custom port.
Edit the file /etc/powerdns/recursor.conf and edit so it contains the line local-port=1553
- add a needed ldap schema to your openLDAP configuration.
- Add the line
include /etc/ldap/schema/dnsdomain2.schema
in the file /etc/ldap/slapd.conf under # Schema and objectClass definitions
- Add the line
- restart slapd
- create ldif files from bind configuration. Take notice that this creates a identical copy of your dns setting from your bind config. One of the reasons one might want to keep configurations in ldap is to reduce clutter, And only have the hosts one actualy needs, in the zone. I imagine that the new default zone file would be empty , except for the services aliases. And that the zone would be populated when one starts to add hosts in the admin tool.
zone2ldap --basedn=ou=hosts,dc=skole,dc=skolelinux,dc=no --layout=tree --zone-file=/etc/bind/debian-edu/db.intern --zone-name=intern > dns-intern.ldif
... FIXME: add more about migration ...
add the ldif's to the openldap server using ldapadd -c -Z -f your-ldif-file-here.ldif -x -D 'cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no' -W -h 10.0.2.2
- FIXME: You may (or may not) have to create the ou=hosts container first.
- restart the pdns-recursor, and verify it's running on port 1553.
- restart pdns
lts.conf
Fetching LTSP client config from ldap. allows for LTSP server clusters. There are some vague ideas and old implementations available:
[http://www.pcxperience.org/thinclientdevel.html%20 LTSP enhancements] : "Migration path from lts.conf to lts.conf and LDAP implemented. lts.conf is still required to indicate the LDAP info for the workstation. Once all items ([Default] and workstation specific) are in LDAP, then LDAP is the preferred location to gather configuration settings from."
[http://wiki.ltsp.org/twiki/bin/view/Ltsp/LDAP#LTSP_Configuration_info_lts_conf At the LTSP main site]
[http://people.redhat.com/alikins/ltsp/ldap/ An old Red Hat implementation.]
[http://sourceforge.net/mailarchive/forum.php?thread_name=2fl7j1025wb.fsf@saruman.uio.no&forum_name=ltsp-developer A thread on ltsp-developer mailing list]