LDAP schema

Brendan Kearney bpk678 at gmail.com
Sat Dec 6 19:14:35 UTC 2014


On Sat, 2014-12-06 at 19:57 +0100, Michael Ströder wrote:
> Brendan,
> 
> Michael Ströder wrote:
> > Brendan Kearney wrote:
> >> i make no guarantees that the ldif will work for you.  see attached.
> > 
> > I had to add/rearrange some entries to make your example LDIF file work with
> > the complete tree structure (attached).
> 
> I have a question regarding semantics of 'dhcpSubclassesDN'.
> 
> In your LDIF example file there's the following attribute value:
> 
> dhcpsubclassesdn: ou=DHCP SubClasses,cn=DHCP Config,[..]
> 
> Obviously this points to a container entry (I had to add) and not to a entry
> of object class 'dhcpSubClass'.
> 
> Is that the right use?
> 
> For those of you using OpenLDAP you might want to check out and comment on the
> constraints attached below. I had to disable the constraint for
> 'dhcpServiceDN' because in the example LDIF file there are forward and
> backward references from/to 'dhcpService' and the 'dhcpServer' entries causing
> hen-and-egg (or egg-and-hen) problem.
> 
> Ciao, Michael.
> 
> --------------------------- OpenLDAP constraints ----------------------------
> constraint_attribute
>   dhcpHWAddress
>   regex "^(ethernet|token-ring|fddi) ([0-9a-f]{2}\:){5}[0-9a-f]{2}$"
> 
> constraint_attribute
>   dhcpPrimaryDN,dhcpSecondaryDN,dhcpFailOverPeerDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpServer)"
> 
> constraint_attribute
>   dhcpOptionsDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpOptions)"
> 
> constraint_attribute
>   dhcpHostDN,dhcpReservedForClient,dhcpAssignedToClient
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpHost)"
> 
> constraint_attribute
>   dhcpPoolDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpPool)"
> 
> constraint_attribute
>   dhcpGroupDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpGroup)"
> 
> constraint_attribute
>   dhcpSubnetDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpSubnet)"
> 
> constraint_attribute
>   dhcpLeaseDN,dhcpLeasesDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpLeases)"
> 
> constraint_attribute
>   dhcpClassesDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpClass)"
> 
> constraint_attribute
>   dhcpSubclassesDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpSubclass)"
> 
> constraint_attribute
>   dhcpSharedNetworkDN
>   uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpSharedNetwork)"
> 
> #constraint_attribute
> #  dhcpServiceDN
> #  uri "ldap:///dc=stroeder,dc=de?entryDN?sub?(objectClass=dhcpService)"
> 
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

it has been a while since i dug into this, and my testing was never
completed in this particular area.

i configured the cn=proxied-clients object to point to the individual
SubClass objects:

dn: cn=proxied-clients,ou=DHCP Classes,cn=DHCP
Config,ou=Daemons,dc=domain,dc=tld
cn: proxied-clients
...
dhcpsubclassesdn: cn=1:11:22:33:44:55:66,ou=DHCP SubClasses,cn=DHCP
Config,ou=Daemons,dc=domain,dc=tld
dhcpsubclassesdn: cn=1:22:33:44:55:66:77,ou=DHCP SubClasses,cn=DHCP 
Config,ou=Daemons,dc=domain,dc=tld
...

i also configured the cn=unproxied-clients object to point to the parent
OU of the SubClass objects:

dn: cn=unproxied-clients,ou=DHCP Classes,cn=DHCP
Config,ou=Daemons,dc=domain,dc=tld
cn: unproxied-clients
...
dhcpsubclassesdn: ou=DHCP SubClasses,cn=DHCP
Config,ou=Daemons,dc=domain,dc=tld
...

i wanted to see if i could enumerate by group (and see if the search was
Base, One or Sub), and not have to point to each and every SubClass
object in the Classes OU.

you have simply found where i left off in my testing.



More information about the dhcp-users mailing list