Date: Sun, 04 Jul 1999 14:29:31 -0700 From: Amancio Hasty <hasty@rah.star-gate.com> To: mtaylor@cybernet.com Cc: freebsd-current@FreeBSD.ORG Subject: Re: LDAPed FreeBSD Message-ID: <199907042129.OAA19892@rah.star-gate.com> In-Reply-To: Your message of "Sun, 04 Jul 1999 17:16:56 EDT." <XFMail.990704171656.mtaylor@cybernet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, I am trying to configure my entire system using LDAP as a backend. If there any bugs in the ldap server I will probably fix them or better yet the people working on openldap will fix them. I know about the issues that you are describing which is why I am targetting one daemon dhcpd and hopefully I will solve them. cross-validation of data should be easy to implement for instance I can locate all the ip assigned addresses: /usr/local/openldap/bin/ldapsearch "objectclass=DHCPRange" DHCPRange=star-gate.com, o=star-gate.com, c=us objectclass=top objectclass=DHCPRange startipaddress=172.16.0.2 endipaddress=172.16.0.255 scopetype=DHCP Record locking and batch requests is a bit more difficult to solve perhaps someone in the list can shed light into this problem for instance does LDAPv3 provide such mechanism? Tnks! > > Are you trying to configure your entire system using LDAP as the database > backend, or are you trying to serve current system info? > > If you are trying *configure* the system using LDAP as a database, then > good luck. Our company, Cybernet Systems, has spent over ten man-years > developing a HTML-based front-end for just such a purpose. When we (I) > first started this project (NetMAX, http://www.netmax.com/), we evaluated > LDAP as a backend. I found it too buggy (at the time) for our purposes. > Does it implement record locking on read/write? Does it allow you to > "batch" your changes? Does it provide for server start/restart when > appropriate? Can you do cross-validation of data, for example, can you > make sure that you give the DHCP server an IP address that is not already > taken, or make sure that it is in one of your subnets? > > There are lots and lots (gobs!) of these kinds of checks that need to > be done for a "complete" system configuration service. > If it doesn't daemon restarts, batch-mode changes, and system checking/cross- > validation, then you'll probably end up with something similar to > webmin (http://www.webmin.com/). > > > <PLUG> > You could easily spend years making a complete interface to setup your > server, or you could purchase the NetMAX software (about $500, see > http://www.netmax.com/). A FreeBSD 3.2 version is in-the-works (a > 2.2.7-system/2.2.8-kernel is currently available). Also, a Linux version > (based on RedHat 5.2 with a 2.0.37 kernel) is currently in beta (the > distributed beta is a 2.0.36 kernel, though). > </PLUG> > > > > -Mark Taylor > NetMAX Developer > mtaylor@cybernet.com > http://www.netmax.com/ > > > > On 04-Jul-99 Amancio Hasty wrote: > > > > I am playing around with configuring the system and providing a CLI , > > programmatic interface and a html interface . > > > > > > Floating in my mind is to present a uniform configuration repository similar > > to windows registery however the information repository is implemented > > with LDAP. See http://www.openldap.org for info on LDAP. > > > > The tough part is creating the LDAP schemas for the various daemons > > or services. > > > > Got lucky and found an IETF draft : > > > > An LDAP Schema for Dynamic Host Configuration Protocol Service > > http://www.ietf.org/internet-drafts/draft-gu-dhcp-ldap-schema-00.txt > > > > I am using the above draft to explore configuring dhcpd. My first cut at > > configuring dhcpd via LDAP is to extract all the configuration information > > from the LDAP server and writing the information to dhcpd's configuration > > file and then have dhcpd parse the configuration file. This approach > > minimizes the changes to dhcpd and provides persistent configuration > > information for dhcpd. > > > > The start of my html interface is at: > > > > http://www.star-gate.com/dhcpd.html > > > > Thats just a dummy front end . The real interface is being implemented as a > > servlet > > and will provide a more rich presentation --- help files , How To, etc... > > > > The CLI interface can be as easy as using the existing ldap shell tools. > > > > The programmatic interface is simply the LDAP C and Java interface available > > from : http://www.mozilla.org/directory > > > > So far I have a simple ldap schema based upon the IETF draft which I can > > manage from my servlet and query from dhcpd. > > > > > > What do you guys think? > > > > > > -- > > > > Amancio Hasty > > ahasty@mindspring.com > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-current" in the body of the message > -- Amancio Hasty ahasty@mindspring.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907042129.OAA19892>