Wiki Navigation

LDAP

How Devices Are Defined

The heart of LanWarden is based around the 'lanwardenHost' LDAP objectClass which is as follows:

objectclass ( 1.3.6.1.4.1.26371.32768.2.10
        NAME 'lanwardenHost'
        SUP ( device $ dhcpHost ) STRUCTURAL
        MUST ( owner $ ou $ o $ l $
                dhcpHWAddress $
                lanwardenHostAuthenticateMethod $
                lanwardenHostRegisteredTime $
                lanwardenHostRegisteredTC $
                lanwardenHostState )
        MAY ( serialNumber $ description $
                dhcpStatements $
                userCertificate $
                lanwardenHostNotes $
                lanwardenHostRegisteredBy ) )

From this we see a LanWarden host object can look like (only the attributes used by LanWarden are shown, you can use the other optional attributes from the object classes 'device' and 'dhcpHost'):

dn: cn=001122334455,ou=Hosts,ou=LanWarden,dc=example,dc=com
objectClass: top
objectClass: device
objectClass: dhcpHost
objectClass: lanwardenHost
cn: 00122334455

[r|m] owner: dn of user/group who is responsible for the device (typically single-value'd)
[r|m] ou: free text field
[r|m] o: free text field
[r|m] l: free text field
[o|m] serialNumber: free text field
[o|m] description: free text field

[r|s] dhcpHWAddress: ethernet <mac-address matching 'cn' but with ':' seperators>
[o|m] dhcpStatements: free text field that aheres to the DHCP configuration syntax

[r|s] lanwardenHostAuthenticateMethod: (mac|x509|none)
[r|s] lanwardenHostRegisteredTime: YYYYMMDDHHMMSSZ
[r|m] lanwardenHostRegisteredTC: list of keywords representing agreed terms and conditions
[r|s] lanwardenHostState: (enable|disable)

[o|m] lanwardenHostNotes: YYYYMMDDHHMMSSZ - type - free text field
[o|s] lanwardenHostRegisteredBy: if the machine was registered on the owner's behalf, dn of the registrar

[o|m] userCertificate: if 'x509' authentication, certificate is stored here, for reference only

All fields are human readable (and amendable) with the obvious exception of 'userCertificate'. The prepending of the 'o', 'r', 's' and 'm' indicate if the attribute is optional, required, single-valued or multi-valued respectively. All times are stored in GMT/UTC and returned by the Net::LanWarden module as so, it is up to the application to convert it to localtime.

There is no reason why you cannot manually add your own dhcpStatements and dhcpOption attributes too; they are preserved by the Net::LanWarden perl module.

How Network's Are Defined

The object class for network definitions in LanWarden are is:

objectclass ( 1.3.6.1.4.1.26371.32768.2.20
        NAME 'lanwardenNetwork'
        SUP top AUXILIARY
        MUST ( ou $ o )
        MAY description $ member )

An example is:

dn: cn=staff,ou=Networks,ou=LanWarden,dc=example,dc=com
objectClass: top
objectClass: dhcpService
objectClass: lanwardenNetwork
cn: staff
o: DEFAULT
ou: 1234
member: cn=user123,ou=People,dc=example,dc=com
member: cn=001122334455,ou=Hosts,ou=LanWarden,dc=example,dc=com

[r|s] o: VLAN domain of network (like a VTP domain) - unused
[r|s] ou: VLAN number ID of network
[o|m] description: just a possibly helpful description for the network 
[o|m] member: cn of user who is permitted in this network
[o|m] member: dn of workstation or user that is permitted in this network

Off this object class you branch off apprioate 'dhcpSharedNetwork', 'dhcpSubnet' and 'dhcpPool' classes for zones, subnets and pools respectively.

Download in other formats:

Plain Text