Network Working Group Andy Bennett
INTERNET-DRAFT Bernie Volz
Process Software
March 2000
Expires September 2000
DHCP Schema for LDAP
<draft-ietf-dhc-schema-02.txt>
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This document presents an LDAP schema to represent the configuration
of the DHCP protocol within a TCP/IP network. It can be used to
represent the configuration(s) of an entire enterprise network, a
subset of the network, or even a single server.
1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Bennett, et. al. Expires September 2000 [Page 1]
Internet Draft DHCP Schema for LDAP March 2000
In places where different sets of terminology are commonly used to
represent similar DHCP concepts, this schema uses the terminology of
the Internet Software Consortium's DHCP server reference implementa-
tion. For more information see www.isc.org.
2. Design Considerations
Some of the design considerations for this schema were:
o Heterogeneous server environment - This schema is not designed to
represent the configuration of a specific DHCP server implementa-
tion. The intent of this schema is to provide a basic framework
for the representation of the most common elements used in the con-
figuration of DHCP. This should allow other network services to
obtain and use basic DHCP configuration information in a server-
independent way. Also note that it is highly unlikely that this
schema will be able to represent every feature of every implementa-
tion (and it is not intended to do so). It is expected that some
implementations may need to extend the schema objects in order to
fully implement all their features.
o Use of the schema - This draft does not define any "minimal compli-
ance criteria" for using the schema. It is recommended that you
use the object classes defined in this draft if you are represent-
ing DHCP configuration information in an LDAP directory. Some
implementations may choose not to support all of the objects
defined here. In particular, the following two decisions are
explicitly left up to the implementation:
- it is up to the implementation to determine whether or not the
lease information will be stored in the directory. Some imple-
mentations may choose not to store this information.
- it is up to the implementation to determine if the data in the
directory is considered "authoritative", or if it is simply a
copy of data from an authoritative source.
o The schema is focused on the representation of configuration infor-
mation. It does not provide for the representation of statistical
data, or historical lease data, only the current state of the DHC
protocol's configuration.
o The information in this schema will be used primarily by two types
of applications: DHCP servers (for loading their configuration)
and Management Interfaces (for defining/editing configurations).
The schema should must be efficient for the needs of both types of
applications.
Bennett, et. al. Expires September 2000 [Page 2]
Internet Draft DHCP Schema for LDAP March 2000
o The schema is designed to allow objects managed by DHCP (such as
computers, subnets, etc) to be present anywhere in a directory
hierarchy (to allow those objects to be placed in the directory for
managing administrative control and access to the objects). How-
ever, the schema also provides for the possibility that any given
object may have multiple sets of configuration parameters defined
for different servers.
o The schema uses a few naming conventions - all object classes and
attributes are prefixed with "dhcp" and there are no object classes
and attributes that have the same name. The schema also uses stan-
dard naming attributes ("cn", "ou", etc) for all objects. In some
cases it is recommended that the "cn" matches another attribute
value.
o Relationship to DEN/DMTF - This document takes into consideration
the object-oriented information model for representing Network
information (including DHCP information) currently under develop-
ment as part of the Common Information Model (CIM) activity in the
Distributed Management Task Force (DMTF). It should be noted that
the CIM schema is still under development and subject to change.
The DMTF efforts continue and draw upon the Directory-Enabled Net-
works (DEN) specification. The schema described in this Internet-
Draft is intended to be an LDAP implementation of the appropriate
objects in the DMTF model. The DMTF schema was used as a source
for defining certain terminology within this schema. For more
information see [DMTF] and [DEN]. Prior versions of this draft
included a mapping between the two schemas, but this has been
removed since the DMTF schema is still under development. When it
is complete a new draft may be published to document the mapping
between the schemas.
o Relationship to Policy Framework working group - Much of the infor-
mation in this schema could be represented using the generalized
schema being developed by the Policy Framework. However, there
were two issues that we felt would make this a very complex and
most likely inefficient representation: (1) the complexity of the
inheritance relationships between the dhcp policy objects defined
in this document and (2) the Policy Framework schema represents
each of the conditions and actions of a policy as separate objects.
However, it is still a fairly straightforward process to map the
objects from this schema into the Policy Framework Core Schema
objects. For more information see [POLICY].
3. Common Attributes
Although DHCP manages several different types of objects, the config-
uration of those objects is often very similar. Consequently, most
Bennett, et. al. Expires September 2000 [Page 3]
Internet Draft DHCP Schema for LDAP March 2000
of these objects have a common set of attributes.
The dhcpConfigurableObject class is an auxiliary class which can be
used to associate the basic set of configuration attributes with
another object. Since some directories do not provide auxiliary
classes we have also repeated these common attributes in the defini-
tion of each of the DHCP object class definitions.
An implementation of this schema is not required to provide this aux-
iliary object class, but it SHOULD provide it if auxiliary classes
are supported. This is useful for associating DHCP configuration
settings for objects that are not directly defined as part of this
schema.
3.1. dhcpConfigurableObject Object Class
NAME dhcpConfigurableObject
DESCRIPTION A class that provides attributes for configuring
options and server parameters for DHCP.
TYPE Auxiliary
DERIVED FROM Top
POSSIBLE SUPERIORS ( )
MUST CONTAIN ( )
MAY CONTAIN ( dhcpOptionSetting dhcpParameterSetting
dhcpFieldSetting dhcpForcedOptions
dhcpIncludeOptionSet )
3.2. Common Attribute Definitions
NAME dhcpOptionSetting
DESCRIPTION Encoded option values to be sent to clients. Each value
represents a single option and contains (OptionTag,
Length, OptionValue) encoded in the 16-bit format used
by DHCP. For more information see [DHCPOPT].
SYNTAX OctetString MULTI-VALUE
NAME dhcpParameterSetting
DESCRIPTION Encoded values of parameters that control server behav-
ior. Each value represents a single parameter setting
in the form (ParameterName, ParameterValue) where the
parameter name is a set of ASCII characters followed by
a space followed by the parameter value as a string.
SYNTAX IA5String MULTI-VALUE
Bennett, et. al. Expires September 2000 [Page 4]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpFieldSetting
DESCRIPTION Encoded settings of fields (such as siaddr, file) in the
DHCP message whose values may be configurable for send-
ing back to a client. For more information see
[RFC951]. Encoded in the form (FieldName, FieldValue)
where the field name is a set of ASCII characters fol-
lowed by a space followed by the field value as a
string.
SYNTAX IA5String MULTI-VALUE
NAME dhcpForcedOptions
DESCRIPTION This is a list of DHCP option tags that MUST be sent to
clients. If not specified, the server only sends the
options back to the client which were requested.
SYNTAX Integer MULTI-VALUE
NAME dhcpIncludeOptionSet
DESCRIPTION The distinguished name(s) of dhcpNamedOptionSet objects
whose settings should be included for this object. If
there are multiple option sets, the order is important
so each value is preceded by it's precedence, followed
by a colon as in "1:dn1", "2:dn2", etc. Settings
defined on the object take precedence over any settings
found in an included option set.
SYNTAX IA5String MULTI-VALUE
4. Configurations and Services
The DHC working group is currently considering several proposals for
failover and redundancy of DHCP servers. These may require the shar-
ing of configuration information between servers. This schema pro-
vides a generalized mechanism for supporting any of these proposals,
by separating the definition of a server from the definition of the
configuration being provided by the server.
By separating these two concepts, a configuration may be provided by
one or by several servers, and similarly, a server may provide one or
more configurations. The schema does allow for a server to be config-
ured as either a primary or secondary provider of a configuration.
Configurations are also defined so that one configuration can include
some of the objects that are defined in another configuration (see
"dhcpIncludeObjects" attribute). This allows for sharing and/or a
hierarchy of related configuration items.
Bennett, et. al. Expires September 2000 [Page 5]
Internet Draft DHCP Schema for LDAP March 2000
4.1. dhcpService Object Class
A "dhcpService" is a single instance of DHC server software running
on a computer system that provides the DHCP service defined by a
"dhcpConfiguration".
NAME dhcpService
DESCRIPTION This represents a single DHCP server.
TYPE Structural
DERIVED FROM Top
POSSIBLE SUPERIORS ( )
MUST CONTAIN ( cn )
MAY CONTAIN ( dhcpConfigurationDn dhcpImplementation )
4.1.1. dhcpService Attribute Definitions
NAME cn
DESCRIPTION The "common name" of the server. This does not have any
significance to the server process that provides the
DHCP service - it is simply a unique name used to refer
to the server. This attribute should be used as the
naming attribute when constructing the dn.
NAME dhcpConfigurationDn
DESCRIPTION The distinguished name(s) of the configurations provided
by the server.
SYNTAX DN MULTI-VALUE
NAME dhcpImplementation
DESCRIPTION This is a string value that identifies the hard-
ware/software platform and version which is providing
the service.
SYNTAX IA5String SINGLE-VALUE
4.2. dhcpConfiguration Object Class
A "dhcpConfiguration" is the collection of configuration information
that represents everything a server would need to know to provide DHC
service to some set of clients.
From the perspective of the schema, it is basically a collection of
objects. This object class is used to capture information common to
all the objects in a configuration. The algorithm used to locate all
the objects in a configuration is discussed later.
Bennett, et. al. Expires September 2000 [Page 6]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpConfiguration
DESCRIPTION This represents a configuration, or a collection
of settings for related objects. A single ser-
vice may have multiple configurations. A config-
uration may be provided by multiple services, but
only one can be primary.
TYPE Structural
DERIVED FROM Top
POSSIBLE SUPERIORS ( )
MUST CONTAIN ( cn )
MAY CONTAIN ( dhcpPrimaryService dhcpSecondaryService
dhcpIncludeObjects dhcpOptionSetting
dhcpParameterSetting dhcpFieldSetting
dhcpForcedOptions dhcpIncludeOptionSet )
4.2.1. dhcpConfiguration Attribute Definitions
NAME cn
DESCRIPTION The "common name" of the configuration. This should be
used as the naming attribute when constructing the dn.
NAME dhcpPrimaryService
DESCRIPTION The "dhcpService" which is the primary for the configu-
ration.
SYNTAX DN SINGLE-VALUE
NAME dhcpSecondaryService
DESCRIPTION The "dhcpService(s)" which provide backup for the con-
figuration.
SYNTAX DN MULTI-VALUE
NAME dhcpIncludeObjects
DESCRIPTION This attribute defines objects that are included in a
configuration. Each value is an LdapURL [RFC2255]
(specifying search criteria) that is evaluated to find
other objects that are included in this configuration.
Note that in addition to these objects, all objects that
are children of the configuration object in the direc-
tory are automatically included in the configuration.
SYNTAX IA5String MULTI-VALUE
5. Objects that represent Assignment Rules
Most of a DHCP configuration is the definition of rules that govern
the assignment of DHCP options and addresses to clients. This schema
defines a set of object classes which are common to most server
implementations for defining these rules. All of these object
classes are based on a higher level abstraction that represents a
Bennett, et. al. Expires September 2000 [Page 7]
Internet Draft DHCP Schema for LDAP March 2000
dhcp assignment rule.
This is done for several reasons: it simplifies the organization of
the data and it also facilitates the mapping of the dhcp schema to
other schemas being developed in other working groups (see [POLICY]
for example).
This schema separates the definition of an assignment rule for an
object from the object itself. This allows for the definition of
multiple rules for a single object (possibly in different dhcp con-
figurations). However, each assignment rule does maintain a link
back to the definition of the object (see the "dhcpSourceObject"
attribute).
The structure of a "source object" is not defined in this schema. It
can be any LDAP object, and it is not required to even exist. How-
ever, if it does exist that object can use the "dhcpConfigurableOb-
ject" auxiliary class to directly associate dhcp configuration infor-
mation with that object. If an object is defined in this way, this
information is used on every assignment rule that references the
object.
The assignment rule objects in the directory can be organized in a
hierarchical fashion. If objects are organized this way, the "child"
rule object inherits settings from the "parent" rule object. This
can be done recursively. Furthermore, the "child" rule object inher-
its any conditions from the "parent" rule as well. This means that
the "child" rule's settings will only be used when both sets of con-
ditions are met.
As an example, if a "dhcpClass" is a child of a "dhcpSubnet" then the
settings for that class will only be used if the client request is a
member of that class AND it is also from the specified subnet.
The algorithm for resolving which option settings are applied for a
policy object is defined in a later section.
5.1. dhcpRule Object Class
The "dhcpRule" class is an abstract class that defines attributes
that are common to the DHCP configuration objects that define these
rules.
This class is the base class from which others are derived. Also
note that it includes all the attributes from the dhcpConfigurableOb-
ject class.
Bennett, et. al. Expires September 2000 [Page 8]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpRule
DESCRIPTION The base class for defining rules for address and
option assignment.
TYPE Abstract
DERIVED FROM Top
POSSIBLE SUPERIORS ( )
MUST CONTAIN ( cn dhcpRuleType )
MAY CONTAIN ( dhcpVendorCondition dhcpSourceObject
dhcpOptionSetting dhcpParameterSetting
dhcpFieldSetting dhcpForcedOptions
dhcpIncludeOptionSet )
5.2. dhcpRule Attribute Definitions
NAME cn
DESCRIPTION The "common name" of the rule. This should be used as
the naming attribute when constructing the dn.
NAME dhcpRuleType
DESCRIPTION The type of assignment rule. This should be one of
'POOL', 'SUBNET', 'SHAREDNETWORK', 'CLIENT', 'CLASS'
unless the server implementation extends this with a new
type of rule.
SYNTAX IA5String SINGLE-VALUE
NAME dhcpVendorCondition
DESCRIPTION If the server extends the rule types, this attribute MAY
be used to specify the conditions under which the rule
should be applied. The content of this attribute is
defined by the vendor/server implementation.
SYNTAX IA5String MULTI-VALUE
NAME dhcpSourceObject
DESCRIPTION If the rule applies to an object that is defined else-
where in the directory, this attribute has the distin-
guished name of that object. The source object SHOULD
be a dhcpConfigurableObject. Also note that the source
object is used to determine option & parameter settings
(see the algorithm discussed later in this document).
SYNTAX DN SINGLE-VALUE
5.3. dhcpPool Object Class
A "dhcpPool" represents a rule for a collection of addresses speci-
fied by one or more ranges of addresses. If there are multiple
ranges specified, they do not need to be contiguous, and it is not
required that all the addresses be contained on the same IP subnet.
Bennett, et. al. Expires September 2000 [Page 9]
Internet Draft DHCP Schema for LDAP March 2000
The "dhcpRuleType" attribute MUST be set to 'POOL', and the "cn"
SHOULD be set to the value of the "dhcpPoolName" attribute".
NAME dhcpPool
DESCRIPTION This stores configuration information about one
(or more) ranges of addresses.
TYPE Structural
DERIVED FROM dhcpRule
POSSIBLE SUPERIORS ( OrganizationalUnit dhcpRule )
MUST CONTAIN ( cn dhcpPoolName dhcpAddressRange )
MAY CONTAIN ( )
5.3.1. dhcpPool Attribute Definitions
NAME dhcpPoolName
DESCRIPTION A descriptive name of the pool.
SYNTAX IA5String SINGLE-VALUE
NAME dhcpAddressRange
DESCRIPTION The starting & ending IP Addresses in the range (inclu-
sive), separated by a hyphen; if the range only contains
one address, then just the address can be specified with
no hyphen. Each range is defined as a separate value.
SYNTAX IA5String MULTI-VALUE
5.4. dhcpSubnet Object Class
A "dhcpSubnet" represents an assignment rule for an IP subnet.
The "dhcpRuleType" attribute MUST be set to 'SUBNET', and the "cn"
SHOULD be set to the value of the "dhcpSubnetName" attribute".
NAME dhcpSubnet
DESCRIPTION This class defines a subnet.
TYPE Structural
DERIVED FROM dhcpRule
POSSIBLE SUPERIORS ( OrganizationalUnit dhcpRule )
MUST CONTAIN ( cn dhcpSubnetAddress dhcpSubnetMaskLength
dhcpSubnetName )
MAY CONTAIN ( )
5.4.1. dhcpSubnet Attribute Definitions
NAME dhcpSubnetAddress
DESCRIPTION The network address for the subnet.
SYNTAX IA5String SINGLE-VALUE
Bennett, et. al. Expires September 2000 [Page 10]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpSubnetMaskLength
DESCRIPTION The subnet mask length for the subnet. The mask can be
easily computed from this length.
SYNTAX Integer SINGLE-VALUE
NAME dhcpSubnetName
DESCRIPTION A descriptive name of the subnet.
SYNTAX IA5String SINGLE-VALUE
5.5. dhcpSharedNetwork Object Class
A "dhcpSharedNetwork" represents an assignment rule for multiple sub-
nets on the same physical cabling.
The "dhcpRuleType" attribute MUST be set to 'SHAREDNETWORK', and the
"cn" SHOULD be set to the value of the "dhcpSharedNetworkName"
attribute".
NAME dhcpSharedNetwork
DESCRIPTION This represents multiple subnets on the same
physical cabling.
TYPE Structural
DERIVED FROM dhcpRule
POSSIBLE SUPERIORS ( OrganizationalUnit dhcpRule )
MUST CONTAIN ( cn dhcpSharedNetworkName )
MAY CONTAIN ( )
5.5.1. dhcpSharedNetwork Attribute Definitions
NAME dhcpSharedNetworkName
DESCRIPTION A descriptive name of the shared network.
SYNTAX IA5String SINGLE-VALUE
5.6. dhcpClient Object Class
The "dhcpClient" object class is used to store configuration informa-
tion related to a specific host.
The "dhcpRuleType" attribute MUST be set to 'CLIENT'.
NAME dhcpClient
DESCRIPTION This represents client-specific DHCP assignments.
TYPE Structural
DERIVED FROM dhcpRule
POSSIBLE SUPERIORS ( OrganizationalUnit dhcpRule )
MUST CONTAIN ( cn dhcpClientIdentifier )
MAY CONTAIN ( dhcpClassMember dhcpReservedAddress )
Bennett, et. al. Expires September 2000 [Page 11]
Internet Draft DHCP Schema for LDAP March 2000
5.6.1. dhcpClient Attribute Definitions
NAME dhcpClientIdentifier
DESCRIPTION A unique identifier for the client. This is encoded as
follows: the first two octets represent a type and sub-
type for the identifier. If the type field has a value
of 0, then the subtype is a dhcp option tag, and the
remainder of the octets are the value of that option to
use as an id (represented as it would be sent using the
DHCP protocol, including the bytes for the length). If
the type field has a value of 1, then the subtype octet
is the ARP hardware type (see [RFC2132]) and the remain-
der of the bytes are the hardware address. Server
implementations may choose to extend the set of types,
but these two MUST be recognized. Note that a client
can have more than one unique identifier specified - it
is left to the server implementation to decide if one or
all identifiers must be matched or which take precedence
over others.
SYNTAX OctetString MULTI-VALUE
NAME dhcpClassMember
DESCRIPTION This attribute indicates that the client is a member of
the specified class(es).
SYNTAX IA5String MULTI-VALUE
NAME dhcpReservedAddress
DESCRIPTION This attribute indicates the reserved (aka fixed)
address(es) for this client (if there are any). There
MAY be corresponding "dhcpAddress" objects created for
tracking this reservation.
SYNTAX IA5String MULTI-VALUE
5.7. dhcpClass Object Class
A "dhcpClass" represents information about a collection of clients.
The DHC protocol provides 2 mechanisms for managing this information
(User Class and Vendor Class). The schema also provides 2 additional
mechanisms for configuring groups of clients that are supported by
some servers. Clients may be explicitly added to a class by setting
the "dhcpClassMember" attribute in the "dhcpClient" object class.
Some servers also support forms of dynamic class membership beyond
the User Class and Vendor Class mechanisms - the "dhcpVendorCondi-
tion" attribute allows for the definition of dynamic classes.
The "dhcpRuleType" attribute MUST be set to 'CLASS', and the "cn"
SHOULD be set to the value of the "dhcpClassName" attribute".
Bennett, et. al. Expires September 2000 [Page 12]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpClass
DESCRIPTION Represents information about a collection of
related clients.
TYPE Structural
DERIVED FROM dhcpRule
POSSIBLE SUPERIORS ( OrganizationalUnit dhcpRule )
MUST CONTAIN ( cn dhcpClassName dhcpClassType)
MAY CONTAIN ( )
5.7.1. dhcpClass Attribute Definitions
NAME dhcpClassName
DESCRIPTION A descriptive name for the class.
SYNTAX IA5String SINGLE-VALUE
NAME dhcpClassType
DESCRIPTION This attribute indicates the type of the class. It
should be one of 'USERCLASS', 'VENDORCLASS', 'STATIC'
(the only members of the class are enumerated clients),
'DYNAMIC' (membership is determined by some vendor-spe-
cific conditions).
SYNTAX IA5String SINGLE-VALUE
6. Other Configuration objects
Many server implementations provide other objects that simplify the
configuration of the DHCP protocol. One example is the ability to
assign a name to a group of option settings and then to refer to the
entire group of settings by referencing the name. This is addressed
by the "dhcpNamedOptionSet" object class.
It is also fairly common for server implementations to allow users to
extend the default set of options with site specific option defini-
tions. This is addressed by the "dhcpDictionary" object class. This
object class is also used to define the implementation-specific
parameters (and their values) that can be specified in the "dhcpPa-
rameterSetting" attribute.
6.1. dhcpNamedOptionSet Object Class
A "dhcpNamedOptionSet" is an object class for associating a name with
a collection of option settings. The entire set of options can be
associated with a DHCP object by referring to the name. This allows
a common set of option settings to be re-used without repeating the
option settings on each configured object. To see how an option set
is referenced, see the "dhcpIncludeOptionSet" attribute.
Bennett, et. al. Expires September 2000 [Page 13]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpNamedOptionSet
DESCRIPTION This is a named collection of settings for
options and/or server parameters.
TYPE Structural
DERIVED FROM Top
POSSIBLE SUPERIORS ( OrganizationalUnit )
MUST CONTAIN ( cn )
MAY CONTAIN ( dhcpOptionSetting dhcpParameterSetting
dhcpFieldSetting dhcpForcedOptions
dhcpIncludeOptionSet )
6.1.1. dhcpDictionary Object Class
"dhcpDictionary" objects define the options and/or parameters that
can be set when configuring various DHCP entities.
NAME dhcpDictionary
DESCRIPTION This class defines an option or parameter that
can have a value.
TYPE Structural
DERIVED FROM Top
POSSIBLE SUPERIORS ( OrganizationalUnit )
MUST CONTAIN ( cn dhcpTag )
MAY CONTAIN ( dhcpDisplayName dhcpDataType dhcpDefault
dhcpMultiValued dhcpLegalValues
dhcpTypeRestriction dhcpImplementation )
6.2. dhcpDictionary Attribute Definitions
NAME cn
DESCRIPTION The "common name" of the option or parameter. This will
usually be the same as the "dhcpTag" attribute.
SYNTAX Integer SINGLE-VALUE
NAME dhcpTag
DESCRIPTION A unique value that identifies an option or parameter
and that is encoded in the values of the "dhcpOptionSet-
ting" and "dhcpParameterSetting" attributes. For
options this SHOULD be the numeric tag for the option
(stored as a string).
SYNTAX IA5String SINGLE-VALUE
NAME dhcpDisplayName
DESCRIPTION This is a string identifier for the option or parameter.
This is intended for display by a management tool or
GUI.
SYNTAX IA5String SINGLE-VALUE
Bennett, et. al. Expires September 2000 [Page 14]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpDataType
DESCRIPTION The data type for values of this option. One of the
following: 'INT8', 'INT16', 'INT32', 'UINT8', 'UINT16',
'UINT32' , 'ADDRESS', 'ADDRESS-MASK-PAIR', 'BOOLEAN',
'STRING', 'BINARY'. Other values may be specified if
the server implementation provides them.
SYNTAX IA5String SINGLE-VALUE
NAME dhcpDefault
DESCRIPTION Indicates the default value of a parameter or option
definition in a dictionary object. This is encoded as
it would be in the "dhcpOptionSetting" or "dhcpParame-
terSetting" attribute.
SYNTAX OctetString SINGLE-VALUE
NAME dhcpMultiValued
DESCRIPTION Indicates whether the parameter or option can have more
than one value.
SYNTAX Boolean SINGLE-VALUE
NAME dhcpLegalValues
DESCRIPTION The list of allowed values for the option or parameter.
Each "legal value" is stored as a separate value for the
attribute, and is encoded based on the "dhcpDataType"
attribute setting.
SYNTAX OctetString MULTI-VALUE
NAME dhcpTypeRestriction
DESCRIPTION This attribute is used to specify that the option or
parameter should only be used with specific types of
assignment rules. This is restricted to the same set of
values as the "dhcpRuleType" attribute. If not speci-
fied it is assumed that the definition applies to all
types.
SYNTAX IA5String MULTI-VALUE
NAME dhcpImplementation
DESCRIPTION This attribute is used to specify that the option or
parameter should only be used with specific server
implementations. If not specified it is assumed that
the definition applies to all implementations.
SYNTAX IA5String MULTI-VALUE
7. Tracking Addresses
The behavior of a DHCP server is influenced by two factors - it's
configuration and the current state of the addresses that have been
assigned to clients. This schema defined a set of objects for
Bennett, et. al. Expires September 2000 [Page 15]
Internet Draft DHCP Schema for LDAP March 2000
storing the configuration of the server, and the following object
class provides the ability to record how addresses are used.
7.1. dhcpAddress Object Class
This class represents an IP address. It may or may not be leaseable,
and the object may exist even though a lease is not currently active
for the associated IP address.
Note that this object class has some of the "Settings" attributes
that are defined for the "dhcpConfigurableObject", but they are not
used for configuration - only for tracking the settings that were
assigned to the client. It is not required that the server implemen-
tation record options that were offered to the client.
NAME dhcpAddress
DESCRIPTION This class represents an IP Address, which may or
may not have been leased.
TYPE Structural
DERIVED FROM Top
POSSIBLE SUPERIORS ( )
MUST CONTAIN ( cn dhcpAddressState )
MAY CONTAIN ( dhcpExpirationTime dhcpStartTimeOfState
dhcpLastTransactionTime dhcpBootpFlag
dhcpDomainName dhcpDnsStatus
dhcpRequestedHostName dhcpAssignedHostName
dhcpReservedForClient dhcpAssignedToClient
dhcpRelayAgentInfo dhcpOptionSetting
dhcpParameterSetting dhcpFieldSetting )
7.2. dhcpAddress Attribute Definitions
NAME cn
DESCRIPTION The IP address, as a string.
SYNTAX IA5String SINGLE-VALUE
Bennett, et. al. Expires September 2000 [Page 16]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpAddressState
DESCRIPTION This stores information about the current binding-status
of an address. For dynamic addresses managed by DHCP,
the values should be restricted to the states defined in
the safe-failover draft: 'FREE', 'ACTIVE', 'EXPIRED',
'RELEASED', 'RESET', 'ABANDONED', 'BACKUP'. For more
information on these states see [FAILOVR]. For other
addresses, it SHOULD be one of the following: 'UNKNOWN',
'RESERVED' (an address that is managed by DHCP that is
reserved for a specific client), 'RESERVED-ACTIVE' (same
as reserved, but address is currently in use),
'ASSIGNED' (assigned manually or by some other mecha-
nism), 'UNASSIGNED', 'NOTASSIGNABLE'.
SYNTAX IA5String SINGLE-VALUE
NAME dhcpExpirationTime
DESCRIPTION This is the time the current lease for an address
expires.
SYNTAX DateTime SINGLE-VALUE
NAME dhcpStartTimeOfState
DESCRIPTION This is the time of the last state change for a leased
address.
SYNTAX DateTime SINGLE-VALUE
NAME dhcpLastTransactionTime
DESCRIPTION This is the last time a valid DHCP packet was received
from the client.
SYNTAX DateTime SINGLE-VALUE
NAME dhcpBootpFlag
DESCRIPTION This indicates whether the address was assigned via
BOOTP
SYNTAX Boolean SINGLE-VALUE
NAME dhcpDomainName
DESCRIPTION This is the name of the domain sent to the client by the
server. It is essentially the same as the value for
DHCP option 15 sent to the client, and represents only
the domain - not the full FQDN. To obtain the full FQDN
assigned to the client you must prepend the "dhcpAs-
signedHostName" to this value with a ".".
SYNTAX IA5String SINGLE-VALUE
Bennett, et. al. Expires September 2000 [Page 17]
Internet Draft DHCP Schema for LDAP March 2000
NAME dhcpDnsStatus
DESCRIPTION This indicates the status of updating DNS resource
records on behalf of the client by the DHCP server for
this address. The value is a 16-bit bitmask that has
the same values as specified by the Failover-DDNS option
(see [FAILOVR]).
SYNTAX Integer SINGLE-VALUE
NAME dhcpRequestedHostName
DESCRIPTION This is the hostname that was requested by the client.
SYNTAX IA5String SINGLE-VALUE
NAME dhcpAssignedHostName
DESCRIPTION This is the actual hostname that was assigned to a
client. It may not be the name that was requested by the
client. The fully qualified domain name can be deter-
mined by appending the value of "dhcpDomainName" (with a
dot separator) to this name.
SYNTAX IA5String SINGLE-VALUE
NAME dhcpReservedForClient
DESCRIPTION The distinguished name of a "dhcpClient" that an address
is reserved for. This may not be the same as the "dhc-
pAssignedToClient" attribute if the address is being
reassigned but the current lease has not yet expired.
SYNTAX DN SINGLE-VALUE
NAME dhcpAssignedToClient
DESCRIPTION This is the distinguished name of a "dhcpClient" that an
address is currently assigned to. This only has a value
when the address is leased.
SYNTAX DN SINGLE-VALUE
NAME dhcpRelayAgentInfo
DESCRIPTION If the client request was received via a relay agent,
this contains information about the relay agent that was
available from the DHCP request. This is a hex-encoded
option value. For more information see [AGENT].
SYNTAX OctetString SINGLE-VALUE
8. Object Containment
These diagrams depict the containment hierarchy of the objects.
<Administrative-Container> can be any LDAP object.
Bennett, et. al. Expires September 2000 [Page 18]
Internet Draft DHCP Schema for LDAP March 2000
<Administrative-Container>
|
+---dhcpConfiguration
|
+--- ou = OptionDictionary
| |
| +---dhcpDictionary
|
+--- ou = ParameterDictionary
| |
| +---dhcpDictionary
|
+--- ou = NamedOptionSets
| |
| +---dhcpNamedOptionSet
|
+--- ou = Rules
| |
| +---dhcpRule
| |
| +---dhcpRule . . .
|
+--- ou = Addresses
|
+---dhcpAddress
<Administrative-Container>
|
+---dhcpService
9. Object Class Inheritance
The following diagram shows the inheritance hierarchy of the classes:
Bennett, et. al. Expires September 2000 [Page 19]
Internet Draft DHCP Schema for LDAP March 2000
Top
|
+---dhcpDictionary
|
+---dhcpService
|
+---dhcpConfiguration (aux: dhcpConfigurableObject)
|
+---dhcpNamedOptionSet (aux: dhcpConfigurableObject)
|
+---dhcpAddress (aux: dhcpConfigurableObject)
|
+---dhcpRule (aux: dhcpConfigurableObject)
|
+---dhcpClass
|
+---dhcpClient
|
+---dhcpPool
|
+---dhcpSharedNetwork
|
+---dhcpSubnet
10. Determining Assignment Rule settings
This section of the document defines the algorithm that should be
used for determining the settings for options and/or parameters for
an assignment rule. Most DHCP server implementations provide for
some degree of inheritance of options between configuration objects.
This algorithm is flexible enough to allow server implementations to
represent their existing behavior.
The option settings directly associated with a "dhcpRule" object MUST
take precedence over all other option settings. The rule also inher-
its options from the following objects (in order of precedence):
- options from one or more included "dhcpNamedOptionSet" objects, as
defined in the "dhcpIncludeOptionSet" attribute. If there is more
than one option set, the attribute values define the order in which
the option sets should be included.
- options from the "dhcpSourceObject" for the rule.
- options from "dhcpNamedOptionSet" objects associated with the
"dhcpSourceObject" for the rule.
- options from the "parent" rule (only if the object's parent in the
directory is also a "dhcpRule" object.
- options from "dhcpNamedOptionSet" objects associated with the "par-
ent" rule.
Bennett, et. al. Expires September 2000 [Page 20]
Internet Draft DHCP Schema for LDAP March 2000
- options from walking up the directory hierarchy inheriting from
ancestor rules until the "dhcpConfiguration" object is reached.
11. References
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997.
[RFC2132] Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
[DMTF] Distributed Management Task Force, "Common Information
Model (CIM) Specification", Version 2.0, Mar 1998.
[DEN] Strassner, J., "Directory-Enabled Networks, Information
Model and Base Schema", DEN Specification v3.0c, July 1998.
[MSDHCP] Gu, Y., Vyaghrapuri, R., "An LDAP Schema for Dynamic Host
Configuration Protocol Service", Internet Draft
<draft-gu-dhcp-ldap-schema-00.txt>, August 1998.
[NOVDHCP] Miller, T., Patel, A., Rao, P., "Lightweight Directory
Access Protocol (v3): Schema for Dynamic Host Configuration
Protocol (DHCP)", Internet Draft
<draft-miller-dhcp-ldap-schema-00.txt>, June 1998.
[FAILOVR] Droms, R., Rabil, G., Dooley, M., Kapur, A., Gonczi, S.,
Volz, B., "DHCP Failover Protocol", Internet Draft
<draft-ietf-dhc-failover-05.txt>, October 1999.
[AGENT] Patrick, M., "DHCP Relay Agent Information Option", Inter-
net Draft <draft-ietf-dhc-agent-options-09.txt>, March
2000.
[DHCPOPT] Carney, M., "New Option Review Guidelines and Additional
Option Namespace", Internet Draft
<draft-ietf-dhc-option_review_and_namespace-01.txt>, Octo-
ber 1999.
[POLICY] Strassner, J., Elleson, E., Moore, B., "Policy Framework
LDAP Core Schema", Internet Draft
<draft-ietf-policy-core-schema-06.txt>, November 1999.
[RFC2251] Wahl, M., Howes, T., Kille, S., "Lightweight Directory
Access Protocol (v3)", RFC 2251, December 1997.
[RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., "Lightweight
Directory Access Protocol (v3) Attribute Syntax Defini-
tions", RFC 2252, December 1997.
[RFC2255] Howes, T., Smith, M., "The LDAP URL Format", RFC 2255,
December 1997.
[RFC951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC
951, September 1985.
[RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Require-
ment Levels", RFC 2119, March 1997.
12. Acknowledgements
This document is closely aligned with the work being done in the
Distributed Management Task Force (DMTF) Networks working group.
Bennett, et. al. Expires September 2000 [Page 21]
Internet Draft DHCP Schema for LDAP March 2000
Design ideas included in this document are primarily based on dis-
cussions during two meetings with some members of the IETF DHC
Working Group and the DMTF Networks working group. The contribu-
tions of these individuals is gratefully acknowledged.
Special thanks to Andrea Westerinen, Lee Rafalow, Steve Gonczi,
Steve Chirokas, Kim Kinnear, Ellen Stokes, Tom Miller, Ye Gu,
Glenn Waters, Mike Carney, Ralph Droms, Greg Rabil, Ted Lemon and
Steve Bazyl for their contributions.
Thanks also to Ester Burwell, Andy Sudduth, Fred Hunter, Paul Rai-
son, Josh Littlefield, Peter Heitman, Neil Russell and Linda Scobo
for their participation in these meetings.
13. Author information
Andy Bennett
Bernie Volz
Process Software Corporation
959 Concord St.
Framingham, MA 01701
Phone: (508) 879-6994
Email: bennett@process.com
Email: volz@process.com
14. Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise
explain it or assist in its implementation may be prepared,
copied, published and distributed, in whole or in part, without
restriction of any kind, provided that the above copyright notice
and this paragraph are included on all such copies and derivative
works. However, this document itself may not be modified in any
way, such as by removing the copyright notice or references to the
Internet Society or other Internet organizations, except as needed
for the purpose of developing Internet standards in which case
the procedures for copyrights defined in the Internet Standards
process must be followed, or as required to translate it into lan-
guages other than English.
The limited permissions granted above are perpetual and will not
be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
Bennett, et. al. Expires September 2000 [Page 22]
Internet Draft DHCP Schema for LDAP March 2000
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Bennett, et. al. Expires September 2000 [Page 23]