idnits 2.17.1 draft-ietf-dhc-ldap-schema-00.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. == The page length should not exceed 58 lines per page, but there was 17 longer pages, the longest (page 2) being 60 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 18 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 2001) is 8350 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2131' is defined on line 761, but no explicit reference was found in the text == Unused Reference: 'RFC2132' is defined on line 764, but no explicit reference was found in the text == Unused Reference: 'MSDHCP' is defined on line 767, but no explicit reference was found in the text == Unused Reference: 'NOVDHCP' is defined on line 771, but no explicit reference was found in the text == Unused Reference: 'AGENT' is defined on line 782, but no explicit reference was found in the text == Unused Reference: 'POLICY' is defined on line 789, but no explicit reference was found in the text == Unused Reference: 'RFC2251' is defined on line 793, but no explicit reference was found in the text == Unused Reference: 'RFC2252' is defined on line 796, but no explicit reference was found in the text == Unused Reference: 'RFC2255' is defined on line 800, but no explicit reference was found in the text == Unused Reference: 'RFC951' is defined on line 803, but no explicit reference was found in the text == Unused Reference: 'RFC2119' is defined on line 806, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'MSDHCP' -- Possible downref: Non-RFC (?) normative reference: ref. 'NOVDHCP' -- Possible downref: Non-RFC (?) normative reference: ref. 'FAILOVR' -- Possible downref: Non-RFC (?) normative reference: ref. 'AGENT' -- Possible downref: Non-RFC (?) normative reference: ref. 'DHCPOPT' -- Possible downref: Non-RFC (?) normative reference: ref. 'POLICY' ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2252 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4523) ** Obsolete normative reference: RFC 2255 (Obsoleted by RFC 4510, RFC 4516) Summary: 12 errors (**), 0 flaws (~~), 14 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Meredith, 3 Internet Draft V. Nanjundaswamy, 4 Document: M. Hinckley 5 Category: Proposed Standard Novell Inc. 6 Expires: 15th December 2001 16th June 2001 8 LDAP Schema for DHCP 10 Status of this Memo 12 This document is an Internet-Draft and is in full conformance with all 13 provisions of Section 10 of RFC2026 [ ]. 15 Internet-Drafts are working documents of the Internet Engineering Task 16 Force (IETF), its areas, and its working groups. Note that other groups 17 may also distribute working documents as Internet-Drafts. Internet- 18 Drafts are draft documents valid for a maximum of six months and may be 19 updated, replaced, or obsolete by other documents at any time. It is 20 inappropriate to use Internet-Drafts as reference material or to cite 21 them other than as "work in progress." The list of current Internet- 22 Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The 23 list of Internet-Draft Shadow Directories can be accessed at 24 http://www.ietf.org/shadow.html. 26 1. Abstract 28 This document defines a schema for representing DHCP configuration in an 29 LDAP directory. It can be used to represent the DHCP Service 30 configuration(s) for an entire enterprise network, a subset of the 31 network, or even a single server. Representing DHCP configuration in an 32 LDAP directory enables centralized management of DHCP services offered 33 by one or more DHCP Servers within the enterprise. 35 2. Conventions used in this document 37 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 38 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 39 document are to be interpreted as described in RFC-2119 [ ]. 41 In places where different sets of terminology are commonly used to 42 represent similar DHCP concepts, this schema uses the terminology of the 43 Internet Software Consortium's DHCP server reference implementation. 44 For more information see www.isc.org. 46 3. Design Considerations 48 The DHCP LDAP schema is designed to be a simple multi-server schema. The 49 intent of this schema is to provide a basic framework for representing 50 the most common elements used in the configuration of DHCP Server. This 51 should allow other network services to obtain and use basic DHCP 52 configuration information in a server-independent but knowledgeable way. 54 It is expected that some implementations may need to extend the schema 55 objects, in order to implement all of their features or needs. It is 56 recommended that you use the schema defined in this draft to represent 57 DHCP configuration information in an LDAP directory. Conforming to a 58 standard schema improves interoperability between DHCP implementations 59 from different vendors. 61 Some implementations may choose not to support all of the objects 62 defined here. 64 Two decisions are explicitly left up to each implementation: 66 First, implementations may choose not to store the lease information in 67 the directory, so those objects would not be used. 69 Second, implementations may choose not to implement the auditing 70 information. 72 It is up to the implementation to determine if the data in the directory 73 is considered "authoritative", or if it is simply a copy of data from an 74 authoritative source. Validity of the information if used as a copy is 75 to be ensured by the implementation. 77 Primarily two types of applications will use the information in this 78 schema: 1. DHCP servers (for loading their configuration) 2. Management 79 Interfaces (for defining/editing configurations). 81 The schema should be efficient for the needs of both types of 82 applications. The schema is designed to allow objects managed by DHCP 83 (such as computers, subnets, etc) to be present anywhere in a directory 84 hierarchy (to allow those objects to be placed in the directory for 85 managing administrative control and access to the objects). 87 The schema uses a few naming conventions - all object classes and 88 attributes are prefixed with "dhcp" to decrease the chance that object 89 classes and attributes will have the same name. The schema also uses 90 standard naming attributes ("cn", "ou", etc) for all objects. 92 4. Common DHCP Configuration Attributes 94 Although DHCP manages several different types of objects, the 95 configuration of those objects is often similar. Consequently, most of 96 these objects have a common set of attributes, which are defined below. 98 4.1. Attributes Definitions 100 The schema definitions listed below are for readability. The LDIF 101 layout for this schema will follow in section 8. 103 Name: dhcpPrimaryDN Description: The Distinguished Name of the 104 dhcpServer object, which is the primary server for the configuration. 105 Syntax: DN Flags: SINGLE-VALUE 107 Named: dhcpSecondaryDN Description: The Distinguished Name(s) of the 108 dhcpServer object(s), which are secondary servers for the configuration. 109 Syntax: DN 111 Name: dhcpStatements Description: Flexible storage for representing any 112 specific data depending on the object to which it is attached. Examples 113 include conditional statements, Server parameters, etc. This also 114 serves as a 'catch-all' attribute that allows the standard to evolve 115 without needing to update the schema. Syntax: IA5String 117 Name: dhcpRange Description: The starting and ending IP Addresses in the 118 range (inclusive), separated by a hyphen; if the range only contains one 119 address, then just the address can be specified with no hyphen. Each 120 range is defined as a separate value. Syntax: IA5String 122 Name: dhcpPermitList Description: This attribute contains the permit 123 lists associated with a pool. Each permit list is defined as a separate 124 value. Syntax: IA5String 126 Name: dhcpNetMask Description: The subnet mask length for the subnet. 127 The mask can be easily computed from this length. Syntax: Integer 128 Flags: SINGLE-VALUE 130 Name: dhcpOption Description: Encoded option values to be sent to 131 clients. Each value represents a single option and contains (OptionTag, 132 Length, OptionData) encoded in the format used by DHCP. For more 133 information see [DHCPOPT]. Syntax: OctetString 135 Name: dhcpClassData Description: Encoded text string or list of bytes 136 expressed in hexadecimal, separated by colons. Clients match subclasses 137 based on matching the class data with the results of a 'match' or 'spawn 138 with' statement in the class name declarations. Syntax: IA5String 139 Flags: SINGLE-VALUE 141 Name: dhcpSubclassesDN Description: List of subclasses, these are the 142 actual DN of each subclass object. Syntax: DN 144 Name: dhcpClassesDN Description: List of classes, these are the actual 145 DN of each class object. Syntax: DN 146 Name: dhcpSubnetDN Description: List of subnets, these are the actual DN 147 of each subnet object. Syntax: DN 149 Name: dhcpPoolDN Description: List of pools, these are the actual DN of 150 each Pool object. Syntax: DN 152 Name: dhcpOptionsDN Description: List of options, these are the actual 153 DN of each Options object. Syntax: DN 155 Name: dhcpHostDN Description: List of hosts, these are the actual DN of 156 each host object. Syntax: DN 158 Name: dhcpSharedNetworkDN Description: List of shared networks, these 159 are the actual DN of each shared network object. Syntax: DN 161 Name: dhcpGroupDN Description: List of groups, these are the actual DN 162 of each Group object. Syntax: DN 164 Name: dhcpLeaseDN Description: Single Lease DN. A dhcpHost configuration 165 uses this attribute to identify a static IP address assignment. Syntax: 166 DN Flags: SINGLE-VALUE 168 Name: dhcpLeasesDN Description: List of leases, these are the actual DN 169 of each lease object. Syntax: DN 171 Name: dhcpServiceDN Description: The DN of dhcpService object(s)which 172 contain the configuration information. Each dhcpServer object has this 173 attribute identifying the DHCP configuration(s) that the server is 174 associated with. Syntax: DN 176 Name: dhcpHWAddress Description: The hardware address of the client 177 associated with a lease Syntax: OctetString Flags: SINGLE-VALUE 179 Name: dhcpVersion Description: This is the version identified for the 180 object that this attribute is part of. In case of the dhcpServer object, 181 this represents the DHCP software version. Syntax: IA5String Flags: 182 SINGLE-VALUE 184 Name: dhcpImplementation Description: DHCP Server implementation 185 description e.g. DHCP Vendor information. Syntax: IA5String Flags: 186 SINGLE-VALUE 188 Name: dhcpHashBucketAssignment Description: HashBucketAssignment bit map 189 for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 190 3074]. Syntax: Octet String Flags: SINGLE-VALUE 192 Name: dhcpDelayedServiceParameter Description: Delay in seconds 193 corresponding to Delayed Service Parameter configuration, as defined in 194 DHC Load Balancing Algorithm [RFC 3074]. Syntax: Integer Flags: SINGLE- 195 VALUE 197 Name: dhcpMaxClientLeadTime Description: Maximum Client Lead Time 198 configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR] 199 Syntax: Integer Flags: SINGLE-VALUE 201 Name: dhcpFailOverEndpointState Description: Server (Failover Endpoint) 202 state, as defined in DHCP Failover Protocol [FAILOVR] Syntax: IA5String 203 Flags: SINGLE-VALUE 205 5. Configurations and Services 207 The schema definitions below are for readability the LDIF layout for 208 this schema will follow in section 8. 210 The DHC working group is currently considering several proposals for 211 fail-over and redundancy of DHCP servers. These may require sharing of 212 configuration information between servers. This schema provides a 213 generalized mechanism for supporting any of these proposals, by 214 separating the definition of a server from the definition of 215 configuration service provided by the server. 217 Separating the DHCP Server (dhcpServer) and the DHCP Configuration 218 (dhcpService) representations allows a configuration service to be 219 provided by one or more servers. Similarly, a server may provide one or 220 more configurations. The schema allows a server to be configured as 221 either a primary or secondary provider of a DHCP configuration. 223 Configurations are also defined so that one configuration can include 224 some of the objects that are defined in another configuration. This 225 allows for sharing and/or a hierarchy of related configuration items. 227 Name: dhcpService Description: Service object that represents the 228 actual DHCP Service configuration. This will be a container with the 229 following attributes. Must: cn, dhcpPrimaryDN May: dhcpSecondaryDN, 230 dhcpSharedNetworkDN, dhcpSubnetDN, dhcpGroupDN, dhcpHostDN, 231 dhcpClassesDN, dhcpOptionsDN, dhcpStatements 233 The following objects could exist inside the dhcpService container: 234 dhcpSharedNetwork, dhcpSubnet, dhcpGroup, dhcpHost, dhcpClass, 235 dhcpServer, dhcpOptions, dhcpLog 237 Name: dhcpServer Description: Server object that the DHCP server will 238 login as. The configuration information is in the dhcpService container 239 that the dhcpServiceDN points to. Must: cn, dhcpServiceDN May: 240 dhcpVersion, dhcpImplementation, dhcpHashBucketAssignment, 241 dhcpDelayedServiceParameter, dhcpMaxClientLeadTime, 242 dhcpFailOverEndpointState 244 5.1. DHCP Declaration related classes: 246 Name: dhcpSharedNetwork Description: Shared Network class will list what 247 pools and subnets are in this network. 249 This will be a container with the following attributes. Must: cn May: 250 dhcpSubnetDN, dhcpPoolDN, dhcpOptionsDN, dhcpStatements 252 The following objects can exist within a dhcpSharedNetwork container: 253 dhcpSubnet, dhcpPool, dhcpOptions, dhcpLog 255 Name: dhcpSubnet Description: Subnet object will include configuration 256 information associated with a subnet, including a range and a net mask. 258 This will be a container with the following attributes. Must: cn 259 (Subnet address), dhcpNetMask May: dhcpRange, dhcpPoolDN, dhcpGroupDN, 260 dhcpHostDN, dhcpClassesDN, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements 262 The following objects can exist within a dhcpSubnet container: dhcpPool, 263 dhcpGroup, dhcpHost, dhcpClass, dhcpOptions, dhcpLease, dhcpLog 265 Name: dhcpGroup Description: Group object will have configuration 266 information associated with a group. 268 This will be a container with the following attributes. Must: cn May: 269 dhcpHostDN, dhcpOptionsDN, dhcpStatements 271 The following objects can exist within a dhcpGroup container: dhcpHost, 272 dhcpOptions 274 Name: dhcpHost Description: The host object includes DHCP host 275 declarations to assign a static IP address or declare the client as 276 known or specify statements for a specific client. Must: cn May: 277 dhcpLeaseDN, dhcpHWAddress, dhcpOptionsDN, dhcpStatements 279 Name: dhcpOptions Description: The options class is for option space 280 declarations, it contains a list of options. Must: cn May: dhcpOption 282 Name: dhcpClass Description: This is a class to group clients together 283 based on matching rules. 285 This will be a container with the following attributes. Must: cn May: 286 dhcpSubClassesDN, dhcpOptionsDN, dhcpStatements 288 The following object can exist within a dhcpClass container: 289 dhcpSubclass, dhcpOptions 290 Name: dhcpSubClass Description: This includes configuration information 291 for a subclass associated with a class. The dhcpSubClass object will 292 always be contained within the corresponding class container object. 293 Must: cn May: dhcpClassData, dhcpOptionsDN, dhcpStatements 295 Name: dhcpPool Description: This contains configuration for a pool that 296 will have the range of addresses, permit lists and point to classes and 297 leases that are members of this pool. 299 This will be a container that could be contained by dhcpSubnet or a 300 dhcpSharedNetwork. Must: cn, dhcpRange May: dhcpClassesDN, 301 dhcpPermitList, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements 303 The following objects can exist within a dhcpPool container: dhcpClass, 304 dhcpOptions, dhcpLease, dhcpLog 306 6. Tracking Address Assignments 308 The behavior of a DHCP server is influenced by two factors - it's 309 configuration and the current state of the addresses that have been 310 assigned to clients. This schema defines a set of objects for 311 representing the DHCP configuration associated with a server. The 312 following object classes provide the ability to record how addresses are 313 used including maintaining history (audit log) on individual leases. 314 Recording lease information in a directory could result in a significant 315 performance impact and is therefore optional. Implementations supporting 316 logging of leases need to consider the performance impact. 318 6.1. dhcpLeases Attribute Definitions 320 The schema definitions below are for readability the LDIF layout for 321 this schema will follow in section 8. 323 Name: dhcpAddressState Description: This stores information about the 324 current binding-status of an address. For dynamic addresses managed by 325 DHCP, the values should be restricted to the states defined in the DHCP 326 Failover Protocol draft [FAILOVR]: 'FREE', 'ACTIVE', 'EXPIRED', 327 'RELEASED', 'RESET', 'ABANDONED', 'BACKUP'. For more information on 328 these states see [FAILOVR]. For other addresses, it SHOULD be one of 329 the following: 'UNKNOWN', 'RESERVED' (an address that is managed by DHCP 330 that is reserved for a specific client), 'RESERVED-ACTIVE' (same as 331 reserved, but address is currently in use), 'ASSIGNED' (assigned 332 manually or by some other mechanism), 'UNASSIGNED', 'NOTASSIGNABLE'. 333 Syntax: IA5String Flags: SINGLE-VALUE 335 Name: dhcpExpirationTime Description: This is the time the current lease 336 for an address expires. Syntax: DateTime Flags: SINGLE-VALUE 337 Name: dhcpStartTimeOfState Description: This is the time of the last 338 state change for a leased address. Syntax: DateTime Flags: SINGLE-VALUE 340 Name: dhcpLastTransactionTime Description: This is the last time a valid 341 DHCP packet was received from the client. Syntax: DateTime Flags: 342 SINGLE-VALUE 344 Name: dhcpBootpFlag Description: This indicates whether the address was 345 assigned via BOOTP Syntax: Boolean Flags: SINGLE-VALUE 347 Name: dhcpDomainName Description: This is the name of the domain sent to 348 the client by the server. It is essentially the same as the value for 349 DHCP option 15 sent to the client, and represents only the domain - not 350 the full FQDN. To obtain the full FQDN assigned to the client you must 351 prepend the "dhcpAssignedHostName" to this value with a ".". Syntax: 352 IA5String Flags: SINGLE-VALUE 354 Name: dhcpDnsStatus Description: This indicates the status of updating 355 DNS resource records on behalf of the client by the DHCP server for this 356 address. The value is a 16-bit bitmask that has the same values as 357 specified by the Failover-DDNS option (see [FAILOVR]). Syntax: Integer 358 Flags: SINGLE-VALUE 360 Name: dhcpRequestedHostName Description: This is the hostname that was 361 requested by the client. Syntax: IA5String Flags: SINGLE-VALUE 363 Name: dhcpAssignedHostName Description: This is the actual hostname that 364 was assigned to a client. It may not be the name that was requested by 365 the client. The fully qualified domain name can be determined by 366 appending the value of "dhcpDomainName" (with a dot separator) to this 367 name. Syntax: IA5String Flags: SINGLE-VALUE 369 Name: dhcpReservedForClient Description: This is the distinguished name 370 of the "dhcpHost" that an address is reserved for. This may not be the 371 same as the "dhcpAssignedToClient" attribute if the address is being 372 reassigned but the current lease has not yet expired. Syntax: DN Flags: 373 SINGLE-VALUE 375 Name: dhcpAssignedToClient Description: This is the distinguished name 376 of a "dhcpHost" that an address is currently assigned to. This 377 attribute is only present in the class when the address is leased. 378 Syntax: DN Flags: SINGLE-VALUE 380 Name: dhcpRelayAgentInfo Description: If the client request was received 381 via a relay agent, this contains information about the relay agent that 382 was available from the DHCP request. This is a hex-encoded option 383 value. Syntax: OctetString Flags: SINGLE-VALUE 384 6.2. dhcpLeases Object Class 386 This class represents an IP address. It may or may not be leaseable, 387 and the object may exist even though a lease is not currently active for 388 the associated IP address. 390 It is recommended that all Lease objects for a single DHCP Service be 391 centrally located within a single container. This ensures that the lease 392 objects and the corresponding logs do not have to be relocated, when 393 address ranges allocated to individual DHCP subnets and/or pools change. 395 The schema definitions below are for readability the LDIF layout for 396 this schema will follow in section 8. 398 Name: dhcpLeases Description: This is the object that holds state 399 information about an IP address. The cn (which is the IP address), and 400 the current address-state are mandatory attributes. If the address is 401 assigned then, some of the optional attributes will have valid data. 402 Must: cn, dhcpAddressState May: dhcpExpirationTime, 403 dhcpStartTimeOfState, dhcpLastTransactionTime, dhcpBootpFlag, 404 dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName, 405 dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient, 406 dhcpRelayAgentInfo, dhcpHWAddress 408 6.3 Audit Log Information 410 A dhcpLog object is created whenever a lease is assigned or released. 411 This object is intended to be created under the corresponding dhcpLeases 412 container, or dhcpPool, dhcpSubnet, dhcpSharedNetwork or dhcpService 413 containers. 415 The log information under the dhcpLeases container would be for 416 addresses matching that lease information. The log information in the 417 other containers could be used for errors, i.e. when a pool or subnet is 418 out our addresses or if a server is not able to assign any more 419 addresses for a particular dhcpService. 421 Name: dhcpLog Description: This is the object that holds past 422 information about an IP address. The cn is the time/date stamp when the 423 address was assigned or released, the address state at the time, if the 424 address was assigned or released. Must: cn May: dhcpAddressState, 425 dhcpExpirationTime, dhcpStartTimeOfState, dhcpLastTransactionTime, 426 dhcpBootpFlag, dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName, 427 dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient, 428 dhcpRelayAgentInfo, dhcpHWAddress 429 7. Determining settings 431 The dhcpStatements attribute is the key to DHC enhancements that may 432 come along, and the different key words that a particular server 433 implementation may use. This attribute can be used to hold conditional 434 DHCP Statements and DHCP server parameters. Having a generic settings 435 attribute that is just a string, allows this schema to be extensible and 436 easy to configure. 438 All of the attributes that end with DN are references to the class that 439 precedes the DN e.g. the dhcpPrimaryDN and dhcpSecondaryDN attributes 440 hold the Distinguished Names of the dhcpServer objects that are 441 associated with the dhcpService object. 443 8. LDIF format for attributes and classes. 445 # Attributes 447 ( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC 448 'The DN of the dhcpServer which is the primary server for the 449 configuration.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) 451 ( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'The DN of 452 dhcpServer(s) which provide backup service for the configuration.' 453 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 455 ( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Flexible 456 storage for specific data depending on what object this exists in. Like 457 conditional statements, server parameters, etc. This allows the standard 458 to evolve without needing to adjust the schema.' SYNTAX 459 1.3.6.1.4.1.1466.115.121.1.26 ) 461 ( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The starting & 462 ending IP Addresses in the range (inclusive), separated by a hyphen; if 463 the range only contains one address, then just the address can be 464 specified with no hyphen. Each range is defined as a separate value.' 465 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 467 ( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'This attribute 468 contains the permit lists associated with a pool. Each permit list is 469 defined as a separate value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 471 ( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The subnet mask 472 length for the subnet. The mask can be easily computed from this 473 length.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 475 ( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encoded option 476 values to be sent to clients. Each value represents a single option and 477 contains (OptionTag, Length, OptionValue) encoded in the format used by 478 DHCP.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 479 ( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Encoded text 480 string or list of bytes expressed in hexadecimal, separated by colons. 481 Clients match subclasses based on matching the class data with the 482 results of match or spawn with statements in the class name 483 declarations.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 485 ( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The 486 distinguished name(s) of the dhcpOption objects containing the 487 configuration options provided by the server.' SYNTAX 488 1.3.6.1.4.1.1466.115.121.1.12 ) 490 ( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the distinguished 491 name(s) of the dhcpHost objects.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 493 ( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The distinguished 494 name(s) of pools.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 496 ( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The 497 distinguished name(s) of the groups.' SYNTAX 498 1.3.6.1.4.1.1466.115.121.1.12 ) 500 ( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The 501 distinguished name(s) of the subnets.' SYNTAX 502 1.3.6.1.4.1.1466.115.121.1.12 ) 504 ( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The 505 distinguished name of a client address.' SYNTAX 506 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) 508 ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The 509 distinguished name(s) client addresses.' SYNTAX 510 1.3.6.1.4.1.1466.115.121.1.12 ) 512 ( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'The 513 distinguished name(s) of a class(es) in a subclass.' SYNTAX 514 1.3.6.1.4.1.1466.115.121.1.12 ) 516 ( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The 517 distinguished name(s) of subclass(es).' SYNTAX 518 1.3.6.1.4.1.1466.115.121.1.12 ) 520 ( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DESC 'The 521 distinguished name(s) of sharedNetworks.' SYNTAX 522 1.3.6.1.4.1.1466.115.121.1.12 ) 524 ( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'The DN of 525 dhcpService object(s)which contain the configuration information. Each 526 dhcpServer object has this attribute identifying the DHCP 527 configuration(s) that the server is associated with.' SYNTAX 528 1.3.6.1.4.1.1466.115.121.1.12 ) 530 ( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version 531 attribute of this object.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- 532 VALUE ) 534 ( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DESC 535 'Description of the DHCP Server implementation e.g. DHCP Server's 536 vendor.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 538 ( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores 539 information about the current binding-status of an address. For dynamic 540 addresses managed by DHCP, the values should be restricted to the 541 following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", 542 "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the 543 following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP 544 that is reserved for a specific client), "RESERVED-ACTIVE" (same as 545 reserved, but address is currently in use), "ASSIGNED" (assigned 546 manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".' 547 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 549 ( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DESC 'This is 550 the time the current lease for an address expires.' SYNTAX 551 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 553 ( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' DESC 'This is 554 the time of the last state change for a leased address.' SYNTAX 555 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 557 ( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime' DESC 'This 558 is the last time a valid DHCP packet was received from the client.' 559 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 561 ( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'This indicates 562 whether the address was assigned via BOOTP.' SYNTAX 563 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 565 ( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'This is the 566 name of the domain sent to the client by the server. It is essentially 567 the same as the value for DHCP option 15 sent to the client, and 568 represents only the domain - not the full FQDN. To obtain the full FQDN 569 assigned to the client you must prepend the "dhcpAssignedHostName" to 570 this value with a ".".' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- 571 VALUE ) 573 ( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'This indicates 574 the status of updating DNS resource records on behalf of the client by 575 the DHCP server for this address. The value is a 16-bit bitmask.' 576 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 578 ( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This 579 is the hostname that was requested by the client.' SYNTAX 580 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 582 ( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' DESC 'This is 583 the actual hostname that was assigned to a client. It may not be the 584 name that was requested by the client. The fully qualified domain name 585 can be determined by appending the value of "dhcpDomainName" (with a dot 586 separator) to this name.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- 587 VALUE ) 589 ( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The 590 distinguished name of a "dhcpClient" that an address is reserved for. 591 This may not be the same as the "dhcpAssignedToClient" attribute if the 592 address is being reassigned but the current lease has not yet expired.' 593 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) 595 ( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' DESC 'This is 596 the distinguished name of a "dhcpClient" that an address is currently 597 assigned to. This attribute is only present in the class when the 598 address is leased.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) 600 ( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DESC 'If the 601 client request was received via a relay agent, this contains information 602 about the relay agent that was available from the DHCP request. This is 603 a hex-encoded option value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 604 SINGLE-VALUE ) 606 ( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'The clients 607 hardware address that requested this IP address.' SYNTAX 608 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) 610 ( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignment' DESC 611 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC 612 Load Balancing Algorithm [RFC 3074].' SYNTAX 613 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) 615 ( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParameter' DESC 616 'Delay in seconds corresponding to Delayed Service Parameter 617 configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' 618 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 620 ( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC 621 'Maximum Client Lead Time configuration in seconds, as defined in DHCP 622 Failover Protocol [FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 623 SINGLE-VALUE ) 625 ( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointState' DESC 626 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol 627 [FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 629 #Classes 631 ( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC ' Service object 632 that represents the actual DHCP Service configuration. This is a 633 container object.' SUP top MUST (cn $ dhcpPrimaryDN) MAY 634 (dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ 635 dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpStatements ) ) 637 ( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DESC 'This stores 638 configuration information for a shared network.' SUP top MUST cn MAY 639 (dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) X- 640 NDS_CONTAINMENT ('dhcpService' ) ) 642 ( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'This class defines 643 a subnet. This is a container object.' SUP top MUST ( cn $ dhcpNetMask ) 644 MAY (dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ 645 dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT 646 ('dhcpService' ) ) 648 ( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This stores 649 configuration information about a pool.' SUP top MUST ( cn $ dhcpRange ) 650 MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ 651 dhcpStatements) X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') ) 653 ( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Group object that 654 lists host DNs and parameters. This is a container object.' SUP top MUST 655 cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONTAINMENT 656 ('dhcpSubnet' 'dhcpService' ) ) 658 ( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This represents 659 information about a particular client' SUP top MUST cn MAY (dhcpLeaseDN 660 $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT 661 ('dhcpService' 'dhcpSubnet' 'dhcpGroup') ) 663 ( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Represents 664 information about a collection of related clients.' SUP top MUST cn MAY 665 (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT 666 ('dhcpService' 'dhcpSubnet' ) ) 668 ( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'Represents 669 information about a collection of related classes.' SUP top MUST cn MAY 670 (dhcpClassData $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT 671 'dhcpClass' ) 673 ( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Represents 674 information about a collection of options defined.' SUP top MUST cn MAY 675 ( dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 676 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) 678 ( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'This class 679 represents an IP Address, which may or may not have been leased.' SUP 680 top MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $ 681 dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ 682 dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ 683 dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ 684 dhcpRelayAgentInfo $ dhcpHWAddress ) X-NDS_CONTAINMENT ( 'dhcpService' 685 'dhcpSubnet' 'dhcpPool') ) 687 ( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This is the object 688 that holds past information about the IP address. The cn is the 689 time/date stamp when the address was assigned or released, the address 690 state at the time, if the address was assigned or released.' SUP top 691 MUST ( cn ) MAY ( dhcpAddressState $ dhcpExpirationTime $ 692 dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ 693 dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ 694 dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ 695 dhcpRelayAgentInfo $ dhcpHWAddress ) X-NDS_CONTAINMENT ('dhcpLeases' 696 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) ) 698 ( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'DHCP Server 699 Object' SUP top MUST (cn, dhcpServiceDN) MAY (dhcpVersion $ 700 dhcpImplementation $ dhcpHashBucketAssignment $ 701 dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ 702 dhcpFailOverEndpointState) X-NDS_CONTAINMENT 'dhcpService' ) 704 9. Security Considerations 706 Since the DHCP Configuration information is stored in a directory, the 707 security of the information is limited to the security offered by the 708 directory including the security of the objects within that directory. 710 10. Intellectual Property Rights Notices 712 The IETF takes no position regarding the validity or scope of any 713 intellectual property or other rights that might be claimed to pertain 714 to the implementation or use of the technology described in this 715 document or the extent to which any license under such rights might or 716 might not be available; neither does it represent that it has made any 717 effort to identify any such rights. Information on the IETF's 718 procedures with respect to rights in standards-track and standards- 719 related documentation can be found in BCP-11. Copies of claims of 720 rights made available for publication and any assurances of licenses to 721 be made available, or the result of an attempt made to obtain a general 722 license or permission for the use of such proprietary rights by 723 implementors or users of this specification can be obtained from the 724 IETF Secretariat. 726 The IETF invites any interested party to bring to its attention any 727 copyrights, patents or patent applications, or other proprietary rights 728 which may cover technology that may be required to practice this 729 standard. Please address the information to the IETF Executive 730 Director. 732 11. Full Copyright Statement 734 Copyright (C) The Internet Society (2001). All Rights Reserved. 736 This document and translations of it may be copied and furnished to 737 others, and derivative works that comment on or otherwise explain it or 738 assist in its implementation may be prepared, copied, published and 739 distributed, in whole or in part, without restriction of any kind, 740 provided that the above copyright notice and this paragraph are included 741 on all such copies and derivative works. However, this document itself 742 may not be modified in any way, such as by removing the copyright notice 743 or references to the Internet Society or other Internet organizations, 744 except as needed for the purpose of developing Internet standards in 745 which case the procedures for copyrights defined in the Internet 746 Standards process must be followed, or as required to translate it into 747 languages other than English. 749 The limited permissions granted above are perpetual and will not be 750 revoked by the Internet Society or its successors or assigns. 752 This document and the information contained herein is provided on an "AS 753 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 754 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 755 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 756 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 757 FITNESS FOR A PARTICULAR PURPOSE. 759 12. References 761 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, 762 March 1997. 764 [RFC2132] Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor 765 Extensions", RFC 2132, March 1997. 767 [MSDHCP] Gu, Y., Vyaghrapuri, R., "An LDAP Schema for Dynamic Host 768 Configuration Protocol Service", Internet Draft , August 1998. 771 [NOVDHCP] Miller, T., Patel, A., Rao, P., "Lightweight Directory Access 772 Protocol (v3): Schema for Dynamic Host Configuration Protocol (DHCP)", 773 Internet Draft , June 1998. 775 [FAILOVR] Droms, R., Rabil, G., Dooley, M., Kapur, A., Gonczi, S., Volz, 776 B., "DHCP Failover Protocol", Internet Draft , July 2000. 779 [RFC 3074] Volz B., Gonczi S., Lemon T., Stevens R., "DHC Load Balancing 780 Algorithm", February 2001 782 [AGENT] Patrick, M., "DHCP Relay Agent Information Option", Internet 783 Draft , March 2000. 785 [DHCPOPT] Carney, M., "New Option Review Guidelines and Additional 786 Option Namespace", Internet Draft , October 1999. 789 [POLICY] Strassner, J., Elleson, E., Moore, B., "Policy Framework LDAP 790 Core Schema", Internet Draft , 791 November 1999. 793 [RFC2251] Wahl, M., Howes, T., Kille, S., "Lightweight Directory Access 794 Protocol (v3)", RFC 2251, December 1997. 796 [RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., "Lightweight 797 Directory Access Protocol (v3) Attribute Syntax Definitions", RFC 2252, 798 December 1997. 800 [RFC2255] Howes, T., Smith, M., "The LDAP URL Format", RFC 2255, 801 December 1997. 803 [RFC951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC 951, 804 September 1985. 806 [RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement 807 Levels", RFC 2119, March 1997. 809 13. Acknowledgments 811 This work is partially based on a previous draft draft-ietf-dhc- 812 schema-02.doc. 814 14. Author's Addresses 816 Comments regarding this draft may be sent to the authors at the 817 following address: 819 Mark Meredith 820 Mark Hinckley 821 Novell Inc. 822 1800 S. Novell Place 823 Provo, Utah 84606 825 Vijay K. Nanjundaswamy 826 Novell Software Development (I) Ltd 827 49/1 & 49/3, Garvebhavi Palya, 828 7th Mile, Hosur Road 829 Bangalore 560068 831 email: mark_meredith@novell.com 832 email: knvijay@novell.com 833 email: mhinckley@novell.com 835 This Internet Draft expires December 16, 2001.