Internet Engineering Task Force Y. Gu, Microsoft Internet Draft R. Vyaghrapuri, Microsoft August 1998 Expires: February 1999 draft-gu-dhcp-ldap-schema-00.txt An LDAP Schema for Dynamic Host Configuration Protocol Service Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress". To learn the current status of any Internet-Draft, please check the 1id-abstracts.txt listing contained in the Internet-Drafts Shadow Directories on ftp.ietf.org, nic.nordu.net, ftp.isi.edu, or munnari.oz.au. This document will expire on January 15, 1999. Distribution of this draft is unlimited. Abstract This document defines a schema for representing DHCP service in an LDAP-based directory. The integration of DHCP with a directory makes it possible for an organization to centrally administer its DHCP service, regardless of the number of DHCP servers it deploys. This management approach further reduces the total cost of ownership and improves scalability of DHCP service. 1. Introduction The Dynamic Host Configuration Protocol (DHCP) [1] defines a standard client-server mechanism for configuring hosts on a TCP/IP network dynamically. A host running TCP/IP needs to be assigned an IP address and other parameters such as gateway and DNS server addresses [2] before it can function properly on the network. Such assignment can be done either manually or automatically using DHCP. DHCP eliminates the need to configure hosts one by one. A DHCP server becomes the central administration point of IP configurations for all clients it services. DHCP eases the task of managing IP Gu and Vyaghrapuri [Page 1] Internet Draft An LDAP Schema for DHCP August 1998 addresses and other parameters. DHCP also makes it possible to transparently apply changes to host IP configurations. Increasingly, TCP/IP is becoming the network protocol of choice for organizations as they stride towards building single protocol data networks. In a TCP/IP network, IP addresses and other IP parameters need to be managed globally across an organization's network and assigned individually to all hosts. Many organizations are using DHCP to automate their IP management. Typically these organizations deploy more than one DHCP server for load balancing and fault tolerance. Without a central store for DHCP configuration, DHCP servers have to hold their own configuration separately. Each server contains a subset of a TCP/IP network's IP addresses and related IP parameters. Maintaining configurations of multiple servers or making changes to them is often a multi-step process. Centralizing DHCP configurations can improve the management of multiple DHCP servers. An LDAP-based directory is a central database with standard query and retrieval methods. It is accessible throughout an organization's network. DHCP can use an LDAP-based directory to centralize its configurations. By integrating with an LDAP-based directory, DHCP as an organization-wide network service can be managed from a single point of administration. All DHCP servers can use the same directory structures for their configurations. Furthermore, administrative boundaries of DHCP service can be aligned closely with existing organizational structure in the directory. Network services in an LDAP-based directory are represented by LDAP schemata. The proposed LDAP schema for DHCP is intended for creating a common representation of DHCP service in an LDAP-based directory. A standard DHCP schema offers many advantages including, but not limited to, interoperable DHCP solutions from multiple vendors. The DHCP schema consists of a number of object classes, each of which can be thought of as a logical partition of DHCP service. These object classes are described in the rest of this document, as follows. Section 2 gives an overview of the DHCP object classes and their relationships. Section 3 provides detailed definitions of the object classes. Section 4 discusses remaining work that needs to be done to complete administrative aspects of the schema. 1.1. Requirements Throughout this document, the words that are used to define the significance of particular requirements are capitalized. These words are: o "MUST" This word or the adjective "REQUIRED" means that the item is an absolute requirement of this specification. Gu and Vyaghrapuri [Page 2] Internet Draft An LDAP Schema for DHCP August 1998 o "MUST NOT" This phrase means that the item is an absolute prohibition of this specification. o "SHOULD" This word or the adjective "RECOMMENDED" means that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different course. o "SHOULD NOT" This phrase means that there may exist valid reasons in particular circumstances when the listed behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label. o "MAY" This word or the adjective "OPTIONAL" means that this item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because it enhances the product, for example; another vendor may omit the same item. 2. Schema Overview This section gives an overview of DHCP object classes and their relationships to each other and to other related objects in an LDAP- based directory. DHCP object classes in this document are designed to conform to the Directory-Enabled Networks (DEN) specification [3]. They are defined in the context of DEN information model and base schema. Gu and Vyaghrapuri [Page 3] Internet Draft An LDAP Schema for DHCP August 1998 2.1. Object Relationships The following diagram shows where the DHCPService object is stored in the directory hierarchy and how it relates to other DHCP objects. Container/Organization/OrganizationalUnit | +---DHCPService | +---DHCPSubnet | +---DHCPRange | +---DHCPReservation The following diagram shows where the DHCPServer object is stored in the directory hierarchy and how it relates to other DHCP objects. Organization | +---OrganizationalUnit | +---GroupOfDevices | +---DHCPServer | +---DHCPSubnet | +---DHCPRange | +---DHCPReservation | +---DHCPLease (Optional) 2.2. Object Class Hierarchy The diagram below shows how the DHCP object classes are derived based on the DEN base schemata. DHCPService is the only class that is derived from a specific DEN class -- the Service class. DHCPServer is a superclass of DHCPService. All other DHCP classes are derived from the Top class directly. Gu and Vyaghrapuri [Page 4] Internet Draft An LDAP Schema for DHCP August 1998 Top | +---ManagedSystemElement (DEN) | | | +---LogicalElement | | | +---Service | | | +---DHCPService | | | +---DHCPServer | +---DHCPSubnet | +---DHCPRange | +---DHCPReservation | +---DHCPLease 3. Schema Details This section provides schema definitions for DHCP object classes. 3.1. Service Object Class The Service object class is a CIM class extended by DEN. This abstract class serves as the base object class for DHCP service. NAME 'Service' DESCRIPTION 'The Service class is a LogicalElement that contains the information necessary to represent and manage the functionality provided by a Device and/or SoftwareFeature. A Service is a general-purpose object to configure and manage the implementation of functionality. It is not the functionality itself. This is a CIM class extended by DEN.' TYPE Abstract DERIVED FROM LogicalElement POSSIBLE SUPERIORS ( Container $ Organization $ OrganizationalUnit $ Group $ GroupOfDevices ) MUST CONTAIN ( ServiceCreationClassName $ ServiceName $ ServiceURL $ Started $ StartMode ) MAY CONTAIN The attributes of the Service class are defined as follows. Gu and Vyaghrapuri [Page 5] Internet Draft An LDAP Schema for DHCP August 1998 NAME 'ServiceCreationClassName' DESCRIPTION 'Provides scoping and keying for the Service class hierarchy' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'ServiceName' DESCRIPTION 'A user-friendly name of this service class' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'ServiceURL' DESCRIPTION 'A URL that provides the protocol, network location, and other service-specific information required in order to access the service' SYNTAX 'DN' SINGLE-VALUE NAME 'Started' DESCRIPTION 'TRUE indicates that the Service has been started' SYNTAX 'Boolean' SINGLE-VALUE NAME 'StartMode' DESCRIPTION 'This is a string value indicating whether the Service is automatically started by a System, Operating Systems, etc. or only started upon request' SYNTAX 'DirectoryString' SINGLE-VALUE 3.2. DHCPService Object Class This object class is one of the two container classes for DHCP (the other being the DHCPServer class). The DHCPService object represents DHCP service configuration for an entire enterprise or a specific branch of an organization. As such, DHCPService is a child of either the Container object or an Organization/OrganizationalUnit object. The Container object is an enterprise-wide entity. It contains information that is global to the enterprise. A DHCPService object parented under the Container object holds configurations that are common to all DHCP servers in the enterprise. On the other hand, Organization and OrganizationalUnit objects define logical divisions of an enterprise. A DHCPService object parented under an Organization/OrganizationalUnit object has more limited scope. It holds configurations for only those DHCP servers that belong to the branch it represents. In either case, each parent has at most one DHCPService object. The DHCPService object is derived from the abstract Service class. It inherits all attributes of the Service class. In addition, it may contain the DN's of the subnets that it manages. The IP addresses and masks associated with these subnets are included for convenience. The DHCPService object also contains any class or option that is defined for it. Gu and Vyaghrapuri [Page 6] Internet Draft An LDAP Schema for DHCP August 1998 NAME 'DHCPService' DESCRIPTION 'This class represents the dynamic host configuration protocol service.' TYPE Structural DERIVED FROM Service POSSIBLE SUPERIORS ( Container $ Organization $ OrganizationalUnit ) MUST CONTAIN MAY CONTAIN ( DHCPSubnetList $ DHCPClassList $ DHCPOptionDefinitions $ DHCPOptionList ) The attributes of the DHCPService class are defined as follows. NAME 'DHCPSubnetList' DESCRIPTION 'Provides the DN's of the DHCPSubnet objects, as well as their subnet IP addresses and masks.' SYNTAX 'DirectoryString' MULTI-VALUE NAME 'DHCPClassList' DESCRIPTION 'Provides encoding of user or vendor class names. Each class contains (ClassName, ClassID, ClassType, Description).' SYNTAX 'OctetString' MULTI-VALUE NAME 'DHCPOptionDefinitions' DESCRIPTION 'Provides encoding of option definitions, both standard and vendor-specific, and any default values for those options. Each option definition contains (OptionName, OptionID, OptionDataType, MultiValued, VendorClassID, DefaultValue, Description).' SYNTAX 'OctetString' MULTI-VALUE NAME 'DHCPOptionList' DESCRIPTION 'Provides encoding of options, both standard and vendor- specific, to be sent to clients. Each option contains (OptionID, OptionValue, VendorClassID, UserClassID).' SYNTAX 'OctetString' MULTI-VALUE 3.3. DHCPSubnet Object Class The DHCPSubnet object represents an IP subnet that is managed by DHCP. A subnet is defined by an IP address and mask. If the superscope name is not NULL, the subnet is also considered as part of that superscope group. A subnet is further divided into ranges, which part subsets of addresses within the subnet. Each range is managed by one or more DHCP servers for address assignments. A DHCPSubnet object may contain a list of options for all clients on the subnet. It may also have settings that specify if and how dynamic DNS updates are done for clients. Gu and Vyaghrapuri [Page 7] Internet Draft An LDAP Schema for DHCP August 1998 NAME 'DHCPSubnet' DESCRIPTION 'This class represents a logical IP subnet.' TYPE Structural DERIVED FROM Top POSSIBLE SUPERIORS ( DHCPService $ DHCPServer ) MUST CONTAIN ( SubnetIPAddress $ SubnetMask ) MAY CONTAIN ( DDNSUpdateOptions $ SuperscopeName $ DHCPRangeList $ DHCPOptionList $ Description ) The attributes of the DHCPSubnet class are defined as follows. NAME 'SubnetIPAddress' DESCRIPTION 'Defines the subnet IP address.' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'SubnetMask' DESCRIPTION 'Defines the subnet mask.' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'DDNSUpdateOptions' DESCRIPTION 'Specifies options for dynamic DNS update. 1 = Update according to client request, 2 = Always update forward and reverse lookups, 4 = Discard forward lookups when leases expire, 8 = Do updates for non-dynamic DNS clients.' SYNTAX 'Integer' SINGLE-VALUE NAME 'SuperscopeName' DESCRIPTION 'Specifies name of the superscope, if any, to which the scope belongs.' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'DHCPRangeList' DESCRIPTION 'Specifies the DN's of the DHCPRange objects for the subnet and their start and end IP addresses.' SYNTAX 'DirectoryString' MULTI-VALUE 3.4. DHCPRange Object Class The DHCPRange object represents a subset of IP addresses within a subnet that are to be assigned. The addresses are specified by a range subtracting any exclusion. Each DHCPRange is assigned to one or more DHCP servers. The DHCPRange object may contain a list of options for all clients whose addresses come from the range. These are options that are not defined by a parent DHCP object or that overwrite ones defined by a parent object. Gu and Vyaghrapuri [Page 8] Internet Draft An LDAP Schema for DHCP August 1998 NAME 'DHCPRange' DESCRIPTION 'This class represents a DHCP range, which specifies an IP address range within a subnet and associated IP configuration.' TYPE Structural DERIVED FROM Top POSSIBLE SUPERIORS ( DHCPSubnet ) MUST CONTAIN ( StartIPAddress $ EndIPAddress $ ScopeType ) MAY CONTAIN ( Exclusions $ DHCPServerList $ DHCPOptionList $ Description ) The attributes of the DHCPRange class are defined as follows. NAME 'StartIPAddress' DESCRIPTION 'Defines the first IP address in the IP address range.' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'EndIPAddress' DESCRIPTION 'Defines the last IP address in the IP address range. If the scope has only one address, then EndIPAddress = StartIPAddress.' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'ScopeType' DESCRIPTION 'Specifies the scope type as being one of the following 1 = DHCP, 2 = Dynamic BOOTP, 3 = DHCP and Dynamic BOOTP.' SYNTAX 'Integer' SINGLE-VALUE NAME 'Exclusions' DESCRIPTION 'Defines the list of addresses in the scope's IP address range that are excluded from assignment. Each entry in the list is a (StartIPAddress, EndIPAddress) pair.' SYNTAX 'DirectoryString' MULTI-VALUE NAME 'DHCPServerList' DESCRIPTION 'Specifies the DN's of the DHCPServer objects and their fully-qualified DNS names.' SYNTAX 'DirectoryString' MULTI-VALUE 3.5. DHCPReservation Object Class The DHCPReservation object represents a client with a reserved IP address. The client can be a DHCP client, a BOOTP client, or both. It is identified by a unique ID, which is typically the MAC address of its network interface. The DHCPReservation object may contain a list of options for the client with reservation. These are options that are not defined by a parent DHCP object or that overwrite ones defined by a parent object. Gu and Vyaghrapuri [Page 9] Internet Draft An LDAP Schema for DHCP August 1998 NAME 'DHCPReservation' DESCRIPTION 'This class defined a DHCP reservation, which is a fixed IP address assigned to a particular DHCP client.' TYPE Structural DERIVED FROM Top POSSIBLE SUPERIORS ( DHCPSubnet ) MUST CONTAIN ( IPAddress $ UniqueID $ ClientName ) MAY CONTAIN ( ClientType $ DHCPOptionList $ Description ) The attributes of the DHCPReservation class are defined as follows. NAME 'IPAddress' DESCRIPTION 'Defines the IP address of an active lease.' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'UniqueID' DESCRIPTION 'Identifies the client using either the MAC address of one of its network interfaces, or a unique byte string.' SYNTAX 'OctetString' SINGLE-VALUE NAME 'ClientName' DESCRIPTION 'Specifies the name of the client for the reservation.' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'ClientType' DESCRIPTION 'Specifies the lease type as one of the following 1 = DHCP, 2 = BOOTP, 3 = DHCP/BOOTP.' SYNTAX 'Integer' SINGLE-VALUE 3.6. DHCPServer Object Class The DHCPServer object represents a server that implements DHCP service. It is therefore derived from the DHCPService object and inherits all its attributes. In addition, the DHCPServer object specifies the vendor who makes the server and the revision it is in. Lastly, it contains a flag that indicates whether the DHCP server has been authorized to service any client request. The flag is added to prevent rogue DHCP servers on a network. NAME 'DHCPServer' DESCRIPTION 'This class describes the configuration a DHCP server.' TYPE Structural DERIVED FROM DHCPService POSSIBLE SUPERIORS ( GroupOfDevices ) MUST CONTAIN ( VendorID $ VersionNumber $ Authorized ) MAY CONTAIN Gu and Vyaghrapuri [Page 10] Internet Draft An LDAP Schema for DHCP August 1998 The attributes of the DHCPServer class are defined as follows. NAME 'VendorID' DESCRIPTION 'Indicates the DHCP server vendor, using IANA assigned enterprise code (see http://www.isi.edu/in-notes/iana/ assignments/enterprise-numbers).' SYNTAX 'Integer' SINGLE-VALUE NAME 'VersionNumber' DESCRIPTION 'Specifies the major and minor version numbers of the DHCP server.' SYNTAX 'DirectoryString' SINGLE-VALUE NAME 'Authorized' DESCRIPTION 'TRUE indicates that the Server has been authorized to respond to DHCP client requests; FALSE indicates that the Server is a rogue server.' SYNTAX 'Boolean' SINGLE-VALUE 3.7. DHCPLease Object Class The DHCPLease object represents an IP address that is currently assigned to a DHCP client. It is a DHCP/BOOTP assigned dynamic address, a reservation, or an address allocated for a RAS server. DHCP leases are stored under the DHCPServer object which has handed out the leases. A DHCP server can contain a large number of leases. Writing all those leases to the directory could have a significant performance impact on the directory and the server as well, especially when there is a large burst of lease assignments. For this reason, the support for DHCPLease is optional. NAME 'DHCPLease' DESCRIPTION 'This class specifies individual lease information.' TYPE Structural DERIVED FROM Top POSSIBLE SUPERIORS ( DHCPSubnet ) MUST CONTAIN ( IPAddress $ LeaseType ) MAY CONTAIN ( UniqueID $ ClientName $ LeaseExpiration $ LeaseState $ Description ) The attributes of the DHCPLease class are defined as follows. NAME 'LeaseType' DESCRIPTION 'Specifies the lease type as one of the following 1 = DHCP assigned, 2 = BOOTP assigned, 3 = Reservation, 4 = Allocation for RAS.' SYNTAX 'Integer' SINGLE-VALUE Gu and Vyaghrapuri [Page 11] Internet Draft An LDAP Schema for DHCP August 1998 NAME 'LeaseExpiration' DESCRIPTION 'Specifies when the lease is due to expire. NULL value indicates that the lease is infinite.' SYNTAX 'GeneralizedTime' SINGLE-VALUE NAME 'LeaseState' DESCRIPTION 'Defines which following state the lease is in 1 = Active, 2 = Inactive, 3 = Registered with DNS, 4 = Unregistered with DNS, 5 = Tombstoned.' SYNTAX 'GeneralizedTime' SINGLE-VALUE 4. Future Work This document defines a schema for storing and retrieving DHCP configuration information in an LDAP-based directory. It does not address the issues of how this information is managed. Specifically, it does not provide the schema for access control to DHCP service. This will be defined in the future. 5. Acknowledgements The authors would like to thank Munil Shah and Peter Ford for reviewing this draft. 6. References [1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. [2] Alexander, S., and Droms R., "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997. [3] Strassner, J., "Directory-Enabled Networks, Information Model and Base Schema", DEN Specification v3.0c, July 1998. 7. Author's Address Ye Gu Microsoft Corporation One Microsoft Way Redmond, WA 98052 Phone: 425 936 8601 EMail: yegu@microsoft.com Ramesh Vyaghrapuri Microsoft Corporation Gu and Vyaghrapuri [Page 12] Internet Draft An LDAP Schema for DHCP August 1998 One Microsoft Way Redmond, WA 98052 Phone: 425 703 9581 Email: rameshv@microsoft.com This document will expire on February 1998. Gu and Vyaghrapuri [Page 13]