6.3 Defining Branch Objects

This section reviews the steps to add the following objects to the LDAP directory:

NOTE:Each LDAP object has two types of attributes: must and may attributes. The must attributes are the minimum requirements for an object. The may attributes are optional. This table lists only those may attributes that are relevant to Novell Linux Point of Service.

6.3.1 Adding organizationalUnit Objects

organizationalUnit objects were introduced to improve organizational coherence. They typically represent organizational structures such as regions, branches or divisions. Because they can be nested, they can be used to visually represent the structure or organization of your company.

Table 6-2 summarizes the posAdmin command options for organizationalUnit object attributes.

Table 6-2 Command options for creating organizationalUnit objects

Option

Type

Description

--ou

must

The name of the organizational unit; for example, boston.

IMPORTANT:Use only alphanumeric characters.

--description

may

A human-readable description of the object.

The following command adds the boston organizational unit to the LDAP directory (type the command all on one line): 

posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base o=mycorp,c=us --add --organizationalUnit --ou boston

The context of the Organizational Unit is ou=boston,o=mycorp,c=us directory.

You can add a description to the boston entry by adding the following option to the command:

--description ‘Central Boston Headquarters'

6.3.2 Adding an scLocation Object

An scLocation object typically is used to represent a branch office; that is, a site where a Branch Server and Point of Service terminals are located. scLocation containers are used to store information about the deployed Branch Servers and Point of Service terminals. This and all other information that can be modified at the Branch Server should be stored or referenced in the Location containers to limit the need to grant Write privileges to subtrees.

Table 6-3 summarizes the posAdmin command options for scLocation object attributes.

Table 6-3 Command options for creating scLocation objects

Option

Type

Description

--cn

must

The common name of the location.

--ipNetworkNumber

must

The network address of the subnet of the branch; for example,192.168.1.0.

--ipNetmaskNumber

must

The netmask of the subnet of the branch; for example, 255.255.255.0.

--scDhcpRange

must

The dynamic IP address range of the DHCP server of the subnet. This is needed to register the Point of Service terminals. It is a comma-separated value pair; for example, 192.168.1.10, 192.168.1.50.

--scDhcpFixedRange

must

The fixed IP address range of the DHCP server reserved for the Point of Service terminals. It is also a comma-separated value pair, such as 192.168.1.51, 192.168.1.150.

--scDefaultGw

must

The default gateway for this location. This is normally a router to the corporate wide area network.

--scDynamicIp

must

This flag is used to enable or disable the dynamic IP address range of the DHCP server. Allowed values are TRUE to enable or FALSE to disable dynamic IP address ranges.

--scWorkstationBaseName

must

The base name of the Point of Service terminals of a branch used to create a unique name for each terminal in combination with the scDhcpFixedRange attribute and the scEnumerationMask. For example, using the scWorkstationBaseName CR, an scEnumerationMask of 000, and the above-mentioned scDhcpFixedRange to build the name of the Point of Service terminals and their corresponding IP addresses, the first newly registered terminal gets the name CR001 and the IP address 192.168.1.51; the next terminal is named CR002 and gets the IP address 192.168.1.52; and so on.

--scEnumerationMask

must

Refer to scWorkstationBaseName.

--associatedDomain

may

This optional entry configures the DNS domain and the domain part of the hostnames of the Point of Service terminals to be in the stated domain. If this entry is left empty, the domain consists of the LDAP structure of the scLocation entry DN. With this entry, a different domain can be chosen.

The following command adds an scLocation named harbor to the LDAP directory (type the command all on one line): 

posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base ou=boston,o=mycorp,c=us --add --scLocation --cn harbor 
--ipNetworkNumber 192.168.1.0 --ipNetmaskNumber 255.255.255.0 
--scDhcpRange 192.168.1.10,192.168.1.50 
--scDhcpFixedRange 192.168.1.51,192.168.1.151 
--scDefaultGw 192.168.1.254 --scDynamicIp TRUE 
--scWorkstationBaseName CR --scEnumerationMask 000

6.3.3 Adding an scServerContainer and scBranchServer Object

There must be an scBranchServer object for every Branch Server in the Novell Linux Point of Service system. These objects store configuration information specific to each Branch Server.

An scBranchServer object contains information about hardware, at least one defined network card, and services like TFTP, DNS, and DHCP. It is located with an scLocation object in the LDAP tree.

IMPORTANT:The location of the scBranchServer object in the LDAP directory must correspond to the hostname defined for the Admin/Branch Server during installation. For example, if the hostname is bs in east.boston.mycorp.us, the dn of the scBranchServer object would be cn=bs,cn=server, cn=east,ou=boston,o=mycorp,c=us. For more information on defining the server hostname during installation, see Network Interfaces in the Novell Linux Point of Service 9 Installation Guide.

Here is the procedure to add an scBranchServer object to the LDAP directory with posAdmin.

  1. Before you can add the scBranchServer to an scLocation object, you must define a scServerContainer.

    This is done with the --scServerContainer and common name (--cn) options. For example (type the command all on one line):

    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base cn=east,ou=boston,o=mycorp,c=us 
--add --scServerContainer --cn server

  2. In the new scServerContainer, add a Branch Server object.

    This is done with the --scBranchServer and common name (--cn) options. For example (type the command all on one line):

    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base cn=server,cn=east,ou=boston,o=mycorp,c=us 
--add --scBranchServer --cn bs

    Optionally, you can define the reference hardware with the --scRefServerDn option, a pointer (Distinguished Name) to the global directory.

  3. Add a network interface card with a static IP address from the defined subnet.

    This is done with the --scNetworkcard option and the --scDevice and --scIpHostNumber attributes. For example (type the command all on one line): 

    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us 
--add --scNetworkcard --scDevice eth0 --ipHostNumber 192.168.1.1

    Table 6-4 summarizes the posAdmin command options for scNetworkcard attributes.

    Table 6-4 Command options for creating scNetworkcard objects

    Option

    Type

    Description

    --scDevice

    must

    The name of network device of the card; for example, eth0 or eth1.

    --ipHostNumber

    must

    The IP address; for example, 192.168.1.1.

    --macAddress

    may

    The MAC address of the network interface card.

    --scModul

    may

    The name of the Linux kernel module for the network interface card.

    --scModulOption

    may

    The module options of the Linux kernel module for the network interface card.

    --ipNetmaskNumber

    may

    If the ipHostNumber is not inside the defined subnet of the location, add the netmask belonging to the IP address assigned to the network interface card.

  4. Set up the Branch Server services. At a minimum, define the required DNS, TFTP and DHCP services.

    The following examples demonstrate how to add the DNS, DHCP, and TFTP services. 

    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us 
--add --scService --cn dns --ipHostNumber 192.168.1.1 
--scDnsName dns --scServiceName dns --scServiceStartScript named 
--scServiceStatus TRUE

    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us 
--add --scService --cn dhcp --ipHostNumber 192.168.1.1 
--scDnsName dhcp --scServiceName dhcp  
--scServiceStartScript dhcpd --scServiceStatus TRUE

    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us 
--add - scService --cn tftp --ipHostNumber 192.168.1.1 
--scDnsName tftp --scServiceName tftp 
--scServiceStartScript atftpd --scServiceStatus TRUE

    Table 6-5 summarizes the posAdmin command options for the scService object attributes.

    Table 6-5 Command options for creating scService objects

    Option

    Type

    Description

    --cn

    must

    The common name of the service.

    --ipHostNumber

    must

    The virtual IP address of the HA Service.

    --scDnsName

    must

    The DNS name of the service.

    --scServiceName

    must

    The name of the service; for example, dns, dhcp, tftp.

    --scServiceStartScript

    must

    The name of the init script in /etc/init.d; for example, atftpd for the tftp service.

    --scServiceStatus

    must

    The status of the service. TRUE or FALSE are possible values.

    --scServiceEmail

    may

    The email address where the service should send email notifications.

6.3.4 Adding a Branch Server with High Availability Services (scHAService)

A high availability (HA) Branch Server performs the same functions as a standard Branch Server with the following differences:

  • The HA Branch Server is configured as a two-server cluster.
  • It requires at least two network interface cards per server.
  • Instead of scService objects, the HA Branch Server has scHAService objects.

For information on installing a HA Branch Server pair, see Setting Up High Availability Branch Servers in the Novell Linux Point of Service 9 Installation Guide.

Here is the procedure required to add a HA Branch Server object to the LDAP directory.

  1. Define a scServerContainer.

    This is done with the --scServerContainer option and the common name (--cn) attribute. For example (type the command all on one line):

    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
--base cn=east,ou=boston,o=mycorp,c=us 
--add --scServerContainer --cn server

  2. In the new scServerContainer, create two Branch Server objects.

    The following commands create the BS1 and BS2 Branch Server objects in the scServerContainer. 

    #\#  bs1
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scBranchServer --cn bs1

    #\#  bs2
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --basecn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scBranchServer --cn bs2

  3. Add the network interface cards for each Branch Server.

    Depending on network traffic and the desired performance, you can configure one to four network interface cards per Branch Server. For general information on how the network cards can be implemented on the network, see Meeting System Requirements in the Novell Linux Point of Service 9 Installation Guide. For specific information on the network interface card configuration, see Network Interfaces in the Novell Linux Point of Service 9 Installation Guide.

    The following examples demonstrate how to add network interface cards for the Branch, DRBD, and Heartbeat interfaces to the LDAP configuration. 

    #\# eth1 on the BS1 for the Branch Server interface
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs1,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scNetworkcard --scDevice eth1 
    --ipHostNumber 192.168.1.1

    #\# eth1 on BS2 for the Branch Server interface
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs2,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scNetworkcard --scDevice eth1 
    --ipHostNumber 192.168.1.2

    #\# eth1:0 for the Branch Server interface virtual IP
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs1,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scNetworkcard --scDevice eth1:0 
    --ipHostNumber 192.168.1.3

    #\# eth2 on BS1 for the DRBD interface
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs1,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scNetworkcard --scDevice eth2 
    --ipHostNumber 192.168.2.1

    #\# eth2 on BS2 for the DRBD interface
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs2,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scNetworkcard --scDevice eth2 
    --ipHostNumber 192.168.2.2

    #\# eth3 on BS1 for the Heartbeat interface 
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs1,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scNetworkcard --scDevice eth3 
    --ipHostNumber 192.168.3.1

    #\# eth3 on BS2 for the Heartbeat interface 
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs2,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scNetworkcard --scDevice eth3 
    --ipHostNumber 192.168.3.2

    Table 6-6 summarizes the posAdmin command options for scNetworkcard object attributes.

    Table 6-6 Command options for creating scNetworkcard objects

    Attribute

    Type

    Explanation

    --scDevice

    must

    The name of network device of the card. For example, eth0 or eth1.

    --ipHostNumber

    must

    The IP address. For example, 192.168.1.1.

    --macAddress

    may

    The MAC address of the network interface card.

    --scModul

    may

    The name of the Linux kernel module for the network interface card.

    --scModulOption

    may

    The module options of the Linux kernel module for the network interface card.

    --ipNetmaskNumber

    may

    If the ipHostNumber is not inside the defined subnet of the location, add the netmask belonging to the IP address assigned to the network interface card.

  4. Add DNS, DHCP, and TFTP as HA services.

    The following commands demonstrate how to add DNS, DHCP, and TFTP as HA services.

    #\# DNS on BS1 as primary service
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs1,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scHAService --cn dns --ipHostNumber 192.168.1.3 
    --cDnsName dns --scServiceName dns 
    --scServiceStartScript named 
    --scServiceStatus TRUE --scPrimaryService TRUE

    #\# DHCP on BS1 as primary service
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs1,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scHAService --cn dhcp --ipHostNumber 192.168.1.3 
    --scDnsName dhcp --scServiceName dhcp 
    --scServiceStartScript dhcpd 
    --scServiceStatus TRUE --scPrimaryService TRUE

    #\# TFTP on BS1 as primary service
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs1,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scHAService --cn tftp --ipHostNumber 192.168.1.3 
    --scDnsName tftp --scServiceName tftp 
    --scServiceStartScript atftpd 
    --scServiceStatus TRUE --scPrimaryService TRUE

    #\# DNS on BS2 as backup service
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs2,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scHAService --cn dns --ipHostNumber 192.168.1.3 
    --scDnsName dns --scServiceName dns 
    --scServiceStartScript named 
    --scServiceStatus TRUE - scPrimaryService FALSE

    #\# DHCP on BS2 as backup service
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs2,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scHAService --cn dhcp --ipHostNumber 192.168.1.3 
    --scDnsName dhcp --scServiceName dhcp 
    --scServiceStartScript dhcpd 
    --scServiceStatus TRUE --scPrimaryService FALSE

    #\# TFTP on BS2 as backup service
    posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret 
    --base cn=bs2,cn=server,cn=east,ou=boston,o=mycorp,c=us 
    --add --scHAService --cn tftp --ipHostNumber 192.168.1.3 
    --scDnsName tftp --scServiceName tftp 
    --scServiceStartScript atftpd 
    --scServiceStatus TRUE --scPrimaryService FALSE

    Table 6-7 summarizes the posAdmin command options for scHAService object attributes.

    Table 6-7 Command options for creating scHAService objects

    Attribute

    Type

    Explanation

    --cn

    must

    The common name of the service.

    --ipHostNumber

    must

    The virtual IP address of the HA Service.

    --scDnsName

    must

    The DNS name of the service.

    --scServiceName

    must

    The name of the service; for example: dns, dhcp, tftp.

    --scServiceStartScript

    must

    The name of the init script in /etc/init.d; for example, atftpd for the tftp service.

    --scServiceStatus

    must

    The status of the service. TRUE or FALSE are possible values.

    --scPrimaryService

    must

    This flag is used to describe if this a primary service or not. TRUE or FALSE are the possible values. If you define a primary server, this flag is always TRUE. On a secondary server, this flag is always FALSE.

    --scServiceEmail

    may

    The email address where the service should send email notifications.