Mac Authentication

[Brian Masney]

On Tue, Sep 09, 2003 at 08:13:01AM -0500, Keith Patton wrote:
> Brian,
> This looks good...
> 
> However, I have a few questions..
> 
> 1.  Where are the failover attributes now,   in ldap or still /etc/dhcp.conf ?

You could put them into a dhcpStatement attribute or in your dhcp.conf file.

> 2.  For our  large deployment,  I foresee  requiring  2  maybe 3 ldap trees.   A
> server specific one,  a department one and a shared one.
>      Server = local parameters, interface, peering information
> 
>      department = ( assuming multiple servers on same net )  Shared values,  dns,
> wins, mask
> 
>      Shared = hwaddresses
> 
>     ---- > OR < ------
> 
>    use both, /etc/dhcp.conf and ldap where ldap contains shared information were the
> conf file takes precedence..

The stuff that goes into the conf file supplements what is already in LDAP.
If you are running multiple DHCP servers you can have a shared LDAP tree for
your configuration and then a server specific section. For example, to setup
your DHCP server you first need to create an LDAP entry for your DHCP server:

dn: cn=brian.ntelos.net, dc=ntelos, dc=net
objectClass: top
objectClass: dhcpServer
cn: brian.ntelos.net
dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net

Then, dhcpServiceDN points to the following LDAP entry:

dn: cn=DHCP Service Config, dc=ntelos, dc=net
cn: DHCP Service Config
objectClass: top 
objectClass: dhcpService
dhcpPrimaryDN: dc=ntelos, dc=net
dhcpStatements: ddns-update-style none 
dhcpStatements: default-lease-time 600
dhcpStatements: max-lease-time 7200

You could make the first DHCP server point to this dhcpService entry, and
then you can have other DHCP servers point to different dhcpService entries.
In your dhcpService entry you can specify a dhcpGroupDN (or one of it's
friends) to have it pull in a different LDAP tree for common configuration.

Hope this is clear...

Brian