LDAP and formatting of configs

Brendan Kearney bpk678 at gmail.com
Tue Jun 4 13:52:15 UTC 2013


hi all,

i am using DHCP 4.2.4-P2 on fedora 16 currently and want to move my
config into LDAP.  i am running a load-sharing instance between two
servers, supporting 2 or 3 scopes per subnet, with about 3 subnets.  in
the dhcpd.conf (file based) format, the configs are working.  when i
start putting the config directives into LDAP, i see that lines run into
each other and weird issues crop up because of badly formatted configs
being read into the dhcp instance.

dhcpd.conf.ldap:
ldap-server "ldap.bpk2.com";
ldap-port 389;
ldap-username "user";
ldap-password "password";
ldap-base-dn "dc=bpk2,dc=com";
# ldap-base-dn "ou=Computers,cn=Servers,dc=bpk2,dc=com";
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";

dhcpd -4 -d -cf ./dhcpd.conf.ldap:
Internet Systems Consortium DHCP Server 4.2.4-P2
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
LDAP line 29: semicolon expected.
allow members of "proxied-clients"
                  ^
bad range, address 192.168.2.50 not in subnet 192.168.1.0 netmask
255.255.255.0

This version of ISC DHCP is based on the release available
on ftp.isc.org.  Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.

Please report for this software via the Red Hat Bugzilla site:
    http://bugzilla.redhat.com

exiting.

cat -n /var/log/dhcp-ldap-startup.log:
     1	ddns-update-style interim;
     2	ddns-updates on;
     3	update-static-leases on;
     4	authoritative;
     5	log-facility local1;
     6	key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
     7	zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
     8	zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
     9	zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
    10	zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
    11	zone bpk2.com { primary 192.168.50.1; key dhcp; }
    12	option T150 code 150 = string;
    13	option wpad-url code 252 = text;subnet 192.168.1.0 netmask
255.255.255.0 {
    14	allow client-updates;
    15	default-lease-time 7200;
    16	max-lease-time 86400;
    17	ping-check true;
    18	ddns-domainname "bpk2.com";
    19	ignore bootp;
    20	option domain-name "bpk2.com";
    21	option subnet-mask 255.255.255.0;
    22	option broadcast-address 192.168.1.255;
    23	option routers 192.168.1.254;
    24	option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
    25	option ntp-servers ntp.bpk2.com;
    26	option netbios-name-servers server.bpk2.com;
    27	option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
    28	range 192.168.1.50 192.168.1.99;
    29	allow members of "proxied-clients";
    30	failover peer "dhcp-failover";
    31	}pool {
    32	range 192.168.1.100 192.168.1.149;
    33	allow members of "unproxied-clients";
    34	failover peer "dhcp-failover";
    35	}pool {
    36	range 192.168.1.150 192.168.1.199;
    37	allow unknown-clients;
    38	failover peer "dhcp-failover";
    39	}
    40	}subnet 192.168.2.0 netmask 255.255.255.0 {
    41	allow client-updates;
    42	default-lease-time 7200;
    43	max-lease-time 86400;
    44	ping-check true;
    45	ddns-domainname "bpk2.com";
    46	ignore bootp;
    47	option domain-name "bpk2.com";
    48	option subnet-mask 255.255.255.0;
    49	option broadcast-address 192.168.2.255;
    50	option routers 192.168.2.254;
    51	option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
    52	option ntp-servers ntp.bpk2.com;
    53	option netbios-name-servers server.bpk2.com;
    54	option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
    55	range 192.168.2.50 192.168.2.99;
    56	allow members of "proxied-clients";
    57	failover peer "dhcp-failover";
    58	}[root at vpn dhcp]# 

if you see on line 27, the pool declaration which should be on a
separate line is not on its own line and is causing issues further down
in the config, it seems.  lines 31, 35, 40, and 54 also seem to have
this formatting issue.  directives that should be on separate lines and
are not seem to be causing issues further down in the config.  not only
is there something off with the expected semicolon, but the 192.168.2.50
range is being seen as attempted to be loaded into the 192.168.1.0/24
network.  if the configs were read properly out of LDAP, this would not
be happening.  Is the issue with the way i have things setup in LDAP,
such as ordering or something?  an ldif export is attached for review.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhcpd.ldif
Type: text/x-ldif
Size: 10261 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130604/e67be9df/attachment.bin>


More information about the dhcp-users mailing list