LDAP and formatting of configs
Jason Brandt
jbrandt at fsmail.bradley.edu
Tue Jun 4 14:25:59 UTC 2013
Please do a dump of your config from LDAP directly. It looks like you have
a configuration error. The LDAP module is very particular about how things
are grouped and formatted. JXplorer works very well for this:
http://jxplorer.org/
On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney <bpk678 at gmail.com> wrote:
> hi all,
>
> i am using DHCP 4.2.4-P2 on fedora 16 currently and want to move my
> config into LDAP. i am running a load-sharing instance between two
> servers, supporting 2 or 3 scopes per subnet, with about 3 subnets. in
> the dhcpd.conf (file based) format, the configs are working. when i
> start putting the config directives into LDAP, i see that lines run into
> each other and weird issues crop up because of badly formatted configs
> being read into the dhcp instance.
>
> dhcpd.conf.ldap:
> ldap-server "ldap.bpk2.com";
> ldap-port 389;
> ldap-username "user";
> ldap-password "password";
> ldap-base-dn "dc=bpk2,dc=com";
> # ldap-base-dn "ou=Computers,cn=Servers,dc=bpk2,dc=com";
> ldap-method dynamic;
> ldap-debug-file "/var/log/dhcp-ldap-startup.log";
>
> dhcpd -4 -d -cf ./dhcpd.conf.ldap:
> Internet Systems Consortium DHCP Server 4.2.4-P2
> Copyright 2004-2012 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> LDAP line 29: semicolon expected.
> allow members of "proxied-clients"
> ^
> bad range, address 192.168.2.50 not in subnet 192.168.1.0 netmask
> 255.255.255.0
>
> This version of ISC DHCP is based on the release available
> on ftp.isc.org. Features have been added and other changes
> have been made to the base software release in order to make
> it work better with this distribution.
>
> Please report for this software via the Red Hat Bugzilla site:
> http://bugzilla.redhat.com
>
> exiting.
>
> cat -n /var/log/dhcp-ldap-startup.log:
> 1 ddns-update-style interim;
> 2 ddns-updates on;
> 3 update-static-leases on;
> 4 authoritative;
> 5 log-facility local1;
> 6 key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
> 7 zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
> 8 zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
> 9 zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
> 10 zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
> 11 zone bpk2.com { primary 192.168.50.1; key dhcp; }
> 12 option T150 code 150 = string;
> 13 option wpad-url code 252 = text;subnet 192.168.1.0 netmask
> 255.255.255.0 {
> 14 allow client-updates;
> 15 default-lease-time 7200;
> 16 max-lease-time 86400;
> 17 ping-check true;
> 18 ddns-domainname "bpk2.com";
> 19 ignore bootp;
> 20 option domain-name "bpk2.com";
> 21 option subnet-mask 255.255.255.0;
> 22 option broadcast-address 192.168.1.255;
> 23 option routers 192.168.1.254;
> 24 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
> 25 option ntp-servers ntp.bpk2.com;
> 26 option netbios-name-servers server.bpk2.com;
> 27 option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
> 28 range 192.168.1.50 192.168.1.99;
> 29 allow members of "proxied-clients";
> 30 failover peer "dhcp-failover";
> 31 }pool {
> 32 range 192.168.1.100 192.168.1.149;
> 33 allow members of "unproxied-clients";
> 34 failover peer "dhcp-failover";
> 35 }pool {
> 36 range 192.168.1.150 192.168.1.199;
> 37 allow unknown-clients;
> 38 failover peer "dhcp-failover";
> 39 }
> 40 }subnet 192.168.2.0 netmask 255.255.255.0 {
> 41 allow client-updates;
> 42 default-lease-time 7200;
> 43 max-lease-time 86400;
> 44 ping-check true;
> 45 ddns-domainname "bpk2.com";
> 46 ignore bootp;
> 47 option domain-name "bpk2.com";
> 48 option subnet-mask 255.255.255.0;
> 49 option broadcast-address 192.168.2.255;
> 50 option routers 192.168.2.254;
> 51 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
> 52 option ntp-servers ntp.bpk2.com;
> 53 option netbios-name-servers server.bpk2.com;
> 54 option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
> 55 range 192.168.2.50 192.168.2.99;
> 56 allow members of "proxied-clients";
> 57 failover peer "dhcp-failover";
> 58 }[root at vpn dhcp]#
>
> if you see on line 27, the pool declaration which should be on a
> separate line is not on its own line and is causing issues further down
> in the config, it seems. lines 31, 35, 40, and 54 also seem to have
> this formatting issue. directives that should be on separate lines and
> are not seem to be causing issues further down in the config. not only
> is there something off with the expected semicolon, but the 192.168.2.50
> range is being seen as attempted to be loaded into the 192.168.1.0/24
> network. if the configs were read properly out of LDAP, this would not
> be happening. Is the issue with the way i have things setup in LDAP,
> such as ordering or something? an ldif export is attached for review.
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Jason K. Brandt
Systems Administrator
Bradley University
(309) 677-2958
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130604/af119235/attachment-0001.html>
More information about the dhcp-users
mailing list