LDAP and formatting of configs

Jason Brandt jbrandt at fsmail.bradley.edu
Tue Jun 4 14:25:59 UTC 2013 

Please do a dump of your config from LDAP directly.  It looks like you have
a configuration error.  The LDAP module is very particular about how things
are grouped and formatted.  JXplorer works very well for this:
http://jxplorer.org/


On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney <bpk678 at gmail.com> wrote:

> hi all,
>
> i am using DHCP 4.2.4-P2 on fedora 16 currently and want to move my
> config into LDAP.  i am running a load-sharing instance between two
> servers, supporting 2 or 3 scopes per subnet, with about 3 subnets.  in
> the dhcpd.conf (file based) format, the configs are working.  when i
> start putting the config directives into LDAP, i see that lines run into
> each other and weird issues crop up because of badly formatted configs
> being read into the dhcp instance.
>
> dhcpd.conf.ldap:
> ldap-server "ldap.bpk2.com";
> ldap-port 389;
> ldap-username "user";
> ldap-password "password";
> ldap-base-dn "dc=bpk2,dc=com";
> # ldap-base-dn "ou=Computers,cn=Servers,dc=bpk2,dc=com";
> ldap-method dynamic;
> ldap-debug-file "/var/log/dhcp-ldap-startup.log";
>
> dhcpd -4 -d -cf ./dhcpd.conf.ldap:
> Internet Systems Consortium DHCP Server 4.2.4-P2
> Copyright 2004-2012 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> LDAP line 29: semicolon expected.
> allow members of "proxied-clients"
>                   ^
> bad range, address 192.168.2.50 not in subnet 192.168.1.0 netmask
> 255.255.255.0
>
> This version of ISC DHCP is based on the release available
> on ftp.isc.org.  Features have been added and other changes
> have been made to the base software release in order to make
> it work better with this distribution.
>
> Please report for this software via the Red Hat Bugzilla site:
>     http://bugzilla.redhat.com
>
> exiting.
>
> cat -n /var/log/dhcp-ldap-startup.log:
>      1  ddns-update-style interim;
>      2  ddns-updates on;
>      3  update-static-leases on;
>      4  authoritative;
>      5  log-facility local1;
>      6  key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
>      7  zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
>      8  zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
>      9  zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
>     10  zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
>     11  zone bpk2.com { primary 192.168.50.1; key dhcp; }
>     12  option T150 code 150 = string;
>     13  option wpad-url code 252 = text;subnet 192.168.1.0 netmask
> 255.255.255.0 {
>     14  allow client-updates;
>     15  default-lease-time 7200;
>     16  max-lease-time 86400;
>     17  ping-check true;
>     18  ddns-domainname "bpk2.com";
>     19  ignore bootp;
>     20  option domain-name "bpk2.com";
>     21  option subnet-mask 255.255.255.0;
>     22  option broadcast-address 192.168.1.255;
>     23  option routers 192.168.1.254;
>     24  option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
>     25  option ntp-servers ntp.bpk2.com;
>     26  option netbios-name-servers server.bpk2.com;
>     27  option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
>     28  range 192.168.1.50 192.168.1.99;
>     29  allow members of "proxied-clients";
>     30  failover peer "dhcp-failover";
>     31  }pool {
>     32  range 192.168.1.100 192.168.1.149;
>     33  allow members of "unproxied-clients";
>     34  failover peer "dhcp-failover";
>     35  }pool {
>     36  range 192.168.1.150 192.168.1.199;
>     37  allow unknown-clients;
>     38  failover peer "dhcp-failover";
>     39  }
>     40  }subnet 192.168.2.0 netmask 255.255.255.0 {
>     41  allow client-updates;
>     42  default-lease-time 7200;
>     43  max-lease-time 86400;
>     44  ping-check true;
>     45  ddns-domainname "bpk2.com";
>     46  ignore bootp;
>     47  option domain-name "bpk2.com";
>     48  option subnet-mask 255.255.255.0;
>     49  option broadcast-address 192.168.2.255;
>     50  option routers 192.168.2.254;
>     51  option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
>     52  option ntp-servers ntp.bpk2.com;
>     53  option netbios-name-servers server.bpk2.com;
>     54  option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
>     55  range 192.168.2.50 192.168.2.99;
>     56  allow members of "proxied-clients";
>     57  failover peer "dhcp-failover";
>     58  }[root at vpn dhcp]#
>
> if you see on line 27, the pool declaration which should be on a
> separate line is not on its own line and is causing issues further down
> in the config, it seems.  lines 31, 35, 40, and 54 also seem to have
> this formatting issue.  directives that should be on separate lines and
> are not seem to be causing issues further down in the config.  not only
> is there something off with the expected semicolon, but the 192.168.2.50
> range is being seen as attempted to be loaded into the 192.168.1.0/24
> network.  if the configs were read properly out of LDAP, this would not
> be happening.  Is the issue with the way i have things setup in LDAP,
> such as ordering or something?  an ldif export is attached for review.
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>



-- 
Jason K. Brandt
Systems Administrator
Bradley University
(309) 677-2958
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130604/af119235/attachment-0001.html>

More information about the dhcp-users mailing list