LDAP and formatting of configs
Brendan Kearney
bpk678 at gmail.com
Tue Jun 4 14:42:58 UTC 2013
straight up ldapsearch below.
[brendan at desktop bin]$ sudo ldapsearch -D cn=Manager,dc=bpk2,dc=com -w
password -b "cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com"
# extended LDIF
#
# LDAPv3
# base <cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# DHCP Config, Daemons, bpk2.com
dn: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: DHCP Config
dhcpPrimaryDN: cn=dhcp01,dc=bpk2,dc=com
dhcpSecondaryDN: cn=dhcp02,dc=bpk2,dc=com
objectClass: top
objectClass: dhcpService
objectClass: dhcpOptions
dhcpFailOverPeerDN: cn=dhcp01,dc=bpk2,dc=com
dhcpFailOverPeerDN: cn=dhcp02,dc=bpk2,dc=com
dhcpOption: T150 code 150 = string
dhcpOption: wpad-url code 252 = text
dhcpStatements: ddns-update-style interim
dhcpStatements: ddns-updates on
dhcpStatements: update-static-leases on
dhcpStatements: authoritative
dhcpStatements: log-facility local1
dhcpStatements: key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
dhcpStatements: zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key
dhcp;
}
dhcpStatements: zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key
dhcp;
}
dhcpStatements: zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key
dhcp;
}
dhcpStatements: zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key
dhcp;
}
dhcpStatements: zone bpk2.com { primary 192.168.50.1; key dhcp; }
# 192.168.1.0, DHCP Config, Daemons, bpk2.com
dn: cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: 192.168.1.0
dhcpNetMask: 24
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpOption: domain-name "bpk2.com"
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 192.168.1.255
dhcpOption: routers 192.168.1.254
dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
dhcpOption: ntp-servers ntp.bpk2.com
dhcpOption: netbios-name-servers server.bpk2.com
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
dhcpStatements: allow client-updates
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 86400
dhcpStatements: ping-check true
dhcpStatements: ddns-domainname "bpk2.com"
dhcpStatements: ignore bootp
# pool1, 192.168.1.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool1,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool1
objectClass: top
objectClass: dhcpPool
dhcpStatements: allow members of "proxied-clients"
dhcpStatements: failover peer "dhcp-failover"
dhcpRange: 192.168.1.50 192.168.1.99
# pool2, 192.168.1.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool2,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool2
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.1.100 192.168.1.149
dhcpStatements: allow members of "unproxied-clients"
dhcpStatements: failover peer "dhcp-failover"
# pool3, 192.168.1.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool3,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool3
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.1.150 192.168.1.199
dhcpStatements: allow unknown-clients
dhcpStatements: failover peer "dhcp-failover"
# 192.168.2.0, DHCP Config, Daemons, bpk2.com
dn: cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: 192.168.2.0
dhcpNetMask: 24
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpStatements: allow client-updates
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 86400
dhcpStatements: ping-check true
dhcpStatements: ddns-domainname "bpk2.com"
dhcpStatements: ignore bootp
dhcpOption: domain-name "bpk2.com"
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 192.168.2.255
dhcpOption: routers 192.168.2.254
dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
dhcpOption: ntp-servers ntp.bpk2.com
dhcpOption: netbios-name-servers server.bpk2.com
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
# pool1, 192.168.2.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool1,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool1
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.2.50 192.168.2.99
dhcpStatements: allow members of "proxied-clients"
dhcpStatements: failover peer "dhcp-failover"
# pool2, 192.168.2.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool2,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool2
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.2.100 192.168.2.149
dhcpStatements: allow members of "unproxied-clients"
dhcpStatements: failover peer "dhcp-failover"
# pool3, 192.168.2.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool3,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool3
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.2.150 192.168.2.199
dhcpStatements: allow unknown-clients
dhcpStatements: failover peer "dhcp-failover"
# 192.168.3.0, DHCP Config, Daemons, bpk2.com
dn: cn=192.168.3.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: 192.168.3.0
dhcpNetMask: 24
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpOption: domain-name "bpk2.com"
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 192.168.3.255
dhcpOption: routers 192.168.3.254
dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
dhcpOption: ntp-servers ntp.bpk2.com
dhcpOption: netbios-name-servers server.bpk2.com
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
dhcpStatements: allow client-updates
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 86400
dhcpStatements: ping-check true
dhcpStatements: ddns-domainname "bpk2.com"
dhcpStatements: ignore bootp
# pool1, 192.168.3.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool1,cn=192.168.3.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool1
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.3.100 192.168.3.199
dhcpStatements: allow unknown-clients
dhcpStatements: failover peer "dhcp-failover"
# 192.168.50.0, DHCP Config, Daemons, bpk2.com
dn: cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: 192.168.50.0
dhcpNetMask: 24
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpOption: domain-name "bpk2.com"
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 192.168.50.255
dhcpOption: routers 192.168.50.254
dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
dhcpOption: ntp-servers ntp.bpk2.com
dhcpOption: netbios-name-servers server.bpk2.com
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
dhcpStatements: allow client-updates
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 86400
dhcpStatements: ping-check true
dhcpStatements: ddns-domainname "bpk2.com"
dhcpStatements: ignore bootp
# pool1, 192.168.50.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool1,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool1
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.50.50 192.168.50.99
dhcpStatements: allow members of "proxied-clients"
dhcpStatements: failover peer "dhcp-failover"
# pool2, 192.168.50.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool2,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool2
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.50.100 192.168.50.149
dhcpStatements: allow members of "unproxied-clients"
dhcpStatements: failover peer "dhcp-failover"
# pool3, 192.168.50.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool3,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool3
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.50.150 192.168.50.199
dhcpStatements: allow unknown-clients
dhcpStatements: failover peer "dhcp-failover"
# dev, DHCP Config, Daemons, bpk2.com
dn: cn=dev,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dev
dhcpOption: dhcp-client-identifier 1:e4:11:5b:13:80:b8
objectClass: top
objectClass: dhcpHost
objectClass: dhcpOptions
dhcpHWAddress: ethernet e4:11:5b:13:80:b8
dhcpStatements: ddns-hostname "dev"
# printer-eth0, DHCP Config, Daemons, bpk2.com
dn: cn=printer-eth0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: printer-eth0
objectClass: top
objectClass: dhcpHost
dhcpHWAddress: ethernet 00:15:60:49:7b:44
dhcpStatements: fixed-address 192.168.1.3
dhcpStatements: ddns-hostname "printer"
# printer-wlan0, DHCP Config, Daemons, bpk2.com
dn: cn=printer-wlan0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: printer-wlan0
objectClass: top
objectClass: dhcpHost
dhcpHWAddress: ethernet 00:15:60:e8:ae:83
dhcpStatements: fixed-address 192.168.1.3
dhcpStatements: ddns-hostname "printer"
# proxied-clients, DHCP Config, Daemons, bpk2.com
dn: cn=proxied-clients,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: proxied-clients
objectClass: top
objectClass: dhcpClass
dhcpStatements: match pick-first-value (option dhcp-client-identifier,
hardwar
e)
# unproxied-clients, DHCP Config, Daemons, bpk2.com
dn: cn=unproxied-clients,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: unproxied-clients
objectClass: top
objectClass: dhcpClass
dhcpStatements: match pick-first-value (option dhcp-client-identifier,
hardwar
e)
# dhcp-failover, DHCP Config, Daemons, bpk2.com
dn: cn=dhcp-failover,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dhcp-failover
dhcpFailOverLoadBalanceTime: 3
dhcpFailOverPrimaryPort: 647
dhcpFailOverPrimaryServer: dhcp01
dhcpFailOverResponseDelay: 60
dhcpFailOverSecondaryPort: 647
dhcpFailOverSecondaryServer: dhcp02
dhcpFailOverSplit: 128
dhcpFailOverUnackedUpdates: 10
dhcpMaxClientLeadTime: 3600
objectClass: dhcpFailOverPeer
objectClass: top
# dhcp01, DHCP Config, Daemons, bpk2.com
dn: cn=dhcp01,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dhcp01
dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
objectClass: top
objectClass: dhcpServer
# dhcp02, DHCP Config, Daemons, bpk2.com
dn: cn=dhcp02,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dhcp02
dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
objectClass: top
objectClass: dhcpServer
# search result
search: 2
result: 0 Success
# numResponses: 24
# numEntries: 23
On Tue, 2013-06-04 at 09:25 -0500, Jason Brandt wrote:
> Please do a dump of your config from LDAP directly. It looks like you
> have a configuration error. The LDAP module is very particular about
> how things are grouped and formatted. JXplorer works very well for
> this: http://jxplorer.org/
>
>
> On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney <bpk678 at gmail.com>
> wrote:
> hi all,
>
> i am using DHCP 4.2.4-P2 on fedora 16 currently and want to
> move my
> config into LDAP. i am running a load-sharing instance
> between two
> servers, supporting 2 or 3 scopes per subnet, with about 3
> subnets. in
> the dhcpd.conf (file based) format, the configs are working.
> when i
> start putting the config directives into LDAP, i see that
> lines run into
> each other and weird issues crop up because of badly formatted
> configs
> being read into the dhcp instance.
>
> dhcpd.conf.ldap:
> ldap-server "ldap.bpk2.com";
> ldap-port 389;
> ldap-username "user";
> ldap-password "password";
> ldap-base-dn "dc=bpk2,dc=com";
> # ldap-base-dn "ou=Computers,cn=Servers,dc=bpk2,dc=com";
> ldap-method dynamic;
> ldap-debug-file "/var/log/dhcp-ldap-startup.log";
>
> dhcpd -4 -d -cf ./dhcpd.conf.ldap:
> Internet Systems Consortium DHCP Server 4.2.4-P2
> Copyright 2004-2012 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> LDAP line 29: semicolon expected.
> allow members of "proxied-clients"
> ^
> bad range, address 192.168.2.50 not in subnet 192.168.1.0
> netmask
> 255.255.255.0
>
> This version of ISC DHCP is based on the release available
> on ftp.isc.org. Features have been added and other changes
> have been made to the base software release in order to make
> it work better with this distribution.
>
> Please report for this software via the Red Hat Bugzilla site:
> http://bugzilla.redhat.com
>
> exiting.
>
> cat -n /var/log/dhcp-ldap-startup.log:
> 1 ddns-update-style interim;
> 2 ddns-updates on;
> 3 update-static-leases on;
> 4 authoritative;
> 5 log-facility local1;
> 6 key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
> 7 zone 1.168.192.in-addr.arpa { primary 192.168.50.1;
> key dhcp; }
> 8 zone 2.168.192.in-addr.arpa { primary 192.168.50.1;
> key dhcp; }
> 9 zone 3.168.192.in-addr.arpa { primary 192.168.50.1;
> key dhcp; }
> 10 zone 50.168.192.in-addr.arpa { primary 192.168.50.1;
> key dhcp; }
> 11 zone bpk2.com { primary 192.168.50.1; key dhcp; }
> 12 option T150 code 150 = string;
> 13 option wpad-url code 252 = text;subnet 192.168.1.0
> netmask
> 255.255.255.0 {
> 14 allow client-updates;
> 15 default-lease-time 7200;
> 16 max-lease-time 86400;
> 17 ping-check true;
> 18 ddns-domainname "bpk2.com";
> 19 ignore bootp;
> 20 option domain-name "bpk2.com";
> 21 option subnet-mask 255.255.255.0;
> 22 option broadcast-address 192.168.1.255;
> 23 option routers 192.168.1.254;
> 24 option domain-name-servers
> ns01.bpk2.com,ns02.bpk2.com;
> 25 option ntp-servers ntp.bpk2.com;
> 26 option netbios-name-servers server.bpk2.com;
> 27 option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
> 28 range 192.168.1.50 192.168.1.99;
> 29 allow members of "proxied-clients";
> 30 failover peer "dhcp-failover";
> 31 }pool {
> 32 range 192.168.1.100 192.168.1.149;
> 33 allow members of "unproxied-clients";
> 34 failover peer "dhcp-failover";
> 35 }pool {
> 36 range 192.168.1.150 192.168.1.199;
> 37 allow unknown-clients;
> 38 failover peer "dhcp-failover";
> 39 }
> 40 }subnet 192.168.2.0 netmask 255.255.255.0 {
> 41 allow client-updates;
> 42 default-lease-time 7200;
> 43 max-lease-time 86400;
> 44 ping-check true;
> 45 ddns-domainname "bpk2.com";
> 46 ignore bootp;
> 47 option domain-name "bpk2.com";
> 48 option subnet-mask 255.255.255.0;
> 49 option broadcast-address 192.168.2.255;
> 50 option routers 192.168.2.254;
> 51 option domain-name-servers
> ns01.bpk2.com,ns02.bpk2.com;
> 52 option ntp-servers ntp.bpk2.com;
> 53 option netbios-name-servers server.bpk2.com;
> 54 option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
> 55 range 192.168.2.50 192.168.2.99;
> 56 allow members of "proxied-clients";
> 57 failover peer "dhcp-failover";
> 58 }[root at vpn dhcp]#
>
> if you see on line 27, the pool declaration which should be on
> a
> separate line is not on its own line and is causing issues
> further down
> in the config, it seems. lines 31, 35, 40, and 54 also seem
> to have
> this formatting issue. directives that should be on separate
> lines and
> are not seem to be causing issues further down in the config.
> not only
> is there something off with the expected semicolon, but the
> 192.168.2.50
> range is being seen as attempted to be loaded into the
> 192.168.1.0/24
> network. if the configs were read properly out of LDAP, this
> would not
> be happening. Is the issue with the way i have things setup
> in LDAP,
> such as ordering or something? an ldif export is attached for
> review.
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
>
> --
> Jason K. Brandt
> Systems Administrator
> Bradley University
> (309) 677-2958
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list