LDAP and formatting of configs

Brendan Kearney bpk678 at gmail.com
Tue Jun 4 14:42:58 UTC 2013


straight up ldapsearch below.

[brendan at desktop bin]$ sudo ldapsearch -D cn=Manager,dc=bpk2,dc=com -w
password -b "cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com"
# extended LDIF
#
# LDAPv3
# base <cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# DHCP Config, Daemons, bpk2.com
dn: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: DHCP Config
dhcpPrimaryDN: cn=dhcp01,dc=bpk2,dc=com
dhcpSecondaryDN: cn=dhcp02,dc=bpk2,dc=com
objectClass: top
objectClass: dhcpService
objectClass: dhcpOptions
dhcpFailOverPeerDN: cn=dhcp01,dc=bpk2,dc=com
dhcpFailOverPeerDN: cn=dhcp02,dc=bpk2,dc=com
dhcpOption: T150 code 150 = string
dhcpOption: wpad-url code 252 = text
dhcpStatements: ddns-update-style interim
dhcpStatements: ddns-updates on
dhcpStatements: update-static-leases on
dhcpStatements: authoritative
dhcpStatements: log-facility local1
dhcpStatements: key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
dhcpStatements: zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key
dhcp; 
 }
dhcpStatements: zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key
dhcp; 
 }
dhcpStatements: zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key
dhcp; 
 }
dhcpStatements: zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key
dhcp;
  }
dhcpStatements: zone bpk2.com { primary 192.168.50.1; key dhcp; }

# 192.168.1.0, DHCP Config, Daemons, bpk2.com
dn: cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: 192.168.1.0
dhcpNetMask: 24
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpOption: domain-name "bpk2.com"
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 192.168.1.255
dhcpOption: routers 192.168.1.254
dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
dhcpOption: ntp-servers ntp.bpk2.com
dhcpOption: netbios-name-servers server.bpk2.com
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
dhcpStatements: allow client-updates
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 86400
dhcpStatements: ping-check true
dhcpStatements: ddns-domainname "bpk2.com"
dhcpStatements: ignore bootp

# pool1, 192.168.1.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool1,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool1
objectClass: top
objectClass: dhcpPool
dhcpStatements: allow members of "proxied-clients"
dhcpStatements: failover peer "dhcp-failover"
dhcpRange: 192.168.1.50 192.168.1.99

# pool2, 192.168.1.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool2,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool2
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.1.100 192.168.1.149
dhcpStatements: allow members of "unproxied-clients"
dhcpStatements: failover peer "dhcp-failover"

# pool3, 192.168.1.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool3,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool3
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.1.150 192.168.1.199
dhcpStatements: allow unknown-clients
dhcpStatements: failover peer "dhcp-failover"

# 192.168.2.0, DHCP Config, Daemons, bpk2.com
dn: cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: 192.168.2.0
dhcpNetMask: 24
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpStatements: allow client-updates
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 86400
dhcpStatements: ping-check true
dhcpStatements: ddns-domainname "bpk2.com"
dhcpStatements: ignore bootp
dhcpOption: domain-name "bpk2.com"
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 192.168.2.255
dhcpOption: routers 192.168.2.254
dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
dhcpOption: ntp-servers ntp.bpk2.com
dhcpOption: netbios-name-servers server.bpk2.com
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat

# pool1, 192.168.2.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool1,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool1
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.2.50 192.168.2.99
dhcpStatements: allow members of "proxied-clients"
dhcpStatements: failover peer "dhcp-failover"

# pool2, 192.168.2.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool2,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool2
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.2.100 192.168.2.149
dhcpStatements: allow members of "unproxied-clients"
dhcpStatements: failover peer "dhcp-failover"

# pool3, 192.168.2.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool3,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool3
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.2.150 192.168.2.199
dhcpStatements: allow unknown-clients
dhcpStatements: failover peer "dhcp-failover"

# 192.168.3.0, DHCP Config, Daemons, bpk2.com
dn: cn=192.168.3.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: 192.168.3.0
dhcpNetMask: 24
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpOption: domain-name "bpk2.com"
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 192.168.3.255
dhcpOption: routers 192.168.3.254
dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
dhcpOption: ntp-servers ntp.bpk2.com
dhcpOption: netbios-name-servers server.bpk2.com
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
dhcpStatements: allow client-updates
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 86400
dhcpStatements: ping-check true
dhcpStatements: ddns-domainname "bpk2.com"
dhcpStatements: ignore bootp

# pool1, 192.168.3.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool1,cn=192.168.3.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool1
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.3.100 192.168.3.199
dhcpStatements: allow unknown-clients
dhcpStatements: failover peer "dhcp-failover"

# 192.168.50.0, DHCP Config, Daemons, bpk2.com
dn: cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: 192.168.50.0
dhcpNetMask: 24
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpOption: domain-name "bpk2.com"
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 192.168.50.255
dhcpOption: routers 192.168.50.254
dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
dhcpOption: ntp-servers ntp.bpk2.com
dhcpOption: netbios-name-servers server.bpk2.com
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
dhcpStatements: allow client-updates
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 86400
dhcpStatements: ping-check true
dhcpStatements: ddns-domainname "bpk2.com"
dhcpStatements: ignore bootp

# pool1, 192.168.50.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool1,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool1
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.50.50 192.168.50.99
dhcpStatements: allow members of "proxied-clients"
dhcpStatements: failover peer "dhcp-failover"

# pool2, 192.168.50.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool2,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool2
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.50.100 192.168.50.149
dhcpStatements: allow members of "unproxied-clients"
dhcpStatements: failover peer "dhcp-failover"

# pool3, 192.168.50.0, DHCP Config, Daemons, bpk2.com
dn: cn=pool3,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: pool3
objectClass: top
objectClass: dhcpPool
dhcpRange: 192.168.50.150 192.168.50.199
dhcpStatements: allow unknown-clients
dhcpStatements: failover peer "dhcp-failover"

# dev, DHCP Config, Daemons, bpk2.com
dn: cn=dev,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dev
dhcpOption: dhcp-client-identifier 1:e4:11:5b:13:80:b8
objectClass: top
objectClass: dhcpHost
objectClass: dhcpOptions
dhcpHWAddress: ethernet e4:11:5b:13:80:b8
dhcpStatements: ddns-hostname "dev"

# printer-eth0, DHCP Config, Daemons, bpk2.com
dn: cn=printer-eth0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: printer-eth0
objectClass: top
objectClass: dhcpHost
dhcpHWAddress: ethernet 00:15:60:49:7b:44
dhcpStatements: fixed-address 192.168.1.3
dhcpStatements: ddns-hostname "printer"

# printer-wlan0, DHCP Config, Daemons, bpk2.com
dn: cn=printer-wlan0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: printer-wlan0
objectClass: top
objectClass: dhcpHost
dhcpHWAddress: ethernet 00:15:60:e8:ae:83
dhcpStatements: fixed-address 192.168.1.3
dhcpStatements: ddns-hostname "printer"

# proxied-clients, DHCP Config, Daemons, bpk2.com
dn: cn=proxied-clients,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: proxied-clients
objectClass: top
objectClass: dhcpClass
dhcpStatements: match pick-first-value (option dhcp-client-identifier,
hardwar
 e)

# unproxied-clients, DHCP Config, Daemons, bpk2.com
dn: cn=unproxied-clients,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: unproxied-clients
objectClass: top
objectClass: dhcpClass
dhcpStatements: match pick-first-value (option dhcp-client-identifier,
hardwar
 e)

# dhcp-failover, DHCP Config, Daemons, bpk2.com
dn: cn=dhcp-failover,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dhcp-failover
dhcpFailOverLoadBalanceTime: 3
dhcpFailOverPrimaryPort: 647
dhcpFailOverPrimaryServer: dhcp01
dhcpFailOverResponseDelay: 60
dhcpFailOverSecondaryPort: 647
dhcpFailOverSecondaryServer: dhcp02
dhcpFailOverSplit: 128
dhcpFailOverUnackedUpdates: 10
dhcpMaxClientLeadTime: 3600
objectClass: dhcpFailOverPeer
objectClass: top

# dhcp01, DHCP Config, Daemons, bpk2.com
dn: cn=dhcp01,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dhcp01
dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
objectClass: top
objectClass: dhcpServer

# dhcp02, DHCP Config, Daemons, bpk2.com
dn: cn=dhcp02,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dhcp02
dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
objectClass: top
objectClass: dhcpServer

# search result
search: 2
result: 0 Success

# numResponses: 24
# numEntries: 23

On Tue, 2013-06-04 at 09:25 -0500, Jason Brandt wrote:
> Please do a dump of your config from LDAP directly.  It looks like you
> have a configuration error.  The LDAP module is very particular about
> how things are grouped and formatted.  JXplorer works very well for
> this: http://jxplorer.org/
> 
> 
> On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney <bpk678 at gmail.com>
> wrote:
>         hi all,
>         
>         i am using DHCP 4.2.4-P2 on fedora 16 currently and want to
>         move my
>         config into LDAP.  i am running a load-sharing instance
>         between two
>         servers, supporting 2 or 3 scopes per subnet, with about 3
>         subnets.  in
>         the dhcpd.conf (file based) format, the configs are working.
>          when i
>         start putting the config directives into LDAP, i see that
>         lines run into
>         each other and weird issues crop up because of badly formatted
>         configs
>         being read into the dhcp instance.
>         
>         dhcpd.conf.ldap:
>         ldap-server "ldap.bpk2.com";
>         ldap-port 389;
>         ldap-username "user";
>         ldap-password "password";
>         ldap-base-dn "dc=bpk2,dc=com";
>         # ldap-base-dn "ou=Computers,cn=Servers,dc=bpk2,dc=com";
>         ldap-method dynamic;
>         ldap-debug-file "/var/log/dhcp-ldap-startup.log";
>         
>         dhcpd -4 -d -cf ./dhcpd.conf.ldap:
>         Internet Systems Consortium DHCP Server 4.2.4-P2
>         Copyright 2004-2012 Internet Systems Consortium.
>         All rights reserved.
>         For info, please visit https://www.isc.org/software/dhcp/
>         LDAP line 29: semicolon expected.
>         allow members of "proxied-clients"
>                           ^
>         bad range, address 192.168.2.50 not in subnet 192.168.1.0
>         netmask
>         255.255.255.0
>         
>         This version of ISC DHCP is based on the release available
>         on ftp.isc.org.  Features have been added and other changes
>         have been made to the base software release in order to make
>         it work better with this distribution.
>         
>         Please report for this software via the Red Hat Bugzilla site:
>             http://bugzilla.redhat.com
>         
>         exiting.
>         
>         cat -n /var/log/dhcp-ldap-startup.log:
>              1  ddns-update-style interim;
>              2  ddns-updates on;
>              3  update-static-leases on;
>              4  authoritative;
>              5  log-facility local1;
>              6  key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
>              7  zone 1.168.192.in-addr.arpa { primary 192.168.50.1;
>         key dhcp; }
>              8  zone 2.168.192.in-addr.arpa { primary 192.168.50.1;
>         key dhcp; }
>              9  zone 3.168.192.in-addr.arpa { primary 192.168.50.1;
>         key dhcp; }
>             10  zone 50.168.192.in-addr.arpa { primary 192.168.50.1;
>         key dhcp; }
>             11  zone bpk2.com { primary 192.168.50.1; key dhcp; }
>             12  option T150 code 150 = string;
>             13  option wpad-url code 252 = text;subnet 192.168.1.0
>         netmask
>         255.255.255.0 {
>             14  allow client-updates;
>             15  default-lease-time 7200;
>             16  max-lease-time 86400;
>             17  ping-check true;
>             18  ddns-domainname "bpk2.com";
>             19  ignore bootp;
>             20  option domain-name "bpk2.com";
>             21  option subnet-mask 255.255.255.0;
>             22  option broadcast-address 192.168.1.255;
>             23  option routers 192.168.1.254;
>             24  option domain-name-servers
>         ns01.bpk2.com,ns02.bpk2.com;
>             25  option ntp-servers ntp.bpk2.com;
>             26  option netbios-name-servers server.bpk2.com;
>             27  option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
>             28  range 192.168.1.50 192.168.1.99;
>             29  allow members of "proxied-clients";
>             30  failover peer "dhcp-failover";
>             31  }pool {
>             32  range 192.168.1.100 192.168.1.149;
>             33  allow members of "unproxied-clients";
>             34  failover peer "dhcp-failover";
>             35  }pool {
>             36  range 192.168.1.150 192.168.1.199;
>             37  allow unknown-clients;
>             38  failover peer "dhcp-failover";
>             39  }
>             40  }subnet 192.168.2.0 netmask 255.255.255.0 {
>             41  allow client-updates;
>             42  default-lease-time 7200;
>             43  max-lease-time 86400;
>             44  ping-check true;
>             45  ddns-domainname "bpk2.com";
>             46  ignore bootp;
>             47  option domain-name "bpk2.com";
>             48  option subnet-mask 255.255.255.0;
>             49  option broadcast-address 192.168.2.255;
>             50  option routers 192.168.2.254;
>             51  option domain-name-servers
>         ns01.bpk2.com,ns02.bpk2.com;
>             52  option ntp-servers ntp.bpk2.com;
>             53  option netbios-name-servers server.bpk2.com;
>             54  option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
>             55  range 192.168.2.50 192.168.2.99;
>             56  allow members of "proxied-clients";
>             57  failover peer "dhcp-failover";
>             58  }[root at vpn dhcp]#
>         
>         if you see on line 27, the pool declaration which should be on
>         a
>         separate line is not on its own line and is causing issues
>         further down
>         in the config, it seems.  lines 31, 35, 40, and 54 also seem
>         to have
>         this formatting issue.  directives that should be on separate
>         lines and
>         are not seem to be causing issues further down in the config.
>          not only
>         is there something off with the expected semicolon, but the
>         192.168.2.50
>         range is being seen as attempted to be loaded into the
>         192.168.1.0/24
>         network.  if the configs were read properly out of LDAP, this
>         would not
>         be happening.  Is the issue with the way i have things setup
>         in LDAP,
>         such as ordering or something?  an ldif export is attached for
>         review.
>         
>         _______________________________________________
>         dhcp-users mailing list
>         dhcp-users at lists.isc.org
>         https://lists.isc.org/mailman/listinfo/dhcp-users
> 
> 
> 
> 
> -- 
> Jason K. Brandt
> Systems Administrator
> Bradley University
> (309) 677-2958
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users




More information about the dhcp-users mailing list