dhcpClassesDN ignored?
Brendan Kearney
bpk678 at gmail.com
Tue Dec 2 18:27:27 UTC 2014
On Tue, 2014-12-02 at 16:15 -0200, Márcio Merlone wrote:
> Hi,
>
> Following my last mails regarding DHCP+LDAP, seems like dhcpd ignores
> dhcpClassesDN. I am trying to create a branch to store dhcpClasses,
> dhcpSubClasses outside the dhcpService DN so they can be read by many
> dhcp servers.
>
> So far I managed to run dhcpd with the LDAP structure below:
>
> # Daemons, domain.tld
> dn: ou=Daemons,dc=domain,dc=tld
> objectClass: top
> objectClass: organizationalUnit
> ou: Daemons
> description: Daemons
>
> # dhcp, Daemons, domain.tld
> dn: ou=dhcp,ou=Daemons,dc=domain,dc=tld
> objectClass: top
> objectClass: organizationalUnit
> ou: dhcp
>
> # donald, dhcp, Daemons, domain.tld
> dn: cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> cn: donald
> objectClass: top
> objectClass: dhcpServer
> dhcpServiceDN: cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
>
> # hosts, dhcp, Daemons, domain.tld
> dn: cn=hosts,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> objectClass: top
> objectClass: dhcpGroup
> cn: hosts
>
> # mic-158, hosts, dhcp, Daemons, domain.tld
> dn: cn=mic-158,cn=hosts,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> cn: mic-158-orion
> objectClass: top
> objectClass: dhcpHost
> dhcpHWAddress: ethernet bc:ae:c5:70:6d:24
> dhcpStatements: fixed-address: 10.1.1.4
>
> # classes, dhcp, Daemons, domain.tld
> dn: ou=classes,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> objectClass: top
> objectClass: organizationalUnit
> ou: classes
>
> # clsDesktop, classes, dhcp, Daemons, domain.tld
> dn: cn=clsDesktop,ou=classes,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> cn: clsDesktop
> objectClass: top
> objectClass: dhcpClass
> dhcpStatements: match pick-first-value (option dhcp-client-identifier,
> hardwar
> e)
>
> # clsGuest, classes, dhcp, Daemons, domain.tld
> dn: cn=clsGuest,ou=classes,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> cn: clsGuest
> objectClass: top
> objectClass: dhcpClass
> dhcpStatements: match pick-first-value (option dhcp-client-identifier,
> hardwar
> e)
>
> # conf, donald, dhcp, Daemons, domain.tld
> dn: cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> cn: conf
> objectClass: top
> objectClass: dhcpService
> objectClass: dhcpOptions
> dhcpStatements: authoritative
> dhcpStatements: always-broadcast on
> dhcpStatements: max-lease-time 86400
> dhcpStatements: default-lease-time 7200
> dhcpStatements: min-lease-time 3600
> dhcpStatements: deny client-updates
> dhcpOption: wpad code 252 = text
> dhcpOption: wpad "http://wpad.domain.tld.br/wpad.dat"
> dhcpSharedNetworkDN:
> cn=A1,cn=dhcp,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> dhcpClassesDN: ou=classes,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> dhcpHostDN: cn=hosts,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> dhcpPrimaryDN: cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> dhcpSubnetDN:
> cn=10.1.1.0,cn=A1,cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=
> tld
>
> # A1, conf, donald, dhcp, Daemons, domain.tld
> dn: cn=A1,cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> cn: A1
> objectClass: top
> objectClass: dhcpSharedNetwork
>
> # 10.1.1.0, A1, conf, donald, dhcp, Daemons, domain.tld
> dn: cn=10.1.1.0,cn=A1,cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> cn: 10.1.1.0
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpNetMask: 24
> dhcpStatements: ddns-domainname "labs.domaincwb"
> dhcpStatements: max-lease-time 120
> dhcpStatements: default-lease-time 120
> dhcpStatements: min-lease-time 120
> dhcpClassesDN: ou=classes,ou=dhcp,ou=Daemons,dc=domain,dc=tld
> dhcpOption: domain-name "labs.domaincwb"
> dhcpOption: time-servers 10.1.1.1
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 10.1.1.255
> dhcpOption: domain-name-servers 10.1.1.1
> dhcpOption: ntp-servers 10.1.1.1
> dhcpOption: routers 10.1.1.1
> dhcpOption: netbios-name-servers 10.1.1.1
>
> # pool1, 10.1.1.0, A1, conf, donald, dhcp, Daemons, domain.tld
> dn:
> cn=pool1,cn=10.1.1.0,cn=A1,cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=t
> ld
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 10.1.1.20 10.1.1.254
> dhcpStatements: allow members of "clsDesktop"
>
> # 08:00:27:e4:73:34, clsDesktop, classes, dhcp, Daemons, domain.tld
> dn:
> cn=08:00:27:e4:73:34,cn=clsDesktop,ou=classes,ou=dhcp,ou=Daemons,dc=domain,dc=
> tld
> cn: 08:00:27:e4:73:34
> objectClass: top
> objectClass: dhcpSubClass
> dhcpClassData: "clsDesktop"
>
>
> dhcpd runs fine with that, but:
>
> root at donald:~# dhcpd -4 -f -d -cf /etc/dhcp/dhcpd.conf eth0
> Internet Systems Consortium DHCP Server 4.2.4
> Copyright 2004-2012 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> Wrote 0 class decls to leases file.
> Wrote 0 leases to leases file.
> Listening on LPF/eth0/08:00:27:75:e6:3a/A1
> Sending on LPF/eth0/08:00:27:75:e6:3a/A1
> Sending on Socket/fallback/fallback-net
> DHCPDISCOVER from 08:00:27:e4:73:34 via eth0: network A1: no free leases
> DHCPDISCOVER from 08:00:27:e4:73:34 via eth0: network A1: no free leases
>
> On syslog I get:
>
> Dec 2 15:58:02 donald slapd[1311]: conn=1244 op=129 SRCH
> base="cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld" scope=2
> deref=0
> filter="(&(objectClass=dhcpSubClass)(cn=01:08:00:27:e4:73:34)(dhcpClassData="clsdesktop"))"
> Dec 2 15:58:02 donald slapd[1311]: conn=1244 op=129 SEARCH RESULT
> tag=101 err=0 nentries=0 text=
> Dec 2 15:58:02 donald slapd[1311]: conn=1244 op=130 SRCH
> base="cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld" scope=2
> deref=0
> filter="(&(objectClass=dhcpSubClass)(cn=01:08:00:27:e4:73:34)(dhcpClassData="clsguest"))"
> Dec 2 15:58:02 donald slapd[1311]: conn=1244 op=130 SEARCH RESULT
> tag=101 err=0 nentries=0 text=
> Dec 2 15:58:02 donald slapd[1311]: conn=1244 op=131 SRCH
> base="cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld" scope=2
> deref=0 filter="(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
> 08:00:27:e4:73:34))"
> Dec 2 15:58:02 donald slapd[1311]: conn=1244 op=131 SEARCH RESULT
> tag=101 err=0 nentries=0 text=
>
> So the "dhcpClassesDN: ou=classes,ou=dhcp,ou=Daemons,dc=domain,dc=tld"
> is ignored and subclasses are searched only inside the dhcpService
> cn=conf. Is this expected? Have I misunderstood what dhcpXxxxxxDN is for?
>
> Thanks and best regards.
>
just a guess but try moving these statements:
dhcpSharedNetworkDN:
cn=A1,cn=dhcp,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
dhcpClassesDN: ou=classes,ou=dhcp,ou=Daemons,dc=domain,dc=tld
dhcpHostDN: cn=hosts,ou=dhcp,ou=Daemons,dc=domain,dc=tld
dhcpPrimaryDN: cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
dhcpSubnetDN:
cn=10.1.1.0,cn=A1,cn=conf,cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
to
# donald, dhcp, Daemons, domain.tld
dn: cn=donald,ou=dhcp,ou=Daemons,dc=domain,dc=tld
where you define the dhcpServiceDN
you can use tcpdump or wireshark to see the actual ldap queries. that
may point you at an error or some piece of logic you have not considered
yet.
More information about the dhcp-users
mailing list