LDAP schema (was: LDAP structure to share config for more than one site)

Michael Ströder michael at stroeder.com
Sat Dec 6 17:24:33 UTC 2014 

Brendan Kearney wrote:
> i make no guarantees that the ldif will work for you.  see attached.

I had to add/rearrange some entries to make your example LDIF file work with
the complete tree structure (attached).

I'm currently testing my dhcp plugin module [1] in web2ldap [2] which
implements select lists, constraints, syntax checking.

I'd like to learn more about it. Especially I find it hard to get a good
description of the LDAP schema expected by ISC's dhcpd. There were I-Ds but
they seem outdated.

My mid-term goal is to merge DHCP and DNS schema (objectclasses 'dhcpHost'
 and 'dNSDomain2') in such a way that known hosts don't have to send the
hostname via DDNS and the DNS server with LDAP backend also simply accesses
the known hosts information.

Comments on all that are appreciated.

Ciao, Michael.

[1] http://fossies.org/dox/web2ldap-1.2.8/dhcp_8py_source.html
[2] http://www.web2ldap.de
-------------- next part --------------
dn: ou=Daemons,dc=domain,dc=tld
objectclass: organizationalUnit
objectclass: top
ou: DHCP2

dn: cn=DHCP Servers,ou=Daemons,dc=domain,dc=tld
cn: DHCP Servers
objectclass: top
objectclass: dhcpServer

dn: cn=dhcp01,cn=DHCP Servers,ou=Daemons,dc=domain,dc=tld
cn: dhcp01
dhcpservicedn: cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
dhcpstatements: failover peer "dhcp-failover" { primary; address 192.168.1.1; port 647; peer address 192.168.1.2; peer port 647; max-response-delay 60; max-unacked-updates 10; mclt 3600; load balance max seconds 3; split 128; }
objectclass: dhcpServer
objectclass: top

dn: cn=dhcp02,cn=DHCP Servers,ou=Daemons,dc=domain,dc=tld
cn: dhcp02
dhcpservicedn: cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
dhcpstatements: failover peer "dhcp-failover" { secondary; address 192.168.1.2; port 647; peer address 192.168.1.1; peer port 647; max-response-delay 60; max-unacked-updates 10; load balance max seconds 3; }
objectclass: dhcpServer
objectclass: top

dn: cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: DHCP Config
dhcpoption: T150 code 150 = string
dhcpoption: wpad-url code 252 = text
dhcpprimarydn: cn=dhcp01,cn=DHCP Servers,ou=Daemons,dc=domain,dc=tld
dhcpsecondarydn: cn=dhcp02,cn=DHCP Servers,ou=Daemons,dc=domain,dc=tld
dhcpstatements: ddns-update-style interim
dhcpstatements: ddns-updates on
dhcpstatements: update-static-leases on
dhcpstatements: authoritative
dhcpstatements: key dhcp { algorithm hmac-md5; secret SuperSecretString; }
dhcpstatements: zone 1.168.192.in-addr.arpa { primary 192.168.1.1; key dhcp; }
dhcpstatements: zone domain.tld { primary 192.168.1.1; key dhcp; }
objectclass: top
objectclass: dhcpService

dn: ou=DHCP Classes,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
objectclass: organizationalUnit
objectclass: top
ou: DHCP Classes

dn: ou=DHCP SubClasses,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
objectclass: organizationalUnit
objectclass: top
ou: DHCP SubClasses

dn: ou=DHCP Subnets,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
objectclass: organizationalUnit
objectclass: top
ou: DHCP Subnets

dn: ou=DHCP Hosts,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
objectclass: organizationalUnit
objectclass: top
ou: DHCP Hosts

dn: cn=1:11:22:33:44:55:66,ou=DHCP SubClasses,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: 1:11:22:33:44:55:66
dhcpclassdata: "proxied-clients"
dhcpcomments: desktop
objectclass: dhcpSubClass
objectclass: top

dn: cn=1:22:33:44:55:66:77,ou=DHCP SubClasses,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: 1:22:33:44:55:66:77
dhcpclassdata: "unproxied-clients"
dhcpcomments: laptop
objectclass: dhcpSubClass
objectclass: top

dn: cn=proxied-clients,ou=DHCP Classes,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: proxied-clients
dhcpstatements: match pick-first-value (option dhcp-client-identifier, hardware)
dhcpsubclassesdn: cn=1:11:22:33:44:55:66,ou=DHCP SubClasses,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
dhcpsubclassesdn: cn=1:22:33:44:55:66:77,ou=DHCP SubClasses,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
objectclass: top
objectclass: dhcpClass

dn: cn=unproxied-clients,ou=DHCP Classes,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: unproxied-clients
dhcpstatements: match pick-first-value (option dhcp-client-identifier, hardware)
dhcpsubclassesdn: ou=DHCP SubClasses,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
objectclass: top
objectclass: dhcpClass

dn: cn=desktop,ou=DHCP Hosts,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: desktop
dhcphwaddress: ethernet 11:22:33:44:55:66
dhcpoption: dhcp-client-identifier 1:11:22:33:44:55:66
dhcpstatements: ddns-hostname "desktop"
objectclass: top
objectclass: dhcpHost
objectclass: ieee802Device
objectclass: dhcpOptions

dn: cn=laptop,ou=DHCP Hosts,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: laptop
dhcphwaddress: ethernet 22:33:44:55:66:77
dhcpoption: dhcp-client-identifier 1:22:33:44:55:66:77
dhcpstatements: ddns-hostname "laptop"
objectclass: top
objectclass: dhcpHost
objectclass: ieee802Device
objectclass: dhcpOptions

dn: cn=192.168.1.0,ou=DHCP Subnets,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: 192.168.1.0
dhcpclassesdn: cn=proxied-clients,ou=DHCP Classes,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
dhcpclassesdn: cn=unproxied-clients,ou=DHCP Classes,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
dhcpnetmask: 24
dhcpoption: domain-name "domain.tld"
dhcpoption: subnet-mask 255.255.255.0
dhcpoption: broadcast-address 192.168.1.255
dhcpoption: routers 192.168.1.254
dhcpoption: domain-name-servers ns01.domain.tld,ns02.domain.tld
dhcpoption: ntp-servers ntp.domain.tld
dhcpoption: netbios-name-servers server.domain.tld
dhcpoption: wpad-url "http://wpad.domain.tld/wpad.dat"
dhcpstatements: allow client-updates
dhcpstatements: default-lease-time 7200
dhcpstatements: max-lease-time 86400
dhcpstatements: ping-check true
dhcpstatements: ddns-domainname "domain.tld"
dhcpstatements: ignore bootp
objectclass: top
objectclass: dhcpSubnet
objectclass: dhcpOptions

dn: cn=pool1,cn=192.168.1.0,ou=DHCP Subnets,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: pool1
dhcprange: 192.168.1.50 192.168.1.99
dhcpstatements: allow members of "proxied-clients"
dhcpstatements: failover peer "dhcp-failover"
objectclass: top
objectclass: dhcpPool

dn: cn=pool2,cn=192.168.1.0,ou=DHCP Subnets,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: pool2
dhcprange: 192.168.1.100 192.168.1.149
dhcpstatements: allow members of "unproxied-clients"
dhcpstatements: failover peer "dhcp-failover"
objectclass: top
objectclass: dhcpPool

dn: cn=pool3,cn=192.168.1.0,ou=DHCP Subnets,cn=DHCP Config,ou=Daemons,dc=domain,dc=tld
cn: pool3
dhcprange: 192.168.1.150 192.168.1.199
dhcpstatements: allow unknown-clients
dhcpstatements: failover peer "dhcp-failover"
objectclass: top
objectclass: dhcpPool

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20141206/38c6ada0/attachment.bin>

More information about the dhcp-users mailing list