LDAP structure to share config for more than one site

Brendan Kearney bpk678 at gmail.com
Sat Nov 29 21:34:00 UTC 2014 

On Fri, 2014-11-28 at 20:45 +0000, Niall O'Reilly wrote:
> At Fri, 28 Nov 2014 16:55:12 -0200,
> Márcio Merlone wrote:
> > 
> > Greetings,
> > 
> > I manage a network with 3 remote branches connected to the main office
> > by IPsec VPN. I am looking for DHCP+OpenLDAP as a solution to ease
> > management
> 
>   If you already had a directory in production, and wanted to base your
>   DHCP service on it, I could make sense of this idea.
>   
>   I feel you may save yourself much lost time by asking yourself just
>   what actual problem you can solve more easily using DHCP+LDAP than
>   using just DHCP.
> 
>   Best regards,
>   Niall O'Reilly
>   
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

i think i get what you are trying to do.  by housing your config in
ldap, you would be able to centrally manage the dhcpClass, dhcpSubClass,
dhcpHost and dhcpSubnet objects (maybe others) and attempt to share them
amongst the dhcp servers.

i dont have any experience going that far into an ldap backend, but i do
have a tested-but-not-implemented-yet instance of load sharing dhcp.  i
have two dhcp servers configured in the directory, as dhcpServer
objects.  both objects have a dhcpServiceDN pointing to the dhcpService
object.  my dhcpService object is a parent object to all of my
dhcpClass, dhcpSubClass, dhcpHost and dhcpSubnet objects.  because of
this, both of my dhcpd instances can leverage the same objects.  i
believe this configuration might work against you, as at least the
dhcpSubnet objects would have to be different for the different
instances.

with a little testing, you might be able to configure the directory to
have the class, subclass, host and subnet objects not be subordinates to
the service object, but i am not sure how that would work out.  you
would need to point the dhcpService object to the dhcpClass, dhcpHost
and dhcpSubnet objects using dhcpClassesDN, dhcpHostDN, and dhcpSubnetDN
entries.  the dhcpClassesDN would point to the dhcpSubClass objects
using dhcpSubclassesDN entries, i think.

without a doubt, there will be some effort involved.  but once you have
things setup, it will provide what you are looking for.

as an easy alternative, you can leverage the "include" directive in
dhcpd.conf, and break everything out into separate files, and rsync the
files amongst the dhcp servers.

More information about the dhcp-users mailing list