<div dir="ltr">Please do a dump of your config from LDAP directly. It looks like you have a configuration error. The LDAP module is very particular about how things are grouped and formatted. JXplorer works very well for this: <a href="http://jxplorer.org/">http://jxplorer.org/</a></div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney <span dir="ltr"><<a href="mailto:bpk678@gmail.com" target="_blank">bpk678@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
hi all,<br>
<br>
i am using DHCP 4.2.4-P2 on fedora 16 currently and want to move my<br>
config into LDAP. i am running a load-sharing instance between two<br>
servers, supporting 2 or 3 scopes per subnet, with about 3 subnets. in<br>
the dhcpd.conf (file based) format, the configs are working. when i<br>
start putting the config directives into LDAP, i see that lines run into<br>
each other and weird issues crop up because of badly formatted configs<br>
being read into the dhcp instance.<br>
<br>
dhcpd.conf.ldap:<br>
ldap-server "<a href="http://ldap.bpk2.com" target="_blank">ldap.bpk2.com</a>";<br>
ldap-port 389;<br>
ldap-username "user";<br>
ldap-password "password";<br>
ldap-base-dn "dc=bpk2,dc=com";<br>
# ldap-base-dn "ou=Computers,cn=Servers,dc=bpk2,dc=com";<br>
ldap-method dynamic;<br>
ldap-debug-file "/var/log/dhcp-ldap-startup.log";<br>
<br>
dhcpd -4 -d -cf ./dhcpd.conf.ldap:<br>
Internet Systems Consortium DHCP Server 4.2.4-P2<br>
Copyright 2004-2012 Internet Systems Consortium.<br>
All rights reserved.<br>
For info, please visit <a href="https://www.isc.org/software/dhcp/" target="_blank">https://www.isc.org/software/dhcp/</a><br>
LDAP line 29: semicolon expected.<br>
allow members of "proxied-clients"<br>
^<br>
bad range, address 192.168.2.50 not in subnet 192.168.1.0 netmask<br>
255.255.255.0<br>
<br>
This version of ISC DHCP is based on the release available<br>
on <a href="http://ftp.isc.org" target="_blank">ftp.isc.org</a>. Features have been added and other changes<br>
have been made to the base software release in order to make<br>
it work better with this distribution.<br>
<br>
Please report for this software via the Red Hat Bugzilla site:<br>
<a href="http://bugzilla.redhat.com" target="_blank">http://bugzilla.redhat.com</a><br>
<br>
exiting.<br>
<br>
cat -n /var/log/dhcp-ldap-startup.log:<br>
1 ddns-update-style interim;<br>
2 ddns-updates on;<br>
3 update-static-leases on;<br>
4 authoritative;<br>
5 log-facility local1;<br>
6 key dhcp { algorithm hmac-md5; secret <<<removed>>>; }<br>
7 zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }<br>
8 zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }<br>
9 zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }<br>
10 zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }<br>
11 zone <a href="http://bpk2.com" target="_blank">bpk2.com</a> { primary 192.168.50.1; key dhcp; }<br>
12 option T150 code 150 = string;<br>
13 option wpad-url code 252 = text;subnet 192.168.1.0 netmask<br>
255.255.255.0 {<br>
14 allow client-updates;<br>
15 default-lease-time 7200;<br>
16 max-lease-time 86400;<br>
17 ping-check true;<br>
18 ddns-domainname "<a href="http://bpk2.com" target="_blank">bpk2.com</a>";<br>
19 ignore bootp;<br>
20 option domain-name "<a href="http://bpk2.com" target="_blank">bpk2.com</a>";<br>
21 option subnet-mask 255.255.255.0;<br>
22 option broadcast-address 192.168.1.255;<br>
23 option routers 192.168.1.254;<br>
24 option domain-name-servers <a href="http://ns01.bpk2.com" target="_blank">ns01.bpk2.com</a>,<a href="http://ns02.bpk2.com" target="_blank">ns02.bpk2.com</a>;<br>
25 option ntp-servers <a href="http://ntp.bpk2.com" target="_blank">ntp.bpk2.com</a>;<br>
26 option netbios-name-servers <a href="http://server.bpk2.com" target="_blank">server.bpk2.com</a>;<br>
27 option wpad-url "<a href="http://wpad.bpk2.com/wpad.dat;pool" target="_blank">http://wpad.bpk2.com/wpad.dat;pool</a> {<br>
28 range 192.168.1.50 192.168.1.99;<br>
29 allow members of "proxied-clients";<br>
30 failover peer "dhcp-failover";<br>
31 }pool {<br>
32 range 192.168.1.100 192.168.1.149;<br>
33 allow members of "unproxied-clients";<br>
34 failover peer "dhcp-failover";<br>
35 }pool {<br>
36 range 192.168.1.150 192.168.1.199;<br>
37 allow unknown-clients;<br>
38 failover peer "dhcp-failover";<br>
39 }<br>
40 }subnet 192.168.2.0 netmask 255.255.255.0 {<br>
41 allow client-updates;<br>
42 default-lease-time 7200;<br>
43 max-lease-time 86400;<br>
44 ping-check true;<br>
45 ddns-domainname "<a href="http://bpk2.com" target="_blank">bpk2.com</a>";<br>
46 ignore bootp;<br>
47 option domain-name "<a href="http://bpk2.com" target="_blank">bpk2.com</a>";<br>
48 option subnet-mask 255.255.255.0;<br>
49 option broadcast-address 192.168.2.255;<br>
50 option routers 192.168.2.254;<br>
51 option domain-name-servers <a href="http://ns01.bpk2.com" target="_blank">ns01.bpk2.com</a>,<a href="http://ns02.bpk2.com" target="_blank">ns02.bpk2.com</a>;<br>
52 option ntp-servers <a href="http://ntp.bpk2.com" target="_blank">ntp.bpk2.com</a>;<br>
53 option netbios-name-servers <a href="http://server.bpk2.com" target="_blank">server.bpk2.com</a>;<br>
54 option wpad-url "<a href="http://wpad.bpk2.com/wpad.dat;pool" target="_blank">http://wpad.bpk2.com/wpad.dat;pool</a> {<br>
55 range 192.168.2.50 192.168.2.99;<br>
56 allow members of "proxied-clients";<br>
57 failover peer "dhcp-failover";<br>
58 }[root@vpn dhcp]#<br>
<br>
if you see on line 27, the pool declaration which should be on a<br>
separate line is not on its own line and is causing issues further down<br>
in the config, it seems. lines 31, 35, 40, and 54 also seem to have<br>
this formatting issue. directives that should be on separate lines and<br>
are not seem to be causing issues further down in the config. not only<br>
is there something off with the expected semicolon, but the 192.168.2.50<br>
range is being seen as attempted to be loaded into the <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><br>
network. if the configs were read properly out of LDAP, this would not<br>
be happening. Is the issue with the way i have things setup in LDAP,<br>
such as ordering or something? an ldif export is attached for review.<br>
<br>_______________________________________________<br>
dhcp-users mailing list<br>
<a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Jason K. Brandt</div>
<div>Systems Administrator</div><div>Bradley University<br>(309) 677-2958<br></div>
</div>