LDAP and formatting of configs
Jason Brandt
jbrandt at fsmail.bradley.edu
Tue Jun 4 14:55:11 UTC 2013
dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat is missing the end "
On Tue, Jun 4, 2013 at 9:42 AM, Brendan Kearney <bpk678 at gmail.com> wrote:
> straight up ldapsearch below.
>
> [brendan at desktop bin]$ sudo ldapsearch -D cn=Manager,dc=bpk2,dc=com -w
> password -b "cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com"
> # extended LDIF
> #
> # LDAPv3
> # base <cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # DHCP Config, Daemons, bpk2.com
> dn: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: DHCP Config
> dhcpPrimaryDN: cn=dhcp01,dc=bpk2,dc=com
> dhcpSecondaryDN: cn=dhcp02,dc=bpk2,dc=com
> objectClass: top
> objectClass: dhcpService
> objectClass: dhcpOptions
> dhcpFailOverPeerDN: cn=dhcp01,dc=bpk2,dc=com
> dhcpFailOverPeerDN: cn=dhcp02,dc=bpk2,dc=com
> dhcpOption: T150 code 150 = string
> dhcpOption: wpad-url code 252 = text
> dhcpStatements: ddns-update-style interim
> dhcpStatements: ddns-updates on
> dhcpStatements: update-static-leases on
> dhcpStatements: authoritative
> dhcpStatements: log-facility local1
> dhcpStatements: key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
> dhcpStatements: zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key
> dhcp;
> }
> dhcpStatements: zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key
> dhcp;
> }
> dhcpStatements: zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key
> dhcp;
> }
> dhcpStatements: zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key
> dhcp;
> }
> dhcpStatements: zone bpk2.com { primary 192.168.50.1; key dhcp; }
>
> # 192.168.1.0, DHCP Config, Daemons, bpk2.com
> dn: cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: 192.168.1.0
> dhcpNetMask: 24
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpOption: domain-name "bpk2.com"
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 192.168.1.255
> dhcpOption: routers 192.168.1.254
> dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
> dhcpOption: ntp-servers ntp.bpk2.com
> dhcpOption: netbios-name-servers server.bpk2.com
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> dhcpStatements: allow client-updates
> dhcpStatements: default-lease-time 7200
> dhcpStatements: max-lease-time 86400
> dhcpStatements: ping-check true
> dhcpStatements: ddns-domainname "bpk2.com"
> dhcpStatements: ignore bootp
>
> # pool1, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool1,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpStatements: allow members of "proxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
> dhcpRange: 192.168.1.50 192.168.1.99
>
> # pool2, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool2,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool2
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.1.100 192.168.1.149
> dhcpStatements: allow members of "unproxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool3, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool3,cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool3
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.1.150 192.168.1.199
> dhcpStatements: allow unknown-clients
> dhcpStatements: failover peer "dhcp-failover"
>
> # 192.168.2.0, DHCP Config, Daemons, bpk2.com
> dn: cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: 192.168.2.0
> dhcpNetMask: 24
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpStatements: allow client-updates
> dhcpStatements: default-lease-time 7200
> dhcpStatements: max-lease-time 86400
> dhcpStatements: ping-check true
> dhcpStatements: ddns-domainname "bpk2.com"
> dhcpStatements: ignore bootp
> dhcpOption: domain-name "bpk2.com"
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 192.168.2.255
> dhcpOption: routers 192.168.2.254
> dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
> dhcpOption: ntp-servers ntp.bpk2.com
> dhcpOption: netbios-name-servers server.bpk2.com
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
>
> # pool1, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool1,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.2.50 192.168.2.99
> dhcpStatements: allow members of "proxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool2, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool2,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool2
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.2.100 192.168.2.149
> dhcpStatements: allow members of "unproxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool3, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool3,cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool3
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.2.150 192.168.2.199
> dhcpStatements: allow unknown-clients
> dhcpStatements: failover peer "dhcp-failover"
>
> # 192.168.3.0, DHCP Config, Daemons, bpk2.com
> dn: cn=192.168.3.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: 192.168.3.0
> dhcpNetMask: 24
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpOption: domain-name "bpk2.com"
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 192.168.3.255
> dhcpOption: routers 192.168.3.254
> dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
> dhcpOption: ntp-servers ntp.bpk2.com
> dhcpOption: netbios-name-servers server.bpk2.com
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> dhcpStatements: allow client-updates
> dhcpStatements: default-lease-time 7200
> dhcpStatements: max-lease-time 86400
> dhcpStatements: ping-check true
> dhcpStatements: ddns-domainname "bpk2.com"
> dhcpStatements: ignore bootp
>
> # pool1, 192.168.3.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool1,cn=192.168.3.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.3.100 192.168.3.199
> dhcpStatements: allow unknown-clients
> dhcpStatements: failover peer "dhcp-failover"
>
> # 192.168.50.0, DHCP Config, Daemons, bpk2.com
> dn: cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: 192.168.50.0
> dhcpNetMask: 24
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpOption: domain-name "bpk2.com"
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 192.168.50.255
> dhcpOption: routers 192.168.50.254
> dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
> dhcpOption: ntp-servers ntp.bpk2.com
> dhcpOption: netbios-name-servers server.bpk2.com
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> dhcpStatements: allow client-updates
> dhcpStatements: default-lease-time 7200
> dhcpStatements: max-lease-time 86400
> dhcpStatements: ping-check true
> dhcpStatements: ddns-domainname "bpk2.com"
> dhcpStatements: ignore bootp
>
> # pool1, 192.168.50.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool1,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.50.50 192.168.50.99
> dhcpStatements: allow members of "proxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool2, 192.168.50.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool2,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool2
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.50.100 192.168.50.149
> dhcpStatements: allow members of "unproxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool3, 192.168.50.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool3,cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool3
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.50.150 192.168.50.199
> dhcpStatements: allow unknown-clients
> dhcpStatements: failover peer "dhcp-failover"
>
> # dev, DHCP Config, Daemons, bpk2.com
> dn: cn=dev,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dev
> dhcpOption: dhcp-client-identifier 1:e4:11:5b:13:80:b8
> objectClass: top
> objectClass: dhcpHost
> objectClass: dhcpOptions
> dhcpHWAddress: ethernet e4:11:5b:13:80:b8
> dhcpStatements: ddns-hostname "dev"
>
> # printer-eth0, DHCP Config, Daemons, bpk2.com
> dn: cn=printer-eth0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: printer-eth0
> objectClass: top
> objectClass: dhcpHost
> dhcpHWAddress: ethernet 00:15:60:49:7b:44
> dhcpStatements: fixed-address 192.168.1.3
> dhcpStatements: ddns-hostname "printer"
>
> # printer-wlan0, DHCP Config, Daemons, bpk2.com
> dn: cn=printer-wlan0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: printer-wlan0
> objectClass: top
> objectClass: dhcpHost
> dhcpHWAddress: ethernet 00:15:60:e8:ae:83
> dhcpStatements: fixed-address 192.168.1.3
> dhcpStatements: ddns-hostname "printer"
>
> # proxied-clients, DHCP Config, Daemons, bpk2.com
> dn: cn=proxied-clients,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: proxied-clients
> objectClass: top
> objectClass: dhcpClass
> dhcpStatements: match pick-first-value (option dhcp-client-identifier,
> hardwar
> e)
>
> # unproxied-clients, DHCP Config, Daemons, bpk2.com
> dn: cn=unproxied-clients,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: unproxied-clients
> objectClass: top
> objectClass: dhcpClass
> dhcpStatements: match pick-first-value (option dhcp-client-identifier,
> hardwar
> e)
>
> # dhcp-failover, DHCP Config, Daemons, bpk2.com
> dn: cn=dhcp-failover,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dhcp-failover
> dhcpFailOverLoadBalanceTime: 3
> dhcpFailOverPrimaryPort: 647
> dhcpFailOverPrimaryServer: dhcp01
> dhcpFailOverResponseDelay: 60
> dhcpFailOverSecondaryPort: 647
> dhcpFailOverSecondaryServer: dhcp02
> dhcpFailOverSplit: 128
> dhcpFailOverUnackedUpdates: 10
> dhcpMaxClientLeadTime: 3600
> objectClass: dhcpFailOverPeer
> objectClass: top
>
> # dhcp01, DHCP Config, Daemons, bpk2.com
> dn: cn=dhcp01,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dhcp01
> dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> objectClass: top
> objectClass: dhcpServer
>
> # dhcp02, DHCP Config, Daemons, bpk2.com
> dn: cn=dhcp02,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dhcp02
> dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> objectClass: top
> objectClass: dhcpServer
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 24
> # numEntries: 23
>
> On Tue, 2013-06-04 at 09:25 -0500, Jason Brandt wrote:
> > Please do a dump of your config from LDAP directly. It looks like you
> > have a configuration error. The LDAP module is very particular about
> > how things are grouped and formatted. JXplorer works very well for
> > this: http://jxplorer.org/
> >
> >
> > On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney <bpk678 at gmail.com>
> > wrote:
> > hi all,
> >
> > i am using DHCP 4.2.4-P2 on fedora 16 currently and want to
> > move my
> > config into LDAP. i am running a load-sharing instance
> > between two
> > servers, supporting 2 or 3 scopes per subnet, with about 3
> > subnets. in
> > the dhcpd.conf (file based) format, the configs are working.
> > when i
> > start putting the config directives into LDAP, i see that
> > lines run into
> > each other and weird issues crop up because of badly formatted
> > configs
> > being read into the dhcp instance.
> >
> > dhcpd.conf.ldap:
> > ldap-server "ldap.bpk2.com";
> > ldap-port 389;
> > ldap-username "user";
> > ldap-password "password";
> > ldap-base-dn "dc=bpk2,dc=com";
> > # ldap-base-dn "ou=Computers,cn=Servers,dc=bpk2,dc=com";
> > ldap-method dynamic;
> > ldap-debug-file "/var/log/dhcp-ldap-startup.log";
> >
> > dhcpd -4 -d -cf ./dhcpd.conf.ldap:
> > Internet Systems Consortium DHCP Server 4.2.4-P2
> > Copyright 2004-2012 Internet Systems Consortium.
> > All rights reserved.
> > For info, please visit https://www.isc.org/software/dhcp/
> > LDAP line 29: semicolon expected.
> > allow members of "proxied-clients"
> > ^
> > bad range, address 192.168.2.50 not in subnet 192.168.1.0
> > netmask
> > 255.255.255.0
> >
> > This version of ISC DHCP is based on the release available
> > on ftp.isc.org. Features have been added and other changes
> > have been made to the base software release in order to make
> > it work better with this distribution.
> >
> > Please report for this software via the Red Hat Bugzilla site:
> > http://bugzilla.redhat.com
> >
> > exiting.
> >
> > cat -n /var/log/dhcp-ldap-startup.log:
> > 1 ddns-update-style interim;
> > 2 ddns-updates on;
> > 3 update-static-leases on;
> > 4 authoritative;
> > 5 log-facility local1;
> > 6 key dhcp { algorithm hmac-md5; secret <<<removed>>>; }
> > 7 zone 1.168.192.in-addr.arpa { primary 192.168.50.1;
> > key dhcp; }
> > 8 zone 2.168.192.in-addr.arpa { primary 192.168.50.1;
> > key dhcp; }
> > 9 zone 3.168.192.in-addr.arpa { primary 192.168.50.1;
> > key dhcp; }
> > 10 zone 50.168.192.in-addr.arpa { primary 192.168.50.1;
> > key dhcp; }
> > 11 zone bpk2.com { primary 192.168.50.1; key dhcp; }
> > 12 option T150 code 150 = string;
> > 13 option wpad-url code 252 = text;subnet 192.168.1.0
> > netmask
> > 255.255.255.0 {
> > 14 allow client-updates;
> > 15 default-lease-time 7200;
> > 16 max-lease-time 86400;
> > 17 ping-check true;
> > 18 ddns-domainname "bpk2.com";
> > 19 ignore bootp;
> > 20 option domain-name "bpk2.com";
> > 21 option subnet-mask 255.255.255.0;
> > 22 option broadcast-address 192.168.1.255;
> > 23 option routers 192.168.1.254;
> > 24 option domain-name-servers
> > ns01.bpk2.com,ns02.bpk2.com;
> > 25 option ntp-servers ntp.bpk2.com;
> > 26 option netbios-name-servers server.bpk2.com;
> > 27 option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
> > 28 range 192.168.1.50 192.168.1.99;
> > 29 allow members of "proxied-clients";
> > 30 failover peer "dhcp-failover";
> > 31 }pool {
> > 32 range 192.168.1.100 192.168.1.149;
> > 33 allow members of "unproxied-clients";
> > 34 failover peer "dhcp-failover";
> > 35 }pool {
> > 36 range 192.168.1.150 192.168.1.199;
> > 37 allow unknown-clients;
> > 38 failover peer "dhcp-failover";
> > 39 }
> > 40 }subnet 192.168.2.0 netmask 255.255.255.0 {
> > 41 allow client-updates;
> > 42 default-lease-time 7200;
> > 43 max-lease-time 86400;
> > 44 ping-check true;
> > 45 ddns-domainname "bpk2.com";
> > 46 ignore bootp;
> > 47 option domain-name "bpk2.com";
> > 48 option subnet-mask 255.255.255.0;
> > 49 option broadcast-address 192.168.2.255;
> > 50 option routers 192.168.2.254;
> > 51 option domain-name-servers
> > ns01.bpk2.com,ns02.bpk2.com;
> > 52 option ntp-servers ntp.bpk2.com;
> > 53 option netbios-name-servers server.bpk2.com;
> > 54 option wpad-url "http://wpad.bpk2.com/wpad.dat;pool {
> > 55 range 192.168.2.50 192.168.2.99;
> > 56 allow members of "proxied-clients";
> > 57 failover peer "dhcp-failover";
> > 58 }[root at vpn dhcp]#
> >
> > if you see on line 27, the pool declaration which should be on
> > a
> > separate line is not on its own line and is causing issues
> > further down
> > in the config, it seems. lines 31, 35, 40, and 54 also seem
> > to have
> > this formatting issue. directives that should be on separate
> > lines and
> > are not seem to be causing issues further down in the config.
> > not only
> > is there something off with the expected semicolon, but the
> > 192.168.2.50
> > range is being seen as attempted to be loaded into the
> > 192.168.1.0/24
> > network. if the configs were read properly out of LDAP, this
> > would not
> > be happening. Is the issue with the way i have things setup
> > in LDAP,
> > such as ordering or something? an ldif export is attached for
> > review.
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> >
> >
> >
> > --
> > Jason K. Brandt
> > Systems Administrator
> > Bradley University
> > (309) 677-2958
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Jason K. Brandt
Systems Administrator
Bradley University
(309) 677-2958
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130604/4ca49e5a/attachment-0001.html>
More information about the dhcp-users
mailing list