LDAP and formatting of configs
Brendan Kearney
bpk678 at gmail.com
Tue Jun 4 22:11:07 UTC 2013
i am getting closer, having tried something similar to what you suggest.
i now get a redeclaration issue... i dont think i am missing quotes or
semi-colons...
dhcpd -4 -d -cf ./dhcpd.conf.ldap
Internet Systems Consortium DHCP Server 4.2.4-P2
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
LDAP line 18: redeclaration of failover peer dhcp-failover
}failover peer "dhcp-failover" {
^
LDAP line 18: redeclaration of failover peer dhcp-failover
}failover peer "dhcp-failover" { primary; address 192.168.25.1; port
647; peer a
^
LDAP: cannot parse dhcpService entry 'cn=DHCP
Config,ou=Daemons,dc=bpk2,dc=com'
Configuration file errors encountered -- exiting
This version of ISC DHCP is based on the release available
on ftp.isc.org. Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.
Please report for this software via the Red Hat Bugzilla site:
http://bugzilla.redhat.com
exiting.
cat -n /var/log/dhcp-ldap-startup.log
1 failover peer "dhcp-failover" { secondary; address 192.168.50.1;
port 647; peer address 192.168.25.1; peer port 647; max-response-delay
60; max-unacked-updates 10; load balance max seconds 3; }
2 ddns-update-style interim;
3 ddns-updates on;
4 update-static-leases on;
5 authoritative;
6 log-facility local1;
7 key dhcp { algorithm hmac-md5; secret gPzE5hDFTS6Fm0ET0XD3Wqs
+GCJ9; }
8 zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
9 zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
10 zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
11 zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
12 zone bpk2.com { primary 192.168.50.1; key dhcp; }
13 option T150 code 150 = string;
14 option wpad-url code 252 = text;class "proxied-clients" {
15 match pick-first-value (option dhcp-client-identifier, hardware);
16 }class "unproxied-clients" {
17 match pick-first-value (option dhcp-client-identifier, hardware);
18 }failover peer "dhcp-failover" { primary; address 192.168.25.1;
port 647; peer address 192.168.50.1; peer port 647; max-response-delay
60; max-unacked-updates 10; mclt 3600; load balance max seconds 3; split
128; }failover peer "dhcp-failover" { secondary; address 192.168.50.1;
port 647; peer address 192.168.25.1; peer port 647; max-response-delay
60; max-unacked-updates 10; load balance max seconds 3; }shared-network
"bpk2" {subnet 192.168.3.0 netmask 255.255.255.0 {
19 allow client-updates;
20 default-lease-time 7200;
21 max-lease-time 86400;
22 ping-check true;
23 ddns-domainname "bpk2.com";
24 ignore bootp;
25 option domain-name "bpk2.com";
26 option subnet-mask 255.255.255.0;
27 option broadcast-address 192.168.3.255;
28 option routers 192.168.3.254;
29 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
30 option ntp-servers ntp.bpk2.com;
31 option netbios-name-servers server.bpk2.com;
32 option wpad-url "http://wpad.bpk2.com/wpad.dat";pool {
33 range 192.168.3.100 192.168.3.199;
34 allow unknown-clients;
35 failover peer "dhcp-failover";
36 }
37 }subnet 192.168.50.0 netmask 255.255.255.0 {
38 allow client-updates;
39 default-lease-time 7200;
40 max-lease-time 86400;
41 ping-check true;
42 ddns-domainname "bpk2.com";
43 ignore bootp;
44 option domain-name "bpk2.com";
45 option subnet-mask 255.255.255.0;
46 option broadcast-address 192.168.50.255;
47 option routers 192.168.50.254;
48 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
49 option ntp-servers ntp.bpk2.com;
50 option netbios-name-servers server.bpk2.com;
51 option wpad-url "http://wpad.bpk2.com/wpad.dat";pool {
52 range 192.168.50.50 192.168.50.99;
53 allow members of "proxied-clients";
54 failover peer "dhcp-failover";
55 }
56 }subnet 192.168.1.0 netmask 255.255.255.0 {
57 allow client-updates;
58 default-lease-time 7200;
59 max-lease-time 86400;
60 ping-check true;
61 ddns-domainname "bpk2.com";
62 ignore bootp;
63 option domain-name "bpk2.com";
64 option subnet-mask 255.255.255.0;
65 option broadcast-address 192.168.1.255;
66 option routers 192.168.1.254;
67 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
68 option ntp-servers ntp.bpk2.com;
69 option netbios-name-servers server.bpk2.com;
70 option wpad-url "http://wpad.bpk2.com/wpad.dat";pool {
71 range 192.168.1.50 192.168.1.99;
72 allow members of "proxied-clients";
73 failover peer "dhcp-failover";
74 }pool {
75 range 192.168.1.100 192.168.1.149;
76 allow members of "unproxied-clients";
77 failover peer "dhcp-failover";
78 }pool {
79 range 192.168.1.150 192.168.1.199;
80 allow unknown-clients;
81 failover peer "dhcp-failover";
82 }
83 }subnet 192.168.2.0 netmask 255.255.255.0 {
84 allow client-updates;
85 default-lease-time 7200;
86 max-lease-time 86400;
87 ping-check true;
88 ddns-domainname "bpk2.com";
89 ignore bootp;
90 option domain-name "bpk2.com";
91 option subnet-mask 255.255.255.0;
92 option broadcast-address 192.168.2.255;
93 option routers 192.168.2.254;
94 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
95 option ntp-servers ntp.bpk2.com;
96 option netbios-name-servers server.bpk2.com;
97 option wpad-url "http://wpad.bpk2.com/wpad.dat";pool {
98 range 192.168.2.50 192.168.2.99;
99 allow members of "proxied-clients";
100 failover peer "dhcp-failover";
101 }pool {
102 range 192.168.2.100 192.168.2.149;
103 allow members of "unproxied-clients";
104 failover peer "dhcp-failover";
105 }pool {
106 range 192.168.2.150 192.168.2.199;
107 allow unknown-clients;
108 failover peer "dhcp-failover";
109 }
110 }
111 }
On Tue, 2013-06-04 at 11:06 -0500, Jason Brandt wrote:
> What I found (and this may not be proper, but it works), is that if
> you create a DHCP group for your networks (I named mine cn=Networks,
> and put all my subnets in it), that your classes will then get loaded
> before your networks, and you won't have the issues with loading. It
> seems to load the groups after everything else. Again, not sure if
> it's proper, but it works well.
>
>
> I don't believe your DHCP Failover will work as you have it
> configured. I put mine in my ldap config, with a dhcpStatement in my
> dhcpServer definitions. The statement looks like this:
> failover peer "dhcp-failover" { primary; address x.x.x.x; port 647;
> peer address y.y.y.y; peer port 647; max-response-delay 30;
> max-unacked-updates 10; load balance max seconds 3; mclt 1800; split
> 128; }
>
>
>
> That entry goes in both server definitions, with each server pointing
> to the other.
>
>
> Then remove this section:
>
> # dhcp-failover, DHCP Config, Daemons, bpk2.com
> dn: cn=dhcp-failover,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dhcp-failover
> dhcpFailOverLoadBalanceTime: 3
> dhcpFailOverPrimaryPort: 647
> dhcpFailOverPrimaryServer: dhcp01
> dhcpFailOverResponseDelay: 60
> dhcpFailOverSecondaryPort: 647
> dhcpFailOverSecondaryServer: dhcp02
> dhcpFailOverSplit: 128
> dhcpFailOverUnackedUpdates: 10
> dhcpMaxClientLeadTime: 3600
> objectClass: dhcpFailOverPeer
> objectClass: top
>
>
>
> On Tue, Jun 4, 2013 at 10:36 AM, Brendan Kearney <bpk678 at gmail.com>
> wrote:
> the end quote was missing in all scopes that had the wpad
> directive.
> thank you for the find. is it your keen eyes that found that,
> or do you
> have a syntax checker that i might be able to use? i have
> added the
> quote, and tried again. i now get errors saying that the
> failover
> directives fail because the peer is not being found. errors
> are also
> found because the proxied-class is not found.
>
> the failover and proxied-class CNs are listed after the subnet
> CNs in
> LDAP. the ordering of these seems to be critical. how do i
> arrange
> things in LDAP so that they are in the correct order?
>
> On Tue, 2013-06-04 at 09:55 -0500, Jason Brandt wrote:
> > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat is
> missing the
> > end "
> >
> >
> >
> > On Tue, Jun 4, 2013 at 9:42 AM, Brendan Kearney
> <bpk678 at gmail.com>
> > wrote:
> > straight up ldapsearch below.
> >
> > [brendan at desktop bin]$ sudo ldapsearch -D
> > cn=Manager,dc=bpk2,dc=com -w
> > password -b "cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com"
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com>
> with scope
> > subtree
> > # filter: (objectclass=*)
> > # requesting: ALL
> > #
> >
> > # DHCP Config, Daemons, bpk2.com
> > dn: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> > cn: DHCP Config
> > dhcpPrimaryDN: cn=dhcp01,dc=bpk2,dc=com
> > dhcpSecondaryDN: cn=dhcp02,dc=bpk2,dc=com
> > objectClass: top
> > objectClass: dhcpService
> > objectClass: dhcpOptions
> > dhcpFailOverPeerDN: cn=dhcp01,dc=bpk2,dc=com
> > dhcpFailOverPeerDN: cn=dhcp02,dc=bpk2,dc=com
> > dhcpOption: T150 code 150 = string
> > dhcpOption: wpad-url code 252 = text
> > dhcpStatements: ddns-update-style interim
> > dhcpStatements: ddns-updates on
> > dhcpStatements: update-static-leases on
> > dhcpStatements: authoritative
> > dhcpStatements: log-facility local1
> > dhcpStatements: key dhcp { algorithm hmac-md5;
> secret
> > <<<removed>>>; }
> > dhcpStatements: zone 1.168.192.in-addr.arpa
> { primary
> > 192.168.50.1; key
> > dhcp;
> > }
> > dhcpStatements: zone 2.168.192.in-addr.arpa
> { primary
> > 192.168.50.1; key
> > dhcp;
> > }
> > dhcpStatements: zone 3.168.192.in-addr.arpa
> { primary
> > 192.168.50.1; key
> > dhcp;
> > }
> > dhcpStatements: zone 50.168.192.in-addr.arpa
> { primary
> > 192.168.50.1; key
> > dhcp;
> > }
> > dhcpStatements: zone bpk2.com { primary
> 192.168.50.1; key
> > dhcp; }
> >
> > # 192.168.1.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=192.168.1.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: 192.168.1.0
> > dhcpNetMask: 24
> > objectClass: top
> > objectClass: dhcpSubnet
> > objectClass: dhcpOptions
> > dhcpOption: domain-name "bpk2.com"
> > dhcpOption: subnet-mask 255.255.255.0
> > dhcpOption: broadcast-address 192.168.1.255
> > dhcpOption: routers 192.168.1.254
> > dhcpOption: domain-name-servers
> ns01.bpk2.com,ns02.bpk2.com
> > dhcpOption: ntp-servers ntp.bpk2.com
> > dhcpOption: netbios-name-servers server.bpk2.com
> > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> > dhcpStatements: allow client-updates
> > dhcpStatements: default-lease-time 7200
> > dhcpStatements: max-lease-time 86400
> > dhcpStatements: ping-check true
> > dhcpStatements: ddns-domainname "bpk2.com"
> > dhcpStatements: ignore bootp
> >
> > # pool1, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=pool1,cn=192.168.1.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool1
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpStatements: allow members of "proxied-clients"
> > dhcpStatements: failover peer "dhcp-failover"
> > dhcpRange: 192.168.1.50 192.168.1.99
> >
> > # pool2, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=pool2,cn=192.168.1.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool2
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.1.100 192.168.1.149
> > dhcpStatements: allow members of "unproxied-clients"
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # pool3, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=pool3,cn=192.168.1.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool3
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.1.150 192.168.1.199
> > dhcpStatements: allow unknown-clients
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # 192.168.2.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=192.168.2.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: 192.168.2.0
> > dhcpNetMask: 24
> > objectClass: top
> > objectClass: dhcpSubnet
> > objectClass: dhcpOptions
> > dhcpStatements: allow client-updates
> > dhcpStatements: default-lease-time 7200
> > dhcpStatements: max-lease-time 86400
> > dhcpStatements: ping-check true
> > dhcpStatements: ddns-domainname "bpk2.com"
> > dhcpStatements: ignore bootp
> > dhcpOption: domain-name "bpk2.com"
> > dhcpOption: subnet-mask 255.255.255.0
> > dhcpOption: broadcast-address 192.168.2.255
> > dhcpOption: routers 192.168.2.254
> > dhcpOption: domain-name-servers
> ns01.bpk2.com,ns02.bpk2.com
> > dhcpOption: ntp-servers ntp.bpk2.com
> > dhcpOption: netbios-name-servers server.bpk2.com
> > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> >
> > # pool1, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=pool1,cn=192.168.2.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool1
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.2.50 192.168.2.99
> > dhcpStatements: allow members of "proxied-clients"
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # pool2, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=pool2,cn=192.168.2.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool2
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.2.100 192.168.2.149
> > dhcpStatements: allow members of "unproxied-clients"
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # pool3, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=pool3,cn=192.168.2.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool3
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.2.150 192.168.2.199
> > dhcpStatements: allow unknown-clients
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # 192.168.3.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=192.168.3.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: 192.168.3.0
> > dhcpNetMask: 24
> > objectClass: top
> > objectClass: dhcpSubnet
> > objectClass: dhcpOptions
> > dhcpOption: domain-name "bpk2.com"
> > dhcpOption: subnet-mask 255.255.255.0
> > dhcpOption: broadcast-address 192.168.3.255
> > dhcpOption: routers 192.168.3.254
> > dhcpOption: domain-name-servers
> ns01.bpk2.com,ns02.bpk2.com
> > dhcpOption: ntp-servers ntp.bpk2.com
> > dhcpOption: netbios-name-servers server.bpk2.com
> > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> > dhcpStatements: allow client-updates
> > dhcpStatements: default-lease-time 7200
> > dhcpStatements: max-lease-time 86400
> > dhcpStatements: ping-check true
> > dhcpStatements: ddns-domainname "bpk2.com"
> > dhcpStatements: ignore bootp
> >
> > # pool1, 192.168.3.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=pool1,cn=192.168.3.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool1
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.3.100 192.168.3.199
> > dhcpStatements: allow unknown-clients
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # 192.168.50.0, DHCP Config, Daemons, bpk2.com
> > dn: cn=192.168.50.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: 192.168.50.0
> > dhcpNetMask: 24
> > objectClass: top
> > objectClass: dhcpSubnet
> > objectClass: dhcpOptions
> > dhcpOption: domain-name "bpk2.com"
> > dhcpOption: subnet-mask 255.255.255.0
> > dhcpOption: broadcast-address 192.168.50.255
> > dhcpOption: routers 192.168.50.254
> > dhcpOption: domain-name-servers
> ns01.bpk2.com,ns02.bpk2.com
> > dhcpOption: ntp-servers ntp.bpk2.com
> > dhcpOption: netbios-name-servers server.bpk2.com
> > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> > dhcpStatements: allow client-updates
> > dhcpStatements: default-lease-time 7200
> > dhcpStatements: max-lease-time 86400
> > dhcpStatements: ping-check true
> > dhcpStatements: ddns-domainname "bpk2.com"
> > dhcpStatements: ignore bootp
> >
> > # pool1, 192.168.50.0, DHCP Config, Daemons,
> bpk2.com
> > dn: cn=pool1,cn=192.168.50.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool1
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.50.50 192.168.50.99
> > dhcpStatements: allow members of "proxied-clients"
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # pool2, 192.168.50.0, DHCP Config, Daemons,
> bpk2.com
> > dn: cn=pool2,cn=192.168.50.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool2
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.50.100 192.168.50.149
> > dhcpStatements: allow members of "unproxied-clients"
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # pool3, 192.168.50.0, DHCP Config, Daemons,
> bpk2.com
> > dn: cn=pool3,cn=192.168.50.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: pool3
> > objectClass: top
> > objectClass: dhcpPool
> > dhcpRange: 192.168.50.150 192.168.50.199
> > dhcpStatements: allow unknown-clients
> > dhcpStatements: failover peer "dhcp-failover"
> >
> > # dev, DHCP Config, Daemons, bpk2.com
> > dn: cn=dev,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> > cn: dev
> > dhcpOption: dhcp-client-identifier
> 1:e4:11:5b:13:80:b8
> > objectClass: top
> > objectClass: dhcpHost
> > objectClass: dhcpOptions
> > dhcpHWAddress: ethernet e4:11:5b:13:80:b8
> > dhcpStatements: ddns-hostname "dev"
> >
> > # printer-eth0, DHCP Config, Daemons, bpk2.com
> > dn: cn=printer-eth0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: printer-eth0
> > objectClass: top
> > objectClass: dhcpHost
> > dhcpHWAddress: ethernet 00:15:60:49:7b:44
> > dhcpStatements: fixed-address 192.168.1.3
> > dhcpStatements: ddns-hostname "printer"
> >
> > # printer-wlan0, DHCP Config, Daemons, bpk2.com
> > dn: cn=printer-wlan0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: printer-wlan0
> > objectClass: top
> > objectClass: dhcpHost
> > dhcpHWAddress: ethernet 00:15:60:e8:ae:83
> > dhcpStatements: fixed-address 192.168.1.3
> > dhcpStatements: ddns-hostname "printer"
> >
> > # proxied-clients, DHCP Config, Daemons, bpk2.com
> > dn: cn=proxied-clients,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: proxied-clients
> > objectClass: top
> > objectClass: dhcpClass
> > dhcpStatements: match pick-first-value (option
> > dhcp-client-identifier,
> > hardwar
> > e)
> >
> > # unproxied-clients, DHCP Config, Daemons, bpk2.com
> > dn: cn=unproxied-clients,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > cn: unproxied-clients
> > objectClass: top
> > objectClass: dhcpClass
> > dhcpStatements: match pick-first-value (option
> > dhcp-client-identifier,
> > hardwar
> > e)
> >
> > # dhcp-failover, DHCP Config, Daemons, bpk2.com
> > dn: cn=dhcp-failover,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: dhcp-failover
> > dhcpFailOverLoadBalanceTime: 3
> > dhcpFailOverPrimaryPort: 647
> > dhcpFailOverPrimaryServer: dhcp01
> > dhcpFailOverResponseDelay: 60
> > dhcpFailOverSecondaryPort: 647
> > dhcpFailOverSecondaryServer: dhcp02
> > dhcpFailOverSplit: 128
> > dhcpFailOverUnackedUpdates: 10
> > dhcpMaxClientLeadTime: 3600
> > objectClass: dhcpFailOverPeer
> > objectClass: top
> >
> > # dhcp01, DHCP Config, Daemons, bpk2.com
> > dn: cn=dhcp01,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: dhcp01
> > dhcpServiceDN: cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > objectClass: top
> > objectClass: dhcpServer
> >
> > # dhcp02, DHCP Config, Daemons, bpk2.com
> > dn: cn=dhcp02,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > cn: dhcp02
> > dhcpServiceDN: cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> > objectClass: top
> > objectClass: dhcpServer
> >
> > # search result
> > search: 2
> > result: 0 Success
> >
> > # numResponses: 24
> > # numEntries: 23
> >
> > On Tue, 2013-06-04 at 09:25 -0500, Jason Brandt
> wrote:
> > > Please do a dump of your config from LDAP
> directly. It
> > looks like you
> > > have a configuration error. The LDAP module is
> very
> > particular about
> > > how things are grouped and formatted. JXplorer
> works very
> > well for
> > > this: http://jxplorer.org/
> > >
> > >
> > > On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney
> > <bpk678 at gmail.com>
> > > wrote:
> > > hi all,
> > >
> > > i am using DHCP 4.2.4-P2 on fedora 16
> currently and
> > want to
> > > move my
> > > config into LDAP. i am running a
> load-sharing
> > instance
> > > between two
> > > servers, supporting 2 or 3 scopes per
> subnet, with
> > about 3
> > > subnets. in
> > > the dhcpd.conf (file based) format, the
> configs are
> > working.
> > > when i
> > > start putting the config directives into
> LDAP, i see
> > that
> > > lines run into
> > > each other and weird issues crop up
> because of badly
> > formatted
> > > configs
> > > being read into the dhcp instance.
> > >
> > > dhcpd.conf.ldap:
> > > ldap-server "ldap.bpk2.com";
> > > ldap-port 389;
> > > ldap-username "user";
> > > ldap-password "password";
> > > ldap-base-dn "dc=bpk2,dc=com";
> > > # ldap-base-dn
> > "ou=Computers,cn=Servers,dc=bpk2,dc=com";
> > > ldap-method dynamic;
> > > ldap-debug-file
> "/var/log/dhcp-ldap-startup.log";
> > >
> > > dhcpd -4 -d -cf ./dhcpd.conf.ldap:
> > > Internet Systems Consortium DHCP Server
> 4.2.4-P2
> > > Copyright 2004-2012 Internet Systems
> Consortium.
> > > All rights reserved.
> > > For info, please visit
> > https://www.isc.org/software/dhcp/
> > > LDAP line 29: semicolon expected.
> > > allow members of "proxied-clients"
> > > ^
> > > bad range, address 192.168.2.50 not in
> subnet
> > 192.168.1.0
> > > netmask
> > > 255.255.255.0
> > >
> > > This version of ISC DHCP is based on the
> release
> > available
> > > on ftp.isc.org. Features have been added
> and other
> > changes
> > > have been made to the base software
> release in order
> > to make
> > > it work better with this distribution.
> > >
> > > Please report for this software via the
> Red Hat
> > Bugzilla site:
> > > http://bugzilla.redhat.com
> > >
> > > exiting.
> > >
> > > cat -n /var/log/dhcp-ldap-startup.log:
> > > 1 ddns-update-style interim;
> > > 2 ddns-updates on;
> > > 3 update-static-leases on;
> > > 4 authoritative;
> > > 5 log-facility local1;
> > > 6 key dhcp { algorithm hmac-md5;
> secret
> > <<<removed>>>; }
> > > 7 zone 1.168.192.in-addr.arpa
> { primary
> > 192.168.50.1;
> > > key dhcp; }
> > > 8 zone 2.168.192.in-addr.arpa
> { primary
> > 192.168.50.1;
> > > key dhcp; }
> > > 9 zone 3.168.192.in-addr.arpa
> { primary
> > 192.168.50.1;
> > > key dhcp; }
> > > 10 zone 50.168.192.in-addr.arpa
> { primary
> > 192.168.50.1;
> > > key dhcp; }
> > > 11 zone bpk2.com { primary
> 192.168.50.1; key
> > dhcp; }
> > > 12 option T150 code 150 = string;
> > > 13 option wpad-url code 252 =
> text;subnet
> > 192.168.1.0
> > > netmask
> > > 255.255.255.0 {
> > > 14 allow client-updates;
> > > 15 default-lease-time 7200;
> > > 16 max-lease-time 86400;
> > > 17 ping-check true;
> > > 18 ddns-domainname "bpk2.com";
> > > 19 ignore bootp;
> > > 20 option domain-name "bpk2.com";
> > > 21 option subnet-mask 255.255.255.0;
> > > 22 option broadcast-address
> 192.168.1.255;
> > > 23 option routers 192.168.1.254;
> > > 24 option domain-name-servers
> > > ns01.bpk2.com,ns02.bpk2.com;
> > > 25 option ntp-servers ntp.bpk2.com;
> > > 26 option netbios-name-servers
> server.bpk2.com;
> > > 27 option wpad-url
> > "http://wpad.bpk2.com/wpad.dat;pool {
> > > 28 range 192.168.1.50 192.168.1.99;
> > > 29 allow members of
> "proxied-clients";
> > > 30 failover peer "dhcp-failover";
> > > 31 }pool {
> > > 32 range 192.168.1.100 192.168.1.149;
> > > 33 allow members of
> "unproxied-clients";
> > > 34 failover peer "dhcp-failover";
> > > 35 }pool {
> > > 36 range 192.168.1.150 192.168.1.199;
> > > 37 allow unknown-clients;
> > > 38 failover peer "dhcp-failover";
> > > 39 }
> > > 40 }subnet 192.168.2.0 netmask
> 255.255.255.0 {
> > > 41 allow client-updates;
> > > 42 default-lease-time 7200;
> > > 43 max-lease-time 86400;
> > > 44 ping-check true;
> > > 45 ddns-domainname "bpk2.com";
> > > 46 ignore bootp;
> > > 47 option domain-name "bpk2.com";
> > > 48 option subnet-mask 255.255.255.0;
> > > 49 option broadcast-address
> 192.168.2.255;
> > > 50 option routers 192.168.2.254;
> > > 51 option domain-name-servers
> > > ns01.bpk2.com,ns02.bpk2.com;
> > > 52 option ntp-servers ntp.bpk2.com;
> > > 53 option netbios-name-servers
> server.bpk2.com;
> > > 54 option wpad-url
> > "http://wpad.bpk2.com/wpad.dat;pool {
> > > 55 range 192.168.2.50 192.168.2.99;
> > > 56 allow members of
> "proxied-clients";
> > > 57 failover peer "dhcp-failover";
> > > 58 }[root at vpn dhcp]#
> > >
> > > if you see on line 27, the pool
> declaration which
> > should be on
> > > a
> > > separate line is not on its own line and
> is causing
> > issues
> > > further down
> > > in the config, it seems. lines 31, 35,
> 40, and 54
> > also seem
> > > to have
> > > this formatting issue. directives that
> should be on
> > separate
> > > lines and
> > > are not seem to be causing issues further
> down in
> > the config.
> > > not only
> > > is there something off with the expected
> semicolon,
> > but the
> > > 192.168.2.50
> > > range is being seen as attempted to be
> loaded into
> > the
> > > 192.168.1.0/24
> > > network. if the configs were read
> properly out of
> > LDAP, this
> > > would not
> > > be happening. Is the issue with the way i
> have
> > things setup
> > > in LDAP,
> > > such as ordering or something? an ldif
> export is
> > attached for
> > > review.
> > >
> > >
> _______________________________________________
> > > dhcp-users mailing list
> > > dhcp-users at lists.isc.org
> > >
> https://lists.isc.org/mailman/listinfo/dhcp-users
> > >
> > >
> > >
> > >
> > > --
> > > Jason K. Brandt
> > > Systems Administrator
> > > Bradley University
> > > (309) 677-2958
> > >
> > > _______________________________________________
> > > dhcp-users mailing list
> > > dhcp-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> >
> >
> >
> >
> > --
> > Jason K. Brandt
> > Systems Administrator
> > Bradley University
> > (309) 677-2958
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
>
>
> --
> Jason K. Brandt
> Systems Administrator
> Bradley University
> (309) 677-2958
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list