LDAP and formatting of configs
Jason Brandt
jbrandt at fsmail.bradley.edu
Wed Jun 5 14:13:54 UTC 2013
Does your config look like this now:
# dhcp01, DHCP Config, Daemons, bpk2.com
dn: cn=dhcp01,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dhcp01
dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
objectClass: top
objectClass: dhcpServer
dhcpStatement: failover peer "dhcp-failover" { primary; address x.x.x.x;
port 647; peer address y.y.y.y; peer port 647; max-response-delay 30;
max-unacked-updates 10; load balance max seconds 3; mclt 1800; split 128; }
# dhcp02, DHCP Config, Daemons, bpk2.com
dn: cn=dhcp02,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
cn: dhcp02
dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
objectClass: top
objectClass: dhcpServer
dhcpStatement: failover peer "dhcp-failover" { primary; address x.x.x.x;
port 647; peer address y.y.y.y; peer port 647; max-response-delay 30;
max-unacked-updates 10; load balance max seconds 3; mclt 1800; split 128; }
It looks as if somehow your dhcp-failover statements are in the cn=DHCP
Config to where it loads twice, instead of just in the initial server
config. If you want send me a dump again and i'll check it.
On Tue, Jun 4, 2013 at 5:11 PM, Brendan Kearney <bpk678 at gmail.com> wrote:
> i am getting closer, having tried something similar to what you suggest.
> i now get a redeclaration issue... i dont think i am missing quotes or
> semi-colons...
>
> dhcpd -4 -d -cf ./dhcpd.conf.ldap
> Internet Systems Consortium DHCP Server 4.2.4-P2
> Copyright 2004-2012 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> LDAP line 18: redeclaration of failover peer dhcp-failover
> }failover peer "dhcp-failover" {
> ^
> LDAP line 18: redeclaration of failover peer dhcp-failover
> }failover peer "dhcp-failover" { primary; address 192.168.25.1; port
> 647; peer a
> ^
> LDAP: cannot parse dhcpService entry 'cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com'
> Configuration file errors encountered -- exiting
>
> This version of ISC DHCP is based on the release available
> on ftp.isc.org. Features have been added and other changes
> have been made to the base software release in order to make
> it work better with this distribution.
>
> Please report for this software via the Red Hat Bugzilla site:
> http://bugzilla.redhat.com
>
> exiting.
> cat -n /var/log/dhcp-ldap-startup.log
> 1 failover peer "dhcp-failover" { secondary; address 192.168.50.1;
> port 647; peer address 192.168.25.1; peer port 647; max-response-delay
> 60; max-unacked-updates 10; load balance max seconds 3; }
> 2 ddns-update-style interim;
> 3 ddns-updates on;
> 4 update-static-leases on;
> 5 authoritative;
> 6 log-facility local1;
> 7 key dhcp { algorithm hmac-md5; secret gPzE5hDFTS6Fm0ET0XD3Wqs
> +GCJ9; }
> 8 zone 1.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
> 9 zone 2.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
> 10 zone 3.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
> 11 zone 50.168.192.in-addr.arpa { primary 192.168.50.1; key dhcp; }
> 12 zone bpk2.com { primary 192.168.50.1; key dhcp; }
> 13 option T150 code 150 = string;
> 14 option wpad-url code 252 = text;class "proxied-clients" {
> 15 match pick-first-value (option dhcp-client-identifier, hardware);
> 16 }class "unproxied-clients" {
> 17 match pick-first-value (option dhcp-client-identifier, hardware);
> 18 }failover peer "dhcp-failover" { primary; address 192.168.25.1;
> port 647; peer address 192.168.50.1; peer port 647; max-response-delay
> 60; max-unacked-updates 10; mclt 3600; load balance max seconds 3; split
> 128; }failover peer "dhcp-failover" { secondary; address 192.168.50.1;
> port 647; peer address 192.168.25.1; peer port 647; max-response-delay
> 60; max-unacked-updates 10; load balance max seconds 3; }shared-network
> "bpk2" {subnet 192.168.3.0 netmask 255.255.255.0 {
> 19 allow client-updates;
> 20 default-lease-time 7200;
> 21 max-lease-time 86400;
> 22 ping-check true;
> 23 ddns-domainname "bpk2.com";
> 24 ignore bootp;
> 25 option domain-name "bpk2.com";
> 26 option subnet-mask 255.255.255.0;
> 27 option broadcast-address 192.168.3.255;
> 28 option routers 192.168.3.254;
> 29 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
> 30 option ntp-servers ntp.bpk2.com;
> 31 option netbios-name-servers server.bpk2.com;
> 32 option wpad-url "http://wpad.bpk2.com/wpad.dat";pool {
> 33 range 192.168.3.100 192.168.3.199;
> 34 allow unknown-clients;
> 35 failover peer "dhcp-failover";
> 36 }
> 37 }subnet 192.168.50.0 netmask 255.255.255.0 {
> 38 allow client-updates;
> 39 default-lease-time 7200;
> 40 max-lease-time 86400;
> 41 ping-check true;
> 42 ddns-domainname "bpk2.com";
> 43 ignore bootp;
> 44 option domain-name "bpk2.com";
> 45 option subnet-mask 255.255.255.0;
> 46 option broadcast-address 192.168.50.255;
> 47 option routers 192.168.50.254;
> 48 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
> 49 option ntp-servers ntp.bpk2.com;
> 50 option netbios-name-servers server.bpk2.com;
> 51 option wpad-url "http://wpad.bpk2.com/wpad.dat";pool {
> 52 range 192.168.50.50 192.168.50.99;
> 53 allow members of "proxied-clients";
> 54 failover peer "dhcp-failover";
> 55 }
> 56 }subnet 192.168.1.0 netmask 255.255.255.0 {
> 57 allow client-updates;
> 58 default-lease-time 7200;
> 59 max-lease-time 86400;
> 60 ping-check true;
> 61 ddns-domainname "bpk2.com";
> 62 ignore bootp;
> 63 option domain-name "bpk2.com";
> 64 option subnet-mask 255.255.255.0;
> 65 option broadcast-address 192.168.1.255;
> 66 option routers 192.168.1.254;
> 67 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
> 68 option ntp-servers ntp.bpk2.com;
> 69 option netbios-name-servers server.bpk2.com;
> 70 option wpad-url "http://wpad.bpk2.com/wpad.dat";pool {
> 71 range 192.168.1.50 192.168.1.99;
> 72 allow members of "proxied-clients";
> 73 failover peer "dhcp-failover";
> 74 }pool {
> 75 range 192.168.1.100 192.168.1.149;
> 76 allow members of "unproxied-clients";
> 77 failover peer "dhcp-failover";
> 78 }pool {
> 79 range 192.168.1.150 192.168.1.199;
> 80 allow unknown-clients;
> 81 failover peer "dhcp-failover";
> 82 }
> 83 }subnet 192.168.2.0 netmask 255.255.255.0 {
> 84 allow client-updates;
> 85 default-lease-time 7200;
> 86 max-lease-time 86400;
> 87 ping-check true;
> 88 ddns-domainname "bpk2.com";
> 89 ignore bootp;
> 90 option domain-name "bpk2.com";
> 91 option subnet-mask 255.255.255.0;
> 92 option broadcast-address 192.168.2.255;
> 93 option routers 192.168.2.254;
> 94 option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
> 95 option ntp-servers ntp.bpk2.com;
> 96 option netbios-name-servers server.bpk2.com;
> 97 option wpad-url "http://wpad.bpk2.com/wpad.dat";pool {
> 98 range 192.168.2.50 192.168.2.99;
> 99 allow members of "proxied-clients";
> 100 failover peer "dhcp-failover";
> 101 }pool {
> 102 range 192.168.2.100 192.168.2.149;
> 103 allow members of "unproxied-clients";
> 104 failover peer "dhcp-failover";
> 105 }pool {
> 106 range 192.168.2.150 192.168.2.199;
> 107 allow unknown-clients;
> 108 failover peer "dhcp-failover";
> 109 }
> 110 }
> 111 }
> On Tue, 2013-06-04 at 11:06 -0500, Jason Brandt wrote:
> > What I found (and this may not be proper, but it works), is that if
> > you create a DHCP group for your networks (I named mine cn=Networks,
> > and put all my subnets in it), that your classes will then get loaded
> > before your networks, and you won't have the issues with loading. It
> > seems to load the groups after everything else. Again, not sure if
> > it's proper, but it works well.
> >
> >
> > I don't believe your DHCP Failover will work as you have it
> > configured. I put mine in my ldap config, with a dhcpStatement in my
> > dhcpServer definitions. The statement looks like this:
> > failover peer "dhcp-failover" { primary; address x.x.x.x; port 647;
> > peer address y.y.y.y; peer port 647; max-response-delay 30;
> > max-unacked-updates 10; load balance max seconds 3; mclt 1800; split
> > 128; }
> >
> >
> >
> > That entry goes in both server definitions, with each server pointing
> > to the other.
> >
> >
> > Then remove this section:
> >
> > # dhcp-failover, DHCP Config, Daemons, bpk2.com
> > dn: cn=dhcp-failover,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> > cn: dhcp-failover
> > dhcpFailOverLoadBalanceTime: 3
> > dhcpFailOverPrimaryPort: 647
> > dhcpFailOverPrimaryServer: dhcp01
> > dhcpFailOverResponseDelay: 60
> > dhcpFailOverSecondaryPort: 647
> > dhcpFailOverSecondaryServer: dhcp02
> > dhcpFailOverSplit: 128
> > dhcpFailOverUnackedUpdates: 10
> > dhcpMaxClientLeadTime: 3600
> > objectClass: dhcpFailOverPeer
> > objectClass: top
> >
> >
> >
> > On Tue, Jun 4, 2013 at 10:36 AM, Brendan Kearney <bpk678 at gmail.com>
> > wrote:
> > the end quote was missing in all scopes that had the wpad
> > directive.
> > thank you for the find. is it your keen eyes that found that,
> > or do you
> > have a syntax checker that i might be able to use? i have
> > added the
> > quote, and tried again. i now get errors saying that the
> > failover
> > directives fail because the peer is not being found. errors
> > are also
> > found because the proxied-class is not found.
> >
> > the failover and proxied-class CNs are listed after the subnet
> > CNs in
> > LDAP. the ordering of these seems to be critical. how do i
> > arrange
> > things in LDAP so that they are in the correct order?
> >
> > On Tue, 2013-06-04 at 09:55 -0500, Jason Brandt wrote:
> > > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat is
> > missing the
> > > end "
> > >
> > >
> > >
> > > On Tue, Jun 4, 2013 at 9:42 AM, Brendan Kearney
> > <bpk678 at gmail.com>
> > > wrote:
> > > straight up ldapsearch below.
> > >
> > > [brendan at desktop bin]$ sudo ldapsearch -D
> > > cn=Manager,dc=bpk2,dc=com -w
> > > password -b "cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com"
> > > # extended LDIF
> > > #
> > > # LDAPv3
> > > # base <cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com>
> > with scope
> > > subtree
> > > # filter: (objectclass=*)
> > > # requesting: ALL
> > > #
> > >
> > > # DHCP Config, Daemons, bpk2.com
> > > dn: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: DHCP Config
> > > dhcpPrimaryDN: cn=dhcp01,dc=bpk2,dc=com
> > > dhcpSecondaryDN: cn=dhcp02,dc=bpk2,dc=com
> > > objectClass: top
> > > objectClass: dhcpService
> > > objectClass: dhcpOptions
> > > dhcpFailOverPeerDN: cn=dhcp01,dc=bpk2,dc=com
> > > dhcpFailOverPeerDN: cn=dhcp02,dc=bpk2,dc=com
> > > dhcpOption: T150 code 150 = string
> > > dhcpOption: wpad-url code 252 = text
> > > dhcpStatements: ddns-update-style interim
> > > dhcpStatements: ddns-updates on
> > > dhcpStatements: update-static-leases on
> > > dhcpStatements: authoritative
> > > dhcpStatements: log-facility local1
> > > dhcpStatements: key dhcp { algorithm hmac-md5;
> > secret
> > > <<<removed>>>; }
> > > dhcpStatements: zone 1.168.192.in-addr.arpa
> > { primary
> > > 192.168.50.1; key
> > > dhcp;
> > > }
> > > dhcpStatements: zone 2.168.192.in-addr.arpa
> > { primary
> > > 192.168.50.1; key
> > > dhcp;
> > > }
> > > dhcpStatements: zone 3.168.192.in-addr.arpa
> > { primary
> > > 192.168.50.1; key
> > > dhcp;
> > > }
> > > dhcpStatements: zone 50.168.192.in-addr.arpa
> > { primary
> > > 192.168.50.1; key
> > > dhcp;
> > > }
> > > dhcpStatements: zone bpk2.com { primary
> > 192.168.50.1; key
> > > dhcp; }
> > >
> > > # 192.168.1.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=192.168.1.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: 192.168.1.0
> > > dhcpNetMask: 24
> > > objectClass: top
> > > objectClass: dhcpSubnet
> > > objectClass: dhcpOptions
> > > dhcpOption: domain-name "bpk2.com"
> > > dhcpOption: subnet-mask 255.255.255.0
> > > dhcpOption: broadcast-address 192.168.1.255
> > > dhcpOption: routers 192.168.1.254
> > > dhcpOption: domain-name-servers
> > ns01.bpk2.com,ns02.bpk2.com
> > > dhcpOption: ntp-servers ntp.bpk2.com
> > > dhcpOption: netbios-name-servers server.bpk2.com
> > > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> > > dhcpStatements: allow client-updates
> > > dhcpStatements: default-lease-time 7200
> > > dhcpStatements: max-lease-time 86400
> > > dhcpStatements: ping-check true
> > > dhcpStatements: ddns-domainname "bpk2.com"
> > > dhcpStatements: ignore bootp
> > >
> > > # pool1, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=pool1,cn=192.168.1.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool1
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpStatements: allow members of "proxied-clients"
> > > dhcpStatements: failover peer "dhcp-failover"
> > > dhcpRange: 192.168.1.50 192.168.1.99
> > >
> > > # pool2, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=pool2,cn=192.168.1.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool2
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.1.100 192.168.1.149
> > > dhcpStatements: allow members of "unproxied-clients"
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # pool3, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=pool3,cn=192.168.1.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool3
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.1.150 192.168.1.199
> > > dhcpStatements: allow unknown-clients
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # 192.168.2.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=192.168.2.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: 192.168.2.0
> > > dhcpNetMask: 24
> > > objectClass: top
> > > objectClass: dhcpSubnet
> > > objectClass: dhcpOptions
> > > dhcpStatements: allow client-updates
> > > dhcpStatements: default-lease-time 7200
> > > dhcpStatements: max-lease-time 86400
> > > dhcpStatements: ping-check true
> > > dhcpStatements: ddns-domainname "bpk2.com"
> > > dhcpStatements: ignore bootp
> > > dhcpOption: domain-name "bpk2.com"
> > > dhcpOption: subnet-mask 255.255.255.0
> > > dhcpOption: broadcast-address 192.168.2.255
> > > dhcpOption: routers 192.168.2.254
> > > dhcpOption: domain-name-servers
> > ns01.bpk2.com,ns02.bpk2.com
> > > dhcpOption: ntp-servers ntp.bpk2.com
> > > dhcpOption: netbios-name-servers server.bpk2.com
> > > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> > >
> > > # pool1, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=pool1,cn=192.168.2.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool1
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.2.50 192.168.2.99
> > > dhcpStatements: allow members of "proxied-clients"
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # pool2, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=pool2,cn=192.168.2.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool2
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.2.100 192.168.2.149
> > > dhcpStatements: allow members of "unproxied-clients"
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # pool3, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=pool3,cn=192.168.2.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool3
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.2.150 192.168.2.199
> > > dhcpStatements: allow unknown-clients
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # 192.168.3.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=192.168.3.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: 192.168.3.0
> > > dhcpNetMask: 24
> > > objectClass: top
> > > objectClass: dhcpSubnet
> > > objectClass: dhcpOptions
> > > dhcpOption: domain-name "bpk2.com"
> > > dhcpOption: subnet-mask 255.255.255.0
> > > dhcpOption: broadcast-address 192.168.3.255
> > > dhcpOption: routers 192.168.3.254
> > > dhcpOption: domain-name-servers
> > ns01.bpk2.com,ns02.bpk2.com
> > > dhcpOption: ntp-servers ntp.bpk2.com
> > > dhcpOption: netbios-name-servers server.bpk2.com
> > > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> > > dhcpStatements: allow client-updates
> > > dhcpStatements: default-lease-time 7200
> > > dhcpStatements: max-lease-time 86400
> > > dhcpStatements: ping-check true
> > > dhcpStatements: ddns-domainname "bpk2.com"
> > > dhcpStatements: ignore bootp
> > >
> > > # pool1, 192.168.3.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=pool1,cn=192.168.3.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool1
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.3.100 192.168.3.199
> > > dhcpStatements: allow unknown-clients
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # 192.168.50.0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=192.168.50.0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: 192.168.50.0
> > > dhcpNetMask: 24
> > > objectClass: top
> > > objectClass: dhcpSubnet
> > > objectClass: dhcpOptions
> > > dhcpOption: domain-name "bpk2.com"
> > > dhcpOption: subnet-mask 255.255.255.0
> > > dhcpOption: broadcast-address 192.168.50.255
> > > dhcpOption: routers 192.168.50.254
> > > dhcpOption: domain-name-servers
> > ns01.bpk2.com,ns02.bpk2.com
> > > dhcpOption: ntp-servers ntp.bpk2.com
> > > dhcpOption: netbios-name-servers server.bpk2.com
> > > dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> > > dhcpStatements: allow client-updates
> > > dhcpStatements: default-lease-time 7200
> > > dhcpStatements: max-lease-time 86400
> > > dhcpStatements: ping-check true
> > > dhcpStatements: ddns-domainname "bpk2.com"
> > > dhcpStatements: ignore bootp
> > >
> > > # pool1, 192.168.50.0, DHCP Config, Daemons,
> > bpk2.com
> > > dn: cn=pool1,cn=192.168.50.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool1
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.50.50 192.168.50.99
> > > dhcpStatements: allow members of "proxied-clients"
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # pool2, 192.168.50.0, DHCP Config, Daemons,
> > bpk2.com
> > > dn: cn=pool2,cn=192.168.50.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool2
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.50.100 192.168.50.149
> > > dhcpStatements: allow members of "unproxied-clients"
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # pool3, 192.168.50.0, DHCP Config, Daemons,
> > bpk2.com
> > > dn: cn=pool3,cn=192.168.50.0,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: pool3
> > > objectClass: top
> > > objectClass: dhcpPool
> > > dhcpRange: 192.168.50.150 192.168.50.199
> > > dhcpStatements: allow unknown-clients
> > > dhcpStatements: failover peer "dhcp-failover"
> > >
> > > # dev, DHCP Config, Daemons, bpk2.com
> > > dn: cn=dev,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: dev
> > > dhcpOption: dhcp-client-identifier
> > 1:e4:11:5b:13:80:b8
> > > objectClass: top
> > > objectClass: dhcpHost
> > > objectClass: dhcpOptions
> > > dhcpHWAddress: ethernet e4:11:5b:13:80:b8
> > > dhcpStatements: ddns-hostname "dev"
> > >
> > > # printer-eth0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=printer-eth0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: printer-eth0
> > > objectClass: top
> > > objectClass: dhcpHost
> > > dhcpHWAddress: ethernet 00:15:60:49:7b:44
> > > dhcpStatements: fixed-address 192.168.1.3
> > > dhcpStatements: ddns-hostname "printer"
> > >
> > > # printer-wlan0, DHCP Config, Daemons, bpk2.com
> > > dn: cn=printer-wlan0,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: printer-wlan0
> > > objectClass: top
> > > objectClass: dhcpHost
> > > dhcpHWAddress: ethernet 00:15:60:e8:ae:83
> > > dhcpStatements: fixed-address 192.168.1.3
> > > dhcpStatements: ddns-hostname "printer"
> > >
> > > # proxied-clients, DHCP Config, Daemons, bpk2.com
> > > dn: cn=proxied-clients,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: proxied-clients
> > > objectClass: top
> > > objectClass: dhcpClass
> > > dhcpStatements: match pick-first-value (option
> > > dhcp-client-identifier,
> > > hardwar
> > > e)
> > >
> > > # unproxied-clients, DHCP Config, Daemons, bpk2.com
> > > dn: cn=unproxied-clients,cn=DHCP
> > > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: unproxied-clients
> > > objectClass: top
> > > objectClass: dhcpClass
> > > dhcpStatements: match pick-first-value (option
> > > dhcp-client-identifier,
> > > hardwar
> > > e)
> > >
> > > # dhcp-failover, DHCP Config, Daemons, bpk2.com
> > > dn: cn=dhcp-failover,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: dhcp-failover
> > > dhcpFailOverLoadBalanceTime: 3
> > > dhcpFailOverPrimaryPort: 647
> > > dhcpFailOverPrimaryServer: dhcp01
> > > dhcpFailOverResponseDelay: 60
> > > dhcpFailOverSecondaryPort: 647
> > > dhcpFailOverSecondaryServer: dhcp02
> > > dhcpFailOverSplit: 128
> > > dhcpFailOverUnackedUpdates: 10
> > > dhcpMaxClientLeadTime: 3600
> > > objectClass: dhcpFailOverPeer
> > > objectClass: top
> > >
> > > # dhcp01, DHCP Config, Daemons, bpk2.com
> > > dn: cn=dhcp01,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: dhcp01
> > > dhcpServiceDN: cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > objectClass: top
> > > objectClass: dhcpServer
> > >
> > > # dhcp02, DHCP Config, Daemons, bpk2.com
> > > dn: cn=dhcp02,cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > cn: dhcp02
> > > dhcpServiceDN: cn=DHCP
> > Config,ou=Daemons,dc=bpk2,dc=com
> > > objectClass: top
> > > objectClass: dhcpServer
> > >
> > > # search result
> > > search: 2
> > > result: 0 Success
> > >
> > > # numResponses: 24
> > > # numEntries: 23
> > >
> > > On Tue, 2013-06-04 at 09:25 -0500, Jason Brandt
> > wrote:
> > > > Please do a dump of your config from LDAP
> > directly. It
> > > looks like you
> > > > have a configuration error. The LDAP module is
> > very
> > > particular about
> > > > how things are grouped and formatted. JXplorer
> > works very
> > > well for
> > > > this: http://jxplorer.org/
> > > >
> > > >
> > > > On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney
> > > <bpk678 at gmail.com>
> > > > wrote:
> > > > hi all,
> > > >
> > > > i am using DHCP 4.2.4-P2 on fedora 16
> > currently and
> > > want to
> > > > move my
> > > > config into LDAP. i am running a
> > load-sharing
> > > instance
> > > > between two
> > > > servers, supporting 2 or 3 scopes per
> > subnet, with
> > > about 3
> > > > subnets. in
> > > > the dhcpd.conf (file based) format, the
> > configs are
> > > working.
> > > > when i
> > > > start putting the config directives into
> > LDAP, i see
> > > that
> > > > lines run into
> > > > each other and weird issues crop up
> > because of badly
> > > formatted
> > > > configs
> > > > being read into the dhcp instance.
> > > >
> > > > dhcpd.conf.ldap:
> > > > ldap-server "ldap.bpk2.com";
> > > > ldap-port 389;
> > > > ldap-username "user";
> > > > ldap-password "password";
> > > > ldap-base-dn "dc=bpk2,dc=com";
> > > > # ldap-base-dn
> > > "ou=Computers,cn=Servers,dc=bpk2,dc=com";
> > > > ldap-method dynamic;
> > > > ldap-debug-file
> > "/var/log/dhcp-ldap-startup.log";
> > > >
> > > > dhcpd -4 -d -cf ./dhcpd.conf.ldap:
> > > > Internet Systems Consortium DHCP Server
> > 4.2.4-P2
> > > > Copyright 2004-2012 Internet Systems
> > Consortium.
> > > > All rights reserved.
> > > > For info, please visit
> > > https://www.isc.org/software/dhcp/
> > > > LDAP line 29: semicolon expected.
> > > > allow members of "proxied-clients"
> > > > ^
> > > > bad range, address 192.168.2.50 not in
> > subnet
> > > 192.168.1.0
> > > > netmask
> > > > 255.255.255.0
> > > >
> > > > This version of ISC DHCP is based on the
> > release
> > > available
> > > > on ftp.isc.org. Features have been added
> > and other
> > > changes
> > > > have been made to the base software
> > release in order
> > > to make
> > > > it work better with this distribution.
> > > >
> > > > Please report for this software via the
> > Red Hat
> > > Bugzilla site:
> > > > http://bugzilla.redhat.com
> > > >
> > > > exiting.
> > > >
> > > > cat -n /var/log/dhcp-ldap-startup.log:
> > > > 1 ddns-update-style interim;
> > > > 2 ddns-updates on;
> > > > 3 update-static-leases on;
> > > > 4 authoritative;
> > > > 5 log-facility local1;
> > > > 6 key dhcp { algorithm hmac-md5;
> > secret
> > > <<<removed>>>; }
> > > > 7 zone 1.168.192.in-addr.arpa
> > { primary
> > > 192.168.50.1;
> > > > key dhcp; }
> > > > 8 zone 2.168.192.in-addr.arpa
> > { primary
> > > 192.168.50.1;
> > > > key dhcp; }
> > > > 9 zone 3.168.192.in-addr.arpa
> > { primary
> > > 192.168.50.1;
> > > > key dhcp; }
> > > > 10 zone 50.168.192.in-addr.arpa
> > { primary
> > > 192.168.50.1;
> > > > key dhcp; }
> > > > 11 zone bpk2.com { primary
> > 192.168.50.1; key
> > > dhcp; }
> > > > 12 option T150 code 150 = string;
> > > > 13 option wpad-url code 252 =
> > text;subnet
> > > 192.168.1.0
> > > > netmask
> > > > 255.255.255.0 {
> > > > 14 allow client-updates;
> > > > 15 default-lease-time 7200;
> > > > 16 max-lease-time 86400;
> > > > 17 ping-check true;
> > > > 18 ddns-domainname "bpk2.com";
> > > > 19 ignore bootp;
> > > > 20 option domain-name "bpk2.com";
> > > > 21 option subnet-mask 255.255.255.0;
> > > > 22 option broadcast-address
> > 192.168.1.255;
> > > > 23 option routers 192.168.1.254;
> > > > 24 option domain-name-servers
> > > > ns01.bpk2.com,ns02.bpk2.com;
> > > > 25 option ntp-servers ntp.bpk2.com;
> > > > 26 option netbios-name-servers
> > server.bpk2.com;
> > > > 27 option wpad-url
> > > "http://wpad.bpk2.com/wpad.dat;pool {
> > > > 28 range 192.168.1.50 192.168.1.99;
> > > > 29 allow members of
> > "proxied-clients";
> > > > 30 failover peer "dhcp-failover";
> > > > 31 }pool {
> > > > 32 range 192.168.1.100 192.168.1.149;
> > > > 33 allow members of
> > "unproxied-clients";
> > > > 34 failover peer "dhcp-failover";
> > > > 35 }pool {
> > > > 36 range 192.168.1.150 192.168.1.199;
> > > > 37 allow unknown-clients;
> > > > 38 failover peer "dhcp-failover";
> > > > 39 }
> > > > 40 }subnet 192.168.2.0 netmask
> > 255.255.255.0 {
> > > > 41 allow client-updates;
> > > > 42 default-lease-time 7200;
> > > > 43 max-lease-time 86400;
> > > > 44 ping-check true;
> > > > 45 ddns-domainname "bpk2.com";
> > > > 46 ignore bootp;
> > > > 47 option domain-name "bpk2.com";
> > > > 48 option subnet-mask 255.255.255.0;
> > > > 49 option broadcast-address
> > 192.168.2.255;
> > > > 50 option routers 192.168.2.254;
> > > > 51 option domain-name-servers
> > > > ns01.bpk2.com,ns02.bpk2.com;
> > > > 52 option ntp-servers ntp.bpk2.com;
> > > > 53 option netbios-name-servers
> > server.bpk2.com;
> > > > 54 option wpad-url
> > > "http://wpad.bpk2.com/wpad.dat;pool {
> > > > 55 range 192.168.2.50 192.168.2.99;
> > > > 56 allow members of
> > "proxied-clients";
> > > > 57 failover peer "dhcp-failover";
> > > > 58 }[root at vpn dhcp]#
> > > >
> > > > if you see on line 27, the pool
> > declaration which
> > > should be on
> > > > a
> > > > separate line is not on its own line and
> > is causing
> > > issues
> > > > further down
> > > > in the config, it seems. lines 31, 35,
> > 40, and 54
> > > also seem
> > > > to have
> > > > this formatting issue. directives that
> > should be on
> > > separate
> > > > lines and
> > > > are not seem to be causing issues further
> > down in
> > > the config.
> > > > not only
> > > > is there something off with the expected
> > semicolon,
> > > but the
> > > > 192.168.2.50
> > > > range is being seen as attempted to be
> > loaded into
> > > the
> > > > 192.168.1.0/24
> > > > network. if the configs were read
> > properly out of
> > > LDAP, this
> > > > would not
> > > > be happening. Is the issue with the way i
> > have
> > > things setup
> > > > in LDAP,
> > > > such as ordering or something? an ldif
> > export is
> > > attached for
> > > > review.
> > > >
> > > >
> > _______________________________________________
> > > > dhcp-users mailing list
> > > > dhcp-users at lists.isc.org
> > > >
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Jason K. Brandt
> > > > Systems Administrator
> > > > Bradley University
> > > > (309) 677-2958
> > > >
> > > > _______________________________________________
> > > > dhcp-users mailing list
> > > > dhcp-users at lists.isc.org
> > > > https://lists.isc.org/mailman/listinfo/dhcp-users
> > >
> > >
> > > _______________________________________________
> > > dhcp-users mailing list
> > > dhcp-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/dhcp-users
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Jason K. Brandt
> > > Systems Administrator
> > > Bradley University
> > > (309) 677-2958
> > >
> > > _______________________________________________
> > > dhcp-users mailing list
> > > dhcp-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> >
> >
> >
> >
> > --
> > Jason K. Brandt
> > Systems Administrator
> > Bradley University
> > (309) 677-2958
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Jason K. Brandt
Systems Administrator
Bradley University
(309) 677-2958
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130605/9a0f70ea/attachment-0001.html>
More information about the dhcp-users
mailing list