LDAP Subclasses in dynamic mode

Jason Brandt jbrandt at fsmail.bradley.edu
Thu May 16 21:10:28 UTC 2013 

Ubuntu 12.04 with Installed Packages:
isc-dhcp-server        4.1.ESV-R4-0ubuntu5.6  ISC DHCP server for automatic
IP address assignment
isc-dhcp-server-ldap   4.1.ESV-R4-0ubuntu5.6  DHCP server able to use LDAP
as backend

We are attempting to implement a failover DHCP server configuration, using
LDAP for the back end.  We have multiple pools assigned by clientClass
configuration, using host definitions and subclasses.  So far, everything
with my LDAP configuration is working properly when loading the
configuration in Static mode, and the test client gets the proper address
for the class it is assigned to.

However, when I switch to dynamic mode (more practical for our larger
network), the subclass entries appear to quit working; upon renew on the
testclient, both servers log the following:

DHCPDISCOVER from 00:50:56:a2:00:06 via eth0: peer holds all free leases

If I switch back to static, the address renews properly.  It doesn't seem
to matter where in my LDAP tree the subclass entries sit.

The following is the generated LDAP config when ldap-method is static.  If
it would help, I can also provide an LDAP export.  Is there any special
means of handling subclasses in dynamic config mode?  Any insight would be
appreciated.

default-lease-time 86400;
max-lease-time 604800;
log-facility local7;
deny client-updates;
authoritative;
ddns-update-style none;
option domain-name "bradley.edu";
option domain-name-servers 192.168.190.100, 192.168.253.10;
group {
}
class "TESTVLAN" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Advancement" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Automation" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "BFundCC" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "BU-VOIP1-START" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "BuildingTech" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Business-Affairs" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "CAMPUS-VOIP1-START" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "CEGT" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "CFA" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "ContEd-CC" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "EHS" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Enrollment" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "FCBA" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Gradschool" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Hippa" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "IRT" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Printer-Working" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "LAS" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Pres-Prov" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "QuickCard" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Registrar" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Sharp" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Staff" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "VPN-Working" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "WAP" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "Wireless-Working" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
host testclient1 {
hardware ethernet 00:50:56:A2:00:06;
option dhcp-client-identifier 1:00:50:56:A2:00:06;
}
subclass "IRT" 1:00:50:56:A2:00:06 {
}
subclass "IRT" 00:50:56:A2:00:06 {
}
group {
shared-network "Bradley-Network" {
subnet 192.168.136.0 netmask 255.255.255.0 {
pool {
range 192.168.136.200 192.168.136.210;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "TESTVLAN";
option routers 192.168.136.1;
}
}
subnet 10.1.1.0 netmask 255.255.255.0 {
pool {
range 10.1.1.100 10.1.1.200;
allow unknown-clients;
failover peer "dhcp-failover";
option routers 10.1.1.1;
}
}
subnet 10.217.217.0 netmask 255.255.255.0 {
option routers 10.217.217.1;
pool {
range 10.217.217.6 10.217.217.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "BU-VOIP1-START";
}
}
subnet 10.52.52.0 netmask 255.255.255.0 {
option routers 10.52.52.1;
pool {
range 10.52.52.16 10.52.52.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "CAMPUS-VOIP1-START";
}
}
subnet 192.168.4.0 netmask 255.255.252.0 {
option routers 192.168.4.1;
pool {
range 192.168.4.16 192.168.4.254;
deny unknown-clients;
failover peer "dhcp-failover";
range 192.168.5.16 192.168.5.254;
range 192.168.6.2 192.168.6.254;
range 192.168.7.16 192.168.7.254;
allow members of "WAP";
}
}
subnet 192.168.128.0 netmask 255.255.248.0 {
option routers 192.168.128.1;
pool {
range 192.168.128.16 192.168.128.254;
deny unknown-clients;
failover peer "dhcp-failover";
range 192.168.129.16 192.168.129.254;
range 192.168.130.16 192.168.130.254;
range 192.168.131.16 192.168.131.254;
range 192.168.132.16 192.168.132.254;
allow members of "Wireless-Working";
}
}
subnet 192.168.144.0 netmask 255.255.248.0 {
option routers 192.168.144.1;
pool {
range 192.168.144.16 192.168.144.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "VPN-Working";
}
}
subnet 192.168.152.0 netmask 255.255.255.0 {
option routers 192.168.152.1;
pool {
range 192.168.152.16 192.168.152.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Sharp";
}
}
subnet 192.168.160.0 netmask 255.255.252.0 {
option routers 192.168.160.1;
pool {
range 192.168.161.16 192.168.161.254;
deny unknown-clients;
failover peer "dhcp-failover";
range 192.168.162.16 192.168.162.31;
range 192.168.162.131 192.168.162.254;
allow members of "Staff";
}
}
subnet 192.168.167.64 netmask 255.255.255.192 {
option routers 192.168.167.65;
pool {
range 192.168.167.96 192.168.167.126;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "ContEd-CC";
}
}
subnet 192.168.168.0 netmask 255.255.248.0 {
option routers 192.168.168.1;
pool {
range 192.168.172.16 192.168.172.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "CEGT";
}
pool {
range 192.168.170.16 192.168.170.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "CFA";
}
pool {
range 192.168.171.16 192.168.171.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "EHS";
}
pool {
range 192.168.169.16 192.168.169.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "FCBA";
}
pool {
range 192.168.174.16 192.168.174.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Gradschool";
}
pool {
range 192.168.173.16 192.168.173.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "LAS";
}
}
subnet 192.168.234.0 netmask 255.255.255.0 {
option routers 192.168.234.1;
pool {
range 192.168.234.67 192.168.234.120;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Hippa";
}
}
subnet 192.168.236.0 netmask 255.255.255.192 {
option routers 192.168.236.1;
pool {
range 192.168.236.3 192.168.236.62;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "BFundCC";
}
}
subnet 192.168.237.0 netmask 255.255.255.0 {
option routers 192.168.237.1;
pool {
range 192.168.237.16 192.168.237.150;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Automation";
}
}
subnet 192.168.238.0 netmask 255.255.255.0 {
option routers 192.168.238.1;
pool {
range 192.168.238.16 192.168.238.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "QuickCard";
}
}
subnet 192.168.228.0 netmask 255.255.252.0 {
option routers 192.168.228.1;
pool {
range 192.168.228.16 192.168.231.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "BuildingTech";
}
}
subnet 192.168.176.0 netmask 255.255.248.0 {
option routers 192.168.176.1;
pool {
range 192.168.178.16 192.168.178.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Advancement";
}
pool {
range 192.168.177.16 192.168.177.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Business-Affairs";
}
pool {
range 192.168.180.16 192.168.180.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Enrollment";
}
pool {
range 192.168.176.101 192.168.176.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Pres-Prov";
}
pool {
range 192.168.179.16 192.168.179.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Registrar";
}
}
subnet 192.168.184.0 netmask 255.255.248.0 {
option routers 192.168.184.1;
pool {
range 192.168.185.16 192.168.185.254;
failover peer "dhcp-failover";
range 192.168.186.16 192.168.186.254;
range 192.168.187.16 192.168.187.31;
allow members of "IRT";
deny unknown-clients;
}
pool {
range 192.168.191.16 192.168.191.254;
deny unknown-clients;
failover peer "dhcp-failover";
allow members of "Printer-Working";
}
}
}
}


-- 
Jason K. Brandt
Systems Administrator
Bradley University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130516/4ef54e52/attachment.html>

More information about the dhcp-users mailing list