LDAP and formatting of configs
Brendan Kearney
bpk678 at gmail.com
Tue Jun 4 15:36:08 UTC 2013
the end quote was missing in all scopes that had the wpad directive.
thank you for the find. is it your keen eyes that found that, or do you
have a syntax checker that i might be able to use? i have added the
quote, and tried again. i now get errors saying that the failover
directives fail because the peer is not being found. errors are also
found because the proxied-class is not found.
the failover and proxied-class CNs are listed after the subnet CNs in
LDAP. the ordering of these seems to be critical. how do i arrange
things in LDAP so that they are in the correct order?
On Tue, 2013-06-04 at 09:55 -0500, Jason Brandt wrote:
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat is missing the
> end "
>
>
>
> On Tue, Jun 4, 2013 at 9:42 AM, Brendan Kearney <bpk678 at gmail.com>
> wrote:
> straight up ldapsearch below.
>
> [brendan at desktop bin]$ sudo ldapsearch -D
> cn=Manager,dc=bpk2,dc=com -w
> password -b "cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com"
> # extended LDIF
> #
> # LDAPv3
> # base <cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com> with scope
> subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # DHCP Config, Daemons, bpk2.com
> dn: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: DHCP Config
> dhcpPrimaryDN: cn=dhcp01,dc=bpk2,dc=com
> dhcpSecondaryDN: cn=dhcp02,dc=bpk2,dc=com
> objectClass: top
> objectClass: dhcpService
> objectClass: dhcpOptions
> dhcpFailOverPeerDN: cn=dhcp01,dc=bpk2,dc=com
> dhcpFailOverPeerDN: cn=dhcp02,dc=bpk2,dc=com
> dhcpOption: T150 code 150 = string
> dhcpOption: wpad-url code 252 = text
> dhcpStatements: ddns-update-style interim
> dhcpStatements: ddns-updates on
> dhcpStatements: update-static-leases on
> dhcpStatements: authoritative
> dhcpStatements: log-facility local1
> dhcpStatements: key dhcp { algorithm hmac-md5; secret
> <<<removed>>>; }
> dhcpStatements: zone 1.168.192.in-addr.arpa { primary
> 192.168.50.1; key
> dhcp;
> }
> dhcpStatements: zone 2.168.192.in-addr.arpa { primary
> 192.168.50.1; key
> dhcp;
> }
> dhcpStatements: zone 3.168.192.in-addr.arpa { primary
> 192.168.50.1; key
> dhcp;
> }
> dhcpStatements: zone 50.168.192.in-addr.arpa { primary
> 192.168.50.1; key
> dhcp;
> }
> dhcpStatements: zone bpk2.com { primary 192.168.50.1; key
> dhcp; }
>
> # 192.168.1.0, DHCP Config, Daemons, bpk2.com
> dn: cn=192.168.1.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: 192.168.1.0
> dhcpNetMask: 24
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpOption: domain-name "bpk2.com"
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 192.168.1.255
> dhcpOption: routers 192.168.1.254
> dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
> dhcpOption: ntp-servers ntp.bpk2.com
> dhcpOption: netbios-name-servers server.bpk2.com
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> dhcpStatements: allow client-updates
> dhcpStatements: default-lease-time 7200
> dhcpStatements: max-lease-time 86400
> dhcpStatements: ping-check true
> dhcpStatements: ddns-domainname "bpk2.com"
> dhcpStatements: ignore bootp
>
> # pool1, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool1,cn=192.168.1.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpStatements: allow members of "proxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
> dhcpRange: 192.168.1.50 192.168.1.99
>
> # pool2, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool2,cn=192.168.1.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool2
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.1.100 192.168.1.149
> dhcpStatements: allow members of "unproxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool3, 192.168.1.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool3,cn=192.168.1.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool3
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.1.150 192.168.1.199
> dhcpStatements: allow unknown-clients
> dhcpStatements: failover peer "dhcp-failover"
>
> # 192.168.2.0, DHCP Config, Daemons, bpk2.com
> dn: cn=192.168.2.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: 192.168.2.0
> dhcpNetMask: 24
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpStatements: allow client-updates
> dhcpStatements: default-lease-time 7200
> dhcpStatements: max-lease-time 86400
> dhcpStatements: ping-check true
> dhcpStatements: ddns-domainname "bpk2.com"
> dhcpStatements: ignore bootp
> dhcpOption: domain-name "bpk2.com"
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 192.168.2.255
> dhcpOption: routers 192.168.2.254
> dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
> dhcpOption: ntp-servers ntp.bpk2.com
> dhcpOption: netbios-name-servers server.bpk2.com
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
>
> # pool1, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool1,cn=192.168.2.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.2.50 192.168.2.99
> dhcpStatements: allow members of "proxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool2, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool2,cn=192.168.2.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool2
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.2.100 192.168.2.149
> dhcpStatements: allow members of "unproxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool3, 192.168.2.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool3,cn=192.168.2.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool3
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.2.150 192.168.2.199
> dhcpStatements: allow unknown-clients
> dhcpStatements: failover peer "dhcp-failover"
>
> # 192.168.3.0, DHCP Config, Daemons, bpk2.com
> dn: cn=192.168.3.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: 192.168.3.0
> dhcpNetMask: 24
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpOption: domain-name "bpk2.com"
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 192.168.3.255
> dhcpOption: routers 192.168.3.254
> dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
> dhcpOption: ntp-servers ntp.bpk2.com
> dhcpOption: netbios-name-servers server.bpk2.com
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> dhcpStatements: allow client-updates
> dhcpStatements: default-lease-time 7200
> dhcpStatements: max-lease-time 86400
> dhcpStatements: ping-check true
> dhcpStatements: ddns-domainname "bpk2.com"
> dhcpStatements: ignore bootp
>
> # pool1, 192.168.3.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool1,cn=192.168.3.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.3.100 192.168.3.199
> dhcpStatements: allow unknown-clients
> dhcpStatements: failover peer "dhcp-failover"
>
> # 192.168.50.0, DHCP Config, Daemons, bpk2.com
> dn: cn=192.168.50.0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: 192.168.50.0
> dhcpNetMask: 24
> objectClass: top
> objectClass: dhcpSubnet
> objectClass: dhcpOptions
> dhcpOption: domain-name "bpk2.com"
> dhcpOption: subnet-mask 255.255.255.0
> dhcpOption: broadcast-address 192.168.50.255
> dhcpOption: routers 192.168.50.254
> dhcpOption: domain-name-servers ns01.bpk2.com,ns02.bpk2.com
> dhcpOption: ntp-servers ntp.bpk2.com
> dhcpOption: netbios-name-servers server.bpk2.com
> dhcpOption: wpad-url "http://wpad.bpk2.com/wpad.dat
> dhcpStatements: allow client-updates
> dhcpStatements: default-lease-time 7200
> dhcpStatements: max-lease-time 86400
> dhcpStatements: ping-check true
> dhcpStatements: ddns-domainname "bpk2.com"
> dhcpStatements: ignore bootp
>
> # pool1, 192.168.50.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool1,cn=192.168.50.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool1
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.50.50 192.168.50.99
> dhcpStatements: allow members of "proxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool2, 192.168.50.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool2,cn=192.168.50.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool2
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.50.100 192.168.50.149
> dhcpStatements: allow members of "unproxied-clients"
> dhcpStatements: failover peer "dhcp-failover"
>
> # pool3, 192.168.50.0, DHCP Config, Daemons, bpk2.com
> dn: cn=pool3,cn=192.168.50.0,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: pool3
> objectClass: top
> objectClass: dhcpPool
> dhcpRange: 192.168.50.150 192.168.50.199
> dhcpStatements: allow unknown-clients
> dhcpStatements: failover peer "dhcp-failover"
>
> # dev, DHCP Config, Daemons, bpk2.com
> dn: cn=dev,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dev
> dhcpOption: dhcp-client-identifier 1:e4:11:5b:13:80:b8
> objectClass: top
> objectClass: dhcpHost
> objectClass: dhcpOptions
> dhcpHWAddress: ethernet e4:11:5b:13:80:b8
> dhcpStatements: ddns-hostname "dev"
>
> # printer-eth0, DHCP Config, Daemons, bpk2.com
> dn: cn=printer-eth0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: printer-eth0
> objectClass: top
> objectClass: dhcpHost
> dhcpHWAddress: ethernet 00:15:60:49:7b:44
> dhcpStatements: fixed-address 192.168.1.3
> dhcpStatements: ddns-hostname "printer"
>
> # printer-wlan0, DHCP Config, Daemons, bpk2.com
> dn: cn=printer-wlan0,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: printer-wlan0
> objectClass: top
> objectClass: dhcpHost
> dhcpHWAddress: ethernet 00:15:60:e8:ae:83
> dhcpStatements: fixed-address 192.168.1.3
> dhcpStatements: ddns-hostname "printer"
>
> # proxied-clients, DHCP Config, Daemons, bpk2.com
> dn: cn=proxied-clients,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: proxied-clients
> objectClass: top
> objectClass: dhcpClass
> dhcpStatements: match pick-first-value (option
> dhcp-client-identifier,
> hardwar
> e)
>
> # unproxied-clients, DHCP Config, Daemons, bpk2.com
> dn: cn=unproxied-clients,cn=DHCP
> Config,ou=Daemons,dc=bpk2,dc=com
> cn: unproxied-clients
> objectClass: top
> objectClass: dhcpClass
> dhcpStatements: match pick-first-value (option
> dhcp-client-identifier,
> hardwar
> e)
>
> # dhcp-failover, DHCP Config, Daemons, bpk2.com
> dn: cn=dhcp-failover,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dhcp-failover
> dhcpFailOverLoadBalanceTime: 3
> dhcpFailOverPrimaryPort: 647
> dhcpFailOverPrimaryServer: dhcp01
> dhcpFailOverResponseDelay: 60
> dhcpFailOverSecondaryPort: 647
> dhcpFailOverSecondaryServer: dhcp02
> dhcpFailOverSplit: 128
> dhcpFailOverUnackedUpdates: 10
> dhcpMaxClientLeadTime: 3600
> objectClass: dhcpFailOverPeer
> objectClass: top
>
> # dhcp01, DHCP Config, Daemons, bpk2.com
> dn: cn=dhcp01,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dhcp01
> dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> objectClass: top
> objectClass: dhcpServer
>
> # dhcp02, DHCP Config, Daemons, bpk2.com
> dn: cn=dhcp02,cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> cn: dhcp02
> dhcpServiceDN: cn=DHCP Config,ou=Daemons,dc=bpk2,dc=com
> objectClass: top
> objectClass: dhcpServer
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 24
> # numEntries: 23
>
> On Tue, 2013-06-04 at 09:25 -0500, Jason Brandt wrote:
> > Please do a dump of your config from LDAP directly. It
> looks like you
> > have a configuration error. The LDAP module is very
> particular about
> > how things are grouped and formatted. JXplorer works very
> well for
> > this: http://jxplorer.org/
> >
> >
> > On Tue, Jun 4, 2013 at 8:52 AM, Brendan Kearney
> <bpk678 at gmail.com>
> > wrote:
> > hi all,
> >
> > i am using DHCP 4.2.4-P2 on fedora 16 currently and
> want to
> > move my
> > config into LDAP. i am running a load-sharing
> instance
> > between two
> > servers, supporting 2 or 3 scopes per subnet, with
> about 3
> > subnets. in
> > the dhcpd.conf (file based) format, the configs are
> working.
> > when i
> > start putting the config directives into LDAP, i see
> that
> > lines run into
> > each other and weird issues crop up because of badly
> formatted
> > configs
> > being read into the dhcp instance.
> >
> > dhcpd.conf.ldap:
> > ldap-server "ldap.bpk2.com";
> > ldap-port 389;
> > ldap-username "user";
> > ldap-password "password";
> > ldap-base-dn "dc=bpk2,dc=com";
> > # ldap-base-dn
> "ou=Computers,cn=Servers,dc=bpk2,dc=com";
> > ldap-method dynamic;
> > ldap-debug-file "/var/log/dhcp-ldap-startup.log";
> >
> > dhcpd -4 -d -cf ./dhcpd.conf.ldap:
> > Internet Systems Consortium DHCP Server 4.2.4-P2
> > Copyright 2004-2012 Internet Systems Consortium.
> > All rights reserved.
> > For info, please visit
> https://www.isc.org/software/dhcp/
> > LDAP line 29: semicolon expected.
> > allow members of "proxied-clients"
> > ^
> > bad range, address 192.168.2.50 not in subnet
> 192.168.1.0
> > netmask
> > 255.255.255.0
> >
> > This version of ISC DHCP is based on the release
> available
> > on ftp.isc.org. Features have been added and other
> changes
> > have been made to the base software release in order
> to make
> > it work better with this distribution.
> >
> > Please report for this software via the Red Hat
> Bugzilla site:
> > http://bugzilla.redhat.com
> >
> > exiting.
> >
> > cat -n /var/log/dhcp-ldap-startup.log:
> > 1 ddns-update-style interim;
> > 2 ddns-updates on;
> > 3 update-static-leases on;
> > 4 authoritative;
> > 5 log-facility local1;
> > 6 key dhcp { algorithm hmac-md5; secret
> <<<removed>>>; }
> > 7 zone 1.168.192.in-addr.arpa { primary
> 192.168.50.1;
> > key dhcp; }
> > 8 zone 2.168.192.in-addr.arpa { primary
> 192.168.50.1;
> > key dhcp; }
> > 9 zone 3.168.192.in-addr.arpa { primary
> 192.168.50.1;
> > key dhcp; }
> > 10 zone 50.168.192.in-addr.arpa { primary
> 192.168.50.1;
> > key dhcp; }
> > 11 zone bpk2.com { primary 192.168.50.1; key
> dhcp; }
> > 12 option T150 code 150 = string;
> > 13 option wpad-url code 252 = text;subnet
> 192.168.1.0
> > netmask
> > 255.255.255.0 {
> > 14 allow client-updates;
> > 15 default-lease-time 7200;
> > 16 max-lease-time 86400;
> > 17 ping-check true;
> > 18 ddns-domainname "bpk2.com";
> > 19 ignore bootp;
> > 20 option domain-name "bpk2.com";
> > 21 option subnet-mask 255.255.255.0;
> > 22 option broadcast-address 192.168.1.255;
> > 23 option routers 192.168.1.254;
> > 24 option domain-name-servers
> > ns01.bpk2.com,ns02.bpk2.com;
> > 25 option ntp-servers ntp.bpk2.com;
> > 26 option netbios-name-servers server.bpk2.com;
> > 27 option wpad-url
> "http://wpad.bpk2.com/wpad.dat;pool {
> > 28 range 192.168.1.50 192.168.1.99;
> > 29 allow members of "proxied-clients";
> > 30 failover peer "dhcp-failover";
> > 31 }pool {
> > 32 range 192.168.1.100 192.168.1.149;
> > 33 allow members of "unproxied-clients";
> > 34 failover peer "dhcp-failover";
> > 35 }pool {
> > 36 range 192.168.1.150 192.168.1.199;
> > 37 allow unknown-clients;
> > 38 failover peer "dhcp-failover";
> > 39 }
> > 40 }subnet 192.168.2.0 netmask 255.255.255.0 {
> > 41 allow client-updates;
> > 42 default-lease-time 7200;
> > 43 max-lease-time 86400;
> > 44 ping-check true;
> > 45 ddns-domainname "bpk2.com";
> > 46 ignore bootp;
> > 47 option domain-name "bpk2.com";
> > 48 option subnet-mask 255.255.255.0;
> > 49 option broadcast-address 192.168.2.255;
> > 50 option routers 192.168.2.254;
> > 51 option domain-name-servers
> > ns01.bpk2.com,ns02.bpk2.com;
> > 52 option ntp-servers ntp.bpk2.com;
> > 53 option netbios-name-servers server.bpk2.com;
> > 54 option wpad-url
> "http://wpad.bpk2.com/wpad.dat;pool {
> > 55 range 192.168.2.50 192.168.2.99;
> > 56 allow members of "proxied-clients";
> > 57 failover peer "dhcp-failover";
> > 58 }[root at vpn dhcp]#
> >
> > if you see on line 27, the pool declaration which
> should be on
> > a
> > separate line is not on its own line and is causing
> issues
> > further down
> > in the config, it seems. lines 31, 35, 40, and 54
> also seem
> > to have
> > this formatting issue. directives that should be on
> separate
> > lines and
> > are not seem to be causing issues further down in
> the config.
> > not only
> > is there something off with the expected semicolon,
> but the
> > 192.168.2.50
> > range is being seen as attempted to be loaded into
> the
> > 192.168.1.0/24
> > network. if the configs were read properly out of
> LDAP, this
> > would not
> > be happening. Is the issue with the way i have
> things setup
> > in LDAP,
> > such as ordering or something? an ldif export is
> attached for
> > review.
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> >
> >
> >
> > --
> > Jason K. Brandt
> > Systems Administrator
> > Bradley University
> > (309) 677-2958
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
>
>
> --
> Jason K. Brandt
> Systems Administrator
> Bradley University
> (309) 677-2958
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list