LDAP structure to share config for more than one site

Brendan Kearney bpk678 at gmail.com
Tue Dec 2 14:14:19 UTC 2014 

On Mon, 2014-12-01 at 11:57 -0200, Márcio Merlone wrote:
> On 29-11-2014 19:34, Brendan Kearney wrote:
> > i think i get what you are trying to do.  by housing your config in
> > ldap, you would be able to centrally manage the dhcpClass, dhcpSubClass,
> > dhcpHost and dhcpSubnet objects (maybe others) and attempt to share them
> > amongst the dhcp servers.
> As a big picture: yes, but there's the detail that each dhcp server
> will read its own network related parameters and options. Only shared
> objects should be hosts, classes and subclasses.
> 
> > i dont have any experience going that far into an ldap backend, but i do
> > have a tested-but-not-implemented-yet instance of load sharing dhcp.  i
> > have two dhcp servers configured in the directory, as dhcpServer
> > objects.  both objects have a dhcpServiceDN pointing to the dhcpService
> > object.  my dhcpService object is a parent object to all of my
> > dhcpClass, dhcpSubClass, dhcpHost and dhcpSubnet objects.  because of
> > this, both of my dhcpd instances can leverage the same objects.  i
> > believe this configuration might work against you, as at least the
> > dhcpSubnet objects would have to be different for the different
> > instances.
> Looks exactly what I am looking for. Would you provide a (sanitized)
> ldif for reference, please?
> 
> > with a little testing, you might be able to configure the directory to
> > have the class, subclass, host and subnet objects not be subordinates to
> > the service object, but i am not sure how that would work out.
> That would work in a way I don't want. :)
> What I want in short:
> 
> - Shared among all servers: known-hosts, classes and subclasses
> - Specific for each server: shared networks, subnets, pools and
> ranges.
> 
> That simple and logic, my difficulty is how to structure the objects
> on the tree. I will test the way you described above and give results
> back.
> 
> Thanks for your input, best regards.
> 
> -- 
> Marcio Merlone
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

i make no guarantees that the ldif will work for you.  see attached.

i have /etc/dhcp/dhcpd.conf.ldap:

ldap-server "localhost";
ldap-port 389;
ldap-username "cn=dhcpuser,dc=domain,dc=tld";
ldap-password "SuperSecretPassword";
ldap-base-dn "cn=DHCP Servers,ou=Daemons,dc=domain,dc=tld";
ldap-method static;
# have to use static method so Class/SubClass or other
# info is printed out to the debug file
# ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";

i then test with:

dhcpd -d -4 -cf /etc/dhcp/dhcpd.conf.ldap
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhcpObjects.ldif
Type: text/x-ldif
Size: 5196 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20141202/de8217e3/attachment.bin>

More information about the dhcp-users mailing list