diff --git a/README.ldap b/README.ldap new file mode 100644 index 0000000..2a5ce9b --- /dev/null +++ b/README.ldap @@ -0,0 +1,157 @@ +LDAP Support in DHCP +Brian Masney +Last updated 8/16/2002 + +This document describes setting up the DHCP server to read it's configuration +from LDAP. This work is based on the IETF document +draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest +version of this document, please see http://home.ntelos.net/~masneyb. + +First question on most people's mind is "Why do I want to store my +configuration in LDAP?" If you run a small DHCP server, and the configuration +on it rarely changes, then you won't need to store your configuration in LDAP. +But, if you have several DHCP servers, and you want an easy way to manage your +configuration, this can be a solution. + +The first step will be to setup your LDAP server. I am using OpenLDAP from +www.openldap.org. Building and installing OpenLDAP is beyond the scope of this +document. There is plenty of documentation out there about this. Once you have +OpenLDAP installed, you will have to edit your slapd.conf file. I added the +following 2 lines to my configuration file: + +include /etc/ldap/schema/dhcp.schema +index dhcpHWAddress eq +index dhcpClassData eq + +The first line tells it to include the dhcp schema file. You will find this +file under the contrib directory in this distribution. You will need to copy +this file to where your other schema files are (maybe +/usr/local/openldap/etc/openldap/schema/). The second line sets up +an index for the dhcpHWAddress parameter. The third parameter is for reading +subclasses from LDAP every time a DHCP request comes in. Make sure you run the +slapindex command and restart slapd to have these changes to into effect. + +Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/) +to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click +on the Schema tab. Go under objectClasses, and you should see at least the +following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions, +dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and +dhcpSubnet. If you do not see these, you need to check over your LDAP +configuration before you go any further. + +You should be ready to build DHCP. Edit the includes/site.h file and uncomment +the #define LDAP_CONFIGURATION. Now run configure in the base source directory. +Edit the work.os/server/Makefile and add -lldap to the LIBS= line. (replace os +with your operating system, linux-2.2 on my machine). You should be able to +type make to build your DHCP server. + +Once you have DHCP installed, you will need to setup your initial plaintext +config file. In my /etc/dhcpd.conf file, I have: + +ldap-server "localhost"; +ldap-port 389; +ldap-username "cn=DHCP User, dc=ntelos, dc=net"; +ldap-password "blah"; +ldap-base-dn "dc=ntelos, dc=net"; +ldap-method dynamic; + +All of these parameters should be self explanatory except for the ldap-method. +You can set this to static or dynamic. If you set it to static, the +configuration is read once on startup, and LDAP isn't used anymore. But, if you +set this to dynamic, the configuration is read once on startup, and the +hosts that are stored in LDAP are looked up every time a DHCP request comes in. + +The next step is to set up your LDAP tree. Here is an example config that will +give a 10.100.0.x address to machines that have a host entry in LDAP. +Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace +dc=ntelos, dc=net with your base dn). If you would like to convert your +existing dhcpd.conf file to LDIF format, there is a script +contrib/dhcpd-conf-to-ldap.pl that will convert it for you. + +# You must specify the server's host name in LDAP that you are going to run +# DHCP on and point it to which config tree you want to use. Whenever DHCP +# first starts up, it will do a search for this entry to find out which +# config to use +dn: cn=brian.ntelos.net, dc=ntelos, dc=net +objectClass: top +objectClass: dhcpServer +cn: brian.ntelos.net +dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net + +# Here is the config tree that brian.ntelos.net points to. +dn: cn=DHCP Service Config, dc=ntelos, dc=net +cn: DHCP Service Config +objectClass: top +objectClass: dhcpService +dhcpPrimaryDN: dc=ntelos, dc=net +dhcpStatements: ddns-update-style ad-hoc +dhcpStatements: default-lease-time 600 +dhcpStatements: max-lease-time 7200 + +# Set up a shared network segment +dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net +cn: WV +objectClass: top +objectClass: dhcpSharedNetwork + +# Set up a subnet declaration with a pool statement. Also note that we have +# a dhcpOptions object with this entry +dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net +cn: 10.100.0.0 +objectClass: top +objectClass: dhcpSubnet +objectClass: dhcpOptions +dhcpOption: domain-name-servers 10.100.0.2 +dhcpOption: routers 10.100.0.1 +dhcpOption: subnet-mask 255.255.255.0 +dhcpOption: broadcast-address 10.100.0.255 +dhcpNetMask: 24 + +# Set up a pool for this subnet. Only known hosts will get these IPs +dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net +cn: Known Pool +objectClass: top +objectClass: dhcpPool +dhcpRange: 10.100.0.3 10.100.0.254 +dhcpPermitList: deny unknown-clients + +# Set up another subnet declaration with a pool statement +dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net +cn: 10.200.0.0 +objectClass: top +objectClass: dhcpSubnet +objectClass: dhcpOptions +dhcpOption: domain-name-servers 10.200.0.2 +dhcpOption: routers 10.200.0.1 +dhcpOption: subnet-mask 255.255.255.0 +dhcpOption: broadcast-address 10.200.0.255 +dhcpNetMask: 24 + +# Set up a pool for this subnet. Only unknown hosts will get these IPs +dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net +cn: Known Pool +objectClass: top +objectClass: dhcpPool +dhcpRange: 10.200.0.3 10.200.0.254 +dhcpPermitList: deny known clients + +# Set aside a group for all of our known MAC addresses +dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net +objectClass: top +objectClass: dhcpGroup +cn: Customers + +# Host entry for my laptop +dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net +objectClass: top +objectClass: dhcpHost +cn: brianlaptop +dhcpHWAddress: ethernet 00:00:00:00:00:00 + +You can use the command slapadd to load all of these entries into your LDAP +server. After you load this, you should be able to start up DHCP. If you run +into problems reading the configuration, try running dhcpd with the -d flag. +If you still have problems, edit the site.conf file in the DHCP source and +add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make +clean and rerun configure before you rebuild). + diff --git a/dhcp-3.0.5-Makefile.patch b/dhcp-3.0.5-Makefile.patch index 82c0226..04a5454 100644 --- a/dhcp-3.0.5-Makefile.patch +++ b/dhcp-3.0.5-Makefile.patch @@ -1,103 +1,3 @@ ---- dhcp-3.0.5/client/Makefile.dist.Makefile 2004-06-10 13:59:11.000000000 -0400 -+++ dhcp-3.0.5/client/Makefile.dist 2006-11-10 11:10:13.000000000 -0500 -@@ -128,6 +128,6 @@ - - - dhclient: $(OBJS) $(DHCPLIB) -- $(CC) $(LFLAGS) -o $(PROG) $(OBJS) $(DHCPLIB) $(LIBS) -+ $(CC) $(LFLAGS) -pie $(RPM_OPT_FLAGS) -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen -o $(PROG) $(OBJS) $(DHCPLIB) $(LIBS) - - # Dependencies (semi-automatically-generated) ---- dhcp-3.0.5/dhcpctl/Makefile.dist.Makefile 2005-03-03 11:55:23.000000000 -0500 -+++ dhcp-3.0.5/dhcpctl/Makefile.dist 2006-11-10 11:11:16.000000000 -0500 -@@ -37,10 +37,10 @@ - all: libdhcpctl.a omshell cltest $(CATMANPAGES) - - omshell: omshell.o $(DHCPCTLLIBS) -- $(CC) $(DEBUG) $(LFLAGS) -o omshell omshell.o $(DHCPCTLLIBS) $(LIBS) -+ $(CC) $(DEBUG) $(LFLAGS) -pie $(RPM_OPT_FLAGS) -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen -o omshell omshell.o $(DHCPCTLLIBS) $(LIBS) - - cltest: cltest.o $(DHCPCTLLIBS) -- $(CC) $(DEBUG) $(LFLAGS) -o cltest cltest.o $(DHCPCTLLIBS) $(LIBS) -+ $(CC) $(DEBUG) $(LFLAGS) -pie $(RPM_OPT_FLAGS) -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen -o cltest cltest.o $(DHCPCTLLIBS) $(LIBS) - - libdhcpctl.a: $(OBJ) - rm -f libdhcpctl.a ---- dhcp-3.0.5/dst/Makefile.dist.Makefile 2004-06-10 13:59:28.000000000 -0400 -+++ dhcp-3.0.5/dst/Makefile.dist 2006-11-10 11:11:42.000000000 -0500 -@@ -30,7 +30,12 @@ - - all: libdst.a - --install: -+install: all -+ if [ ! -d $(DESTDIR)$(LIBDIR) ]; then \ -+ mkdir $(DESTDIR)$(LIBDIR); chmod 755 $(DESTDIR)$(LIBDIR); \ -+ fi -+ $(INSTALL) libdst.a $(DESTDIR)$(LIBDIR) -+ $(CHMOD) 644 $(DESTDIR)$(LIBDIR)/libdst.a - - libdst.a: $(OBJ) - rm -f dst.a ---- dhcp-3.0.5/minires/Makefile.dist.Makefile 2004-06-10 13:59:40.000000000 -0400 -+++ dhcp-3.0.5/minires/Makefile.dist 2006-11-10 11:14:00.000000000 -0500 -@@ -21,9 +21,6 @@ - # - # http://www.isc.org/ - --CATMANPAGES = dhcpctl.cat3 --SEDMANPAGES = dhcpctl.man3 --MAN = dhcpctl.3 - SRC = res_mkupdate.c res_init.c res_update.c res_send.c res_comp.c \ - res_sendsigned.c res_findzonecut.c res_query.c res_mkquery.c \ - ns_date.c ns_parse.c ns_sign.c ns_name.c ns_samedomain.c ns_verify.c -@@ -50,24 +47,17 @@ - -rm -f $(OBJ) libres.a - - realclean: clean -- -rm -f *~ $(CATMANPAGES) $(SEDMANPAGES) -+ -rm -f *~ - - distclean: realclean - -rm -f Makefile - - links: -- @for foo in $(SRC) $(MAN) $(HDRS); do \ -+ @for foo in $(SRC) $(HDRS); do \ - if [ ! -b $$foo ]; then \ - rm -f $$foo; \ - fi; \ - ln -s $(TOP)/minires/$$foo $$foo; \ - done - --dhcpctl.cat3: dhcpctl.man3 -- nroff -man dhcpctl.man3 >dhcpctl.cat3 -- --dhcpctl.man3: dhcpctl.3 -- sed -e "s#ETCDIR#$(ETC)#g" -e "s#DBDIR#$(VARDB)#g" \ -- -e "s#RUNDIR#$(VARRUN)#g" < dhcpctl.3 >dhcpctl.man3 -- - # Dependencies (semi-automatically-generated) ---- dhcp-3.0.5/relay/Makefile.dist.Makefile 2004-06-10 13:59:50.000000000 -0400 -+++ dhcp-3.0.5/relay/Makefile.dist 2006-11-10 11:13:30.000000000 -0500 -@@ -83,6 +83,6 @@ - -e "s#RUNDIR#$(VARRUN)#" < dhcrelay.8 >dhcrelay.man8 - - dhcrelay: dhcrelay.o $(DHCPLIB) -- $(CC) $(LFLAGS) -o $(PROG) dhcrelay.o $(DHCPLIB) $(LIBS) -+ $(CC) $(LFLAGS) -pie $(RPM_OPT_FLAGS) -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack -o $(PROG) dhcrelay.o $(DHCPLIB) $(LIBS) - - # Dependencies (semi-automatically-generated) ---- dhcp-3.0.5/server/Makefile.dist.Makefile 2004-06-10 13:59:50.000000000 -0400 -+++ dhcp-3.0.5/server/Makefile.dist 2006-11-10 11:14:27.000000000 -0500 -@@ -103,6 +103,6 @@ - -e "s#RUNDIR#$(VARRUN)#g" < dhcpd.leases.5 >dhcpd.leases.man5 - - dhcpd: $(OBJS) $(COBJ) $(DHCPLIB) -- $(CC) $(LFLAGS) -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) -+ $(CC) $(LFLAGS) -pie $(RPM_OPT_FLAGS) -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) - - # Dependencies (semi-automatically-generated) --- dhcp-3.0.5/Makefile.Makefile 2004-06-10 13:59:10.000000000 -0400 +++ dhcp-3.0.5/Makefile 2006-11-10 11:09:32.000000000 -0500 @@ -33,7 +33,7 @@ diff --git a/dhcp-3.0.5-extended-new-option-info.patch b/dhcp-3.0.5-extended-new-option-info.patch index ae43df1..50d20f8 100644 --- a/dhcp-3.0.5-extended-new-option-info.patch +++ b/dhcp-3.0.5-extended-new-option-info.patch @@ -1,231 +1,5 @@ ---- dhcp-3.0.5/client/scripts/linux.dbus-example.enoi 2006-11-13 12:59:34.000000000 -0500 -+++ dhcp-3.0.5/client/scripts/linux.dbus-example 2006-11-13 12:59:26.000000000 -0500 -@@ -0,0 +1,223 @@ -+#!/bin/bash -+# dhclient-script for Linux. Dan Halbert, March, 1997. -+# Updated for Linux 2.[12] by Brian J. Murrell, January 1999. -+# No guarantees about this. I'm a novice at the details of Linux -+# networking. -+ -+# Notes: -+ -+# 0. This script is based on the netbsd script supplied with dhcp-970306. -+ -+# 1. ifconfig down apparently deletes all relevant routes and flushes -+# the arp cache, so this doesn't need to be done explicitly. -+ -+# 2. The alias address handling here has not been tested AT ALL. -+# I'm just going by the doc of modern Linux ip aliasing, which uses -+# notations like eth0:0, eth0:1, for each alias. -+ -+# 3. I have to calculate the network address, and calculate the broadcast -+# address if it is not supplied. This might be much more easily done -+# by the dhclient C code, and passed on. -+ -+# 4. TIMEOUT not tested. ping has a flag I don't know, and I'm suspicious -+# of the $1 in its args. -+ -+if [ -n "${dhc_dbus}" ]; then -+ /bin/dbus-send \ -+ --system --dest=com.redhat.dhcp --type=method_call \ -+ /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | /bin/egrep -v '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"; -+ if (( ( dhc_dbus & 31 ) == 31 )); then -+ exit 0; -+ fi; -+fi; -+ -+make_resolv_conf() { -+ if [ "x$new_domain_name" != x ] && [ x"$new_domain_name_servers" != x ]; then -+ echo search $new_domain_name >/etc/resolv.conf -+ chmod 644 /etc/resolv.conf -+ for nameserver in $new_domain_name_servers; do -+ echo nameserver $nameserver >>/etc/resolv.conf -+ done -+ fi -+} -+ -+# Must be used on exit. Invokes the local dhcp client exit hooks, if any. -+exit_with_hooks() { -+ exit_status=$1 -+ if [ -f /etc/dhclient-exit-hooks ]; then -+ . /etc/dhclient-exit-hooks -+ fi -+# probably should do something with exit status of the local script -+ exit $exit_status -+} -+ -+# Invoke the local dhcp client enter hooks, if they exist. -+if [ -f /etc/dhclient-enter-hooks ]; then -+ exit_status=0 -+ . /etc/dhclient-enter-hooks -+ # allow the local script to abort processing of this state -+ # local script must set exit_status variable to nonzero. -+ if [ $exit_status -ne 0 ]; then -+ exit $exit_status -+ fi -+fi -+ -+release=`uname -r` -+release=`expr $release : '\(.*\)\..*'` -+relminor=`echo $release |sed -e 's/[0-9]*\.\([0-9][0-9]*\)\(\..*\)*$/\1/'` -+relmajor=`echo $release |sed -e 's/\([0-9][0-9]*\)\..*$/\1/'` -+ -+if [ x$new_broadcast_address != x ]; then -+ new_broadcast_arg="broadcast $new_broadcast_address" -+fi -+if [ x$old_broadcast_address != x ]; then -+ old_broadcast_arg="broadcast $old_broadcast_address" -+fi -+if [ x$new_subnet_mask != x ]; then -+ new_subnet_arg="netmask $new_subnet_mask" -+fi -+if [ x$old_subnet_mask != x ]; then -+ old_subnet_arg="netmask $old_subnet_mask" -+fi -+if [ x$alias_subnet_mask != x ]; then -+ alias_subnet_arg="netmask $alias_subnet_mask" -+fi -+ -+if [ x$reason = xMEDIUM ]; then -+ # Linux doesn't do mediums (ok, ok, media). -+ exit_with_hooks 0 -+fi -+ -+if [ x$reason = xPREINIT ]; then -+ if [ x$alias_ip_address != x ]; then -+ # Bring down alias interface. Its routes will disappear too. -+ ifconfig $interface:0- inet 0 -+ fi -+ if [ $relmajor -lt 2 ] || ( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ) -+ then -+ ifconfig $interface inet 0.0.0.0 netmask 0.0.0.0 \ -+ broadcast 255.255.255.255 up -+ # Add route to make broadcast work. Do not omit netmask. -+ route add default dev $interface netmask 0.0.0.0 -+ else -+ ifconfig $interface 0 up -+ fi -+ -+ # We need to give the kernel some time to get the interface up. -+ sleep 1 -+ -+ exit_with_hooks 0 -+fi -+ -+if [ x$reason = xARPCHECK ] || [ x$reason = xARPSEND ]; then -+ exit_with_hooks 0 -+fi -+ -+if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \ -+ [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then -+ current_hostname=`hostname` -+ if [ x$current_hostname = x ] || \ -+ [ x$current_hostname = x$old_host_name ]; then -+ if [ x$current_hostname = x ] || \ -+ [ x$new_host_name != x$old_host_name ]; then -+ hostname $new_host_name -+ fi -+ fi -+ -+ if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then -+ if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \ -+ [ x$alias_ip_address != x$old_ip_address ]; then -+ # Possible new alias. Remove old alias. -+ ifconfig $interface:0- inet 0 -+ fi -+ if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then -+ # IP address changed. Bringing down the interface will delete all routes, -+ # and clear the ARP cache. -+ ifconfig $interface inet 0 down -+ -+ fi -+ fi -+ if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \ -+ [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then -+ if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then -+ ifconfig $interface inet $new_ip_address $new_subnet_arg \ -+ $new_broadcast_arg -+ fi -+ if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 4 ) != 4 )); then -+ # Add a network route to the computed network address. -+ if [ $relmajor -lt 2 ] || \ -+ ( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ); then -+ route add -net $new_network_number $new_subnet_arg dev $interface -+ fi -+ for router in $new_routers; do -+ route add default gw $router -+ done -+ fi -+ fi -+ if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then -+ if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ]; -+ then -+ ifconfig $interface:0- inet 0 -+ ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg -+ route add -host $alias_ip_address $interface:0 -+ fi -+ fi -+ if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 1 ) != 1 )); then -+ make_resolv_conf -+ fi -+ exit_with_hooks 0 -+fi -+ -+if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then -+if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \ -+ || [ x$reason = xSTOP ]; then -+ if [ x$alias_ip_address != x ]; then -+ # Turn off alias interface. -+ ifconfig $interface:0- inet 0 -+ fi -+ if [ x$old_ip_address != x ]; then -+ # Shut down interface, which will delete routes and clear arp cache. -+ ifconfig $interface inet 0 down -+ fi -+ if [ x$alias_ip_address != x ]; then -+ ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg -+ route add -host $alias_ip_address $interface:0 -+ fi -+ exit_with_hooks 0 -+fi -+fi -+ -+if [ x$reason = xTIMEOUT ]; then -+ if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then -+ if [ x$alias_ip_address != x ]; then -+ ifconfig $interface:0- inet 0 -+ fi -+ ifconfig $interface inet $new_ip_address $new_subnet_arg \ -+ $new_broadcast_arg -+ fi -+ set $new_routers -+ ############## what is -w in ping? -+ if ping -q -c 1 $1; then -+ if [ x$new_ip_address != x$alias_ip_address ] && \ -+ [ x$alias_ip_address != x ]; then -+ ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg -+ route add -host $alias_ip_address dev $interface:0 -+ fi -+ if [ $relmajor -lt 2 ] || \ -+ ( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ); then -+ route add -net $new_network_number -+ fi -+ for router in $new_routers; do -+ route add default gw $router -+ done -+ make_resolv_conf -+ exit_with_hooks 0 -+ fi -+ if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then -+ ifconfig $interface inet 0 down -+ fi -+ exit_with_hooks 1 -+fi -+ -+exit_with_hooks 0 --- dhcp-3.0.5/client/dhclient.c.enoi 2006-08-22 11:13:57.000000000 -0400 -+++ dhcp-3.0.5/client/dhclient.c 2006-11-13 12:44:11.000000000 -0500 ++++ dhcp-3.0.5/client/dhclient.c 2007-03-04 15:19:43.000000000 -0500 @@ -74,6 +74,9 @@ int onetry=0; int quiet=0; @@ -336,7 +110,7 @@ ++i; } while (i != 2); --- dhcp-3.0.5/client/dhclient.8.enoi 2005-09-14 12:03:33.000000000 -0400 -+++ dhcp-3.0.5/client/dhclient.8 2006-11-13 12:42:28.000000000 -0500 ++++ dhcp-3.0.5/client/dhclient.8 2007-03-04 15:19:43.000000000 -0500 @@ -82,6 +82,9 @@ .B -w ] @@ -360,7 +134,7 @@ The syntax of the dhclient.conf(5) file is discussed separately. .SH OMAPI --- dhcp-3.0.5/common/parse.c.enoi 2006-02-22 17:43:27.000000000 -0500 -+++ dhcp-3.0.5/common/parse.c 2006-11-13 12:42:28.000000000 -0500 ++++ dhcp-3.0.5/common/parse.c 2007-03-04 15:19:43.000000000 -0500 @@ -1271,6 +1271,10 @@ option_hash_add (option -> universe -> hash, (const char *)option -> name, @@ -373,7 +147,7 @@ } --- dhcp-3.0.5/common/tables.c.enoi 2006-02-22 17:43:27.000000000 -0500 -+++ dhcp-3.0.5/common/tables.c 2006-11-13 12:42:28.000000000 -0500 ++++ dhcp-3.0.5/common/tables.c 2007-03-04 15:19:43.000000000 -0500 @@ -1250,3 +1250,35 @@ fqdn_universe.name, 0, &fqdn_universe, MDL); @@ -411,7 +185,7 @@ +} +#endif --- dhcp-3.0.5/includes/dhcpd.h.enoi 2006-05-17 16:16:59.000000000 -0400 -+++ dhcp-3.0.5/includes/dhcpd.h 2006-11-13 12:42:28.000000000 -0500 ++++ dhcp-3.0.5/includes/dhcpd.h 2007-03-04 15:19:43.000000000 -0500 @@ -1811,6 +1811,13 @@ void initialize_common_option_spaces PROTO ((void)); struct universe *config_universe; diff --git a/dhcp-3.0.5-ldap-configuration.patch b/dhcp-3.0.5-ldap-configuration.patch index b2ce1e5..f2498a3 100644 --- a/dhcp-3.0.5-ldap-configuration.patch +++ b/dhcp-3.0.5-ldap-configuration.patch @@ -1,5 +1,5 @@ ---- dhcp-3.0.5/common/conflex.c.ldapconf 2007-01-31 20:39:38.000000000 -0500 -+++ dhcp-3.0.5/common/conflex.c 2007-01-31 20:39:38.000000000 -0500 +--- dhcp-3.0.5/common/conflex.c.ldapconf 2007-03-04 15:32:24.000000000 -0500 ++++ dhcp-3.0.5/common/conflex.c 2007-03-04 15:32:24.000000000 -0500 @@ -47,6 +47,7 @@ static enum dhcp_token read_number PROTO ((int, struct parse *)); static enum dhcp_token read_num_or_name PROTO ((int, struct parse *)); @@ -72,8 +72,8 @@ + return c; +} + ---- dhcp-3.0.5/common/print.c.ldapconf 2007-01-31 20:39:38.000000000 -0500 -+++ dhcp-3.0.5/common/print.c 2007-01-31 20:39:38.000000000 -0500 +--- dhcp-3.0.5/common/print.c.ldapconf 2007-03-04 15:32:24.000000000 -0500 ++++ dhcp-3.0.5/common/print.c 2007-03-04 15:32:24.000000000 -0500 @@ -166,9 +166,9 @@ } @@ -87,1620 +87,8 @@ { static char habuf [49]; char *s; ---- /dev/null 2007-01-31 10:24:38.956568237 -0500 -+++ dhcp-3.0.5/contrib/dhcpd-conf-to-ldap.pl 2007-01-31 20:39:38.000000000 -0500 -@@ -0,0 +1,517 @@ -+#!/usr/bin/perl -w -+ -+# Brian Masney -+# To use this script, set your base DN below. Then run -+# ./dhcpd-conf-to-ldap.pl < /path-to-dhcpd-conf/dhcpd.conf > output-file -+# The output of this script will generate entries in LDIF format. You can use -+# the slapadd command to add these entries into your LDAP server. You will -+# definately want to double check that your LDAP entries are correct before -+# you load them into LDAP. -+ -+# This script does not do much error checking. Make sure before you run this -+# that the DHCP server doesn't give any errors about your config file -+ -+use Sys::Hostname; -+ -+my $basedn = "dc=ntelos, dc=net"; -+ -+sub next_token -+{ -+ local ($lowercase) = @_; -+ local ($token, $newline); -+ -+ do -+ { -+ if (!defined ($line) || length ($line) == 0) -+ { -+ $line = <>; -+ return undef if !defined ($line); -+ chop $line; -+ $line_number++; -+ $token_number = 0; -+ } -+ -+ $line =~ s/#.*//; -+ $line =~ s/^\s+//; -+ $line =~ s/\s+$//; -+ } -+ while (length ($line) == 0); -+ -+ if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/) -+ { -+ $line = $newline; -+ } -+ else -+ { -+ $token = $line; -+ $line = ''; -+ } -+ $token_number++; -+ -+ $token =~ y/[A-Z]/[a-z]/ if $lowercase; -+ -+ return ($token); -+} -+ -+ -+sub remaining_line -+{ -+ local ($tmp, $str); -+ -+ $str = ""; -+ while (($tmp = next_token (0))) -+ { -+ $str .= ' ' if !($str eq ""); -+ $str .= $tmp; -+ last if $tmp =~ /;\s*$/; -+ } -+ -+ $str =~ s/;$//; -+ return ($str); -+} -+ -+ -+sub -+add_dn_to_stack -+{ -+ local ($dn) = @_; -+ -+ $current_dn = "$dn, $current_dn"; -+} -+ -+ -+sub -+remove_dn_from_stack -+{ -+ $current_dn =~ s/^.*?,\s*//; -+} -+ -+ -+sub -+parse_error -+{ -+ print "Parse error on line number $line_number at token number $token_number\n"; -+ exit (1); -+} -+ -+ -+sub -+print_entry -+{ -+ return if (scalar keys %curentry == 0); -+ -+ if (!defined ($curentry{'type'})) -+ { -+ $host = hostname (); -+ $hostdn = "cn=$host, $basedn"; -+ print "dn: $hostdn\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpServer\n"; -+ print "cn: $host\n"; -+ print "dhcpServiceDN: $current_dn\n\n"; -+ -+ print "dn: $current_dn\n"; -+ print "cn: DHCP Config\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpService\n"; -+ if (defined ($curentry{'options'})) -+ { -+ print "objectClass: dhcpOptions\n"; -+ } -+ print "dhcpPrimaryDN: $hostdn\n"; -+ } -+ elsif ($curentry{'type'} eq 'subnet') -+ { -+ print "dn: $current_dn\n"; -+ print "cn: " . $curentry{'ip'} . "\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpSubnet\n"; -+ if (defined ($curentry{'options'})) -+ { -+ print "objectClass: dhcpOptions\n"; -+ } -+ -+ print "dhcpNetMask: " . $curentry{'netmask'} . "\n"; -+ if (defined ($curentry{'range'})) -+ { -+ print "dhcpRange: " . $curentry{'range'} . "\n"; -+ } -+ } -+ elsif ($curentry{'type'} eq 'shared-network') -+ { -+ print "dn: $current_dn\n"; -+ print "cn: " . $curentry{'descr'} . "\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpSharedNetwork\n"; -+ if (defined ($curentry{'options'})) -+ { -+ print "objectClass: dhcpOptions\n"; -+ } -+ } -+ elsif ($curentry{'type'} eq 'group') -+ { -+ print "dn: $current_dn\n"; -+ print "cn: group\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpGroup\n"; -+ if (defined ($curentry{'options'})) -+ { -+ print "objectClass: dhcpOptions\n"; -+ } -+ } -+ elsif ($curentry{'type'} eq 'host') -+ { -+ print "dn: $current_dn\n"; -+ print "cn: " . $curentry{'host'} . "\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpHost\n"; -+ if (defined ($curentry{'options'})) -+ { -+ print "objectClass: dhcpOptions\n"; -+ } -+ -+ if (defined ($curentry{'hwaddress'})) -+ { -+ print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n"; -+ } -+ } -+ elsif ($curentry{'type'} eq 'pool') -+ { -+ print "dn: $current_dn\n"; -+ print "cn: pool\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpPool\n"; -+ if (defined ($curentry{'options'})) -+ { -+ print "objectClass: dhcpOptions\n"; -+ } -+ -+ if (defined ($curentry{'range'})) -+ { -+ print "dhcpRange: " . $curentry{'range'} . "\n"; -+ } -+ } -+ elsif ($curentry{'type'} eq 'class') -+ { -+ print "dn: $current_dn\n"; -+ print "cn: " . $curentry{'class'} . "\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpClass\n"; -+ if (defined ($curentry{'options'})) -+ { -+ print "objectClass: dhcpOptions\n"; -+ } -+ } -+ elsif ($curentry{'type'} eq 'subclass') -+ { -+ print "dn: $current_dn\n"; -+ print "cn: " . $curentry{'subclass'} . "\n"; -+ print "objectClass: top\n"; -+ print "objectClass: dhcpSubClass\n"; -+ if (defined ($curentry{'options'})) -+ { -+ print "objectClass: dhcpOptions\n"; -+ } -+ print "dhcpClassData: " . $curentry{'class'} . "\n"; -+ } -+ -+ if (defined ($curentry{'statements'})) -+ { -+ foreach $statement (@{$curentry{'statements'}}) -+ { -+ print "dhcpStatements: $statement\n"; -+ } -+ } -+ -+ if (defined ($curentry{'options'})) -+ { -+ foreach $statement (@{$curentry{'options'}}) -+ { -+ print "dhcpOption: $statement\n"; -+ } -+ } -+ -+ print "\n"; -+ undef (%curentry); -+} -+ -+ -+sub parse_netmask -+{ -+ local ($netmask) = @_; -+ local ($i); -+ -+ if ((($a, $b, $c, $d) = $netmask =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) != 4) -+ { -+ parse_error (); -+ } -+ -+ $num = (($a & 0xff) << 24) | -+ (($b & 0xff) << 16) | -+ (($c & 0xff) << 8) | -+ ($d & 0xff); -+ -+ for ($i=1; $i<=32 && $num & (1 << (32 - $i)); $i++) -+ { -+ } -+ $i--; -+ -+ return ($i); -+} -+ -+ -+sub parse_subnet -+{ -+ local ($ip, $tmp, $netmask); -+ -+ print_entry () if %curentry; -+ -+ $ip = next_token (0); -+ parse_error () if !defined ($ip); -+ -+ $tmp = next_token (1); -+ parse_error () if !defined ($tmp); -+ parse_error () if !($tmp eq 'netmask'); -+ -+ $tmp = next_token (0); -+ parse_error () if !defined ($tmp); -+ $netmask = parse_netmask ($tmp); -+ -+ $tmp = next_token (0); -+ parse_error () if !defined ($tmp); -+ parse_error () if !($tmp eq '{'); -+ -+ add_dn_to_stack ("cn=$ip"); -+ $curentry{'type'} = 'subnet'; -+ $curentry{'ip'} = $ip; -+ $curentry{'netmask'} = $netmask; -+} -+ -+ -+sub parse_shared_network -+{ -+ local ($descr, $tmp); -+ -+ print_entry () if %curentry; -+ -+ $descr = next_token (0); -+ parse_error () if !defined ($descr); -+ -+ $tmp = next_token (0); -+ parse_error () if !defined ($tmp); -+ parse_error () if !($tmp eq '{'); -+ -+ add_dn_to_stack ("cn=$descr"); -+ $curentry{'type'} = 'shared-network'; -+ $curentry{'descr'} = $descr; -+} -+ -+ -+sub parse_host -+{ -+ local ($descr, $tmp); -+ -+ print_entry () if %curentry; -+ -+ $host = next_token (0); -+ parse_error () if !defined ($host); -+ -+ $tmp = next_token (0); -+ parse_error () if !defined ($tmp); -+ parse_error () if !($tmp eq '{'); -+ -+ add_dn_to_stack ("cn=$host"); -+ $curentry{'type'} = 'host'; -+ $curentry{'host'} = $host; -+} -+ -+ -+sub parse_group -+{ -+ local ($descr, $tmp); -+ -+ print_entry () if %curentry; -+ -+ $tmp = next_token (0); -+ parse_error () if !defined ($tmp); -+ parse_error () if !($tmp eq '{'); -+ -+ add_dn_to_stack ("cn=group"); -+ $curentry{'type'} = 'group'; -+} -+ -+ -+sub parse_pool -+{ -+ local ($descr, $tmp); -+ -+ print_entry () if %curentry; -+ -+ $tmp = next_token (0); -+ parse_error () if !defined ($tmp); -+ parse_error () if !($tmp eq '{'); -+ -+ add_dn_to_stack ("cn=pool"); -+ $curentry{'type'} = 'pool'; -+} -+ -+ -+sub parse_class -+{ -+ local ($descr, $tmp); -+ -+ print_entry () if %curentry; -+ -+ $class = next_token (0); -+ parse_error () if !defined ($class); -+ -+ $tmp = next_token (0); -+ parse_error () if !defined ($tmp); -+ parse_error () if !($tmp eq '{'); -+ -+ $class =~ s/\"//g; -+ add_dn_to_stack ("cn=$class"); -+ $curentry{'type'} = 'class'; -+ $curentry{'class'} = $class; -+} -+ -+ -+sub parse_subclass -+{ -+ local ($descr, $tmp); -+ -+ print_entry () if %curentry; -+ -+ $class = next_token (0); -+ parse_error () if !defined ($class); -+ -+ $subclass = next_token (0); -+ parse_error () if !defined ($subclass); -+ -+ $tmp = next_token (0); -+ parse_error () if !defined ($tmp); -+ parse_error () if !($tmp eq '{'); -+ -+ add_dn_to_stack ("cn=$subclass"); -+ $curentry{'type'} = 'subclass'; -+ $curentry{'class'} = $class; -+ $curentry{'subclass'} = $subclass; -+} -+ -+ -+sub parse_hwaddress -+{ -+ local ($type, $hw, $tmp); -+ -+ $type = next_token (0); -+ parse_error () if !defined ($type); -+ -+ $hw = next_token (0); -+ parse_error () if !defined ($hw); -+ $hw =~ s/;$//; -+ -+ $curentry{'hwaddress'} = "$type $hw"; -+} -+ -+ -+sub parse_range -+{ -+ local ($tmp, $str); -+ -+ $str = remaining_line (); -+ -+ if (!($str eq '')) -+ { -+ $str =~ s/;$//; -+ $curentry{'range'} = $str; -+ } -+} -+ -+ -+sub parse_statement -+{ -+ local ($token) = shift; -+ local ($str); -+ -+ if ($token eq 'option') -+ { -+ $str = remaining_line (); -+ push (@{$curentry{'options'}}, $str); -+ } -+ else -+ { -+ $str = $token . " " . remaining_line (); -+ push (@{$curentry{'statements'}}, $str); -+ } -+} -+ -+ -+my $token; -+my $token_number = 0; -+my $line_number = 0; -+my %curentry; -+ -+$current_dn = "cn=DHCP Config, $basedn"; -+$curentry{'descr'} = 'DHCP Config'; -+$line = ''; -+ -+while (($token = next_token (1))) -+ { -+ if ($token eq '}') -+ { -+ print_entry () if %curentry; -+ remove_dn_from_stack (); -+ } -+ elsif ($token eq 'subnet') -+ { -+ parse_subnet (); -+ next; -+ } -+ elsif ($token eq 'shared-network') -+ { -+ parse_shared_network (); -+ next; -+ } -+ elsif ($token eq 'class') -+ { -+ parse_class (); -+ next; -+ } -+ elsif ($token eq 'subclass') -+ { -+ parse_subclass (); -+ next; -+ } -+ elsif ($token eq 'pool') -+ { -+ parse_pool (); -+ next; -+ } -+ elsif ($token eq 'group') -+ { -+ parse_group (); -+ next; -+ } -+ elsif ($token eq 'host') -+ { -+ parse_host (); -+ next; -+ } -+ elsif ($token eq 'hardware') -+ { -+ parse_hwaddress (); -+ next; -+ } -+ elsif ($token eq 'range') -+ { -+ parse_range (); -+ next; -+ } -+ else -+ { -+ parse_statement ($token); -+ next; -+ } -+ } -+ -+ ---- /dev/null 2007-01-31 10:24:38.956568237 -0500 -+++ dhcp-3.0.5/doc/draft-ietf-dhc-ldap-schema-01.txt 2007-01-31 20:39:38.000000000 -0500 -@@ -0,0 +1,1089 @@ -+ -+ -+ -+ -+ -+Network Working Group M. Meredith, -+Internet Draft V. Nanjundaswamy, -+Document: M. Hinckley -+Category: Proposed Standard Novell Inc. -+Expires: 15th December 2001 16th June 2001 -+ -+ -+ LDAP Schema for DHCP -+ -+Status of this Memo -+ -+This document is an Internet-Draft and is in full conformance with all -+provisions of Section 10 of RFC2026 [ ]. -+ -+Internet-Drafts are working documents of the Internet Engineering Task -+Force (IETF), its areas, and its working groups. Note that other groups -+may also distribute working documents as Internet-Drafts. Internet- -+Drafts are draft documents valid for a maximum of six months and may be -+updated, replaced, or obsolete by other documents at any time. It is -+inappropriate to use Internet-Drafts as reference material or to cite -+them other than as "work in progress." The list of current Internet- -+Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The -+list of Internet-Draft Shadow Directories can be accessed at -+http://www.ietf.org/shadow.html. -+ -+1. Abstract -+ -+This document defines a schema for representing DHCP configuration in an -+LDAP directory. It can be used to represent the DHCP Service -+configuration(s) for an entire enterprise network, a subset of the -+network, or even a single server. Representing DHCP configuration in an -+LDAP directory enables centralized management of DHCP services offered -+by one or more DHCP Servers within the enterprise. -+ -+2. Conventions used in this document -+ -+The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", -+"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this -+document are to be interpreted as described in RFC-2119 [ ]. -+ -+In places where different sets of terminology are commonly used to -+represent similar DHCP concepts, this schema uses the terminology of the -+Internet Software Consortium's DHCP server reference implementation. -+For more information see www.isc.org. -+ -+3. Design Considerations -+ -+The DHCP LDAP schema is designed to be a simple multi-server schema. The -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 1] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+intent of this schema is to provide a basic framework for representing -+the most common elements used in the configuration of DHCP Server. This -+should allow other network services to obtain and use basic DHCP -+configuration information in a server-independent but knowledgeable way. -+ -+It is expected that some implementations may need to extend the schema -+objects, in order to implement all of their features or needs. It is -+recommended that you use the schema defined in this draft to represent -+DHCP configuration information in an LDAP directory. Conforming to a -+standard schema improves interoperability between DHCP implementations -+from different vendors. -+ -+Some implementations may choose not to support all of the objects -+defined here. -+ -+Two decisions are explicitly left up to each implementation: -+ -+First, implementations may choose not to store the lease information in -+the directory, so those objects would not be used. -+ -+Second, implementations may choose not to implement the auditing -+information. -+ -+It is up to the implementation to determine if the data in the directory -+is considered "authoritative", or if it is simply a copy of data from an -+authoritative source. Validity of the information if used as a copy is -+to be ensured by the implementation. -+ -+Primarily two types of applications will use the information in this -+schema: 1. DHCP servers (for loading their configuration) 2. Management -+Interfaces (for defining/editing configurations). -+ -+The schema should be efficient for the needs of both types of -+applications. The schema is designed to allow objects managed by DHCP -+(such as computers, subnets, etc) to be present anywhere in a directory -+hierarchy (to allow those objects to be placed in the directory for -+managing administrative control and access to the objects). -+ -+The schema uses a few naming conventions - all object classes and -+attributes are prefixed with "dhcp" to decrease the chance that object -+classes and attributes will have the same name. The schema also uses -+standard naming attributes ("cn", "ou", etc) for all objects. -+ -+4. Common DHCP Configuration Attributes -+ -+Although DHCP manages several different types of objects, the -+configuration of those objects is often similar. Consequently, most of -+these objects have a common set of attributes, which are defined below. -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 2] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+4.1. Attributes Definitions -+ -+The schema definitions listed below are for readability. The LDIF -+layout for this schema will follow in section 8. -+ -+Name: dhcpPrimaryDN Description: The Distinguished Name of the -+dhcpServer object, which is the primary server for the configuration. -+Syntax: DN Flags: SINGLE-VALUE -+ -+Named: dhcpSecondaryDN Description: The Distinguished Name(s) of the -+dhcpServer object(s), which are secondary servers for the configuration. -+Syntax: DN -+ -+Name: dhcpStatements Description: Flexible storage for representing any -+specific data depending on the object to which it is attached. Examples -+include conditional statements, Server parameters, etc. This also -+serves as a 'catch-all' attribute that allows the standard to evolve -+without needing to update the schema. Syntax: IA5String -+ -+Name: dhcpRange Description: The starting and ending IP Addresses in the -+range (inclusive), separated by a hyphen; if the range only contains one -+address, then just the address can be specified with no hyphen. Each -+range is defined as a separate value. Syntax: IA5String -+ -+Name: dhcpPermitList Description: This attribute contains the permit -+lists associated with a pool. Each permit list is defined as a separate -+value. Syntax: IA5String -+ -+Name: dhcpNetMask Description: The subnet mask length for the subnet. -+The mask can be easily computed from this length. Syntax: Integer -+Flags: SINGLE-VALUE -+ -+Name: dhcpOption Description: Encoded option values to be sent to -+clients. Each value represents a single option and contains (OptionTag, -+Length, OptionData) encoded in the format used by DHCP. For more -+information see [DHCPOPT]. Syntax: OctetString -+ -+Name: dhcpClassData Description: Encoded text string or list of bytes -+expressed in hexadecimal, separated by colons. Clients match subclasses -+based on matching the class data with the results of a 'match' or 'spawn -+with' statement in the class name declarations. Syntax: IA5String -+Flags: SINGLE-VALUE -+ -+Name: dhcpSubclassesDN Description: List of subclasses, these are the -+actual DN of each subclass object. Syntax: DN -+ -+Name: dhcpClassesDN Description: List of classes, these are the actual -+DN of each class object. Syntax: DN -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 3] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+Name: dhcpSubnetDN Description: List of subnets, these are the actual DN -+of each subnet object. Syntax: DN -+ -+Name: dhcpPoolDN Description: List of pools, these are the actual DN of -+each Pool object. Syntax: DN -+ -+Name: dhcpOptionsDN Description: List of options, these are the actual -+DN of each Options object. Syntax: DN -+ -+Name: dhcpHostDN Description: List of hosts, these are the actual DN of -+each host object. Syntax: DN -+ -+Name: dhcpSharedNetworkDN Description: List of shared networks, these -+are the actual DN of each shared network object. Syntax: DN -+ -+Name: dhcpGroupDN Description: List of groups, these are the actual DN -+of each Group object. Syntax: DN -+ -+Name: dhcpLeaseDN Description: Single Lease DN. A dhcpHost configuration -+uses this attribute to identify a static IP address assignment. Syntax: -+DN Flags: SINGLE-VALUE -+ -+Name: dhcpLeasesDN Description: List of leases, these are the actual DN -+of each lease object. Syntax: DN -+ -+Name: dhcpServiceDN Description: The DN of dhcpService object(s)which -+contain the configuration information. Each dhcpServer object has this -+attribute identifying the DHCP configuration(s) that the server is -+associated with. Syntax: DN -+ -+Name: dhcpHWAddress Description: The hardware address of the client -+associated with a lease Syntax: OctetString Flags: SINGLE-VALUE -+ -+Name: dhcpVersion Description: This is the version identified for the -+object that this attribute is part of. In case of the dhcpServer object, -+this represents the DHCP software version. Syntax: IA5String Flags: -+SINGLE-VALUE -+ -+Name: dhcpImplementation Description: DHCP Server implementation -+description e.g. DHCP Vendor information. Syntax: IA5String Flags: -+SINGLE-VALUE -+ -+Name: dhcpHashBucketAssignment Description: HashBucketAssignment bit map -+for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC -+3074]. Syntax: Octet String Flags: SINGLE-VALUE -+ -+Name: dhcpDelayedServiceParameter Description: Delay in seconds -+corresponding to Delayed Service Parameter configuration, as defined in -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 4] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+DHC Load Balancing Algorithm [RFC 3074]. Syntax: Integer Flags: SINGLE- -+VALUE -+ -+Name: dhcpMaxClientLeadTime Description: Maximum Client Lead Time -+configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR] -+Syntax: Integer Flags: SINGLE-VALUE -+ -+Name: dhcpFailOverEndpointState Description: Server (Failover Endpoint) -+state, as defined in DHCP Failover Protocol [FAILOVR] Syntax: IA5String -+Flags: SINGLE-VALUE -+ -+5. Configurations and Services -+ -+The schema definitions below are for readability the LDIF layout for -+this schema will follow in section 8. -+ -+The DHC working group is currently considering several proposals for -+fail-over and redundancy of DHCP servers. These may require sharing of -+configuration information between servers. This schema provides a -+generalized mechanism for supporting any of these proposals, by -+separating the definition of a server from the definition of -+configuration service provided by the server. -+ -+Separating the DHCP Server (dhcpServer) and the DHCP Configuration -+(dhcpService) representations allows a configuration service to be -+provided by one or more servers. Similarly, a server may provide one or -+more configurations. The schema allows a server to be configured as -+either a primary or secondary provider of a DHCP configuration. -+ -+Configurations are also defined so that one configuration can include -+some of the objects that are defined in another configuration. This -+allows for sharing and/or a hierarchy of related configuration items. -+ -+Name: dhcpService Description: Service object that represents the -+actual DHCP Service configuration. This will be a container with the -+following attributes. Must: cn, dhcpPrimaryDN May: dhcpSecondaryDN, -+dhcpSharedNetworkDN, dhcpSubnetDN, dhcpGroupDN, dhcpHostDN, -+dhcpClassesDN, dhcpOptionsDN, dhcpStatements -+ -+The following objects could exist inside the dhcpService container: -+dhcpSharedNetwork, dhcpSubnet, dhcpGroup, dhcpHost, dhcpClass, -+dhcpOptions, dhcpLog -+ -+Name: dhcpServer Description: Server object that the DHCP server will -+login as. The configuration information is in the dhcpService container -+that the dhcpServiceDN points to. Must: cn, dhcpServiceDN May: -+dhcpVersion, dhcpImplementation, dhcpHashBucketAssignment, -+dhcpDelayedServiceParameter, dhcpMaxClientLeadTime, -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 5] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+dhcpFailOverEndpointState, dhcpStatements -+ -+5.1. DHCP Declaration related classes: -+ -+Name: dhcpSharedNetwork Description: Shared Network class will list what -+pools and subnets are in this network. -+ -+This will be a container with the following attributes. Must: cn May: -+dhcpSubnetDN, dhcpPoolDN, dhcpOptionsDN, dhcpStatements -+ -+The following objects can exist within a dhcpSharedNetwork container: -+dhcpSubnet, dhcpPool, dhcpOptions, dhcpLog -+ -+Name: dhcpSubnet Description: Subnet object will include configuration -+information associated with a subnet, including a range and a net mask. -+ -+This will be a container with the following attributes. Must: cn -+(Subnet address), dhcpNetMask May: dhcpRange, dhcpPoolDN, dhcpGroupDN, -+dhcpHostDN, dhcpClassesDN, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements -+ -+The following objects can exist within a dhcpSubnet container: dhcpPool, -+dhcpGroup, dhcpHost, dhcpClass, dhcpOptions, dhcpLease, dhcpLog -+ -+Name: dhcpGroup Description: Group object will have configuration -+information associated with a group. -+ -+This will be a container with the following attributes. Must: cn May: -+dhcpHostDN, dhcpOptionsDN, dhcpStatements -+ -+The following objects can exist within a dhcpGroup container: dhcpHost, -+dhcpOptions -+ -+Name: dhcpHost Description: The host object includes DHCP host -+declarations to assign a static IP address or declare the client as -+known or specify statements for a specific client. Must: cn May: -+dhcpLeaseDN, dhcpHWAddress, dhcpOptionsDN, dhcpStatements -+ -+The following objects can exist within a dhcpHost container: dhcpLease, -+dhcpOptions -+ -+Name: dhcpOptions Description: The options class is for option space -+declarations, it contains a list of options. Must: cn, dhcpOption -+ -+Name: dhcpClass Description: This is a class to group clients together -+based on matching rules. -+ -+This will be a container with the following attributes. Must: cn May: -+dhcpSubClassesDN, dhcpOptionsDN, dhcpStatements -+ -+The following object can exist within a dhcpClass container: -+dhcpSubclass, dhcpOptions -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 6] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+Name: dhcpSubClass Description: This includes configuration information -+for a subclass associated with a class. The dhcpSubClass object will -+always be contained within the corresponding class container object. -+Must: cn May: dhcpClassData, dhcpOptionsDN, dhcpStatements -+ -+Name: dhcpPool Description: This contains configuration for a pool that -+will have the range of addresses, permit lists and point to classes and -+leases that are members of this pool. -+ -+This will be a container that could be contained by dhcpSubnet or a -+dhcpSharedNetwork. Must: cn, dhcpRange May: dhcpClassesDN, -+dhcpPermitList, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements -+ -+The following objects can exist within a dhcpPool container: dhcpClass, -+dhcpOptions, dhcpLease, dhcpLog -+ -+6. Tracking Address Assignments -+ -+The behavior of a DHCP server is influenced by two factors - it's -+configuration and the current state of the addresses that have been -+assigned to clients. This schema defines a set of objects for -+representing the DHCP configuration associated with a server. The -+following object classes provide the ability to record how addresses are -+used including maintaining history (audit log) on individual leases. -+Recording lease information in a directory could result in a significant -+performance impact and is therefore optional. Implementations supporting -+logging of leases need to consider the performance impact. -+ -+6.1. dhcpLeases Attribute Definitions -+ -+The schema definitions below are for readability the LDIF layout for -+this schema will follow in section 8. -+ -+Name: dhcpAddressState Description: This stores information about the -+current binding-status of an address. For dynamic addresses managed by -+DHCP, the values should be restricted to the states defined in the DHCP -+Failover Protocol draft [FAILOVR]: 'FREE', 'ACTIVE', 'EXPIRED', -+'RELEASED', 'RESET', 'ABANDONED', 'BACKUP'. For more information on -+these states see [FAILOVR]. For other addresses, it SHOULD be one of -+the following: 'UNKNOWN', 'RESERVED' (an address that is managed by DHCP -+that is reserved for a specific client), 'RESERVED-ACTIVE' (same as -+reserved, but address is currently in use), 'ASSIGNED' (assigned -+manually or by some other mechanism), 'UNASSIGNED', 'NOTASSIGNABLE'. -+Syntax: IA5String Flags: SINGLE-VALUE -+ -+Name: dhcpExpirationTime Description: This is the time the current lease -+for an address expires. Syntax: DateTime Flags: SINGLE-VALUE -+ -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 7] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+Name: dhcpStartTimeOfState Description: This is the time of the last -+state change for a leased address. Syntax: DateTime Flags: SINGLE-VALUE -+ -+Name: dhcpLastTransactionTime Description: This is the last time a valid -+DHCP packet was received from the client. Syntax: DateTime Flags: -+SINGLE-VALUE -+ -+Name: dhcpBootpFlag Description: This indicates whether the address was -+assigned via BOOTP Syntax: Boolean Flags: SINGLE-VALUE -+ -+Name: dhcpDomainName Description: This is the name of the domain sent to -+the client by the server. It is essentially the same as the value for -+DHCP option 15 sent to the client, and represents only the domain - not -+the full FQDN. To obtain the full FQDN assigned to the client you must -+prepend the "dhcpAssignedHostName" to this value with a ".". Syntax: -+IA5String Flags: SINGLE-VALUE -+ -+Name: dhcpDnsStatus Description: This indicates the status of updating -+DNS resource records on behalf of the client by the DHCP server for this -+address. The value is a 16-bit bitmask that has the same values as -+specified by the Failover-DDNS option (see [FAILOVR]). Syntax: Integer -+Flags: SINGLE-VALUE -+ -+Name: dhcpRequestedHostName Description: This is the hostname that was -+requested by the client. Syntax: IA5String Flags: SINGLE-VALUE -+ -+Name: dhcpAssignedHostName Description: This is the actual hostname that -+was assigned to a client. It may not be the name that was requested by -+the client. The fully qualified domain name can be determined by -+appending the value of "dhcpDomainName" (with a dot separator) to this -+name. Syntax: IA5String Flags: SINGLE-VALUE -+ -+Name: dhcpReservedForClient Description: This is the distinguished name -+of the "dhcpHost" that an address is reserved for. This may not be the -+same as the "dhcpAssignedToClient" attribute if the address is being -+reassigned but the current lease has not yet expired. Syntax: DN Flags: -+SINGLE-VALUE -+ -+Name: dhcpAssignedToClient Description: This is the distinguished name -+of a "dhcpHost" that an address is currently assigned to. This -+attribute is only present in the class when the address is leased. -+Syntax: DN Flags: SINGLE-VALUE -+ -+Name: dhcpRelayAgentInfo Description: If the client request was received -+via a relay agent, this contains information about the relay agent that -+was available from the DHCP request. This is a hex-encoded option -+value. Syntax: OctetString Flags: SINGLE-VALUE -+ -+Name: dhcpErrorLog Description: Generic error log attribute that allows -+logging error conditions within a dhcpService or a dhcpSubnet, like no IP -+addresses available for lease. Syntax: IA5String -+ -+M. Meredith et al. Expires December 2001 [Page 8] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+6.2. dhcpLeases Object Class -+ -+This class represents an IP address. It may or may not be leaseable, -+and the object may exist even though a lease is not currently active for -+the associated IP address. -+ -+It is recommended that all Lease objects for a single DHCP Service be -+centrally located within a single container. This ensures that the lease -+objects and the corresponding logs do not have to be relocated, when -+address ranges allocated to individual DHCP subnets and/or pools change. -+ -+The schema definitions below are for readability the LDIF layout for -+this schema will follow in section 8. -+ -+Name: dhcpLeases Description: This is the object that holds state -+information about an IP address. The cn (which is the IP address), and -+the current address-state are mandatory attributes. If the address is -+assigned then, some of the optional attributes will have valid data. -+Must: cn, dhcpAddressState May: dhcpExpirationTime, -+dhcpStartTimeOfState, dhcpLastTransactionTime, dhcpBootpFlag, -+dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName, -+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient, -+dhcpRelayAgentInfo, dhcpHWAddress -+ -+6.3 Audit Log Information -+ -+A dhcpLog object is created whenever a lease is assigned or released. -+This object is intended to be created under the corresponding dhcpLeases -+container, or dhcpPool, dhcpSubnet, dhcpSharedNetwork or dhcpService -+containers. -+ -+The log information under the dhcpLeases container would be for -+addresses matching that lease information. The log information in the -+other containers could be used for errors, i.e. when a pool or subnet is -+out our addresses or if a server is not able to assign any more -+addresses for a particular dhcpService. -+ -+Name: dhcpLog Description: This is the object that holds past -+information about an IP address. The cn is the time/date stamp when the -+address was assigned or released, the address state at the time, if the -+address was assigned or released. Must: cn May: dhcpAddressState, -+dhcpExpirationTime, dhcpStartTimeOfState, dhcpLastTransactionTime, -+dhcpBootpFlag, dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName, -+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient, -+dhcpRelayAgentInfo, dhcpHWAddress, dhcpErrorLog -+ -+ -+ -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 9] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+7. Determining settings -+ -+The dhcpStatements attribute is the key to DHC enhancements that may -+come along, and the different key words that a particular server -+implementation may use. This attribute can be used to hold conditional -+DHCP Statements and DHCP server parameters. Having a generic settings -+attribute that is just a string, allows this schema to be extensible and -+easy to configure. -+ -+All of the attributes that end with DN are references to the class that -+precedes the DN e.g. the dhcpPrimaryDN and dhcpSecondaryDN attributes -+hold the Distinguished Names of the dhcpServer objects that are -+associated with the dhcpService object. -+ -+8. LDIF format for attributes and classes. -+ -+# Attributes -+ -+( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC -+'The DN of the dhcpServer which is the primary server for the -+configuration.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'The DN of -+dhcpServer(s) which provide backup service for the configuration.' -+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Flexible -+storage for specific data depending on what object this exists in. Like -+conditional statements, server parameters, etc. This allows the standard -+to evolve without needing to adjust the schema.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.26 ) -+ -+( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The starting & -+ending IP Addresses in the range (inclusive), separated by a hyphen; if -+the range only contains one address, then just the address can be -+specified with no hyphen. Each range is defined as a separate value.' -+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -+ -+( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'This attribute -+contains the permit lists associated with a pool. Each permit list is -+defined as a separate value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -+ -+( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The subnet mask -+length for the subnet. The mask can be easily computed from this -+length.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encoded option -+values to be sent to clients. Each value represents a single option and -+contains (OptionTag, Length, OptionValue) encoded in the format used by -+DHCP.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -+ -+M. Meredith et al. Expires December 2001 [Page 10] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Encoded text -+string or list of bytes expressed in hexadecimal, separated by colons. -+Clients match subclasses based on matching the class data with the -+results of match or spawn with statements in the class name -+declarations.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The -+distinguished name(s) of the dhcpOption objects containing the -+configuration options provided by the server.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the distinguished -+name(s) of the dhcpHost objects.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The distinguished -+name(s) of pools.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The -+distinguished name(s) of the groups.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The -+distinguished name(s) of the subnets.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The -+distinguished name of a client address.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) -+ -+( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The -+distinguished name(s) client addresses.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'The -+distinguished name(s) of a class(es) in a subclass.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The -+distinguished name(s) of subclass(es).' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DESC 'The -+distinguished name(s) of sharedNetworks.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'The DN of -+dhcpService object(s)which contain the configuration information. Each -+dhcpServer object has this attribute identifying the DHCP -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 11] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+configuration(s) that the server is associated with.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.12 ) -+ -+( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version -+attribute of this object.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- -+VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DESC -+'Description of the DHCP Server implementation e.g. DHCP Server's -+vendor.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores -+information about the current binding-status of an address. For dynamic -+addresses managed by DHCP, the values should be restricted to the -+following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", -+"ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the -+following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP -+that is reserved for a specific client), "RESERVED-ACTIVE" (same as -+reserved, but address is currently in use), "ASSIGNED" (assigned -+manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".' -+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DESC 'This is -+the time the current lease for an address expires.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' DESC 'This is -+the time of the last state change for a leased address.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime' DESC 'This -+is the last time a valid DHCP packet was received from the client.' -+SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'This indicates -+whether the address was assigned via BOOTP.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'This is the -+name of the domain sent to the client by the server. It is essentially -+the same as the value for DHCP option 15 sent to the client, and -+represents only the domain - not the full FQDN. To obtain the full FQDN -+assigned to the client you must prepend the "dhcpAssignedHostName" to -+this value with a ".".' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- -+VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'This indicates -+the status of updating DNS resource records on behalf of the client by -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 12] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+the DHCP server for this address. The value is a 16-bit bitmask.' -+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This -+is the hostname that was requested by the client.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' DESC 'This is -+the actual hostname that was assigned to a client. It may not be the -+name that was requested by the client. The fully qualified domain name -+can be determined by appending the value of "dhcpDomainName" (with a dot -+separator) to this name.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- -+VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The -+distinguished name of a "dhcpClient" that an address is reserved for. -+This may not be the same as the "dhcpAssignedToClient" attribute if the -+address is being reassigned but the current lease has not yet expired.' -+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' DESC 'This is -+the distinguished name of a "dhcpClient" that an address is currently -+assigned to. This attribute is only present in the class when the -+address is leased.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DESC 'If the -+client request was received via a relay agent, this contains information -+about the relay agent that was available from the DHCP request. This is -+a hex-encoded option value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 -+SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'The clients -+hardware address that requested this IP address.' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignment' DESC -+'HashBucketAssignment bit map for the DHCP Server, as defined in DHC -+Load Balancing Algorithm [RFC 3074].' SYNTAX -+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParameter' DESC -+'Delay in seconds corresponding to Delayed Service Parameter -+configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' -+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC -+'Maximum Client Lead Time configuration in seconds, as defined in DHCP -+Failover Protocol [FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 13] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointState' DESC -+'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol -+[FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -+ -+( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC -+Generic error log attribute that allows logging error conditions within a -+dhcpService or a dhcpSubnet, like no IP addresses available for lease. -+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -+ -+#Classes -+ -+( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC ' Service object -+that represents the actual DHCP Service configuration. This is a -+container object.' SUP top MUST (cn $ dhcpPrimaryDN) MAY -+(dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ -+dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpStatements ) ) -+ -+( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DESC 'This stores -+configuration information for a shared network.' SUP top MUST cn MAY -+(dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) X- -+NDS_CONTAINMENT ('dhcpService' ) ) -+ -+( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'This class defines -+a subnet. This is a container object.' SUP top MUST ( cn $ dhcpNetMask ) -+MAY (dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ -+dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT -+('dhcpService' 'dhcpSharedNetwork') ) -+ -+( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This stores -+configuration information about a pool.' SUP top MUST ( cn $ dhcpRange ) -+MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ -+dhcpStatements) X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') ) -+ -+( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Group object that -+lists host DNs and parameters. This is a container object.' SUP top MUST -+cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONTAINMENT -+('dhcpSubnet' 'dhcpService' ) ) -+ -+( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This represents -+information about a particular client' SUP top MUST cn MAY (dhcpLeaseDN -+$ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT -+('dhcpService' 'dhcpSubnet' 'dhcpGroup') ) -+ -+( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Represents -+information about a collection of related clients.' SUP top MUST cn MAY -+(dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT -+('dhcpService' 'dhcpSubnet' ) ) -+ -+( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'Represents -+information about a collection of related classes.' SUP top MUST cn MAY -+(dhcpClassData $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 14] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+'dhcpClass' ) -+ -+( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Represents -+information about a collection of options defined.' SUP top MUST cn MAY -+( dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' -+'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) -+ -+( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'This class -+represents an IP Address, which may or may not have been leased.' SUP -+top MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $ -+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ -+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ -+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ -+dhcpRelayAgentInfo $ dhcpHWAddress ) X-NDS_CONTAINMENT ( 'dhcpService' -+'dhcpSubnet' 'dhcpPool') ) -+ -+( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This is the object -+that holds past information about the IP address. The cn is the -+time/date stamp when the address was assigned or released, the address -+state at the time, if the address was assigned or released.' SUP top -+MUST ( cn ) MAY ( dhcpAddressState $ dhcpExpirationTime $ -+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ -+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ -+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ -+dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) X-NDS_CONTAINMENT -+('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) ) -+ -+( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'DHCP Server -+Object' SUP top MUST (cn, dhcpServiceDN) MAY (dhcpVersion $ -+dhcpImplementation $ dhcpHashBucketAssignment $ -+dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ -+dhcpFailOverEndpointState $ dhcpStatements) X-NDS_CONTAINMENT ('O' 'OU' -+'dc') ) -+ -+9. Security Considerations -+ -+Since the DHCP Configuration information is stored in a directory, the -+security of the information is limited to the security offered by the -+directory including the security of the objects within that directory. -+ -+10. Intellectual Property Rights Notices -+ -+The IETF takes no position regarding the validity or scope of any -+intellectual property or other rights that might be claimed to pertain -+to the implementation or use of the technology described in this -+document or the extent to which any license under such rights might or -+might not be available; neither does it represent that it has made any -+effort to identify any such rights. Information on the IETF's -+procedures with respect to rights in standards-track and standards- -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 15] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+related documentation can be found in BCP-11. Copies of claims of -+rights made available for publication and any assurances of licenses to -+be made available, or the result of an attempt made to obtain a general -+license or permission for the use of such proprietary rights by -+implementors or users of this specification can be obtained from the -+IETF Secretariat. -+ -+The IETF invites any interested party to bring to its attention any -+copyrights, patents or patent applications, or other proprietary rights -+which may cover technology that may be required to practice this -+standard. Please address the information to the IETF Executive -+Director. -+ -+11. Full Copyright Statement -+ -+Copyright (C) The Internet Society (2001). All Rights Reserved. -+ -+This document and translations of it may be copied and furnished to -+others, and derivative works that comment on or otherwise explain it or -+assist in its implementation may be prepared, copied, published and -+distributed, in whole or in part, without restriction of any kind, -+provided that the above copyright notice and this paragraph are included -+on all such copies and derivative works. However, this document itself -+may not be modified in any way, such as by removing the copyright notice -+or references to the Internet Society or other Internet organizations, -+except as needed for the purpose of developing Internet standards in -+which case the procedures for copyrights defined in the Internet -+Standards process must be followed, or as required to translate it into -+languages other than English. -+ -+The limited permissions granted above are perpetual and will not be -+revoked by the Internet Society or its successors or assigns. -+ -+This document and the information contained herein is provided on an "AS -+IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK -+FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT -+LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT -+INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR -+FITNESS FOR A PARTICULAR PURPOSE. -+ -+12. References -+ -+[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, -+March 1997. -+ -+[RFC2132] Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor -+Extensions", RFC 2132, March 1997. -+ -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 16] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+[MSDHCP] Gu, Y., Vyaghrapuri, R., "An LDAP Schema for Dynamic Host -+Configuration Protocol Service", Internet Draft , August 1998. -+ -+[NOVDHCP] Miller, T., Patel, A., Rao, P., "Lightweight Directory Access -+Protocol (v3): Schema for Dynamic Host Configuration Protocol (DHCP)", -+Internet Draft , June 1998. -+ -+[FAILOVR] Droms, R., Rabil, G., Dooley, M., Kapur, A., Gonczi, S., Volz, -+B., "DHCP Failover Protocol", Internet Draft , July 2000. -+ -+[RFC 3074] Volz B., Gonczi S., Lemon T., Stevens R., "DHC Load Balancing -+Algorithm", February 2001 -+ -+[AGENT] Patrick, M., "DHCP Relay Agent Information Option", Internet -+Draft , March 2000. -+ -+[DHCPOPT] Carney, M., "New Option Review Guidelines and Additional -+Option Namespace", Internet Draft , October 1999. -+ -+[POLICY] Strassner, J., Elleson, E., Moore, B., "Policy Framework LDAP -+Core Schema", Internet Draft , -+November 1999. -+ -+[RFC2251] Wahl, M., Howes, T., Kille, S., "Lightweight Directory Access -+Protocol (v3)", RFC 2251, December 1997. -+ -+[RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., "Lightweight -+Directory Access Protocol (v3) Attribute Syntax Definitions", RFC 2252, -+December 1997. -+ -+[RFC2255] Howes, T., Smith, M., "The LDAP URL Format", RFC 2255, -+December 1997. -+ -+[RFC951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC 951, -+September 1985. -+ -+[RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement -+Levels", RFC 2119, March 1997. -+ -+13. Acknowledgments -+ -+This work is partially based on a previous draft draft-ietf-dhc- -+schema-02.doc. -+ -+ -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 17] -+ -+ -+ -+ -+ -+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 -+ -+ -+14. Author's Addresses -+ -+Comments regarding this draft may be sent to the authors at the -+following address: -+ -+Mark Meredith -+Mark Hinckley -+Novell Inc. -+1800 S. Novell Place -+Provo, Utah 84606 -+ -+Vijay K. Nanjundaswamy -+Novell Software Development (I) Ltd -+49/1 & 49/3, Garvebhavi Palya, -+7th Mile, Hosur Road -+Bangalore 560068 -+ -+email: mark_meredith@novell.com -+email: knvijay@novell.com -+email: mhinckley@novell.com -+ -+This Internet Draft expires December 16, 2001. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+M. Meredith et al. Expires December 2001 [Page 18] -+ -+ -+ -+ ---- dhcp-3.0.5/includes/dhcpd.h.ldapconf 2007-01-31 20:39:38.000000000 -0500 -+++ dhcp-3.0.5/includes/dhcpd.h 2007-01-31 20:39:38.000000000 -0500 +--- dhcp-3.0.5/includes/dhcpd.h.ldapconf 2007-03-04 15:32:24.000000000 -0500 ++++ dhcp-3.0.5/includes/dhcpd.h 2007-03-04 15:32:24.000000000 -0500 @@ -79,6 +79,11 @@ #include #include @@ -1791,7 +179,7 @@ +#endif + --- dhcp-3.0.5/includes/site.h.ldapconf 2002-03-12 13:33:39.000000000 -0500 -+++ dhcp-3.0.5/includes/site.h 2007-01-31 20:39:38.000000000 -0500 ++++ dhcp-3.0.5/includes/site.h 2007-03-04 15:32:24.000000000 -0500 @@ -177,3 +177,13 @@ traces. */ @@ -1806,8 +194,8 @@ +#define _PATH_DHCLIENT_DB "/var/lib/dhclient/dhclient.leases" +#define _PATH_DHCPD_DB "/var/lib/dhcpd/dhcpd.leases" +#define _PATH_DHCLIENT_DB "/var/lib/dhclient/dhclient.leases" ---- dhcp-3.0.5/server/Makefile.dist.ldapconf 2007-01-31 20:39:38.000000000 -0500 -+++ dhcp-3.0.5/server/Makefile.dist 2007-01-31 21:00:06.000000000 -0500 +--- dhcp-3.0.5/server/Makefile.dist.ldapconf 2004-06-10 13:59:50.000000000 -0400 ++++ dhcp-3.0.5/server/Makefile.dist 2007-03-04 15:33:01.000000000 -0500 @@ -25,9 +25,9 @@ CATMANPAGES = dhcpd.cat8 dhcpd.conf.cat5 dhcpd.leases.cat5 SEDMANPAGES = dhcpd.man8 dhcpd.conf.man5 dhcpd.leases.man5 @@ -1824,12 +212,12 @@ -e "s#RUNDIR#$(VARRUN)#g" < dhcpd.leases.5 >dhcpd.leases.man5 dhcpd: $(OBJS) $(COBJ) $(DHCPLIB) -- $(CC) $(LFLAGS) -pie $(RPM_OPT_FLAGS) -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) -+ $(CC) $(LFLAGS) -pie $(RPM_OPT_FLAGS) -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) -lldap +- $(CC) $(LFLAGS) -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) ++ $(CC) $(LFLAGS) -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) -lldap # Dependencies (semi-automatically-generated) --- dhcp-3.0.5/server/class.c.ldapconf 2004-06-10 13:59:51.000000000 -0400 -+++ dhcp-3.0.5/server/class.c 2007-01-31 20:39:38.000000000 -0500 ++++ dhcp-3.0.5/server/class.c 2007-03-04 15:32:24.000000000 -0500 @@ -90,6 +90,7 @@ int matched = 0; int status; @@ -1861,8 +249,8 @@ #if defined (DEBUG_CLASS_MATCHING) log_info ("matches subclass %s.", print_hex_1 (data.len, ---- dhcp-3.0.5/server/confpars.c.ldapconf 2007-01-31 20:39:38.000000000 -0500 -+++ dhcp-3.0.5/server/confpars.c 2007-01-31 20:39:38.000000000 -0500 +--- dhcp-3.0.5/server/confpars.c.ldapconf 2007-03-04 15:32:24.000000000 -0500 ++++ dhcp-3.0.5/server/confpars.c 2007-03-04 15:32:24.000000000 -0500 @@ -63,7 +63,17 @@ isc_result_t readconf () @@ -1882,8 +270,8 @@ } isc_result_t read_conf_file (const char *filename, struct group *group, ---- dhcp-3.0.5/server/dhcpd.c.ldapconf 2007-01-31 20:39:38.000000000 -0500 -+++ dhcp-3.0.5/server/dhcpd.c 2007-01-31 20:39:38.000000000 -0500 +--- dhcp-3.0.5/server/dhcpd.c.ldapconf 2007-03-04 15:32:24.000000000 -0500 ++++ dhcp-3.0.5/server/dhcpd.c 2007-03-04 15:32:24.000000000 -0500 @@ -433,6 +433,9 @@ /* Add the ddns update style enumeration prior to parsing. */ add_enumeration (&ddns_styles); @@ -1894,8 +282,8 @@ if (!group_allocate (&root_group, MDL)) log_fatal ("Can't allocate root group!"); ---- /dev/null 2007-01-31 10:24:38.956568237 -0500 -+++ dhcp-3.0.5/server/ldap.c 2007-01-31 20:39:38.000000000 -0500 +--- /dev/null 2007-03-03 18:04:36.394738328 -0500 ++++ dhcp-3.0.5/server/ldap.c 2007-03-04 15:32:24.000000000 -0500 @@ -0,0 +1,1142 @@ +/* ldap.c + @@ -3039,8 +1427,8 @@ + +#endif + ---- dhcp-3.0.5/server/mdb.c.ldapconf 2007-01-31 20:39:38.000000000 -0500 -+++ dhcp-3.0.5/server/mdb.c 2007-01-31 20:39:38.000000000 -0500 +--- dhcp-3.0.5/server/mdb.c.ldapconf 2007-03-04 15:32:24.000000000 -0500 ++++ dhcp-3.0.5/server/mdb.c 2007-03-04 15:32:24.000000000 -0500 @@ -373,6 +373,12 @@ const char *file, int line) { @@ -3055,7 +1443,7 @@ h.hlen = hlen + 1; h.hbuf [0] = htype; --- dhcp-3.0.5/server/stables.c.ldapconf 2004-06-10 13:59:58.000000000 -0400 -+++ dhcp-3.0.5/server/stables.c 2007-01-31 20:39:38.000000000 -0500 ++++ dhcp-3.0.5/server/stables.c 2007-03-04 15:32:24.000000000 -0500 @@ -483,12 +483,21 @@ { "log-facility", "Nsyslog-facilities.", &server_universe, 44 }, { "do-forward-updates", "f", &server_universe, 45 }, @@ -3099,175 +1487,3 @@ struct enumeration_value ddns_styles_values [] = { { "none", 0 }, { "ad-hoc", 1 }, ---- /dev/null 2007-01-31 10:24:38.956568237 -0500 -+++ dhcp-3.0.5/README.ldap 2007-01-31 20:39:38.000000000 -0500 -@@ -0,0 +1,157 @@ -+LDAP Support in DHCP -+Brian Masney -+Last updated 8/16/2002 -+ -+This document describes setting up the DHCP server to read it's configuration -+from LDAP. This work is based on the IETF document -+draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest -+version of this document, please see http://home.ntelos.net/~masneyb. -+ -+First question on most people's mind is "Why do I want to store my -+configuration in LDAP?" If you run a small DHCP server, and the configuration -+on it rarely changes, then you won't need to store your configuration in LDAP. -+But, if you have several DHCP servers, and you want an easy way to manage your -+configuration, this can be a solution. -+ -+The first step will be to setup your LDAP server. I am using OpenLDAP from -+www.openldap.org. Building and installing OpenLDAP is beyond the scope of this -+document. There is plenty of documentation out there about this. Once you have -+OpenLDAP installed, you will have to edit your slapd.conf file. I added the -+following 2 lines to my configuration file: -+ -+include /etc/ldap/schema/dhcp.schema -+index dhcpHWAddress eq -+index dhcpClassData eq -+ -+The first line tells it to include the dhcp schema file. You will find this -+file under the contrib directory in this distribution. You will need to copy -+this file to where your other schema files are (maybe -+/usr/local/openldap/etc/openldap/schema/). The second line sets up -+an index for the dhcpHWAddress parameter. The third parameter is for reading -+subclasses from LDAP every time a DHCP request comes in. Make sure you run the -+slapindex command and restart slapd to have these changes to into effect. -+ -+Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/) -+to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click -+on the Schema tab. Go under objectClasses, and you should see at least the -+following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions, -+dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and -+dhcpSubnet. If you do not see these, you need to check over your LDAP -+configuration before you go any further. -+ -+You should be ready to build DHCP. Edit the includes/site.h file and uncomment -+the #define LDAP_CONFIGURATION. Now run configure in the base source directory. -+Edit the work.os/server/Makefile and add -lldap to the LIBS= line. (replace os -+with your operating system, linux-2.2 on my machine). You should be able to -+type make to build your DHCP server. -+ -+Once you have DHCP installed, you will need to setup your initial plaintext -+config file. In my /etc/dhcpd.conf file, I have: -+ -+ldap-server "localhost"; -+ldap-port 389; -+ldap-username "cn=DHCP User, dc=ntelos, dc=net"; -+ldap-password "blah"; -+ldap-base-dn "dc=ntelos, dc=net"; -+ldap-method dynamic; -+ -+All of these parameters should be self explanatory except for the ldap-method. -+You can set this to static or dynamic. If you set it to static, the -+configuration is read once on startup, and LDAP isn't used anymore. But, if you -+set this to dynamic, the configuration is read once on startup, and the -+hosts that are stored in LDAP are looked up every time a DHCP request comes in. -+ -+The next step is to set up your LDAP tree. Here is an example config that will -+give a 10.100.0.x address to machines that have a host entry in LDAP. -+Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace -+dc=ntelos, dc=net with your base dn). If you would like to convert your -+existing dhcpd.conf file to LDIF format, there is a script -+contrib/dhcpd-conf-to-ldap.pl that will convert it for you. -+ -+# You must specify the server's host name in LDAP that you are going to run -+# DHCP on and point it to which config tree you want to use. Whenever DHCP -+# first starts up, it will do a search for this entry to find out which -+# config to use -+dn: cn=brian.ntelos.net, dc=ntelos, dc=net -+objectClass: top -+objectClass: dhcpServer -+cn: brian.ntelos.net -+dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net -+ -+# Here is the config tree that brian.ntelos.net points to. -+dn: cn=DHCP Service Config, dc=ntelos, dc=net -+cn: DHCP Service Config -+objectClass: top -+objectClass: dhcpService -+dhcpPrimaryDN: dc=ntelos, dc=net -+dhcpStatements: ddns-update-style ad-hoc -+dhcpStatements: default-lease-time 600 -+dhcpStatements: max-lease-time 7200 -+ -+# Set up a shared network segment -+dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net -+cn: WV -+objectClass: top -+objectClass: dhcpSharedNetwork -+ -+# Set up a subnet declaration with a pool statement. Also note that we have -+# a dhcpOptions object with this entry -+dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net -+cn: 10.100.0.0 -+objectClass: top -+objectClass: dhcpSubnet -+objectClass: dhcpOptions -+dhcpOption: domain-name-servers 10.100.0.2 -+dhcpOption: routers 10.100.0.1 -+dhcpOption: subnet-mask 255.255.255.0 -+dhcpOption: broadcast-address 10.100.0.255 -+dhcpNetMask: 24 -+ -+# Set up a pool for this subnet. Only known hosts will get these IPs -+dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net -+cn: Known Pool -+objectClass: top -+objectClass: dhcpPool -+dhcpRange: 10.100.0.3 10.100.0.254 -+dhcpPermitList: deny unknown-clients -+ -+# Set up another subnet declaration with a pool statement -+dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net -+cn: 10.200.0.0 -+objectClass: top -+objectClass: dhcpSubnet -+objectClass: dhcpOptions -+dhcpOption: domain-name-servers 10.200.0.2 -+dhcpOption: routers 10.200.0.1 -+dhcpOption: subnet-mask 255.255.255.0 -+dhcpOption: broadcast-address 10.200.0.255 -+dhcpNetMask: 24 -+ -+# Set up a pool for this subnet. Only unknown hosts will get these IPs -+dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net -+cn: Known Pool -+objectClass: top -+objectClass: dhcpPool -+dhcpRange: 10.200.0.3 10.200.0.254 -+dhcpPermitList: deny known clients -+ -+# Set aside a group for all of our known MAC addresses -+dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net -+objectClass: top -+objectClass: dhcpGroup -+cn: Customers -+ -+# Host entry for my laptop -+dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net -+objectClass: top -+objectClass: dhcpHost -+cn: brianlaptop -+dhcpHWAddress: ethernet 00:00:00:00:00:00 -+ -+You can use the command slapadd to load all of these entries into your LDAP -+server. After you load this, you should be able to start up DHCP. If you run -+into problems reading the configuration, try running dhcpd with the -d flag. -+If you still have problems, edit the site.conf file in the DHCP source and -+add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make -+clean and rerun configure before you rebuild). -+ ---- dhcp-3.0.5/site.conf.ldapconf 1999-07-07 11:20:10.000000000 -0400 -+++ dhcp-3.0.5/site.conf 2007-01-31 20:39:38.000000000 -0500 -@@ -1,2 +1,7 @@ --# Put local site configuration stuff here to override the default --# settings in Makefile.conf -+VARDB=/var/lib/dhcpd -+ADMMANDIR=/usr/share/man/man8 -+FFMANDIR=/usr/share/man/man5 -+LIBMANDIR=/usr/share/man/man3 -+USRMANDIR=/usr/share/man/man1 -+LIBDIR=/usr/lib -+INCDIR=/usr/include diff --git a/dhcp.spec b/dhcp.spec index 3429e2a..e3cc708 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -3,12 +3,14 @@ %define bigptrs -DPTRSIZE_64BIT %endif +# The workdir is used in the build system for ISC dhcp, we set it to this +# value to avoid any problems guessing what it might be during installation. %define workdir work.linux-2.2 Summary: DHCP (Dynamic Host Configuration Protocol) server and relay agent Name: dhcp Version: 3.0.5 -Release: 23%{?dist} +Release: 24%{?dist} Epoch: 12 License: ISC Group: System Environment/Daemons @@ -19,6 +21,10 @@ Source2: dhcpd.init Source3: dhcrelay.init Source4: dhcpd.conf Source5: libdhcp4client.pc +Source6: README.ldap +Source7: draft-ietf-dhc-ldap-schema-01.txt +Source8: dhcpd-conf-to-ldap.pl +Source9: linux.dbus-example Patch0: dhcp-3.0.5-extended-new-option-info.patch Patch1: dhcp-3.0.5-Makefile.patch @@ -35,11 +41,13 @@ Patch11: dhcp-3.0.5-timeouts.patch Patch12: dhcp-3.0.5-fix-warnings.patch Patch13: dhcp-3.0.5-xen-checksum.patch Patch14: dhcp-3.0.5-ldap-configuration.patch +Patch15: dhcp-3.0.5-no-win32.patch # adds libdhcp4client to the ISC code base Patch50: dhcp-3.0.5-libdhcp4client.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Requires: perl Requires(post): chkconfig, coreutils Requires(preun): chkconfig Requires(postun): coreutils @@ -150,12 +158,28 @@ client library . # Add support for dhcpd.conf data in LDAP %patch14 -p1 -b .ldapconf +# The contrib/ms2isc/Registry.pm file requires Win32API::Registry, which is +# not part of Fedora by default. We comment out this use line in the script +# so that RPM doesn't automatically add perl(Win32API::Registry) dependency. +# The patch puts a comment in the script telling the user which perl module +# should be installed to use the Registry.pm contrib file. +%patch15 -p1 -b .no-win32 + # Add the libdhcp4client target (library version of dhclient) %patch50 -p1 -b .libdhcp4client +# Copy in documentation and example scripts for LDAP patch to dhcpd +%{__cp} -p %SOURCE6 . +%{__cp} -p %SOURCE7 doc +%{__cp} -p %SOURCE8 contrib + +# Copy in example dhclient script for use with D-BUS (requires extended +# new option info patch too) +%{__cp} -p %SOURCE9 client/scripts + %build -cp %SOURCE1 . -cat <site.conf +%{__cp} %SOURCE1 . +%{__cat} < site.conf VARDB=%{_localstatedir}/lib/dhcpd ADMMANDIR=%{_mandir}/man8 FFMANDIR=%{_mandir}/man5 @@ -164,12 +188,15 @@ USRMANDIR=%{_mandir}/man1 LIBDIR=%{_libdir} INCDIR=%{_includedir} EOF -cat <>includes/site.h +%{__cat} <> includes/site.h #define _PATH_DHCPD_DB "%{_localstatedir}/lib/dhcpd/dhcpd.leases" #define _PATH_DHCLIENT_DB "%{_localstatedir}/lib/dhclient/dhclient.leases" EOF -# Enable extended option info patch +# Enable extended option info patch (-DEXTENDED_NEW_OPTION_INFO) +# Use -fvisibility=hidden for libdhcp4client. The way that library is +# constructed, we need to follow the hide-by-default/expose-what-we-need +# plan for the library API. COPTS="-fPIC -Werror -Dlint -DEXTENDED_NEW_OPTION_INFO -fvisibility=hidden" # DO NOT use the %%configure macro because this configure script is not autognu @@ -177,61 +204,55 @@ CC="%{__cc}" ./configure \ --copts "$RPM_OPT_FLAGS $COPTS %{?bigptrs}" \ --work-dir %{workdir} -sed 's/@DHCP_VERSION@/'%{version}'/' < %SOURCE5 > libdhcp4client.pc +%{__sed} 's/@DHCP_VERSION@/'%{version}'/' < %SOURCE5 > libdhcp4client.pc %{__make} %{?_smp_mflags} CC="%{__cc}" %install -rm -rf %{buildroot} -mkdir -p %{buildroot}/etc/sysconfig +%{__rm} -rf %{buildroot} +%{__mkdir} -p %{buildroot}%{_sysconfdir}/sysconfig -make install DESTDIR=%{buildroot} +%{__make} install DESTDIR=%{buildroot} -install -p -m 0755 contrib/dhcpd-conf-to-ldap.pl %{buildroot}/usr/bin/dhcpd-conf-to-ldap +%{__install} -p -m 0755 contrib/dhcpd-conf-to-ldap.pl %{buildroot}/usr/bin/dhcpd-conf-to-ldap -mkdir -p %{buildroot}/etc/rc.d/init.d -install -p -m 0755 %SOURCE2 %{buildroot}/etc/rc.d/init.d/dhcpd +%{__mkdir} -p %{buildroot}%{_initrddir} +%{__install} -p -m 0755 %SOURCE2 %{buildroot}%{_initrddir}/dhcpd touch %{buildroot}%{_localstatedir}/lib/dhcpd/dhcpd.leases -mkdir -p %{buildroot}%{_localstatedir}/lib/dhclient/ -cat < %{buildroot}/etc/sysconfig/dhcpd +%{__mkdir} -p %{buildroot}%{_localstatedir}/lib/dhclient/ +%{__cat} < %{buildroot}%{_sysconfdir}/sysconfig/dhcpd # Command line options here DHCPDARGS= EOF -install -p -m 0755 %SOURCE3 %{buildroot}/etc/rc.d/init.d/dhcrelay +%{__install} -p -m 0755 %SOURCE3 %{buildroot}%{_initrddir}/dhcrelay -cat < %{buildroot}/etc/sysconfig/dhcrelay +%{__cat} < %{buildroot}%{_sysconfdir}/sysconfig/dhcrelay # Command line options here INTERFACES="" DHCPSERVERS="" EOF # Copy sample dhclient.conf file into position -cp -p client/dhclient.conf dhclient.conf.sample -chmod 755 %{buildroot}/sbin/dhclient-script - -# Create per-package copies of dhcp-options and dhcp-eval common man-pages: -cp -fp %{buildroot}%{_mandir}/man5/dhcp-options.5 %{buildroot}%{_mandir}/man5/dhcpd-options.5 -cp -fp %{buildroot}%{_mandir}/man5/dhcp-options.5 %{buildroot}%{_mandir}/man5/dhclient-options.5 -cp -fp %{buildroot}%{_mandir}/man5/dhcp-eval.5 %{buildroot}%{_mandir}/man5/dhcpd-eval.5 -cp -fp %{buildroot}%{_mandir}/man5/dhcp-eval.5 %{buildroot}%{_mandir}/man5/dhclient-eval.5 +%{__cp} -p client/dhclient.conf dhclient.conf.sample +%{__chmod} 0755 %{buildroot}/sbin/dhclient-script # Install default (empty) dhcpd.conf: -cp -fp %SOURCE4 %{buildroot}/etc +%{__cp} -fp %SOURCE4 %{buildroot}%{_sysconfdir} -install -p -m 0644 -D libdhcp4client.pc %{buildroot}%{_libdir}/pkgconfig/libdhcp4client.pc +%{__install} -p -m 0644 -D libdhcp4client.pc %{buildroot}%{_libdir}/pkgconfig/libdhcp4client.pc # Sources files can't be symlinks for debuginfo package generation find %{workdir} -type l | while read f; do - rm -f linkderef - cp $f linkderef - rm -f $f - mv linkderef $f + %{__rm} -f linkderef + %{__cp} $f linkderef + %{__rm} -f $f + %{__mv} linkderef $f done %clean -rm -rf %{buildroot} +%{__rm} -rf %{buildroot} %post /sbin/chkconfig --add dhcpd @@ -261,27 +282,25 @@ exit 0 %files %defattr(-,root,root,-) %doc README README.ldap RELNOTES dhcpd.conf.sample doc/IANA-arp-parameters -%doc doc/IANA-arp-parameters doc/api+protocol doc/*.txt +%doc doc/IANA-arp-parameters doc/api+protocol doc/*.txt contrib %dir %{_localstatedir}/lib/dhcpd %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd.leases -%config(noreplace) /etc/sysconfig/dhcpd -%config(noreplace) /etc/sysconfig/dhcrelay -%config(noreplace) /etc/dhcpd.conf -/etc/rc.d/init.d/dhcpd -/etc/rc.d/init.d/dhcrelay +%config(noreplace) %{_sysconfdir}/sysconfig/dhcpd +%config(noreplace) %{_sysconfdir}/sysconfig/dhcrelay +%config(noreplace) %{_sysconfdir}/dhcpd.conf +%{_initrddir}/dhcpd +%{_initrddir}/dhcrelay %{_bindir}/omshell %{_bindir}/dhcpd-conf-to-ldap %{_sbindir}/dhcpd %{_sbindir}/dhcrelay -%{_mandir}/man1/omshell.1* -%{_mandir}/man5/dhcpd.conf.5* -%{_mandir}/man5/dhcpd.leases.5* -%{_mandir}/man8/dhcpd.8* -%{_mandir}/man8/dhcrelay.8* -%{_mandir}/man5/dhcpd-options.5* -%{_mandir}/man5/dhcpd-eval.5* -%ghost %{_mandir}/man5/dhcp-options.5.gz -%ghost %{_mandir}/man5/dhcp-eval.5.gz +%{_mandir}/man1/omshell.1.gz +%{_mandir}/man5/dhcpd.conf.5.gz +%{_mandir}/man5/dhcpd.leases.5.gz +%{_mandir}/man8/dhcpd.8.gz +%{_mandir}/man8/dhcrelay.8.gz +%{_mandir}/man5/dhcp-options.5.gz +%{_mandir}/man5/dhcp-eval.5.gz %files -n dhclient %defattr(-,root,root,-) @@ -289,14 +308,12 @@ exit 0 %dir %{_localstatedir}/lib/dhclient /sbin/dhclient /sbin/dhclient-script -%{_mandir}/man5/dhclient.conf.5* -%{_mandir}/man5/dhclient.leases.5* -%{_mandir}/man8/dhclient.8* -%{_mandir}/man8/dhclient-script.8* -%{_mandir}/man5/dhclient-options.5* -%{_mandir}/man5/dhclient-eval.5* -%ghost %{_mandir}/man5/dhcp-options.5.gz -%ghost %{_mandir}/man5/dhcp-eval.5.gz +%{_mandir}/man5/dhclient.conf.5.gz +%{_mandir}/man5/dhclient.leases.5.gz +%{_mandir}/man8/dhclient.8.gz +%{_mandir}/man8/dhclient-script.8.gz +%{_mandir}/man5/dhcp-options.5.gz +%{_mandir}/man5/dhcp-eval.5.gz %files devel %defattr(-,root,root,-) @@ -318,6 +335,19 @@ exit 0 %{_libdir}/libdhcp4client.so %changelog +* Thu Mar 01 2007 David Cantrell - 12:3.0.5-24 +- Include contrib/ subdirectory in /usr/share/doc (#230476) +- Added back Requires for perl since dhcpd-conf-to-ldap needs it (#225691) +- Put copies of dhcp-options and dhcp-eval man pages in the dhcp and + dhclient packages rather than having the elaborate symlink collection +- Explicitly name man pages in the %%files listings +- Use the %%{_sysconfdir} and %%{_initrddir} macros (#225691) +- Use macros for commands in %%build and %%install +- Split README.ldap, draft-ietf-dhc-ldap-schema-01.txt, and + dhcpd-conf-to-ldap.pl out of the LDAP patch +- Split linux.dbus-example script out of the extended new option info patch +- Remove unnecessary changes from the Makefile patch + * Wed Feb 28 2007 David Cantrell - 12:3.0.5-23 - Update Xen partial checksums patch - Remove perl Requires (#225691) diff --git a/draft-ietf-dhc-ldap-schema-01.txt b/draft-ietf-dhc-ldap-schema-01.txt new file mode 100644 index 0000000..6993664 --- /dev/null +++ b/draft-ietf-dhc-ldap-schema-01.txt @@ -0,0 +1,1089 @@ + + + + + +Network Working Group M. Meredith, +Internet Draft V. Nanjundaswamy, +Document: M. Hinckley +Category: Proposed Standard Novell Inc. +Expires: 15th December 2001 16th June 2001 + + + LDAP Schema for DHCP + +Status of this Memo + +This document is an Internet-Draft and is in full conformance with all +provisions of Section 10 of RFC2026 [ ]. + +Internet-Drafts are working documents of the Internet Engineering Task +Force (IETF), its areas, and its working groups. Note that other groups +may also distribute working documents as Internet-Drafts. Internet- +Drafts are draft documents valid for a maximum of six months and may be +updated, replaced, or obsolete by other documents at any time. It is +inappropriate to use Internet-Drafts as reference material or to cite +them other than as "work in progress." The list of current Internet- +Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The +list of Internet-Draft Shadow Directories can be accessed at +http://www.ietf.org/shadow.html. + +1. Abstract + +This document defines a schema for representing DHCP configuration in an +LDAP directory. It can be used to represent the DHCP Service +configuration(s) for an entire enterprise network, a subset of the +network, or even a single server. Representing DHCP configuration in an +LDAP directory enables centralized management of DHCP services offered +by one or more DHCP Servers within the enterprise. + +2. Conventions used in this document + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", +"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this +document are to be interpreted as described in RFC-2119 [ ]. + +In places where different sets of terminology are commonly used to +represent similar DHCP concepts, this schema uses the terminology of the +Internet Software Consortium's DHCP server reference implementation. +For more information see www.isc.org. + +3. Design Considerations + +The DHCP LDAP schema is designed to be a simple multi-server schema. The + + + +M. Meredith et al. Expires December 2001 [Page 1] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +intent of this schema is to provide a basic framework for representing +the most common elements used in the configuration of DHCP Server. This +should allow other network services to obtain and use basic DHCP +configuration information in a server-independent but knowledgeable way. + +It is expected that some implementations may need to extend the schema +objects, in order to implement all of their features or needs. It is +recommended that you use the schema defined in this draft to represent +DHCP configuration information in an LDAP directory. Conforming to a +standard schema improves interoperability between DHCP implementations +from different vendors. + +Some implementations may choose not to support all of the objects +defined here. + +Two decisions are explicitly left up to each implementation: + +First, implementations may choose not to store the lease information in +the directory, so those objects would not be used. + +Second, implementations may choose not to implement the auditing +information. + +It is up to the implementation to determine if the data in the directory +is considered "authoritative", or if it is simply a copy of data from an +authoritative source. Validity of the information if used as a copy is +to be ensured by the implementation. + +Primarily two types of applications will use the information in this +schema: 1. DHCP servers (for loading their configuration) 2. Management +Interfaces (for defining/editing configurations). + +The schema should be efficient for the needs of both types of +applications. The schema is designed to allow objects managed by DHCP +(such as computers, subnets, etc) to be present anywhere in a directory +hierarchy (to allow those objects to be placed in the directory for +managing administrative control and access to the objects). + +The schema uses a few naming conventions - all object classes and +attributes are prefixed with "dhcp" to decrease the chance that object +classes and attributes will have the same name. The schema also uses +standard naming attributes ("cn", "ou", etc) for all objects. + +4. Common DHCP Configuration Attributes + +Although DHCP manages several different types of objects, the +configuration of those objects is often similar. Consequently, most of +these objects have a common set of attributes, which are defined below. + + + +M. Meredith et al. Expires December 2001 [Page 2] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +4.1. Attributes Definitions + +The schema definitions listed below are for readability. The LDIF +layout for this schema will follow in section 8. + +Name: dhcpPrimaryDN Description: The Distinguished Name of the +dhcpServer object, which is the primary server for the configuration. +Syntax: DN Flags: SINGLE-VALUE + +Named: dhcpSecondaryDN Description: The Distinguished Name(s) of the +dhcpServer object(s), which are secondary servers for the configuration. +Syntax: DN + +Name: dhcpStatements Description: Flexible storage for representing any +specific data depending on the object to which it is attached. Examples +include conditional statements, Server parameters, etc. This also +serves as a 'catch-all' attribute that allows the standard to evolve +without needing to update the schema. Syntax: IA5String + +Name: dhcpRange Description: The starting and ending IP Addresses in the +range (inclusive), separated by a hyphen; if the range only contains one +address, then just the address can be specified with no hyphen. Each +range is defined as a separate value. Syntax: IA5String + +Name: dhcpPermitList Description: This attribute contains the permit +lists associated with a pool. Each permit list is defined as a separate +value. Syntax: IA5String + +Name: dhcpNetMask Description: The subnet mask length for the subnet. +The mask can be easily computed from this length. Syntax: Integer +Flags: SINGLE-VALUE + +Name: dhcpOption Description: Encoded option values to be sent to +clients. Each value represents a single option and contains (OptionTag, +Length, OptionData) encoded in the format used by DHCP. For more +information see [DHCPOPT]. Syntax: OctetString + +Name: dhcpClassData Description: Encoded text string or list of bytes +expressed in hexadecimal, separated by colons. Clients match subclasses +based on matching the class data with the results of a 'match' or 'spawn +with' statement in the class name declarations. Syntax: IA5String +Flags: SINGLE-VALUE + +Name: dhcpSubclassesDN Description: List of subclasses, these are the +actual DN of each subclass object. Syntax: DN + +Name: dhcpClassesDN Description: List of classes, these are the actual +DN of each class object. Syntax: DN + + + +M. Meredith et al. Expires December 2001 [Page 3] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +Name: dhcpSubnetDN Description: List of subnets, these are the actual DN +of each subnet object. Syntax: DN + +Name: dhcpPoolDN Description: List of pools, these are the actual DN of +each Pool object. Syntax: DN + +Name: dhcpOptionsDN Description: List of options, these are the actual +DN of each Options object. Syntax: DN + +Name: dhcpHostDN Description: List of hosts, these are the actual DN of +each host object. Syntax: DN + +Name: dhcpSharedNetworkDN Description: List of shared networks, these +are the actual DN of each shared network object. Syntax: DN + +Name: dhcpGroupDN Description: List of groups, these are the actual DN +of each Group object. Syntax: DN + +Name: dhcpLeaseDN Description: Single Lease DN. A dhcpHost configuration +uses this attribute to identify a static IP address assignment. Syntax: +DN Flags: SINGLE-VALUE + +Name: dhcpLeasesDN Description: List of leases, these are the actual DN +of each lease object. Syntax: DN + +Name: dhcpServiceDN Description: The DN of dhcpService object(s)which +contain the configuration information. Each dhcpServer object has this +attribute identifying the DHCP configuration(s) that the server is +associated with. Syntax: DN + +Name: dhcpHWAddress Description: The hardware address of the client +associated with a lease Syntax: OctetString Flags: SINGLE-VALUE + +Name: dhcpVersion Description: This is the version identified for the +object that this attribute is part of. In case of the dhcpServer object, +this represents the DHCP software version. Syntax: IA5String Flags: +SINGLE-VALUE + +Name: dhcpImplementation Description: DHCP Server implementation +description e.g. DHCP Vendor information. Syntax: IA5String Flags: +SINGLE-VALUE + +Name: dhcpHashBucketAssignment Description: HashBucketAssignment bit map +for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC +3074]. Syntax: Octet String Flags: SINGLE-VALUE + +Name: dhcpDelayedServiceParameter Description: Delay in seconds +corresponding to Delayed Service Parameter configuration, as defined in + + + +M. Meredith et al. Expires December 2001 [Page 4] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +DHC Load Balancing Algorithm [RFC 3074]. Syntax: Integer Flags: SINGLE- +VALUE + +Name: dhcpMaxClientLeadTime Description: Maximum Client Lead Time +configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR] +Syntax: Integer Flags: SINGLE-VALUE + +Name: dhcpFailOverEndpointState Description: Server (Failover Endpoint) +state, as defined in DHCP Failover Protocol [FAILOVR] Syntax: IA5String +Flags: SINGLE-VALUE + +5. Configurations and Services + +The schema definitions below are for readability the LDIF layout for +this schema will follow in section 8. + +The DHC working group is currently considering several proposals for +fail-over and redundancy of DHCP servers. These may require sharing of +configuration information between servers. This schema provides a +generalized mechanism for supporting any of these proposals, by +separating the definition of a server from the definition of +configuration service provided by the server. + +Separating the DHCP Server (dhcpServer) and the DHCP Configuration +(dhcpService) representations allows a configuration service to be +provided by one or more servers. Similarly, a server may provide one or +more configurations. The schema allows a server to be configured as +either a primary or secondary provider of a DHCP configuration. + +Configurations are also defined so that one configuration can include +some of the objects that are defined in another configuration. This +allows for sharing and/or a hierarchy of related configuration items. + +Name: dhcpService Description: Service object that represents the +actual DHCP Service configuration. This will be a container with the +following attributes. Must: cn, dhcpPrimaryDN May: dhcpSecondaryDN, +dhcpSharedNetworkDN, dhcpSubnetDN, dhcpGroupDN, dhcpHostDN, +dhcpClassesDN, dhcpOptionsDN, dhcpStatements + +The following objects could exist inside the dhcpService container: +dhcpSharedNetwork, dhcpSubnet, dhcpGroup, dhcpHost, dhcpClass, +dhcpOptions, dhcpLog + +Name: dhcpServer Description: Server object that the DHCP server will +login as. The configuration information is in the dhcpService container +that the dhcpServiceDN points to. Must: cn, dhcpServiceDN May: +dhcpVersion, dhcpImplementation, dhcpHashBucketAssignment, +dhcpDelayedServiceParameter, dhcpMaxClientLeadTime, + + + +M. Meredith et al. Expires December 2001 [Page 5] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 +dhcpFailOverEndpointState, dhcpStatements + +5.1. DHCP Declaration related classes: + +Name: dhcpSharedNetwork Description: Shared Network class will list what +pools and subnets are in this network. + +This will be a container with the following attributes. Must: cn May: +dhcpSubnetDN, dhcpPoolDN, dhcpOptionsDN, dhcpStatements + +The following objects can exist within a dhcpSharedNetwork container: +dhcpSubnet, dhcpPool, dhcpOptions, dhcpLog + +Name: dhcpSubnet Description: Subnet object will include configuration +information associated with a subnet, including a range and a net mask. + +This will be a container with the following attributes. Must: cn +(Subnet address), dhcpNetMask May: dhcpRange, dhcpPoolDN, dhcpGroupDN, +dhcpHostDN, dhcpClassesDN, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements + +The following objects can exist within a dhcpSubnet container: dhcpPool, +dhcpGroup, dhcpHost, dhcpClass, dhcpOptions, dhcpLease, dhcpLog + +Name: dhcpGroup Description: Group object will have configuration +information associated with a group. + +This will be a container with the following attributes. Must: cn May: +dhcpHostDN, dhcpOptionsDN, dhcpStatements + +The following objects can exist within a dhcpGroup container: dhcpHost, +dhcpOptions + +Name: dhcpHost Description: The host object includes DHCP host +declarations to assign a static IP address or declare the client as +known or specify statements for a specific client. Must: cn May: +dhcpLeaseDN, dhcpHWAddress, dhcpOptionsDN, dhcpStatements + +The following objects can exist within a dhcpHost container: dhcpLease, +dhcpOptions + +Name: dhcpOptions Description: The options class is for option space +declarations, it contains a list of options. Must: cn, dhcpOption + +Name: dhcpClass Description: This is a class to group clients together +based on matching rules. + +This will be a container with the following attributes. Must: cn May: +dhcpSubClassesDN, dhcpOptionsDN, dhcpStatements + +The following object can exist within a dhcpClass container: +dhcpSubclass, dhcpOptions + + + +M. Meredith et al. Expires December 2001 [Page 6] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +Name: dhcpSubClass Description: This includes configuration information +for a subclass associated with a class. The dhcpSubClass object will +always be contained within the corresponding class container object. +Must: cn May: dhcpClassData, dhcpOptionsDN, dhcpStatements + +Name: dhcpPool Description: This contains configuration for a pool that +will have the range of addresses, permit lists and point to classes and +leases that are members of this pool. + +This will be a container that could be contained by dhcpSubnet or a +dhcpSharedNetwork. Must: cn, dhcpRange May: dhcpClassesDN, +dhcpPermitList, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements + +The following objects can exist within a dhcpPool container: dhcpClass, +dhcpOptions, dhcpLease, dhcpLog + +6. Tracking Address Assignments + +The behavior of a DHCP server is influenced by two factors - it's +configuration and the current state of the addresses that have been +assigned to clients. This schema defines a set of objects for +representing the DHCP configuration associated with a server. The +following object classes provide the ability to record how addresses are +used including maintaining history (audit log) on individual leases. +Recording lease information in a directory could result in a significant +performance impact and is therefore optional. Implementations supporting +logging of leases need to consider the performance impact. + +6.1. dhcpLeases Attribute Definitions + +The schema definitions below are for readability the LDIF layout for +this schema will follow in section 8. + +Name: dhcpAddressState Description: This stores information about the +current binding-status of an address. For dynamic addresses managed by +DHCP, the values should be restricted to the states defined in the DHCP +Failover Protocol draft [FAILOVR]: 'FREE', 'ACTIVE', 'EXPIRED', +'RELEASED', 'RESET', 'ABANDONED', 'BACKUP'. For more information on +these states see [FAILOVR]. For other addresses, it SHOULD be one of +the following: 'UNKNOWN', 'RESERVED' (an address that is managed by DHCP +that is reserved for a specific client), 'RESERVED-ACTIVE' (same as +reserved, but address is currently in use), 'ASSIGNED' (assigned +manually or by some other mechanism), 'UNASSIGNED', 'NOTASSIGNABLE'. +Syntax: IA5String Flags: SINGLE-VALUE + +Name: dhcpExpirationTime Description: This is the time the current lease +for an address expires. Syntax: DateTime Flags: SINGLE-VALUE + + + + +M. Meredith et al. Expires December 2001 [Page 7] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +Name: dhcpStartTimeOfState Description: This is the time of the last +state change for a leased address. Syntax: DateTime Flags: SINGLE-VALUE + +Name: dhcpLastTransactionTime Description: This is the last time a valid +DHCP packet was received from the client. Syntax: DateTime Flags: +SINGLE-VALUE + +Name: dhcpBootpFlag Description: This indicates whether the address was +assigned via BOOTP Syntax: Boolean Flags: SINGLE-VALUE + +Name: dhcpDomainName Description: This is the name of the domain sent to +the client by the server. It is essentially the same as the value for +DHCP option 15 sent to the client, and represents only the domain - not +the full FQDN. To obtain the full FQDN assigned to the client you must +prepend the "dhcpAssignedHostName" to this value with a ".". Syntax: +IA5String Flags: SINGLE-VALUE + +Name: dhcpDnsStatus Description: This indicates the status of updating +DNS resource records on behalf of the client by the DHCP server for this +address. The value is a 16-bit bitmask that has the same values as +specified by the Failover-DDNS option (see [FAILOVR]). Syntax: Integer +Flags: SINGLE-VALUE + +Name: dhcpRequestedHostName Description: This is the hostname that was +requested by the client. Syntax: IA5String Flags: SINGLE-VALUE + +Name: dhcpAssignedHostName Description: This is the actual hostname that +was assigned to a client. It may not be the name that was requested by +the client. The fully qualified domain name can be determined by +appending the value of "dhcpDomainName" (with a dot separator) to this +name. Syntax: IA5String Flags: SINGLE-VALUE + +Name: dhcpReservedForClient Description: This is the distinguished name +of the "dhcpHost" that an address is reserved for. This may not be the +same as the "dhcpAssignedToClient" attribute if the address is being +reassigned but the current lease has not yet expired. Syntax: DN Flags: +SINGLE-VALUE + +Name: dhcpAssignedToClient Description: This is the distinguished name +of a "dhcpHost" that an address is currently assigned to. This +attribute is only present in the class when the address is leased. +Syntax: DN Flags: SINGLE-VALUE + +Name: dhcpRelayAgentInfo Description: If the client request was received +via a relay agent, this contains information about the relay agent that +was available from the DHCP request. This is a hex-encoded option +value. Syntax: OctetString Flags: SINGLE-VALUE + +Name: dhcpErrorLog Description: Generic error log attribute that allows +logging error conditions within a dhcpService or a dhcpSubnet, like no IP +addresses available for lease. Syntax: IA5String + +M. Meredith et al. Expires December 2001 [Page 8] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +6.2. dhcpLeases Object Class + +This class represents an IP address. It may or may not be leaseable, +and the object may exist even though a lease is not currently active for +the associated IP address. + +It is recommended that all Lease objects for a single DHCP Service be +centrally located within a single container. This ensures that the lease +objects and the corresponding logs do not have to be relocated, when +address ranges allocated to individual DHCP subnets and/or pools change. + +The schema definitions below are for readability the LDIF layout for +this schema will follow in section 8. + +Name: dhcpLeases Description: This is the object that holds state +information about an IP address. The cn (which is the IP address), and +the current address-state are mandatory attributes. If the address is +assigned then, some of the optional attributes will have valid data. +Must: cn, dhcpAddressState May: dhcpExpirationTime, +dhcpStartTimeOfState, dhcpLastTransactionTime, dhcpBootpFlag, +dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName, +dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient, +dhcpRelayAgentInfo, dhcpHWAddress + +6.3 Audit Log Information + +A dhcpLog object is created whenever a lease is assigned or released. +This object is intended to be created under the corresponding dhcpLeases +container, or dhcpPool, dhcpSubnet, dhcpSharedNetwork or dhcpService +containers. + +The log information under the dhcpLeases container would be for +addresses matching that lease information. The log information in the +other containers could be used for errors, i.e. when a pool or subnet is +out our addresses or if a server is not able to assign any more +addresses for a particular dhcpService. + +Name: dhcpLog Description: This is the object that holds past +information about an IP address. The cn is the time/date stamp when the +address was assigned or released, the address state at the time, if the +address was assigned or released. Must: cn May: dhcpAddressState, +dhcpExpirationTime, dhcpStartTimeOfState, dhcpLastTransactionTime, +dhcpBootpFlag, dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName, +dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient, +dhcpRelayAgentInfo, dhcpHWAddress, dhcpErrorLog + + + + + + +M. Meredith et al. Expires December 2001 [Page 9] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +7. Determining settings + +The dhcpStatements attribute is the key to DHC enhancements that may +come along, and the different key words that a particular server +implementation may use. This attribute can be used to hold conditional +DHCP Statements and DHCP server parameters. Having a generic settings +attribute that is just a string, allows this schema to be extensible and +easy to configure. + +All of the attributes that end with DN are references to the class that +precedes the DN e.g. the dhcpPrimaryDN and dhcpSecondaryDN attributes +hold the Distinguished Names of the dhcpServer objects that are +associated with the dhcpService object. + +8. LDIF format for attributes and classes. + +# Attributes + +( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC +'The DN of the dhcpServer which is the primary server for the +configuration.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'The DN of +dhcpServer(s) which provide backup service for the configuration.' +SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Flexible +storage for specific data depending on what object this exists in. Like +conditional statements, server parameters, etc. This allows the standard +to evolve without needing to adjust the schema.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.26 ) + +( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The starting & +ending IP Addresses in the range (inclusive), separated by a hyphen; if +the range only contains one address, then just the address can be +specified with no hyphen. Each range is defined as a separate value.' +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'This attribute +contains the permit lists associated with a pool. Each permit list is +defined as a separate value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The subnet mask +length for the subnet. The mask can be easily computed from this +length.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encoded option +values to be sent to clients. Each value represents a single option and +contains (OptionTag, Length, OptionValue) encoded in the format used by +DHCP.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) + +M. Meredith et al. Expires December 2001 [Page 10] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Encoded text +string or list of bytes expressed in hexadecimal, separated by colons. +Clients match subclasses based on matching the class data with the +results of match or spawn with statements in the class name +declarations.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The +distinguished name(s) of the dhcpOption objects containing the +configuration options provided by the server.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the distinguished +name(s) of the dhcpHost objects.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The distinguished +name(s) of pools.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The +distinguished name(s) of the groups.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The +distinguished name(s) of the subnets.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The +distinguished name of a client address.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) + +( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The +distinguished name(s) client addresses.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'The +distinguished name(s) of a class(es) in a subclass.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The +distinguished name(s) of subclass(es).' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DESC 'The +distinguished name(s) of sharedNetworks.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'The DN of +dhcpService object(s)which contain the configuration information. Each +dhcpServer object has this attribute identifying the DHCP + + + +M. Meredith et al. Expires December 2001 [Page 11] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +configuration(s) that the server is associated with.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.12 ) + +( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version +attribute of this object.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- +VALUE ) + +( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DESC +'Description of the DHCP Server implementation e.g. DHCP Server's +vendor.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores +information about the current binding-status of an address. For dynamic +addresses managed by DHCP, the values should be restricted to the +following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", +"ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the +following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP +that is reserved for a specific client), "RESERVED-ACTIVE" (same as +reserved, but address is currently in use), "ASSIGNED" (assigned +manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".' +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DESC 'This is +the time the current lease for an address expires.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' DESC 'This is +the time of the last state change for a leased address.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime' DESC 'This +is the last time a valid DHCP packet was received from the client.' +SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'This indicates +whether the address was assigned via BOOTP.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'This is the +name of the domain sent to the client by the server. It is essentially +the same as the value for DHCP option 15 sent to the client, and +represents only the domain - not the full FQDN. To obtain the full FQDN +assigned to the client you must prepend the "dhcpAssignedHostName" to +this value with a ".".' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- +VALUE ) + +( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'This indicates +the status of updating DNS resource records on behalf of the client by + + + +M. Meredith et al. Expires December 2001 [Page 12] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +the DHCP server for this address. The value is a 16-bit bitmask.' +SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This +is the hostname that was requested by the client.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' DESC 'This is +the actual hostname that was assigned to a client. It may not be the +name that was requested by the client. The fully qualified domain name +can be determined by appending the value of "dhcpDomainName" (with a dot +separator) to this name.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- +VALUE ) + +( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The +distinguished name of a "dhcpClient" that an address is reserved for. +This may not be the same as the "dhcpAssignedToClient" attribute if the +address is being reassigned but the current lease has not yet expired.' +SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' DESC 'This is +the distinguished name of a "dhcpClient" that an address is currently +assigned to. This attribute is only present in the class when the +address is leased.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DESC 'If the +client request was received via a relay agent, this contains information +about the relay agent that was available from the DHCP request. This is +a hex-encoded option value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 +SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'The clients +hardware address that requested this IP address.' SYNTAX +1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignment' DESC +'HashBucketAssignment bit map for the DHCP Server, as defined in DHC +Load Balancing Algorithm [RFC 3074].' SYNTAX +1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParameter' DESC +'Delay in seconds corresponding to Delayed Service Parameter +configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' +SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC +'Maximum Client Lead Time configuration in seconds, as defined in DHCP +Failover Protocol [FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + + + +M. Meredith et al. Expires December 2001 [Page 13] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointState' DESC +'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol +[FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC +Generic error log attribute that allows logging error conditions within a +dhcpService or a dhcpSubnet, like no IP addresses available for lease. +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +#Classes + +( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC ' Service object +that represents the actual DHCP Service configuration. This is a +container object.' SUP top MUST (cn $ dhcpPrimaryDN) MAY +(dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ +dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpStatements ) ) + +( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DESC 'This stores +configuration information for a shared network.' SUP top MUST cn MAY +(dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) X- +NDS_CONTAINMENT ('dhcpService' ) ) + +( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'This class defines +a subnet. This is a container object.' SUP top MUST ( cn $ dhcpNetMask ) +MAY (dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ +dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT +('dhcpService' 'dhcpSharedNetwork') ) + +( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This stores +configuration information about a pool.' SUP top MUST ( cn $ dhcpRange ) +MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ +dhcpStatements) X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') ) + +( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Group object that +lists host DNs and parameters. This is a container object.' SUP top MUST +cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONTAINMENT +('dhcpSubnet' 'dhcpService' ) ) + +( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This represents +information about a particular client' SUP top MUST cn MAY (dhcpLeaseDN +$ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT +('dhcpService' 'dhcpSubnet' 'dhcpGroup') ) + +( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Represents +information about a collection of related clients.' SUP top MUST cn MAY +(dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT +('dhcpService' 'dhcpSubnet' ) ) + +( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'Represents +information about a collection of related classes.' SUP top MUST cn MAY +(dhcpClassData $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT + + + +M. Meredith et al. Expires December 2001 [Page 14] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +'dhcpClass' ) + +( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Represents +information about a collection of options defined.' SUP top MUST cn MAY +( dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' +'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) + +( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'This class +represents an IP Address, which may or may not have been leased.' SUP +top MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $ +dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ +dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ +dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ +dhcpRelayAgentInfo $ dhcpHWAddress ) X-NDS_CONTAINMENT ( 'dhcpService' +'dhcpSubnet' 'dhcpPool') ) + +( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This is the object +that holds past information about the IP address. The cn is the +time/date stamp when the address was assigned or released, the address +state at the time, if the address was assigned or released.' SUP top +MUST ( cn ) MAY ( dhcpAddressState $ dhcpExpirationTime $ +dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ +dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ +dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ +dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) X-NDS_CONTAINMENT +('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) ) + +( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'DHCP Server +Object' SUP top MUST (cn, dhcpServiceDN) MAY (dhcpVersion $ +dhcpImplementation $ dhcpHashBucketAssignment $ +dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ +dhcpFailOverEndpointState $ dhcpStatements) X-NDS_CONTAINMENT ('O' 'OU' +'dc') ) + +9. Security Considerations + +Since the DHCP Configuration information is stored in a directory, the +security of the information is limited to the security offered by the +directory including the security of the objects within that directory. + +10. Intellectual Property Rights Notices + +The IETF takes no position regarding the validity or scope of any +intellectual property or other rights that might be claimed to pertain +to the implementation or use of the technology described in this +document or the extent to which any license under such rights might or +might not be available; neither does it represent that it has made any +effort to identify any such rights. Information on the IETF's +procedures with respect to rights in standards-track and standards- + + + +M. Meredith et al. Expires December 2001 [Page 15] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +related documentation can be found in BCP-11. Copies of claims of +rights made available for publication and any assurances of licenses to +be made available, or the result of an attempt made to obtain a general +license or permission for the use of such proprietary rights by +implementors or users of this specification can be obtained from the +IETF Secretariat. + +The IETF invites any interested party to bring to its attention any +copyrights, patents or patent applications, or other proprietary rights +which may cover technology that may be required to practice this +standard. Please address the information to the IETF Executive +Director. + +11. Full Copyright Statement + +Copyright (C) The Internet Society (2001). All Rights Reserved. + +This document and translations of it may be copied and furnished to +others, and derivative works that comment on or otherwise explain it or +assist in its implementation may be prepared, copied, published and +distributed, in whole or in part, without restriction of any kind, +provided that the above copyright notice and this paragraph are included +on all such copies and derivative works. However, this document itself +may not be modified in any way, such as by removing the copyright notice +or references to the Internet Society or other Internet organizations, +except as needed for the purpose of developing Internet standards in +which case the procedures for copyrights defined in the Internet +Standards process must be followed, or as required to translate it into +languages other than English. + +The limited permissions granted above are perpetual and will not be +revoked by the Internet Society or its successors or assigns. + +This document and the information contained herein is provided on an "AS +IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK +FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT +LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT +INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR +FITNESS FOR A PARTICULAR PURPOSE. + +12. References + +[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, +March 1997. + +[RFC2132] Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor +Extensions", RFC 2132, March 1997. + + + + +M. Meredith et al. Expires December 2001 [Page 16] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +[MSDHCP] Gu, Y., Vyaghrapuri, R., "An LDAP Schema for Dynamic Host +Configuration Protocol Service", Internet Draft , August 1998. + +[NOVDHCP] Miller, T., Patel, A., Rao, P., "Lightweight Directory Access +Protocol (v3): Schema for Dynamic Host Configuration Protocol (DHCP)", +Internet Draft , June 1998. + +[FAILOVR] Droms, R., Rabil, G., Dooley, M., Kapur, A., Gonczi, S., Volz, +B., "DHCP Failover Protocol", Internet Draft , July 2000. + +[RFC 3074] Volz B., Gonczi S., Lemon T., Stevens R., "DHC Load Balancing +Algorithm", February 2001 + +[AGENT] Patrick, M., "DHCP Relay Agent Information Option", Internet +Draft , March 2000. + +[DHCPOPT] Carney, M., "New Option Review Guidelines and Additional +Option Namespace", Internet Draft , October 1999. + +[POLICY] Strassner, J., Elleson, E., Moore, B., "Policy Framework LDAP +Core Schema", Internet Draft , +November 1999. + +[RFC2251] Wahl, M., Howes, T., Kille, S., "Lightweight Directory Access +Protocol (v3)", RFC 2251, December 1997. + +[RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., "Lightweight +Directory Access Protocol (v3) Attribute Syntax Definitions", RFC 2252, +December 1997. + +[RFC2255] Howes, T., Smith, M., "The LDAP URL Format", RFC 2255, +December 1997. + +[RFC951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC 951, +September 1985. + +[RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement +Levels", RFC 2119, March 1997. + +13. Acknowledgments + +This work is partially based on a previous draft draft-ietf-dhc- +schema-02.doc. + + + + + +M. Meredith et al. Expires December 2001 [Page 17] + + + + + +INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001 + + +14. Author's Addresses + +Comments regarding this draft may be sent to the authors at the +following address: + +Mark Meredith +Mark Hinckley +Novell Inc. +1800 S. Novell Place +Provo, Utah 84606 + +Vijay K. Nanjundaswamy +Novell Software Development (I) Ltd +49/1 & 49/3, Garvebhavi Palya, +7th Mile, Hosur Road +Bangalore 560068 + +email: mark_meredith@novell.com +email: knvijay@novell.com +email: mhinckley@novell.com + +This Internet Draft expires December 16, 2001. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +M. Meredith et al. Expires December 2001 [Page 18] + + + + diff --git a/linux.dbus-example b/linux.dbus-example new file mode 100755 index 0000000..1ee9e0d --- /dev/null +++ b/linux.dbus-example @@ -0,0 +1,223 @@ +#!/bin/bash +# dhclient-script for Linux. Dan Halbert, March, 1997. +# Updated for Linux 2.[12] by Brian J. Murrell, January 1999. +# No guarantees about this. I'm a novice at the details of Linux +# networking. + +# Notes: + +# 0. This script is based on the netbsd script supplied with dhcp-970306. + +# 1. ifconfig down apparently deletes all relevant routes and flushes +# the arp cache, so this doesn't need to be done explicitly. + +# 2. The alias address handling here has not been tested AT ALL. +# I'm just going by the doc of modern Linux ip aliasing, which uses +# notations like eth0:0, eth0:1, for each alias. + +# 3. I have to calculate the network address, and calculate the broadcast +# address if it is not supplied. This might be much more easily done +# by the dhclient C code, and passed on. + +# 4. TIMEOUT not tested. ping has a flag I don't know, and I'm suspicious +# of the $1 in its args. + +if [ -n "${dhc_dbus}" ]; then + /bin/dbus-send \ + --system --dest=com.redhat.dhcp --type=method_call \ + /com/redhat/dhcp/$interface com.redhat.dhcp.set \ + 'string:'"`env | /bin/egrep -v '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"; + if (( ( dhc_dbus & 31 ) == 31 )); then + exit 0; + fi; +fi; + +make_resolv_conf() { + if [ "x$new_domain_name" != x ] && [ x"$new_domain_name_servers" != x ]; then + echo search $new_domain_name >/etc/resolv.conf + chmod 644 /etc/resolv.conf + for nameserver in $new_domain_name_servers; do + echo nameserver $nameserver >>/etc/resolv.conf + done + fi +} + +# Must be used on exit. Invokes the local dhcp client exit hooks, if any. +exit_with_hooks() { + exit_status=$1 + if [ -f /etc/dhclient-exit-hooks ]; then + . /etc/dhclient-exit-hooks + fi +# probably should do something with exit status of the local script + exit $exit_status +} + +# Invoke the local dhcp client enter hooks, if they exist. +if [ -f /etc/dhclient-enter-hooks ]; then + exit_status=0 + . /etc/dhclient-enter-hooks + # allow the local script to abort processing of this state + # local script must set exit_status variable to nonzero. + if [ $exit_status -ne 0 ]; then + exit $exit_status + fi +fi + +release=`uname -r` +release=`expr $release : '\(.*\)\..*'` +relminor=`echo $release |sed -e 's/[0-9]*\.\([0-9][0-9]*\)\(\..*\)*$/\1/'` +relmajor=`echo $release |sed -e 's/\([0-9][0-9]*\)\..*$/\1/'` + +if [ x$new_broadcast_address != x ]; then + new_broadcast_arg="broadcast $new_broadcast_address" +fi +if [ x$old_broadcast_address != x ]; then + old_broadcast_arg="broadcast $old_broadcast_address" +fi +if [ x$new_subnet_mask != x ]; then + new_subnet_arg="netmask $new_subnet_mask" +fi +if [ x$old_subnet_mask != x ]; then + old_subnet_arg="netmask $old_subnet_mask" +fi +if [ x$alias_subnet_mask != x ]; then + alias_subnet_arg="netmask $alias_subnet_mask" +fi + +if [ x$reason = xMEDIUM ]; then + # Linux doesn't do mediums (ok, ok, media). + exit_with_hooks 0 +fi + +if [ x$reason = xPREINIT ]; then + if [ x$alias_ip_address != x ]; then + # Bring down alias interface. Its routes will disappear too. + ifconfig $interface:0- inet 0 + fi + if [ $relmajor -lt 2 ] || ( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ) + then + ifconfig $interface inet 0.0.0.0 netmask 0.0.0.0 \ + broadcast 255.255.255.255 up + # Add route to make broadcast work. Do not omit netmask. + route add default dev $interface netmask 0.0.0.0 + else + ifconfig $interface 0 up + fi + + # We need to give the kernel some time to get the interface up. + sleep 1 + + exit_with_hooks 0 +fi + +if [ x$reason = xARPCHECK ] || [ x$reason = xARPSEND ]; then + exit_with_hooks 0 +fi + +if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \ + [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then + current_hostname=`hostname` + if [ x$current_hostname = x ] || \ + [ x$current_hostname = x$old_host_name ]; then + if [ x$current_hostname = x ] || \ + [ x$new_host_name != x$old_host_name ]; then + hostname $new_host_name + fi + fi + + if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then + if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \ + [ x$alias_ip_address != x$old_ip_address ]; then + # Possible new alias. Remove old alias. + ifconfig $interface:0- inet 0 + fi + if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then + # IP address changed. Bringing down the interface will delete all routes, + # and clear the ARP cache. + ifconfig $interface inet 0 down + + fi + fi + if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \ + [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then + if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then + ifconfig $interface inet $new_ip_address $new_subnet_arg \ + $new_broadcast_arg + fi + if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 4 ) != 4 )); then + # Add a network route to the computed network address. + if [ $relmajor -lt 2 ] || \ + ( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ); then + route add -net $new_network_number $new_subnet_arg dev $interface + fi + for router in $new_routers; do + route add default gw $router + done + fi + fi + if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then + if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ]; + then + ifconfig $interface:0- inet 0 + ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg + route add -host $alias_ip_address $interface:0 + fi + fi + if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 1 ) != 1 )); then + make_resolv_conf + fi + exit_with_hooks 0 +fi + +if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then +if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \ + || [ x$reason = xSTOP ]; then + if [ x$alias_ip_address != x ]; then + # Turn off alias interface. + ifconfig $interface:0- inet 0 + fi + if [ x$old_ip_address != x ]; then + # Shut down interface, which will delete routes and clear arp cache. + ifconfig $interface inet 0 down + fi + if [ x$alias_ip_address != x ]; then + ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg + route add -host $alias_ip_address $interface:0 + fi + exit_with_hooks 0 +fi +fi + +if [ x$reason = xTIMEOUT ]; then + if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then + if [ x$alias_ip_address != x ]; then + ifconfig $interface:0- inet 0 + fi + ifconfig $interface inet $new_ip_address $new_subnet_arg \ + $new_broadcast_arg + fi + set $new_routers + ############## what is -w in ping? + if ping -q -c 1 $1; then + if [ x$new_ip_address != x$alias_ip_address ] && \ + [ x$alias_ip_address != x ]; then + ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg + route add -host $alias_ip_address dev $interface:0 + fi + if [ $relmajor -lt 2 ] || \ + ( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ); then + route add -net $new_network_number + fi + for router in $new_routers; do + route add default gw $router + done + make_resolv_conf + exit_with_hooks 0 + fi + if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then + ifconfig $interface inet 0 down + fi + exit_with_hooks 1 +fi + +exit_with_hooks 0