1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## dhcp-3.1.0-ldap.dpatch by <jredrejo@edu.juntaextremadura.net>
4
## All lines beginning with `## DP:' are a description of the patch.
5
## DP: Patch to use ldap as a backend for dhcp3 server
6
## DP: These are the files with documentation and utils
7
## DP: This patch is deeply based on the Brian Masney <masneyb@ntelos.net> work
11
diff -urNad dhcp3-3.1.0.orig/Changelog-LDAP dhcp3-3.1.0/Changelog-LDAP
12
--- dhcp3-3.1.0.orig/Changelog-LDAP 1970-01-01 01:00:00.000000000 +0100
13
+++ dhcp3-3.1.0/Changelog-LDAP 2008-02-20 13:21:26.000000000 +0100
15
+2008-2-8 José L. Redrejo <jredrejo@edu.juntaextremadura.net>
16
+ * includes/dhcpd.h: fixed SV_LDAP_ values according to server/stables.c
17
+ * server/ldap.c : fixed sprintf call
19
+2007-2-23 Brian Masney <masneyb@ntelos.net>
20
+ * contrib/dhcpd-conf-to-ldap.pl - fixed a parsing bug in which
21
+ didn't handle correctly quoted string containing spaces.
22
+ (Rapha?l Luta <raphael.luta@aptiwan.com>)
24
+ * dst/Makefile.dist server/Makefile.dist site.conf - updated build
25
+ method when using -lssl.
26
+ (from Marius Tomaschewski <mt@suse.de>)
28
+ * server/ldap.c - fix for ldap_read_function to avoid returning
29
+ empty strings (skipped host declaration from ldap) that are causing
30
+ parsing errors in ldap-dynamic mode.
31
+ (from Marius Tomaschewski <mt@suse.de>)
33
+ * includes/dhcpd.h README.ldap server/dhcpd.c server/ldap.c
34
+ server/stables.c - added ldap-ssl <off|start_tls|ldaps|on> option and
35
+ several ldap-tls* options, that are described in the "man ldap.conf".
36
+ (from Marius Tomaschewski <mt@suse.de>)
38
+ * includes/dhcpd.h server/ldap.c server/stables.c - added ldap-referrals
39
+ <on|off> option. Also implemented a LDAP rebuind function
40
+ (from Kalyan <skalyanasundaram@novell.com>)
42
+ * includes/dhcpd.h server/ldap.c server/stables.c - renamed dhcpd.conf
43
+ option ldap-server-cn to ldap-dhcp-server-cn
44
+ (from Marius Tomaschewski <mt@suse.de>)
46
+ * contrib/dhcp.schema - schema updates
47
+ (from Kalyan <skalyanasundaram@novell.com>)
49
+ * server/ldap.c server/ldap_casa.c - CASA support fixes
50
+ (from Marius Tomaschewski <mt@suse.de>)
52
+ * server/ldap.c - added strncat() fix
53
+ (from Marius Tomaschewski <mt@suse.de>)
55
+2006-12-15 Brian Masney <masneyb@ntelos.net>
56
+ * server/ldap.c (ldap_read_config) - unbind from the LDAP server after
57
+ the config file has been ran if the server is being ran in static mode
58
+ (from Tomas Hoger <thoger@pobox.sk>)
60
+ * server/ldap.c (ldap_read_function) - fixed bug where the entire
61
+ configuration was not being processed in the LDAP directory.
63
+ * server/ldap.c - added the following functions for reading values
64
+ from the config file: _do_lookup_dhcp_string_option(),
65
+ _do_lookup_dhcp_int_option() and _do_lookup_dhcp_enum_option(). This
66
+ helped to clean up ldap_start() start a bit. Also, various small
67
+ formatting changes to the code.
69
+2006-12-15 Marius Tomaschewski <mt@suse.de>
70
+ * Changelog-LDAP - Added / changed some of entries in
71
+ Changelog-LDAP, e.g. changes to the dhcpServer and
72
+ dhcpService objectclasses in schema file was not mentioned.
74
+ * server/ldap.c Some a little bit paranoid checks to strchr results
75
+ in the group patch, avoided allocation of groupname using snprintf
76
+ with a "%.*s" format.
78
+ * server/ldap.c - Readded FIXME comment about one space in
81
+ * server/ldap.c Changed "dhcpdnsZone" and "dhcpdnszoneServer" into
82
+ "dhcpDnsZone" and "dhcpDnsZoneServer".
84
+ * Fixed memory leak in ldap_parse_zone (dfree of keyCn), added checks
85
+ for dmalloc and strchr results.
87
+ * ldap_casa.c, ldap_casa.h - surrounded content of ldap_casa.h and
88
+ ldap_casa.c with if defined(LDAP_CASA_AUTH).
90
+ * contrib/dhcp.schema - Reverted the equality change for dhcpOption.
91
+ The dhcp options are case-insensitive in dhcpd.conf.
93
+ * Changed "dhcpdnsZone" and "dhcpdnszoneServer" into "dhcpDnsZone"
94
+ and "dhcpDnsZoneServer".
96
+ * Changed "FQDNs" into "DNs" in dhcpLocatorDN description (DN is already
97
+ absolute, RDN is relative DN, FQDN means a full qualified domain name).
99
+2006-12-15 Kalyan <skalyanasundaram@novell.com>
100
+ * includes/ldap_casa.h server/ldap_casa.c - updated to support CASA
103
+2006-8-15 Kalyan <skalyanasundaram@novell.com>
104
+ * server/ldap.c (ldap_parse_options) - fetch option from the group
105
+ if the host belongs to that group in the dynamic method.
107
+ * contrib/dhcp.schema - modified dhcpServiceDN attribute in dhcpServer
108
+ objectclasses to be optional instead of mandatory
110
+ * contrib/dhcp.schema - modified dhcpPrimaryDN attribute in dhcpService
111
+ objectclasses to be optional instead of mandatory
113
+ * contrib/dhcp.schema - schema has been updated with
114
+ new objectclasses dhcpLocator,dhcpTsigKey,dhcpdnsZone,dhcpFailOver and
117
+ * contrib/dhcp.schema - dhcpHWAddress's equality has been modified to
118
+ caseIgnoreIA5Match.
120
+ * server/ldap.c - added support for reading the dhcpTsigKey and
121
+ dhcpdnsZone objects.
123
+ * server/ldap.c (ldap_parse_options) Fetch option from the group if
124
+ the host belongs to that group in the dynamic method.
126
+ * server/ldap.c - CASA authentication is enabled.
128
+ * server/ldap.c - introduced new attribute ldap-server-cn to mention
129
+ the dhcpServer object name in configuration.
131
+2006-7-17 Brian Masney <masneyb@ntelos.net>
132
+ * server/ldap.c (ldap_read_function) - fixes for reading the data
133
+ from the LDAP tree in some cases (patch from
134
+ Darrin Smith <beldin@beldin.org>)
136
+2006-3-17 Brian Masney <masneyb@ntelos.net>
137
+ * server/ldap.c (ldap_read_function) - added patch from
138
+ Dmitriy Bogun <kabanyura@gmail.com>. This patch fixes a bug when
139
+ EOF wasn't returned in some cases.
141
+2005-9-26 Brian Masney <masneyb@ntelos.net>
142
+ * server/ldap.c (ldap_start) - added support for reading the
143
+ ldap-port option. This option was not being used.
145
+2005-5-24 Brian Masney <masneyb@ntelos.net>
146
+ * server/ldap.c (ldap_parse_host) - allow dhcpHost entries that do
147
+ not have a hardware address associated with them
149
+2005-4-11 Brian Masney <masneyb@ntelos.net>
150
+ * README.ldap - updated directions on how to use LDAP over SSL on
153
+2005-2-23 Brian Masney <masneyb@ntelos.net>
154
+ * server/ldap.c (ldap_generate_config_string) - do a case insensitive
155
+ string comparsion when comparing the object classes
157
+2004-11-8 Brian Masney <masneyb@ntelos.net>
158
+ * debian/control - updated the depends and build-depends line
159
+ (from Andrew Pollock <me@andrew.net.au>)
161
+2004-10-13 Brian Masney <masneyb@ntelos.net>
162
+ * server/ldap.c (ldap_start) - allow doing an anonymous bind to the
165
+2004-9-27 Brian Masney <masneyb@ntelos.net>
166
+ * contrib/dhcpd-conf-to-ldap.pl - make sure the DHCP hardware address
167
+ is always lowercased
169
+2004-7-30 Brian Masney <masneyb@ntelos.net>
170
+ * server/ldap.c - added more debbuging statements. Fixed possible crash
171
+ that could occur whenever more than 1 external DN is added to an LDAP
172
+ entry. Fixed possible infinite loop when reading the external DNs.
173
+ (from Sebastian Hetze <s.hetze@linux-ag.de>)
175
+2004-7-1 Brian Masney <masneyb@ntelos.net>
176
+ * README.ldap - updated build instructions paragraph
177
+ (from Mason Schmitt <sysadmin@sunwave.net>)
179
+2004-6-29 Brian Masney <masneyb@ntelos.net>
180
+ * debian/control - set the minimum required version of the DHCP server
183
+ * configure - fix for sed when configure was run from an older shell
185
+2004-6-22 Brian Masney <masneyb@ntelos.net>
186
+ * Updated patch to use ISC DHCP 3.0.1rc14
188
+2004-5-24 Brian Masney <masneyb@ntelos.net>
189
+ * server/ldap.c - don't append a ; to the end of a dhcpStatement if it
192
+ * server/ldap.c contrib/dhcpd-conf-to-ldap.pl - support having multiple
193
+ dhcpRange statements (from Marco D'Ettorre <marco.dettorre@sys-net.it>)
195
+2004-5-5 Brian Masney <masneyb@ntelos.net>
196
+ * server/ldap.c - added more debugging statements when
197
+ it is compiled in to help troubleshoot parsing errors. Don't free
198
+ a LDAP connection prematurely when there is a reference to another
199
+ LDAP tree. If the config entry ends in }, make sure a ; gets tacked
202
+ * debian/* - Updated version number. Renamed package from
203
+ dhcp3-ldap-ntelos to dhcp3-server-ldap.
205
+ * server/ldap.c - enclose the shared-network name in quotes so
206
+ that there can be shared network statements in LDAP that have spaces
209
+ * configure - after the work directory is setup, add -lldap -llber
210
+ to the server Makefile
212
+Wed Apr 21 15:09:08 CEST 2004 - mt@suse.de
213
+ * contrib/dhcpd-conf-to-ldap.pl:
214
+ - added "--conf=file" option usable instead of stdin
215
+ - added "--ldif=file" option usable instead of stdout
216
+ - added "--second=host|dn" option usefull for failover
217
+ - added "--use=feature" option to enable extended features;
218
+ currently used to enable failover (default is disabled).
219
+ - extended remaining_line() to support block statements
220
+ - fixed / improved failover support, added notes about
223
+ - moved code checking statement ends to check_statement_end()
224
+ - moved parsing of entry options/statements to
225
+ ldap_parse_entry_options()
226
+ - moved code closing debug fd into ldap_close_debug_fd()
227
+ - moved code writing to debug fd into ldap_write_debug()
228
+ - added support for full hostname in dhcpServer search filter
229
+ - added support for multiple dhcpService entries in dhcpServer object
230
+ - added parsing of options and statements for dhcpServer object
231
+ - added verify if dhcpService contains server dn as primary or
233
+ - changed to search for dhcpHost,dhcpSubClass bellow of all
234
+ dhcpService trees instead of base-dn (avoids finding of hosts in
236
+ - fixes to free all dn's fetched by ldap_get_dn (e.g. debug output)
237
+ - fixes to free ldap results, mainly in cases where no LDAP_SUCCESS
238
+ returned or other error conditions happened
239
+ - fixed/improved some log messages
241
+2004-3-30 Brian Masney <masneyb@ntelos.net>
242
+ * contrib/dhcpd-conf-to-ldap.pl - added option to control the
243
+ DHCP Config DN. Wrap the DHCP Statements in { }
244
+ This patch was contributed by Marius Tomaschewski <mt@suse.de>
246
+ * server/ldap.c - changed ldap_username and ldap_password to
247
+ be optional (anonymous bind is used then). Added {} block support
248
+ to dhcpStatements. (no ";" at end if statement ends with a "}").
249
+ Fixed writing to ldap-debug-file. Changed find_haddr_in_ldap() to
250
+ use dhcpHost objectClass in its filter
251
+ This patch was contributed by Marius Tomaschewski <mt@suse.de>
253
+2004-3-23 Brian Masney <masneyb@ntelos.net>
254
+ * contrib/dhcpd-conf-to-ldap.pl - added options for server, basedn
255
+ options and usage message (Net::Domain instead of SYS::Hostname).
256
+ Added handling of zone, authoritative and failover (config and
257
+ pool-refs) statements. Added numbering of groups and pools per
258
+ subnet. This patch was contributed by Marius Tomaschewski <mt@suse.de>
260
+2004-2-26 Brian Masney <masneyb@ntelos.net>
261
+ * fixed an instance where the LDAP server would restart, but the DHCP
262
+ server would not reconnect
264
+2004-2-18 Brian Masney <masneyb@ntelos.net>
265
+ * allow multiple dhcp*DN entries in the LDAP entry.
267
+2003-9-11 Brian Masney <masneyb@ntelos.net>
268
+ * updated patch to work with 3.0.1rc12
270
diff -urNad dhcp3-3.1.0.orig/contrib/dhcpd-conf-to-ldap.pl dhcp3-3.1.0/contrib/dhcpd-conf-to-ldap.pl
271
--- dhcp3-3.1.0.orig/contrib/dhcpd-conf-to-ldap.pl 1970-01-01 01:00:00.000000000 +0100
272
+++ dhcp3-3.1.0/contrib/dhcpd-conf-to-ldap.pl 2008-02-20 13:21:26.000000000 +0100
276
+# Brian Masney <masneyb@ntelos.net>
277
+# To use this script, set your base DN below. Then run
278
+# ./dhcpd-conf-to-ldap.pl < /path-to-dhcpd-conf/dhcpd.conf > output-file
279
+# The output of this script will generate entries in LDIF format. You can use
280
+# the slapadd command to add these entries into your LDAP server. You will
281
+# definately want to double check that your LDAP entries are correct before
282
+# you load them into LDAP.
284
+# This script does not do much error checking. Make sure before you run this
285
+# that the DHCP server doesn't give any errors about your config file
288
+# Failover is disabled by default, since it may need manually intervention.
289
+# You can try the '--use=failover' option to see what happens :-)
291
+# If enabled, the failover pool references will be written to LDIF output.
292
+# The failover configs itself will be added to the dhcpServer statements
293
+# and not to the dhcpService object (since this script uses only one and
294
+# it may be usefull to have multiple service containers in failover mode).
295
+# Further, this script does not check if primary or secondary makes sense,
296
+# it simply converts what it gets...
298
+use Net::Domain qw(hostname hostfqdn hostdomain);
301
+my $domain = hostdomain(); # your.domain
302
+my $basedn = "dc=".$domain;
303
+ $basedn =~ s/\./,dc=/g; # dc=your,dc=domain
304
+my $server = hostname(); # hostname (nodename)
305
+my $dhcpcn = 'DHCP Config'; # CN of DHCP config tree
306
+my $dhcpdn = "cn=$dhcpcn, $basedn"; # DHCP config tree DN
307
+my $second = ''; # secondary server DN / hostname
308
+my $i_conf = ''; # dhcp.conf file to read or stdin
309
+my $o_ldif = ''; # output ldif file name or stdout
310
+my @use = (); # extended flags (failover)
317
+ print STDERR "Error: $err\n\n" if(defined $err);
318
+ print STDERR <<__EOF_USAGE__;
320
+ $0 [options] < dhcpd.conf > dhcpd.ldif
324
+ --basedn "dc=your,dc=domain" ("$basedn")
326
+ --dhcpdn "dhcp config DN" ("$dhcpdn")
328
+ --server "dhcp server name" ("$server")
330
+ --second "secondary server or DN" ("$second")
332
+ --conf "/path/to/dhcpd.conf" (default is stdin)
333
+ --ldif "/path/to/output.ldif" (default is stdout)
335
+ --use "extended features" (see source comments)
343
+ local ($lowercase) = @_;
344
+ local ($token, $newline);
348
+ if (!defined ($line) || length ($line) == 0)
351
+ return undef if !defined ($line);
361
+ while (length ($line) == 0);
363
+ if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
365
+ if ($token =~ /^"/) {
366
+ #handle quoted token
367
+ if ($token !~ /"\s*$/)
369
+ ($tok, $newline) = $newline =~ /([^"]+")(.*)/;
382
+ $token =~ y/[A-Z]/[a-z]/ if $lowercase;
390
+ local ($block) = shift || 0;
391
+ local ($tmp, $str);
394
+ while (defined($tmp = next_token (0)))
396
+ $str .= ' ' if !($str eq "");
398
+ last if $tmp =~ /;\s*$/;
399
+ last if($block and $tmp =~ /\s*[}{]\s*$/);
412
+ $current_dn = "$dn, $current_dn";
417
+remove_dn_from_stack
419
+ $current_dn =~ s/^.*?,\s*//;
426
+ print "Parse error on line number $line_number at token number $token_number\n";
434
+ return if (scalar keys %curentry == 0);
436
+ if (!defined ($curentry{'type'}))
438
+ $hostdn = "cn=$server, $basedn";
439
+ print "dn: $hostdn\n";
440
+ print "cn: $server\n";
441
+ print "objectClass: top\n";
442
+ print "objectClass: dhcpServer\n";
443
+ print "dhcpServiceDN: $current_dn\n";
444
+ if(grep(/FaIlOvEr/i, @use))
446
+ foreach my $fo_peer (keys %failover)
448
+ next if(scalar(@{$failover{$fo_peer}}) <= 1);
449
+ print "dhcpStatements: failover peer $fo_peer { ",
450
+ join('; ', @{$failover{$fo_peer}}), "; }\n";
455
+ print "dn: $current_dn\n";
456
+ print "cn: $dhcpcn\n";
457
+ print "objectClass: top\n";
458
+ print "objectClass: dhcpService\n";
459
+ if (defined ($curentry{'options'}))
461
+ print "objectClass: dhcpOptions\n";
463
+ print "dhcpPrimaryDN: $hostdn\n";
464
+ if(grep(/FaIlOvEr/i, @use) and ($second ne ''))
466
+ print "dhcpSecondaryDN: $second\n";
469
+ elsif ($curentry{'type'} eq 'subnet')
471
+ print "dn: $current_dn\n";
472
+ print "cn: " . $curentry{'ip'} . "\n";
473
+ print "objectClass: top\n";
474
+ print "objectClass: dhcpSubnet\n";
475
+ if (defined ($curentry{'options'}))
477
+ print "objectClass: dhcpOptions\n";
480
+ print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
481
+ if (defined ($curentry{'ranges'}))
483
+ foreach $statement (@{$curentry{'ranges'}})
485
+ print "dhcpRange: $statement\n";
489
+ elsif ($curentry{'type'} eq 'shared-network')
491
+ print "dn: $current_dn\n";
492
+ print "cn: " . $curentry{'descr'} . "\n";
493
+ print "objectClass: top\n";
494
+ print "objectClass: dhcpSharedNetwork\n";
495
+ if (defined ($curentry{'options'}))
497
+ print "objectClass: dhcpOptions\n";
500
+ elsif ($curentry{'type'} eq 'group')
502
+ print "dn: $current_dn\n";
503
+ print "cn: group", $curentry{'idx'}, "\n";
504
+ print "objectClass: top\n";
505
+ print "objectClass: dhcpGroup\n";
506
+ if (defined ($curentry{'options'}))
508
+ print "objectClass: dhcpOptions\n";
511
+ elsif ($curentry{'type'} eq 'host')
513
+ print "dn: $current_dn\n";
514
+ print "cn: " . $curentry{'host'} . "\n";
515
+ print "objectClass: top\n";
516
+ print "objectClass: dhcpHost\n";
517
+ if (defined ($curentry{'options'}))
519
+ print "objectClass: dhcpOptions\n";
522
+ if (defined ($curentry{'hwaddress'}))
524
+ $curentry{'hwaddress'} =~ y/[A-Z]/[a-z]/;
525
+ print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
528
+ elsif ($curentry{'type'} eq 'pool')
530
+ print "dn: $current_dn\n";
531
+ print "cn: pool", $curentry{'idx'}, "\n";
532
+ print "objectClass: top\n";
533
+ print "objectClass: dhcpPool\n";
534
+ if (defined ($curentry{'options'}))
536
+ print "objectClass: dhcpOptions\n";
539
+ if (defined ($curentry{'ranges'}))
541
+ foreach $statement (@{$curentry{'ranges'}})
543
+ print "dhcpRange: $statement\n";
547
+ elsif ($curentry{'type'} eq 'class')
549
+ print "dn: $current_dn\n";
550
+ print "cn: " . $curentry{'class'} . "\n";
551
+ print "objectClass: top\n";
552
+ print "objectClass: dhcpClass\n";
553
+ if (defined ($curentry{'options'}))
555
+ print "objectClass: dhcpOptions\n";
558
+ elsif ($curentry{'type'} eq 'subclass')
560
+ print "dn: $current_dn\n";
561
+ print "cn: " . $curentry{'subclass'} . "\n";
562
+ print "objectClass: top\n";
563
+ print "objectClass: dhcpSubClass\n";
564
+ if (defined ($curentry{'options'}))
566
+ print "objectClass: dhcpOptions\n";
568
+ print "dhcpClassData: " . $curentry{'class'} . "\n";
571
+ if (defined ($curentry{'statements'}))
573
+ foreach $statement (@{$curentry{'statements'}})
575
+ print "dhcpStatements: $statement\n";
579
+ if (defined ($curentry{'options'}))
581
+ foreach $statement (@{$curentry{'options'}})
583
+ print "dhcpOption: $statement\n";
594
+ local ($netmask) = @_;
597
+ if ((($a, $b, $c, $d) = $netmask =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) != 4)
602
+ $num = (($a & 0xff) << 24) |
603
+ (($b & 0xff) << 16) |
604
+ (($c & 0xff) << 8) |
607
+ for ($i=1; $i<=32 && $num & (1 << (32 - $i)); $i++)
618
+ local ($ip, $tmp, $netmask);
620
+ print_entry () if %curentry;
622
+ $ip = next_token (0);
623
+ parse_error () if !defined ($ip);
625
+ $tmp = next_token (1);
626
+ parse_error () if !defined ($tmp);
627
+ parse_error () if !($tmp eq 'netmask');
629
+ $tmp = next_token (0);
630
+ parse_error () if !defined ($tmp);
631
+ $netmask = parse_netmask ($tmp);
633
+ $tmp = next_token (0);
634
+ parse_error () if !defined ($tmp);
635
+ parse_error () if !($tmp eq '{');
637
+ add_dn_to_stack ("cn=$ip");
638
+ $curentry{'type'} = 'subnet';
639
+ $curentry{'ip'} = $ip;
640
+ $curentry{'netmask'} = $netmask;
642
+ $curcounter{$ip} = { pool => 0, group => 0 };
646
+sub parse_shared_network
648
+ local ($descr, $tmp);
650
+ print_entry () if %curentry;
652
+ $descr = next_token (0);
653
+ parse_error () if !defined ($descr);
655
+ $tmp = next_token (0);
656
+ parse_error () if !defined ($tmp);
657
+ parse_error () if !($tmp eq '{');
659
+ add_dn_to_stack ("cn=$descr");
660
+ $curentry{'type'} = 'shared-network';
661
+ $curentry{'descr'} = $descr;
667
+ local ($descr, $tmp);
669
+ print_entry () if %curentry;
671
+ $host = next_token (0);
672
+ parse_error () if !defined ($host);
674
+ $tmp = next_token (0);
675
+ parse_error () if !defined ($tmp);
676
+ parse_error () if !($tmp eq '{');
678
+ add_dn_to_stack ("cn=$host");
679
+ $curentry{'type'} = 'host';
680
+ $curentry{'host'} = $host;
686
+ local ($descr, $tmp);
688
+ print_entry () if %curentry;
690
+ $tmp = next_token (0);
691
+ parse_error () if !defined ($tmp);
692
+ parse_error () if !($tmp eq '{');
695
+ if(exists($curcounter{$cursubnet})) {
696
+ $idx = ++$curcounter{$cursubnet}->{'group'};
698
+ $idx = ++$curcounter{''}->{'group'};
701
+ add_dn_to_stack ("cn=group".$idx);
702
+ $curentry{'type'} = 'group';
703
+ $curentry{'idx'} = $idx;
709
+ local ($descr, $tmp);
711
+ print_entry () if %curentry;
713
+ $tmp = next_token (0);
714
+ parse_error () if !defined ($tmp);
715
+ parse_error () if !($tmp eq '{');
718
+ if(exists($curcounter{$cursubnet})) {
719
+ $idx = ++$curcounter{$cursubnet}->{'pool'};
721
+ $idx = ++$curcounter{''}->{'pool'};
724
+ add_dn_to_stack ("cn=pool".$idx);
725
+ $curentry{'type'} = 'pool';
726
+ $curentry{'idx'} = $idx;
732
+ local ($descr, $tmp);
734
+ print_entry () if %curentry;
736
+ $class = next_token (0);
737
+ parse_error () if !defined ($class);
739
+ $tmp = next_token (0);
740
+ parse_error () if !defined ($tmp);
741
+ parse_error () if !($tmp eq '{');
744
+ add_dn_to_stack ("cn=$class");
745
+ $curentry{'type'} = 'class';
746
+ $curentry{'class'} = $class;
752
+ local ($descr, $tmp);
754
+ print_entry () if %curentry;
756
+ $class = next_token (0);
757
+ parse_error () if !defined ($class);
759
+ $subclass = next_token (0);
760
+ parse_error () if !defined ($subclass);
762
+ $tmp = next_token (0);
763
+ parse_error () if !defined ($tmp);
764
+ parse_error () if !($tmp eq '{');
766
+ add_dn_to_stack ("cn=$subclass");
767
+ $curentry{'type'} = 'subclass';
768
+ $curentry{'class'} = $class;
769
+ $curentry{'subclass'} = $subclass;
775
+ local ($type, $hw, $tmp);
777
+ $type = next_token (1);
778
+ parse_error () if !defined ($type);
780
+ $hw = next_token (1);
781
+ parse_error () if !defined ($hw);
784
+ $curentry{'hwaddress'} = "$type $hw";
790
+ local ($tmp, $str);
792
+ $str = remaining_line ();
797
+ push (@{$curentry{'ranges'}}, $str);
804
+ local ($token) = shift;
807
+ if ($token eq 'option')
809
+ $str = remaining_line ();
810
+ push (@{$curentry{'options'}}, $str);
812
+ elsif($token eq 'failover')
814
+ $str = remaining_line (1); # take care on block
817
+ my ($peername, @statements);
819
+ parse_error() if($str !~ /^\s*peer\s+(.+?)\s+[{]\s*$/);
820
+ parse_error() if(($peername = $1) !~ /^\"?[^\"]+\"?$/);
823
+ # failover config block found:
824
+ # e.g. 'failover peer "some-name" {'
826
+ if(not grep(/FaIlOvEr/i, @use))
828
+ print STDERR "Warning: Failover config 'peer $peername' found!\n";
829
+ print STDERR " Skipping it, since failover disabled!\n";
830
+ print STDERR " You may try out --use=failover option.\n";
833
+ until($str =~ /[}]/ or $str eq "")
835
+ $str = remaining_line (1);
836
+ # collect all statements, except ending '}'
837
+ push(@statements, $str) if($str !~ /[}]/);
839
+ $failover{$peername} = [@statements];
844
+ # pool reference to failover config is fine
845
+ # e.g. 'failover peer "some-name";'
847
+ if(not grep(/FaIlOvEr/i, @use))
849
+ print STDERR "Warning: Failover reference '$str' found!\n";
850
+ print STDERR " Skipping it, since failover disabled!\n";
851
+ print STDERR " You may try out --use=failover option.\n";
855
+ push (@{$curentry{'statements'}}, $token. " " . $str);
859
+ elsif($token eq 'zone')
862
+ while($str !~ /}$/) {
863
+ $str .= ' ' . next_token (0);
865
+ push (@{$curentry{'statements'}}, $str);
867
+ elsif($token =~ /^(authoritative)[;]*$/)
869
+ push (@{$curentry{'statements'}}, $1);
873
+ $str = $token . " " . remaining_line ();
874
+ push (@{$curentry{'statements'}}, $str);
879
+my $ok = GetOptions(
880
+ 'basedn=s' => \$basedn,
881
+ 'dhcpdn=s' => \$dhcpdn,
882
+ 'server=s' => \$server,
883
+ 'second=s' => \$second,
884
+ 'conf=s' => \$i_conf,
885
+ 'ldif=s' => \$o_ldif,
887
+ 'h|help|usage' => sub { usage(0); },
890
+unless($server =~ /^\w+/)
892
+ usage(1, "invalid server name '$server'");
894
+unless($basedn =~ /^\w+=[^,]+/)
896
+ usage(1, "invalid base dn '$basedn'");
899
+if($dhcpdn =~ /^cn=([^,]+)/i)
903
+$second = '' if not defined $second;
904
+unless($second eq '' or $second =~ /^cn=[^,]+\s*,\s*\w+=[^,]+/i)
906
+ if($second =~ /^cn=[^,]+$/i)
908
+ # relative DN 'cn=name'
909
+ $second = "$second, $basedn";
911
+ elsif($second =~ /^\w+/)
913
+ # assume hostname only
914
+ $second = "cn=$second, $basedn";
918
+ usage(1, "invalid secondary '$second'")
922
+usage(1) unless($ok);
924
+if($i_conf ne "" and -f $i_conf)
926
+ if(not open(STDIN, '<', $i_conf))
928
+ print STDERR "Error: can't open conf file '$i_conf': $!\n";
936
+ print STDERR "Error: output ldif name '$o_ldif' already exists!\n";
939
+ if(not open(STDOUT, '>', $o_ldif))
941
+ print STDERR "Error: can't open ldif file '$o_ldif': $!\n";
947
+print STDERR "Creating LDAP Configuration with the following options:\n";
948
+print STDERR "\tBase DN: $basedn\n";
949
+print STDERR "\tDHCP DN: $dhcpdn\n";
950
+print STDERR "\tServer DN: cn=$server, $basedn\n";
951
+print STDERR "\tSecondary DN: $second\n"
952
+ if(grep(/FaIlOvEr/i, @use) and $second ne '');
956
+my $token_number = 0;
957
+my $line_number = 0;
960
+my %curcounter = ( '' => { pool => 0, group => 0 } );
962
+$current_dn = "$dhcpdn";
963
+$curentry{'descr'} = $dhcpcn;
967
+while (($token = next_token (1)))
971
+ print_entry () if %curentry;
972
+ if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
973
+ # don't go below dhcpdn ...
974
+ remove_dn_from_stack ();
977
+ elsif ($token eq 'subnet')
982
+ elsif ($token eq 'shared-network')
984
+ parse_shared_network ();
987
+ elsif ($token eq 'class')
992
+ elsif ($token eq 'subclass')
997
+ elsif ($token eq 'pool')
1002
+ elsif ($token eq 'group')
1007
+ elsif ($token eq 'host')
1012
+ elsif ($token eq 'hardware')
1014
+ parse_hwaddress ();
1017
+ elsif ($token eq 'range')
1024
+ parse_statement ($token);
1029
+close(STDIN) if($i_conf);
1030
+close(STDOUT) if($o_ldif);
1032
+print STDERR "Done.\n";
1034
diff -urNad dhcp3-3.1.0.orig/contrib/dhcp.schema dhcp3-3.1.0/contrib/dhcp.schema
1035
--- dhcp3-3.1.0.orig/contrib/dhcp.schema 1970-01-01 01:00:00.000000000 +0100
1036
+++ dhcp3-3.1.0/contrib/dhcp.schema 2008-02-20 13:21:26.000000000 +0100
1038
+attributetype ( 2.16.840.1.113719.1.203.4.1
1039
+ NAME 'dhcpPrimaryDN'
1040
+ EQUALITY distinguishedNameMatch
1041
+ DESC 'The DN of the dhcpServer which is the primary server for the configuration.'
1042
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
1044
+attributetype ( 2.16.840.1.113719.1.203.4.2
1045
+ NAME 'dhcpSecondaryDN'
1046
+ EQUALITY distinguishedNameMatch
1047
+ DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
1048
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1050
+attributetype ( 2.16.840.1.113719.1.203.4.3
1051
+ NAME 'dhcpStatements'
1052
+ EQUALITY caseIgnoreIA5Match
1053
+ DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.'
1054
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1056
+attributetype ( 2.16.840.1.113719.1.203.4.4
1058
+ EQUALITY caseIgnoreIA5Match
1059
+ DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen. Each range is defined as a separate value.'
1060
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1062
+attributetype ( 2.16.840.1.113719.1.203.4.5
1063
+ NAME 'dhcpPermitList'
1064
+ EQUALITY caseIgnoreIA5Match
1065
+ DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.'
1066
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1068
+attributetype ( 2.16.840.1.113719.1.203.4.6
1069
+ NAME 'dhcpNetMask'
1070
+ EQUALITY integerMatch
1071
+ DESC 'The subnet mask length for the subnet. The mask can be easily computed from this length.'
1072
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1074
+attributetype ( 2.16.840.1.113719.1.203.4.7
1076
+ EQUALITY caseIgnoreIA5Match
1077
+ DESC 'Encoded option values to be sent to clients. Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.'
1078
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1080
+attributetype ( 2.16.840.1.113719.1.203.4.8
1081
+ NAME 'dhcpClassData'
1082
+ EQUALITY caseIgnoreIA5Match
1083
+ DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons. Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.'
1084
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1086
+attributetype ( 2.16.840.1.113719.1.203.4.9
1087
+ NAME 'dhcpOptionsDN'
1088
+ EQUALITY distinguishedNameMatch
1089
+ DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.'
1090
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1092
+attributetype ( 2.16.840.1.113719.1.203.4.10
1094
+ EQUALITY distinguishedNameMatch
1095
+ DESC 'the distinguished name(s) of the dhcpHost objects.'
1096
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1098
+attributetype ( 2.16.840.1.113719.1.203.4.11
1100
+ EQUALITY distinguishedNameMatch
1101
+ DESC 'The distinguished name(s) of pools.'
1102
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1104
+attributetype ( 2.16.840.1.113719.1.203.4.12
1105
+ NAME 'dhcpGroupDN'
1106
+ EQUALITY distinguishedNameMatch
1107
+ DESC 'The distinguished name(s) of the groups.'
1108
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1110
+attributetype ( 2.16.840.1.113719.1.203.4.13
1111
+ NAME 'dhcpSubnetDN'
1112
+ EQUALITY distinguishedNameMatch
1113
+ DESC 'The distinguished name(s) of the subnets.'
1114
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1116
+attributetype ( 2.16.840.1.113719.1.203.4.14
1117
+ NAME 'dhcpLeaseDN'
1118
+ EQUALITY distinguishedNameMatch
1119
+ DESC 'The distinguished name of a client address.'
1120
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
1122
+attributetype ( 2.16.840.1.113719.1.203.4.15
1123
+ NAME 'dhcpLeasesDN'
1124
+ DESC 'The distinguished name(s) client addresses.'
1125
+ EQUALITY distinguishedNameMatch
1126
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1128
+attributetype ( 2.16.840.1.113719.1.203.4.16
1129
+ NAME 'dhcpClassesDN'
1130
+ EQUALITY distinguishedNameMatch
1131
+ DESC 'The distinguished name(s) of a class(es) in a subclass.'
1132
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1134
+attributetype ( 2.16.840.1.113719.1.203.4.17
1135
+ NAME 'dhcpSubclassesDN'
1136
+ EQUALITY distinguishedNameMatch
1137
+ DESC 'The distinguished name(s) of subclass(es).'
1138
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1140
+attributetype ( 2.16.840.1.113719.1.203.4.18
1141
+ NAME 'dhcpSharedNetworkDN'
1142
+ EQUALITY distinguishedNameMatch
1143
+ DESC 'The distinguished name(s) of sharedNetworks.'
1144
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1146
+attributetype ( 2.16.840.1.113719.1.203.4.19
1147
+ NAME 'dhcpServiceDN'
1148
+ EQUALITY distinguishedNameMatch
1149
+ DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.'
1150
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1152
+attributetype ( 2.16.840.1.113719.1.203.4.20
1153
+ NAME 'dhcpVersion'
1154
+ DESC 'The version attribute of this object.'
1155
+ EQUALITY caseIgnoreIA5Match
1156
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1158
+attributetype ( 2.16.840.1.113719.1.203.4.21
1159
+ NAME 'dhcpImplementation'
1160
+ EQUALITY caseIgnoreIA5Match
1161
+ DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.'
1162
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1164
+attributetype ( 2.16.840.1.113719.1.203.4.22
1165
+ NAME 'dhcpAddressState'
1166
+ EQUALITY caseIgnoreIA5Match
1167
+ DESC 'This stores information about the current binding-status of an address. For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
1168
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1170
+attributetype ( 2.16.840.1.113719.1.203.4.23
1171
+ NAME 'dhcpExpirationTime'
1172
+ EQUALITY generalizedTimeMatch
1173
+ DESC 'This is the time the current lease for an address expires.'
1174
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
1176
+attributetype ( 2.16.840.1.113719.1.203.4.24
1177
+ NAME 'dhcpStartTimeOfState'
1178
+ EQUALITY generalizedTimeMatch
1179
+ DESC 'This is the time of the last state change for a leased address.'
1180
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
1182
+attributetype ( 2.16.840.1.113719.1.203.4.25
1183
+ NAME 'dhcpLastTransactionTime'
1184
+ EQUALITY generalizedTimeMatch
1185
+ DESC 'This is the last time a valid DHCP packet was received from the client.'
1186
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
1188
+attributetype ( 2.16.840.1.113719.1.203.4.26
1189
+ NAME 'dhcpBootpFlag'
1190
+ EQUALITY booleanMatch
1191
+ DESC 'This indicates whether the address was assigned via BOOTP.'
1192
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
1194
+attributetype ( 2.16.840.1.113719.1.203.4.27
1195
+ NAME 'dhcpDomainName'
1196
+ EQUALITY caseIgnoreIA5Match
1197
+ DESC 'This is the name of the domain sent to the client by the server. It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN. To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".'
1198
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1200
+attributetype ( 2.16.840.1.113719.1.203.4.28
1201
+ NAME 'dhcpDnsStatus'
1202
+ EQUALITY integerMatch
1203
+ DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address. The value is a 16-bit bitmask.'
1204
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1206
+attributetype ( 2.16.840.1.113719.1.203.4.29
1207
+ NAME 'dhcpRequestedHostName'
1208
+ EQUALITY caseIgnoreIA5Match
1209
+ DESC 'This is the hostname that was requested by the client.'
1210
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1212
+attributetype ( 2.16.840.1.113719.1.203.4.30
1213
+ NAME 'dhcpAssignedHostName'
1214
+ EQUALITY caseIgnoreIA5Match
1215
+ DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.'
1216
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1218
+attributetype ( 2.16.840.1.113719.1.203.4.31
1219
+ NAME 'dhcpReservedForClient'
1220
+ EQUALITY distinguishedNameMatch
1221
+ DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
1222
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
1224
+attributetype ( 2.16.840.1.113719.1.203.4.32
1225
+ NAME 'dhcpAssignedToClient'
1226
+ EQUALITY distinguishedNameMatch
1227
+ DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to. This attribute is only present in the class when the address is leased.'
1228
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
1230
+attributetype ( 2.16.840.1.113719.1.203.4.33
1231
+ NAME 'dhcpRelayAgentInfo'
1232
+ EQUALITY octetStringMatch
1233
+ DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.'
1234
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
1236
+attributetype ( 2.16.840.1.113719.1.203.4.34
1237
+ NAME 'dhcpHWAddress'
1238
+ EQUALITY caseIgnoreIA5Match
1239
+ DESC 'The clients hardware address that requested this IP address.'
1240
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1242
+attributetype ( 2.16.840.1.113719.1.203.4.35
1243
+ NAME 'dhcpHashBucketAssignment'
1244
+ EQUALITY octetStringMatch
1245
+ DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].'
1246
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
1248
+attributetype ( 2.16.840.1.113719.1.203.4.36
1249
+ NAME 'dhcpDelayedServiceParameter'
1250
+ EQUALITY integerMatch
1251
+ DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
1252
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1254
+attributetype ( 2.16.840.1.113719.1.203.4.37
1255
+ NAME 'dhcpMaxClientLeadTime'
1256
+ EQUALITY integerMatch
1257
+ DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]'
1258
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1260
+attributetype ( 2.16.840.1.113719.1.203.4.38
1261
+ NAME 'dhcpFailOverEndpointState'
1262
+ EQUALITY caseIgnoreIA5Match
1263
+ DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]'
1264
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1266
+attributetype ( 2.16.840.1.113719.1.203.4.39
1267
+ NAME 'dhcpErrorLog'
1268
+ EQUALITY caseIgnoreIA5Match
1269
+ DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
1270
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1272
+attributetype ( 2.16.840.1.113719.1.203.4.40
1273
+ NAME 'dhcpLocatorDN'
1274
+ EQUALITY distinguishedNameMatch
1275
+ DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
1276
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1278
+attributetype ( 2.16.840.1.113719.1.203.4.41
1279
+ NAME 'dhcpKeyAlgorithm'
1280
+ EQUALITY caseIgnoreIA5Match
1281
+ DESC 'Algorithm to generate TSIG Key'
1282
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1284
+attributetype ( 2.16.840.1.113719.1.203.4.42
1285
+ NAME 'dhcpKeySecret'
1286
+ EQUALITY octetStringMatch
1287
+ DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
1289
+attributetype ( 2.16.840.1.113719.1.203.4.43
1290
+ NAME 'dhcpDnsZoneServer'
1291
+ EQUALITY caseIgnoreIA5Match
1292
+ DESC 'Master server of the DNS Zone'
1293
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1295
+attributetype ( 2.16.840.1.113719.1.203.4.44
1297
+ EQUALITY distinguishedNameMatch
1298
+ DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.'
1299
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
1301
+attributetype ( 2.16.840.1.113719.1.203.4.45
1303
+ EQUALITY distinguishedNameMatch
1304
+ DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.'
1305
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
1307
+attributetype ( 2.16.840.1.113719.1.203.4.46
1308
+ NAME 'dhcpFailOverPrimaryServer'
1309
+ EQUALITY caseIgnoreIA5Match
1310
+ DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
1311
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1313
+attributetype ( 2.16.840.1.113719.1.203.4.47
1314
+ NAME 'dhcpFailOverSecondaryServer'
1315
+ EQUALITY caseIgnoreIA5Match
1316
+ DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
1317
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1319
+attributetype ( 2.16.840.1.113719.1.203.4.48
1320
+ NAME 'dhcpFailOverPrimaryPort'
1321
+ EQUALITY integerMatch
1322
+ DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
1323
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
1325
+attributetype ( 2.16.840.1.113719.1.203.4.49
1326
+ NAME 'dhcpFailOverSecondaryPort'
1327
+ EQUALITY integerMatch
1328
+ DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
1329
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
1331
+attributetype ( 2.16.840.1.113719.1.203.4.50
1332
+ NAME 'dhcpFailOverResponseDelay'
1333
+ EQUALITY integerMatch
1334
+ DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
1335
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
1337
+attributetype ( 2.16.840.1.113719.1.203.4.51
1338
+ NAME 'dhcpFailOverUnackedUpdates'
1339
+ EQUALITY integerMatch
1340
+ DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
1341
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
1343
+attributetype ( 2.16.840.1.113719.1.203.4.52
1344
+ NAME 'dhcpFailOverSplit'
1345
+ EQUALITY integerMatch
1346
+ DESC 'Split between the primary and secondary servers for fail over purpose'
1347
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
1349
+attributetype ( 2.16.840.1.113719.1.203.4.53
1350
+ NAME 'dhcpFailOverLoadBalanceTime'
1351
+ EQUALITY integerMatch
1352
+ DESC 'Cutoff time in seconds, after which load balance is disabled'
1353
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
1355
+attributetype ( 2.16.840.1.113719.1.203.4.54
1356
+ NAME 'dhcpFailOverPeerDN'
1357
+ EQUALITY distinguishedNameMatch
1358
+ DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
1359
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1361
+#List of all servers in the tree
1362
+attributetype ( 2.16.840.1.113719.1.203.4.55
1363
+ NAME 'dhcpServerDN'
1364
+ EQUALITY distinguishedNameMatch
1365
+ DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
1366
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1368
+attributetype ( 2.16.840.1.113719.1.203.4.56
1369
+ NAME 'dhcpComments'
1370
+ EQUALITY caseIgnoreIA5Match
1371
+ DESC 'Generic attribute that allows coments within any DHCP object'
1372
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1376
+objectclass ( 2.16.840.1.113719.1.203.6.1
1377
+ NAME 'dhcpService'
1378
+ DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
1381
+ MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
1383
+objectclass ( 2.16.840.1.113719.1.203.6.2
1384
+ NAME 'dhcpSharedNetwork'
1385
+ DESC 'This stores configuration information for a shared network.'
1388
+ MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
1390
+objectclass ( 2.16.840.1.113719.1.203.6.3
1392
+ DESC 'This class defines a subnet. This is a container object.'
1394
+ MUST ( cn $ dhcpNetMask )
1395
+ MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
1397
+objectclass ( 2.16.840.1.113719.1.203.6.4
1399
+ DESC 'This stores configuration information about a pool.'
1401
+ MUST ( cn $ dhcpRange )
1402
+ MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption )
1403
+ X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
1405
+objectclass ( 2.16.840.1.113719.1.203.6.5
1407
+ DESC 'Group object that lists host DNs and parameters. This is a container object.'
1410
+ MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
1411
+ X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
1413
+objectclass ( 2.16.840.1.113719.1.203.6.6
1415
+ DESC 'This represents information about a particular client'
1418
+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
1419
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
1421
+objectclass ( 2.16.840.1.113719.1.203.6.7
1423
+ DESC 'Represents information about a collection of related clients.'
1426
+ MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
1427
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
1429
+objectclass ( 2.16.840.1.113719.1.203.6.8
1430
+ NAME 'dhcpSubClass'
1431
+ DESC 'Represents information about a collection of related classes.'
1434
+ MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
1436
+objectclass ( 2.16.840.1.113719.1.203.6.9
1437
+ NAME 'dhcpOptions'
1438
+ DESC 'Represents information about a collection of options defined.'
1441
+ MAY ( dhcpOption $ dhcpComments )
1442
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
1444
+objectclass ( 2.16.840.1.113719.1.203.6.10
1446
+ DESC 'This class represents an IP Address, which may or may not have been leased.'
1448
+ MUST ( cn $ dhcpAddressState )
1449
+ MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
1450
+ X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
1452
+objectclass ( 2.16.840.1.113719.1.203.6.11
1454
+ DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.'
1457
+ MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
1458
+ X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
1460
+objectclass ( 2.16.840.1.113719.1.203.6.12
1462
+ DESC 'DHCP Server Object'
1465
+ MAY (dhcpServiceDN $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption)
1466
+ X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
1468
+objectclass ( 2.16.840.1.113719.1.203.6.13
1469
+ NAME 'dhcpTSigKey'
1470
+ DESC 'TSIG key for secure dynamic updates'
1472
+ MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret )
1473
+ MAY ( dhcpComments )
1474
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
1476
+objectclass ( 2.16.840.1.113719.1.203.6.14
1477
+ NAME 'dhcpDnsZone'
1478
+ DESC 'DNS Zone for updating leases'
1480
+ MUST (cn $ dhcpDnsZoneServer )
1481
+ MAY (dhcpKeyDN $ dhcpComments)
1482
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
1484
+objectclass ( 2.16.840.1.113719.1.203.6.15
1485
+ NAME 'dhcpFailOverPeer'
1486
+ DESC 'This class defines the Fail over peer'
1488
+ MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
1489
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
1491
+objectclass ( 2.16.840.1.113719.1.203.6.16
1492
+ NAME 'dhcpLocator'
1493
+ DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
1496
+ MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments)
1497
+ X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
1500
diff -urNad dhcp3-3.1.0.orig/doc/draft-ietf-dhc-ldap-schema-01.txt dhcp3-3.1.0/doc/draft-ietf-dhc-ldap-schema-01.txt
1501
--- dhcp3-3.1.0.orig/doc/draft-ietf-dhc-ldap-schema-01.txt 1970-01-01 01:00:00.000000000 +0100
1502
+++ dhcp3-3.1.0/doc/draft-ietf-dhc-ldap-schema-01.txt 2008-02-20 13:21:26.000000000 +0100
1509
+Network Working Group M. Meredith,
1510
+Internet Draft V. Nanjundaswamy,
1511
+Document: <draft-ietf-dhc-ldap-schema-00.txt> M. Hinckley
1512
+Category: Proposed Standard Novell Inc.
1513
+Expires: 15th December 2001 16th June 2001
1516
+ LDAP Schema for DHCP
1518
+Status of this Memo
1520
+This document is an Internet-Draft and is in full conformance with all
1521
+provisions of Section 10 of RFC2026 [ ].
1523
+Internet-Drafts are working documents of the Internet Engineering Task
1524
+Force (IETF), its areas, and its working groups. Note that other groups
1525
+may also distribute working documents as Internet-Drafts. Internet-
1526
+Drafts are draft documents valid for a maximum of six months and may be
1527
+updated, replaced, or obsolete by other documents at any time. It is
1528
+inappropriate to use Internet-Drafts as reference material or to cite
1529
+them other than as "work in progress." The list of current Internet-
1530
+Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The
1531
+list of Internet-Draft Shadow Directories can be accessed at
1532
+http://www.ietf.org/shadow.html.
1536
+This document defines a schema for representing DHCP configuration in an
1537
+LDAP directory. It can be used to represent the DHCP Service
1538
+configuration(s) for an entire enterprise network, a subset of the
1539
+network, or even a single server. Representing DHCP configuration in an
1540
+LDAP directory enables centralized management of DHCP services offered
1541
+by one or more DHCP Servers within the enterprise.
1543
+2. Conventions used in this document
1545
+The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
1546
+"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
1547
+document are to be interpreted as described in RFC-2119 [ ].
1549
+In places where different sets of terminology are commonly used to
1550
+represent similar DHCP concepts, this schema uses the terminology of the
1551
+Internet Software Consortium's DHCP server reference implementation.
1552
+For more information see www.isc.org.
1554
+3. Design Considerations
1556
+The DHCP LDAP schema is designed to be a simple multi-server schema. The
1560
+M. Meredith et al. Expires December 2001 [Page 1]
1566
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1569
+intent of this schema is to provide a basic framework for representing
1570
+the most common elements used in the configuration of DHCP Server. This
1571
+should allow other network services to obtain and use basic DHCP
1572
+configuration information in a server-independent but knowledgeable way.
1574
+It is expected that some implementations may need to extend the schema
1575
+objects, in order to implement all of their features or needs. It is
1576
+recommended that you use the schema defined in this draft to represent
1577
+DHCP configuration information in an LDAP directory. Conforming to a
1578
+standard schema improves interoperability between DHCP implementations
1579
+from different vendors.
1581
+Some implementations may choose not to support all of the objects
1584
+Two decisions are explicitly left up to each implementation:
1586
+First, implementations may choose not to store the lease information in
1587
+the directory, so those objects would not be used.
1589
+Second, implementations may choose not to implement the auditing
1592
+It is up to the implementation to determine if the data in the directory
1593
+is considered "authoritative", or if it is simply a copy of data from an
1594
+authoritative source. Validity of the information if used as a copy is
1595
+to be ensured by the implementation.
1597
+Primarily two types of applications will use the information in this
1598
+schema: 1. DHCP servers (for loading their configuration) 2. Management
1599
+Interfaces (for defining/editing configurations).
1601
+The schema should be efficient for the needs of both types of
1602
+applications. The schema is designed to allow objects managed by DHCP
1603
+(such as computers, subnets, etc) to be present anywhere in a directory
1604
+hierarchy (to allow those objects to be placed in the directory for
1605
+managing administrative control and access to the objects).
1607
+The schema uses a few naming conventions - all object classes and
1608
+attributes are prefixed with "dhcp" to decrease the chance that object
1609
+classes and attributes will have the same name. The schema also uses
1610
+standard naming attributes ("cn", "ou", etc) for all objects.
1612
+4. Common DHCP Configuration Attributes
1614
+Although DHCP manages several different types of objects, the
1615
+configuration of those objects is often similar. Consequently, most of
1616
+these objects have a common set of attributes, which are defined below.
1620
+M. Meredith et al. Expires December 2001 [Page 2]
1626
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1629
+4.1. Attributes Definitions
1631
+The schema definitions listed below are for readability. The LDIF
1632
+layout for this schema will follow in section 8.
1634
+Name: dhcpPrimaryDN Description: The Distinguished Name of the
1635
+dhcpServer object, which is the primary server for the configuration.
1636
+Syntax: DN Flags: SINGLE-VALUE
1638
+Named: dhcpSecondaryDN Description: The Distinguished Name(s) of the
1639
+dhcpServer object(s), which are secondary servers for the configuration.
1642
+Name: dhcpStatements Description: Flexible storage for representing any
1643
+specific data depending on the object to which it is attached. Examples
1644
+include conditional statements, Server parameters, etc. This also
1645
+serves as a 'catch-all' attribute that allows the standard to evolve
1646
+without needing to update the schema. Syntax: IA5String
1648
+Name: dhcpRange Description: The starting and ending IP Addresses in the
1649
+range (inclusive), separated by a hyphen; if the range only contains one
1650
+address, then just the address can be specified with no hyphen. Each
1651
+range is defined as a separate value. Syntax: IA5String
1653
+Name: dhcpPermitList Description: This attribute contains the permit
1654
+lists associated with a pool. Each permit list is defined as a separate
1655
+value. Syntax: IA5String
1657
+Name: dhcpNetMask Description: The subnet mask length for the subnet.
1658
+The mask can be easily computed from this length. Syntax: Integer
1659
+Flags: SINGLE-VALUE
1661
+Name: dhcpOption Description: Encoded option values to be sent to
1662
+clients. Each value represents a single option and contains (OptionTag,
1663
+Length, OptionData) encoded in the format used by DHCP. For more
1664
+information see [DHCPOPT]. Syntax: OctetString
1666
+Name: dhcpClassData Description: Encoded text string or list of bytes
1667
+expressed in hexadecimal, separated by colons. Clients match subclasses
1668
+based on matching the class data with the results of a 'match' or 'spawn
1669
+with' statement in the class name declarations. Syntax: IA5String
1670
+Flags: SINGLE-VALUE
1672
+Name: dhcpSubclassesDN Description: List of subclasses, these are the
1673
+actual DN of each subclass object. Syntax: DN
1675
+Name: dhcpClassesDN Description: List of classes, these are the actual
1676
+DN of each class object. Syntax: DN
1680
+M. Meredith et al. Expires December 2001 [Page 3]
1686
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1689
+Name: dhcpSubnetDN Description: List of subnets, these are the actual DN
1690
+of each subnet object. Syntax: DN
1692
+Name: dhcpPoolDN Description: List of pools, these are the actual DN of
1693
+each Pool object. Syntax: DN
1695
+Name: dhcpOptionsDN Description: List of options, these are the actual
1696
+DN of each Options object. Syntax: DN
1698
+Name: dhcpHostDN Description: List of hosts, these are the actual DN of
1699
+each host object. Syntax: DN
1701
+Name: dhcpSharedNetworkDN Description: List of shared networks, these
1702
+are the actual DN of each shared network object. Syntax: DN
1704
+Name: dhcpGroupDN Description: List of groups, these are the actual DN
1705
+of each Group object. Syntax: DN
1707
+Name: dhcpLeaseDN Description: Single Lease DN. A dhcpHost configuration
1708
+uses this attribute to identify a static IP address assignment. Syntax:
1709
+DN Flags: SINGLE-VALUE
1711
+Name: dhcpLeasesDN Description: List of leases, these are the actual DN
1712
+of each lease object. Syntax: DN
1714
+Name: dhcpServiceDN Description: The DN of dhcpService object(s)which
1715
+contain the configuration information. Each dhcpServer object has this
1716
+attribute identifying the DHCP configuration(s) that the server is
1717
+associated with. Syntax: DN
1719
+Name: dhcpHWAddress Description: The hardware address of the client
1720
+associated with a lease Syntax: OctetString Flags: SINGLE-VALUE
1722
+Name: dhcpVersion Description: This is the version identified for the
1723
+object that this attribute is part of. In case of the dhcpServer object,
1724
+this represents the DHCP software version. Syntax: IA5String Flags:
1727
+Name: dhcpImplementation Description: DHCP Server implementation
1728
+description e.g. DHCP Vendor information. Syntax: IA5String Flags:
1731
+Name: dhcpHashBucketAssignment Description: HashBucketAssignment bit map
1732
+for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC
1733
+3074]. Syntax: Octet String Flags: SINGLE-VALUE
1735
+Name: dhcpDelayedServiceParameter Description: Delay in seconds
1736
+corresponding to Delayed Service Parameter configuration, as defined in
1740
+M. Meredith et al. Expires December 2001 [Page 4]
1746
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1749
+DHC Load Balancing Algorithm [RFC 3074]. Syntax: Integer Flags: SINGLE-
1752
+Name: dhcpMaxClientLeadTime Description: Maximum Client Lead Time
1753
+configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]
1754
+Syntax: Integer Flags: SINGLE-VALUE
1756
+Name: dhcpFailOverEndpointState Description: Server (Failover Endpoint)
1757
+state, as defined in DHCP Failover Protocol [FAILOVR] Syntax: IA5String
1758
+Flags: SINGLE-VALUE
1760
+5. Configurations and Services
1762
+The schema definitions below are for readability the LDIF layout for
1763
+this schema will follow in section 8.
1765
+The DHC working group is currently considering several proposals for
1766
+fail-over and redundancy of DHCP servers. These may require sharing of
1767
+configuration information between servers. This schema provides a
1768
+generalized mechanism for supporting any of these proposals, by
1769
+separating the definition of a server from the definition of
1770
+configuration service provided by the server.
1772
+Separating the DHCP Server (dhcpServer) and the DHCP Configuration
1773
+(dhcpService) representations allows a configuration service to be
1774
+provided by one or more servers. Similarly, a server may provide one or
1775
+more configurations. The schema allows a server to be configured as
1776
+either a primary or secondary provider of a DHCP configuration.
1778
+Configurations are also defined so that one configuration can include
1779
+some of the objects that are defined in another configuration. This
1780
+allows for sharing and/or a hierarchy of related configuration items.
1782
+Name: dhcpService Description: Service object that represents the
1783
+actual DHCP Service configuration. This will be a container with the
1784
+following attributes. Must: cn, dhcpPrimaryDN May: dhcpSecondaryDN,
1785
+dhcpSharedNetworkDN, dhcpSubnetDN, dhcpGroupDN, dhcpHostDN,
1786
+dhcpClassesDN, dhcpOptionsDN, dhcpStatements
1788
+The following objects could exist inside the dhcpService container:
1789
+dhcpSharedNetwork, dhcpSubnet, dhcpGroup, dhcpHost, dhcpClass,
1790
+dhcpOptions, dhcpLog
1792
+Name: dhcpServer Description: Server object that the DHCP server will
1793
+login as. The configuration information is in the dhcpService container
1794
+that the dhcpServiceDN points to. Must: cn, dhcpServiceDN May:
1795
+dhcpVersion, dhcpImplementation, dhcpHashBucketAssignment,
1796
+dhcpDelayedServiceParameter, dhcpMaxClientLeadTime,
1800
+M. Meredith et al. Expires December 2001 [Page 5]
1806
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1807
+dhcpFailOverEndpointState, dhcpStatements
1809
+5.1. DHCP Declaration related classes:
1811
+Name: dhcpSharedNetwork Description: Shared Network class will list what
1812
+pools and subnets are in this network.
1814
+This will be a container with the following attributes. Must: cn May:
1815
+dhcpSubnetDN, dhcpPoolDN, dhcpOptionsDN, dhcpStatements
1817
+The following objects can exist within a dhcpSharedNetwork container:
1818
+dhcpSubnet, dhcpPool, dhcpOptions, dhcpLog
1820
+Name: dhcpSubnet Description: Subnet object will include configuration
1821
+information associated with a subnet, including a range and a net mask.
1823
+This will be a container with the following attributes. Must: cn
1824
+(Subnet address), dhcpNetMask May: dhcpRange, dhcpPoolDN, dhcpGroupDN,
1825
+dhcpHostDN, dhcpClassesDN, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements
1827
+The following objects can exist within a dhcpSubnet container: dhcpPool,
1828
+dhcpGroup, dhcpHost, dhcpClass, dhcpOptions, dhcpLease, dhcpLog
1830
+Name: dhcpGroup Description: Group object will have configuration
1831
+information associated with a group.
1833
+This will be a container with the following attributes. Must: cn May:
1834
+dhcpHostDN, dhcpOptionsDN, dhcpStatements
1836
+The following objects can exist within a dhcpGroup container: dhcpHost,
1839
+Name: dhcpHost Description: The host object includes DHCP host
1840
+declarations to assign a static IP address or declare the client as
1841
+known or specify statements for a specific client. Must: cn May:
1842
+dhcpLeaseDN, dhcpHWAddress, dhcpOptionsDN, dhcpStatements
1844
+The following objects can exist within a dhcpHost container: dhcpLease,
1847
+Name: dhcpOptions Description: The options class is for option space
1848
+declarations, it contains a list of options. Must: cn, dhcpOption
1850
+Name: dhcpClass Description: This is a class to group clients together
1851
+based on matching rules.
1853
+This will be a container with the following attributes. Must: cn May:
1854
+dhcpSubClassesDN, dhcpOptionsDN, dhcpStatements
1856
+The following object can exist within a dhcpClass container:
1857
+dhcpSubclass, dhcpOptions
1861
+M. Meredith et al. Expires December 2001 [Page 6]
1867
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1870
+Name: dhcpSubClass Description: This includes configuration information
1871
+for a subclass associated with a class. The dhcpSubClass object will
1872
+always be contained within the corresponding class container object.
1873
+Must: cn May: dhcpClassData, dhcpOptionsDN, dhcpStatements
1875
+Name: dhcpPool Description: This contains configuration for a pool that
1876
+will have the range of addresses, permit lists and point to classes and
1877
+leases that are members of this pool.
1879
+This will be a container that could be contained by dhcpSubnet or a
1880
+dhcpSharedNetwork. Must: cn, dhcpRange May: dhcpClassesDN,
1881
+dhcpPermitList, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements
1883
+The following objects can exist within a dhcpPool container: dhcpClass,
1884
+dhcpOptions, dhcpLease, dhcpLog
1886
+6. Tracking Address Assignments
1888
+The behavior of a DHCP server is influenced by two factors - it's
1889
+configuration and the current state of the addresses that have been
1890
+assigned to clients. This schema defines a set of objects for
1891
+representing the DHCP configuration associated with a server. The
1892
+following object classes provide the ability to record how addresses are
1893
+used including maintaining history (audit log) on individual leases.
1894
+Recording lease information in a directory could result in a significant
1895
+performance impact and is therefore optional. Implementations supporting
1896
+logging of leases need to consider the performance impact.
1898
+6.1. dhcpLeases Attribute Definitions
1900
+The schema definitions below are for readability the LDIF layout for
1901
+this schema will follow in section 8.
1903
+Name: dhcpAddressState Description: This stores information about the
1904
+current binding-status of an address. For dynamic addresses managed by
1905
+DHCP, the values should be restricted to the states defined in the DHCP
1906
+Failover Protocol draft [FAILOVR]: 'FREE', 'ACTIVE', 'EXPIRED',
1907
+'RELEASED', 'RESET', 'ABANDONED', 'BACKUP'. For more information on
1908
+these states see [FAILOVR]. For other addresses, it SHOULD be one of
1909
+the following: 'UNKNOWN', 'RESERVED' (an address that is managed by DHCP
1910
+that is reserved for a specific client), 'RESERVED-ACTIVE' (same as
1911
+reserved, but address is currently in use), 'ASSIGNED' (assigned
1912
+manually or by some other mechanism), 'UNASSIGNED', 'NOTASSIGNABLE'.
1913
+Syntax: IA5String Flags: SINGLE-VALUE
1915
+Name: dhcpExpirationTime Description: This is the time the current lease
1916
+for an address expires. Syntax: DateTime Flags: SINGLE-VALUE
1921
+M. Meredith et al. Expires December 2001 [Page 7]
1927
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1930
+Name: dhcpStartTimeOfState Description: This is the time of the last
1931
+state change for a leased address. Syntax: DateTime Flags: SINGLE-VALUE
1933
+Name: dhcpLastTransactionTime Description: This is the last time a valid
1934
+DHCP packet was received from the client. Syntax: DateTime Flags:
1937
+Name: dhcpBootpFlag Description: This indicates whether the address was
1938
+assigned via BOOTP Syntax: Boolean Flags: SINGLE-VALUE
1940
+Name: dhcpDomainName Description: This is the name of the domain sent to
1941
+the client by the server. It is essentially the same as the value for
1942
+DHCP option 15 sent to the client, and represents only the domain - not
1943
+the full FQDN. To obtain the full FQDN assigned to the client you must
1944
+prepend the "dhcpAssignedHostName" to this value with a ".". Syntax:
1945
+IA5String Flags: SINGLE-VALUE
1947
+Name: dhcpDnsStatus Description: This indicates the status of updating
1948
+DNS resource records on behalf of the client by the DHCP server for this
1949
+address. The value is a 16-bit bitmask that has the same values as
1950
+specified by the Failover-DDNS option (see [FAILOVR]). Syntax: Integer
1951
+Flags: SINGLE-VALUE
1953
+Name: dhcpRequestedHostName Description: This is the hostname that was
1954
+requested by the client. Syntax: IA5String Flags: SINGLE-VALUE
1956
+Name: dhcpAssignedHostName Description: This is the actual hostname that
1957
+was assigned to a client. It may not be the name that was requested by
1958
+the client. The fully qualified domain name can be determined by
1959
+appending the value of "dhcpDomainName" (with a dot separator) to this
1960
+name. Syntax: IA5String Flags: SINGLE-VALUE
1962
+Name: dhcpReservedForClient Description: This is the distinguished name
1963
+of the "dhcpHost" that an address is reserved for. This may not be the
1964
+same as the "dhcpAssignedToClient" attribute if the address is being
1965
+reassigned but the current lease has not yet expired. Syntax: DN Flags:
1968
+Name: dhcpAssignedToClient Description: This is the distinguished name
1969
+of a "dhcpHost" that an address is currently assigned to. This
1970
+attribute is only present in the class when the address is leased.
1971
+Syntax: DN Flags: SINGLE-VALUE
1973
+Name: dhcpRelayAgentInfo Description: If the client request was received
1974
+via a relay agent, this contains information about the relay agent that
1975
+was available from the DHCP request. This is a hex-encoded option
1976
+value. Syntax: OctetString Flags: SINGLE-VALUE
1978
+Name: dhcpErrorLog Description: Generic error log attribute that allows
1979
+logging error conditions within a dhcpService or a dhcpSubnet, like no IP
1980
+addresses available for lease. Syntax: IA5String
1982
+M. Meredith et al. Expires December 2001 [Page 8]
1988
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1991
+6.2. dhcpLeases Object Class
1993
+This class represents an IP address. It may or may not be leaseable,
1994
+and the object may exist even though a lease is not currently active for
1995
+the associated IP address.
1997
+It is recommended that all Lease objects for a single DHCP Service be
1998
+centrally located within a single container. This ensures that the lease
1999
+objects and the corresponding logs do not have to be relocated, when
2000
+address ranges allocated to individual DHCP subnets and/or pools change.
2002
+The schema definitions below are for readability the LDIF layout for
2003
+this schema will follow in section 8.
2005
+Name: dhcpLeases Description: This is the object that holds state
2006
+information about an IP address. The cn (which is the IP address), and
2007
+the current address-state are mandatory attributes. If the address is
2008
+assigned then, some of the optional attributes will have valid data.
2009
+Must: cn, dhcpAddressState May: dhcpExpirationTime,
2010
+dhcpStartTimeOfState, dhcpLastTransactionTime, dhcpBootpFlag,
2011
+dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName,
2012
+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient,
2013
+dhcpRelayAgentInfo, dhcpHWAddress
2015
+6.3 Audit Log Information
2017
+A dhcpLog object is created whenever a lease is assigned or released.
2018
+This object is intended to be created under the corresponding dhcpLeases
2019
+container, or dhcpPool, dhcpSubnet, dhcpSharedNetwork or dhcpService
2022
+The log information under the dhcpLeases container would be for
2023
+addresses matching that lease information. The log information in the
2024
+other containers could be used for errors, i.e. when a pool or subnet is
2025
+out our addresses or if a server is not able to assign any more
2026
+addresses for a particular dhcpService.
2028
+Name: dhcpLog Description: This is the object that holds past
2029
+information about an IP address. The cn is the time/date stamp when the
2030
+address was assigned or released, the address state at the time, if the
2031
+address was assigned or released. Must: cn May: dhcpAddressState,
2032
+dhcpExpirationTime, dhcpStartTimeOfState, dhcpLastTransactionTime,
2033
+dhcpBootpFlag, dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName,
2034
+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient,
2035
+dhcpRelayAgentInfo, dhcpHWAddress, dhcpErrorLog
2042
+M. Meredith et al. Expires December 2001 [Page 9]
2048
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2051
+7. Determining settings
2053
+The dhcpStatements attribute is the key to DHC enhancements that may
2054
+come along, and the different key words that a particular server
2055
+implementation may use. This attribute can be used to hold conditional
2056
+DHCP Statements and DHCP server parameters. Having a generic settings
2057
+attribute that is just a string, allows this schema to be extensible and
2060
+All of the attributes that end with DN are references to the class that
2061
+precedes the DN e.g. the dhcpPrimaryDN and dhcpSecondaryDN attributes
2062
+hold the Distinguished Names of the dhcpServer objects that are
2063
+associated with the dhcpService object.
2065
+8. LDIF format for attributes and classes.
2069
+( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC
2070
+'The DN of the dhcpServer which is the primary server for the
2071
+configuration.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
2073
+( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'The DN of
2074
+dhcpServer(s) which provide backup service for the configuration.'
2075
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2077
+( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Flexible
2078
+storage for specific data depending on what object this exists in. Like
2079
+conditional statements, server parameters, etc. This allows the standard
2080
+to evolve without needing to adjust the schema.' SYNTAX
2081
+1.3.6.1.4.1.1466.115.121.1.26 )
2083
+( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The starting &
2084
+ending IP Addresses in the range (inclusive), separated by a hyphen; if
2085
+the range only contains one address, then just the address can be
2086
+specified with no hyphen. Each range is defined as a separate value.'
2087
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
2089
+( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'This attribute
2090
+contains the permit lists associated with a pool. Each permit list is
2091
+defined as a separate value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
2093
+( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The subnet mask
2094
+length for the subnet. The mask can be easily computed from this
2095
+length.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2097
+( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encoded option
2098
+values to be sent to clients. Each value represents a single option and
2099
+contains (OptionTag, Length, OptionValue) encoded in the format used by
2100
+DHCP.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
2102
+M. Meredith et al. Expires December 2001 [Page 10]
2108
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2111
+( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Encoded text
2112
+string or list of bytes expressed in hexadecimal, separated by colons.
2113
+Clients match subclasses based on matching the class data with the
2114
+results of match or spawn with statements in the class name
2115
+declarations.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2117
+( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The
2118
+distinguished name(s) of the dhcpOption objects containing the
2119
+configuration options provided by the server.' SYNTAX
2120
+1.3.6.1.4.1.1466.115.121.1.12 )
2122
+( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the distinguished
2123
+name(s) of the dhcpHost objects.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2125
+( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The distinguished
2126
+name(s) of pools.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2128
+( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The
2129
+distinguished name(s) of the groups.' SYNTAX
2130
+1.3.6.1.4.1.1466.115.121.1.12 )
2132
+( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The
2133
+distinguished name(s) of the subnets.' SYNTAX
2134
+1.3.6.1.4.1.1466.115.121.1.12 )
2136
+( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The
2137
+distinguished name of a client address.' SYNTAX
2138
+1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
2140
+( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The
2141
+distinguished name(s) client addresses.' SYNTAX
2142
+1.3.6.1.4.1.1466.115.121.1.12 )
2144
+( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'The
2145
+distinguished name(s) of a class(es) in a subclass.' SYNTAX
2146
+1.3.6.1.4.1.1466.115.121.1.12 )
2148
+( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The
2149
+distinguished name(s) of subclass(es).' SYNTAX
2150
+1.3.6.1.4.1.1466.115.121.1.12 )
2152
+( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DESC 'The
2153
+distinguished name(s) of sharedNetworks.' SYNTAX
2154
+1.3.6.1.4.1.1466.115.121.1.12 )
2156
+( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'The DN of
2157
+dhcpService object(s)which contain the configuration information. Each
2158
+dhcpServer object has this attribute identifying the DHCP
2162
+M. Meredith et al. Expires December 2001 [Page 11]
2168
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2171
+configuration(s) that the server is associated with.' SYNTAX
2172
+1.3.6.1.4.1.1466.115.121.1.12 )
2174
+( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version
2175
+attribute of this object.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
2178
+( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DESC
2179
+'Description of the DHCP Server implementation e.g. DHCP Server's
2180
+vendor.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2182
+( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores
2183
+information about the current binding-status of an address. For dynamic
2184
+addresses managed by DHCP, the values should be restricted to the
2185
+following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET",
2186
+"ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the
2187
+following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP
2188
+that is reserved for a specific client), "RESERVED-ACTIVE" (same as
2189
+reserved, but address is currently in use), "ASSIGNED" (assigned
2190
+manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
2191
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2193
+( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DESC 'This is
2194
+the time the current lease for an address expires.' SYNTAX
2195
+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
2197
+( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' DESC 'This is
2198
+the time of the last state change for a leased address.' SYNTAX
2199
+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
2201
+( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime' DESC 'This
2202
+is the last time a valid DHCP packet was received from the client.'
2203
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
2205
+( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'This indicates
2206
+whether the address was assigned via BOOTP.' SYNTAX
2207
+1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
2209
+( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'This is the
2210
+name of the domain sent to the client by the server. It is essentially
2211
+the same as the value for DHCP option 15 sent to the client, and
2212
+represents only the domain - not the full FQDN. To obtain the full FQDN
2213
+assigned to the client you must prepend the "dhcpAssignedHostName" to
2214
+this value with a ".".' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
2217
+( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'This indicates
2218
+the status of updating DNS resource records on behalf of the client by
2222
+M. Meredith et al. Expires December 2001 [Page 12]
2228
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2231
+the DHCP server for this address. The value is a 16-bit bitmask.'
2232
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2234
+( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This
2235
+is the hostname that was requested by the client.' SYNTAX
2236
+1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2238
+( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' DESC 'This is
2239
+the actual hostname that was assigned to a client. It may not be the
2240
+name that was requested by the client. The fully qualified domain name
2241
+can be determined by appending the value of "dhcpDomainName" (with a dot
2242
+separator) to this name.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
2245
+( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The
2246
+distinguished name of a "dhcpClient" that an address is reserved for.
2247
+This may not be the same as the "dhcpAssignedToClient" attribute if the
2248
+address is being reassigned but the current lease has not yet expired.'
2249
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
2251
+( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' DESC 'This is
2252
+the distinguished name of a "dhcpClient" that an address is currently
2253
+assigned to. This attribute is only present in the class when the
2254
+address is leased.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
2256
+( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DESC 'If the
2257
+client request was received via a relay agent, this contains information
2258
+about the relay agent that was available from the DHCP request. This is
2259
+a hex-encoded option value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
2262
+( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'The clients
2263
+hardware address that requested this IP address.' SYNTAX
2264
+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
2266
+( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignment' DESC
2267
+'HashBucketAssignment bit map for the DHCP Server, as defined in DHC
2268
+Load Balancing Algorithm [RFC 3074].' SYNTAX
2269
+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
2271
+( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParameter' DESC
2272
+'Delay in seconds corresponding to Delayed Service Parameter
2273
+configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
2274
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2276
+( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC
2277
+'Maximum Client Lead Time configuration in seconds, as defined in DHCP
2278
+Failover Protocol [FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
2282
+M. Meredith et al. Expires December 2001 [Page 13]
2288
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2293
+( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointState' DESC
2294
+'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol
2295
+[FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2297
+( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC
2298
+Generic error log attribute that allows logging error conditions within a
2299
+dhcpService or a dhcpSubnet, like no IP addresses available for lease.
2300
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2304
+( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC ' Service object
2305
+that represents the actual DHCP Service configuration. This is a
2306
+container object.' SUP top MUST (cn $ dhcpPrimaryDN) MAY
2307
+(dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $
2308
+dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpStatements ) )
2310
+( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DESC 'This stores
2311
+configuration information for a shared network.' SUP top MUST cn MAY
2312
+(dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) X-
2313
+NDS_CONTAINMENT ('dhcpService' ) )
2315
+( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'This class defines
2316
+a subnet. This is a container object.' SUP top MUST ( cn $ dhcpNetMask )
2317
+MAY (dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $
2318
+dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
2319
+('dhcpService' 'dhcpSharedNetwork') )
2321
+( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This stores
2322
+configuration information about a pool.' SUP top MUST ( cn $ dhcpRange )
2323
+MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
2324
+dhcpStatements) X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
2326
+( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Group object that
2327
+lists host DNs and parameters. This is a container object.' SUP top MUST
2328
+cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONTAINMENT
2329
+('dhcpSubnet' 'dhcpService' ) )
2331
+( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This represents
2332
+information about a particular client' SUP top MUST cn MAY (dhcpLeaseDN
2333
+$ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
2334
+('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
2336
+( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Represents
2337
+information about a collection of related clients.' SUP top MUST cn MAY
2338
+(dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
2339
+('dhcpService' 'dhcpSubnet' ) )
2341
+( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'Represents
2342
+information about a collection of related classes.' SUP top MUST cn MAY
2343
+(dhcpClassData $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
2347
+M. Meredith et al. Expires December 2001 [Page 14]
2353
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2358
+( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Represents
2359
+information about a collection of options defined.' SUP top MUST cn MAY
2360
+( dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork'
2361
+'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' )
2363
+( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'This class
2364
+represents an IP Address, which may or may not have been leased.' SUP
2365
+top MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $
2366
+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $
2367
+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $
2368
+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $
2369
+dhcpRelayAgentInfo $ dhcpHWAddress ) X-NDS_CONTAINMENT ( 'dhcpService'
2370
+'dhcpSubnet' 'dhcpPool') )
2372
+( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This is the object
2373
+that holds past information about the IP address. The cn is the
2374
+time/date stamp when the address was assigned or released, the address
2375
+state at the time, if the address was assigned or released.' SUP top
2376
+MUST ( cn ) MAY ( dhcpAddressState $ dhcpExpirationTime $
2377
+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $
2378
+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $
2379
+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $
2380
+dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) X-NDS_CONTAINMENT
2381
+('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
2383
+( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'DHCP Server
2384
+Object' SUP top MUST (cn, dhcpServiceDN) MAY (dhcpVersion $
2385
+dhcpImplementation $ dhcpHashBucketAssignment $
2386
+dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $
2387
+dhcpFailOverEndpointState $ dhcpStatements) X-NDS_CONTAINMENT ('O' 'OU'
2390
+9. Security Considerations
2392
+Since the DHCP Configuration information is stored in a directory, the
2393
+security of the information is limited to the security offered by the
2394
+directory including the security of the objects within that directory.
2396
+10. Intellectual Property Rights Notices
2398
+The IETF takes no position regarding the validity or scope of any
2399
+intellectual property or other rights that might be claimed to pertain
2400
+to the implementation or use of the technology described in this
2401
+document or the extent to which any license under such rights might or
2402
+might not be available; neither does it represent that it has made any
2403
+effort to identify any such rights. Information on the IETF's
2404
+procedures with respect to rights in standards-track and standards-
2408
+M. Meredith et al. Expires December 2001 [Page 15]
2414
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2417
+related documentation can be found in BCP-11. Copies of claims of
2418
+rights made available for publication and any assurances of licenses to
2419
+be made available, or the result of an attempt made to obtain a general
2420
+license or permission for the use of such proprietary rights by
2421
+implementors or users of this specification can be obtained from the
2424
+The IETF invites any interested party to bring to its attention any
2425
+copyrights, patents or patent applications, or other proprietary rights
2426
+which may cover technology that may be required to practice this
2427
+standard. Please address the information to the IETF Executive
2430
+11. Full Copyright Statement
2432
+Copyright (C) The Internet Society (2001). All Rights Reserved.
2434
+This document and translations of it may be copied and furnished to
2435
+others, and derivative works that comment on or otherwise explain it or
2436
+assist in its implementation may be prepared, copied, published and
2437
+distributed, in whole or in part, without restriction of any kind,
2438
+provided that the above copyright notice and this paragraph are included
2439
+on all such copies and derivative works. However, this document itself
2440
+may not be modified in any way, such as by removing the copyright notice
2441
+or references to the Internet Society or other Internet organizations,
2442
+except as needed for the purpose of developing Internet standards in
2443
+which case the procedures for copyrights defined in the Internet
2444
+Standards process must be followed, or as required to translate it into
2445
+languages other than English.
2447
+The limited permissions granted above are perpetual and will not be
2448
+revoked by the Internet Society or its successors or assigns.
2450
+This document and the information contained herein is provided on an "AS
2451
+IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
2452
+FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
2453
+LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
2454
+INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
2455
+FITNESS FOR A PARTICULAR PURPOSE.
2459
+[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
2462
+[RFC2132] Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor
2463
+Extensions", RFC 2132, March 1997.
2468
+M. Meredith et al. Expires December 2001 [Page 16]
2474
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2477
+[MSDHCP] Gu, Y., Vyaghrapuri, R., "An LDAP Schema for Dynamic Host
2478
+Configuration Protocol Service", Internet Draft <draft-gu-dhcp-ldap-
2479
+schema-00.txt>, August 1998.
2481
+[NOVDHCP] Miller, T., Patel, A., Rao, P., "Lightweight Directory Access
2482
+Protocol (v3): Schema for Dynamic Host Configuration Protocol (DHCP)",
2483
+Internet Draft <draft-miller-dhcp-ldap-schema-00.txt>, June 1998.
2485
+[FAILOVR] Droms, R., Rabil, G., Dooley, M., Kapur, A., Gonczi, S., Volz,
2486
+B., "DHCP Failover Protocol", Internet Draft <draft-ietf-dhc-
2487
+failover-08.txt>, July 2000.
2489
+[RFC 3074] Volz B., Gonczi S., Lemon T., Stevens R., "DHC Load Balancing
2490
+Algorithm", February 2001
2492
+[AGENT] Patrick, M., "DHCP Relay Agent Information Option", Internet
2493
+Draft <draft-ietf-dhc-agent-options-09.txt>, March 2000.
2495
+[DHCPOPT] Carney, M., "New Option Review Guidelines and Additional
2496
+Option Namespace", Internet Draft <draft-ietf-dhc-
2497
+option_review_and_namespace-01.txt>, October 1999.
2499
+[POLICY] Strassner, J., Elleson, E., Moore, B., "Policy Framework LDAP
2500
+Core Schema", Internet Draft <draft-ietf-policy-core-schema-06.txt>,
2503
+[RFC2251] Wahl, M., Howes, T., Kille, S., "Lightweight Directory Access
2504
+Protocol (v3)", RFC 2251, December 1997.
2506
+[RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., "Lightweight
2507
+Directory Access Protocol (v3) Attribute Syntax Definitions", RFC 2252,
2510
+[RFC2255] Howes, T., Smith, M., "The LDAP URL Format", RFC 2255,
2513
+[RFC951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC 951,
2516
+[RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement
2517
+Levels", RFC 2119, March 1997.
2519
+13. Acknowledgments
2521
+This work is partially based on a previous draft draft-ietf-dhc-
2528
+M. Meredith et al. Expires December 2001 [Page 17]
2534
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2537
+14. Author's Addresses
2539
+Comments regarding this draft may be sent to the authors at the
2545
+1800 S. Novell Place
2548
+Vijay K. Nanjundaswamy
2549
+Novell Software Development (I) Ltd
2550
+49/1 & 49/3, Garvebhavi Palya,
2551
+7th Mile, Hosur Road
2554
+email: mark_meredith@novell.com
2555
+email: knvijay@novell.com
2556
+email: mhinckley@novell.com
2558
+This Internet Draft expires December 16, 2001.
2588
+M. Meredith et al. Expires December 2001 [Page 18]
2593
diff -urNad dhcp3-3.1.0.orig/README.ldap dhcp3-3.1.0/README.ldap
2594
--- dhcp3-3.1.0.orig/README.ldap 1970-01-01 01:00:00.000000000 +0100
2595
+++ dhcp3-3.1.0/README.ldap 2008-02-20 13:21:26.000000000 +0100
2597
+LDAP Support in DHCP
2598
+Brian Masney <masneyb@ntelos.net>
2599
+Last updated 3/23/2003
2601
+This document describes setting up the DHCP server to read it's configuration
2602
+from LDAP. This work is based on the IETF document
2603
+draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest
2604
+version of this document, please see http://home.ntelos.net/~masneyb.
2606
+First question on most people's mind is "Why do I want to store my
2607
+configuration in LDAP?" If you run a small DHCP server, and the configuration
2608
+on it rarely changes, then you won't need to store your configuration in LDAP.
2609
+But, if you have several DHCP servers, and you want an easy way to manage your
2610
+configuration, this can be a solution.
2612
+The first step will be to setup your LDAP server. I am using OpenLDAP from
2613
+www.openldap.org. Building and installing OpenLDAP is beyond the scope of this
2614
+document. There is plenty of documentation out there about this. Once you have
2615
+OpenLDAP installed, you will have to edit your slapd.conf file. I added the
2616
+following 2 lines to my configuration file:
2618
+include /etc/ldap/schema/dhcp.schema
2619
+index dhcpHWAddress eq
2620
+index dhcpClassData eq
2622
+The first line tells it to include the dhcp schema file. You will find this
2623
+file under the contrib directory in this distribution. You will need to copy
2624
+this file to where your other schema files are (maybe
2625
+/usr/local/openldap/etc/openldap/schema/). The second line sets up
2626
+an index for the dhcpHWAddress parameter. The third parameter is for reading
2627
+subclasses from LDAP every time a DHCP request comes in. Make sure you run the
2628
+slapindex command and restart slapd to have these changes to into effect.
2630
+Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/)
2631
+to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click
2632
+on the Schema tab. Go under objectClasses, and you should see at least the
2633
+following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions,
2634
+dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and
2635
+dhcpSubnet. If you do not see these, you need to check over your LDAP
2636
+configuration before you go any further.
2638
+You should now be ready to build DHCP. If you would like to enable LDAP over
2639
+SSL, you will need to perform the following steps:
2641
+ * Edit the includes/site.h file and uncomment the USE_SSL line
2642
+ or specify "-DUSE_SSL" via CFLAGS.
2643
+ * Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
2644
+ from the SRC= and OBJ= lines (around line 24)
2645
+ * Now run configure in the base source directory. If you chose to enable
2646
+ LDAP over SSL, you must append -lcrypto -lssl to the LIBS= line in the file
2647
+ work.os/server/Makefile (replace os with your operating system, linux-2.2 on
2648
+ my machine). You should now be able to type make to build your DHCP server.
2650
+If you choose to not enable LDAP over SSL, then you only need to run configure
2651
+and make in the toplevel source directory.
2653
+Once you have DHCP installed, you will need to setup your initial plaintext
2654
+config file. In my /etc/dhcpd.conf file, I have:
2656
+ldap-server "localhost";
2658
+ldap-username "cn=DHCP User, dc=ntelos, dc=net";
2659
+ldap-password "blah";
2660
+ldap-base-dn "dc=ntelos, dc=net";
2661
+ldap-method dynamic;
2662
+ldap-debug-file "/var/log/dhcp-ldap-startup.log";
2664
+If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
2665
+server trys to use TLS if possible, but continues without TLS if not.
2667
+You can modify this behaviour using following option in /etc/dhcpd.conf:
2669
+ldap-ssl <off | ldaps | start_tls | on>
2670
+ off: disables TLS/LDAPS.
2671
+ ldaps: enables LDAPS -- don't forget to set ldap-port to 636.
2672
+ start_tls: enables TLS using START_TLS command
2673
+ on: enables LDAPS if ldap-port is set to 636 or TLS in
2676
+See also "man 5 ldap.conf" for description the following TLS related
2678
+ ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
2679
+ ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
2681
+All of these parameters should be self explanatory except for the ldap-method.
2682
+You can set this to static or dynamic. If you set it to static, the
2683
+configuration is read once on startup, and LDAP isn't used anymore. But, if you
2684
+set this to dynamic, the configuration is read once on startup, and the
2685
+hosts that are stored in LDAP are looked up every time a DHCP request comes in.
2687
+When the optional statement ldap-debug-file is specified, on startup the DHCP
2688
+server will write out the configuration that it generated from LDAP. If you are
2689
+getting errors about your LDAP configuration, this is a good place to start
2692
+The next step is to set up your LDAP tree. Here is an example config that will
2693
+give a 10.100.0.x address to machines that have a host entry in LDAP.
2694
+Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace
2695
+dc=ntelos, dc=net with your base dn). If you would like to convert your
2696
+existing dhcpd.conf file to LDIF format, there is a script
2697
+contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type
2698
+dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
2700
+# You must specify the server's host name in LDAP that you are going to run
2701
+# DHCP on and point it to which config tree you want to use. Whenever DHCP
2702
+# first starts up, it will do a search for this entry to find out which
2704
+dn: cn=brian.ntelos.net, dc=ntelos, dc=net
2706
+objectClass: dhcpServer
2707
+cn: brian.ntelos.net
2708
+dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
2710
+# Here is the config tree that brian.ntelos.net points to.
2711
+dn: cn=DHCP Service Config, dc=ntelos, dc=net
2712
+cn: DHCP Service Config
2714
+objectClass: dhcpService
2715
+dhcpPrimaryDN: dc=ntelos, dc=net
2716
+dhcpStatements: ddns-update-style none
2717
+dhcpStatements: default-lease-time 600
2718
+dhcpStatements: max-lease-time 7200
2720
+# Set up a shared network segment
2721
+dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
2724
+objectClass: dhcpSharedNetwork
2726
+# Set up a subnet declaration with a pool statement. Also note that we have
2727
+# a dhcpOptions object with this entry
2728
+dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
2731
+objectClass: dhcpSubnet
2732
+objectClass: dhcpOptions
2733
+dhcpOption: domain-name-servers 10.100.0.2
2734
+dhcpOption: routers 10.100.0.1
2735
+dhcpOption: subnet-mask 255.255.255.0
2736
+dhcpOption: broadcast-address 10.100.0.255
2739
+# Set up a pool for this subnet. Only known hosts will get these IPs
2740
+dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
2743
+objectClass: dhcpPool
2744
+dhcpRange: 10.100.0.3 10.100.0.254
2745
+dhcpPermitList: deny unknown-clients
2747
+# Set up another subnet declaration with a pool statement
2748
+dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
2751
+objectClass: dhcpSubnet
2752
+objectClass: dhcpOptions
2753
+dhcpOption: domain-name-servers 10.200.0.2
2754
+dhcpOption: routers 10.200.0.1
2755
+dhcpOption: subnet-mask 255.255.255.0
2756
+dhcpOption: broadcast-address 10.200.0.255
2759
+# Set up a pool for this subnet. Only unknown hosts will get these IPs
2760
+dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
2763
+objectClass: dhcpPool
2764
+dhcpRange: 10.200.0.3 10.200.0.254
2765
+dhcpPermitList: deny known clients
2767
+# Set aside a group for all of our known MAC addresses
2768
+dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
2770
+objectClass: dhcpGroup
2773
+# Host entry for my laptop
2774
+dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
2776
+objectClass: dhcpHost
2778
+dhcpHWAddress: ethernet 00:00:00:00:00:00
2780
+You can use the command slapadd to load all of these entries into your LDAP
2781
+server. After you load this, you should be able to start up DHCP. If you run
2782
+into problems reading the configuration, try running dhcpd with the -d flag.
2783
+If you still have problems, edit the site.conf file in the DHCP source and
2784
+add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make
2785
+clean and rerun configure before you rebuild).