rpms/dhcp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Use LDAP configuration patch from upstream tarball

Browse Source
This commit is contained in:
David Cantrell 2009-03-09 23:01:07 +00:00
parent dbecea21a4
commit 2cca9db02c
9 changed files with 61 additions and 5258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -1 +1,2 @@
dhcp-4.1.0.tar.gz
ldap-for-dhcp-4.1.0.tar.gz

192
README.ldap
View File

@ -1,192 +0,0 @@
LDAP Support in DHCP
Brian Masney <masneyb@gftp.org>
Last updated 3/23/2003
This document describes setting up the DHCP server to read it's configuration
from LDAP. This work is based on the IETF document
draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the
latest version of this document, please see http://home.ntelos.net/~masneyb.
First question on most people's mind is "Why do I want to store my
configuration in LDAP?" If you run a small DHCP server, and the configuration
on it rarely changes, then you won't need to store your configuration in LDAP.
But, if you have several DHCP servers, and you want an easy way to manage your
configuration, this can be a solution.
The first step will be to setup your LDAP server. I am using OpenLDAP from
www.openldap.org. Building and installing OpenLDAP is beyond the scope of
this document. There is plenty of documentation out there about this. Once
you have OpenLDAP installed, you will have to edit your slapd.conf file. I
added the following 2 lines to my configuration file:
include /etc/ldap/schema/dhcp.schema
index dhcpHWAddress eq
index dhcpClassData eq
The first line tells it to include the dhcp schema file. You will find this
file under the contrib directory in this distribution. You will need to copy
this file to where your other schema files are (maybe
/usr/local/openldap/etc/openldap/schema/). The second line sets up an index
for the dhcpHWAddress parameter. The third parameter is for reading subclasses
from LDAP every time a DHCP request comes in. Make sure you run the slapindex
command and restart slapd to have these changes to into effect.
Now that you have LDAP setup, you should be able to use gq
(http://biot.com/gq/) to verify that the dhcp schema file is loaded into LDAP.
Pull up gq, and click on the Schema tab. Go under objectClasses, and you
should see at least the following object classes listed: dhcpClass, dhcpGroup,
dhcpHost, dhcpOptions, dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork,
dhcpSubClass, and dhcpSubnet. If you do not see these, you need to check over
your LDAP configuration before you go any further.
You should now be ready to build DHCP. If you would like to enable LDAP over
SSL, you will need to perform the following steps:
* Edit the includes/site.h file and uncomment the USE_SSL line
or specify "-DUSE_SSL" via CFLAGS.
* Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
from the SRC= and OBJ= lines (around line 24)
* Now run configure in the base source directory. If you chose to enable
LDAP over SSL, you must append -lcrypto -lssl to the LIBS= line in the
file work.os/server/Makefile (replace os with your operating system,
linux-2.2 on my machine). You should now be able to type make to build
your DHCP server.
If you choose to not enable LDAP over SSL, then you only need to run configure
and make in the toplevel source directory.
Once you have DHCP installed, you will need to setup your initial plaintext
config file. In my /etc/dhcpd.conf file, I have:
ldap-server "localhost";
ldap-port 389;
ldap-username "cn=DHCP User, dc=ntelos, dc=net";
ldap-password "blah";
ldap-base-dn "dc=ntelos, dc=net";
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";
If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
server trys to use TLS if possible, but continues without TLS if not.
You can modify this behaviour using following option in /etc/dhcpd.conf:
ldap-ssl <off | ldaps | start_tls | on>
off: disables TLS/LDAPS.
ldaps: enables LDAPS -- don't forget to set ldap-port to 636.
start_tls: enables TLS using START_TLS command
on: enables LDAPS if ldap-port is set to 636 or TLS in
other cases.
See also "man 5 ldap.conf" for description the following TLS related
options:
ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
All of these parameters should be self explanatory except for the ldap-method.
You can set this to static or dynamic. If you set it to static, the
configuration is read once on startup, and LDAP isn't used anymore. But, if
you set this to dynamic, the configuration is read once on startup, and the
hosts that are stored in LDAP are looked up every time a DHCP request comes
in.
When the optional statement ldap-debug-file is specified, on startup the DHCP
server will write out the configuration that it generated from LDAP. If you
are getting errors about your LDAP configuration, this is a good place to
start looking.
The next step is to set up your LDAP tree. Here is an example config that will
give a 10.100.0.x address to machines that have a host entry in LDAP.
Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace
dc=ntelos, dc=net with your base dn). If you would like to convert your
existing dhcpd.conf file to LDIF format, there is a script
contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type
dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
# You must specify the server's host name in LDAP that you are going to run
# DHCP on and point it to which config tree you want to use. Whenever DHCP
# first starts up, it will do a search for this entry to find out which
# config to use
dn: cn=brian.ntelos.net, dc=ntelos, dc=net
objectClass: top
objectClass: dhcpServer
cn: brian.ntelos.net
dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
# Here is the config tree that brian.ntelos.net points to.
dn: cn=DHCP Service Config, dc=ntelos, dc=net
cn: DHCP Service Config
objectClass: top
objectClass: dhcpService
dhcpPrimaryDN: dc=ntelos, dc=net
dhcpStatements: ddns-update-style none
dhcpStatements: default-lease-time 600
dhcpStatements: max-lease-time 7200
# Set up a shared network segment
dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: WV
objectClass: top
objectClass: dhcpSharedNetwork
# Set up a subnet declaration with a pool statement. Also note that we have
# a dhcpOptions object with this entry
dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: 10.100.0.0
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpOption: domain-name-servers 10.100.0.2
dhcpOption: routers 10.100.0.1
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 10.100.0.255
dhcpNetMask: 24
# Set up a pool for this subnet. Only known hosts will get these IPs
dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: Known Pool
objectClass: top
objectClass: dhcpPool
dhcpRange: 10.100.0.3 10.100.0.254
dhcpPermitList: deny unknown-clients
# Set up another subnet declaration with a pool statement
dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: 10.200.0.0
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpOption: domain-name-servers 10.200.0.2
dhcpOption: routers 10.200.0.1
dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 10.200.0.255
dhcpNetMask: 24
# Set up a pool for this subnet. Only unknown hosts will get these IPs
dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: Known Pool
objectClass: top
objectClass: dhcpPool
dhcpRange: 10.200.0.3 10.200.0.254
dhcpPermitList: deny known clients
# Set aside a group for all of our known MAC addresses
dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
objectClass: top
objectClass: dhcpGroup
cn: Customers
# Host entry for my laptop
dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
objectClass: top
objectClass: dhcpHost
cn: brianlaptop
dhcpHWAddress: ethernet 00:00:00:00:00:00
You can use the command slapadd to load all of these entries into your LDAP
server. After you load this, you should be able to start up DHCP. If you run
into problems reading the configuration, try running dhcpd with the -d flag.
If you still have problems, edit the site.conf file in the DHCP source and
add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make
clean and rerun configure before you rebuild).

2667
dhcp-4.1.0-ldap-configuration.patch
View File

File diff suppressed because it is too large Load Diff

462
dhcp.schema
View File

@ -1,462 +0,0 @@
attributetype ( 2.16.840.1.113719.1.203.4.1
NAME 'dhcpPrimaryDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of the dhcpServer which is the primary server for the configuration.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.2
NAME 'dhcpSecondaryDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.3
NAME 'dhcpStatements'
EQUALITY caseIgnoreIA5Match
DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.4
NAME 'dhcpRange'
EQUALITY caseIgnoreIA5Match
DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen. Each range is defined as a separate value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.5
NAME 'dhcpPermitList'
EQUALITY caseIgnoreIA5Match
DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.6
NAME 'dhcpNetMask'
EQUALITY integerMatch
DESC 'The subnet mask length for the subnet. The mask can be easily computed from this length.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.7
NAME 'dhcpOption'
EQUALITY caseIgnoreIA5Match
DESC 'Encoded option values to be sent to clients. Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.8
NAME 'dhcpClassData'
EQUALITY caseIgnoreIA5Match
DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons. Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.9
NAME 'dhcpOptionsDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.10
NAME 'dhcpHostDN'
EQUALITY distinguishedNameMatch
DESC 'the distinguished name(s) of the dhcpHost objects.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.11
NAME 'dhcpPoolDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of pools.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.12
NAME 'dhcpGroupDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the groups.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.13
NAME 'dhcpSubnetDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the subnets.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.14
NAME 'dhcpLeaseDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name of a client address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
attributetype ( 2.16.840.1.113719.1.203.4.15
NAME 'dhcpLeasesDN'
DESC 'The distinguished name(s) client addresses.'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.16
NAME 'dhcpClassesDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of a class(es) in a subclass.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.17
NAME 'dhcpSubclassesDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of subclass(es).'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.18
NAME 'dhcpSharedNetworkDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of sharedNetworks.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.19
NAME 'dhcpServiceDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.20
NAME 'dhcpVersion'
DESC 'The version attribute of this object.'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.21
NAME 'dhcpImplementation'
EQUALITY caseIgnoreIA5Match
DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.22
NAME 'dhcpAddressState'
EQUALITY caseIgnoreIA5Match
DESC 'This stores information about the current binding-status of an address. For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.23
NAME 'dhcpExpirationTime'
EQUALITY generalizedTimeMatch
DESC 'This is the time the current lease for an address expires.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.24
NAME 'dhcpStartTimeOfState'
EQUALITY generalizedTimeMatch
DESC 'This is the time of the last state change for a leased address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.25
NAME 'dhcpLastTransactionTime'
EQUALITY generalizedTimeMatch
DESC 'This is the last time a valid DHCP packet was received from the client.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.26
NAME 'dhcpBootpFlag'
EQUALITY booleanMatch
DESC 'This indicates whether the address was assigned via BOOTP.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.27
NAME 'dhcpDomainName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the name of the domain sent to the client by the server. It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN. To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.28
NAME 'dhcpDnsStatus'
EQUALITY integerMatch
DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address. The value is a 16-bit bitmask.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.29
NAME 'dhcpRequestedHostName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the hostname that was requested by the client.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.30
NAME 'dhcpAssignedHostName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.31
NAME 'dhcpReservedForClient'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.32
NAME 'dhcpAssignedToClient'
EQUALITY distinguishedNameMatch
DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to. This attribute is only present in the class when the address is leased.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.33
NAME 'dhcpRelayAgentInfo'
EQUALITY octetStringMatch
DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.34
NAME 'dhcpHWAddress'
EQUALITY caseIgnoreIA5Match
DESC 'The clients hardware address that requested this IP address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.35
NAME 'dhcpHashBucketAssignment'
EQUALITY octetStringMatch
DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.36
NAME 'dhcpDelayedServiceParameter'
EQUALITY integerMatch
DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.37
NAME 'dhcpMaxClientLeadTime'
EQUALITY integerMatch
DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.38
NAME 'dhcpFailOverEndpointState'
EQUALITY caseIgnoreIA5Match
DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.39
NAME 'dhcpErrorLog'
EQUALITY caseIgnoreIA5Match
DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.40
NAME 'dhcpLocatorDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.41
NAME 'dhcpKeyAlgorithm'
EQUALITY caseIgnoreIA5Match
DESC 'Algorithm to generate TSIG Key'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.42
NAME 'dhcpKeySecret'
EQUALITY octetStringMatch
DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.43
NAME 'dhcpDnsZoneServer'
EQUALITY caseIgnoreIA5Match
DESC 'Master server of the DNS Zone'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.44
NAME 'dhcpKeyDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.45
NAME 'dhcpZoneDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.46
NAME 'dhcpFailOverPrimaryServer'
EQUALITY caseIgnoreIA5Match
DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.47
NAME 'dhcpFailOverSecondaryServer'
EQUALITY caseIgnoreIA5Match
DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.48
NAME 'dhcpFailOverPrimaryPort'
EQUALITY integerMatch
DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.49
NAME 'dhcpFailOverSecondaryPort'
EQUALITY integerMatch
DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.50
NAME 'dhcpFailOverResponseDelay'
EQUALITY integerMatch
DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.51
NAME 'dhcpFailOverUnackedUpdates'
EQUALITY integerMatch
DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.52
NAME 'dhcpFailOverSplit'
EQUALITY integerMatch
DESC 'Split between the primary and secondary servers for fail over purpose'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.53
NAME 'dhcpFailOverLoadBalanceTime'
EQUALITY integerMatch
DESC 'Cutoff time in seconds, after which load balance is disabled'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.54
NAME 'dhcpFailOverPeerDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#List of all servers in the tree
attributetype ( 2.16.840.1.113719.1.203.4.55
NAME 'dhcpServerDN'
EQUALITY distinguishedNameMatch
DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.56
NAME 'dhcpComments'
EQUALITY caseIgnoreIA5Match
DESC 'Generic attribute that allows coments within any DHCP object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# Classes
objectclass ( 2.16.840.1.113719.1.203.6.1
NAME 'dhcpService'
DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
SUP top
MUST (cn)
MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
objectclass ( 2.16.840.1.113719.1.203.6.2
NAME 'dhcpSharedNetwork'
DESC 'This stores configuration information for a shared network.'
SUP top
MUST cn
MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.3
NAME 'dhcpSubnet'
DESC 'This class defines a subnet. This is a container object.'
SUP top
MUST ( cn $ dhcpNetMask )
MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.4
NAME 'dhcpPool'
DESC 'This stores configuration information about a pool.'
SUP top
MUST ( cn $ dhcpRange )
MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.5
NAME 'dhcpGroup'
DESC 'Group object that lists host DNs and parameters. This is a container object.'
SUP top
MUST cn
MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.6
NAME 'dhcpHost'
DESC 'This represents information about a particular client'
SUP top
MUST cn
MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
objectclass ( 2.16.840.1.113719.1.203.6.7
NAME 'dhcpClass'
DESC 'Represents information about a collection of related clients.'
SUP top
MUST cn
MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
objectclass ( 2.16.840.1.113719.1.203.6.8
NAME 'dhcpSubClass'
DESC 'Represents information about a collection of related classes.'
SUP top
MUST cn
MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
objectclass ( 2.16.840.1.113719.1.203.6.9
NAME 'dhcpOptions'
DESC 'Represents information about a collection of options defined.'
SUP top AUXILIARY
MUST cn
MAY ( dhcpOption $ dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
objectclass ( 2.16.840.1.113719.1.203.6.10
NAME 'dhcpLeases'
DESC 'This class represents an IP Address, which may or may not have been leased.'
SUP top
MUST ( cn $ dhcpAddressState )
MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
objectclass ( 2.16.840.1.113719.1.203.6.11
NAME 'dhcpLog'
DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.'
SUP top
MUST ( cn )
MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.12
NAME 'dhcpServer'
DESC 'DHCP Server Object'
SUP top
MUST ( cn )
MAY (dhcpServiceDN $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
objectclass ( 2.16.840.1.113719.1.203.6.13
NAME 'dhcpTSigKey'
DESC 'TSIG key for secure dynamic updates'
SUP top
MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret )
MAY ( dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.14
NAME 'dhcpDnsZone'
DESC 'DNS Zone for updating leases'
SUP top
MUST (cn $ dhcpDnsZoneServer )
MAY (dhcpKeyDN $ dhcpComments)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.15
NAME 'dhcpFailOverPeer'
DESC 'This class defines the Fail over peer'
SUP top
MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.16
NAME 'dhcpLocator'
DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
SUP top
MUST ( cn )
MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments)
X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )

121
dhcp.spec
View File

@ -4,7 +4,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.1.0
Release: 10%{?dist}
Release: 11%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@ -14,36 +14,31 @@ License: ISC
Group: System Environment/Daemons
URL: http://isc.org/products/DHCP/
Source0: ftp://ftp.isc.org/isc/%{name}/%{name}-%{version}.tar.gz
Source1: dhcpd.init
Source2: dhcrelay.init
Source3: README.ldap
Source4: draft-ietf-dhc-ldap-schema-01.txt
Source5: dhcpd-conf-to-ldap
Source8: dhclient-script
Source9: dhcp.schema
Source10: get-ldap-patch.sh
Source11: README.dhclient.d
Source1: http://dcantrel.fedorapeople.org/dhcp/ldap-patch/ldap-for-dhcp-%{version}.tar.gz
Source2: dhcpd.init
Source3: dhcrelay.init
Source4: dhclient-script
Source5: README.dhclient.d
Patch0: %{name}-4.1.0-errwarn-message.patch
Patch1: %{name}-4.1.0-ldap-configuration.patch
Patch2: %{name}-4.1.0-memory.patch
Patch3: %{name}-4.1.0-options.patch
Patch4: %{name}-4.1.0-release-by-ifup.patch
Patch5: %{name}-4.1.0-dhclient-decline-backoff.patch
Patch6: %{name}-4.1.0-unicast-bootp.patch
Patch7: %{name}-4.1.0-failover-ports.patch
Patch8: %{name}-4.1.0-dhclient-usage.patch
Patch9: %{name}-4.1.0-default-requested-options.patch
Patch10: %{name}-4.1.0-xen-checksum.patch
Patch11: %{name}-4.1.0-dhclient-anycast.patch
Patch12: %{name}-4.1.0-manpages.patch
Patch13: %{name}-4.1.0-paths.patch
Patch14: %{name}-4.1.0-CLOEXEC.patch
Patch15: %{name}-4.1.0-inherit-leases.patch
Patch16: %{name}-4.1.0-garbage-chars.patch
Patch17: %{name}-4.1.0-port-validation.patch
Patch18: %{name}-4.1.0-invalid-dhclient-conf.patch
Patch19: %{name}-4.1.0-missing-ipv6-not-fatal.patch
Patch1: %{name}-4.1.0-memory.patch
Patch2: %{name}-4.1.0-options.patch
Patch3: %{name}-4.1.0-release-by-ifup.patch
Patch4: %{name}-4.1.0-dhclient-decline-backoff.patch
Patch5: %{name}-4.1.0-unicast-bootp.patch
Patch6: %{name}-4.1.0-failover-ports.patch
Patch7: %{name}-4.1.0-dhclient-usage.patch
Patch8: %{name}-4.1.0-default-requested-options.patch
Patch9: %{name}-4.1.0-xen-checksum.patch
Patch10: %{name}-4.1.0-dhclient-anycast.patch
Patch11: %{name}-4.1.0-manpages.patch
Patch12: %{name}-4.1.0-paths.patch
Patch13: %{name}-4.1.0-CLOEXEC.patch
Patch14: %{name}-4.1.0-inherit-leases.patch
Patch15: %{name}-4.1.0-garbage-chars.patch
Patch16: %{name}-4.1.0-port-validation.patch
Patch17: %{name}-4.1.0-invalid-dhclient-conf.patch
Patch18: %{name}-4.1.0-missing-ipv6-not-fatal.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf
@ -100,96 +95,93 @@ libdhcpctl and libomapi static libraries are also included in this package.
%prep
%setup -q
%setup -T -D -a 1
# Add in LDAP support
%{__patch} -p1 < ldap-for-dhcp-%{version}/%{name}-%{version}-ldap.patch
# Replace the standard ISC warning message about requesting help with an
# explanation that this is a patched build of ISC DHCP and bugs should be
# reported through bugzilla.redhat.com
%patch0 -p1
# Add support for dhcpd.conf data in LDAP
# NOTE: Use get-ldap-patch.sh to pull down latest LDAP patch and then modify
# it for this package.
%patch1 -p1
# Fix memory alignment and initialization problems in common/packet.c
# Fix buffer overflow in minires library
# Init struct sock_prog in common/lpf.c to NULL
%patch2 -p1
%patch1 -p1
# Add more dhclient options (-I, -B, -H, -F, -timeout, -V, and -R)
%patch3 -p1
%patch2 -p1
# Handle releasing interfaces requested by /sbin/ifup
# pid file is assumed to be /var/run/dhclient-$interface.pid
%patch4 -p1
%patch3 -p1
# If we receive a DHCP offer in dhclient and it's DECLINEd in dhclient-script,
# backoff for an amount of time before trying again
%patch5 -p1
%patch4 -p1
# Support unicast BOOTP for IBM pSeries systems (and maybe others)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19146])
%patch6 -p1
%patch5 -p1
# Use the following IANA-registered failover ports:
# dhcp-failover 647/tcp
# dhcp-failover 647/udp
# dhcp-failover 847/tcp
# dhcp-failover 847/udp
%patch7 -p1
%patch6 -p1
# Update the usage screen for dhclient(8) indicating new options
# Use printf() rather than log_info() to display the information
# Also, return EXIT_FAILURE when the usage() screen is displayed (stop parsing)
%patch8 -p1
%patch7 -p1
# Add NIS domain, NIS servers, and NTP servers to the list of default
# requested DHCP options
%patch9 -p1
%patch8 -p1
# Handle Xen partial UDP checksums
%patch10 -p1
%patch9 -p1
# Add anycast support to dhclient (for OLPC)
%patch11 -p1
%patch10 -p1
# Patch man page contents
%patch12 -p1
%patch11 -p1
# Change paths to conform to our standards
%patch13 -p1
%patch12 -p1
# Make sure all open file descriptors are closed-on-exec for SELinux (#446632)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19148])
%patch14 -p1
%patch13 -p1
# If we have an active lease, do not down the interface (#453982)
%patch15 -p1
%patch14 -p1
# Fix 'garbage in format string' error (#450042)
%patch16 -p1
%patch15 -p1
# Validate port numbers specified for dhclient, dhcpd, and dhcrelay
# to make sure they are within 1-65535, inclusive. (#438149)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #18695])
%patch17 -p1
%patch16 -p1
# The sample dhclient.conf should say 'supersede domain-search' (#467955)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19147])
%patch18 -p1
%patch17 -p1
# If the ipv6 kernel module is missing, do not segfault
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19367]
%patch19 -p1
%patch18 -p1
# Copy in documentation and example scripts for LDAP patch to dhcpd
%{__install} -p -m 0644 %{SOURCE3} .
%{__install} -p -m 0644 %{SOURCE4} doc/
%{__install} -p -m 0755 %{SOURCE5} contrib/
%{__install} -p -m 0755 ldap-for-dhcp-%{version}/dhcpd-conf-to-ldap contrib/
# Copy in the Fedora/RHEL dhclient script
%{__install} -p -m 0755 %{SOURCE8} client/scripts/linux
%{__install} -p -m 0644 %{SOURCE11} .
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
%{__install} -p -m 0644 %{SOURCE5} .
# Ensure we don't pick up Perl as a dependency from the scripts and modules
# in the contrib directory (we copy this to /usr/share/doc in the final
@ -272,8 +264,8 @@ CFLAGS="%{optflags} -fPIC -D_GNU_SOURCE -DLDAP_CONFIGURATION -DUSE_SSL" \
# Install init scripts
%{__mkdir} -p %{buildroot}%{_initrddir}
%{__install} -p -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/dhcpd
%{__install} -p -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/dhcrelay
%{__install} -p -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/dhcpd
%{__install} -p -m 0755 %{SOURCE3} %{buildroot}%{_initrddir}/dhcrelay
# Start empty lease databases
%{__mkdir} -p %{buildroot}%{_localstatedir}/lib/dhcpd/
@ -311,7 +303,8 @@ EOF
# Install dhcp.schema for LDAP configuration
%{__mkdir} -p %{buildroot}%{_sysconfdir}/openldap/schema
%{__install} -p -m 0644 -D %{SOURCE9} %{buildroot}%{_sysconfdir}/openldap/schema
%{__install} -p -m 0644 -D ldap-for-dhcp-%{version}/dhcp.schema \
%{buildroot}%{_sysconfdir}/openldap/schema
# Install empty directory for dhclient.d scripts
%{__mkdir} -p %{buildroot}%{_sysconfdir}/dhcp/dhclient.d
@ -369,8 +362,9 @@ fi
%files
%defattr(-,root,root,-)
%doc LICENSE README README.ldap RELNOTES dhcpd.conf.sample
%doc doc/IANA-arp-parameters doc/api+protocol doc/*.txt __fedora_contrib/*
%doc LICENSE README ldap-for-dhcp-%{version}/README.ldap
%doc RELNOTES dhcpd.conf.sample doc/IANA-arp-parameters doc/api+protocol
%doc doc/*.txt __fedora_contrib/* ldap-for-dhcp-%{version}/*.txt
%dir %{_localstatedir}/lib/dhcpd
%dir %{_sysconfdir}/dhcp
%verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd.leases
@ -419,6 +413,9 @@ fi
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
%changelog
* Mon Mar 09 2009 David Cantrell <dcantrell@redhat.com> - 12:4.1.0-11
- Use LDAP configuration patch from upstream tarball
* Thu Mar 05 2009 David Cantrell <dcantrell@redhat.com> - 12:4.1.0-10
- restorecon fixes for /etc/localtime and /etc/resolv.conf (#488470)

760
dhcpd-conf-to-ldap
View File

@ -1,760 +0,0 @@
#!/usr/bin/perl -w
# Brian Masney <masneyb@gftp.org>
# To use this script, set your base DN below. Then run
# ./dhcpd-conf-to-ldap.pl < /path-to-dhcpd-conf/dhcpd.conf > output-file
# The output of this script will generate entries in LDIF format. You can use
# the slapadd command to add these entries into your LDAP server. You will
# definately want to double check that your LDAP entries are correct before
# you load them into LDAP.
# This script does not do much error checking. Make sure before you run this
# that the DHCP server doesn't give any errors about your config file
# FailOver notes:
# Failover is disabled by default, since it may need manually intervention.
# You can try the '--use=failover' option to see what happens :-)
#
# If enabled, the failover pool references will be written to LDIF output.
# The failover configs itself will be added to the dhcpServer statements
# and not to the dhcpService object (since this script uses only one and
# it may be usefull to have multiple service containers in failover mode).
# Further, this script does not check if primary or secondary makes sense,
# it simply converts what it gets...
use Net::Domain qw(hostname hostfqdn hostdomain);
use Getopt::Long;
my $domain = hostdomain(); # your.domain
my $basedn = "dc=".$domain;
$basedn =~ s/\./,dc=/g; # dc=your,dc=domain
my $server = hostname(); # hostname (nodename)
my $dhcpcn = 'DHCP Config'; # CN of DHCP config tree
my $dhcpdn = "cn=$dhcpcn, $basedn"; # DHCP config tree DN
my $second = ''; # secondary server DN / hostname
my $i_conf = ''; # dhcp.conf file to read or stdin
my $o_ldif = ''; # output ldif file name or stdout
my @use = (); # extended flags (failover)
sub usage($;$)
{
my $rc = shift;
my $err= shift;
print STDERR "Error: $err\n\n" if(defined $err);
print STDERR <<__EOF_USAGE__;
usage:
$0 [options] < dhcpd.conf > dhcpd.ldif
options:
--basedn "dc=your,dc=domain" ("$basedn")
--dhcpdn "dhcp config DN" ("$dhcpdn")
--server "dhcp server name" ("$server")
--second "secondary server or DN" ("$second")
--conf "/path/to/dhcpd.conf" (default is stdin)
--ldif "/path/to/output.ldif" (default is stdout)
--use "extended features" (see source comments)
__EOF_USAGE__
exit($rc);
}
sub next_token
{
local ($lowercase) = @_;
local ($token, $newline);
do
{
if (!defined ($line) || length ($line) == 0)
{
$line = <>;
return undef if !defined ($line);
chop $line;
$line_number++;
$token_number = 0;
}
$line =~ s/#.*//;
$line =~ s/^\s+//;
$line =~ s/\s+$//;
}
while (length ($line) == 0);
if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
{
if ($token =~ /^"/) {
#handle quoted token
if ($token !~ /"\s*$/)
{
($tok, $newline) = $newline =~ /([^"]+")(.*)/;
$token .= " $tok";
}
}
$line = $newline;
}
else
{
$token = $line;
$line = '';
}
$token_number++;
$token =~ y/[A-Z]/[a-z]/ if $lowercase;
return ($token);
}
sub remaining_line
{
local ($block) = shift || 0;
local ($tmp, $str);
$str = "";
while (defined($tmp = next_token (0)))
{
$str .= ' ' if !($str eq "");
$str .= $tmp;
last if $tmp =~ /;\s*$/;
last if($block and $tmp =~ /\s*[}{]\s*$/);
}
$str =~ s/;$//;
return ($str);
}
sub
add_dn_to_stack
{
local ($dn) = @_;
$current_dn = "$dn, $current_dn";
}
sub
remove_dn_from_stack
{
$current_dn =~ s/^.*?,\s*//;
}
sub
parse_error
{
print "Parse error on line number $line_number at token number $token_number\n";
exit (1);
}
sub
print_entry
{
return if (scalar keys %curentry == 0);
if (!defined ($curentry{'type'}))
{
$hostdn = "cn=$server, $basedn";
print "dn: $hostdn\n";
print "cn: $server\n";
print "objectClass: top\n";
print "objectClass: dhcpServer\n";
print "dhcpServiceDN: $current_dn\n";
if(grep(/FaIlOvEr/i, @use))
{
foreach my $fo_peer (keys %failover)
{
next if(scalar(@{$failover{$fo_peer}}) <= 1);
print "dhcpStatements: failover peer $fo_peer { ",
join('; ', @{$failover{$fo_peer}}), "; }\n";
}
}
print "\n";
print "dn: $current_dn\n";
print "cn: $dhcpcn\n";
print "objectClass: top\n";
print "objectClass: dhcpService\n";
if (defined ($curentry{'options'}))
{
print "objectClass: dhcpOptions\n";
}
print "dhcpPrimaryDN: $hostdn\n";
if(grep(/FaIlOvEr/i, @use) and ($second ne ''))
{
print "dhcpSecondaryDN: $second\n";
}
}
elsif ($curentry{'type'} eq 'subnet')
{
print "dn: $current_dn\n";
print "cn: " . $curentry{'ip'} . "\n";
print "objectClass: top\n";
print "objectClass: dhcpSubnet\n";
if (defined ($curentry{'options'}))
{
print "objectClass: dhcpOptions\n";
}
print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
if (defined ($curentry{'ranges'}))
{
foreach $statement (@{$curentry{'ranges'}})
{
print "dhcpRange: $statement\n";
}
}
}
elsif ($curentry{'type'} eq 'shared-network')
{
print "dn: $current_dn\n";
print "cn: " . $curentry{'descr'} . "\n";
print "objectClass: top\n";
print "objectClass: dhcpSharedNetwork\n";
if (defined ($curentry{'options'}))
{
print "objectClass: dhcpOptions\n";
}
}
elsif ($curentry{'type'} eq 'group')
{
print "dn: $current_dn\n";
print "cn: group", $curentry{'idx'}, "\n";
print "objectClass: top\n";
print "objectClass: dhcpGroup\n";
if (defined ($curentry{'options'}))
{
print "objectClass: dhcpOptions\n";
}
}
elsif ($curentry{'type'} eq 'host')
{
print "dn: $current_dn\n";
print "cn: " . $curentry{'host'} . "\n";
print "objectClass: top\n";
print "objectClass: dhcpHost\n";
if (defined ($curentry{'options'}))
{
print "objectClass: dhcpOptions\n";
}
if (defined ($curentry{'hwaddress'}))
{
$curentry{'hwaddress'} =~ y/[A-Z]/[a-z]/;
print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
}
}
elsif ($curentry{'type'} eq 'pool')
{
print "dn: $current_dn\n";
print "cn: pool", $curentry{'idx'}, "\n";
print "objectClass: top\n";
print "objectClass: dhcpPool\n";
if (defined ($curentry{'options'}))
{
print "objectClass: dhcpOptions\n";
}
if (defined ($curentry{'ranges'}))
{
foreach $statement (@{$curentry{'ranges'}})
{
print "dhcpRange: $statement\n";
}
}
}
elsif ($curentry{'type'} eq 'class')
{
print "dn: $current_dn\n";
print "cn: " . $curentry{'class'} . "\n";
print "objectClass: top\n";
print "objectClass: dhcpClass\n";
if (defined ($curentry{'options'}))
{
print "objectClass: dhcpOptions\n";
}
}
elsif ($curentry{'type'} eq 'subclass')
{
print "dn: $current_dn\n";
print "cn: " . $curentry{'subclass'} . "\n";
print "objectClass: top\n";
print "objectClass: dhcpSubClass\n";
if (defined ($curentry{'options'}))
{
print "objectClass: dhcpOptions\n";
}
print "dhcpClassData: " . $curentry{'class'} . "\n";
}
if (defined ($curentry{'statements'}))
{
foreach $statement (@{$curentry{'statements'}})
{
print "dhcpStatements: $statement\n";
}
}
if (defined ($curentry{'options'}))
{
foreach $statement (@{$curentry{'options'}})
{
print "dhcpOption: $statement\n";
}
}
print "\n";
undef (%curentry);
}
sub parse_netmask
{
local ($netmask) = @_;
local ($i);
if ((($a, $b, $c, $d) = $netmask =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) != 4)
{
parse_error ();
}
$num = (($a & 0xff) << 24) |
(($b & 0xff) << 16) |
(($c & 0xff) << 8) |
($d & 0xff);
for ($i=1; $i<=32 && $num & (1 << (32 - $i)); $i++)
{
}
$i--;
return ($i);
}
sub parse_subnet
{
local ($ip, $tmp, $netmask);
print_entry () if %curentry;
$ip = next_token (0);
parse_error () if !defined ($ip);
$tmp = next_token (1);
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq 'netmask');
$tmp = next_token (0);
parse_error () if !defined ($tmp);
$netmask = parse_netmask ($tmp);
$tmp = next_token (0);
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
add_dn_to_stack ("cn=$ip");
$curentry{'type'} = 'subnet';
$curentry{'ip'} = $ip;
$curentry{'netmask'} = $netmask;
$cursubnet = $ip;
$curcounter{$ip} = { pool => 0, group => 0 };
}
sub parse_shared_network
{
local ($descr, $tmp);
print_entry () if %curentry;
$descr = next_token (0);
parse_error () if !defined ($descr);
$tmp = next_token (0);
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
add_dn_to_stack ("cn=$descr");
$curentry{'type'} = 'shared-network';
$curentry{'descr'} = $descr;
}
sub parse_host
{
local ($descr, $tmp);
print_entry () if %curentry;
$host = next_token (0);
parse_error () if !defined ($host);
$tmp = next_token (0);
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
add_dn_to_stack ("cn=$host");
$curentry{'type'} = 'host';
$curentry{'host'} = $host;
}
sub parse_group
{
local ($descr, $tmp);
print_entry () if %curentry;
$tmp = next_token (0);
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
my $idx;
if(exists($curcounter{$cursubnet})) {
$idx = ++$curcounter{$cursubnet}->{'group'};
} else {
$idx = ++$curcounter{''}->{'group'};
}
add_dn_to_stack ("cn=group".$idx);
$curentry{'type'} = 'group';
$curentry{'idx'} = $idx;
}
sub parse_pool
{
local ($descr, $tmp);
print_entry () if %curentry;
$tmp = next_token (0);
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
my $idx;
if(exists($curcounter{$cursubnet})) {
$idx = ++$curcounter{$cursubnet}->{'pool'};
} else {
$idx = ++$curcounter{''}->{'pool'};
}
add_dn_to_stack ("cn=pool".$idx);
$curentry{'type'} = 'pool';
$curentry{'idx'} = $idx;
}
sub parse_class
{
local ($descr, $tmp);
print_entry () if %curentry;
$class = next_token (0);
parse_error () if !defined ($class);
$tmp = next_token (0);
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
$class =~ s/\"//g;
add_dn_to_stack ("cn=$class");
$curentry{'type'} = 'class';
$curentry{'class'} = $class;
}
sub parse_subclass
{
local ($descr, $tmp);
print_entry () if %curentry;
$class = next_token (0);
parse_error () if !defined ($class);
$subclass = next_token (0);
parse_error () if !defined ($subclass);
$tmp = next_token (0);
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
add_dn_to_stack ("cn=$subclass");
$curentry{'type'} = 'subclass';
$curentry{'class'} = $class;
$curentry{'subclass'} = $subclass;
}
sub parse_hwaddress
{
local ($type, $hw, $tmp);
$type = next_token (1);
parse_error () if !defined ($type);
$hw = next_token (1);
parse_error () if !defined ($hw);
$hw =~ s/;$//;
$curentry{'hwaddress'} = "$type $hw";
}
sub parse_range
{
local ($tmp, $str);
$str = remaining_line ();
if (!($str eq ''))
{
$str =~ s/;$//;
push (@{$curentry{'ranges'}}, $str);
}
}
sub parse_statement
{
local ($token) = shift;
local ($str);
if ($token eq 'option')
{
$str = remaining_line ();
push (@{$curentry{'options'}}, $str);
}
elsif($token eq 'failover')
{
$str = remaining_line (1); # take care on block
if($str =~ /[{]/)
{
my ($peername, @statements);
parse_error() if($str !~ /^\s*peer\s+(.+?)\s+[{]\s*$/);
parse_error() if(($peername = $1) !~ /^\"?[^\"]+\"?$/);
#
# failover config block found:
# e.g. 'failover peer "some-name" {'
#
if(not grep(/FaIlOvEr/i, @use))
{
print STDERR "Warning: Failover config 'peer $peername' found!\n";
print STDERR " Skipping it, since failover disabled!\n";
print STDERR " You may try out --use=failover option.\n";
}
until($str =~ /[}]/ or $str eq "")
{
$str = remaining_line (1);
# collect all statements, except ending '}'
push(@statements, $str) if($str !~ /[}]/);
}
$failover{$peername} = [@statements];
}
else
{
#
# pool reference to failover config is fine
# e.g. 'failover peer "some-name";'
#
if(not grep(/FaIlOvEr/i, @use))
{
print STDERR "Warning: Failover reference '$str' found!\n";
print STDERR " Skipping it, since failover disabled!\n";
print STDERR " You may try out --use=failover option.\n";
}
else
{
push (@{$curentry{'statements'}}, $token. " " . $str);
}
}
}
elsif($token eq 'zone')
{
$str = $token;
while($str !~ /}$/) {
$str .= ' ' . next_token (0);
}
push (@{$curentry{'statements'}}, $str);
}
elsif($token =~ /^(authoritative)[;]*$/)
{
push (@{$curentry{'statements'}}, $1);
}
else
{
$str = $token . " " . remaining_line ();
push (@{$curentry{'statements'}}, $str);
}
}
my $ok = GetOptions(
'basedn=s' => \$basedn,
'dhcpdn=s' => \$dhcpdn,
'server=s' => \$server,
'second=s' => \$second,
'conf=s' => \$i_conf,
'ldif=s' => \$o_ldif,
'use=s' => \@use,
'h|help|usage' => sub { usage(0); },
);
unless($server =~ /^\w+/)
{
usage(1, "invalid server name '$server'");
}
unless($basedn =~ /^\w+=[^,]+/)
{
usage(1, "invalid base dn '$basedn'");
}
if($dhcpdn =~ /^cn=([^,]+)/i)
{
$dhcpcn = "$1";
}
$second = '' if not defined $second;
unless($second eq '' or $second =~ /^cn=[^,]+\s*,\s*\w+=[^,]+/i)
{
if($second =~ /^cn=[^,]+$/i)
{
# relative DN 'cn=name'
$second = "$second, $basedn";
}
elsif($second =~ /^\w+/)
{
# assume hostname only
$second = "cn=$second, $basedn";
}
else
{
usage(1, "invalid secondary '$second'")
}
}
usage(1) unless($ok);
if($i_conf ne "" and -f $i_conf)
{
if(not open(STDIN, '<', $i_conf))
{
print STDERR "Error: can't open conf file '$i_conf': $!\n";
exit(1);
}
}
if($o_ldif ne "")
{
if(-e $o_ldif)
{
print STDERR "Error: output ldif name '$o_ldif' already exists!\n";
exit(1);
}
if(not open(STDOUT, '>', $o_ldif))
{
print STDERR "Error: can't open ldif file '$o_ldif': $!\n";
exit(1);
}
}
print STDERR "Creating LDAP Configuration with the following options:\n";
print STDERR "\tBase DN: $basedn\n";
print STDERR "\tDHCP DN: $dhcpdn\n";
print STDERR "\tServer DN: cn=$server, $basedn\n";
print STDERR "\tSecondary DN: $second\n"
if(grep(/FaIlOvEr/i, @use) and $second ne '');
print STDERR "\n";
my $token;
my $token_number = 0;
my $line_number = 0;
my %curentry;
my $cursubnet = '';
my %curcounter = ( '' => { pool => 0, group => 0 } );
$current_dn = "$dhcpdn";
$curentry{'descr'} = $dhcpcn;
$line = '';
%failover = ();
while (($token = next_token (1)))
{
if ($token eq '}')
{
print_entry () if %curentry;
if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
# don't go below dhcpdn ...
remove_dn_from_stack ();
}
}
elsif ($token eq 'subnet')
{
parse_subnet ();
next;
}
elsif ($token eq 'shared-network')
{
parse_shared_network ();
next;
}
elsif ($token eq 'class')
{
parse_class ();
next;
}
elsif ($token eq 'subclass')
{
parse_subclass ();
next;
}
elsif ($token eq 'pool')
{
parse_pool ();
next;
}
elsif ($token eq 'group')
{
parse_group ();
next;
}
elsif ($token eq 'host')
{
parse_host ();
next;
}
elsif ($token eq 'hardware')
{
parse_hwaddress ();
next;
}
elsif ($token eq 'range')
{
parse_range ();
next;
}
else
{
parse_statement ($token);
next;
}
}
close(STDIN) if($i_conf);
close(STDOUT) if($o_ldif);
print STDERR "Done.\n";

1089
draft-ietf-dhc-ldap-schema-01.txt
View File

File diff suppressed because it is too large Load Diff

26
get-ldap-patch.sh
View File

@ -1,26 +0,0 @@
#!/bin/bash
#
# Fetch latest version of LDAP patch. The patch is downloaded and split in
# the ldap/ subdirectory. It is up to the packager to merge the updates with
# the RPM.
#
# Upstream: http://home.ntelos.net/~masneyb/
#
# David Cantrell <dcantrell@redhat.com>
#
CWD=$(pwd)
rm -f masneyb.html-$$
wget -O masneyb.html-$$ http://home.ntelos.net/~masneyb
p="$(grep "ldap-patch" masneyb.html-$$ | cut -d '>' -f 3 | cut -d '<' -f 1)"
rm -f masneyb.html-$$
rm -rf ldap/
mkdir -p ldap/
cd ldap/
wget -N http://home.ntelos.net/~masneyb/$p
splitdiff -a -d $p
rm -f $p
rm -f *_debian_*

1
sources
View File

@ -1 +1,2 @@
1fffed2e8c3d67b111316d6a9b33db7a dhcp-4.1.0.tar.gz
782cf7358bab53fd564895a253f93fff ldap-for-dhcp-4.1.0.tar.gz