- Put dhcp.schema in /etc/openldap/schema (#330471)

- Remove manpages patch and keep modified man pages as Source files - Improve dhclient.8 man page to list options in a style consistent with most other man pages on the planet - Upgrade to latest dhcp LDAP patch, which brings in a new dhcpd-conf-to-ldap script, updated schema file, and other bug fixes including SSL support for LDAP authentication (#375711) - Do not run dhcpd and dhcrelay services by default (#362321)
2007-11-12 23:16:08 +00:00 · 2007-11-12 23:16:08 +00:00 · 35ba231dc0
commit 35ba231dc0
parent 1c9504e307
15 changed files with 8632 additions and 1129 deletions
--- a/README.ldap
+++ b/README.ldap
@ -1,51 +1,61 @@
 LDAP Support in DHCP
 Brian Masney <masneyb@ntelos.net>
-Last updated 8/16/2002
+Last updated 3/23/2003
-This document describes setting up the DHCP server to read it's configuration 
+This document describes setting up the DHCP server to read it's configuration
-from LDAP. This work is based on the IETF document 
+from LDAP.  This work is based on the IETF document
-draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest
+draft-ietf-dhc-ldap-schema-01.txt included in the doc directory.  For the
-version of this document, please see http://home.ntelos.net/~masneyb.
+latest version of this document, please see http://home.ntelos.net/~masneyb.
-First question on most people's mind is "Why do I want to store my 
+First question on most people's mind is "Why do I want to store my
-configuration in LDAP?" If you run a small DHCP server, and the configuration
+configuration in LDAP?"  If you run a small DHCP server, and the configuration
 on it rarely changes, then you won't need to store your configuration in LDAP.
-But, if you have several DHCP servers, and you want an easy way to manage your 
+But, if you have several DHCP servers, and you want an easy way to manage your
-configuration, this can be a solution. 
+configuration, this can be a solution.
-The first step will be to setup your LDAP server. I am using OpenLDAP from
+The first step will be to setup your LDAP server.  I am using OpenLDAP from
-www.openldap.org. Building and installing OpenLDAP is beyond the scope of this 
+www.openldap.org.  Building and installing OpenLDAP is beyond the scope of
-document. There is plenty of documentation out there about this. Once you have 
+this document.  There is plenty of documentation out there about this.  Once
-OpenLDAP installed, you will have to edit your slapd.conf file. I added the 
+you have OpenLDAP installed, you will have to edit your slapd.conf file.  I
-following 2 lines to my configuration file:
+added the following 2 lines to my configuration file:
 include         /etc/ldap/schema/dhcp.schema
-index           dhcpHWAddress 	eq
+index           dhcpHWAddress eq
-index           dhcpClassData	eq
+index           dhcpClassData eq
-The first line tells it to include the dhcp schema file. You will find this 
+The first line tells it to include the dhcp schema file.  You will find this
-file under the contrib directory in this distribution. You will need to copy 
+file under the contrib directory in this distribution.  You will need to copy
 this file to where your other schema files are (maybe
-/usr/local/openldap/etc/openldap/schema/). The second line sets up
+/usr/local/openldap/etc/openldap/schema/).  The second line sets up an index
-an index for the dhcpHWAddress parameter. The third parameter is for reading 
+for the dhcpHWAddress parameter.  The third parameter is for reading subclasses
-subclasses from LDAP every time a DHCP request comes in. Make sure you run the 
+from LDAP every time a DHCP request comes in. Make sure you run the slapindex
-slapindex command and restart slapd to have these changes to into effect.
+command and restart slapd to have these changes to into effect.
-Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/)
+Now that you have LDAP setup, you should be able to use gq
-to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click
+(http://biot.com/gq/) to verify that the dhcp schema file is loaded into LDAP.
-on the Schema tab. Go under objectClasses, and you should see at least the 
+Pull up gq, and click on the Schema tab.  Go under objectClasses, and you
-following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions, 
+should see at least the following object classes listed: dhcpClass, dhcpGroup,
-dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and 
+dhcpHost, dhcpOptions, dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork,
-dhcpSubnet. If you do not see these, you need to check over your LDAP 
+dhcpSubClass, and dhcpSubnet.  If you do not see these, you need to check over
-configuration before you go any further.
+your LDAP configuration before you go any further.
-You should be ready to build DHCP. Edit the includes/site.h file and uncomment
+You should now be ready to build DHCP.  If you would like to enable LDAP over
-the #define LDAP_CONFIGURATION. Now run configure in the base source directory.
+SSL, you will need to perform the following steps:
 Edit the work.os/server/Makefile and add -lldap to the LIBS= line. (replace os
 with your operating system, linux-2.2 on my machine). You should be able to 
 type make to build your DHCP server. 
-Once you have DHCP installed, you will need to setup your initial plaintext 
+  * Edit the includes/site.h file and uncomment the USE_SSL line
    or specify "-DUSE_SSL" via CFLAGS.
  * Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
    from the SRC= and OBJ= lines (around line 24)
  * Now run configure in the base source directory. If you chose to enable
    LDAP over SSL, you must append -lcrypto -lssl to the LIBS= line in the
    file work.os/server/Makefile (replace os with your operating system,
    linux-2.2 on my machine).  You should now be able to type make to build
    your DHCP server.
 If you choose to not enable LDAP over SSL, then you only need to run configure
 and make in the toplevel source directory.
 Once you have DHCP installed, you will need to setup your initial plaintext
 config file. In my /etc/dhcpd.conf file, I have:
 ldap-server "localhost";
@ -54,23 +64,48 @@ ldap-username "cn=DHCP User, dc=ntelos, dc=net";
 ldap-password "blah";
 ldap-base-dn "dc=ntelos, dc=net";
 ldap-method dynamic;
 ldap-debug-file "/var/log/dhcp-ldap-startup.log";
 If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
 server trys to use TLS if possible, but continues without TLS if not.
 You can modify this behaviour using following option in /etc/dhcpd.conf:
 ldap-ssl <off | ldaps | start_tls | on>
   off:       disables TLS/LDAPS.
   ldaps:     enables LDAPS -- don't forget to set ldap-port to 636.
   start_tls: enables TLS using START_TLS command
   on:        enables LDAPS if ldap-port is set to 636 or TLS in 
              other cases.
 See also "man 5 ldap.conf" for description the following TLS related 
 options:
   ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
   ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
 All of these parameters should be self explanatory except for the ldap-method.
-You can set this to static or dynamic. If you set it to static, the 
+You can set this to static or dynamic.  If you set it to static, the
-configuration is read once on startup, and LDAP isn't used anymore. But, if you
+configuration is read once on startup, and LDAP isn't used anymore.  But, if
-set this to dynamic, the configuration is read once on startup, and the 
+you set this to dynamic, the configuration is read once on startup, and the
-hosts that are stored in LDAP are looked up every time a DHCP request comes in.
+hosts that are stored in LDAP are looked up every time a DHCP request comes
 in.
 When the optional statement ldap-debug-file is specified, on startup the DHCP
 server will write out the configuration that it generated from LDAP.  If you
 are getting errors about your LDAP configuration, this is a good place to
 start looking.
 The next step is to set up your LDAP tree. Here is an example config that will
-give a 10.100.0.x address to machines that have a host entry in LDAP. 
+give a 10.100.0.x address to machines that have a host entry in LDAP.
-Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace 
+Otherwise, it will give a 10.200.0.x address to them.  (NOTE: replace
-dc=ntelos, dc=net with your base dn). If you would like to convert your 
+dc=ntelos, dc=net with your base dn). If you would like to convert your
-existing dhcpd.conf file to LDIF format, there is a script 
+existing dhcpd.conf file to LDIF format, there is a script
-contrib/dhcpd-conf-to-ldap.pl that will convert it for you.
+contrib/dhcpd-conf-to-ldap.pl that will convert it for you.  Type
 dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
 # You must specify the server's host name in LDAP that you are going to run
-# DHCP on and point it to which config tree you want to use. Whenever DHCP 
+# DHCP on and point it to which config tree you want to use.  Whenever DHCP
-# first starts up, it will do a search for this entry to find out which 
+# first starts up, it will do a search for this entry to find out which
 # config to use
 dn: cn=brian.ntelos.net, dc=ntelos, dc=net
 objectClass: top
@ -78,13 +113,13 @@ objectClass: dhcpServer
 cn: brian.ntelos.net
 dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
-# Here is the config tree that brian.ntelos.net points to. 
+# Here is the config tree that brian.ntelos.net points to.
 dn: cn=DHCP Service Config, dc=ntelos, dc=net
 cn: DHCP Service Config
 objectClass: top
 objectClass: dhcpService
 dhcpPrimaryDN: dc=ntelos, dc=net
-dhcpStatements: ddns-update-style ad-hoc
+dhcpStatements: ddns-update-style none
 dhcpStatements: default-lease-time 600
 dhcpStatements: max-lease-time 7200
@ -94,7 +129,7 @@ cn: WV
 objectClass: top
 objectClass: dhcpSharedNetwork
-# Set up a subnet declaration with a pool statement. Also note that we have
+# Set up a subnet declaration with a pool statement.  Also note that we have
 # a dhcpOptions object with this entry
 dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
 cn: 10.100.0.0
@ -107,7 +142,7 @@ dhcpOption: subnet-mask 255.255.255.0
 dhcpOption: broadcast-address 10.100.0.255
 dhcpNetMask: 24
-# Set up a pool for this subnet. Only known hosts will get these IPs
+# Set up a pool for this subnet.  Only known hosts will get these IPs
 dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
 cn: Known Pool
 objectClass: top
--- a/dhclient-script.8
+++ b/dhclient-script.8
@ -0,0 +1,255 @@
 .\"	dhclient-script.8
 .\"
 .\" Copyright (c) 2004-2005 by Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (c) 1996-2003 by Internet Software Consortium
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\"
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\"   Internet Systems Consortium, Inc.
 .\"   950 Charter Street
 .\"   Redwood City, CA 94063
 .\"   <info@isc.org>
 .\"   http://www.isc.org/
 .\"
 .\" This software has been written for Internet Systems Consortium
 .\" by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc.
 .\" To learn more about Internet Systems Consortium, see
 .\" ``http://www.isc.org/''.  To learn more about Vixie Enterprises,
 .\" see ``http://www.vix.com''.   To learn more about Nominum, Inc., see
 .\" ``http://www.nominum.com''.
 .\"
 .\" $Id: dhclient-script.8,v 1.11 2006/02/24 23:16:27 dhankins Exp $
 .\"
 .TH dhclient-script 8
 .SH NAME
 dhclient-script - DHCP client network configuration script
 .SH DESCRIPTION
 The DHCP client network configuration script is invoked from time to
 time by \fBdhclient(8)\fR.  This script is used by the dhcp client to
 set each interface's initial configuration prior to requesting an
 address, to test the address once it has been offered, and to set the
 interface's final configuration once a lease has been acquired.  If no
 lease is acquired, the script is used to test predefined leases, if
 any, and also called once if no valid lease can be identified.
 .PP
 This script is not meant to be customized by the end user.  If local
 customizations are needed, they should be possible using the enter and
 exit hooks provided (see HOOKS for details).   These hooks will allow the
 user to override the default behaviour of the client in creating a
 .B /etc/resolv.conf
 file, and to handle DHCP options not handled by default.
 .PP
 No standard client script exists for some operating systems, even though
 the actual client may work, so a pioneering user may well need to create
 a new script or modify an existing one.  In general, customizations specific
 to a particular computer should be done in the
 .B ETCDIR/dhclient.conf
 file.   If you find that you can't make such a customization without
 customizing
 .B ETCDIR/dhclient.conf
 or using the enter and exit hooks, please submit a bug report.
 .SH HOOKS
 When it starts, the client script first defines a shell function,
 .B make_resolv_conf ,
 which is later used to create the
 .B /etc/resolv.conf
 file.   To override the default behaviour, redefine this function in
 the enter hook script.
 .PP
 On after defining the make_resolv_conf function, the client script checks
 for the presence of an executable
 .B ETCDIR/dhclient-enter-hooks
 script, and if present, it invokes the script inline, using the Bourne
 shell '.' command.   The entire environment documented under OPERATION
 is available to this script, which may modify the environment if needed
 to change the behaviour of the script.   If an error occurs during the
 execution of the script, it can set the exit_status variable to a nonzero
 value, and
 .B CLIENTBINDIR/dhclient-script
 will exit with that error code immediately after the client script exits.
 .PP
 After all processing has completed,
 .B CLIENTBINDIR/dhclient-script
 checks for the presence of an executable
 .B ETCDIR/dhclient-exit-hooks
 script, which if present is invoked using the '.' command.  The exit
 status of dhclient-script will be passed to dhclient-exit-hooks in the
 exit_status shell variable, and will always be zero if the script
 succeeded at the task for which it was invoked.   The rest of the
 environment as described previously for dhclient-enter-hooks is also
 present.   The
 .B ETCDIR/dhclient-exit-hooks
 script can modify the valid of exit_status to change the exit status
 of dhclient-script.
 .PP
 Immediately after dhclient brings an interface UP with a new IP address,
 subnet mask, and routes, in the REBOOT/BOUND states, it will check for the
 existence of an executable
 .B ETCDIR/dhclient-up-hooks
 script, and source it if found. This script can handle DHCP options in
 the environment that are not handled by default. A per-interface.
 .B ETCDIR/dhclient-${IF}-up-hooks
 script will override the generic script and be sourced when interface
 $IF has been brought up.
 .PP
 Immediately before dhclient brings an interface DOWN, removing its IP
 address, subnet mask, and routes, in the STOP/RELEASE  states, it will
 check for the existence of an executable
 .B ETCDIR/dhclient-down-hooks
 script, and source it if found. This script can handle DHCP options in
 the environment that are not handled by default. A per-interface
 .B ETCDIR/dhclient-${IF}-down-hooks
 script will override the generic script and be sourced when interface
 $IF is about to be brought down.
 .SH OPERATION
 When dhclient needs to invoke the client configuration script, it
 defines a set of variables in the environment, and then invokes
 .B CLIENTBINDIR/dhclient-script.
 In all cases, $reason is set to the name of the reason why the script
 has been invoked.   The following reasons are currently defined:
 MEDIUM, PREINIT, BOUND, RENEW, REBIND, REBOOT, EXPIRE, FAIL, STOP, RELEASE,
 NBI and TIMEOUT.
 .PP
 .SH MEDIUM
 The DHCP client is requesting that an interface's media type
 be set.  The interface name is passed in $interface, and the media
 type is passed in $medium.
 .SH PREINIT
 The DHCP client is requesting that an interface be configured as
 required in order to send packets prior to receiving an actual
 address.   For clients which use the BSD socket library, this means
 configuring the interface with an IP address of 0.0.0.0 and a
 broadcast address of 255.255.255.255.   For other clients, it may be
 possible to simply configure the interface up without actually giving
 it an IP address at all.   The interface name is passed in $interface,
 and the media type in $medium.
 .PP
 If an IP alias has been declared in dhclient.conf, its address will be
 passed in $alias_ip_address, and that ip alias should be deleted from
 the interface, along with any routes to it.
 .SH BOUND
 The DHCP client has done an initial binding to a new address.   The
 new ip address is passed in $new_ip_address, and the interface name is
 passed in $interface.   The media type is passed in $medium.   Any
 options acquired from the server are passed using the option name
 described in \fBdhcp-options\fR, except that dashes ('-') are replaced
 by underscores ('_') in order to make valid shell variables, and the
 variable names start with new_.   So for example, the new subnet mask
 would be passed in $new_subnet_mask.
 .PP
 Before actually configuring the address, dhclient-script should
 somehow ARP for it and exit with a nonzero status if it receives a
 reply.   In this case, the client will send a DHCPDECLINE message to
 the server and acquire a different address.   This may also be done in
 the RENEW, REBIND, or REBOOT states, but is not required, and indeed
 may not be desirable.
 .PP
 When a binding has been completed, a lot of network parameters are
 likely to need to be set up.   A new /etc/resolv.conf needs to be
 created, using the values of $new_domain_name and
 $new_domain_name_servers (which may list more than one server,
 separated by spaces).   A default route should be set using
 $new_routers, and static routes may need to be set up using
 $new_static_routes.
 .PP
 If an IP alias has been declared, it must be set up here.   The alias
 IP address will be written as $alias_ip_address, and other DHCP
 options that are set for the alias (e.g., subnet mask) will be passed
 in variables named as described previously except starting with
 $alias_ instead of $new_.   Care should be taken that the alias IP
 address not be used if it is identical to the bound IP address
 ($new_ip_address), since the other alias parameters may be incorrect
 in this case.
 .SH RENEW
 When a binding has been renewed, the script is called as in BOUND,
 except that in addition to all the variables starting with $new_,
 there is another set of variables starting with $old_.  Persistent
 settings that may have changed need to be deleted - for example, if a
 local route to the bound address is being configured, the old local
 route should be deleted.  If the default route has changed, the old default
 route should be deleted.  If the static routes have changed, the old
 ones should be deleted.  Otherwise, processing can be done as with
 BOUND.
 .SH REBIND
 The DHCP client has rebound to a new DHCP server.  This can be handled
 as with RENEW, except that if the IP address has changed, the ARP
 table should be cleared.
 .SH REBOOT
 The DHCP client has successfully reacquired its old address after a
 reboot.   This can be processed as with BOUND.
 .SH EXPIRE
 The DHCP client has failed to renew its lease or acquire a new one,
 and the lease has expired.   The IP address must be relinquished, and
 all related parameters should be deleted, as in RENEW and REBIND.
 .SH FAIL
 The DHCP client has been unable to contact any DHCP servers, and any
 leases that have been tested have not proved to be valid.   The
 parameters from the last lease tested should be deconfigured.   This
 can be handled in the same way as EXPIRE.
 .SH STOP
 The dhclient has been informed to shut down gracefully, the
 dhclient-script should unconfigure or shutdown the interface as
 appropriate.
 .SH RELEASE
 The dhclient has been executed using the -r flag, indicating that the
 administrator wishes it to release its lease(s).  dhclient-script should
 unconfigure or shutdown the interface.
 .SH NBI
 No-Broadcast-Interfaces...dhclient was unable to find any interfaces
 upon which it believed it should commence DHCP.  What dhclient-script
 should do in this situation is entirely up to the implementor.
 .SH TIMEOUT
 The DHCP client has been unable to contact any DHCP servers.
 However, an old lease has been identified, and its parameters have
 been passed in as with BOUND.   The client configuration script should
 test these parameters and, if it has reason to believe they are valid,
 should exit with a value of zero.   If not, it should exit with a
 nonzero value.
 .PP
 The usual way to test a lease is to set up the network as with REBIND
 (since this may be called to test more than one lease) and then ping
 the first router defined in $routers.  If a response is received, the
 lease must be valid for the network to which the interface is
 currently connected.   It would be more complete to try to ping all of
 the routers listed in $new_routers, as well as those listed in
 $new_static_routes, but current scripts do not do this.
 .SH FILES
 Each operating system should generally have its own script file,
 although the script files for similar operating systems may be similar
 or even identical.   The script files included in Internet
 Systems Consortium DHCP distribution appear in the distribution tree
 under client/scripts, and bear the names of the operating systems on
 which they are intended to work.
 .SH BUGS
 If more than one interface is being used, there's no obvious way to
 avoid clashes between server-supplied configuration parameters - for
 example, the stock dhclient-script rewrites /etc/resolv.conf.   If
 more than one interface is being configured, /etc/resolv.conf will be
 repeatedly initialized to the values provided by one server, and then
 the other.   Assuming the information provided by both servers is
 valid, this shouldn't cause any real problems, but it could be
 confusing.
 .SH SEE ALSO
 dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
 dhclient.leases(5).
 .SH AUTHOR
 .B dhclient-script(8)
 has been written for Internet Systems Consortium
 by Ted Lemon in cooperation with Vixie
 Enterprises.  To learn more about Internet Systems Consortium,
 see
 .B http://www.isc.org.
 To learn more about Vixie
 Enterprises, see
 .B http://www.vix.com.
--- a/dhclient.8
+++ b/dhclient.8
@ -0,0 +1,428 @@
 .\"	dhclient.8
 .\"
 .\" Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (c) 1996-2003 by Internet Software Consortium
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\"
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\"   Internet Systems Consortium, Inc.
 .\"   950 Charter Street
 .\"   Redwood City, CA 94063
 .\"   <info@isc.org>
 .\"   http://www.isc.org/
 .\"
 .\" Support and other services are available for ISC products - see
 .\" http://www.isc.org for more information.
 .\"
 .\" $Id: dhclient.8,v 1.18.116.4 2007/05/23 23:30:32 each Exp $
 .\"
 .TH dhclient 8
 .SH NAME
 dhclient - Dynamic Host Configuration Protocol Client
 .SH SYNOPSIS
 .B dhclient
 [
 .B -p
 .I port
 ]
 [
 .B -d
 ]
 [
 .B -e
 .I VAR=value
 ]
 [
 .B -q
 ]
 [
 .B -1
 ]
 [
 .B -r
 ]
 [
 .B -x
 ]
 [
 .B -lf
 .I lease-file
 ]
 [
 .B -pf
 .I pid-file
 ]
 [
 .B -cf
 .I config-file
 ]
 [
 .B -sf
 .I script-file
 ]
 [
 .B -s
 server
 ]
 [
 .B -g
 relay
 ]
 [
 .B -n
 ]
 [
 .B -nw
 ]
 [
 .B -w
 ]
 [
 .B -B
 ]
 [
 .B -I
 .I dhcp-client-identifier
 ]
 [
 .B -H
 .I host-name
 .R |
 .B -F fqdn.fqdn
 ]
 [
 .B -V
 .I vendor-class-identifier
 ]
 [
 .B -R
 .I request option list
 ]
 [
 .B -T
 .I timeout
 ]
 [
 .I if0
 [
 .I ...ifN
 ]
 ]
 .SH DESCRIPTION
 The Internet Systems Consortium DHCP Client, dhclient, provides a
 means for configuring one or more network interfaces using the Dynamic
 Host Configuration Protocol, BOOTP protocol, or if these protocols
 fail, by statically assigning an address.
 .SH OPERATION
 .PP
 The DHCP protocol allows a host to contact a central server which
 maintains a list of IP addresses which may be assigned on one or more
 subnets.   A DHCP client may request an address from this pool, and
 then use it on a temporary basis for communication on network.   The
 DHCP protocol also provides a mechanism whereby a client can learn
 important details about the network to which it is attached, such as
 the location of a default router, the location of a name server, and
 so on.
 .PP
 On startup, dhclient reads the
 .IR dhclient.conf
 for configuration instructions.   It then gets a list of all the
 network interfaces that are configured in the current system.   For
 each interface, it attempts to configure the interface using the DHCP
 protocol.
 .PP
 In order to keep track of leases across system reboots and server
 restarts, dhclient keeps a list of leases it has been assigned in the
 dhclient.leases(5) file.   On startup, after reading the dhclient.conf
 file, dhclient reads the dhclient.leases file to refresh its memory
 about what leases it has been assigned.
 .PP
 When a new lease is acquired, it is appended to the end of the
 dhclient.leases file.   In order to prevent the file from becoming
 arbitrarily large, from time to time dhclient creates a new
 dhclient.leases file from its in-core lease database.  The old version
 of the dhclient.leases file is retained under the name
 .IR dhclient.leases~
 until the next time dhclient rewrites the database.
 .PP
 Old leases are kept around in case the DHCP server is unavailable when
 dhclient is first invoked (generally during the initial system boot
 process).   In that event, old leases from the dhclient.leases file
 which have not yet expired are tested, and if they are determined to
 be valid, they are used until either they expire or the DHCP server
 becomes available.
 .PP
 A mobile host which may sometimes need to access a network on which no
 DHCP server exists may be preloaded with a lease for a fixed
 address on that network.   When all attempts to contact a DHCP server
 have failed, dhclient will try to validate the static lease, and if it
 succeeds, will use that lease until it is restarted.
 .PP
 A mobile host may also travel to some networks on which DHCP is not
 available but BOOTP is.   In that case, it may be advantageous to
 arrange with the network administrator for an entry on the BOOTP
 database, so that the host can boot quickly on that network rather
 than cycling through the list of old leases.
 .PP
 The names of the network interfaces that dhclient should attempt to
 configure may be specified on the command line.  If no interface names
 are specified on the command line dhclient will normally identify all
 network interfaces, eliminating non-broadcast interfaces if
 possible, and attempt to configure each interface.
 .PP
 It is also possible to specify interfaces by name in the
 .B dhclient.conf(5)
 file.   If interfaces are specified in this way, then the client will
 only configure interfaces that are either specified in the
 configuration file or on the command line, and will ignore all other
 interfaces.
 .SH OPTIONS
 .TP
 .BI \-p\ <port\ number>
 The UDP port number the DHCP client should listen and transmit on.  If
 unspecified,
 .B dhclient
 uses the default port 68.  This option is mostly useful for debugging
 purposes.  If a different port is specified for the client to listen and
 transmit on, the client will also use a different destination port - one
 greater than the specified destination port.
 .TP
 .BI \-d
 Force
 .B dhclient
 to run as a foreground process.  This is useful when running the client
 under a debugger, or when running it out of inittab on System V systems.
 .TP
 .BI \-e\ VAR=value
 Define additional environment variables for the environment where
 dhclient-script executes.  You may specify multiple
 .B \-e
 options on the command line.
 .TP
 .BI \-q
 Suppress all terminal and log output except error messages.
 .TP
 .BI \-1
 Try one to get a lease.  On failure, exit with code 2.
 .TP
 .BI \-r
 Tell
 .B dhclient
 to release the current lease it has from the server.  This is not required
 by the DHCP protocol, but some ISPs require their clients to notify the
 server if they wish to release an assigned IP address.
 .TP
 .BI \-lf\ <lease-file>
 Path to the lease database file.  If unspecified, the default
 .B DBDIR/dhclient.leases
 is used.
 .TP
 .BI \-pf\ <pid-file>
 Path to the process ID file.  If unspecified, the default
 .B RUNDIR/dhclient.pid
 is used.
 .TP
 .BI \-cf\ <config-file>
 Path to the client configuration file.  If unspecified, the default
 .B ETCDIR/dhclient.conf
 is used.
 .TP
 .BI \-sf\ <script-file>
 Path to the network configuration script invoked by
 .B dhclient
 when it gets a lease.  If unspecified, the default
 .B CLIENTBINDIR/dhclient-script
 is used.
 .TP
 .BI \-s\ <server>
 Specifiy the server IP address or fully qualified domain name to transmit
 DHCP protocol messages to.  Normally,
 .B dhclient
 transmits these messages to 255.255.255.255 (the IP limited broadcast
 address).  Overriding this is mostly useful for debugging purposes.
 .TP
 .BI \-g\ <relay>
 Only for debugging.  Set the giaddr field of all packets the client
 sends to the IP address specified.  This should not be expected to work
 in any consistent or useful way.
 .TP
 .BI \-n
 Do not configure any interfaces.  Most useful combined with the
 .B -w
 option.
 .TP
 .BI \-nw
 Become a daemon process immediately (nowait) rather than waiting until an IP
 address has been acquired.
 .TP
 .BI \-w
 Keep running even if no network interfaces are found.  The
 .B omshell
 program can be used to notify the client when a network interface has been
 added or removed so it can attempt to configure an IP address on that
 interface.
 .TP
 .BI \-B
 Set the BOOTP broadcast flag in request packets so servers will always
 broadcast replies.
 .TP
 .BI \-I\ <dhcp-client-identifier>
 Specify the dhcp-client-identifier option to send to the DHCP server.
 .TP
 .BI \-H\ <host-name>
 Specify the host-name option to send to the DHCP server.  The host-name
 string only contains the client's hostname prefix, to which the server will
 append the ddns-domainname or domain-name options, if any, to derive the
 fully qualified domain name of the client.  The
 .B -H
 option cannot be used with the
 .B -F
 option.
 .TP
 .BI \-F\ <fqdn.fqdn>
 Specify the fqdn.fqdn option to send to the DHCP server.  This option cannot
 be used with the
 .B -H
 option.  The fqdn.fqdn option must specify the complete domain name of the
 client host, which the server may use for dynamic DNS updates.
 .TP
 .BI \-V\ <vendor-class-identifier>
 Specify the vendor-class-identifier option to send to the DHCP server.
 .TP
 .BI \-R\ <option>[,<option>...]
 Specify the list of options the client is to request from the server.  The
 option list must be a single string consisting of option names separated
 by at least one command and optional space characters.  The default option
 list is:
 .BR
    subnet-mask, broadcast-address, time-offset, routers,
 .BR
    domain-name, domain-name-servers, host-name, nis-domain,
 .BR
    nis-servers, ntp-servers
 The
 .B -R
 option does not append options to the default request, it overrides the
 default request list.  Keep this in mind if you want to request an
 additional option besides the default request list.  You will have to
 specify all option names for the
 .B -R
 parameter.
 .TP
 .BI \-T\ <timeout>
 Specify the time after which
 .B dhclient
 will decide that no DHCP servers can be contacted when no responses have been
 received.
 .PP
 If the client is killed by a signal (for example at shutdown or reboot)
 it won't execute the
 .B dhclient-script (8)
 at exit. However if you shut the client down gracefully with
 .B -r
 or
 .B -x
 it will execute
 .B dhclient-script (8)
 at shutdown with the specific reason for calling the script set.
 .PP
 .SH CONFIGURATION
 The syntax of the dhclient.conf(5) file is discussed separately.
 .SH OMAPI
 The DHCP client provides some ability to control it while it is
 running, without stopping it.  This capability is provided using OMAPI,
 an API for manipulating remote objects.  OMAPI clients connect to the
 client using TCP/IP, authenticate, and can then examine the client's
 current status and make changes to it. 
 .PP
 Rather than implementing the underlying OMAPI protocol directly, user
 programs should use the dhcpctl API or OMAPI itself.   Dhcpctl is a
 wrapper that handles some of the housekeeping chores that OMAPI does
 not do automatically.   Dhcpctl and OMAPI are documented in \fBdhcpctl(3)\fR
 and \fBomapi(3)\fR.   Most things you'd want to do with the client can
 be done directly using the \fBomshell(1)\fR command, rather than
 having to write a special program.
 .SH THE CONTROL OBJECT
 The control object allows you to shut the client down, releasing all
 leases that it holds and deleting any DNS records it may have added.
 It also allows you to pause the client - this unconfigures any
 interfaces the client is using.   You can then restart it, which
 causes it to reconfigure those interfaces.   You would normally pause
 the client prior to going into hibernation or sleep on a laptop
 computer.   You would then resume it after the power comes back.
 This allows PC cards to be shut down while the computer is hibernating
 or sleeping, and then reinitialized to their previous state once the
 computer comes out of hibernation or sleep.
 .PP
 The control object has one attribute - the state attribute.   To shut
 the client down, set its state attribute to 2.   It will automatically
 do a DHCPRELEASE.   To pause it, set its state attribute to 3.   To
 resume it, set its state attribute to 4.
 .PP
 .SH FILES
 .B CLIENTBINDIR/dhclient-script,
 .B ETCDIR/dhclient.conf, DBDIR/dhclient.leases, RUNDIR/dhclient.pid,
 .B DBDIR/dhclient.leases~.
 .SH SEE ALSO
 dhcpd(8), dhcrelay(8), dhclient-script(8), dhclient.conf(5),
 dhclient.leases(5), dhcp-eval(5).
 .SH AUTHOR
 .B dhclient(8)
 has been written for Internet Systems Consortium
 by Ted Lemon in cooperation with Vixie
 Enterprises.  To learn more about Internet Systems Consortium,
 see
 .B http://www.isc.org
 To learn more about Vixie
 Enterprises, see
 .B http://www.vix.com.
 .PP
 This client was substantially modified and enhanced by Elliot Poger
 for use on Linux while he was working on the MosquitoNet project at
 Stanford.
 .PP
 The current version owes much to Elliot's Linux enhancements, but
 was substantially reorganized and partially rewritten by Ted Lemon
 so as to use the same networking framework that the Internet Systems
 Consortium DHCP server uses.   Much system-specific configuration code
 was moved into a shell script so that as support for more operating
 systems is added, it will not be necessary to port and maintain
 system-specific configuration code to these operating systems - instead,
 the shell script can invoke the native tools to accomplish the same
 purpose.
 .PP
--- a/dhclient.conf.5
+++ b/dhclient.conf.5
@ -0,0 +1,660 @@
 .\"	$Id: dhclient.conf.5,v 1.17.84.2 2007/05/23 23:30:32 each Exp $
 .\"
 .\" Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (c) 1996-2003 by Internet Software Consortium
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\"
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\"   Internet Systems Consortium, Inc.
 .\"   950 Charter Street
 .\"   Redwood City, CA 94063
 .\"   <info@isc.org>
 .\"   http://www.isc.org/
 .\"
 .\" This software has been written for Internet Software Consortium
 .\" by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc.
 .\" To learn more about Internet Software Consortium, see
 .\" ``http://www.isc.org/''.  To learn more about Vixie Enterprises,
 .\" see ``http://www.vix.com''.   To learn more about Nominum, Inc., see
 .\" ``http://www.nominum.com''.
 .\"
 .\" $Id: dhclient.conf.5,v 1.17.84.2 2007/05/23 23:30:32 each Exp $
 .\"
 .TH dhclient.conf 5
 .SH NAME
 dhclient.conf - DHCP client configuration file
 .SH DESCRIPTION
 The dhclient.conf file contains configuration information for
 .IR dhclient,
 the Internet Systems Consortium DHCP Client.
 .PP
 The dhclient.conf file is a free-form ASCII text file.   It is parsed by
 the recursive-descent parser built into dhclient.   The file may contain
 extra tabs and newlines for formatting purposes.  Keywords in the file
 are case-insensitive.   Comments may be placed anywhere within the
 file (except within quotes).   Comments begin with the # character and
 end at the end of the line.
 .PP
 The dhclient.conf file can be used to configure the behaviour of the
 client in a wide variety of ways: protocol timing, information
 requested from the server, information required of the server,
 defaults to use if the server does not provide certain information,
 values with which to override information provided by the server, or
 values to prepend or append to information provided by the server.
 The configuration file can also be preinitialized with addresses to
 use on networks that don't have DHCP servers.
 .SH PROTOCOL TIMING
 The timing behaviour of the client need not be configured by the user.
 If no timing configuration is provided by the user, a fairly
 reasonable timing behaviour will be used by default - one which
 results in fairly timely updates without placing an inordinate load on
 the server.
 .PP
 The following statements can be used to adjust the timing behaviour of
 the DHCP client if required, however:
 .PP
 .I The
 .B timeout
 .I statement
 .PP
 .B timeout
 .I time
 .B ;
 .PP
 The
 .I timeout
 statement determines the amount of time that must pass between the
 time that the client begins to try to determine its address and the
 time that it decides that it's not going to be able to contact a
 server.   By default, this timeout is sixty seconds.   After the
 timeout has passed, if there are any static leases defined in the
 configuration file, or any leases remaining in the lease database that
 have not yet expired, the client will loop through these leases
 attempting to validate them, and if it finds one that appears to be
 valid, it will use that lease's address.   If there are no valid
 static leases or unexpired leases in the lease database, the client
 will restart the protocol after the defined retry interval.
 .PP
 .I The
 .B retry
 .I statement
 .PP
 \fBretry \fItime\fR\fB;\fR
 .PP
 The
 .I retry
 statement determines the time that must pass after the client has
 determined that there is no DHCP server present before it tries again
 to contact a DHCP server.   By default, this is five minutes.
 .PP
 .I The
 .B select-timeout
 .I statement
 .PP
 \fBselect-timeout \fItime\fR\fB;\fR
 .PP
 It is possible (some might say desirable) for there to be more than
 one DHCP server serving any given network.   In this case, it is
 possible that a client may be sent more than one offer in response to
 its initial lease discovery message.   It may be that one of these
 offers is preferable to the other (e.g., one offer may have the
 address the client previously used, and the other may not).
 .PP
 The
 .I select-timeout
 is the time after the client sends its first lease discovery request
 at which it stops waiting for offers from servers, assuming that it
 has received at least one such offer.   If no offers have been
 received by the time the
 .I select-timeout
 has expired, the client will accept the first offer that arrives.
 .PP
 By default, the select-timeout is zero seconds - that is, the client
 will take the first offer it sees.
 .PP
 .I The
 .B reboot
 .I statement
 .PP
 \fBreboot \fItime\fR\fB;\fR
 .PP
 When the client is restarted, it first tries to reacquire the last
 address it had.   This is called the INIT-REBOOT state.   If it is
 still attached to the same network it was attached to when it last
 ran, this is the quickest way to get started.   The
 .I reboot
 statement sets the time that must elapse after the client first tries
 to reacquire its old address before it gives up and tries to discover
 a new address.   By default, the reboot timeout is ten seconds.
 .PP
 .I The
 .B backoff-cutoff
 .I statement
 .PP
 \fBbackoff-cutoff \fItime\fR\fB;\fR
 .PP
 The client uses an exponential backoff algorithm with some randomness,
 so that if many clients try to configure themselves at the same time,
 they will not make their requests in lockstep.   The
 .I backoff-cutoff
 statement determines the maximum amount of time that the client is
 allowed to back off, the actual value will be evaluated randomly between
 1/2 to 1 1/2 times the \fItime\fR specified.   It defaults to two minutes.
 .PP
 .I The
 .B initial-interval
 .I statement
 .PP
 \fBinitial-interval \fItime\fR\fB;\fR
 .PP
 The
 .I initial-interval
 statement sets the amount of time between the first attempt to reach a
 server and the second attempt to reach a server.  Each time a message
 is sent, the interval between messages is incremented by twice the
 current interval multiplied by a random number between zero and one.
 If it is greater than the backoff-cutoff amount, it is set to that
 amount.  It defaults to ten seconds.
 .SH LEASE REQUIREMENTS AND REQUESTS
 The DHCP protocol allows the client to request that the server send it
 specific information, and not send it other information that it is not
 prepared to accept.   The protocol also allows the client to reject
 offers from servers if they don't contain information the client
 needs, or if the information provided is not satisfactory.
 .PP
 There is a variety of data contained in offers that DHCP servers send
 to DHCP clients.  The data that can be specifically requested is what
 are called \fIDHCP Options\fR.  DHCP Options are defined in
 \fBdhcp-options(5)\fR.
 .PP
 .I The
 .B request
 .I statement
 .PP
 \fBrequest [ \fIoption\fR ] [\fB,\fI ... \fIoption\fR ]\fB;\fR
 .PP
 The request statement causes the client to request that any server
 responding to the client send the client its values for the specified
 options.   Only the option names should be specified in the request
 statement - not option parameters.   By default, the DHCP server
 requests the subnet-mask, broadcast-address, time-offset, routers,
 domain-name, domain-name-servers, host-name, nis-domain, nis-servers,
 and ntp-servers options.
 .PP
 In some cases, it may be desirable to send no parameter request list
 at all.   To do this, simply write the request statement but specify
 no parameters:
 .PP
 .nf
 	request;
 .fi
 .PP
 .I The
 .B require
 .I statement
 .PP
 \fBrequire [ \fIoption\fR ] [\fB,\fI ... \fIoption ]\fB;\fR
 .PP
 The require statement lists options that must be sent in order for an
 offer to be accepted.   Offers that do not contain all the listed
 options will be ignored.
 .PP
 .I The
 .B send
 .I statement
 .PP
 \fBsend { [ \fIoption declaration\fR ]
 [\fB,\fI ... \fIoption declaration\fR ]\fB}\fR
 .PP
 The send statement causes the client to send the specified options to
 the server with the specified values.  These are full option
 declarations as described in \fBdhcp-options(5)\fR.  Options that are
 always sent in the DHCP protocol should not be specified here, except
 that the client can specify a \fBrequested-lease-time\fR option other
 than the default requested lease time, which is two hours.  The other
 obvious use for this statement is to send information to the server
 that will allow it to differentiate between this client and other
 clients or kinds of clients.
 .SH DYNAMIC DNS
 The client now has some very limited support for doing DNS updates
 when a lease is acquired.   This is prototypical, and probably doesn't
 do what you want.   It also only works if you happen to have control
 over your DNS server, which isn't very likely.
 .PP
 To make it work, you have to declare a key and zone as in the DHCP
 server (see \fBdhcpd.conf\fR(5) for details).   You also need to
 configure the fqdn option on the client, as follows:
 .PP
 .nf
  send fqdn.fqdn "grosse.fugue.com.";
  send fqdn.encoded on;
  send fqdn.server-update off;
 .fi
 .PP
 The \fIfqdn.fqdn\fR option \fBMUST\fR be a fully-qualified domain
 name.   You \fBMUST\fR define a zone statement for the zone to be
 updated.   The \fIfqdn.encoded\fR option may need to be set to
 \fIon\fR or \fIoff\fR, depending on the DHCP server you are using.
 .PP
 .I The
 .B do-forward-updates
 .I statement
 .PP
 \fBdo-forward-updates [ \fIflag\fR ] \fB;\fR
 .PP
 If you want to do DNS updates in the DHCP client
 script (see \fBdhclient-script(8)\fR) rather than having the
 DHCP client do the update directly (for example, if you want to
 use SIG(0) authentication, which is not supported directly by the
 DHCP client, you can instruct the client not to do the update using
 the \fBdo-forward-updates\fR statement.   \fIFlag\fR should be \fBtrue\fR
 if you want the DHCP client to do the update, and \fBfalse\fR if
 you don't want the DHCP client to do the update.   By default, the DHCP
 client will do the DNS update.
 .SH OPTION MODIFIERS
 In some cases, a client may receive option data from the server which
 is not really appropriate for that client, or may not receive
 information that it needs, and for which a useful default value
 exists.   It may also receive information which is useful, but which
 needs to be supplemented with local information.   To handle these
 needs, several option modifiers are available.
 .PP
 .I The
 .B default
 .I statement
 .PP
 \fBdefault [ \fIoption declaration\fR ] \fB;\fR
 .PP
 If for some option the client should use the value supplied by
 the server, but needs to use some default value if no value was supplied
 by the server, these values can be defined in the
 .B default
 statement.
 .PP
 .I The
 .B supersede
 .I statement
 .PP
 \fBsupersede [ \fIoption declaration\fR ] \fB;\fR
 .PP
 If for some option the client should always use a locally-configured
 value or values rather than whatever is supplied by the server, these
 values can be defined in the 
 .B supersede
 statement.
 .PP
 .I The
 .B prepend
 .I statement
 .PP
 \fBprepend [ \fIoption declaration\fR ] \fB;\fR
 .PP
 If for some set of options the client should use a value you
 supply, and then use the values supplied by
 the server, if any, these values can be defined in the
 .B prepend
 statement.   The
 .B prepend
 statement can only be used for options which
 allow more than one value to be given.   This restriction is not
 enforced - if you ignore it, the behaviour will be unpredictable.
 .PP
 .I The
 .B append
 .I statement
 .PP
 \fBappend [ \fIoption declaration\fR ] \fB;\fR
 .PP
 If for some set of options the client should first use the values
 supplied by the server, if any, and then use values you supply, these
 values can be defined in the
 .B append
 statement.   The
 .B append
 statement can only be used for options which
 allow more than one value to be given.   This restriction is not
 enforced - if you ignore it, the behaviour will be unpredictable.
 .SH LEASE DECLARATIONS
 .PP
 .I The
 .B lease
 .I declaration
 .PP
 \fBlease {\fR \fIlease-declaration\fR [ ... \fIlease-declaration ] \fB}\fR
 .PP
 The DHCP client may decide after some period of time (see \fBPROTOCOL
 TIMING\fR) that it is not going to succeed in contacting a
 server.   At that time, it consults its own database of old leases and
 tests each one that has not yet timed out by pinging the listed router
 for that lease to see if that lease could work.   It is possible to
 define one or more \fIfixed\fR leases in the client configuration file
 for networks where there is no DHCP or BOOTP service, so that the
 client can still automatically configure its address.   This is done
 with the
 .B lease
 statement.
 .PP
 NOTE: the lease statement is also used in the dhclient.leases file in
 order to record leases that have been received from DHCP servers.
 Some of the syntax for leases as described below is only needed in the
 dhclient.leases file.   Such syntax is documented here for
 completeness.
 .PP
 A lease statement consists of the lease keyword, followed by a left
 curly brace, followed by one or more lease declaration statements,
 followed by a right curly brace.   The following lease declarations
 are possible:
 .PP
 \fBbootp;\fR
 .PP
 The
 .B bootp
 statement is used to indicate that the lease was acquired using the
 BOOTP protocol rather than the DHCP protocol.   It is never necessary
 to specify this in the client configuration file.   The client uses
 this syntax in its lease database file.
 .PP
 \fBinterface\fR \fB"\fR\fIstring\fR\fB";\fR
 .PP
 The
 .B interface
 lease statement is used to indicate the interface on which the lease
 is valid.   If set, this lease will only be tried on a particular
 interface.   When the client receives a lease from a server, it always
 records the interface number on which it received that lease.
 If predefined leases are specified in the dhclient.conf file, the
 interface should also be specified, although this is not required.
 .PP
 \fBfixed-address\fR \fIip-address\fR\fB;\fR
 .PP
 The
 .B fixed-address
 statement is used to set the ip address of a particular lease.   This
 is required for all lease statements.   The IP address must be
 specified as a dotted quad (e.g., 12.34.56.78).
 .PP
 \fBfilename "\fR\fIstring\fR\fB";\fR
 .PP
 The
 .B filename
 statement specifies the name of the boot filename to use.   This is
 not used by the standard client configuration script, but is included
 for completeness.
 .PP
 \fBserver-name "\fR\fIstring\fR\fB";\fR
 .PP
 The
 .B server-name
 statement specifies the name of the boot server name to use.   This is
 also not used by the standard client configuration script.
 .PP
 \fBoption\fR \fIoption-declaration\fR\fB;\fR
 .PP
 The
 .B option
 statement is used to specify the value of an option supplied by the
 server, or, in the case of predefined leases declared in
 dhclient.conf, the value that the user wishes the client configuration
 script to use if the predefined lease is used.
 .PP
 \fBscript "\fIscript-name\fB";\fR
 .PP
 The
 .B script
 statement is used to specify the pathname of the dhcp client
 configuration script.  This script is used by the dhcp client to set
 each interface's initial configuration prior to requesting an address,
 to test the address once it has been offered, and to set the
 interface's final configuration once a lease has been acquired.   If
 no lease is acquired, the script is used to test predefined leases, if
 any, and also called once if no valid lease can be identified.   For
 more information, see
 .B dhclient-script(8).
 .PP
 \fBvendor option space "\fIname\fB";\fR
 .PP
 The
 .B vendor option space
 statement is used to specify which option space should be used for
 decoding the vendor-encapsulate-options option if one is received.
 The \fIdhcp-vendor-identifier\fR can be used to request a specific
 class of vendor options from the server.   See
 .B dhcp-options(5)
 for details.
 .PP
 \fBmedium "\fImedia setup\fB";\fR
 .PP
 The
 .B medium
 statement can be used on systems where network interfaces cannot
 automatically determine the type of network to which they are
 connected.  The media setup string is a system-dependent parameter
 which is passed to the dhcp client configuration script when
 initializing the interface.  On Unix and Unix-like systems, the
 argument is passed on the ifconfig command line when configuring the
 interface.
 .PP
 The dhcp client automatically declares this parameter if it uses a
 media type (see the
 .B media
 statement) when configuring the interface in order to obtain a lease.
 This statement should be used in predefined leases only if the network
 interface requires media type configuration.
 .PP
 \fBrenew\fR \fIdate\fB;\fR
 .PP
 \fBrebind\fR \fIdate\fB;\fR
 .PP
 \fBexpire\fR \fIdate\fB;\fR
 .PP
 The \fBrenew\fR statement defines the time at which the dhcp client
 should begin trying to contact its server to renew a lease that it is
 using.   The \fBrebind\fR statement defines the time at which the dhcp
 client should begin to try to contact \fIany\fR dhcp server in order
 to renew its lease.   The \fBexpire\fR statement defines the time at
 which the dhcp client must stop using a lease if it has not been able
 to contact a server in order to renew it.
 .PP
 These declarations are automatically set in leases acquired by the
 DHCP client, but must also be configured in predefined leases - a
 predefined lease whose expiry time has passed will not be used by the
 DHCP client.
 .PP
 Dates are specified as follows:
 .PP
 \fI<weekday> <year>\fB/\fI<month>\fB/\fI<day>
 <hour>\fB:\fI<minute>\fB:\fI<second>\fR
 .PP
 The weekday is present to make it easy for a human to tell when a
 lease expires - it's specified as a number from zero to six, with zero
 being Sunday.  When declaring a predefined lease, it can always be
 specified as zero.  The year is specified with the century, so it
 should generally be four digits except for really long leases.  The
 month is specified as a number starting with 1 for January.  The day
 of the month is likewise specified starting with 1.  The hour is a
 number between 0 and 23, the minute a number between 0 and 59, and the
 second also a number between 0 and 59.
 .SH ALIAS DECLARATIONS
 \fBalias { \fI declarations ... \fB}\fR
 .PP
 Some DHCP clients running TCP/IP roaming protocols may require that in
 addition to the lease they may acquire via DHCP, their interface also
 be configured with a predefined IP alias so that they can have a
 permanent IP address even while roaming.   The Internet Systems
 Consortium DHCP client doesn't support roaming with fixed addresses
 directly, but in order to facilitate such experimentation, the dhcp
 client can be set up to configure an IP alias using the
 .B alias
 declaration.
 .PP
 The alias declaration resembles a lease declaration, except that
 options other than the subnet-mask option are ignored by the standard
 client configuration script, and expiry times are ignored.  A typical
 alias declaration includes an interface declaration, a fixed-address
 declaration for the IP alias address, and a subnet-mask option
 declaration.   A medium statement should never be included in an alias
 declaration.
 .SH OTHER DECLARATIONS
 \fBreject \fIcidr-ip-address\fR [\fB,\fR \fI...\fB \fIcidr-ip-address\fR ] \fB;\fR
 .PP
 The
 .B reject
 statement causes the DHCP client to reject offers from
 servers whose server identifier matches any of the specified hosts or
 subnets.  This can be used to avoid being configured by rogue or
 misconfigured dhcp servers, although it should be a last resort -
 better to track down the bad DHCP server and fix it.
 .PP
 The \fIcidr-ip-address\fR configuration type is of the
 form \fIip-address\fR[\fB/\fIprefixlen\fR], where \fIip-address\fR is a
 dotted quad IP address, and \fRprefixlen\fR is the CIDR prefix length of
 the subnet, counting the number of significant bits in the netmask starting
 from the leftmost end.  Example configuration syntax:
 .PP
 \fIreject\fR 192.168.0.0\fB/\fR16\fB,\fR 10.0.0.5\fB;\fR
 .PP
 The above example would cause offers from any server identifier in the
 entire RFC 1918 "Class C" network 192.168.0.0/16, or the specific
 single address 10.0.0.5, to be rejected.
 .PP
 \fBinterface "\fIname\fB" { \fIdeclarations ... \fB }
 .PP
 A client with more than one network interface may require different
 behaviour depending on which interface is being configured.   All
 timing parameters and declarations other than lease and alias
 declarations can be enclosed in an interface declaration, and those
 parameters will then be used only for the interface that matches the
 specified name.   Interfaces for which there is no interface
 declaration will use the parameters declared outside of any interface
 declaration, or the default settings.
 .PP
 .B Note well:
 ISC dhclient only maintains one list of interfaces, which is either
 determined at startup from command line arguments, or otherwise is
 autodetected.  If you supplied the list of interfaces on the command
 line, this configuration clause will add the named interface to the
 list in such a way that will cause it to be configured by DHCP.  Which
 may not be the result you had intended.  This is an undesirable side
 effect that will be addressed in a future release.
 .PP
 \fBpseudo "\fIname\fR" "\fIreal-name\fB" { \fIdeclarations ... \fB }
 .PP
 Under some circumstances it can be useful to declare a pseudo-interface 
 and have the DHCP client acquire a configuration for that interface.
 Each interface that the DHCP client is supporting normally has a DHCP
 client state machine running on it to acquire and maintain its lease.
 A pseudo-interface is just another state machine running on the
 interface named \fIreal-name\fR, with its own lease and its own
 state.   If you use this feature, you must provide a client identifier
 for both the pseudo-interface and the actual interface, and the two
 identifiers must be different.   You must also provide a separate
 client script for the pseudo-interface to do what you want with the IP
 address.   For example:
 .PP
 .nf
 	interface "ep0" {
 		send dhcp-client-identifier "my-client-ep0";
 	}
 	pseudo "secondary" "ep0" {
 		send dhcp-client-identifier "my-client-ep0-secondary";
 		script "/etc/dhclient-secondary";
 	}
 .fi
 .PP
 The client script for the pseudo-interface should not configure the
 interface up or down - essentially, all it needs to handle are the
 states where a lease has been acquired or renewed, and the states
 where a lease has expired.   See \fBdhclient-script(8)\fR for more
 information.
 .PP
 \fBmedia "\fImedia setup\fB"\fI [ \fB, "\fImedia setup\fB", \fI... ]\fB;\fR
 .PP
 The
 .B media
 statement defines one or more media configuration parameters which may
 be tried while attempting to acquire an IP address.   The dhcp client
 will cycle through each media setup string on the list, configuring
 the interface using that setup and attempting to boot, and then trying
 the next one.   This can be used for network interfaces which aren't
 capable of sensing the media type unaided - whichever media type
 succeeds in getting a request to the server and hearing the reply is
 probably right (no guarantees).
 .PP
 The media setup is only used for the initial phase of address
 acquisition (the DHCPDISCOVER and DHCPOFFER packets).   Once an
 address has been acquired, the dhcp client will record it in its lease
 database and will record the media type used to acquire the address.
 Whenever the client tries to renew the lease, it will use that same
 media type.   The lease must expire before the client will go back to
 cycling through media types.
 .PP
 \fBbootp-broadcast-always;\fR
 .PP
 The
 .B bootp-broadcast-always
 statement instructs dhclient to always set the bootp broadcast flag in
 request packets, so that servers will always broadcast replies.
 This is equivalent to supplying the dhclient -B argument, and has
 the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
 This option is provided as an extension to enable dhclient to work
 on IBM s390 Linux guests.
 .PP
 .SH SAMPLE
 The following configuration file is used on a laptop running NetBSD
 1.3.   The laptop has an IP alias of 192.5.5.213, and has one
 interface, ep0 (a 3com 3C589C).   Booting intervals have been
 shortened somewhat from the default, because the client is known to
 spend most of its time on networks with little DHCP activity.   The
 laptop does roam to multiple networks.
 .nf
 timeout 60;
 retry 60;
 reboot 10;
 select-timeout 5;
 initial-interval 2;
 reject 192.33.137.209;
 interface "ep0" {
    send host-name "andare.fugue.com";
    send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
    send dhcp-lease-time 3600;
    supersede domain-name "fugue.com rc.vix.com home.vix.com";
    prepend domain-name-servers 127.0.0.1;
    request subnet-mask, broadcast-address, time-offset, routers,
 	    domain-name, domain-name-servers, host-name;
    require subnet-mask, domain-name-servers;
    script "CLIENTBINDIR/dhclient-script";
    media "media 10baseT/UTP", "media 10base2/BNC";
 }
 alias {
  interface "ep0";
  fixed-address 192.5.5.213;
  option subnet-mask 255.255.255.255;
 }
 .fi
 This is a very complicated dhclient.conf file - in general, yours
 should be much simpler.   In many cases, it's sufficient to just
 create an empty dhclient.conf file - the defaults are usually fine.
 .SH SEE ALSO
 dhcp-options(5), dhcp-eval(5), dhclient.leases(5), dhcpd(8), dhcpd.conf(5),
 RFC2132, RFC2131.
 .SH AUTHOR
 .B dhclient(8)
 was written by Ted Lemon
 under a contract with Vixie Labs.   Funding
 for this project was provided by Internet Systems Consortium.
 Information about Internet Systems Consortium can be found at
 .B http://www.isc.org.
--- a/dhcp-3.0.6-manpages.patch
+++ b/dhcp-3.0.6-manpages.patch
@ -1,331 +0,0 @@
 diff -up dhcp-3.0.6/dhcpctl/dhcpctl.3.manpages dhcp-3.0.6/dhcpctl/dhcpctl.3
 --- dhcp-3.0.6/dhcpctl/dhcpctl.3.manpages	2004-09-24 17:08:38.000000000 -0400
 +++ dhcp-3.0.6/dhcpctl/dhcpctl.3	2007-09-26 15:22:12.000000000 -0400
@@ -43,7 +43,7 @@
 .\"
 .\"
 .Sh SYNOPSIS
 -.Fd #include <dhcpctl/dhcpctl.h>
 +.Fd #include <dhcpctl.h>
 .Ft dhcpctl_status
 .Fo dhcpctl_initialize
 .Fa void
@@ -426,7 +426,7 @@ that most error checking has been ommitt
 #include <netinet/in.h>
 #include <isc/result.h>
 -#include <dhcpctl/dhcpctl.h>
 +#include <dhcpctl.h>
 int main (int argc, char **argv) {
 	dhcpctl_data_string ipaddrstring = NULL;
 diff -up dhcp-3.0.6/server/dhcpd.conf.5.manpages dhcp-3.0.6/server/dhcpd.conf.5
 --- dhcp-3.0.6/server/dhcpd.conf.5.manpages	2007-05-01 16:42:56.000000000 -0400
 +++ dhcp-3.0.6/server/dhcpd.conf.5	2007-09-26 15:24:18.000000000 -0400
@@ -531,9 +531,9 @@ primary server might look like this:
 failover peer "foo" {
   primary;
   address anthrax.rc.vix.com;
 -  port 519;
 +  port 647;
   peer address trantor.rc.vix.com;
 -  peer port 520;
 +  peer port 847;
   max-response-delay 60;
   max-unacked-updates 10;
   mclt 3600;
@@ -592,9 +592,7 @@ statement
 .B port \fIport-number\fR\fB;\fR
 .PP
 The \fBport\fR statement declares the TCP port on which the server
 -should listen for connections from its failover peer.   This statement
 -may not currently be omitted, because the failover protocol does not
 -yet have a reserved TCP port number.
 +should listen for connections from its failover peer.
 .RE
 .PP
 The 
@@ -606,10 +604,8 @@ statement
 .PP
 The \fBpeer port\fR statement declares the TCP port to which the
 server should connect to reach its failover peer for failover
 -messages.   This statement may not be omitted because the failover
 -protocol does not yet have a reserved TCP port number.   The port
 -number declared in the \fBpeer port\fR statement may be the same as
 -the port number declared in the \fBport\fR statement.
 +messages. The port number declared in the \fBpeer port\fR statement
 +may be the same as the port number declared in the \fBport\fR statement.
 .RE
 .PP
 The 
@@ -1133,7 +1129,7 @@ the zone containing PTR records - for IS
 .PP
 .nf
 key DHCP_UPDATER {
 -  algorithm HMAC-MD5.SIG-ALG.REG.INT;
 +  algorithm hmac-md5;
   secret pRP5FapFoJ95JEL06sv4PQ==;
 };
@@ -1156,7 +1152,7 @@ dhcpd.conf file:
 .PP
 .nf
 key DHCP_UPDATER {
 -  algorithm HMAC-MD5.SIG-ALG.REG.INT;
 +  algorithm hmac-md5;
   secret pRP5FapFoJ95JEL06sv4PQ==;
 };
@@ -2114,7 +2110,8 @@ statement
 The \fInext-server\fR statement is used to specify the host address of
 the server from which the initial boot file (specified in the
 \fIfilename\fR statement) is to be loaded.   \fIServer-name\fR should
 -be a numeric IP address or a domain name.
 +be a numeric IP address or a domain name.  If no \fInext-server\fR statement
 +applies to a given client, the address 0.0.0.0 is used.
 .RE
 .PP
 The
 diff -up dhcp-3.0.6/common/dhcp-options.5.manpages dhcp-3.0.6/common/dhcp-options.5
 --- dhcp-3.0.6/common/dhcp-options.5.manpages	2006-04-26 11:12:43.000000000 -0400
 +++ dhcp-3.0.6/common/dhcp-options.5	2007-09-26 15:22:12.000000000 -0400
@@ -834,6 +834,24 @@ classless IP routing - it does not inclu
 classless IP routing is now the most widely deployed routing standard,
 this option is virtually useless, and is not implemented by any of the
 popular DHCP clients, for example the Microsoft DHCP client.
 +.PP
 +NOTE to Red Hat dhclient users:
 +.br
 +The RedHat dhclient-script interprets trailing 0 octets of the target
 +as indicating the subnet class of the route - so for this
 +static-routes value:
 +.br
 +        option static-routes 172.0.0.0 172.16.2.254,
 +.br
 +                             192.168.0.0 192.168.2.254;
 +.br
 +the Red Hat dhclient-script will create routes:
 +.br
 +        172/8 via 172.16.2.254 dev $interface
 +.br
 +        192.168/16 via 192.168.2.254 dev $interface
 +.br
 +which slightly increases the usefulness of the static-routes option.
 .RE
 .PP
 .nf
 diff -up dhcp-3.0.6/client/dhclient-script.8.manpages dhcp-3.0.6/client/dhclient-script.8
 --- dhcp-3.0.6/client/dhclient-script.8.manpages	2005-09-28 15:17:08.000000000 -0400
 +++ dhcp-3.0.6/client/dhclient-script.8	2007-09-26 15:22:12.000000000 -0400
@@ -47,7 +47,7 @@ customizations are needed, they should b
 exit hooks provided (see HOOKS for details).   These hooks will allow the
 user to override the default behaviour of the client in creating a
 .B /etc/resolv.conf
 -file.
 +file, and to handle DHCP options not handled by default.
 .PP
 No standard client script exists for some operating systems, even though
 the actual client may work, so a pioneering user may well need to create
@@ -91,6 +91,27 @@ present.   The
 .B ETCDIR/dhclient-exit-hooks
 script can modify the valid of exit_status to change the exit status
 of dhclient-script.
 +.PP
 +Immediately after dhclient brings an interface UP with a new IP address,
 +subnet mask, and routes, in the REBOOT/BOUND states, it will check for the
 +existence of an executable
 +.B ETCDIR/dhclient-up-hooks
 +script, and source it if found. This script can handle DHCP options in
 +the environment that are not handled by default. A per-interface.
 +.B ETCDIR/dhclient-${IF}-up-hooks
 +script will override the generic script and be sourced when interface
 +$IF has been brought up.
 +.PP
 +Immediately before dhclient brings an interface DOWN, removing its IP
 +address, subnet mask, and routes, in the STOP/RELEASE  states, it will
 +check for the existence of an executable
 +.B ETCDIR/dhclient-down-hooks
 +script, and source it if found. This script can handle DHCP options in
 +the environment that are not handled by default. A per-interface
 +.B ETCDIR/dhclient-${IF}-down-hooks
 +script will override the generic script and be sourced when interface
 +$IF is about to be brought down.
 +
 .SH OPERATION
 When dhclient needs to invoke the client configuration script, it
 defines a set of variables in the environment, and then invokes
 diff -up dhcp-3.0.6/client/dhclient.conf.5.manpages dhcp-3.0.6/client/dhclient.conf.5
 --- dhcp-3.0.6/client/dhclient.conf.5.manpages	2007-05-01 16:42:55.000000000 -0400
 +++ dhcp-3.0.6/client/dhclient.conf.5	2007-09-26 15:22:12.000000000 -0400
@@ -185,7 +185,8 @@ responding to the client send the client
 options.   Only the option names should be specified in the request
 statement - not option parameters.   By default, the DHCP server
 requests the subnet-mask, broadcast-address, time-offset, routers,
 -domain-name, domain-name-servers and host-name options. 
 +domain-name, domain-name-servers, host-name, nis-domain, nis-servers,
 +and ntp-servers options.
 .PP
 In some cases, it may be desirable to send no parameter request list
 at all.   To do this, simply write the request statement but specify
@@ -581,6 +582,18 @@ database and will record the media type 
 Whenever the client tries to renew the lease, it will use that same
 media type.   The lease must expire before the client will go back to
 cycling through media types.
 +.PP
 + \fBbootp-broadcast-always;\fR
 +.PP
 +The
 +.B bootp-broadcast-always
 +statement instructs dhclient to always set the bootp broadcast flag in
 +request packets, so that servers will always broadcast replies.
 +This is equivalent to supplying the dhclient -B argument, and has
 +the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
 +This option is provided as a Red Hat extension to enable dhclient to work
 +on IBM zSeries z/OS Linux guests.
 +.PP
 .SH SAMPLE
 The following configuration file is used on a laptop running NetBSD
 1.3.   The laptop has an IP alias of 192.5.5.213, and has one
 diff -up dhcp-3.0.6/client/dhclient.8.manpages dhcp-3.0.6/client/dhclient.8
 --- dhcp-3.0.6/client/dhclient.8.manpages	2007-05-01 16:42:55.000000000 -0400
 +++ dhcp-3.0.6/client/dhclient.8	2007-09-26 15:22:12.000000000 -0400
@@ -82,6 +82,28 @@ relay
 .B -w
 ]
 [
 +.B -I
 +.I dhcp-client-identifier
 +]
 +[
 +.B -H
 +.I host-name
 +.R |
 +.B -F fqdn.fqdn
 +]
 +[
 +.B -V
 +.I vendor-class-identifier
 +]
 +[
 +.B -R
 +.I request option list
 +]
 +[
 +.B -T
 +.I timeout
 +]
 +[
 .I if0
 [
 .I ...ifN
@@ -265,6 +287,110 @@ than waiting until it has acquired an IP
 supplying the
 .B -nw
 flag.
 +.PP
 +The -I <id> argument allows you to specify the dhcp-client-identifier string,
 +<id>, to be sent to the dhcp server on the command line.  It is equivalent to
 +the top level dhclient.conf statement:
 +.br
 + \fBsend dhcp-client-identifier "<id>";\fR
 +.br
 +The -I <id> command line option will override any top level dhclient.conf
 + 'send dhcp-client-identifier' statement, but more specific per-interface
 + 'interface "X" { send dhcp-client-identifier...; }' statements in dhclient.conf
 +will override the -I <id> command line option for interface "X".
 +This option is provided as a Red Hat extension to enable dhclient to work
 +on IBM zSeries z/OS Linux guests.
 +.PP
 +The -B option instructs dhclient to set the bootp broadcast flag in request
 +packets, so that servers will always broadcast replies. This is equivalent
 +to specifying the 'bootp-broadcast-always' option in dhclient.conf, and has
 +the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
 +This option is provided as a Red Hat extension to enable dhclient to work
 +on IBM zSeries z/OS Linux guests.
 +.PP
 +The -H <host-name> option allows you to specify the DHCP host-name option
 +to send to the server on the dhclient command line. It is equivalent to the
 +top level dhclient.conf statement:
 +.br
 +\f send host-name "<host-name>";\fR
 +.br
 +The -H <host-name> option  will override any top level dhclient.conf
 + 'send host-name' statement, but more specific per-interface
 + 'interface "X" { send host-name...;' statements in dhclient.conf
 +will override the -H <host-name> command line option for interface "X".
 +The host-name option only specifies the client's host name prefix, to which
 +the server will append the 'ddns-domainname' or 'domain-name' options, if any,
 +to derive the fully qualified domain name of the client host.
 +The -H <host-name> option cannot be used with the -F <fqdn.fqdn> option.
 +Only one -H <host-name> option may be specified.
 +The -H <host-name> option is provided as a Red Hat extension to simplify
 +configuration of clients of DHCP servers that require the host-name option
 +to be sent (eg. some modern cable modems), and for dynamic DNS updates (DDNS).
 +.PP
 +The -F <fqdn.fqdn> option allows you to specify the DHCP fqdn.fqdn option
 +to send to the server on the dhclient command line. It is equivalent to the
 +top level dhclient.conf statement:
 +.br
 +\f send fqdn.fqdn "<domain-name>";\fR
 +.br
 +The -F <fqdn.fqdn> option  will override any top level dhclient.conf
 + 'send fqdn.fqdn' statement, but more specific per-interface
 + 'interface "X" { send fqdn.fqdn...;' statements in dhclient.conf
 +will override the -F <fqdn.fqdn> command line option for interface "X".
 +This option cannot be used with the -H <host-name> option.
 +The DHCP fqdn.fqdn option must specify the complete domain name of the client
 +host, which the server may use for dynamic DNS updates.
 +Only one -F <fqdn.fqdn> option may be specified.
 +The -F <fqdn.fqdn> option is provided as a Red Hat extension to simplify
 +configuration of DDNS.
 +.PP
 +The -T <timeout> option allows you to specify the time after which
 +the dhclient will decide that no DHCP servers can be contacted when
 +no responses have been received. It is equivalent to the
 +.br
 +\f timeout <integer>;\fR
 +.br
 +dhclient.conf statement, and will override any such statements in dhclient.conf.
 +.br
 +This option is provided as a Red Hat extension.
 +.PP
 +The -V <vendor-class-identifier> option allows you to specify the DHCP
 +vendor-class-identifier option to send to the server on the dhclient command
 +line.  It is equivalent to the top level dhclient.conf statement:
 +.br
 +\f send vendor-class-identifier "<vendor-class-identifier>";\fR
 +.br
 +The -V <vendor-class-identifier> option  will override any top level
 +dhclient.conf
 + 'send vendor-class-identifier' statement, but more specific per-interface
 + 'interface "X" { send vendor-class-identifier...;' statements in dhclient.conf
 +will override the -V <vendor-class-identifier> command line option for
 +interface "X".
 +The -V <vendor-class-identifier> option is provided as a Red Hat extension to
 +simplify configuration of clients of DHCP servers that require the
 +vendor-class-identifier option to be sent.
 +.PP
 +The -R <request option list> option allows you to specify the list of options
 +the client is to request from the server on the dhclient command line.
 +The option list must be a single string, consisting of option names separated
 +by at least one comma and optional space characters. The default option list
 +is:
 +.br
 +    subnet-mask, broadcast-address, time-offset, routers,
 +.br
 +    domain-name, domain-name-servers, host-name, nis-domain,
 +.br
 +    nis-servers, ntp-servers
 +.br
 +You can specify a different list of options to request with the -R <option list>
 +argument.  This is equivalent to the dhclient.conf statement:
 +.br
 +\f    request <option list> ;\fR
 +.br
 +The -R argument is provided as a Red Hat extension to ISC dhclient to
 +facilitate requesting a list of options from the server different to the
 +default.
 +.PP
 .SH CONFIGURATION
 The syntax of the dhclient.conf(5) file is discussed separately.
 .SH OMAPI
--- a/dhcp-3.1.0-ldap-configuration.patch
+++ b/dhcp-3.1.0-ldap-configuration.patch
--- a/dhcp-options.5
+++ b/dhcp-options.5
--- a/dhcp.schema
+++ b/dhcp.schema
@ -82,7 +82,8 @@ attributetype ( 2.16.840.1.113719.1.203.4.14
 	DESC 'The distinguished name of a client address.' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
-attributetype ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' 
+attributetype ( 2.16.840.1.113719.1.203.4.15 
 	NAME 'dhcpLeasesDN' 
 	DESC 'The distinguished name(s) client addresses.' 
 	EQUALITY distinguishedNameMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
@ -112,7 +113,8 @@ attributetype ( 2.16.840.1.113719.1.203.4.19
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 attributetype ( 2.16.840.1.113719.1.203.4.20 
-	NAME 'dhcpVersion' DESC 'The version attribute of this object.' 
+	NAME 'dhcpVersion'
 	DESC 'The version attribute of this object.'
 	EQUALITY caseIgnoreIA5Match
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
@ -130,27 +132,27 @@ attributetype ( 2.16.840.1.113719.1.203.4.22
 attributetype ( 2.16.840.1.113719.1.203.4.23 
 	NAME 'dhcpExpirationTime' 
-	EQUALITY integerMatch
+	EQUALITY generalizedTimeMatch 
 	DESC 'This is the time the current lease for an address expires.' 
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.24 
 	NAME 'dhcpStartTimeOfState' 
-	EQUALITY integerMatch
+	EQUALITY generalizedTimeMatch 
 	DESC 'This is the time of the last state change for a leased address.' 
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.25 
 	NAME 'dhcpLastTransactionTime' 
-	EQUALITY integerMatch
+	EQUALITY generalizedTimeMatch 
 	DESC 'This is the last time a valid DHCP packet was received from the client.'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.26 
 	NAME 'dhcpBootpFlag' 
-	EQUALITY integerMatch
+	EQUALITY booleanMatch 
 	DESC 'This indicates whether the address was assigned via BOOTP.' 
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.27 
 	NAME 'dhcpDomainName' 
@ -190,9 +192,9 @@ attributetype ( 2.16.840.1.113719.1.203.4.32
 attributetype ( 2.16.840.1.113719.1.203.4.33 
 	NAME 'dhcpRelayAgentInfo' 
-	EQUALITY caseIgnoreIA5Match
+	EQUALITY octetStringMatch
 	DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request.  This is a hex-encoded option value.' 
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.34 
 	NAME 'dhcpHWAddress' 
@ -202,9 +204,9 @@ attributetype ( 2.16.840.1.113719.1.203.4.34
 attributetype ( 2.16.840.1.113719.1.203.4.35 
 	NAME 'dhcpHashBucketAssignment' 
-	EQUALITY caseIgnoreIA5Match
+	EQUALITY octetStringMatch
 	DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].' 
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.36 
 	NAME 'dhcpDelayedServiceParameter' 
@ -220,9 +222,9 @@ attributetype ( 2.16.840.1.113719.1.203.4.37
 attributetype ( 2.16.840.1.113719.1.203.4.38 
 	NAME 'dhcpFailOverEndpointState' 
-	EQUALITY integerMatch
+	EQUALITY caseIgnoreIA5Match
 	DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]' 
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.39 
 	NAME 'dhcpErrorLog' 
@ -230,41 +232,137 @@ attributetype ( 2.16.840.1.113719.1.203.4.39
 	DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.40 
 	NAME 'dhcpLocatorDN' 
 	EQUALITY distinguishedNameMatch 
 	DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 attributetype  ( 2.16.840.1.113719.1.203.4.41 
 	NAME 'dhcpKeyAlgorithm' 
 	EQUALITY caseIgnoreIA5Match 
 	DESC 'Algorithm to generate TSIG Key' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 attributetype  ( 2.16.840.1.113719.1.203.4.42 
 	NAME 'dhcpKeySecret' 
 	EQUALITY octetStringMatch 
 	DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.43 
 	NAME 'dhcpDnsZoneServer' 
 	EQUALITY caseIgnoreIA5Match 
 	DESC 'Master server of the DNS Zone' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 attributetype ( 2.16.840.1.113719.1.203.4.44 
 	NAME 'dhcpKeyDN' 
 	EQUALITY distinguishedNameMatch 
 	DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys.  In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
 attributetype ( 2.16.840.1.113719.1.203.4.45 
 	NAME 'dhcpZoneDN' 
 	EQUALITY distinguishedNameMatch 
 	DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
 attributetype ( 2.16.840.1.113719.1.203.4.46 
 	NAME 'dhcpFailOverPrimaryServer' 
 	EQUALITY caseIgnoreIA5Match 
 	DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
 attributetype ( 2.16.840.1.113719.1.203.4.47 
 	NAME 'dhcpFailOverSecondaryServer' 
 	EQUALITY caseIgnoreIA5Match 
 	DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
 attributetype ( 2.16.840.1.113719.1.203.4.48
 	NAME 'dhcpFailOverPrimaryPort' 
 	EQUALITY integerMatch 
 	DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 attributetype ( 2.16.840.1.113719.1.203.4.49
 	NAME 'dhcpFailOverSecondaryPort' 
 	EQUALITY integerMatch 
 	DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 attributetype ( 2.16.840.1.113719.1.203.4.50
 	NAME 'dhcpFailOverResponseDelay' 
 	EQUALITY integerMatch 
 	DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 attributetype ( 2.16.840.1.113719.1.203.4.51
 	NAME 'dhcpFailOverUnackedUpdates' 
 	EQUALITY integerMatch 
 	DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 attributetype ( 2.16.840.1.113719.1.203.4.52
 	NAME 'dhcpFailOverSplit' 
 	EQUALITY integerMatch 
 	DESC 'Split between the primary and secondary servers for fail over purpose' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 attributetype ( 2.16.840.1.113719.1.203.4.53
 	NAME 'dhcpFailOverLoadBalanceTime' 
 	EQUALITY integerMatch 
 	DESC 'Cutoff time in seconds, after which load balance is disabled' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 attributetype ( 2.16.840.1.113719.1.203.4.54
 	NAME 'dhcpFailOverPeerDN' 
 	EQUALITY distinguishedNameMatch 
 	DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
 #List of all servers in the tree
 attributetype ( 2.16.840.1.113719.1.203.4.55
 	NAME 'dhcpServerDN' 
 	EQUALITY distinguishedNameMatch 
 	DESC 'List of all  DHCP Servers in the tree. Used by dhcpLocatorObject' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 attributetype ( 2.16.840.1.113719.1.203.4.56
 	NAME 'dhcpComments' 
 	EQUALITY caseIgnoreIA5Match 
 	DESC 'Generic attribute that allows coments  within any DHCP object' 
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 # Classes
 objectclass ( 2.16.840.1.113719.1.203.6.1 
 	NAME 'dhcpService' 
 	DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.' 
 	SUP top 
-	MUST (cn $ dhcpPrimaryDN) 
+	MUST (cn) 
-	MAY ( dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ 
+	MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
 		dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpOptionsDN $ 
 		dhcpStatements ) )
 objectclass ( 2.16.840.1.113719.1.203.6.2 
 	NAME 'dhcpSharedNetwork' 
 	DESC 'This stores configuration information for a shared network.' 
 	SUP top 
 	MUST cn 
-	MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) 
+	MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
 	X-NDS_CONTAINMENT ('dhcpService' ) )
 objectclass ( 2.16.840.1.113719.1.203.6.3 
 	NAME 'dhcpSubnet' 
 	DESC 'This class defines a subnet. This is a container object.' 
 	SUP top 
 	MUST ( cn $ dhcpNetMask ) 
-	MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ 
+	MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
 		dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) 
 	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
 objectclass ( 2.16.840.1.113719.1.203.6.4 
 	NAME 'dhcpPool' 
 	DESC 'This stores configuration information about a pool.' 
 	SUP top 
 	MUST ( cn $ dhcpRange ) 
-	MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ 
+	MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) 
 		dhcpStatements) 
 	X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
 objectclass ( 2.16.840.1.113719.1.203.6.5 
@ -272,7 +370,7 @@ objectclass ( 2.16.840.1.113719.1.203.6.5
 	DESC 'Group object that lists host DNs and parameters. This is a container object.' 
 	SUP top 
 	MUST cn 
-	MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) 
+	MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
 	X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
 objectclass ( 2.16.840.1.113719.1.203.6.6 
@ -280,7 +378,7 @@ objectclass ( 2.16.840.1.113719.1.203.6.6
 	DESC 'This represents information about a particular client' 
 	SUP top 
 	MUST cn 
-	MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) 
+	MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
 	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
 objectclass ( 2.16.840.1.113719.1.203.6.7 
@ -288,7 +386,7 @@ objectclass ( 2.16.840.1.113719.1.203.6.7
 	DESC 'Represents information about a collection of related clients.' 
 	SUP top 
 	MUST cn 
-	MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) 
+	MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
 	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
 objectclass ( 2.16.840.1.113719.1.203.6.8 
@ -296,29 +394,22 @@ objectclass ( 2.16.840.1.113719.1.203.6.8
 	DESC 'Represents information about a collection of related classes.' 
 	SUP top 
 	MUST cn 
-	MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements) 
+	MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
 	X-NDS_CONTAINMENT 'dhcpClass' ) 
 objectclass ( 2.16.840.1.113719.1.203.6.9 
 	NAME 'dhcpOptions' 
 	DESC 'Represents information about a collection of options defined.' 
-	SUP top 
+	SUP top AUXILIARY
        AUXILIARY
 	MUST cn 
-	MAY ( dhcpOption ) 
+	MAY ( dhcpOption $ dhcpComments ) 
-	X-NDS_CONTAINMENT  ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 
+	X-NDS_CONTAINMENT  ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
 			'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
 objectclass ( 2.16.840.1.113719.1.203.6.10 
 	NAME 'dhcpLeases' 
 	DESC 'This class represents an IP Address, which may or may not have been leased.' 
 	SUP top 
 	MUST ( cn $ dhcpAddressState ) 
-	MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ 
+	MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress ) 
 		dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ 
 		dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ 
 		dhcpReservedForClient $ dhcpAssignedToClient $ 
 		dhcpRelayAgentInfo $ dhcpHWAddress ) 
 	X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
 objectclass ( 2.16.840.1.113719.1.203.6.11 
@ -326,19 +417,46 @@ objectclass ( 2.16.840.1.113719.1.203.6.11
 	DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.' 
 	SUP top 
 	MUST ( cn ) 
-	MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ 
+	MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) 
-		dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ 
+	X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
 		dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ 
 		dhcpReservedForClient $ dhcpAssignedToClient $ 
 		dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) 
 	X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 
 					'dhcpSharedNetwork' 'dhcpService' ) )
 objectclass ( 2.16.840.1.113719.1.203.6.12 
 	NAME 'dhcpServer' 
 	DESC 'DHCP Server Object' 
 	SUP top 
-	MUST (cn $ dhcpServiceDN) 
+	MUST ( cn ) 
-	MAY (dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements)
+	MAY (dhcpServiceDN  $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption) 
-	X-NDS_CONTAINMENT ('o' 'ou' 'dc') )
+	X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
 objectclass ( 2.16.840.1.113719.1.203.6.13 
 	NAME 'dhcpTSigKey' 
 	DESC 'TSIG key for secure dynamic updates' 
 	SUP top 
 	MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret ) 
 	MAY ( dhcpComments ) 
 	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
 objectclass ( 2.16.840.1.113719.1.203.6.14 
 	NAME 'dhcpDnsZone' 
 	DESC 'DNS Zone for updating leases' 
 	SUP top 
 	MUST (cn $ dhcpDnsZoneServer ) 
 	MAY (dhcpKeyDN $ dhcpComments) 
 	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
 objectclass ( 2.16.840.1.113719.1.203.6.15 
 	NAME 'dhcpFailOverPeer' 
 	DESC 'This class defines the Fail over peer' 
 	SUP top 
  MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay  $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments ) 
 	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
 objectclass ( 2.16.840.1.113719.1.203.6.16 
 	NAME 'dhcpLocator' 
 	DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
 	SUP top 
 	MUST ( cn ) 
 	MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments) 
 	X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
--- a/dhcp.spec
+++ b/dhcp.spec
@ -13,7 +13,7 @@
 Summary:  DHCP (Dynamic Host Configuration Protocol) server and relay agent
 Name:     dhcp
 Version:  3.1.0
-Release:  7%{?dist}
+Release:  8%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer made
 # incorrect use of the epoch and that's why it is at 12 now.  It should have
 # never been used, but it was.  So we are stuck with it.
@ -35,6 +35,13 @@ Source10: Makefile.libdhcp4client
 Source11: dhcp4client.h
 Source12: libdhcp_control.h
 Source13: dhcp.schema
 Source14: dhclient-script.8
 Source15: dhclient.8
 Source16: dhclient.conf.5
 Source17: dhcp-options.5
 Source18: dhcpctl.3
 Source19: dhcpd.conf.5
 Source20: get-ldap-patch.sh
 Patch0:   %{name}-3.0.5-Makefile.patch
 Patch1:   %{name}-3.0.5-errwarn-message.patch
@ -51,17 +58,19 @@ Patch11:  %{name}-3.0.5-failover-ports.patch
 Patch12:  %{name}-3.1.0-dhclient-usage.patch
 Patch13:  %{name}-3.0.5-default-requested-options.patch
 Patch14:  %{name}-3.0.5-prototypes.patch
-Patch15:  %{name}-3.0.6-manpages.patch
+Patch15:  %{name}-3.1.0-libdhcp4client.patch
-Patch16:  %{name}-3.1.0-libdhcp4client.patch
+Patch16:  %{name}-3.1.0-xen-checksum.patch
-Patch17:  %{name}-3.1.0-xen-checksum.patch
+Patch17:  %{name}-3.1.0-dhclient-anycast.patch
-Patch18:  %{name}-3.1.0-dhclient-anycast.patch
+Patch18:  %{name}-3.0.6-ignore-hyphen-x.patch
-Patch19:  %{name}-3.0.6-ignore-hyphen-x.patch
+Patch19:  %{name}-3.1.0-warnings.patch
 Patch20:  %{name}-3.1.0-warnings.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: groff
 BuildRequires: openldap-devel
 # For /etc/openldap/schema (and slapd, if you're using that with dhcpd)
 Requires: openldap-servers
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
@ -208,30 +217,20 @@ libdhcp4client.
 # in minires/res_init.c: add res_randomid()
 %patch14 -p1 -b .prototypes
 # Man page updates explaining new features added from the above patches.
 # Normally these man page changes would be included in the feature patch,
 # however, man page changes generate more hunk failures when applying only
 # a select set of patches.  Instead, the man page changes are grouped
 # together in one patch so changes can be made to just those more easily
 # and not affect the code changes in the other patches.  It's actually
 # pretty common to update or alter these man pages independent of the code
 # changes.
 %patch15 -p1 -b .manpages
 # Add the libdhcp4client target (library version of dhclient)
-%patch16 -p1 -b .libdhcp4client
+%patch15 -p1 -b .libdhcp4client
 # Handle Xen partial UDP checksums
-%patch17 -p1 -b .xen
+%patch16 -p1 -b .xen
 # Add anycast support to dhclient (for OLPC)
-%patch18 -p1 -b .anycast
+%patch17 -p1 -b .anycast
 # Ignore the old extended new option info command line switch (-x)
-%patch19 -p1 -b .enoi
+%patch18 -p1 -b .enoi
 # Fix up anything that fails -Wall -Werror
-%patch20 -p1 -b .warnings
+%patch19 -p1 -b .warnings
 # Copy in documentation and example scripts for LDAP patch to dhcpd
 %{__install} -p -m 0644 %{SOURCE6} .
@ -263,6 +262,17 @@ libdhcp4client.
 %{__sed} -i -e 's/\r//' __fedora_contrib/ms2isc/Registry.perlmodule
 %{__sed} -i -e 's/\r//' __fedora_contrib/ms2isc/ms2isc.pl
 # Copy in our modified man pages
 %{__install} -p -m 0644 %{SOURCE14} client/dhclient-script.8
 %{__install} -p -m 0644 %{SOURCE15} client/dhclient.8
 %{__install} -p -m 0644 %{SOURCE16} client/dhclient.conf.5
 %{__install} -p -m 0644 %{SOURCE17} common/dhcp-options.5
 %{__install} -p -m 0644 %{SOURCE18} dhcpctl/dhcpctl.3
 %{__install} -p -m 0644 %{SOURCE19} server/dhcpd.conf.5
 # Replace @PRODUCTNAME@ in dhcp-options.5
 %{__sed} -i -e 's|@PRODUCTNAME@|%{vvendor}|g' common/dhcp-options.5
 %build
 %{__cp} %{SOURCE1} .
 %{__cat} <<EOF > site.conf
@ -328,8 +338,8 @@ EOF
 %{__cp} -fp %{SOURCE4} %{buildroot}%{_sysconfdir}
 # Install dhcp.schema for LDAP configuration
-%{__mkdir} -p %{buildroot}%{_sysconfdir}/openldap
+%{__mkdir} -p %{buildroot}%{_sysconfdir}/openldap/schema
-%{__install} -p -m 0644 -D %{SOURCE13} %{buildroot}%{_sysconfdir}/openldap/
+%{__install} -p -m 0644 -D %{SOURCE13} %{buildroot}%{_sysconfdir}/openldap/schema
 %{__install} -p -m 0644 -D libdhcp4client.pc %{buildroot}%{_libdir}/pkgconfig/libdhcp4client.pc
@ -377,7 +387,7 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/dhcpd
 %config(noreplace) %{_sysconfdir}/sysconfig/dhcrelay
 %config(noreplace) %{_sysconfdir}/dhcpd.conf
-%config(noreplace) %{_sysconfdir}/openldap/dhcp.schema
+%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
 %{_initrddir}/dhcpd
 %{_initrddir}/dhcrelay
 %{_bindir}/omshell
@ -430,6 +440,16 @@ fi
 %{_libdir}/libdhcp4client.a
 %changelog
 * Mon Nov 12 2007 David Cantrell <dcantrell@redhat.com> - 12:3.1.0-8
 - Put dhcp.schema in /etc/openldap/schema (#330471)
 - Remove manpages patch and keep modified man pages as Source files
 - Improve dhclient.8 man page to list options in a style consistent
  with most other man pages on the planet
 - Upgrade to latest dhcp LDAP patch, which brings in a new dhcpd-conf-to-ldap
  script, updated schema file, and other bug fixes including SSL support for
  LDAP authentication (#375711)
 - Do not run dhcpd and dhcrelay services by default (#362321)
 * Fri Oct 26 2007 David Cantrell <dcantrell@redhat.com> - 12:3.1.0-7
 - libdhcp4client-devel requires openldap-devel
--- a/dhcpctl.3
+++ b/dhcpctl.3
@ -0,0 +1,488 @@
 .\" -*- nroff -*-
 .\"
 .\" Project:      DHCP
 .\" File:         dhcpctl.3
 .\" RCSId:        $Id: dhcpctl.3,v 1.5 2005/03/17 20:15:03 dhankins Exp $
 .\" 
 .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (c) 2000-2003 by Internet Software Consortium
 .\" Copyright (c) 2000 Nominum, Inc.
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\"
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\"   Internet Systems Consortium, Inc.
 .\"   950 Charter Street
 .\"   Redwood City, CA 94063
 .\"   <info@isc.org>
 .\"   http://www.isc.org/
 .\"     
 .\" Description:	dhcpctl man page.
 .\" 
 .\"
 .Dd Nov 15, 2000
 .Dt DHCPCTL 3
 .Os DHCP 3
 .ds vT DHCP Programmer's Manual
 .\"
 .\"
 .\"
 .Sh NAME
 .Nm dhcpctl_initialize
 .Nd dhcpctl library initialization.
 .\"
 .\"
 .\"
 .Sh SYNOPSIS
 .Fd #include <dhcpctl.h>
 .Ft dhcpctl_status
 .Fo dhcpctl_initialize
 .Fa void
 .Fc
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_connect
 .Fa "dhcpctl_handle *cxn"
 .Fa "const char *host"
 .Fa "int port"
 .Fa "dhcpctl_handle auth"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_wait_for_completion
 .Fa "dhcpctl_handle object"
 .Fa "dhcpctl_status *status"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_get_value
 .Fa "dhcpctl_data_string *value"
 .Fa "dhcpctl_handle object"
 .Fa "const char *name"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_get_boolean
 .Fa "int *value"
 .Fa "dhcpctl_handle object"
 .Fa "const char *name"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_set_value
 .Fa "dhcpctl_handle object"
 .Fa "dhcpctl_data_string value"
 .Fa "const char *name"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_set_string_value
 .Fa "dhcpctl_handle object"
 .Fa "const char *value"
 .Fa "const char *name"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_set_boolean_value
 .Fa "dhcpctl_handle object"
 .Fa "int value"
 .Fa "const char *name"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_set_int_value
 .Fa "dhcpctl_handle object"
 .Fa "int value"
 .Fa "const char *name"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_object_update
 .Fa "dhcpctl_handle connection"
 .Fa "dhcpctl_handle object"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_object_refresh
 .Fa "dhcpctl_handle connection"
 .Fa "dhcpctl_handle object"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_object_remove
 .Fa "dhcpctl_handle connection"
 .Fa "dhcpctl_handle object"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_set_callback
 .Fa "dhcpctl_handle object"
 .Fa "void *data"
 .Fa "void (*function) (dhcpctl_handle, dhcpctl_status, void *)"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_new_authenticator
 .Fa "dhcpctl_handle *object"
 .Fa "const char *name"
 .Fa "const char *algorithm"
 .Fa "const char *secret"
 .Fa "unsigned secret_len"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_new_object
 .Fa "dhcpctl_handle *object"
 .Fa "dhcpctl_handle connection"
 .Fa "const char *object_type"
 .Fc
 .\"
 .\"
 .\"
 .Ft dhcpctl_status
 .Fo dhcpctl_open_object
 .Fa "dhcpctl_handle object"
 .Fa "dhcpctl_handle connection"
 .Fa "int flags"
 .Fc
 .\"
 .\"
 .\"
 .Ft isc_result_t
 .Fo omapi_data_string_new
 .Fa dhcpctl_data_string *data
 .Fa unsigned int length
 .Fa const char *filename,
 .Fa int lineno
 .Fc
 .\"
 .\"
 .\"
 .Ft isc_result_t
 .Fo dhcpctl_data_string_dereference
 .Fa "dhcpctl_data_string *"
 .Fa "const char *"
 .Fa "int"
 .Fc
 .Sh DESCRIPTION
 The dhcpctl set of functions provide an API that can be used to communicate
 with and manipulate a running ISC DHCP server. All functions return a value of
 .Dv isc_result_t .
 The return values reflects the result of operations to local data
 structures. If an operation fails on the server for any reason, then the error
 result will be returned through the
 second parameter of the 
 .Fn dhcpctl_wait_for_completion 
 call.
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_initialize
 sets up the data structures the library needs to do its work. This function
 must be called once before any other.
 .Pp
 .Fn dhcpctl_connect
 opens a connection to the DHCP server at the given host and port. If an
 authenticator has been created for the connection, then it is given as the 4th
 argument. On a successful return the address pointed at by the first
 argument will have a new connection object assigned to it.
 .Pp
 For example:
 .Bd -literal -offset indent
 s = dhcpctl_connect(&cxn, "127.0.0.1", 7911, NULL);
 .Ed
 .Pp
 connects to the DHCP server on the localhost via port 7911 (the standard
 OMAPI port). No authentication is used for the connection.
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_wait_for_completion
 flushes a pending message to the server and waits for the response. The result
 of the request as processed on the server is returned via the second
 parameter.
 .Bd -literal -offset indent
 s = dhcpctl_wait_for_completion(cxn, &wv);
 if (s != ISC_R_SUCCESS) 
 	local_failure(s);
 else if (wv != ISC_R_SUCCESS)
 	server_failure(wc);
 .Ed
 .Pp
 The call to 
 .Fn dhcpctl_wait_for_completion
 won't return until the remote message processing completes or the connection
 to the server is lost.
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_get_value
 extracts a value of an attribute from the handle. The value can be of any
 length and is treated as a sequence of bytes.  The handle must have been
 created first with
 .Fn dhcpctl_new_object
 and opened with
 .Fn dhcpctl_open_object .
 The value is returned via the parameter named
 .Dq value .
 The last parameter is the name of attribute to retrieve.
 .Bd -literal -offset indent
 dhcpctl_data_string value = NULL;
 dhcpctl_handle lease;
 time_t thetime;
 s = dhcpctl_get_value (&value, lease, "ends");
 assert(s == ISC_R_SUCCESS && value->len == sizeof(thetime));
 memcpy(&thetime, value->value, value->len);
 .Ed
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_get_boolean
 extracts a boolean valued attribute from the object handle.
 .\"
 .\"
 .\"
 .Pp
 The
 .Fn dhcpctl_set_value ,
 .Fn dhcpctl_set_string_value ,
 .Fn dhcpctl_set_boolean_value ,
 and
 .Fn dhcpctl_set_int_value
 functions all set a value on the object handle. 
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_object_update
 function queues a request for
 all the changes made to the object handle be be sent to the remote
 for processing. The changes made to the atributes on the handle will be
 applied to remote object if permitted.
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_object_refresh
 queues up a request for a fresh copy of all the attribute values to be sent
 from the remote to
 refresh the values in the local object handle.
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_object_remove
 queues a request for the removal on the server of the object referenced by the
 handle.
 .\"
 .\"
 .\"
 .Pp
 The 
 .Fn dhcpctl_set_callback
 function sets up a user-defined function to be called when an event completes
 on the given object handle. This is needed for asynchronous handling of
 events, versus the synchronous handling given by
 .Fn dhcpctl_wait_for_completion .
 When the function is called the first parameter is the object the event
 arrived for, the second is the status of the message that was processed, the
 third is the same value as the second parameter given to 
 .Fn dhcpctl_set_callback .
 .\"
 .\"
 .\"
 .Pp
 The 
 .Fn dhcpctl_new_authenticator
 creates a new authenticator object to be used for signing the messages
 that cross over the network. The 
 .Dq name ,
 .Dq algorithm ,
 and 
 .Dq secret
 values must all match what the server uses and are defined in its
 configuration file. The created object is returned through the first parameter
 and must be used as the 4th parameter to 
 .Fn dhcpctl_connect .
 Note that the 'secret' value must not be base64 encoded, which is different
 from how the value appears in the dhcpd.conf file.
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_new_object
 creates a local handle for an object on the the server. The 
 .Dq object_type
 parameter is the ascii name of the type of object being accessed. e.g. 
 .Qq lease .
 This function only sets up local data structures, it does not queue any 
 messages
 to be sent to the remote side,
 .Fn dhcpctl_open_object
 does that.
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_open_object
 builds and queues the request to the remote side. This function is used with
 handle created via
 .Fn dhcpctl_new_object .
 The flags argument is a bit mask with the following values available for
 setting:
 .Bl -tag -offset indent -width 20
 .It DHCPCTL_CREATE
 if the object does not exist then the remote will create it
 .It DHCPCTL_UPDATE
 update the object on the remote side using the
 attributes already set in the handle.
 .It DHCPCTL_EXCL
 return and error if the object exists and DHCPCTL_CREATE
 was also specified
 .El
 .\"
 .\"
 .\"
 .Pp
 The 
 .Fn omapi_data_string_new
 function allocates a new
 .Ft dhcpctl_data_string
 object. The data string will be large enough to hold 
 .Dq length
 bytes of data. The
 .Dq file 
 and
 .Dq lineno
 arguments are the source file location the call is made from, typically by
 using the 
 .Dv __FILE__
 and
 .Dv __LINE__
 macros or the 
 .Dv MDL
 macro defined in
 .
 .\"
 .\"
 .\"
 .Pp
 .Fn dhcpctl_data_string_dereference
 deallocates a data string created by
 .Fn omapi_data_string_new .
 The memory for the object won't be freed until the last reference is
 released.
 .Sh EXAMPLES
 .Pp 
 The following program will connect to the DHCP server running on the local
 host and will get the details of the existing lease for IP address
 10.0.0.101. It will then print out the time the lease is due to expire. Note
 that most error checking has been ommitted for brevity.
 .Bd -literal -offset indent
 #include <stdarg.h>
 #include <sys/time.h>
 #include <sys/socket.h>
 #include <stdio.h>
 #include <netinet/in.h>
 #include <isc/result.h>
 #include <dhcpctl.h>
 int main (int argc, char **argv) {
 	dhcpctl_data_string ipaddrstring = NULL;
 	dhcpctl_data_string value = NULL;
 	dhcpctl_handle connection = NULL;
 	dhcpctl_handle lease = NULL;
 	isc_result_t waitstatus;
 	struct in_addr convaddr;
 	time_t thetime;
        dhcpctl_initialize ();
        dhcpctl_connect (&connection, "127.0.0.1",
 			 7911, 0);
        dhcpctl_new_object (&lease, connection,
 			    "lease");
        memset (&ipaddrstring, 0, sizeof
 		ipaddrstring);
        inet_pton(AF_INET, "10.0.0.101",
 		  &convaddr);
 	omapi_data_string_new (&ipaddrstring,
 			       4, MDL);
 	memcpy(ipaddrstring->value, &convaddr.s_addr, 4);
 	dhcpctl_set_value (lease, ipaddrstring,
 			   "ip-address");
 	dhcpctl_open_object (lease, connection, 0);
 	dhcpctl_wait_for_completion (lease,
 				     &waitstatus);
        if (waitstatus != ISC_R_SUCCESS) {
 		/* server not authoritative */
 		exit (0);
        }
 	dhcpctl_data_string_dereference(&ipaddrstring,
 					MDL);
        dhcpctl_get_value (&value, lease, "ends");
 	memcpy(&thetime, value->value, value->len);
 	dhcpctl_data_string_dereference(&value, MDL);
 	fprintf (stdout, "ending time is %s",
 		 ctime(&thetime));
 }
 .Ed
 .Sh SEE ALSO
 omapi(3), omshell(3), dhcpd(8), dhclient(8), dhcpd.conf(5), dhclient.conf(5).
 .Sh AUTHOR
 .Em dhcpctl
 was written by Ted Lemon of Nominum, Inc.
 This preliminary documentation was written by James Brister of Nominum, Inc.
--- a/287
+++ b/287
@ -11,9 +11,59 @@
 # This script does not do much error checking. Make sure before you run this
 # that the DHCP server doesn't give any errors about your config file
-use Sys::Hostname;
+# FailOver notes:
 #   Failover is disabled by default, since it may need manually intervention.
 #   You can try the '--use=failover' option to see what happens :-)
 #
 #   If enabled, the failover pool references will be written to LDIF output.
 #   The failover configs itself will be added to the dhcpServer statements
 #   and not to the dhcpService object (since this script uses only one and
 #   it may be usefull to have multiple service containers in failover mode).
 #   Further, this script does not check if primary or secondary makes sense,
 #   it simply converts what it gets...
 use Net::Domain qw(hostname hostfqdn hostdomain);
 use Getopt::Long;
 my $domain = hostdomain();           # your.domain
 my $basedn = "dc=".$domain;
   $basedn =~ s/\./,dc=/g;           # dc=your,dc=domain
 my $server = hostname();             # hostname (nodename)
 my $dhcpcn = 'DHCP Config';          # CN of DHCP config tree
 my $dhcpdn = "cn=$dhcpcn, $basedn";  # DHCP config tree DN
 my $second = '';                     # secondary server DN / hostname
 my $i_conf = '';                     # dhcp.conf file to read or stdin
 my $o_ldif = '';                     # output ldif file name or stdout
 my @use    = ();                     # extended flags (failover)
 sub usage($;$)
 {
  my $rc = shift;
  my $err= shift;
  print STDERR "Error: $err\n\n" if(defined $err);
  print STDERR <<__EOF_USAGE__;
 usage: 
  $0 [options] < dhcpd.conf > dhcpd.ldif
 options:
  --basedn  "dc=your,dc=domain"        ("$basedn")
  --dhcpdn  "dhcp config DN"           ("$dhcpdn")
  --server  "dhcp server name"         ("$server")
  --second  "secondary server or DN"   ("$second")
  --conf    "/path/to/dhcpd.conf"      (default is stdin)
  --ldif    "/path/to/output.ldif"     (default is stdout)
  --use     "extended features"        (see source comments)
 __EOF_USAGE__
  exit($rc);
 }
 my $basedn = "dc=ntelos, dc=net";
 sub next_token
 {
@ -39,6 +89,14 @@ sub next_token
  if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
    {
      if ($token =~ /^"/) {
       #handle quoted token
       if ($token !~ /"\s*$/)
       {
         ($tok, $newline)  = $newline =~ /([^"]+")(.*)/;
         $token .= " $tok";
        }
      }
      $line = $newline;
    }
  else
@ -56,14 +114,16 @@ sub next_token
 sub remaining_line
 {
  local ($block) = shift || 0;
  local ($tmp, $str);
  $str = "";
-  while (($tmp = next_token (0)))
+  while (defined($tmp = next_token (0)))
    {
      $str .= ' ' if !($str eq "");
      $str .= $tmp;
      last if $tmp =~ /;\s*$/;
      last if($block and $tmp =~ /\s*[}{]\s*$/);
    }
  $str =~ s/;$//;
@ -102,16 +162,25 @@ print_entry
  if (!defined ($curentry{'type'}))
    {
-      $host = hostname ();
+      $hostdn = "cn=$server, $basedn";
      $hostdn = "cn=$host, $basedn";
      print "dn: $hostdn\n";
      print "cn: $server\n";
      print "objectClass: top\n";
      print "objectClass: dhcpServer\n";
-      print "cn: $host\n";
+      print "dhcpServiceDN: $current_dn\n";
-      print "dhcpServiceDN: $current_dn\n\n";
+      if(grep(/FaIlOvEr/i, @use))
        {
          foreach my $fo_peer (keys %failover)
            {
              next if(scalar(@{$failover{$fo_peer}}) <= 1);
              print "dhcpStatements: failover peer $fo_peer { ",
                    join('; ', @{$failover{$fo_peer}}), "; }\n";
            }
        }
      print "\n";
      print "dn: $current_dn\n";
-      print "cn: DHCP Config\n";
+      print "cn: $dhcpcn\n";
      print "objectClass: top\n";
      print "objectClass: dhcpService\n";
      if (defined ($curentry{'options'}))
@ -119,6 +188,10 @@ print_entry
          print "objectClass: dhcpOptions\n";
        }
      print "dhcpPrimaryDN: $hostdn\n";
      if(grep(/FaIlOvEr/i, @use) and ($second ne ''))
        {
          print "dhcpSecondaryDN: $second\n";
        }
    }
  elsif ($curentry{'type'} eq 'subnet')
    {
@ -132,9 +205,12 @@ print_entry
        }
      print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
-      if (defined ($curentry{'range'}))
+      if (defined ($curentry{'ranges'}))
        {
-          print "dhcpRange: " . $curentry{'range'} . "\n";
+          foreach $statement (@{$curentry{'ranges'}})
            {
              print "dhcpRange: $statement\n";
            }
        }
    }
  elsif ($curentry{'type'} eq 'shared-network')
@ -151,7 +227,7 @@ print_entry
  elsif ($curentry{'type'} eq 'group')
    {
      print "dn: $current_dn\n";
-      print "cn: group\n";
+      print "cn: group", $curentry{'idx'}, "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpGroup\n";
      if (defined ($curentry{'options'}))
@ -172,13 +248,14 @@ print_entry
      if (defined ($curentry{'hwaddress'}))
        {
          $curentry{'hwaddress'} =~ y/[A-Z]/[a-z]/;
          print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
        }
    }
  elsif ($curentry{'type'} eq 'pool')
    {
      print "dn: $current_dn\n";
-      print "cn: pool\n";
+      print "cn: pool", $curentry{'idx'}, "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpPool\n";
      if (defined ($curentry{'options'}))
@ -186,9 +263,12 @@ print_entry
          print "objectClass: dhcpOptions\n";
        }
-      if (defined ($curentry{'range'}))
+      if (defined ($curentry{'ranges'}))
        {
-          print "dhcpRange: " . $curentry{'range'} . "\n";
+          foreach $statement (@{$curentry{'ranges'}})
            {
              print "dhcpRange: $statement\n";
            }
        }
    }
  elsif ($curentry{'type'} eq 'class')
@ -285,6 +365,8 @@ sub parse_subnet
  $curentry{'type'} = 'subnet';
  $curentry{'ip'} = $ip;
  $curentry{'netmask'} = $netmask;
  $cursubnet = $ip;
  $curcounter{$ip} = { pool  => 0, group => 0 };
 }
@ -336,8 +418,16 @@ sub parse_group
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq '{');
-  add_dn_to_stack ("cn=group");
+  my $idx;
  if(exists($curcounter{$cursubnet})) {
    $idx = ++$curcounter{$cursubnet}->{'group'};
  } else {
    $idx = ++$curcounter{''}->{'group'};
  }
  add_dn_to_stack ("cn=group".$idx);
  $curentry{'type'} = 'group';
  $curentry{'idx'} = $idx;
 }
@ -351,8 +441,16 @@ sub parse_pool
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq '{');
-  add_dn_to_stack ("cn=pool");
+  my $idx;
  if(exists($curcounter{$cursubnet})) {
    $idx = ++$curcounter{$cursubnet}->{'pool'};
  } else {
    $idx = ++$curcounter{''}->{'pool'};
  }
  add_dn_to_stack ("cn=pool".$idx);
  $curentry{'type'} = 'pool';
  $curentry{'idx'} = $idx;
 }
@ -403,10 +501,10 @@ sub parse_hwaddress
 {
  local ($type, $hw, $tmp);
-  $type = next_token (0);
+  $type = next_token (1);
  parse_error () if !defined ($type);
-  $hw = next_token (0);
+  $hw = next_token (1);
  parse_error () if !defined ($hw);
  $hw =~ s/;$//;
@ -423,7 +521,7 @@ sub parse_range
  if (!($str eq ''))
    {
      $str =~ s/;$//;
-      $curentry{'range'} = $str;
+      push (@{$curentry{'ranges'}}, $str);
    }
 }
@ -438,6 +536,65 @@ sub parse_statement
      $str = remaining_line ();
      push (@{$curentry{'options'}}, $str);
    }
  elsif($token eq 'failover')
    {
      $str = remaining_line (1); # take care on block
      if($str =~ /[{]/)
        {
          my ($peername, @statements);
          parse_error() if($str !~ /^\s*peer\s+(.+?)\s+[{]\s*$/);
          parse_error() if(($peername = $1) !~ /^\"?[^\"]+\"?$/);
          #
          # failover config block found:
          # e.g. 'failover peer "some-name" {'
          #
          if(not grep(/FaIlOvEr/i, @use))
            {
              print STDERR "Warning: Failover config 'peer $peername' found!\n";
              print STDERR "         Skipping it, since failover disabled!\n";
              print STDERR "         You may try out --use=failover option.\n";
            }
          until($str =~ /[}]/ or $str eq "")
            {
                $str = remaining_line (1);
                # collect all statements, except ending '}'
                push(@statements, $str) if($str !~ /[}]/);
            }
          $failover{$peername} = [@statements];
        }
      else
        {
          #
          # pool reference to failover config is fine
          # e.g. 'failover peer "some-name";'
          #
          if(not grep(/FaIlOvEr/i, @use))
            {
              print STDERR "Warning: Failover reference '$str' found!\n";
              print STDERR "         Skipping it, since failover disabled!\n";
              print STDERR "         You may try out --use=failover option.\n";
            }
          else
            {
              push (@{$curentry{'statements'}}, $token. " " . $str);
            }
        }
    }
  elsif($token eq 'zone')
    {
      $str = $token;
      while($str !~ /}$/) {
        $str .= ' ' . next_token (0);
      }
      push (@{$curentry{'statements'}}, $str);
    }
  elsif($token =~ /^(authoritative)[;]*$/)
    {
      push (@{$curentry{'statements'}}, $1);
    }
  else
    {
      $str = $token . " " . remaining_line ();
@ -446,21 +603,103 @@ sub parse_statement
 }
 my $ok = GetOptions(
    'basedn=s'      => \$basedn,
    'dhcpdn=s'      => \$dhcpdn,
    'server=s'      => \$server,
    'second=s'      => \$second,
    'conf=s'        => \$i_conf,
    'ldif=s'        => \$o_ldif,
    'use=s'         => \@use,
    'h|help|usage'  => sub { usage(0); },
 );
 unless($server =~ /^\w+/)
  {
    usage(1, "invalid server name '$server'");
  }
 unless($basedn =~ /^\w+=[^,]+/)
  {
    usage(1, "invalid base dn '$basedn'");
  }
 if($dhcpdn =~ /^cn=([^,]+)/i)
  {
    $dhcpcn = "$1";
  }
 $second = '' if not defined $second;
 unless($second eq '' or $second =~ /^cn=[^,]+\s*,\s*\w+=[^,]+/i)
  {
    if($second =~ /^cn=[^,]+$/i)
      {
        # relative DN 'cn=name'
        $second = "$second, $basedn";
      }
    elsif($second =~ /^\w+/)
      {
        # assume hostname only
        $second = "cn=$second, $basedn";
      }
    else
      {
        usage(1, "invalid secondary '$second'")
      }
  }
 usage(1) unless($ok);
 if($i_conf ne "" and -f $i_conf)
  {
    if(not open(STDIN, '<', $i_conf))
      {
        print STDERR "Error: can't open conf file '$i_conf': $!\n";
        exit(1);
      }
  }
 if($o_ldif ne "")
  {
    if(-e $o_ldif)
      {
        print STDERR "Error: output ldif name '$o_ldif' already exists!\n";
        exit(1);
      }
    if(not open(STDOUT, '>', $o_ldif))
      {
        print STDERR "Error: can't open ldif file '$o_ldif': $!\n";
        exit(1);
      }
  }
 print STDERR "Creating LDAP Configuration with the following options:\n";
 print STDERR "\tBase DN: $basedn\n";
 print STDERR "\tDHCP DN: $dhcpdn\n";
 print STDERR "\tServer DN: cn=$server, $basedn\n";
 print STDERR "\tSecondary DN: $second\n"
             if(grep(/FaIlOvEr/i, @use) and $second ne '');
 print STDERR "\n";
 my $token;
 my $token_number = 0;
 my $line_number = 0;
 my %curentry;
 my $cursubnet = '';
 my %curcounter = ( '' => { pool => 0, group => 0 } );
-$current_dn = "cn=DHCP Config, $basedn";
+$current_dn = "$dhcpdn";
-$curentry{'descr'} = 'DHCP Config';
+$curentry{'descr'} = $dhcpcn;
 $line = '';
 %failover = ();
 while (($token = next_token (1)))
  {
    if ($token eq '}')
      {
        print_entry () if %curentry;
-        remove_dn_from_stack ();
+        if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
          # don't go below dhcpdn ...
          remove_dn_from_stack ();
        }
      }
    elsif ($token eq 'subnet')
      {
@ -514,4 +753,8 @@ while (($token = next_token (1)))
      }
  }
 close(STDIN)  if($i_conf);
 close(STDOUT) if($o_ldif);
 print STDERR "Done.\n";
--- a/dhcpd.conf.5
+++ b/dhcpd.conf.5
--- a/dhcpd.init
+++ b/dhcpd.init
@ -2,8 +2,8 @@
 #
 ### BEGIN INIT INFO
 # Provides: dhcpd
-# Default-Start: 2 3 4 5
+# Default-Start:
-# Default-Stop: 0 1 6
+# Default-Stop:
 # Should-Start:
 # Required-Start: $network
 # Required-Stop:
@ -14,7 +14,7 @@
 #
 # The fields below are left around for legacy tools (will remove later).
 #
-# chkconfig: - 65 35
+# chkconfig: -
 # description: dhcpd provides the Dynamic Host Configuration Protocol (DHCP) \
 #              server
 # processname: dhcpd
@ -30,6 +30,7 @@ prog=dhcpd
 dhcpd=/usr/sbin/dhcpd
 lockfile=/var/lock/subsys/dhcpd
 pidfile=/var/run/dhcpd.pid
 statedir=/var/lib/dhcpd
 [ -f /etc/sysconfig/dhcpd ] && . /etc/sysconfig/dhcpd
@ -50,10 +51,10 @@ findConfig() {
 conf="$(findConfig "$DHCPDARGS")"
-if [ ! -f /var/lib/dhcpd/dhcpd.leases ] ; then
+if [ ! -f $statedir/dhcpd.leases ] ; then
-    mkdir -p /var/lib/dhcpd
+    mkdir -p $statedir
-    touch /var/lib/dhcpd/dhcpd.leases
+    touch $statedir/dhcpd.leases
-    [ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon /var/lib/dhcpd/dhcpd.leases >/dev/null 2>&1
+    [ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon $statedir/dhcpd.leases >/dev/null 2>&1
 fi
 configtest() {
--- a/dhcrelay.init
+++ b/dhcrelay.init
@ -2,8 +2,8 @@
 #
 ### BEGIN INIT INFO
 # Provides: dhcrelay
-# Default-Start: 2 3 4 5
+# Default-Start:
-# Default-Stop: 0 1 6
+# Default-Stop:
 # Should-Start:
 # Required-Start: $network
 # Required-Stop:
@ -15,7 +15,7 @@
 #
 # The fields below are left around for legacy tools (will remove later).
 #
-# chkconfig: - 66 34
+# chkconfig: -
 # description: dhcrelay provides a relay for Dynamic Host Control Protocol.
 # processname: dhcrelay
 # # pidfile: /var/run/dhcrelay.pid
--- a/get-ldap-patch.sh
+++ b/get-ldap-patch.sh
@ -0,0 +1,26 @@
 #!/bin/bash
 #
 # Fetch latest version of LDAP patch.  The patch is downloaded and split in
 # the ldap/ subdirectory.  It is up to the packager to merge the updates with
 # the RPM.
 #
 # Upstream: http://home.ntelos.net/~masneyb/
 #
 # David Cantrell <dcantrell@redhat.com>
 #
 CWD=$(pwd)
 rm -f masneyb.html-$$
 wget -O masneyb.html-$$ http://home.ntelos.net/~masneyb
 p="$(grep "ldap-patch" masneyb.html-$$ | cut -d '>' -f 3 | cut -d '<' -f 1)"
 rm -f masneyb.html-$$
 rm -rf ldap/
 mkdir -p ldap/
 cd ldap/
 wget -N http://home.ntelos.net/~masneyb/$p
 splitdiff -a -d $p
 rm -f $p
 rm -f *_debian_*