]> git.pld-linux.org Git - packages/dhcp.git/blame - dhcp-ldap.patch
projects / packages / dhcp.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- added URL
[packages/dhcp.git] / dhcp-ldap.patch
CommitLineData
1097e9ca 1diff -Pru dhcp-3.0.1rc13/Changelog-LDAP dhcp-3.0.1rc13-ldap/Changelog-LDAP
2--- dhcp-3.0.1rc13/Changelog-LDAP 1969-12-31 19:00:00.000000000 -0500
3+++ dhcp-3.0.1rc13-ldap/Changelog-LDAP 2004-03-30 13:58:37.000000000 -0500
4@@ -0,0 +1,29 @@
5+2004-3-30 Brian Masney <masneyb@ntelos.net>
6+ * contrib/dhcpd-conf-to-ldap.pl - added option to control the
7+ DHCP Config DN. Wrap the DHCP Statements in { }
8+ This patch was contributed by Marius Tomaschewski <mt@suse.de>
9+
10+ * server/ldap.c - changed ldap_username and ldap_password to
11+ be optional (anonymous bind is used then). Added {} block support
12+ to dhcpStatements. (no ";" at end if statement ends with a "}").
13+ Fixed writing to ldap-debug-file. Changed find_haddr_in_ldap() to
14+ use dhcpHost objectClass in its filter
15+ This patch was contributed by Marius Tomaschewski <mt@suse.de>
16+
17+2004-3-23 Brian Masney <masneyb@ntelos.net>
18+ * contrib/dhcpd-conf-to-ldap.pl - added options for server, basedn
19+ options and usage message (Net::Domain instead of SYS::Hostname).
20+ Added handling of zone, authoritative and failover (config and
21+ pool-refs) statements. Added numbering of groups and pools per
22+ subnet. This patch was contributed by Marius Tomaschewski <mt@suse.de>
23+
24+2004-2-26 Brian Masney <masneyb@ntelos.net>
25+ * fixed an instance where the LDAP server would restart, but the DHCP
26+ server would not reconnect
27+
28+2004-2-18 Brian Masney <masneyb@ntelos.net>
29+ * allow multiple dhcp*DN entries in the LDAP entry.
30+
31+2003-9-11 Brian Masney <masneyb@ntelos.net>
32+ * updated patch to work with 3.0.1rc12
33+
34diff -Pru dhcp-3.0.1rc13/README.ldap dhcp-3.0.1rc13-ldap/README.ldap
35--- dhcp-3.0.1rc13/README.ldap 1969-12-31 19:00:00.000000000 -0500
36+++ dhcp-3.0.1rc13-ldap/README.ldap 2004-03-30 14:01:49.000000000 -0500
37@@ -0,0 +1,166 @@
38+LDAP Support in DHCP
39+Brian Masney <masneyb@ntelos.net>
40+Last updated 3/23/2003
41+
42+This document describes setting up the DHCP server to read it's configuration
43+from LDAP. This work is based on the IETF document
44+draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest
45+version of this document, please see http://home.ntelos.net/~masneyb.
46+
47+First question on most people's mind is "Why do I want to store my
48+configuration in LDAP?" If you run a small DHCP server, and the configuration
49+on it rarely changes, then you won't need to store your configuration in LDAP.
50+But, if you have several DHCP servers, and you want an easy way to manage your
51+configuration, this can be a solution.
52+
53+The first step will be to setup your LDAP server. I am using OpenLDAP from
54+www.openldap.org. Building and installing OpenLDAP is beyond the scope of this
55+document. There is plenty of documentation out there about this. Once you have
56+OpenLDAP installed, you will have to edit your slapd.conf file. I added the
57+following 2 lines to my configuration file:
58+
59+include /etc/ldap/schema/dhcp.schema
60+index dhcpHWAddress eq
61+index dhcpClassData eq
62+
63+The first line tells it to include the dhcp schema file. You will find this
64+file under the contrib directory in this distribution. You will need to copy
65+this file to where your other schema files are (maybe
66+/usr/local/openldap/etc/openldap/schema/). The second line sets up
67+an index for the dhcpHWAddress parameter. The third parameter is for reading
68+subclasses from LDAP every time a DHCP request comes in. Make sure you run the
69+slapindex command and restart slapd to have these changes to into effect.
70+
71+Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/)
72+to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click
73+on the Schema tab. Go under objectClasses, and you should see at least the
74+following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions,
75+dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and
76+dhcpSubnet. If you do not see these, you need to check over your LDAP
77+configuration before you go any further.
78+
79+You should be ready to build DHCP. Edit the includes/site.h file and uncomment
80+the #define LDAP_CONFIGURATION. If you would like to enable LDAP over SSL,
81+uncomment the USE_SSL line as well. Now run configure in the base source
82+directory. Edit the work.os/server/Makefile and add -lldap to the LIBS= line.
83+(replace os with your operating system, linux-2.2 on my machine). If you
84+enabled SSL, you will also need to add -lcrypto -lssl. You should now be able
85+to type make to build your DHCP server.
86+
87+Once you have DHCP installed, you will need to setup your initial plaintext
88+config file. In my /etc/dhcpd.conf file, I have:
89+
90+ldap-server "localhost";
91+ldap-port 389;
92+ldap-username "cn=DHCP User, dc=ntelos, dc=net";
93+ldap-password "blah";
94+ldap-base-dn "dc=ntelos, dc=net";
95+ldap-method dynamic;
96+ldap-debug-file "/var/log/dhcp-ldap-startup.log";
97+
98+All of these parameters should be self explanatory except for the ldap-method.
99+You can set this to static or dynamic. If you set it to static, the
100+configuration is read once on startup, and LDAP isn't used anymore. But, if you
101+set this to dynamic, the configuration is read once on startup, and the
102+hosts that are stored in LDAP are looked up every time a DHCP request comes in.
103+
104+When the optional statement ldap-debug-file is specified, on startup the DHCP
105+server will write out the configuration that it generated from LDAP. If you are
106+getting errors about your LDAP configuration, this is a good place to start
107+looking.
108+
109+The next step is to set up your LDAP tree. Here is an example config that will
110+give a 10.100.0.x address to machines that have a host entry in LDAP.
111+Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace
112+dc=ntelos, dc=net with your base dn). If you would like to convert your
113+existing dhcpd.conf file to LDIF format, there is a script
114+contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type
115+dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
116+
117+# You must specify the server's host name in LDAP that you are going to run
118+# DHCP on and point it to which config tree you want to use. Whenever DHCP
119+# first starts up, it will do a search for this entry to find out which
120+# config to use
121+dn: cn=brian.ntelos.net, dc=ntelos, dc=net
122+objectClass: top
123+objectClass: dhcpServer
124+cn: brian.ntelos.net
125+dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
126+
127+# Here is the config tree that brian.ntelos.net points to.
128+dn: cn=DHCP Service Config, dc=ntelos, dc=net
129+cn: DHCP Service Config
130+objectClass: top
131+objectClass: dhcpService
132+dhcpPrimaryDN: dc=ntelos, dc=net
133+dhcpStatements: ddns-update-style none
134+dhcpStatements: default-lease-time 600
135+dhcpStatements: max-lease-time 7200
136+
137+# Set up a shared network segment
138+dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
139+cn: WV
140+objectClass: top
141+objectClass: dhcpSharedNetwork
142+
143+# Set up a subnet declaration with a pool statement. Also note that we have
144+# a dhcpOptions object with this entry
145+dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
146+cn: 10.100.0.0
147+objectClass: top
148+objectClass: dhcpSubnet
149+objectClass: dhcpOptions
150+dhcpOption: domain-name-servers 10.100.0.2
151+dhcpOption: routers 10.100.0.1
152+dhcpOption: subnet-mask 255.255.255.0
153+dhcpOption: broadcast-address 10.100.0.255
154+dhcpNetMask: 24
155+
156+# Set up a pool for this subnet. Only known hosts will get these IPs
157+dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
158+cn: Known Pool
159+objectClass: top
160+objectClass: dhcpPool
161+dhcpRange: 10.100.0.3 10.100.0.254
162+dhcpPermitList: deny unknown-clients
163+
164+# Set up another subnet declaration with a pool statement
165+dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
166+cn: 10.200.0.0
167+objectClass: top
168+objectClass: dhcpSubnet
169+objectClass: dhcpOptions
170+dhcpOption: domain-name-servers 10.200.0.2
171+dhcpOption: routers 10.200.0.1
172+dhcpOption: subnet-mask 255.255.255.0
173+dhcpOption: broadcast-address 10.200.0.255
174+dhcpNetMask: 24
175+
176+# Set up a pool for this subnet. Only unknown hosts will get these IPs
177+dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
178+cn: Known Pool
179+objectClass: top
180+objectClass: dhcpPool
181+dhcpRange: 10.200.0.3 10.200.0.254
182+dhcpPermitList: deny known clients
183+
184+# Set aside a group for all of our known MAC addresses
185+dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
186+objectClass: top
187+objectClass: dhcpGroup
188+cn: Customers
189+
190+# Host entry for my laptop
191+dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
192+objectClass: top
193+objectClass: dhcpHost
194+cn: brianlaptop
195+dhcpHWAddress: ethernet 00:00:00:00:00:00
196+
197+You can use the command slapadd to load all of these entries into your LDAP
198+server. After you load this, you should be able to start up DHCP. If you run
199+into problems reading the configuration, try running dhcpd with the -d flag.
200+If you still have problems, edit the site.conf file in the DHCP source and
201+add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make
202+clean and rerun configure before you rebuild).
203+
204diff -Pru dhcp-3.0.1rc13/common/conflex.c dhcp-3.0.1rc13-ldap/common/conflex.c
205--- dhcp-3.0.1rc13/common/conflex.c 2002-11-16 21:26:56.000000000 -0500
206+++ dhcp-3.0.1rc13-ldap/common/conflex.c 2004-03-23 13:49:03.000000000 -0500
207@@ -56,6 +56,7 @@
208 static enum dhcp_token read_number PROTO ((int, struct parse *));
209 static enum dhcp_token read_num_or_name PROTO ((int, struct parse *));
210 static enum dhcp_token intern PROTO ((char *, enum dhcp_token));
211+static char read_function PROTO ((struct parse *));
212
213 isc_result_t new_parse (cfile, file, inbuf, buflen, name, eolp)
214 struct parse **cfile;
215@@ -83,6 +84,10 @@
216 tmp -> file = file;
217 tmp -> eol_token = eolp;
218
219+ if (file != -1) {
220+ tmp -> read_function = read_function;;
221+ }
222+
223 tmp -> bufix = 0;
224 tmp -> buflen = buflen;
225 if (inbuf) {
226@@ -118,22 +123,11 @@
227 int c;
228
229 if (cfile -> bufix == cfile -> buflen) {
230- if (cfile -> file != -1) {
231- cfile -> buflen =
232- read (cfile -> file,
233- cfile -> inbuf, cfile -> bufsiz);
234- if (cfile -> buflen == 0) {
235- c = EOF;
236- cfile -> bufix = 0;
237- } else if (cfile -> buflen < 0) {
238- c = EOF;
239- cfile -> bufix = cfile -> buflen = 0;
240- } else {
241- c = cfile -> inbuf [0];
242- cfile -> bufix = 1;
243- }
244- } else
245+ if (cfile -> read_function) {
246+ c = cfile -> read_function (cfile);
247+ } else {
248 c = EOF;
249+ }
250 } else {
251 c = cfile -> inbuf [cfile -> bufix];
252 cfile -> bufix++;
253@@ -1080,3 +1074,25 @@
254 }
255 return dfv;
256 }
257+
258+
259+static char
260+read_function (struct parse * cfile)
261+{
262+ char c;
263+
264+ cfile -> buflen = read (cfile -> file, cfile -> inbuf, cfile -> bufsiz);
265+ if (cfile -> buflen == 0) {
266+ c = EOF;
267+ cfile -> bufix = 0;
268+ } else if (cfile -> buflen < 0) {
269+ c = EOF;
270+ cfile -> bufix = cfile -> buflen = 0;
271+ } else {
272+ c = cfile -> inbuf [0];
273+ cfile -> bufix = 1;
274+ }
275+
276+ return c;
277+}
278+
279diff -Pru dhcp-3.0.1rc13/common/print.c dhcp-3.0.1rc13-ldap/common/print.c
280--- dhcp-3.0.1rc13/common/print.c 2003-03-30 22:06:56.000000000 -0500
281+++ dhcp-3.0.1rc13-ldap/common/print.c 2004-03-23 13:49:03.000000000 -0500
282@@ -175,9 +175,9 @@
283 }
284
285 char *print_hw_addr (htype, hlen, data)
286- int htype;
287- int hlen;
288- unsigned char *data;
289+ const int htype;
290+ const int hlen;
291+ const unsigned char *data;
292 {
293 static char habuf [49];
294 char *s;
295diff -Pru dhcp-3.0.1rc13/contrib/dhcp.schema dhcp-3.0.1rc13-ldap/contrib/dhcp.schema
296--- dhcp-3.0.1rc13/contrib/dhcp.schema 1969-12-31 19:00:00.000000000 -0500
297+++ dhcp-3.0.1rc13-ldap/contrib/dhcp.schema 2004-03-23 13:49:03.000000000 -0500
298@@ -0,0 +1,343 @@
299+attributetype ( 2.16.840.1.113719.1.203.4.1
300+ NAME 'dhcpPrimaryDN'
301+ EQUALITY distinguishedNameMatch
302+ DESC 'The DN of the dhcpServer which is the primary server for the configuration.'
303+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
304+
305+attributetype ( 2.16.840.1.113719.1.203.4.2
306+ NAME 'dhcpSecondaryDN'
307+ EQUALITY distinguishedNameMatch
308+ DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
309+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
310+
311+attributetype ( 2.16.840.1.113719.1.203.4.3
312+ NAME 'dhcpStatements'
313+ EQUALITY caseIgnoreIA5Match
314+ DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.'
315+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
316+
317+attributetype ( 2.16.840.1.113719.1.203.4.4
318+ NAME 'dhcpRange'
319+ EQUALITY caseIgnoreIA5Match
320+ DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen. Each range is defined as a separate value.'
321+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
322+
323+attributetype ( 2.16.840.1.113719.1.203.4.5
324+ NAME 'dhcpPermitList'
325+ EQUALITY caseIgnoreIA5Match
326+ DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.'
327+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
328+
329+attributetype ( 2.16.840.1.113719.1.203.4.6
330+ NAME 'dhcpNetMask'
331+ EQUALITY integerMatch
332+ DESC 'The subnet mask length for the subnet. The mask can be easily computed from this length.'
333+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
334+
335+attributetype ( 2.16.840.1.113719.1.203.4.7
336+ NAME 'dhcpOption'
337+ EQUALITY caseIgnoreIA5Match
338+ DESC 'Encoded option values to be sent to clients. Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.'
339+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
340+
341+attributetype ( 2.16.840.1.113719.1.203.4.8
342+ NAME 'dhcpClassData'
343+ EQUALITY caseIgnoreIA5Match
344+ DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons. Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.'
345+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
346+
347+attributetype ( 2.16.840.1.113719.1.203.4.9
348+ NAME 'dhcpOptionsDN'
349+ EQUALITY distinguishedNameMatch
350+ DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.'
351+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
352+
353+attributetype ( 2.16.840.1.113719.1.203.4.10
354+ NAME 'dhcpHostDN'
355+ EQUALITY distinguishedNameMatch
356+ DESC 'the distinguished name(s) of the dhcpHost objects.'
357+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
358+
359+attributetype ( 2.16.840.1.113719.1.203.4.11
360+ NAME 'dhcpPoolDN'
361+ EQUALITY distinguishedNameMatch
362+ DESC 'The distinguished name(s) of pools.'
363+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
364+
365+attributetype ( 2.16.840.1.113719.1.203.4.12
366+ NAME 'dhcpGroupDN'
367+ EQUALITY distinguishedNameMatch
368+ DESC 'The distinguished name(s) of the groups.'
369+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
370+
371+attributetype ( 2.16.840.1.113719.1.203.4.13
372+ NAME 'dhcpSubnetDN'
373+ EQUALITY distinguishedNameMatch
374+ DESC 'The distinguished name(s) of the subnets.'
375+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
376+
377+attributetype ( 2.16.840.1.113719.1.203.4.14
378+ NAME 'dhcpLeaseDN'
379+ EQUALITY distinguishedNameMatch
380+ DESC 'The distinguished name of a client address.'
381+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
382+
383+attributetype ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN'
384+ DESC 'The distinguished name(s) client addresses.'
385+ EQUALITY distinguishedNameMatch
386+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
387+
388+attributetype ( 2.16.840.1.113719.1.203.4.16
389+ NAME 'dhcpClassesDN'
390+ EQUALITY distinguishedNameMatch
391+ DESC 'The distinguished name(s) of a class(es) in a subclass.'
392+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
393+
394+attributetype ( 2.16.840.1.113719.1.203.4.17
395+ NAME 'dhcpSubclassesDN'
396+ EQUALITY distinguishedNameMatch
397+ DESC 'The distinguished name(s) of subclass(es).'
398+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
399+
400+attributetype ( 2.16.840.1.113719.1.203.4.18
401+ NAME 'dhcpSharedNetworkDN'
402+ EQUALITY distinguishedNameMatch
403+ DESC 'The distinguished name(s) of sharedNetworks.'
404+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
405+
406+attributetype ( 2.16.840.1.113719.1.203.4.19
407+ NAME 'dhcpServiceDN'
408+ EQUALITY distinguishedNameMatch
409+ DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.'
410+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
411+
412+attributetype ( 2.16.840.1.113719.1.203.4.20
413+ NAME 'dhcpVersion' DESC 'The version attribute of this object.'
414+ EQUALITY caseIgnoreIA5Match
415+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
416+
417+attributetype ( 2.16.840.1.113719.1.203.4.21
418+ NAME 'dhcpImplementation'
419+ EQUALITY caseIgnoreIA5Match
420+ DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.'
421+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
422+
423+attributetype ( 2.16.840.1.113719.1.203.4.22
424+ NAME 'dhcpAddressState'
425+ EQUALITY caseIgnoreIA5Match
426+ DESC 'This stores information about the current binding-status of an address. For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
427+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
428+
429+attributetype ( 2.16.840.1.113719.1.203.4.23
430+ NAME 'dhcpExpirationTime'
431+ EQUALITY generalizedTimeMatch
432+ DESC 'This is the time the current lease for an address expires.'
433+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
434+
435+attributetype ( 2.16.840.1.113719.1.203.4.24
436+ NAME 'dhcpStartTimeOfState'
437+ EQUALITY generalizedTimeMatch
438+ DESC 'This is the time of the last state change for a leased address.'
439+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
440+
441+attributetype ( 2.16.840.1.113719.1.203.4.25
442+ NAME 'dhcpLastTransactionTime'
443+ EQUALITY generalizedTimeMatch
444+ DESC 'This is the last time a valid DHCP packet was received from the client.'
445+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
446+
447+attributetype ( 2.16.840.1.113719.1.203.4.26
448+ NAME 'dhcpBootpFlag'
449+ EQUALITY booleanMatch
450+ DESC 'This indicates whether the address was assigned via BOOTP.'
451+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
452+
453+attributetype ( 2.16.840.1.113719.1.203.4.27
454+ NAME 'dhcpDomainName'
455+ EQUALITY caseIgnoreIA5Match
456+ DESC 'This is the name of the domain sent to the client by the server. It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN. To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".'
457+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
458+
459+attributetype ( 2.16.840.1.113719.1.203.4.28
460+ NAME 'dhcpDnsStatus'
461+ EQUALITY integerMatch
462+ DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address. The value is a 16-bit bitmask.'
463+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
464+
465+attributetype ( 2.16.840.1.113719.1.203.4.29
466+ NAME 'dhcpRequestedHostName'
467+ EQUALITY caseIgnoreIA5Match
468+ DESC 'This is the hostname that was requested by the client.'
469+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
470+
471+attributetype ( 2.16.840.1.113719.1.203.4.30
472+ NAME 'dhcpAssignedHostName'
473+ EQUALITY caseIgnoreIA5Match
474+ DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.'
475+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
476+
477+attributetype ( 2.16.840.1.113719.1.203.4.31
478+ NAME 'dhcpReservedForClient'
479+ EQUALITY distinguishedNameMatch
480+ DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
481+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
482+
483+attributetype ( 2.16.840.1.113719.1.203.4.32
484+ NAME 'dhcpAssignedToClient'
485+ EQUALITY distinguishedNameMatch
486+ DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to. This attribute is only present in the class when the address is leased.'
487+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
488+
489+attributetype ( 2.16.840.1.113719.1.203.4.33
490+ NAME 'dhcpRelayAgentInfo'
491+ EQUALITY octetStringMatch
492+ DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.'
493+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
494+
495+attributetype ( 2.16.840.1.113719.1.203.4.34
496+ NAME 'dhcpHWAddress'
497+ EQUALITY octetStringMatch
498+ DESC 'The clients hardware address that requested this IP address.'
499+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
500+
501+attributetype ( 2.16.840.1.113719.1.203.4.35
502+ NAME 'dhcpHashBucketAssignment'
503+ EQUALITY octetStringMatch
504+ DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].'
505+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
506+
507+attributetype ( 2.16.840.1.113719.1.203.4.36
508+ NAME 'dhcpDelayedServiceParameter'
509+ EQUALITY integerMatch
510+ DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
511+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
512+
513+attributetype ( 2.16.840.1.113719.1.203.4.37
514+ NAME 'dhcpMaxClientLeadTime'
515+ EQUALITY integerMatch
516+ DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]'
517+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
518+
519+attributetype ( 2.16.840.1.113719.1.203.4.38
520+ NAME 'dhcpFailOverEndpointState'
521+ EQUALITY caseIgnoreIA5Match
522+ DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]'
523+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
524+
525+attributetype ( 2.16.840.1.113719.1.203.4.39
526+ NAME 'dhcpErrorLog'
527+ EQUALITY caseIgnoreIA5Match
528+ DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
529+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
530+
531+# Classes
532+
533+objectclass ( 2.16.840.1.113719.1.203.6.1
534+ NAME 'dhcpService'
535+ DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
536+ SUP top
537+ MUST (cn $ dhcpPrimaryDN)
538+ MAY ( dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $
539+ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $
540+ dhcpStatements ) )
541+
542+objectclass ( 2.16.840.1.113719.1.203.6.2
543+ NAME 'dhcpSharedNetwork'
544+ DESC 'This stores configuration information for a shared network.'
545+ SUP top
546+ MUST cn
547+ MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements)
548+ X-NDS_CONTAINMENT ('dhcpService' ) )
549+
550+objectclass ( 2.16.840.1.113719.1.203.6.3
551+ NAME 'dhcpSubnet'
552+ DESC 'This class defines a subnet. This is a container object.'
553+ SUP top
554+ MUST ( cn $ dhcpNetMask )
555+ MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $
556+ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements)
557+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
558+
559+objectclass ( 2.16.840.1.113719.1.203.6.4
560+ NAME 'dhcpPool'
561+ DESC 'This stores configuration information about a pool.'
562+ SUP top
563+ MUST ( cn $ dhcpRange )
564+ MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
565+ dhcpStatements)
566+ X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
567+
568+objectclass ( 2.16.840.1.113719.1.203.6.5
569+ NAME 'dhcpGroup'
570+ DESC 'Group object that lists host DNs and parameters. This is a container object.'
571+ SUP top
572+ MUST cn
573+ MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements )
574+ X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
575+
576+objectclass ( 2.16.840.1.113719.1.203.6.6
577+ NAME 'dhcpHost'
578+ DESC 'This represents information about a particular client'
579+ SUP top
580+ MUST cn
581+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements)
582+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
583+
584+objectclass ( 2.16.840.1.113719.1.203.6.7
585+ NAME 'dhcpClass'
586+ DESC 'Represents information about a collection of related clients.'
587+ SUP top
588+ MUST cn
589+ MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements)
590+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
591+
592+objectclass ( 2.16.840.1.113719.1.203.6.8
593+ NAME 'dhcpSubClass'
594+ DESC 'Represents information about a collection of related classes.'
595+ SUP top
596+ MUST cn
597+ MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements)
598+ X-NDS_CONTAINMENT 'dhcpClass' )
599+
600+objectclass ( 2.16.840.1.113719.1.203.6.9
601+ NAME 'dhcpOptions'
602+ DESC 'Represents information about a collection of options defined.'
603+ SUP top AUXILIARY
604+ MUST cn
605+ MAY ( dhcpOption )
606+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet'
607+ 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
608+
609+objectclass ( 2.16.840.1.113719.1.203.6.10
610+ NAME 'dhcpLeases'
611+ DESC 'This class represents an IP Address, which may or may not have been leased.'
612+ SUP top
613+ MUST ( cn $ dhcpAddressState )
614+ MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $
615+ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $
616+ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $
617+ dhcpReservedForClient $ dhcpAssignedToClient $
618+ dhcpRelayAgentInfo $ dhcpHWAddress )
619+ X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
620+
621+objectclass ( 2.16.840.1.113719.1.203.6.11
622+ NAME 'dhcpLog'
623+ DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.'
624+ SUP top
625+ MUST ( cn )
626+ MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $
627+ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $
628+ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $
629+ dhcpReservedForClient $ dhcpAssignedToClient $
630+ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
631+ X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet'
632+ 'dhcpSharedNetwork' 'dhcpService' ) )
633+
634+objectclass ( 2.16.840.1.113719.1.203.6.12
635+ NAME 'dhcpServer'
636+ DESC 'DHCP Server Object'
637+ SUP top
638+ MUST (cn $ dhcpServiceDN)
639+ MAY (dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements)
640+ X-NDS_CONTAINMENT ('o' 'ou' 'dc') )
641+
642diff -Pru dhcp-3.0.1rc13/contrib/dhcpd-conf-to-ldap.pl dhcp-3.0.1rc13-ldap/contrib/dhcpd-conf-to-ldap.pl
643--- dhcp-3.0.1rc13/contrib/dhcpd-conf-to-ldap.pl 1969-12-31 19:00:00.000000000 -0500
644+++ dhcp-3.0.1rc13-ldap/contrib/dhcpd-conf-to-ldap.pl 2004-03-30 13:30:34.000000000 -0500
645@@ -0,0 +1,621 @@
646+#!/usr/bin/perl -w
647+
648+# Brian Masney <masneyb@ntelos.net>
649+# To use this script, set your base DN below. Then run
650+# ./dhcpd-conf-to-ldap.pl < /path-to-dhcpd-conf/dhcpd.conf > output-file
651+# The output of this script will generate entries in LDIF format. You can use
652+# the slapadd command to add these entries into your LDAP server. You will
653+# definately want to double check that your LDAP entries are correct before
654+# you load them into LDAP.
655+
656+# This script does not do much error checking. Make sure before you run this
657+# that the DHCP server doesn't give any errors about your config file
658+
659+use Net::Domain qw(hostname hostfqdn hostdomain);
660+use Getopt::Long;
661+
662+my $domain = hostdomain(); # your.domain
663+my $basedn = "dc=".$domain;
664+ $basedn =~ s/\./,dc=/g; # dc=your,dc=domain
665+my $server = hostname(); # hostname (nodename)
666+my $dhcpcn = 'DHCP Config'; # CN of DHCP config tree
667+my $dhcpdn = "cn=$dhcpcn, $basedn"; # DHCP config tree DN
668+
669+
670+sub usage($;$)
671+{
672+ my $rc = shift;
673+ my $err= shift;
674+
675+ print STDERR "Error: $err\n\n" if(defined $err);
676+ print STDERR <<__EOF_USAGE__;
677+usage:
678+ $0 [options] < dhcpd.conf > dhcpd.ldif
679+
680+options:
681+
682+ --basedn "dc=your,dc=domain" ("$basedn")
683+
684+ --server "dhcp server name" ("$server")
685+
686+ --dhcpdn "dhcp config DN" ("$dhcpdn")
687+
688+__EOF_USAGE__
689+ exit($rc);
690+}
691+
692+
693+sub next_token
694+{
695+ local ($lowercase) = @_;
696+ local ($token, $newline);
697+
698+ do
699+ {
700+ if (!defined ($line) || length ($line) == 0)
701+ {
702+ $line = <>;
703+ return undef if !defined ($line);
704+ chop $line;
705+ $line_number++;
706+ $token_number = 0;
707+ }
708+
709+ $line =~ s/#.*//;
710+ $line =~ s/^\s+//;
711+ $line =~ s/\s+$//;
712+ }
713+ while (length ($line) == 0);
714+
715+ if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
716+ {
717+ $line = $newline;
718+ }
719+ else
720+ {
721+ $token = $line;
722+ $line = '';
723+ }
724+ $token_number++;
725+
726+ $token =~ y/[A-Z]/[a-z]/ if $lowercase;
727+
728+ return ($token);
729+}
730+
731+
732+sub remaining_line
733+{
734+ local ($tmp, $str);
735+
736+ $str = "";
737+ while (($tmp = next_token (0)))
738+ {
739+ $str .= ' ' if !($str eq "");
740+ $str .= $tmp;
741+ last if $tmp =~ /;\s*$/;
742+ }
743+
744+ $str =~ s/;$//;
745+ return ($str);
746+}
747+
748+
749+sub
750+add_dn_to_stack
751+{
752+ local ($dn) = @_;
753+
754+ $current_dn = "$dn, $current_dn";
755+}
756+
757+
758+sub
759+remove_dn_from_stack
760+{
761+ $current_dn =~ s/^.*?,\s*//;
762+}
763+
764+
765+sub
766+parse_error
767+{
768+ print "Parse error on line number $line_number at token number $token_number\n";
769+ exit (1);
770+}
771+
772+
773+sub
774+print_entry
775+{
776+ return if (scalar keys %curentry == 0);
777+
778+ if (!defined ($curentry{'type'}))
779+ {
780+ $hostdn = "cn=$server, $basedn";
781+ print "dn: $hostdn\n";
782+ print "objectClass: top\n";
783+ print "objectClass: dhcpServer\n";
784+ print "cn: $server\n";
785+ print "dhcpServiceDN: $current_dn\n\n";
786+
787+ print "dn: $current_dn\n";
788+ print "cn: $dhcpcn\n";
789+ print "objectClass: top\n";
790+ print "objectClass: dhcpService\n";
791+ if (defined ($curentry{'options'}))
792+ {
793+ print "objectClass: dhcpOptions\n";
794+ }
795+ print "dhcpPrimaryDN: $hostdn\n";
796+ }
797+ elsif ($curentry{'type'} eq 'subnet')
798+ {
799+ print "dn: $current_dn\n";
800+ print "cn: " . $curentry{'ip'} . "\n";
801+ print "objectClass: top\n";
802+ print "objectClass: dhcpSubnet\n";
803+ if (defined ($curentry{'options'}))
804+ {
805+ print "objectClass: dhcpOptions\n";
806+ }
807+
808+ print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
809+ if (defined ($curentry{'range'}))
810+ {
811+ print "dhcpRange: " . $curentry{'range'} . "\n";
812+ }
813+ }
814+ elsif ($curentry{'type'} eq 'shared-network')
815+ {
816+ print "dn: $current_dn\n";
817+ print "cn: " . $curentry{'descr'} . "\n";
818+ print "objectClass: top\n";
819+ print "objectClass: dhcpSharedNetwork\n";
820+ if (defined ($curentry{'options'}))
821+ {
822+ print "objectClass: dhcpOptions\n";
823+ }
824+ }
825+ elsif ($curentry{'type'} eq 'group')
826+ {
827+ print "dn: $current_dn\n";
828+ print "cn: group", $curentry{'idx'}, "\n";
829+ print "objectClass: top\n";
830+ print "objectClass: dhcpGroup\n";
831+ if (defined ($curentry{'options'}))
832+ {
833+ print "objectClass: dhcpOptions\n";
834+ }
835+ }
836+ elsif ($curentry{'type'} eq 'host')
837+ {
838+ print "dn: $current_dn\n";
839+ print "cn: " . $curentry{'host'} . "\n";
840+ print "objectClass: top\n";
841+ print "objectClass: dhcpHost\n";
842+ if (defined ($curentry{'options'}))
843+ {
844+ print "objectClass: dhcpOptions\n";
845+ }
846+
847+ if (defined ($curentry{'hwaddress'}))
848+ {
849+ print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
850+ }
851+ }
852+ elsif ($curentry{'type'} eq 'pool')
853+ {
854+ print "dn: $current_dn\n";
855+ print "cn: pool", $curentry{'idx'}, "\n";
856+ print "objectClass: top\n";
857+ print "objectClass: dhcpPool\n";
858+ if (defined ($curentry{'options'}))
859+ {
860+ print "objectClass: dhcpOptions\n";
861+ }
862+
863+ if (defined ($curentry{'range'}))
864+ {
865+ print "dhcpRange: " . $curentry{'range'} . "\n";
866+ }
867+ }
868+ elsif ($curentry{'type'} eq 'class')
869+ {
870+ print "dn: $current_dn\n";
871+ print "cn: " . $curentry{'class'} . "\n";
872+ print "objectClass: top\n";
873+ print "objectClass: dhcpClass\n";
874+ if (defined ($curentry{'options'}))
875+ {
876+ print "objectClass: dhcpOptions\n";
877+ }
878+ }
879+ elsif ($curentry{'type'} eq 'subclass')
880+ {
881+ print "dn: $current_dn\n";
882+ print "cn: " . $curentry{'subclass'} . "\n";
883+ print "objectClass: top\n";
884+ print "objectClass: dhcpSubClass\n";
885+ if (defined ($curentry{'options'}))
886+ {
887+ print "objectClass: dhcpOptions\n";
888+ }
889+ print "dhcpClassData: " . $curentry{'class'} . "\n";
890+ }
891+
892+ if (defined ($curentry{'statements'}))
893+ {
894+ foreach $statement (@{$curentry{'statements'}})
895+ {
896+ print "dhcpStatements: $statement\n";
897+ }
898+ }
899+
900+ if (defined ($curentry{'options'}))
901+ {
902+ foreach $statement (@{$curentry{'options'}})
903+ {
904+ print "dhcpOption: $statement\n";
905+ }
906+ }
907+
908+ print "\n";
909+ undef (%curentry);
910+}
911+
912+
913+sub parse_netmask
914+{
915+ local ($netmask) = @_;
916+ local ($i);
917+
918+ if ((($a, $b, $c, $d) = $netmask =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) != 4)
919+ {
920+ parse_error ();
921+ }
922+
923+ $num = (($a & 0xff) << 24) |
924+ (($b & 0xff) << 16) |
925+ (($c & 0xff) << 8) |
926+ ($d & 0xff);
927+
928+ for ($i=1; $i<=32 && $num & (1 << (32 - $i)); $i++)
929+ {
930+ }
931+ $i--;
932+
933+ return ($i);
934+}
935+
936+
937+sub parse_subnet
938+{
939+ local ($ip, $tmp, $netmask);
940+
941+ print_entry () if %curentry;
942+
943+ $ip = next_token (0);
944+ parse_error () if !defined ($ip);
945+
946+ $tmp = next_token (1);
947+ parse_error () if !defined ($tmp);
948+ parse_error () if !($tmp eq 'netmask');
949+
950+ $tmp = next_token (0);
951+ parse_error () if !defined ($tmp);
952+ $netmask = parse_netmask ($tmp);
953+
954+ $tmp = next_token (0);
955+ parse_error () if !defined ($tmp);
956+ parse_error () if !($tmp eq '{');
957+
958+ add_dn_to_stack ("cn=$ip");
959+ $curentry{'type'} = 'subnet';
960+ $curentry{'ip'} = $ip;
961+ $curentry{'netmask'} = $netmask;
962+ $cursubnet = $ip;
963+ $curcounter{$ip} = { pool => 0, group => 0 };
964+}
965+
966+
967+sub parse_shared_network
968+{
969+ local ($descr, $tmp);
970+
971+ print_entry () if %curentry;
972+
973+ $descr = next_token (0);
974+ parse_error () if !defined ($descr);
975+
976+ $tmp = next_token (0);
977+ parse_error () if !defined ($tmp);
978+ parse_error () if !($tmp eq '{');
979+
980+ add_dn_to_stack ("cn=$descr");
981+ $curentry{'type'} = 'shared-network';
982+ $curentry{'descr'} = $descr;
983+}
984+
985+
986+sub parse_host
987+{
988+ local ($descr, $tmp);
989+
990+ print_entry () if %curentry;
991+
992+ $host = next_token (0);
993+ parse_error () if !defined ($host);
994+
995+ $tmp = next_token (0);
996+ parse_error () if !defined ($tmp);
997+ parse_error () if !($tmp eq '{');
998+
999+ add_dn_to_stack ("cn=$host");
1000+ $curentry{'type'} = 'host';
1001+ $curentry{'host'} = $host;
1002+}
1003+
1004+
1005+sub parse_group
1006+{
1007+ local ($descr, $tmp);
1008+
1009+ print_entry () if %curentry;
1010+
1011+ $tmp = next_token (0);
1012+ parse_error () if !defined ($tmp);
1013+ parse_error () if !($tmp eq '{');
1014+
1015+ my $idx;
1016+ if(exists($curcounter{$cursubnet})) {
1017+ $idx = ++$curcounter{$cursubnet}->{'group'};
1018+ } else {
1019+ $idx = ++$curcounter{''}->{'group'};
1020+ }
1021+
1022+ add_dn_to_stack ("cn=group".$idx);
1023+ $curentry{'type'} = 'group';
1024+ $curentry{'idx'} = $idx;
1025+}
1026+
1027+
1028+sub parse_pool
1029+{
1030+ local ($descr, $tmp);
1031+
1032+ print_entry () if %curentry;
1033+
1034+ $tmp = next_token (0);
1035+ parse_error () if !defined ($tmp);
1036+ parse_error () if !($tmp eq '{');
1037+
1038+ my $idx;
1039+ if(exists($curcounter{$cursubnet})) {
1040+ $idx = ++$curcounter{$cursubnet}->{'pool'};
1041+ } else {
1042+ $idx = ++$curcounter{''}->{'pool'};
1043+ }
1044+
1045+ add_dn_to_stack ("cn=pool".$idx);
1046+ $curentry{'type'} = 'pool';
1047+ $curentry{'idx'} = $idx;
1048+}
1049+
1050+
1051+sub parse_class
1052+{
1053+ local ($descr, $tmp);
1054+
1055+ print_entry () if %curentry;
1056+
1057+ $class = next_token (0);
1058+ parse_error () if !defined ($class);
1059+
1060+ $tmp = next_token (0);
1061+ parse_error () if !defined ($tmp);
1062+ parse_error () if !($tmp eq '{');
1063+
1064+ $class =~ s/\"//g;
1065+ add_dn_to_stack ("cn=$class");
1066+ $curentry{'type'} = 'class';
1067+ $curentry{'class'} = $class;
1068+}
1069+
1070+
1071+sub parse_subclass
1072+{
1073+ local ($descr, $tmp);
1074+
1075+ print_entry () if %curentry;
1076+
1077+ $class = next_token (0);
1078+ parse_error () if !defined ($class);
1079+
1080+ $subclass = next_token (0);
1081+ parse_error () if !defined ($subclass);
1082+
1083+ $tmp = next_token (0);
1084+ parse_error () if !defined ($tmp);
1085+ parse_error () if !($tmp eq '{');
1086+
1087+ add_dn_to_stack ("cn=$subclass");
1088+ $curentry{'type'} = 'subclass';
1089+ $curentry{'class'} = $class;
1090+ $curentry{'subclass'} = $subclass;
1091+}
1092+
1093+
1094+sub parse_hwaddress
1095+{
1096+ local ($type, $hw, $tmp);
1097+
1098+ $type = next_token (1);
1099+ parse_error () if !defined ($type);
1100+
1101+ $hw = next_token (1);
1102+ parse_error () if !defined ($hw);
1103+ $hw =~ s/;$//;
1104+
1105+ $curentry{'hwaddress'} = "$type $hw";
1106+}
1107+
1108+
1109+sub parse_range
1110+{
1111+ local ($tmp, $str);
1112+
1113+ $str = remaining_line ();
1114+
1115+ if (!($str eq ''))
1116+ {
1117+ $str =~ s/;$//;
1118+ $curentry{'range'} = $str;
1119+ }
1120+}
1121+
1122+
1123+sub parse_statement
1124+{
1125+ local ($token) = shift;
1126+ local ($str);
1127+
1128+ if ($token eq 'option')
1129+ {
1130+ $str = remaining_line ();
1131+ push (@{$curentry{'options'}}, $str);
1132+ }
1133+ elsif($token eq 'failover')
1134+ {
1135+ $str = $token. " " . remaining_line ();
1136+ if($str =~ /{/) {
1137+ while($str !~ /}$/) {
1138+ $str .= ' ' . next_token (0);
1139+ }
1140+ } # else pool reference to failover config
1141+ push (@{$curentry{'statements'}}, $str);
1142+ }
1143+ elsif($token eq 'zone')
1144+ {
1145+ $str = $token;
1146+ while($str !~ /}$/) {
1147+ $str .= ' ' . next_token (0);
1148+ }
1149+ push (@{$curentry{'statements'}}, $str);
1150+ }
1151+ elsif($token =~ /^(authoritative)[;]*$/)
1152+ {
1153+ push (@{$curentry{'statements'}}, $1);
1154+ }
1155+ else
1156+ {
1157+ $str = $token . " " . remaining_line ();
1158+ push (@{$curentry{'statements'}}, $str);
1159+ }
1160+}
1161+
1162+
1163+my $ok = GetOptions(
1164+ 'basedn=s' => \$basedn,
1165+ 'server=s' => \$server,
1166+ 'dhcpdn=s' => \$dhcpdn,
1167+ 'h|help|usage' => sub { usage(0); },
1168+);
1169+
1170+$server =~ s/\..*//g; # strip domain
1171+unless($server =~ /^\w+/)
1172+ {
1173+ usage(1, "invalid server name '$server'");
1174+ }
1175+unless($basedn =~ /^\w+=[^,]+/)
1176+ {
1177+ usage(1, "invalid base dn '$basedn'");
1178+ }
1179+
1180+if($dhcpdn =~ /^cn=([^,]+)/i)
1181+ {
1182+ $dhcpcn = "$1";
1183+ }
1184+
1185+usage(1) unless($ok);
1186+
1187+print STDERR "Creating LDAP Configuration with the following options:\n";
1188+print STDERR "\tBase DN: $basedn\n";
1189+print STDERR "\tServer DN: $server, $basedn\n";
1190+print STDERR "\tDHCP DN: $dhcpdn\n";
1191+
1192+my $token;
1193+my $token_number = 0;
1194+my $line_number = 0;
1195+my %curentry;
1196+my $cursubnet = '';
1197+my %curcounter = ( '' => { pool => 0, group => 0 } );
1198+
1199+$current_dn = "$dhcpdn";
1200+$curentry{'descr'} = $dhcpcn;
1201+$line = '';
1202+
1203+while (($token = next_token (1)))
1204+ {
1205+ if ($token eq '}')
1206+ {
1207+ print_entry () if %curentry;
1208+ if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
1209+ # don't go below dhcpdn ...
1210+ remove_dn_from_stack ();
1211+ }
1212+ }
1213+ elsif ($token eq 'subnet')
1214+ {
1215+ parse_subnet ();
1216+ next;
1217+ }
1218+ elsif ($token eq 'shared-network')
1219+ {
1220+ parse_shared_network ();
1221+ next;
1222+ }
1223+ elsif ($token eq 'class')
1224+ {
1225+ parse_class ();
1226+ next;
1227+ }
1228+ elsif ($token eq 'subclass')
1229+ {
1230+ parse_subclass ();
1231+ next;
1232+ }
1233+ elsif ($token eq 'pool')
1234+ {
1235+ parse_pool ();
1236+ next;
1237+ }
1238+ elsif ($token eq 'group')
1239+ {
1240+ parse_group ();
1241+ next;
1242+ }
1243+ elsif ($token eq 'host')
1244+ {
1245+ parse_host ();
1246+ next;
1247+ }
1248+ elsif ($token eq 'hardware')
1249+ {
1250+ parse_hwaddress ();
1251+ next;
1252+ }
1253+ elsif ($token eq 'range')
1254+ {
1255+ parse_range ();
1256+ next;
1257+ }
1258+ else
1259+ {
1260+ parse_statement ($token);
1261+ next;
1262+ }
1263+ }
1264+
1265+print STDERR "Done.\n";
1266+
1267diff -Pru dhcp-3.0.1rc13/debian/changelog dhcp-3.0.1rc13-ldap/debian/changelog
1268--- dhcp-3.0.1rc13/debian/changelog 1969-12-31 19:00:00.000000000 -0500
1269+++ dhcp-3.0.1rc13-ldap/debian/changelog 2004-03-23 13:49:03.000000000 -0500
1270@@ -0,0 +1,13 @@
1271+dhcp3-ldap-ntelos (3.0.1rc12-1) unstable; urgency=low
1272+
1273+ * Updated patch to work against ISC DHCPD 3.0.1rc12
1274+
1275+ -- Brian Masney <masneyb@gftp.org> Mon, 08 Sep 2003 16:34:00 -0400
1276+
1277+dhcp3-ldap-ntelos (3.0.1rc11-2) unstable; urgency=low
1278+
1279+ * Added these Debian files. They are mostly from the existing dhcp3-server
1280+ package in Debian.
1281+
1282+ -- Brian Masney <masneyb@gftp.org> Mon, 04 Aug 2003 13:34:00 -0400
1283+
1284diff -Pru dhcp-3.0.1rc13/debian/control dhcp-3.0.1rc13-ldap/debian/control
1285--- dhcp-3.0.1rc13/debian/control 1969-12-31 19:00:00.000000000 -0500
1286+++ dhcp-3.0.1rc13-ldap/debian/control 2004-03-23 13:49:03.000000000 -0500
1287@@ -0,0 +1,12 @@
1288+Source: dhcp3-ldap-ntelos
1289+Section: net
1290+Priority: optional
1291+Maintainer: Brian Masney <masneyb@gftp.org>
1292+Build-Depends: debhelper (>= 2.1.18), dpkg-dev (>= 1.7.0), groff
1293+Standards-Version: 2.4.0.0
1294+
1295+Package: dhcp3-ldap-ntelos
1296+Architecture: any
1297+Depends: debconf, debianutils (>= 1.7), dhcp3-server (>= 3.0+3.0.1rc11)
1298+Conflicts: dhcp
1299+Description: This is the DHCP server with LDAP patches applied to it
1300diff -Pru dhcp-3.0.1rc13/debian/copyright dhcp-3.0.1rc13-ldap/debian/copyright
1301--- dhcp-3.0.1rc13/debian/copyright 1969-12-31 19:00:00.000000000 -0500
1302+++ dhcp-3.0.1rc13-ldap/debian/copyright 2004-03-23 13:49:03.000000000 -0500
1303@@ -0,0 +1,30 @@
1304+/*
1305+ * Copyright (c) 1996, 1997 The Internet Software Consortium.
1306+ * All rights reserved.
1307+ *
1308+ * Redistribution and use in source and binary forms, with or without
1309+ * modification, are permitted provided that the following conditions
1310+ * are met:
1311+ *
1312+ * 1. Redistributions of source code must retain the above copyright
1313+ * notice, this list of conditions and the following disclaimer.
1314+ * 2. Redistributions in binary form must reproduce the above copyright
1315+ * notice, this list of conditions and the following disclaimer in the
1316+ * documentation and/or other materials provided with the distribution.
1317+ * 3. Neither the name of The Internet Software Consortium nor the names of its
1318+ * contributors may be used to endorse or promote products derived
1319+ * from this software without specific prior written permission.
1320+ *
1321+ * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
1322+ * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
1323+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
1324+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1325+ * THE INTERNET SOFTWARE CONSORTIUM OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
1326+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1327+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1328+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1329+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1330+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1331+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1332+ * OF THE POSSIBILITY OF SUCH DAMAGE.
1333+ */
1334diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/control dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/control
1335--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/control 1969-12-31 19:00:00.000000000 -0500
1336+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/control 2004-03-23 13:49:03.000000000 -0500
1337@@ -0,0 +1,10 @@
1338+Package: dhcp3-ldap-ntelos
1339+Version: 3.0.1rc11
1340+Section: net
1341+Priority: optional
1342+Architecture: i386
1343+Depends: debconf, debianutils (>= 1.7), dhcp3-server (>= 3.0+3.0.1rc11)
1344+Conflicts: dhcp
1345+Installed-Size: 574
1346+Maintainer: Brian Masney <masneyb@gftp.org>
1347+Description: This is the DHCP server with LDAP patches applied to it
1348diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/md5sums dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/md5sums
1349--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/md5sums 1969-12-31 19:00:00.000000000 -0500
1350+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/md5sums 2004-03-23 13:49:03.000000000 -0500
1351@@ -0,0 +1 @@
1352+0ef155277bc291c96e96d3760f7544a1 usr/sbin/dhcpd3
1353diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/postinst dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/postinst
1354--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/postinst 1969-12-31 19:00:00.000000000 -0500
1355+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/postinst 2004-03-23 13:49:03.000000000 -0500
1356@@ -0,0 +1,13 @@
1357+#!/bin/sh
1358+
1359+set -e
1360+
1361+# Removes the left over diversions of the old package
1362+
1363+if [ "$1" = remove -o "$1" = upgrade ]; then
1364+ for v in `list_versions`; do
1365+ dpkg-divert --package dhcp3-ldap-ntelos --remove \
1366+ --rename --divert /usr/sbin/dhcpd3-noldap \
1367+ /usr/sbin/dhcpd3
1368+ done
1369+fi
1370diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/postrm dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/postrm
1371--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/postrm 1969-12-31 19:00:00.000000000 -0500
1372+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/postrm 2004-03-23 13:49:03.000000000 -0500
1373@@ -0,0 +1,8 @@
1374+#!/bin/sh
1375+
1376+set -e
1377+
1378+if [ "$1" = remove ]; then
1379+ dpkg-divert --package dhcp3-ldap-ntelos --remove --rename \
1380+ --divert /usr/sbin/dhcpd3-noldap /usr/sbin/dhcpd3
1381+fi
1382diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/preinst dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/preinst
1383--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos/DEBIAN/preinst 1969-12-31 19:00:00.000000000 -0500
1384+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos/DEBIAN/preinst 2004-03-23 13:49:03.000000000 -0500
1385@@ -0,0 +1,14 @@
1386+#!/bin/sh
1387+
1388+set -e
1389+
1390+if [ "$1" = install -o "$1" = upgrade ]; then
1391+ if dpkg-divert --list /usr/sbin/dhcpd3 \
1392+ | grep -q "by dhcp3-ldap-ntelos";
1393+ then
1394+ exit 0
1395+ fi
1396+
1397+ dpkg-divert --package dhcp3-ldap-ntelos --add --rename \
1398+ --divert /usr/sbin/dhcpd3-noldap /usr/sbin/dhcpd3
1399+fi
1400diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.files dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.files
1401--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.files 1969-12-31 19:00:00.000000000 -0500
1402+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.files 2004-03-23 13:49:03.000000000 -0500
1403@@ -0,0 +1 @@
1404+usr/sbin/dhcpd3
1405diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.postinst dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.postinst
1406--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.postinst 1969-12-31 19:00:00.000000000 -0500
1407+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.postinst 2004-03-23 13:49:03.000000000 -0500
1408@@ -0,0 +1,13 @@
1409+#!/bin/sh
1410+
1411+set -e
1412+
1413+# Removes the left over diversions of the old package
1414+
1415+if [ "$1" = remove -o "$1" = upgrade ]; then
1416+ for v in `list_versions`; do
1417+ dpkg-divert --package dhcp3-ldap-ntelos --remove \
1418+ --rename --divert /usr/sbin/dhcpd3-noldap \
1419+ /usr/sbin/dhcpd3
1420+ done
1421+fi
1422diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.postrm dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.postrm
1423--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.postrm 1969-12-31 19:00:00.000000000 -0500
1424+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.postrm 2004-03-23 13:49:03.000000000 -0500
1425@@ -0,0 +1,8 @@
1426+#!/bin/sh
1427+
1428+set -e
1429+
1430+if [ "$1" = remove ]; then
1431+ dpkg-divert --package dhcp3-ldap-ntelos --remove --rename \
1432+ --divert /usr/sbin/dhcpd3-noldap /usr/sbin/dhcpd3
1433+fi
1434diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.preinst dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.preinst
1435--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.preinst 1969-12-31 19:00:00.000000000 -0500
1436+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.preinst 2004-03-23 13:49:03.000000000 -0500
1437@@ -0,0 +1,14 @@
1438+#!/bin/sh
1439+
1440+set -e
1441+
1442+if [ "$1" = install -o "$1" = upgrade ]; then
1443+ if dpkg-divert --list /usr/sbin/dhcpd3 \
1444+ | grep -q "by dhcp3-ldap-ntelos";
1445+ then
1446+ exit 0
1447+ fi
1448+
1449+ dpkg-divert --package dhcp3-ldap-ntelos --add --rename \
1450+ --divert /usr/sbin/dhcpd3-noldap /usr/sbin/dhcpd3
1451+fi
1452diff -Pru dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.substvars dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.substvars
1453--- dhcp-3.0.1rc13/debian/dhcp3-ldap-ntelos.substvars 1969-12-31 19:00:00.000000000 -0500
1454+++ dhcp-3.0.1rc13-ldap/debian/dhcp3-ldap-ntelos.substvars 2004-03-23 13:49:03.000000000 -0500
1455@@ -0,0 +1 @@
1456+shlibs:Depends=libc6 (>= 2.3.1-1), libldap2 (>= 2.1.17-1)
1457diff -Pru dhcp-3.0.1rc13/debian/dirs dhcp-3.0.1rc13-ldap/debian/dirs
1458--- dhcp-3.0.1rc13/debian/dirs 1969-12-31 19:00:00.000000000 -0500
1459+++ dhcp-3.0.1rc13-ldap/debian/dirs 2004-03-23 13:49:03.000000000 -0500
1460@@ -0,0 +1 @@
1461+usr/sbin
1462diff -Pru dhcp-3.0.1rc13/debian/files dhcp-3.0.1rc13-ldap/debian/files
1463--- dhcp-3.0.1rc13/debian/files 1969-12-31 19:00:00.000000000 -0500
1464+++ dhcp-3.0.1rc13-ldap/debian/files 2004-03-23 13:49:03.000000000 -0500
1465@@ -0,0 +1 @@
1466+dhcp3-ldap-ntelos_3.0.1rc11_i386.deb net optional
1467diff -Pru dhcp-3.0.1rc13/debian/rules dhcp-3.0.1rc13-ldap/debian/rules
1468--- dhcp-3.0.1rc13/debian/rules 1969-12-31 19:00:00.000000000 -0500
1469+++ dhcp-3.0.1rc13-ldap/debian/rules 2004-03-23 13:49:03.000000000 -0500
1470@@ -0,0 +1,89 @@
1471+#!/usr/bin/make -f
1472+# Made with the iad of dh_make, by Craig Small
1473+# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess.
1474+# Also some stuff taken from debmake scripts, by Cristopt Lameter.
1475+
1476+# Uncomment this to turn on verbose mode.
1477+#export DH_VERBOSE=1
1478+
1479+export DH_COMPAT=3
1480+
1481+DESTDIR = `pwd`/debian/tmp
1482+
1483+IVARS = DESTDIR=$(DESTDIR)
1484+
1485+BVARS = PREDEFINES='-D_PATH_DHCPD_DB=\"/var/lib/dhcp3/dhcpd.leases\" \
1486+ -D_PATH_DHCLIENT_DB=\"/var/lib/dhcp3/dhclient.leases\" \
1487+ -D_PATH_DHCLIENT_SCRIPT=\"/etc/dhcp3/dhclient-script\" \
1488+ -D_PATH_DHCPD_CONF=\"/etc/dhcp3/dhcpd.conf\" \
1489+ -D_PATH_DHCLIENT_CONF=\"/etc/dhcp3/dhclient.conf\"'
1490+
1491+build: build-stamp
1492+build-stamp:
1493+ dh_testdir
1494+
1495+ ./configure
1496+ cat work.linux-2.2/server/Makefile | sed s/^LIBS\ =/LIBS\ =\ \-lldap/ > work.linux-2.2/server/Makefile.new
1497+ mv work.linux-2.2/server/Makefile.new work.linux-2.2/server/Makefile
1498+ $(MAKE) $(BVARS)
1499+
1500+ touch build-stamp
1501+
1502+clean:
1503+ dh_testdir
1504+ rm -f build-stamp install-stamp
1505+
1506+ # Add here commands to clean up after the build process.
1507+ -$(MAKE) distclean
1508+
1509+ # Remove leftover junk...
1510+ rm -Rf work.linux-2.2/
1511+
1512+ dh_clean
1513+
1514+install: install-stamp
1515+install-stamp: build-stamp
1516+ dh_testdir
1517+ dh_testroot
1518+ dh_clean -k
1519+ dh_installdirs
1520+
1521+ # Add here commands to install the package into debian/tmp.
1522+ $(MAKE) install $(IVARS)
1523+
1524+ mv $(DESTDIR)/usr/sbin/dhcpd $(DESTDIR)/usr/sbin/dhcpd3
1525+
1526+ dh_movefiles
1527+
1528+ # Remove unwanted directories that dh_movefiles leaves around
1529+ rmdir $(DESTDIR)/etc
1530+ rm -Rf $(DESTDIR)/sbin/
1531+ rm -Rf $(DESTDIR)/usr/bin/
1532+ rm -Rf $(DESTDIR)/usr/include/
1533+ rm -Rf $(DESTDIR)/usr/lib/
1534+ rm -Rf $(DESTDIR)/usr/local/
1535+ rm -Rf $(DESTDIR)/usr/man/
1536+ rm -Rf $(DESTDIR)/var/
1537+ rm -f $(DESTDIR)/usr/sbin/dhcrelay
1538+
1539+ touch install-stamp
1540+
1541+# Build architecture-dependent files here (this package does not contain
1542+# architecture-independent files).
1543+binary-arch: build install
1544+ dh_testdir -a
1545+ dh_testroot -a
1546+ dh_strip -a
1547+ dh_compress -a
1548+ dh_fixperms -a
1549+ dh_installdeb -a
1550+ dh_shlibdeps -a
1551+ dh_gencontrol -a
1552+ dh_md5sums -a
1553+ dh_builddeb -a
1554+
1555+source diff:
1556+ @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false
1557+
1558+binary: binary-arch
1559+.PHONY: build clean binary-indep binary-arch binary
1560diff -Pru dhcp-3.0.1rc13/doc/draft-ietf-dhc-ldap-schema-01.txt dhcp-3.0.1rc13-ldap/doc/draft-ietf-dhc-ldap-schema-01.txt
1561--- dhcp-3.0.1rc13/doc/draft-ietf-dhc-ldap-schema-01.txt 1969-12-31 19:00:00.000000000 -0500
1562+++ dhcp-3.0.1rc13-ldap/doc/draft-ietf-dhc-ldap-schema-01.txt 2004-03-23 13:49:03.000000000 -0500
1563@@ -0,0 +1,1089 @@
1564+
1565+
1566+
1567+
1568+
1569+Network Working Group M. Meredith,
1570+Internet Draft V. Nanjundaswamy,
1571+Document: <draft-ietf-dhc-ldap-schema-00.txt> M. Hinckley
1572+Category: Proposed Standard Novell Inc.
1573+Expires: 15th December 2001 16th June 2001
1574+
1575+
1576+ LDAP Schema for DHCP
1577+
1578+Status of this Memo
1579+
1580+This document is an Internet-Draft and is in full conformance with all
1581+provisions of Section 10 of RFC2026 [ ].
1582+
1583+Internet-Drafts are working documents of the Internet Engineering Task
1584+Force (IETF), its areas, and its working groups. Note that other groups
1585+may also distribute working documents as Internet-Drafts. Internet-
1586+Drafts are draft documents valid for a maximum of six months and may be
1587+updated, replaced, or obsolete by other documents at any time. It is
1588+inappropriate to use Internet-Drafts as reference material or to cite
1589+them other than as "work in progress." The list of current Internet-
1590+Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The
1591+list of Internet-Draft Shadow Directories can be accessed at
1592+http://www.ietf.org/shadow.html.
1593+
1594+1. Abstract
1595+
1596+This document defines a schema for representing DHCP configuration in an
1597+LDAP directory. It can be used to represent the DHCP Service
1598+configuration(s) for an entire enterprise network, a subset of the
1599+network, or even a single server. Representing DHCP configuration in an
1600+LDAP directory enables centralized management of DHCP services offered
1601+by one or more DHCP Servers within the enterprise.
1602+
1603+2. Conventions used in this document
1604+
1605+The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
1606+"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
1607+document are to be interpreted as described in RFC-2119 [ ].
1608+
1609+In places where different sets of terminology are commonly used to
1610+represent similar DHCP concepts, this schema uses the terminology of the
1611+Internet Software Consortium's DHCP server reference implementation.
1612+For more information see www.isc.org.
1613+
1614+3. Design Considerations
1615+
1616+The DHCP LDAP schema is designed to be a simple multi-server schema. The
1617+
1618+
1619+
1620+M. Meredith et al. Expires December 2001 [Page 1]
1621+
1622+
1623+
1624+
1625+
1626+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1627+
1628+
1629+intent of this schema is to provide a basic framework for representing
1630+the most common elements used in the configuration of DHCP Server. This
1631+should allow other network services to obtain and use basic DHCP
1632+configuration information in a server-independent but knowledgeable way.
1633+
1634+It is expected that some implementations may need to extend the schema
1635+objects, in order to implement all of their features or needs. It is
1636+recommended that you use the schema defined in this draft to represent
1637+DHCP configuration information in an LDAP directory. Conforming to a
1638+standard schema improves interoperability between DHCP implementations
1639+from different vendors.
1640+
1641+Some implementations may choose not to support all of the objects
1642+defined here.
1643+
1644+Two decisions are explicitly left up to each implementation:
1645+
1646+First, implementations may choose not to store the lease information in
1647+the directory, so those objects would not be used.
1648+
1649+Second, implementations may choose not to implement the auditing
1650+information.
1651+
1652+It is up to the implementation to determine if the data in the directory
1653+is considered "authoritative", or if it is simply a copy of data from an
1654+authoritative source. Validity of the information if used as a copy is
1655+to be ensured by the implementation.
1656+
1657+Primarily two types of applications will use the information in this
1658+schema: 1. DHCP servers (for loading their configuration) 2. Management
1659+Interfaces (for defining/editing configurations).
1660+
1661+The schema should be efficient for the needs of both types of
1662+applications. The schema is designed to allow objects managed by DHCP
1663+(such as computers, subnets, etc) to be present anywhere in a directory
1664+hierarchy (to allow those objects to be placed in the directory for
1665+managing administrative control and access to the objects).
1666+
1667+The schema uses a few naming conventions - all object classes and
1668+attributes are prefixed with "dhcp" to decrease the chance that object
1669+classes and attributes will have the same name. The schema also uses
1670+standard naming attributes ("cn", "ou", etc) for all objects.
1671+
1672+4. Common DHCP Configuration Attributes
1673+
1674+Although DHCP manages several different types of objects, the
1675+configuration of those objects is often similar. Consequently, most of
1676+these objects have a common set of attributes, which are defined below.
1677+
1678+
1679+
1680+M. Meredith et al. Expires December 2001 [Page 2]
1681+
1682+
1683+
1684+
1685+
1686+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1687+
1688+
1689+4.1. Attributes Definitions
1690+
1691+The schema definitions listed below are for readability. The LDIF
1692+layout for this schema will follow in section 8.
1693+
1694+Name: dhcpPrimaryDN Description: The Distinguished Name of the
1695+dhcpServer object, which is the primary server for the configuration.
1696+Syntax: DN Flags: SINGLE-VALUE
1697+
1698+Named: dhcpSecondaryDN Description: The Distinguished Name(s) of the
1699+dhcpServer object(s), which are secondary servers for the configuration.
1700+Syntax: DN
1701+
1702+Name: dhcpStatements Description: Flexible storage for representing any
1703+specific data depending on the object to which it is attached. Examples
1704+include conditional statements, Server parameters, etc. This also
1705+serves as a 'catch-all' attribute that allows the standard to evolve
1706+without needing to update the schema. Syntax: IA5String
1707+
1708+Name: dhcpRange Description: The starting and ending IP Addresses in the
1709+range (inclusive), separated by a hyphen; if the range only contains one
1710+address, then just the address can be specified with no hyphen. Each
1711+range is defined as a separate value. Syntax: IA5String
1712+
1713+Name: dhcpPermitList Description: This attribute contains the permit
1714+lists associated with a pool. Each permit list is defined as a separate
1715+value. Syntax: IA5String
1716+
1717+Name: dhcpNetMask Description: The subnet mask length for the subnet.
1718+The mask can be easily computed from this length. Syntax: Integer
1719+Flags: SINGLE-VALUE
1720+
1721+Name: dhcpOption Description: Encoded option values to be sent to
1722+clients. Each value represents a single option and contains (OptionTag,
1723+Length, OptionData) encoded in the format used by DHCP. For more
1724+information see [DHCPOPT]. Syntax: OctetString
1725+
1726+Name: dhcpClassData Description: Encoded text string or list of bytes
1727+expressed in hexadecimal, separated by colons. Clients match subclasses
1728+based on matching the class data with the results of a 'match' or 'spawn
1729+with' statement in the class name declarations. Syntax: IA5String
1730+Flags: SINGLE-VALUE
1731+
1732+Name: dhcpSubclassesDN Description: List of subclasses, these are the
1733+actual DN of each subclass object. Syntax: DN
1734+
1735+Name: dhcpClassesDN Description: List of classes, these are the actual
1736+DN of each class object. Syntax: DN
1737+
1738+
1739+
1740+M. Meredith et al. Expires December 2001 [Page 3]
1741+
1742+
1743+
1744+
1745+
1746+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1747+
1748+
1749+Name: dhcpSubnetDN Description: List of subnets, these are the actual DN
1750+of each subnet object. Syntax: DN
1751+
1752+Name: dhcpPoolDN Description: List of pools, these are the actual DN of
1753+each Pool object. Syntax: DN
1754+
1755+Name: dhcpOptionsDN Description: List of options, these are the actual
1756+DN of each Options object. Syntax: DN
1757+
1758+Name: dhcpHostDN Description: List of hosts, these are the actual DN of
1759+each host object. Syntax: DN
1760+
1761+Name: dhcpSharedNetworkDN Description: List of shared networks, these
1762+are the actual DN of each shared network object. Syntax: DN
1763+
1764+Name: dhcpGroupDN Description: List of groups, these are the actual DN
1765+of each Group object. Syntax: DN
1766+
1767+Name: dhcpLeaseDN Description: Single Lease DN. A dhcpHost configuration
1768+uses this attribute to identify a static IP address assignment. Syntax:
1769+DN Flags: SINGLE-VALUE
1770+
1771+Name: dhcpLeasesDN Description: List of leases, these are the actual DN
1772+of each lease object. Syntax: DN
1773+
1774+Name: dhcpServiceDN Description: The DN of dhcpService object(s)which
1775+contain the configuration information. Each dhcpServer object has this
1776+attribute identifying the DHCP configuration(s) that the server is
1777+associated with. Syntax: DN
1778+
1779+Name: dhcpHWAddress Description: The hardware address of the client
1780+associated with a lease Syntax: OctetString Flags: SINGLE-VALUE
1781+
1782+Name: dhcpVersion Description: This is the version identified for the
1783+object that this attribute is part of. In case of the dhcpServer object,
1784+this represents the DHCP software version. Syntax: IA5String Flags:
1785+SINGLE-VALUE
1786+
1787+Name: dhcpImplementation Description: DHCP Server implementation
1788+description e.g. DHCP Vendor information. Syntax: IA5String Flags:
1789+SINGLE-VALUE
1790+
1791+Name: dhcpHashBucketAssignment Description: HashBucketAssignment bit map
1792+for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC
1793+3074]. Syntax: Octet String Flags: SINGLE-VALUE
1794+
1795+Name: dhcpDelayedServiceParameter Description: Delay in seconds
1796+corresponding to Delayed Service Parameter configuration, as defined in
1797+
1798+
1799+
1800+M. Meredith et al. Expires December 2001 [Page 4]
1801+
1802+
1803+
1804+
1805+
1806+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1807+
1808+
1809+DHC Load Balancing Algorithm [RFC 3074]. Syntax: Integer Flags: SINGLE-
1810+VALUE
1811+
1812+Name: dhcpMaxClientLeadTime Description: Maximum Client Lead Time
1813+configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]
1814+Syntax: Integer Flags: SINGLE-VALUE
1815+
1816+Name: dhcpFailOverEndpointState Description: Server (Failover Endpoint)
1817+state, as defined in DHCP Failover Protocol [FAILOVR] Syntax: IA5String
1818+Flags: SINGLE-VALUE
1819+
1820+5. Configurations and Services
1821+
1822+The schema definitions below are for readability the LDIF layout for
1823+this schema will follow in section 8.
1824+
1825+The DHC working group is currently considering several proposals for
1826+fail-over and redundancy of DHCP servers. These may require sharing of
1827+configuration information between servers. This schema provides a
1828+generalized mechanism for supporting any of these proposals, by
1829+separating the definition of a server from the definition of
1830+configuration service provided by the server.
1831+
1832+Separating the DHCP Server (dhcpServer) and the DHCP Configuration
1833+(dhcpService) representations allows a configuration service to be
1834+provided by one or more servers. Similarly, a server may provide one or
1835+more configurations. The schema allows a server to be configured as
1836+either a primary or secondary provider of a DHCP configuration.
1837+
1838+Configurations are also defined so that one configuration can include
1839+some of the objects that are defined in another configuration. This
1840+allows for sharing and/or a hierarchy of related configuration items.
1841+
1842+Name: dhcpService Description: Service object that represents the
1843+actual DHCP Service configuration. This will be a container with the
1844+following attributes. Must: cn, dhcpPrimaryDN May: dhcpSecondaryDN,
1845+dhcpSharedNetworkDN, dhcpSubnetDN, dhcpGroupDN, dhcpHostDN,
1846+dhcpClassesDN, dhcpOptionsDN, dhcpStatements
1847+
1848+The following objects could exist inside the dhcpService container:
1849+dhcpSharedNetwork, dhcpSubnet, dhcpGroup, dhcpHost, dhcpClass,
1850+dhcpOptions, dhcpLog
1851+
1852+Name: dhcpServer Description: Server object that the DHCP server will
1853+login as. The configuration information is in the dhcpService container
1854+that the dhcpServiceDN points to. Must: cn, dhcpServiceDN May:
1855+dhcpVersion, dhcpImplementation, dhcpHashBucketAssignment,
1856+dhcpDelayedServiceParameter, dhcpMaxClientLeadTime,
1857+
1858+
1859+
1860+M. Meredith et al. Expires December 2001 [Page 5]
1861+
1862+
1863+
1864+
1865+
1866+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1867+dhcpFailOverEndpointState, dhcpStatements
1868+
1869+5.1. DHCP Declaration related classes:
1870+
1871+Name: dhcpSharedNetwork Description: Shared Network class will list what
1872+pools and subnets are in this network.
1873+
1874+This will be a container with the following attributes. Must: cn May:
1875+dhcpSubnetDN, dhcpPoolDN, dhcpOptionsDN, dhcpStatements
1876+
1877+The following objects can exist within a dhcpSharedNetwork container:
1878+dhcpSubnet, dhcpPool, dhcpOptions, dhcpLog
1879+
1880+Name: dhcpSubnet Description: Subnet object will include configuration
1881+information associated with a subnet, including a range and a net mask.
1882+
1883+This will be a container with the following attributes. Must: cn
1884+(Subnet address), dhcpNetMask May: dhcpRange, dhcpPoolDN, dhcpGroupDN,
1885+dhcpHostDN, dhcpClassesDN, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements
1886+
1887+The following objects can exist within a dhcpSubnet container: dhcpPool,
1888+dhcpGroup, dhcpHost, dhcpClass, dhcpOptions, dhcpLease, dhcpLog
1889+
1890+Name: dhcpGroup Description: Group object will have configuration
1891+information associated with a group.
1892+
1893+This will be a container with the following attributes. Must: cn May:
1894+dhcpHostDN, dhcpOptionsDN, dhcpStatements
1895+
1896+The following objects can exist within a dhcpGroup container: dhcpHost,
1897+dhcpOptions
1898+
1899+Name: dhcpHost Description: The host object includes DHCP host
1900+declarations to assign a static IP address or declare the client as
1901+known or specify statements for a specific client. Must: cn May:
1902+dhcpLeaseDN, dhcpHWAddress, dhcpOptionsDN, dhcpStatements
1903+
1904+The following objects can exist within a dhcpHost container: dhcpLease,
1905+dhcpOptions
1906+
1907+Name: dhcpOptions Description: The options class is for option space
1908+declarations, it contains a list of options. Must: cn, dhcpOption
1909+
1910+Name: dhcpClass Description: This is a class to group clients together
1911+based on matching rules.
1912+
1913+This will be a container with the following attributes. Must: cn May:
1914+dhcpSubClassesDN, dhcpOptionsDN, dhcpStatements
1915+
1916+The following object can exist within a dhcpClass container:
1917+dhcpSubclass, dhcpOptions
1918+
1919+
1920+
1921+M. Meredith et al. Expires December 2001 [Page 6]
1922+
1923+
1924+
1925+
1926+
1927+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1928+
1929+
1930+Name: dhcpSubClass Description: This includes configuration information
1931+for a subclass associated with a class. The dhcpSubClass object will
1932+always be contained within the corresponding class container object.
1933+Must: cn May: dhcpClassData, dhcpOptionsDN, dhcpStatements
1934+
1935+Name: dhcpPool Description: This contains configuration for a pool that
1936+will have the range of addresses, permit lists and point to classes and
1937+leases that are members of this pool.
1938+
1939+This will be a container that could be contained by dhcpSubnet or a
1940+dhcpSharedNetwork. Must: cn, dhcpRange May: dhcpClassesDN,
1941+dhcpPermitList, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements
1942+
1943+The following objects can exist within a dhcpPool container: dhcpClass,
1944+dhcpOptions, dhcpLease, dhcpLog
1945+
1946+6. Tracking Address Assignments
1947+
1948+The behavior of a DHCP server is influenced by two factors - it's
1949+configuration and the current state of the addresses that have been
1950+assigned to clients. This schema defines a set of objects for
1951+representing the DHCP configuration associated with a server. The
1952+following object classes provide the ability to record how addresses are
1953+used including maintaining history (audit log) on individual leases.
1954+Recording lease information in a directory could result in a significant
1955+performance impact and is therefore optional. Implementations supporting
1956+logging of leases need to consider the performance impact.
1957+
1958+6.1. dhcpLeases Attribute Definitions
1959+
1960+The schema definitions below are for readability the LDIF layout for
1961+this schema will follow in section 8.
1962+
1963+Name: dhcpAddressState Description: This stores information about the
1964+current binding-status of an address. For dynamic addresses managed by
1965+DHCP, the values should be restricted to the states defined in the DHCP
1966+Failover Protocol draft [FAILOVR]: 'FREE', 'ACTIVE', 'EXPIRED',
1967+'RELEASED', 'RESET', 'ABANDONED', 'BACKUP'. For more information on
1968+these states see [FAILOVR]. For other addresses, it SHOULD be one of
1969+the following: 'UNKNOWN', 'RESERVED' (an address that is managed by DHCP
1970+that is reserved for a specific client), 'RESERVED-ACTIVE' (same as
1971+reserved, but address is currently in use), 'ASSIGNED' (assigned
1972+manually or by some other mechanism), 'UNASSIGNED', 'NOTASSIGNABLE'.
1973+Syntax: IA5String Flags: SINGLE-VALUE
1974+
1975+Name: dhcpExpirationTime Description: This is the time the current lease
1976+for an address expires. Syntax: DateTime Flags: SINGLE-VALUE
1977+
1978+
1979+
1980+
1981+M. Meredith et al. Expires December 2001 [Page 7]
1982+
1983+
1984+
1985+
1986+
1987+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
1988+
1989+
1990+Name: dhcpStartTimeOfState Description: This is the time of the last
1991+state change for a leased address. Syntax: DateTime Flags: SINGLE-VALUE
1992+
1993+Name: dhcpLastTransactionTime Description: This is the last time a valid
1994+DHCP packet was received from the client. Syntax: DateTime Flags:
1995+SINGLE-VALUE
1996+
1997+Name: dhcpBootpFlag Description: This indicates whether the address was
1998+assigned via BOOTP Syntax: Boolean Flags: SINGLE-VALUE
1999+
2000+Name: dhcpDomainName Description: This is the name of the domain sent to
2001+the client by the server. It is essentially the same as the value for
2002+DHCP option 15 sent to the client, and represents only the domain - not
2003+the full FQDN. To obtain the full FQDN assigned to the client you must
2004+prepend the "dhcpAssignedHostName" to this value with a ".". Syntax:
2005+IA5String Flags: SINGLE-VALUE
2006+
2007+Name: dhcpDnsStatus Description: This indicates the status of updating
2008+DNS resource records on behalf of the client by the DHCP server for this
2009+address. The value is a 16-bit bitmask that has the same values as
2010+specified by the Failover-DDNS option (see [FAILOVR]). Syntax: Integer
2011+Flags: SINGLE-VALUE
2012+
2013+Name: dhcpRequestedHostName Description: This is the hostname that was
2014+requested by the client. Syntax: IA5String Flags: SINGLE-VALUE
2015+
2016+Name: dhcpAssignedHostName Description: This is the actual hostname that
2017+was assigned to a client. It may not be the name that was requested by
2018+the client. The fully qualified domain name can be determined by
2019+appending the value of "dhcpDomainName" (with a dot separator) to this
2020+name. Syntax: IA5String Flags: SINGLE-VALUE
2021+
2022+Name: dhcpReservedForClient Description: This is the distinguished name
2023+of the "dhcpHost" that an address is reserved for. This may not be the
2024+same as the "dhcpAssignedToClient" attribute if the address is being
2025+reassigned but the current lease has not yet expired. Syntax: DN Flags:
2026+SINGLE-VALUE
2027+
2028+Name: dhcpAssignedToClient Description: This is the distinguished name
2029+of a "dhcpHost" that an address is currently assigned to. This
2030+attribute is only present in the class when the address is leased.
2031+Syntax: DN Flags: SINGLE-VALUE
2032+
2033+Name: dhcpRelayAgentInfo Description: If the client request was received
2034+via a relay agent, this contains information about the relay agent that
2035+was available from the DHCP request. This is a hex-encoded option
2036+value. Syntax: OctetString Flags: SINGLE-VALUE
2037+
2038+Name: dhcpErrorLog Description: Generic error log attribute that allows
2039+logging error conditions within a dhcpService or a dhcpSubnet, like no IP
2040+addresses available for lease. Syntax: IA5String
2041+
2042+M. Meredith et al. Expires December 2001 [Page 8]
2043+
2044+
2045+
2046+
2047+
2048+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2049+
2050+
2051+6.2. dhcpLeases Object Class
2052+
2053+This class represents an IP address. It may or may not be leaseable,
2054+and the object may exist even though a lease is not currently active for
2055+the associated IP address.
2056+
2057+It is recommended that all Lease objects for a single DHCP Service be
2058+centrally located within a single container. This ensures that the lease
2059+objects and the corresponding logs do not have to be relocated, when
2060+address ranges allocated to individual DHCP subnets and/or pools change.
2061+
2062+The schema definitions below are for readability the LDIF layout for
2063+this schema will follow in section 8.
2064+
2065+Name: dhcpLeases Description: This is the object that holds state
2066+information about an IP address. The cn (which is the IP address), and
2067+the current address-state are mandatory attributes. If the address is
2068+assigned then, some of the optional attributes will have valid data.
2069+Must: cn, dhcpAddressState May: dhcpExpirationTime,
2070+dhcpStartTimeOfState, dhcpLastTransactionTime, dhcpBootpFlag,
2071+dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName,
2072+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient,
2073+dhcpRelayAgentInfo, dhcpHWAddress
2074+
2075+6.3 Audit Log Information
2076+
2077+A dhcpLog object is created whenever a lease is assigned or released.
2078+This object is intended to be created under the corresponding dhcpLeases
2079+container, or dhcpPool, dhcpSubnet, dhcpSharedNetwork or dhcpService
2080+containers.
2081+
2082+The log information under the dhcpLeases container would be for
2083+addresses matching that lease information. The log information in the
2084+other containers could be used for errors, i.e. when a pool or subnet is
2085+out our addresses or if a server is not able to assign any more
2086+addresses for a particular dhcpService.
2087+
2088+Name: dhcpLog Description: This is the object that holds past
2089+information about an IP address. The cn is the time/date stamp when the
2090+address was assigned or released, the address state at the time, if the
2091+address was assigned or released. Must: cn May: dhcpAddressState,
2092+dhcpExpirationTime, dhcpStartTimeOfState, dhcpLastTransactionTime,
2093+dhcpBootpFlag, dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName,
2094+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient,
2095+dhcpRelayAgentInfo, dhcpHWAddress, dhcpErrorLog
2096+
2097+
2098+
2099+
2100+
2101+
2102+M. Meredith et al. Expires December 2001 [Page 9]
2103+
2104+
2105+
2106+
2107+
2108+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2109+
2110+
2111+7. Determining settings
2112+
2113+The dhcpStatements attribute is the key to DHC enhancements that may
2114+come along, and the different key words that a particular server
2115+implementation may use. This attribute can be used to hold conditional
2116+DHCP Statements and DHCP server parameters. Having a generic settings
2117+attribute that is just a string, allows this schema to be extensible and
2118+easy to configure.
2119+
2120+All of the attributes that end with DN are references to the class that
2121+precedes the DN e.g. the dhcpPrimaryDN and dhcpSecondaryDN attributes
2122+hold the Distinguished Names of the dhcpServer objects that are
2123+associated with the dhcpService object.
2124+
2125+8. LDIF format for attributes and classes.
2126+
2127+# Attributes
2128+
2129+( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC
2130+'The DN of the dhcpServer which is the primary server for the
2131+configuration.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
2132+
2133+( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'The DN of
2134+dhcpServer(s) which provide backup service for the configuration.'
2135+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2136+
2137+( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Flexible
2138+storage for specific data depending on what object this exists in. Like
2139+conditional statements, server parameters, etc. This allows the standard
2140+to evolve without needing to adjust the schema.' SYNTAX
2141+1.3.6.1.4.1.1466.115.121.1.26 )
2142+
2143+( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The starting &
2144+ending IP Addresses in the range (inclusive), separated by a hyphen; if
2145+the range only contains one address, then just the address can be
2146+specified with no hyphen. Each range is defined as a separate value.'
2147+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
2148+
2149+( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'This attribute
2150+contains the permit lists associated with a pool. Each permit list is
2151+defined as a separate value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
2152+
2153+( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The subnet mask
2154+length for the subnet. The mask can be easily computed from this
2155+length.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2156+
2157+( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encoded option
2158+values to be sent to clients. Each value represents a single option and
2159+contains (OptionTag, Length, OptionValue) encoded in the format used by
2160+DHCP.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
2161+
2162+M. Meredith et al. Expires December 2001 [Page 10]
2163+
2164+
2165+
2166+
2167+
2168+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2169+
2170+
2171+( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Encoded text
2172+string or list of bytes expressed in hexadecimal, separated by colons.
2173+Clients match subclasses based on matching the class data with the
2174+results of match or spawn with statements in the class name
2175+declarations.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2176+
2177+( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The
2178+distinguished name(s) of the dhcpOption objects containing the
2179+configuration options provided by the server.' SYNTAX
2180+1.3.6.1.4.1.1466.115.121.1.12 )
2181+
2182+( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the distinguished
2183+name(s) of the dhcpHost objects.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2184+
2185+( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The distinguished
2186+name(s) of pools.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2187+
2188+( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The
2189+distinguished name(s) of the groups.' SYNTAX
2190+1.3.6.1.4.1.1466.115.121.1.12 )
2191+
2192+( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The
2193+distinguished name(s) of the subnets.' SYNTAX
2194+1.3.6.1.4.1.1466.115.121.1.12 )
2195+
2196+( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The
2197+distinguished name of a client address.' SYNTAX
2198+1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
2199+
2200+( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The
2201+distinguished name(s) client addresses.' SYNTAX
2202+1.3.6.1.4.1.1466.115.121.1.12 )
2203+
2204+( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'The
2205+distinguished name(s) of a class(es) in a subclass.' SYNTAX
2206+1.3.6.1.4.1.1466.115.121.1.12 )
2207+
2208+( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The
2209+distinguished name(s) of subclass(es).' SYNTAX
2210+1.3.6.1.4.1.1466.115.121.1.12 )
2211+
2212+( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DESC 'The
2213+distinguished name(s) of sharedNetworks.' SYNTAX
2214+1.3.6.1.4.1.1466.115.121.1.12 )
2215+
2216+( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'The DN of
2217+dhcpService object(s)which contain the configuration information. Each
2218+dhcpServer object has this attribute identifying the DHCP
2219+
2220+
2221+
2222+M. Meredith et al. Expires December 2001 [Page 11]
2223+
2224+
2225+
2226+
2227+
2228+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2229+
2230+
2231+configuration(s) that the server is associated with.' SYNTAX
2232+1.3.6.1.4.1.1466.115.121.1.12 )
2233+
2234+( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version
2235+attribute of this object.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
2236+VALUE )
2237+
2238+( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DESC
2239+'Description of the DHCP Server implementation e.g. DHCP Server's
2240+vendor.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2241+
2242+( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores
2243+information about the current binding-status of an address. For dynamic
2244+addresses managed by DHCP, the values should be restricted to the
2245+following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET",
2246+"ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the
2247+following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP
2248+that is reserved for a specific client), "RESERVED-ACTIVE" (same as
2249+reserved, but address is currently in use), "ASSIGNED" (assigned
2250+manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
2251+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2252+
2253+( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DESC 'This is
2254+the time the current lease for an address expires.' SYNTAX
2255+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
2256+
2257+( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' DESC 'This is
2258+the time of the last state change for a leased address.' SYNTAX
2259+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
2260+
2261+( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime' DESC 'This
2262+is the last time a valid DHCP packet was received from the client.'
2263+SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
2264+
2265+( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'This indicates
2266+whether the address was assigned via BOOTP.' SYNTAX
2267+1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
2268+
2269+( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'This is the
2270+name of the domain sent to the client by the server. It is essentially
2271+the same as the value for DHCP option 15 sent to the client, and
2272+represents only the domain - not the full FQDN. To obtain the full FQDN
2273+assigned to the client you must prepend the "dhcpAssignedHostName" to
2274+this value with a ".".' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
2275+VALUE )
2276+
2277+( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'This indicates
2278+the status of updating DNS resource records on behalf of the client by
2279+
2280+
2281+
2282+M. Meredith et al. Expires December 2001 [Page 12]
2283+
2284+
2285+
2286+
2287+
2288+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2289+
2290+
2291+the DHCP server for this address. The value is a 16-bit bitmask.'
2292+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2293+
2294+( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This
2295+is the hostname that was requested by the client.' SYNTAX
2296+1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2297+
2298+( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' DESC 'This is
2299+the actual hostname that was assigned to a client. It may not be the
2300+name that was requested by the client. The fully qualified domain name
2301+can be determined by appending the value of "dhcpDomainName" (with a dot
2302+separator) to this name.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
2303+VALUE )
2304+
2305+( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The
2306+distinguished name of a "dhcpClient" that an address is reserved for.
2307+This may not be the same as the "dhcpAssignedToClient" attribute if the
2308+address is being reassigned but the current lease has not yet expired.'
2309+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
2310+
2311+( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' DESC 'This is
2312+the distinguished name of a "dhcpClient" that an address is currently
2313+assigned to. This attribute is only present in the class when the
2314+address is leased.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
2315+
2316+( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DESC 'If the
2317+client request was received via a relay agent, this contains information
2318+about the relay agent that was available from the DHCP request. This is
2319+a hex-encoded option value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
2320+SINGLE-VALUE )
2321+
2322+( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'The clients
2323+hardware address that requested this IP address.' SYNTAX
2324+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
2325+
2326+( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignment' DESC
2327+'HashBucketAssignment bit map for the DHCP Server, as defined in DHC
2328+Load Balancing Algorithm [RFC 3074].' SYNTAX
2329+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
2330+
2331+( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParameter' DESC
2332+'Delay in seconds corresponding to Delayed Service Parameter
2333+configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
2334+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2335+
2336+( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC
2337+'Maximum Client Lead Time configuration in seconds, as defined in DHCP
2338+Failover Protocol [FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
2339+
2340+
2341+
2342+M. Meredith et al. Expires December 2001 [Page 13]
2343+
2344+
2345+
2346+
2347+
2348+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2349+
2350+
2351+SINGLE-VALUE )
2352+
2353+( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointState' DESC
2354+'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol
2355+[FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2356+
2357+( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC
2358+Generic error log attribute that allows logging error conditions within a
2359+dhcpService or a dhcpSubnet, like no IP addresses available for lease.
2360+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2361+
2362+#Classes
2363+
2364+( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC ' Service object
2365+that represents the actual DHCP Service configuration. This is a
2366+container object.' SUP top MUST (cn $ dhcpPrimaryDN) MAY
2367+(dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $
2368+dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpStatements ) )
2369+
2370+( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DESC 'This stores
2371+configuration information for a shared network.' SUP top MUST cn MAY
2372+(dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) X-
2373+NDS_CONTAINMENT ('dhcpService' ) )
2374+
2375+( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'This class defines
2376+a subnet. This is a container object.' SUP top MUST ( cn $ dhcpNetMask )
2377+MAY (dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $
2378+dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
2379+('dhcpService' 'dhcpSharedNetwork') )
2380+
2381+( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This stores
2382+configuration information about a pool.' SUP top MUST ( cn $ dhcpRange )
2383+MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
2384+dhcpStatements) X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
2385+
2386+( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Group object that
2387+lists host DNs and parameters. This is a container object.' SUP top MUST
2388+cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONTAINMENT
2389+('dhcpSubnet' 'dhcpService' ) )
2390+
2391+( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This represents
2392+information about a particular client' SUP top MUST cn MAY (dhcpLeaseDN
2393+$ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
2394+('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
2395+
2396+( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Represents
2397+information about a collection of related clients.' SUP top MUST cn MAY
2398+(dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
2399+('dhcpService' 'dhcpSubnet' ) )
2400+
2401+( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'Represents
2402+information about a collection of related classes.' SUP top MUST cn MAY
2403+(dhcpClassData $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
2404+
2405+
2406+
2407+M. Meredith et al. Expires December 2001 [Page 14]
2408+
2409+
2410+
2411+
2412+
2413+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2414+
2415+
2416+'dhcpClass' )
2417+
2418+( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Represents
2419+information about a collection of options defined.' SUP top MUST cn MAY
2420+( dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork'
2421+'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' )
2422+
2423+( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'This class
2424+represents an IP Address, which may or may not have been leased.' SUP
2425+top MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $
2426+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $
2427+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $
2428+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $
2429+dhcpRelayAgentInfo $ dhcpHWAddress ) X-NDS_CONTAINMENT ( 'dhcpService'
2430+'dhcpSubnet' 'dhcpPool') )
2431+
2432+( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This is the object
2433+that holds past information about the IP address. The cn is the
2434+time/date stamp when the address was assigned or released, the address
2435+state at the time, if the address was assigned or released.' SUP top
2436+MUST ( cn ) MAY ( dhcpAddressState $ dhcpExpirationTime $
2437+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $
2438+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $
2439+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $
2440+dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) X-NDS_CONTAINMENT
2441+('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
2442+
2443+( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'DHCP Server
2444+Object' SUP top MUST (cn, dhcpServiceDN) MAY (dhcpVersion $
2445+dhcpImplementation $ dhcpHashBucketAssignment $
2446+dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $
2447+dhcpFailOverEndpointState $ dhcpStatements) X-NDS_CONTAINMENT ('O' 'OU'
2448+'dc') )
2449+
2450+9. Security Considerations
2451+
2452+Since the DHCP Configuration information is stored in a directory, the
2453+security of the information is limited to the security offered by the
2454+directory including the security of the objects within that directory.
2455+
2456+10. Intellectual Property Rights Notices
2457+
2458+The IETF takes no position regarding the validity or scope of any
2459+intellectual property or other rights that might be claimed to pertain
2460+to the implementation or use of the technology described in this
2461+document or the extent to which any license under such rights might or
2462+might not be available; neither does it represent that it has made any
2463+effort to identify any such rights. Information on the IETF's
2464+procedures with respect to rights in standards-track and standards-
2465+
2466+
2467+
2468+M. Meredith et al. Expires December 2001 [Page 15]
2469+
2470+
2471+
2472+
2473+
2474+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2475+
2476+
2477+related documentation can be found in BCP-11. Copies of claims of
2478+rights made available for publication and any assurances of licenses to
2479+be made available, or the result of an attempt made to obtain a general
2480+license or permission for the use of such proprietary rights by
2481+implementors or users of this specification can be obtained from the
2482+IETF Secretariat.
2483+
2484+The IETF invites any interested party to bring to its attention any
2485+copyrights, patents or patent applications, or other proprietary rights
2486+which may cover technology that may be required to practice this
2487+standard. Please address the information to the IETF Executive
2488+Director.
2489+
2490+11. Full Copyright Statement
2491+
2492+Copyright (C) The Internet Society (2001). All Rights Reserved.
2493+
2494+This document and translations of it may be copied and furnished to
2495+others, and derivative works that comment on or otherwise explain it or
2496+assist in its implementation may be prepared, copied, published and
2497+distributed, in whole or in part, without restriction of any kind,
2498+provided that the above copyright notice and this paragraph are included
2499+on all such copies and derivative works. However, this document itself
2500+may not be modified in any way, such as by removing the copyright notice
2501+or references to the Internet Society or other Internet organizations,
2502+except as needed for the purpose of developing Internet standards in
2503+which case the procedures for copyrights defined in the Internet
2504+Standards process must be followed, or as required to translate it into
2505+languages other than English.
2506+
2507+The limited permissions granted above are perpetual and will not be
2508+revoked by the Internet Society or its successors or assigns.
2509+
2510+This document and the information contained herein is provided on an "AS
2511+IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
2512+FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
2513+LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
2514+INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
2515+FITNESS FOR A PARTICULAR PURPOSE.
2516+
2517+12. References
2518+
2519+[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
2520+March 1997.
2521+
2522+[RFC2132] Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor
2523+Extensions", RFC 2132, March 1997.
2524+
2525+
2526+
2527+
2528+M. Meredith et al. Expires December 2001 [Page 16]
2529+
2530+
2531+
2532+
2533+
2534+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2535+
2536+
2537+[MSDHCP] Gu, Y., Vyaghrapuri, R., "An LDAP Schema for Dynamic Host
2538+Configuration Protocol Service", Internet Draft <draft-gu-dhcp-ldap-
2539+schema-00.txt>, August 1998.
2540+
2541+[NOVDHCP] Miller, T., Patel, A., Rao, P., "Lightweight Directory Access
2542+Protocol (v3): Schema for Dynamic Host Configuration Protocol (DHCP)",
2543+Internet Draft <draft-miller-dhcp-ldap-schema-00.txt>, June 1998.
2544+
2545+[FAILOVR] Droms, R., Rabil, G., Dooley, M., Kapur, A., Gonczi, S., Volz,
2546+B., "DHCP Failover Protocol", Internet Draft <draft-ietf-dhc-
2547+failover-08.txt>, July 2000.
2548+
2549+[RFC 3074] Volz B., Gonczi S., Lemon T., Stevens R., "DHC Load Balancing
2550+Algorithm", February 2001
2551+
2552+[AGENT] Patrick, M., "DHCP Relay Agent Information Option", Internet
2553+Draft <draft-ietf-dhc-agent-options-09.txt>, March 2000.
2554+
2555+[DHCPOPT] Carney, M., "New Option Review Guidelines and Additional
2556+Option Namespace", Internet Draft <draft-ietf-dhc-
2557+option_review_and_namespace-01.txt>, October 1999.
2558+
2559+[POLICY] Strassner, J., Elleson, E., Moore, B., "Policy Framework LDAP
2560+Core Schema", Internet Draft <draft-ietf-policy-core-schema-06.txt>,
2561+November 1999.
2562+
2563+[RFC2251] Wahl, M., Howes, T., Kille, S., "Lightweight Directory Access
2564+Protocol (v3)", RFC 2251, December 1997.
2565+
2566+[RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., "Lightweight
2567+Directory Access Protocol (v3) Attribute Syntax Definitions", RFC 2252,
2568+December 1997.
2569+
2570+[RFC2255] Howes, T., Smith, M., "The LDAP URL Format", RFC 2255,
2571+December 1997.
2572+
2573+[RFC951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC 951,
2574+September 1985.
2575+
2576+[RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement
2577+Levels", RFC 2119, March 1997.
2578+
2579+13. Acknowledgments
2580+
2581+This work is partially based on a previous draft draft-ietf-dhc-
2582+schema-02.doc.
2583+
2584+
2585+
2586+
2587+
2588+M. Meredith et al. Expires December 2001 [Page 17]
2589+
2590+
2591+
2592+
2593+
2594+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
2595+
2596+
2597+14. Author's Addresses
2598+
2599+Comments regarding this draft may be sent to the authors at the
2600+following address:
2601+
2602+Mark Meredith
2603+Mark Hinckley
2604+Novell Inc.
2605+1800 S. Novell Place
2606+Provo, Utah 84606
2607+
2608+Vijay K. Nanjundaswamy
2609+Novell Software Development (I) Ltd
2610+49/1 & 49/3, Garvebhavi Palya,
2611+7th Mile, Hosur Road
2612+Bangalore 560068
2613+
2614+email: mark_meredith@novell.com
2615+email: knvijay@novell.com
2616+email: mhinckley@novell.com
2617+
2618+This Internet Draft expires December 16, 2001.
2619+
2620+
2621+
2622+
2623+
2624+
2625+
2626+
2627+
2628+
2629+
2630+
2631+
2632+
2633+
2634+
2635+
2636+
2637+
2638+
2639+
2640+
2641+
2642+
2643+
2644+
2645+
2646+
2647+
2648+M. Meredith et al. Expires December 2001 [Page 18]
2649+
2650+
2651+
2652+
2653diff -Pru dhcp-3.0.1rc13/includes/dhcpd.h dhcp-3.0.1rc13-ldap/includes/dhcpd.h
2654--- dhcp-3.0.1rc13/includes/dhcpd.h 2003-02-09 20:22:46.000000000 -0500
2655+++ dhcp-3.0.1rc13-ldap/includes/dhcpd.h 2004-03-23 13:49:03.000000000 -0500
2656@@ -88,6 +88,11 @@
2657 #include <isc-dhcp/result.h>
2658 #include <omapip/omapip_p.h>
2659
2660+#if defined(LDAP_CONFIGURATION)
2661+# include <ldap.h>
2662+# include <sys/utsname.h> /* for uname() */
2663+#endif
2664+
2665 #if !defined (OPTION_HASH_SIZE)
2666 # define OPTION_HASH_SIZE 17
2667 # define OPTION_HASH_PTWO 32 /* Next power of two above option hash. */
2668@@ -148,6 +153,8 @@
2669 char *inbuf;
2670 unsigned bufix, buflen;
2671 unsigned bufsiz;
2672+
2673+ char (*read_function) (struct parse *);
2674 };
2675
2676 /* Variable-length array of data. */
2677@@ -250,6 +257,26 @@
2678 u_int8_t hbuf [17];
2679 };
2680
2681+#if defined(LDAP_CONFIGURATION)
2682+# define LDAP_BUFFER_SIZE 8192
2683+# define LDAP_METHOD_STATIC 0
2684+# define LDAP_METHOD_DYNAMIC 1
2685+
2686+/* This is a tree of the current configuration we are building from LDAP */
2687+
2688+struct ldap_config_stack {
2689+ LDAPMessage * res; /* Pointer returned from ldap_search */
2690+ LDAPMessage * ldent; /* Current item in LDAP that we're processing
2691+ in res */
2692+ int close_brace; /* Put a closing } after we're through with
2693+ this item */
2694+ int processed; /* We set this flag if this base item has been
2695+ processed. After this base item is processed,
2696+ we can start processing the children */
2697+ struct ldap_config_stack *next;
2698+};
2699+#endif
2700+
2701 typedef enum {
2702 server_startup = 0,
2703 server_running = 1,
2704@@ -426,6 +453,16 @@
2705 # define DEFAULT_PING_TIMEOUT 1
2706 #endif
2707
2708+#if defined(LDAP_CONFIGURATION)
2709+# define SV_LDAP_SERVER 47
2710+# define SV_LDAP_PORT 48
2711+# define SV_LDAP_USERNAME 49
2712+# define SV_LDAP_PASSWORD 50
2713+# define SV_LDAP_BASE_DN 51
2714+# define SV_LDAP_METHOD 52
2715+# define SV_LDAP_DEBUG_FILE 53
2716+#endif
2717+
2718 #if !defined (DEFAULT_DEFAULT_LEASE_TIME)
2719 # define DEFAULT_DEFAULT_LEASE_TIME 43200
2720 #endif
2721@@ -1529,7 +1566,7 @@
2722 char *quotify_string (const char *, const char *, int);
2723 char *quotify_buf (const unsigned char *, unsigned, const char *, int);
2724 char *print_base64 (const unsigned char *, unsigned, const char *, int);
2725-char *print_hw_addr PROTO ((int, int, unsigned char *));
2726+char *print_hw_addr PROTO ((const int, const int, const unsigned char *));
2727 void print_lease PROTO ((struct lease *));
2728 void dump_raw PROTO ((const unsigned char *, unsigned));
2729 void dump_packet_option (struct option_cache *, struct packet *,
2730@@ -2631,3 +2668,14 @@
2731 #endif /* FAILOVER_PROTOCOL */
2732
2733 const char *binding_state_print (enum failover_state);
2734+
2735+/* ldap.c */
2736+#if defined(LDAP_CONFIGURATION)
2737+extern struct enumeration ldap_methods;
2738+isc_result_t ldap_read_config (void);
2739+int find_haddr_in_ldap (struct host_decl **, int, unsigned,
2740+ const unsigned char *, const char *, int);
2741+int find_subclass_in_ldap (struct class *, struct class **,
2742+ struct data_string *);
2743+#endif
2744+
2745diff -Pru dhcp-3.0.1rc13/includes/site.h dhcp-3.0.1rc13-ldap/includes/site.h
2746--- dhcp-3.0.1rc13/includes/site.h 2002-03-12 13:33:39.000000000 -0500
2747+++ dhcp-3.0.1rc13-ldap/includes/site.h 2004-03-23 13:49:03.000000000 -0500
2748@@ -177,3 +177,13 @@
2749 traces. */
2750
2751 #define TRACING
2752+
2753+/* Define this if you want to read your config from LDAP. Read README.ldap
2754+ about how to set this up */
2755+
2756+#define LDAP_CONFIGURATION
2757+
2758+/* Define this if you want to enable LDAP over a SSL connection. You will need
2759+ to add -lcrypto -lssl to the LIBS= line of server/Makefile */
2760+
2761+/* #define USE_SSL */
2762diff -Pru dhcp-3.0.1rc13/server/Makefile.dist dhcp-3.0.1rc13-ldap/server/Makefile.dist
2763--- dhcp-3.0.1rc13/server/Makefile.dist 2002-11-16 21:29:30.000000000 -0500
2764+++ dhcp-3.0.1rc13-ldap/server/Makefile.dist 2004-03-23 13:49:03.000000000 -0500
2765@@ -20,9 +20,9 @@
2766 CATMANPAGES = dhcpd.cat8 dhcpd.conf.cat5 dhcpd.leases.cat5
2767 SEDMANPAGES = dhcpd.man8 dhcpd.conf.man5 dhcpd.leases.man5
2768 SRCS = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
2769- omapi.c mdb.c stables.c salloc.c ddns.c
2770+ ldap.c omapi.c mdb.c stables.c salloc.c ddns.c
2771 OBJS = dhcpd.o dhcp.o bootp.o confpars.o db.o class.o failover.o \
2772- omapi.o mdb.o stables.o salloc.o ddns.o
2773+ ldap.o omapi.o mdb.o stables.o salloc.o ddns.o
2774 PROG = dhcpd
2775 MAN = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
2776
2777diff -Pru dhcp-3.0.1rc13/server/class.c dhcp-3.0.1rc13-ldap/server/class.c
2778--- dhcp-3.0.1rc13/server/class.c 2002-11-16 21:29:30.000000000 -0500
2779+++ dhcp-3.0.1rc13-ldap/server/class.c 2004-03-23 13:49:03.000000000 -0500
2780@@ -99,6 +99,7 @@
2781 int matched = 0;
2782 int status;
2783 int ignorep;
2784+ int classfound;
2785
2786 for (class = collection -> classes; class; class = class -> nic) {
2787 #if defined (DEBUG_CLASS_MATCHING)
2788@@ -144,9 +145,19 @@
2789 class -> submatch, MDL));
2790 if (status && data.len) {
2791 nc = (struct class *)0;
2792- if (class_hash_lookup (&nc, class -> hash,
2793- (const char *)data.data,
2794- data.len, MDL)) {
2795+ classfound = class_hash_lookup (&nc,
2796+ class -> hash,
2797+ (const char *)data.data,
2798+ data.len, MDL);
2799+
2800+#ifdef LDAP_CONFIGURATION
2801+ if (!classfound &&
2802+ find_subclass_in_ldap (class,
2803+ &nc, &data))
2804+ classfound = 1;
2805+#endif
2806+
2807+ if (classfound) {
2808 #if defined (DEBUG_CLASS_MATCHING)
2809 log_info ("matches subclass %s.",
2810 print_hex_1 (data.len,
2811diff -Pru dhcp-3.0.1rc13/server/confpars.c dhcp-3.0.1rc13-ldap/server/confpars.c
2812--- dhcp-3.0.1rc13/server/confpars.c 2003-05-18 19:36:41.000000000 -0400
2813+++ dhcp-3.0.1rc13-ldap/server/confpars.c 2004-03-23 13:49:03.000000000 -0500
2814@@ -71,7 +71,17 @@
2815
2816 isc_result_t readconf ()
2817 {
2818- return read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
2819+ isc_result_t res;
2820+
2821+ res = read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
2822+#if defined(LDAP_CONFIGURATION)
2823+ if (res != ISC_R_SUCCESS)
2824+ return (res);
2825+
2826+ return ldap_read_config ();
2827+#else
2828+ return (res);
2829+#endif
2830 }
2831
2832 isc_result_t read_conf_file (const char *filename, struct group *group,
2833diff -Pru dhcp-3.0.1rc13/server/dhcpd.c dhcp-3.0.1rc13-ldap/server/dhcpd.c
2834--- dhcp-3.0.1rc13/server/dhcpd.c 2003-01-14 18:15:24.000000000 -0500
2835+++ dhcp-3.0.1rc13-ldap/server/dhcpd.c 2004-03-23 13:49:03.000000000 -0500
2836@@ -443,6 +443,9 @@
2837 /* Add the ddns update style enumeration prior to parsing. */
2838 add_enumeration (&ddns_styles);
2839 add_enumeration (&syslog_enum);
2840+#if defined (LDAP_CONFIGURATION)
2841+ add_enumeration (&ldap_methods);
2842+#endif
2843
2844 if (!group_allocate (&root_group, MDL))
2845 log_fatal ("Can't allocate root group!");
2846diff -Pru dhcp-3.0.1rc13/server/ldap.c dhcp-3.0.1rc13-ldap/server/ldap.c
2847--- dhcp-3.0.1rc13/server/ldap.c 1969-12-31 19:00:00.000000000 -0500
2848+++ dhcp-3.0.1rc13-ldap/server/ldap.c 2004-03-30 13:38:39.000000000 -0500
2849@@ -0,0 +1,1146 @@
2850+/* ldap.c
2851+
2852+ Routines for reading the configuration from LDAP */
2853+
2854+/*
2855+ * Copyright (c) 2003 Ntelos, Inc.
2856+ * All rights reserved.
2857+ *
2858+ * Redistribution and use in source and binary forms, with or without
2859+ * modification, are permitted provided that the following conditions
2860+ * are met:
2861+ *
2862+ * 1. Redistributions of source code must retain the above copyright
2863+ * notice, this list of conditions and the following disclaimer.
2864+ * 2. Redistributions in binary form must reproduce the above copyright
2865+ * notice, this list of conditions and the following disclaimer in the
2866+ * documentation and/or other materials provided with the distribution.
2867+ * 3. Neither the name of The Internet Software Consortium nor the names
2868+ * of its contributors may be used to endorse or promote products derived
2869+ * from this software without specific prior written permission.
2870+ *
2871+ * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
2872+ * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
2873+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
2874+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
2875+ * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
2876+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
2877+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
2878+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
2879+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
2880+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
2881+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
2882+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2883+ * SUCH DAMAGE.
2884+ *
2885+ * This LDAP module was written by Brian Masney <masneyb@ntelos.net>. It's
2886+ * development was sponsored by Ntelos, Inc. (www.ntelos.com).
2887+ */
2888+
2889+#include "dhcpd.h"
2890+
2891+#if defined(LDAP_CONFIGURATION)
2892+
2893+static LDAP * ld = NULL;
2894+static char *ldap_server = NULL,
2895+ *ldap_username = NULL,
2896+ *ldap_password = NULL,
2897+ *ldap_base_dn = NULL,
2898+ *ldap_debug_file = NULL;
2899+static int ldap_port = 389,
2900+ ldap_method = LDAP_METHOD_DYNAMIC,
2901+ ldap_debug_fd = -1;
2902+static struct ldap_config_stack *ldap_stack = NULL;
2903+
2904+
2905+static void
2906+ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile)
2907+{
2908+ char **tempstr;
2909+
2910+ if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
2911+ tempstr[0] == NULL)
2912+ {
2913+ if (tempstr != NULL)
2914+ ldap_value_free (tempstr);
2915+
2916+ return;
2917+ }
2918+
2919+ strncat (cfile->inbuf, "class \"", LDAP_BUFFER_SIZE);
2920+ strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
2921+ strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
2922+
2923+ item->close_brace = 1;
2924+ ldap_value_free (tempstr);
2925+}
2926+
2927+
2928+static void
2929+ldap_parse_subclass (struct ldap_config_stack *item, struct parse *cfile)
2930+{
2931+ char **tempstr, **classdata;
2932+
2933+ if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
2934+ tempstr[0] == NULL)
2935+ {
2936+ if (tempstr != NULL)
2937+ ldap_value_free (tempstr);
2938+
2939+ return;
2940+ }
2941+
2942+
2943+ if ((classdata = ldap_get_values (ld, item->ldent,
2944+ "dhcpClassData")) == NULL ||
2945+ classdata[0] == NULL)
2946+ {
2947+ if (classdata != NULL)
2948+ ldap_value_free (classdata);
2949+ ldap_value_free (tempstr);
2950+
2951+ return;
2952+ }
2953+
2954+ strncat (cfile->inbuf, "subclass ", LDAP_BUFFER_SIZE);
2955+ strncat (cfile->inbuf, classdata[0], LDAP_BUFFER_SIZE);
2956+ strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
2957+ strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
2958+ strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
2959+
2960+ item->close_brace = 1;
2961+ ldap_value_free (tempstr);
2962+ ldap_value_free (classdata);
2963+}
2964+
2965+
2966+static void
2967+ldap_parse_host (struct ldap_config_stack *item, struct parse *cfile)
2968+{
2969+ char **tempstr, **hwaddr;
2970+
2971+
2972+ if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
2973+ tempstr[0] == NULL)
2974+ {
2975+ if (tempstr != NULL)
2976+ ldap_value_free (tempstr);
2977+
2978+ return;
2979+ }
2980+
2981+ if ((hwaddr = ldap_get_values (ld, item->ldent,
2982+ "dhcpHWAddress")) == NULL ||
2983+ hwaddr[0] == NULL)
2984+ {
2985+ if (hwaddr != NULL)
2986+ ldap_value_free (hwaddr);
2987+ ldap_value_free (tempstr);
2988+
2989+ return;
2990+ }
2991+
2992+ strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE);
2993+ strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
2994+ strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE);
2995+ strncat (cfile->inbuf, hwaddr[0], LDAP_BUFFER_SIZE);
2996+ strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
2997+
2998+ item->close_brace = 1;
2999+ ldap_value_free (tempstr);
3000+ ldap_value_free (hwaddr);
3001+}
3002+
3003+
3004+static void
3005+ldap_parse_shared_network (struct ldap_config_stack *item, struct parse *cfile)
3006+{
3007+ char **tempstr;
3008+
3009+
3010+ if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
3011+ tempstr[0] == NULL)
3012+ {
3013+ if (tempstr != NULL)
3014+ ldap_value_free (tempstr);
3015+
3016+ return;
3017+ }
3018+
3019+ strncat (cfile->inbuf, "shared-network ", LDAP_BUFFER_SIZE);
3020+ strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
3021+ strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
3022+
3023+ item->close_brace = 1;
3024+ ldap_value_free (tempstr);
3025+}
3026+
3027+
3028+static void
3029+parse_netmask (int netmask, char *netmaskbuf)
3030+{
3031+ unsigned long nm;
3032+ int i;
3033+
3034+ nm = 0;
3035+ for (i=1; i <= netmask; i++)
3036+ {
3037+ nm |= 1 << (32 - i);
3038+ }
3039+
3040+ sprintf (netmaskbuf, "%d.%d.%d.%d", (int) (nm >> 24) & 0xff,
3041+ (int) (nm >> 16) & 0xff,
3042+ (int) (nm >> 8) & 0xff,
3043+ (int) nm & 0xff);
3044+}
3045+
3046+static void
3047+ldap_parse_subnet (struct ldap_config_stack *item, struct parse *cfile)
3048+{
3049+ char **tempstr, **netmaskstr, netmaskbuf[16];
3050+ int i;
3051+
3052+ if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
3053+ tempstr[0] == NULL)
3054+ {
3055+ if (tempstr != NULL)
3056+ ldap_value_free (tempstr);
3057+
3058+ return;
3059+ }
3060+
3061+ if ((netmaskstr = ldap_get_values (ld, item->ldent,
3062+ "dhcpNetmask")) == NULL ||
3063+ netmaskstr[0] == NULL)
3064+ {
3065+ if (netmaskstr != NULL)
3066+ ldap_value_free (netmaskstr);
3067+ ldap_value_free (tempstr);
3068+
3069+ return;
3070+ }
3071+
3072+ strncat (cfile->inbuf, "subnet ", LDAP_BUFFER_SIZE);
3073+ strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
3074+
3075+ strncat (cfile->inbuf, " netmask ", LDAP_BUFFER_SIZE);
3076+ parse_netmask (strtol (netmaskstr[0], NULL, 10), netmaskbuf);
3077+ strncat (cfile->inbuf, netmaskbuf, LDAP_BUFFER_SIZE);
3078+
3079+ strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
3080+
3081+ ldap_value_free (tempstr);
3082+ ldap_value_free (netmaskstr);
3083+
3084+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpRange")) != NULL)
3085+ {
3086+ strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
3087+ for (i=0; tempstr[i] != NULL; i++)
3088+ {
3089+ strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
3090+ strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
3091+ }
3092+ strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
3093+ ldap_value_free (tempstr);
3094+ }
3095+
3096+ item->close_brace = 1;
3097+}
3098+
3099+
3100+static void
3101+ldap_parse_pool (struct ldap_config_stack *item, struct parse *cfile)
3102+{
3103+ char **tempstr;
3104+ int i;
3105+
3106+ strncat (cfile->inbuf, "pool {\n", LDAP_BUFFER_SIZE);
3107+
3108+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpRange")) != NULL)
3109+ {
3110+ strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
3111+ for (i=0; tempstr[i] != NULL; i++)
3112+ {
3113+ strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
3114+ strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
3115+ }
3116+ strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
3117+ ldap_value_free (tempstr);
3118+ }
3119+
3120+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpPermitList")) != NULL)
3121+ {
3122+ for (i=0; tempstr[i] != NULL; i++)
3123+ {
3124+ strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
3125+ strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
3126+ }
3127+ ldap_value_free (tempstr);
3128+ }
3129+
3130+ item->close_brace = 1;
3131+}
3132+
3133+
3134+static void
3135+ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile)
3136+{
3137+ strncat (cfile->inbuf, "group {\n", LDAP_BUFFER_SIZE);
3138+ item->close_brace = 1;
3139+}
3140+
3141+
3142+static void
3143+add_to_config_stack (LDAPMessage * res, LDAPMessage * ent)
3144+{
3145+ struct ldap_config_stack *ns;
3146+
3147+ ns = dmalloc (sizeof (*ns), MDL);
3148+ ns->res = res;
3149+ ns->ldent = ent;
3150+ ns->close_brace = 0;
3151+ ns->processed = 0;
3152+ ns->next = ldap_stack;
3153+ ldap_stack = ns;
3154+}
3155+
3156+
3157+static void
3158+ldap_start (void)
3159+{
3160+ struct option_state *options;
3161+ struct option_cache *oc;
3162+ struct data_string db;
3163+ int ret, version;
3164+
3165+ if (ld != NULL)
3166+ return;
3167+
3168+ if (ldap_server == NULL)
3169+ {
3170+ options = NULL;
3171+ option_state_allocate (&options, MDL);
3172+
3173+ execute_statements_in_scope ((struct binding_value **) NULL,
3174+ (struct packet *) NULL, (struct lease *) NULL,
3175+ (struct client_state *) NULL, (struct option_state *) NULL,
3176+ options, &global_scope, root_group, (struct group *) NULL);
3177+
3178+ memset (&db, 0, sizeof (db));
3179+ oc = lookup_option (&server_universe, options, SV_LDAP_SERVER);
3180+ if (oc &&
3181+ evaluate_option_cache (&db, (struct packet*) NULL,
3182+ (struct lease *) NULL, (struct client_state *) NULL,
3183+ options, (struct option_state *) NULL, &global_scope, oc, MDL))
3184+ {
3185+ ldap_server = dmalloc (db.len + 1, MDL);
3186+ if (!ldap_server)
3187+ log_fatal ("no memory for ldap server");
3188+ memcpy (ldap_server, db.data, db.len);
3189+ ldap_server[db.len] = 0;
3190+ data_string_forget (&db, MDL);
3191+ }
3192+
3193+ oc = lookup_option (&server_universe, options, SV_LDAP_USERNAME);
3194+ if (oc &&
3195+ evaluate_option_cache (&db, (struct packet*) NULL,
3196+ (struct lease *) NULL, (struct client_state *) NULL,
3197+ options, (struct option_state *) NULL, &global_scope, oc, MDL))
3198+ {
3199+ ldap_username = dmalloc (db.len + 1, MDL);
3200+ if (!ldap_username)
3201+ log_fatal ("no memory for ldap username");
3202+ memcpy (ldap_username, db.data, db.len);
3203+ ldap_username[db.len] = 0;
3204+ data_string_forget (&db, MDL);
3205+ }
3206+
3207+ oc = lookup_option (&server_universe, options, SV_LDAP_PASSWORD);
3208+ if (oc &&
3209+ evaluate_option_cache (&db, (struct packet*) NULL,
3210+ (struct lease *) NULL, (struct client_state *) NULL,
3211+ options, (struct option_state *) NULL, &global_scope, oc, MDL))
3212+ {
3213+ ldap_password = dmalloc (db.len + 1, MDL);
3214+ if (!ldap_password)
3215+ log_fatal ("no memory for ldap password");
3216+ memcpy (ldap_password, db.data, db.len);
3217+ ldap_password[db.len] = 0;
3218+ data_string_forget (&db, MDL);
3219+ }
3220+
3221+ oc = lookup_option (&server_universe, options, SV_LDAP_BASE_DN);
3222+ if (oc &&
3223+ evaluate_option_cache (&db, (struct packet*) NULL,
3224+ (struct lease *) NULL, (struct client_state *) NULL,
3225+ options, (struct option_state *) NULL, &global_scope, oc, MDL))
3226+ {
3227+ ldap_base_dn = dmalloc (db.len + 1, MDL);
3228+ if (!ldap_base_dn)
3229+ log_fatal ("no memory for ldap password");
3230+ memcpy (ldap_base_dn, db.data, db.len);
3231+ ldap_base_dn[db.len] = 0;
3232+ data_string_forget (&db, MDL);
3233+ }
3234+
3235+ oc = lookup_option (&server_universe, options, SV_LDAP_METHOD);
3236+ if (oc &&
3237+ evaluate_option_cache (&db, (struct packet*) NULL,
3238+ (struct lease *) NULL, (struct client_state *) NULL,
3239+ options, (struct option_state *) NULL, &global_scope, oc, MDL))
3240+ {
3241+
3242+ if (db.len == 1)
3243+ ldap_method = db.data [0];
3244+ else
3245+ log_fatal ("invalid dns update type");
3246+ data_string_forget (&db, MDL);
3247+ }
3248+
3249+ oc = lookup_option (&server_universe, options, SV_LDAP_DEBUG_FILE);
3250+ if (oc &&
3251+ evaluate_option_cache (&db, (struct packet*) NULL,
3252+ (struct lease *) NULL, (struct client_state *) NULL,
3253+ options, (struct option_state *) NULL, &global_scope, oc, MDL))
3254+ {
3255+ ldap_debug_file = dmalloc (db.len + 1, MDL);
3256+ if (!ldap_debug_file)
3257+ log_fatal ("no memory for ldap debug file");
3258+ memcpy (ldap_debug_file, db.data, db.len);
3259+ ldap_debug_file[db.len] = 0;
3260+ data_string_forget (&db, MDL);
3261+ }
3262+
3263+ option_state_dereference (&options, MDL);
3264+ }
3265+
3266+ if (ldap_server == NULL || ldap_base_dn == NULL)
3267+ {
3268+ log_info ("Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file");
3269+ ldap_method = LDAP_METHOD_STATIC;
3270+ return;
3271+ }
3272+
3273+ if (ldap_debug_file != NULL && ldap_debug_fd == -1)
3274+ {
3275+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
3276+ S_IRUSR | S_IWUSR)) < 0)
3277+ log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
3278+ strerror (errno));
3279+ }
3280+
3281+#if defined (DEBUG_LDAP)
3282+ log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port);
3283+#endif
3284+
3285+ if ((ld = ldap_init (ldap_server, ldap_port)) == NULL)
3286+ {
3287+ log_error ("Cannot init ldap session to %s", ldap_server);
3288+ return;
3289+ }
3290+
3291+ version = LDAP_VERSION3;
3292+ if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS)
3293+ {
3294+ log_error ("Cannot set LDAP version to %d: %s", version,
3295+ ldap_err2string (ret));
3296+ }
3297+
3298+#if defined (USE_SSL)
3299+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
3300+ log_error ("Warning: Cannot start TLS session to %s: %s",
3301+ ldap_server, ldap_err2string (ret));
3302+ else
3303+ log_info ("TLS session successfully started to %s", ldap_server);
3304+#endif
3305+
3306+ if ((ret = ldap_simple_bind_s (ld, ldap_username, ldap_password)) != LDAP_SUCCESS)
3307+ {
3308+ log_error ("Error: Cannot log into ldap server %s: %s", ldap_server,
3309+ ldap_err2string (ret));
3310+ ldap_unbind (ld);
3311+ ld = NULL;
3312+ return;
3313+ }
3314+
3315+#if defined (DEBUG_LDAP)
3316+ log_info ("Successfully logged into LDAP server %s", ldap_server);
3317+#endif
3318+}
3319+
3320+
3321+static void
3322+parse_external_dns (LDAPMessage * ent)
3323+{
3324+ char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN",
3325+ "dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN",
3326+ "dhcpPoolDN", NULL};
3327+ LDAPMessage * newres, * newent;
3328+ struct ldap_config_stack *ns;
3329+ char **tempstr;
3330+ int i, ret;
3331+
3332+ if (ld == NULL)
3333+ ldap_start ();
3334+ if (ld == NULL)
3335+ return;
3336+
3337+ for (i=0; search[i] != NULL; i++)
3338+ {
3339+ if ((tempstr = ldap_get_values (ld, ent, search[i])) == NULL)
3340+ continue;
3341+
3342+ if ((ret = ldap_search_s (ld, tempstr[0], LDAP_SCOPE_BASE,
3343+ "objectClass=*", NULL, 0,
3344+ &newres)) != LDAP_SUCCESS)
3345+ {
3346+ ldap_value_free (tempstr);
3347+ ldap_unbind (ld);
3348+ ld = NULL;
3349+ return;
3350+ }
3351+
3352+ ldap_value_free (tempstr);
3353+
3354+ for (newent = ldap_first_entry (ld, newres);
3355+ newent != NULL;
3356+ newent = ldap_next_entry (ld, ent))
3357+ {
3358+ add_to_config_stack (newres, newent);
3359+ }
3360+
3361+ ldap_msgfree (newres);
3362+ }
3363+}
3364+
3365+
3366+static void
3367+free_stack_entry (struct ldap_config_stack *item)
3368+{
3369+ ldap_msgfree (item->res);
3370+ dfree (item, MDL);
3371+}
3372+
3373+
3374+static void
3375+next_ldap_entry (struct parse *cfile)
3376+{
3377+ struct ldap_config_stack *temp_stack;
3378+
3379+ if (ldap_stack != NULL && ldap_stack->close_brace)
3380+ {
3381+ strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
3382+ ldap_stack->close_brace = 0;
3383+ }
3384+
3385+ while (ldap_stack != NULL &&
3386+ (ldap_stack->ldent == NULL ||
3387+ (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))
3388+ {
3389+ if (ldap_stack->close_brace)
3390+ {
3391+ strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
3392+ ldap_stack->close_brace = 0;
3393+ }
3394+
3395+ temp_stack = ldap_stack;
3396+ ldap_stack = ldap_stack->next;
3397+ free_stack_entry (temp_stack);
3398+ }
3399+
3400+ if (ldap_stack != NULL && ldap_stack->close_brace)
3401+ {
3402+ strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
3403+ ldap_stack->close_brace = 0;
3404+ }
3405+}
3406+
3407+
3408+static void
3409+ldap_generate_config_string (struct parse *cfile)
3410+{
3411+ char **objectClass, **tempstr, *dn;
3412+ struct ldap_config_stack *entry;
3413+ LDAPMessage * ent, * res;
3414+ int i, j, ignore, found;
3415+ int ret;
3416+
3417+ if (ld == NULL)
3418+ ldap_start ();
3419+ if (ld == NULL)
3420+ return;
3421+
3422+ entry = ldap_stack;
3423+ if ((objectClass = ldap_get_values (ld, entry->ldent,
3424+ "objectClass")) == NULL)
3425+ return;
3426+
3427+ ignore = 0;
3428+ found = 1;
3429+ for (i=0; objectClass[i] != NULL; i++)
3430+ {
3431+ if (strcmp (objectClass[i], "dhcpSharedNetwork") == 0)
3432+ ldap_parse_shared_network (entry, cfile);
3433+ else if (strcmp (objectClass[i], "dhcpClass") == 0)
3434+ ldap_parse_class (entry, cfile);
3435+ else if (strcmp (objectClass[i], "dhcpSubnet") == 0)
3436+ ldap_parse_subnet (entry, cfile);
3437+ else if (strcmp (objectClass[i], "dhcpPool") == 0)
3438+ ldap_parse_pool (entry, cfile);
3439+ else if (strcmp (objectClass[i], "dhcpGroup") == 0)
3440+ ldap_parse_group (entry, cfile);
3441+ else if (strcmp (objectClass[i], "dhcpHost") == 0)
3442+ {
3443+ if (ldap_method == LDAP_METHOD_STATIC)
3444+ ldap_parse_host (entry, cfile);
3445+ else
3446+ {
3447+ ignore = 1;
3448+ break;
3449+ }
3450+ }
3451+ else if (strcmp (objectClass[i], "dhcpSubClass") == 0)
3452+ {
3453+ if (ldap_method == LDAP_METHOD_STATIC)
3454+ ldap_parse_subclass (entry, cfile);
3455+ else
3456+ {
3457+ ignore = 1;
3458+ break;
3459+ }
3460+ }
3461+ else
3462+ found = 0;
3463+
3464+ if (found && cfile->inbuf[0] == '\0')
3465+ {
3466+ ignore = 1;
3467+ break;
3468+ }
3469+ }
3470+
3471+ ldap_value_free (objectClass);
3472+
3473+ if (ignore)
3474+ {
3475+ next_ldap_entry (cfile);
3476+ return;
3477+ }
3478+
3479+ if ((tempstr = ldap_get_values (ld, entry->ldent, "dhcpOption")) != NULL)
3480+ {
3481+ for (j=0; tempstr[j] != NULL; j++)
3482+ {
3483+ strncat (cfile->inbuf, "option ", LDAP_BUFFER_SIZE);
3484+ strncat (cfile->inbuf, tempstr[j], LDAP_BUFFER_SIZE);
3485+ strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
3486+ }
3487+ ldap_value_free (tempstr);
3488+ }
3489+
3490+ if ((tempstr = ldap_get_values (ld, entry->ldent, "dhcpStatements")) != NULL)
3491+ {
3492+ char *ptr = NULL;
3493+
3494+ for (j=0; tempstr[j] != NULL; j++)
3495+ {
3496+ strncat (cfile->inbuf, tempstr[j], LDAP_BUFFER_SIZE);
3497+
3498+ /*
3499+ ** check if it ends with "}", e.g.
3500+ ** "zone my.domain. { ... }"
3501+ */
3502+ ptr = strrchr (tempstr[j], '}');
3503+ if (ptr != NULL)
3504+ {
3505+ /* skip following white-spaces */
3506+ for (++ptr; isspace ((int)*ptr); ptr++);
3507+
3508+ /* check if we reached the end */
3509+ if (*ptr != '\0')
3510+ ptr = NULL;
3511+ }
3512+
3513+ if(ptr != NULL)
3514+ strncat (cfile->inbuf, "\n", LDAP_BUFFER_SIZE);
3515+ else
3516+ strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
3517+ }
3518+ ldap_value_free (tempstr);
3519+ }
3520+
3521+ dn = ldap_get_dn (ld, entry->ldent);
3522+
3523+#if defined(DEBUG_LDAP)
3524+ log_info ("Found LDAP entry '%s'", dn);
3525+#endif
3526+
3527+ if ((ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "objectClass=*",
3528+ NULL, 0, &res)) != LDAP_SUCCESS)
3529+ {
3530+ ldap_unbind (ld);
3531+ ld = NULL;
3532+ ldap_memfree (dn);
3533+ return;
3534+ }
3535+
3536+ ldap_memfree (dn);
3537+
3538+ if ((ent = ldap_first_entry (ld, res)) != NULL)
3539+ {
3540+ add_to_config_stack (res, ent);
3541+ parse_external_dns (entry->ldent);
3542+ }
3543+ else
3544+ {
3545+ ldap_msgfree (res);
3546+ parse_external_dns (entry->ldent);
3547+ next_ldap_entry (cfile);
3548+ }
3549+}
3550+
3551+
3552+static char
3553+ldap_read_function (struct parse *cfile)
3554+{
3555+ char eofstring[2] = {EOF, '\0'};
3556+
3557+ cfile->inbuf[0] = '\0';
3558+ cfile->buflen = 0;
3559+
3560+ while (ldap_stack != NULL && *cfile->inbuf == '\0')
3561+ ldap_generate_config_string (cfile);
3562+
3563+ cfile->buflen = strlen (cfile->inbuf);
3564+
3565+ if (ldap_debug_fd > 0 && cfile->buflen > 0)
3566+ {
3567+ if (write (ldap_debug_fd, cfile->inbuf, cfile->buflen) < 0)
3568+ {
3569+ log_error ("Error writing to LDAP debug file %s: %s. Disabling log file.",
3570+ ldap_debug_file, strerror (errno));
3571+ close (ldap_debug_fd);
3572+ ldap_debug_fd = -1;
3573+ }
3574+ }
3575+
3576+#if defined (DEBUG_LDAP)
3577+ log_info ("Sending config line '%s'", cfile->inbuf);
3578+#endif
3579+
3580+ if (ldap_stack == NULL)
3581+ {
3582+ strncat (cfile->inbuf, eofstring, LDAP_BUFFER_SIZE);
3583+ if (ldap_debug_fd > 0)
3584+ close (ldap_debug_fd);
3585+ }
3586+
3587+ cfile->buflen = strlen (cfile->inbuf);
3588+ cfile->bufix = 1;
3589+
3590+ return (cfile->inbuf[0]);
3591+}
3592+
3593+
3594+static char *
3595+ldap_get_host_name (LDAPMessage * ent)
3596+{
3597+ char **name, *ret;
3598+
3599+ ret = NULL;
3600+ if ((name = ldap_get_values (ld, ent, "cn")) == NULL || name[0] == NULL)
3601+ {
3602+ if (name != NULL)
3603+ ldap_value_free (name);
3604+
3605+#if defined (DEBUG_LDAP)
3606+ log_info ("Cannot get cn attribute for LDAP entry %s",
3607+ ldap_get_dn (ld, ent));
3608+#endif
3609+ return (NULL);
3610+ }
3611+
3612+ ret = dmalloc (strlen (name[0]) + 1, MDL);
3613+ strcpy (ret, name[0]);
3614+ ldap_value_free (name);
3615+
3616+ return (ret);
3617+}
3618+
3619+
3620+isc_result_t
3621+ldap_read_config (void)
3622+{
3623+ LDAPMessage * ldres, * hostres, * ent, * hostent;
3624+ char *buffer, dn[256], **tempstr;
3625+ struct parse *cfile;
3626+ struct utsname unme;
3627+ isc_result_t res;
3628+ int ret;
3629+
3630+
3631+ buffer = dmalloc (LDAP_BUFFER_SIZE, MDL);
3632+ cfile = (struct parse *) NULL;
3633+ res = new_parse (&cfile, -1, buffer, LDAP_BUFFER_SIZE, "LDAP", 0);
3634+ if (res != ISC_R_SUCCESS)
3635+ return (res);
3636+
3637+ cfile->bufix = cfile->buflen = 0;
3638+ cfile->read_function = ldap_read_function;
3639+
3640+ if (ld == NULL)
3641+ ldap_start ();
3642+ if (ld == NULL)
3643+ return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE);
3644+
3645+ uname (&unme);
3646+ snprintf (dn, sizeof (dn), "(&(objectClass=dhcpServer)(cn=%s))",
3647+ unme.nodename);
3648+
3649+ if ((ret = ldap_search_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE, dn, NULL,
3650+ 0, &hostres)) != LDAP_SUCCESS)
3651+ {
3652+ log_error ("Cannot find host LDAP entry %s (%s)", unme.nodename, dn);
3653+ ldap_unbind (ld);
3654+ ld = NULL;
3655+ return (ISC_R_FAILURE);
3656+ }
3657+
3658+ if ((hostent = ldap_first_entry (ld, hostres)) == NULL)
3659+ {
3660+ log_error ("Error: Cannot find LDAP entry matching %s", dn);
3661+ ldap_unbind (ld);
3662+ ld = NULL;
3663+ return (ISC_R_FAILURE);
3664+ }
3665+
3666+#if defined(DEBUG_LDAP)
3667+ buffer = ldap_get_dn (ld, hostent);
3668+ log_info ("Found dhcpServer LDAP entry '%s'", buffer);
3669+ ldap_memfree (buffer);
3670+#endif
3671+
3672+ if ((tempstr = ldap_get_values (ld, hostent, "dhcpServiceDN")) == NULL ||
3673+ tempstr[0] == NULL)
3674+ {
3675+ log_error ("Error: Cannot find LDAP entry matching %s", dn);
3676+
3677+ if (tempstr != NULL)
3678+ ldap_value_free (tempstr);
3679+
3680+ ldap_unbind (ld);
3681+ ld = NULL;
3682+ return (ISC_R_FAILURE);
3683+ }
3684+
3685+ if ((ret = ldap_search_s (ld, tempstr[0], LDAP_SCOPE_BASE,
3686+ "objectClass=*", NULL, 0, &ldres)) != LDAP_SUCCESS)
3687+ {
3688+ log_error ("Error searching for dhcpServiceDN '%s': %s. Please update the LDAP entry '%s'", tempstr[0],
3689+ ldap_err2string (ret), ldap_get_dn (ld, hostent));
3690+ ldap_value_free (tempstr);
3691+ ldap_unbind (ld);
3692+ ld = NULL;
3693+ return (ISC_R_FAILURE);
3694+ }
3695+
3696+ if ((ent = ldap_first_entry (ld, ldres)) == NULL)
3697+ {
3698+ log_error ("Error: Cannot find dhcpService DN '%s'. Please update the LDAP entry '%s'",
3699+ tempstr[0], ldap_get_dn (ld, hostent));
3700+ ldap_value_free (tempstr);
3701+ ldap_unbind (ld);
3702+ ld = NULL;
3703+ return (ISC_R_FAILURE);
3704+ }
3705+
3706+ ldap_msgfree (hostres);
3707+
3708+ ldap_value_free (tempstr);
3709+
3710+ add_to_config_stack (ldres, ent);
3711+
3712+ res = conf_file_subparse (cfile, root_group, ROOT_GROUP);
3713+ end_parse (&cfile);
3714+
3715+ return (res);
3716+}
3717+
3718+
3719+/* This function will parse the dhcpOption and dhcpStatements field in the LDAP
3720+ entry if it exists. Right now, type will be either HOST_DECL or CLASS_DECL.
3721+ If we are parsing a HOST_DECL, this always returns 0. If we are parsing a
3722+ CLASS_DECL, this will return what the current lease limit is in LDAP. If
3723+ there is no lease limit specified, we return 0 */
3724+
3725+static int
3726+ldap_parse_options (LDAPMessage * ent, struct group *group,
3727+ int type, struct host_decl *host,
3728+ struct class **class)
3729+{
3730+ char **tempstr, option_buffer[8192];
3731+ int i, declaration, lease_limit;
3732+ enum dhcp_token token;
3733+ struct parse *cfile;
3734+ isc_result_t res;
3735+ const char *val;
3736+
3737+ lease_limit = 0;
3738+ *option_buffer = '\0';
3739+ if ((tempstr = ldap_get_values (ld, ent, "dhcpStatements")) != NULL)
3740+ {
3741+ for (i=0; tempstr[i] != NULL; i++)
3742+ {
3743+ if (strncasecmp ("lease limit ", tempstr[i], 12) == 0)
3744+ {
3745+ lease_limit = strtol ((tempstr[i]) + 12, NULL, 10);
3746+ continue;
3747+ }
3748+
3749+ strncat (option_buffer, tempstr[i], sizeof (option_buffer));
3750+ strncat (option_buffer, ";\n", sizeof (option_buffer));
3751+ }
3752+ ldap_value_free (tempstr);
3753+ }
3754+
3755+ if ((tempstr = ldap_get_values (ld, ent, "dhcpOption")) != NULL)
3756+ {
3757+ for (i=0; tempstr[i] != NULL; i++)
3758+ {
3759+ strncat (option_buffer, "option ", sizeof (option_buffer));
3760+ strncat (option_buffer, tempstr[i], sizeof (option_buffer));
3761+ strncat (option_buffer, ";\n", sizeof (option_buffer));
3762+ }
3763+ ldap_value_free (tempstr);
3764+ }
3765+
3766+ if (*option_buffer == '\0')
3767+ return (lease_limit);
3768+
3769+ cfile = (struct parse *) NULL;
3770+ res = new_parse (&cfile, -1, option_buffer, strlen (option_buffer),
3771+ type == HOST_DECL ? "LDAP-HOST" : "LDAP-SUBCLASS", 0);
3772+ if (res != ISC_R_SUCCESS)
3773+ return (lease_limit);
3774+
3775+#if defined (DEBUG_LDAP)
3776+ log_info ("Sending the following options: '%s'", option_buffer);
3777+#endif
3778+
3779+ declaration = 0;
3780+ do {
3781+ token = peek_token (&val, NULL, cfile);
3782+ if (token == END_OF_FILE)
3783+ break;
3784+ declaration = parse_statement (cfile, group, type, host, declaration);
3785+ } while (1);
3786+
3787+ end_parse (&cfile);
3788+
3789+ return (lease_limit);
3790+}
3791+
3792+
3793+
3794+int
3795+find_haddr_in_ldap (struct host_decl **hp, int htype, unsigned hlen,
3796+ const unsigned char *haddr, const char *file, int line)
3797+{
3798+ char buf[128], *type_str, **tempstr;
3799+ LDAPMessage * res, *ent;
3800+ struct host_decl * host;
3801+ isc_result_t status;
3802+ int ret;
3803+
3804+ if (ldap_method == LDAP_METHOD_STATIC)
3805+ return (0);
3806+
3807+ if (ld == NULL)
3808+ ldap_start ();
3809+ if (ld == NULL)
3810+ return (0);
3811+
3812+ switch (htype)
3813+ {
3814+ case HTYPE_ETHER:
3815+ type_str = "ethernet";
3816+ break;
3817+ case HTYPE_IEEE802:
3818+ type_str = "token-ring";
3819+ break;
3820+ case HTYPE_FDDI:
3821+ type_str = "fddi";
3822+ break;
3823+ default:
3824+ log_info ("Ignoring unknown type %d", htype);
3825+ return (0);
3826+ }
3827+
3828+ /*
3829+ ** FIXME: dhcpHWAddress attribute uses octetStringMatch
3830+ ** (what means exact octet match, case sensitive)!
3831+ **
3832+ ** it is not guaranted, that ldap contains _exactly_
3833+ ** "type addr" with one space between!
3834+ ** AFAIK print_hw_addr() produces a lower case string.
3835+ */
3836+ snprintf (buf, sizeof (buf),
3837+ "(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))",
3838+ type_str, print_hw_addr (htype, hlen, haddr));
3839+
3840+#if defined (DEBUG_LDAP)
3841+ log_info ("Searching for %s in LDAP tree %s", buf, ldap_base_dn);
3842+#endif
3843+
3844+ if ((ret = ldap_search_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,
3845+ buf, NULL, 0, &res)) != LDAP_SUCCESS)
3846+ {
3847+ if (ret != LDAP_NO_SUCH_OBJECT)
3848+ {
3849+ log_error ("Cannot search for %s in LDAP tree %s: %s", buf,
3850+ ldap_base_dn, ldap_err2string (ret));
3851+ ldap_unbind (ld);
3852+ ld = NULL;
3853+ }
3854+#if defined (DEBUG_LDAP)
3855+ else
3856+ log_info ("ldap_search_s returned %s when searching for %s in %s",
3857+ ldap_err2string (ret), buf, ldap_base_dn);
3858+#endif
3859+
3860+ return (0);
3861+ }
3862+
3863+ if ((ent = ldap_first_entry (ld, res)) != NULL)
3864+ {
3865+#if defined (DEBUG_LDAP)
3866+ log_info ("Found dhcpHWAddress LDAP entry %s", ldap_get_dn (ld, ent));
3867+#endif
3868+
3869+ host = (struct host_decl *)0;
3870+ status = host_allocate (&host, MDL);
3871+ if (status != ISC_R_SUCCESS)
3872+ {
3873+ log_fatal ("can't allocate host decl struct: %s",
3874+ isc_result_totext (status));
3875+ return (0);
3876+ }
3877+
3878+ host->name = ldap_get_host_name (ent);
3879+ if (host->name == NULL)
3880+ {
3881+ host_dereference (&host, MDL);
3882+ ldap_msgfree (res);
3883+ return (0);
3884+ }
3885+
3886+ if (!clone_group (&host->group, root_group, MDL))
3887+ {
3888+ log_fatal ("can't clone group for host %s", host->name);
3889+ host_dereference (&host, MDL);
3890+ return (0);
3891+ }
3892+
3893+ ldap_parse_options (ent, host->group, HOST_DECL, host, NULL);
3894+
3895+ *hp = host;
3896+ ldap_msgfree (res);
3897+ return (1);
3898+ }
3899+
3900+
3901+ ldap_msgfree (res);
3902+ return (0);
3903+}
3904+
3905+
3906+int
3907+find_subclass_in_ldap (struct class *class, struct class **newclass,
3908+ struct data_string *data)
3909+{
3910+ LDAPMessage * res, * ent;
3911+ int i, ret, lease_limit;
3912+ isc_result_t status;
3913+ char buf[1024];
3914+
3915+ if (ldap_method == LDAP_METHOD_STATIC)
3916+ return (0);
3917+
3918+ if (ld == NULL)
3919+ ldap_start ();
3920+ if (ld == NULL)
3921+ return (0);
3922+
3923+ snprintf (buf, sizeof (buf), "(&(objectClass=dhcpSubClass)(cn=%s)(dhcpClassData=%s))", print_hex_1 (data->len, data->data, 60), print_hex_2 (strlen (class->name), class->name, 60));
3924+#if defined (DEBUG_LDAP)
3925+ log_info ("Searching LDAP for %s", buf);
3926+#endif
3927+
3928+ if ((ret = ldap_search_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,
3929+ buf, NULL, 0, &res)) != LDAP_SUCCESS)
3930+ {
3931+ if (ret != LDAP_NO_SUCH_OBJECT)
3932+ {
3933+ log_error ("Cannot search for %s in LDAP tree %s: %s", buf,
3934+ ldap_base_dn, ldap_err2string (ret));
3935+ ldap_unbind (ld);
3936+ ld = NULL;
3937+ }
3938+#if defined (DEBUG_LDAP)
3939+ else
3940+ log_info ("ldap_search_s returned %s when searching for %s in %s",
3941+ ldap_err2string (ret), buf, ldap_base_dn);
3942+#endif
3943+
3944+ return (0);
3945+ }
3946+
3947+ if ((ent = ldap_first_entry (ld, res)) != NULL)
3948+ {
3949+#if defined (DEBUG_LDAP)
3950+ log_info ("Found subclass LDAP entry %s", ldap_get_dn (ld, ent));
3951+#endif
3952+
3953+ status = class_allocate (newclass, MDL);
3954+ if (status != ISC_R_SUCCESS)
3955+ {
3956+ log_error ("Cannot allocate memory for a new class");
3957+ return (0);
3958+ }
3959+
3960+ group_reference (&(*newclass)->group, class->group, MDL);
3961+ class_reference (&(*newclass)->superclass, class, MDL);
3962+ lease_limit = ldap_parse_options (ent, (*newclass)->group,
3963+ CLASS_DECL, NULL, newclass);
3964+ if (lease_limit == 0)
3965+ (*newclass)->lease_limit = class->lease_limit;
3966+ else
3967+ class->lease_limit = lease_limit;
3968+
3969+ if ((*newclass)->lease_limit)
3970+ {
3971+ (*newclass)->billed_leases =
3972+ dmalloc ((*newclass)->lease_limit * sizeof (struct lease *), MDL);
3973+ if (!(*newclass)->billed_leases)
3974+ {
3975+ log_error ("no memory for billing");
3976+ class_dereference (newclass, MDL);
3977+ return (0);
3978+ }
3979+ memset ((*newclass)->billed_leases, 0,
3980+ ((*newclass)->lease_limit * sizeof (*newclass)->billed_leases));
3981+ }
3982+
3983+ data_string_copy (&(*newclass)->hash_string, data, MDL);
3984+
3985+ ldap_msgfree (res);
3986+ return (1);
3987+ }
3988+
3989+
3990+ ldap_msgfree (res);
3991+ return (0);
3992+}
3993+
3994+#endif
3995+
3996diff -Pru dhcp-3.0.1rc13/server/mdb.c dhcp-3.0.1rc13-ldap/server/mdb.c
3997--- dhcp-3.0.1rc13/server/mdb.c 2002-04-27 01:18:05.000000000 -0400
3998+++ dhcp-3.0.1rc13-ldap/server/mdb.c 2004-03-23 13:49:03.000000000 -0500
3999@@ -384,6 +384,12 @@
4000 {
4001 struct host_decl *foo;
4002 struct hardware h;
4003+ int ret;
4004+
4005+#if defined(LDAP_CONFIGURATION)
4006+ if ((ret = find_haddr_in_ldap (hp, htype, hlen, haddr, file, line)))
4007+ return ret;
4008+#endif
4009
4010 h.hlen = hlen + 1;
4011 h.hbuf [0] = htype;
4012diff -Pru dhcp-3.0.1rc13/server/stables.c dhcp-3.0.1rc13-ldap/server/stables.c
4013--- dhcp-3.0.1rc13/server/stables.c 2003-02-09 20:22:54.000000000 -0500
4014+++ dhcp-3.0.1rc13-ldap/server/stables.c 2004-03-23 13:49:03.000000000 -0500
4015@@ -492,6 +492,15 @@
4016 { "log-facility", "Nsyslog-facilities.", &server_universe, 44 },
4017 { "do-forward-updates", "f", &server_universe, 45 },
4018 { "ping-timeout", "T", &server_universe, 46 },
4019+#if defined(LDAP_CONFIGURATION)
4020+ { "ldap-server", "t", &server_universe, 47 },
4021+ { "ldap-port", "d", &server_universe, 48 },
4022+ { "ldap-username", "t", &server_universe, 49 },
4023+ { "ldap-password", "t", &server_universe, 50 },
4024+ { "ldap-base-dn", "t", &server_universe, 51 },
4025+ { "ldap-method", "Nldap-methods.", &server_universe, 52 },
4026+ { "ldap-debug-file", "t", &server_universe, 53 },
4027+#else
4028 { "unknown-47", "X", &server_universe, 47 },
4029 { "unknown-48", "X", &server_universe, 48 },
4030 { "unknown-49", "X", &server_universe, 49 },
4031@@ -499,6 +508,7 @@
4032 { "unknown-51", "X", &server_universe, 51 },
4033 { "unknown-52", "X", &server_universe, 52 },
4034 { "unknown-53", "X", &server_universe, 53 },
4035+#endif
4036 { "unknown-54", "X", &server_universe, 54 },
4037 { "unknown-55", "X", &server_universe, 55 },
4038 { "unknown-56", "X", &server_universe, 56 },
4039@@ -703,6 +713,20 @@
4040 { "option-end", "e", &server_universe, 255 },
4041 };
4042
4043+#if defined(LDAP_CONFIGURATION)
4044+struct enumeration_value ldap_values [] = {
4045+ { "static", LDAP_METHOD_STATIC },
4046+ { "dynamic", LDAP_METHOD_DYNAMIC },
4047+ { (char *) 0, 0 }
4048+};
4049+
4050+struct enumeration ldap_methods = {
4051+ (struct enumeration *)0,
4052+ "ldap-methods",
4053+ ldap_values
4054+};
4055+#endif
4056+
4057 struct enumeration_value ddns_styles_values [] = {
4058 { "none", 0 },
4059 { "ad-hoc", 1 },
4060diff -Pru dhcp-3.0.1rc13/site.conf dhcp-3.0.1rc13-ldap/site.conf
4061--- dhcp-3.0.1rc13/site.conf 1999-07-07 11:20:10.000000000 -0400
4062+++ dhcp-3.0.1rc13-ldap/site.conf 2004-03-23 13:49:03.000000000 -0500
4063@@ -1,2 +1,3 @@
4064 # Put local site configuration stuff here to override the default
4065 # settings in Makefile.conf
4066+#COPTS = -DDEBUG_LDAP -DDEBUG_CLASS_MATCHING -Wall -O -Wno-unused
DHCP Server
This page took 0.504588 seconds and 4 git commands to generate.