[packages/dhcp.git] / dhcp-ldap.patch

diff -Naur dhcp-3.0.1rc14/Changelog-LDAP dhcp-3.0.1rc14-ldap/Changelog-LDAP
--- dhcp-3.0.1rc14/Changelog-LDAP	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/Changelog-LDAP	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,82 @@
+2004-5-24 Brian Masney <masneyb@ntelos.net>
+	* server/ldap.c - don't append a ; to the end of a dhcpStatement if it
+	ends in }
+
+	* server/ldap.c contrib/dhcpd-conf-to-ldap.pl - support having multiple
+	dhcpRange statements (from Marco D'Ettorre <marco.dettorre@sys-net.it>)
+
+2004-5-5 Brian Masney <masneyb@ntelos.net>
+	* server/ldap.c - added more debugging statements when
+	it is compiled in to help troubleshoot parsing errors. Don't free
+	a LDAP connection prematurely when there is a reference to another
+	LDAP tree. If the config entry ends in }, make sure a ; gets tacked
+	on
+
+	* debian/* - Updated version number. Renamed package from
+	dhcp3-ldap-ntelos to dhcp3-server-ldap.
+
+	* server/ldap.c - enclose the shared-network name in quotes so
+	that there can be shared network statements in LDAP that have spaces
+	in them
+
+	* configure - after the work directory is setup, add -lldap -llber
+	to the server Makefile
+
+Wed Apr 21 15:09:08 CEST 2004 - mt@suse.de
+	* contrib/dhcpd-conf-to-ldap.pl:
+	  - added "--conf=file" option usable instead of stdin
+	  - added "--ldif=file" option usable instead of stdout
+	  - added "--second=host|dn" option usefull for failover
+	  - added "--use=feature" option to enable extended features;
+	    currently used to enable failover (default is disabled).
+	  - extended remaining_line() to support block statements
+	  - fixed / improved failover support, added notes about
+
+	* server/ldap.c:
+	  - moved code checking statement ends to check_statement_end()
+	  - moved parsing of entry options/statements to
+	    ldap_parse_entry_options()
+	  - moved code closing debug fd into ldap_close_debug_fd()
+	  - moved code writing to debug fd into ldap_write_debug()
+	  - added support for full hostname in dhcpServer search filter
+	  - added support for multiple dhcpService entries in dhcpServer object
+	  - added parsing of options and statements for dhcpServer object
+	  - added verify if dhcpService contains server dn as primary or
+	    secondary
+	  - changed to search for dhcpHost,dhcpSubClass bellow of all
+	    dhcpService trees instead of base-dn (avoids finding of hosts in
+	    foreign configs)
+	  - fixes to free all dn's fetched by ldap_get_dn (e.g. debug output)
+	  - fixes to free ldap results, mainly in cases where no LDAP_SUCCESS
+	    returned or other error conditions happened
+	  - fixed/improved some log messages
+
+2004-3-30 Brian Masney <masneyb@ntelos.net>
+	* contrib/dhcpd-conf-to-ldap.pl - added option to control the
+	DHCP Config DN. Wrap the DHCP Statements in { }
+	This patch was contributed by Marius Tomaschewski <mt@suse.de>
+
+	* server/ldap.c - changed ldap_username and ldap_password to
+	be optional (anonymous bind is used then). Added {} block support
+	to dhcpStatements. (no ";" at end if statement ends with a "}").
+	Fixed writing to ldap-debug-file. Changed find_haddr_in_ldap() to
+	use dhcpHost objectClass in its filter
+	This patch was contributed by Marius Tomaschewski <mt@suse.de>
+
+2004-3-23 Brian Masney <masneyb@ntelos.net>
+	* contrib/dhcpd-conf-to-ldap.pl - added options for server, basedn
+	options and usage message (Net::Domain instead of SYS::Hostname).
+	Added handling of zone, authoritative and failover (config and
+	pool-refs) statements. Added numbering of groups and pools per
+	subnet. This patch was contributed by Marius Tomaschewski <mt@suse.de>
+
+2004-2-26 Brian Masney <masneyb@ntelos.net>
+	* fixed an instance where the LDAP server would restart, but the DHCP
+	server would not reconnect
+
+2004-2-18 Brian Masney <masneyb@ntelos.net>
+	* allow multiple dhcp*DN entries in the LDAP entry.
+
+2003-9-11 Brian Masney <masneyb@ntelos.net>
+	* updated patch to work with 3.0.1rc12
+
diff -Naur dhcp-3.0.1rc14/README.ldap dhcp-3.0.1rc14-ldap/README.ldap
--- dhcp-3.0.1rc14/README.ldap	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/README.ldap	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,166 @@
+LDAP Support in DHCP
+Brian Masney <masneyb@ntelos.net>
+Last updated 3/23/2003
+
+This document describes setting up the DHCP server to read it's configuration 
+from LDAP. This work is based on the IETF document 
+draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest
+version of this document, please see http://home.ntelos.net/~masneyb.
+
+First question on most people's mind is "Why do I want to store my 
+configuration in LDAP?" If you run a small DHCP server, and the configuration
+on it rarely changes, then you won't need to store your configuration in LDAP.
+But, if you have several DHCP servers, and you want an easy way to manage your 
+configuration, this can be a solution. 
+
+The first step will be to setup your LDAP server. I am using OpenLDAP from
+www.openldap.org. Building and installing OpenLDAP is beyond the scope of this 
+document. There is plenty of documentation out there about this. Once you have 
+OpenLDAP installed, you will have to edit your slapd.conf file. I added the 
+following 2 lines to my configuration file:
+
+include         /etc/ldap/schema/dhcp.schema
+index           dhcpHWAddress 	eq
+index           dhcpClassData	eq
+
+The first line tells it to include the dhcp schema file. You will find this 
+file under the contrib directory in this distribution. You will need to copy 
+this file to where your other schema files are (maybe
+/usr/local/openldap/etc/openldap/schema/). The second line sets up
+an index for the dhcpHWAddress parameter. The third parameter is for reading 
+subclasses from LDAP every time a DHCP request comes in. Make sure you run the 
+slapindex command and restart slapd to have these changes to into effect.
+
+Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/)
+to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click
+on the Schema tab. Go under objectClasses, and you should see at least the 
+following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions, 
+dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and 
+dhcpSubnet. If you do not see these, you need to check over your LDAP 
+configuration before you go any further.
+
+You should be ready to build DHCP. Edit the includes/site.h file and uncomment
+the #define LDAP_CONFIGURATION. If you would like to enable LDAP over SSL, 
+uncomment the USE_SSL line as well. Now run configure in the base source 
+directory. Edit the work.os/server/Makefile and add -lldap to the LIBS= line.
+(replace os with your operating system, linux-2.2 on my machine). If you 
+enabled SSL, you will also need to add -lcrypto -lssl. You should now be able
+to type make to build your DHCP server. 
+
+Once you have DHCP installed, you will need to setup your initial plaintext 
+config file. In my /etc/dhcpd.conf file, I have:
+
+ldap-server "localhost";
+ldap-port 389;
+ldap-username "cn=DHCP User, dc=ntelos, dc=net";
+ldap-password "blah";
+ldap-base-dn "dc=ntelos, dc=net";
+ldap-method dynamic;
+ldap-debug-file "/var/log/dhcp-ldap-startup.log";
+
+All of these parameters should be self explanatory except for the ldap-method.
+You can set this to static or dynamic. If you set it to static, the 
+configuration is read once on startup, and LDAP isn't used anymore. But, if you
+set this to dynamic, the configuration is read once on startup, and the 
+hosts that are stored in LDAP are looked up every time a DHCP request comes in.
+
+When the optional statement ldap-debug-file is specified, on startup the DHCP
+server will write out the configuration that it generated from LDAP. If you are
+getting errors about your LDAP configuration, this is a good place to start
+looking.
+
+The next step is to set up your LDAP tree. Here is an example config that will
+give a 10.100.0.x address to machines that have a host entry in LDAP. 
+Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace 
+dc=ntelos, dc=net with your base dn). If you would like to convert your 
+existing dhcpd.conf file to LDIF format, there is a script 
+contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type
+dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
+
+# You must specify the server's host name in LDAP that you are going to run
+# DHCP on and point it to which config tree you want to use. Whenever DHCP 
+# first starts up, it will do a search for this entry to find out which 
+# config to use
+dn: cn=brian.ntelos.net, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpServer
+cn: brian.ntelos.net
+dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
+
+# Here is the config tree that brian.ntelos.net points to. 
+dn: cn=DHCP Service Config, dc=ntelos, dc=net
+cn: DHCP Service Config
+objectClass: top
+objectClass: dhcpService
+dhcpPrimaryDN: dc=ntelos, dc=net
+dhcpStatements: ddns-update-style none
+dhcpStatements: default-lease-time 600
+dhcpStatements: max-lease-time 7200
+
+# Set up a shared network segment
+dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: WV
+objectClass: top
+objectClass: dhcpSharedNetwork
+
+# Set up a subnet declaration with a pool statement. Also note that we have
+# a dhcpOptions object with this entry
+dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: 10.100.0.0
+objectClass: top
+objectClass: dhcpSubnet
+objectClass: dhcpOptions
+dhcpOption: domain-name-servers 10.100.0.2
+dhcpOption: routers 10.100.0.1
+dhcpOption: subnet-mask 255.255.255.0
+dhcpOption: broadcast-address 10.100.0.255
+dhcpNetMask: 24
+
+# Set up a pool for this subnet. Only known hosts will get these IPs
+dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: Known Pool
+objectClass: top
+objectClass: dhcpPool
+dhcpRange: 10.100.0.3 10.100.0.254
+dhcpPermitList: deny unknown-clients
+
+# Set up another subnet declaration with a pool statement
+dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: 10.200.0.0
+objectClass: top
+objectClass: dhcpSubnet
+objectClass: dhcpOptions
+dhcpOption: domain-name-servers 10.200.0.2
+dhcpOption: routers 10.200.0.1
+dhcpOption: subnet-mask 255.255.255.0
+dhcpOption: broadcast-address 10.200.0.255
+dhcpNetMask: 24
+
+# Set up a pool for this subnet. Only unknown hosts will get these IPs
+dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: Known Pool
+objectClass: top
+objectClass: dhcpPool
+dhcpRange: 10.200.0.3 10.200.0.254
+dhcpPermitList: deny known clients
+
+# Set aside a group for all of our known MAC addresses
+dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpGroup
+cn: Customers
+
+# Host entry for my laptop
+dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpHost
+cn: brianlaptop
+dhcpHWAddress: ethernet 00:00:00:00:00:00
+
+You can use the command slapadd to load all of these entries into your LDAP 
+server. After you load this, you should be able to start up DHCP. If you run
+into problems reading the configuration, try running dhcpd with the -d flag. 
+If you still have problems, edit the site.conf file in the DHCP source and
+add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make 
+clean and rerun configure before you rebuild).
+
diff -Naur dhcp-3.0.1rc14/common/conflex.c dhcp-3.0.1rc14-ldap/common/conflex.c
--- dhcp-3.0.1rc14/common/conflex.c	2004-06-10 13:59:14.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/common/conflex.c	2004-06-22 15:18:20.000000000 -0400
@@ -47,6 +47,7 @@
 static enum dhcp_token read_number PROTO ((int, struct parse *));
 static enum dhcp_token read_num_or_name PROTO ((int, struct parse *));
 static enum dhcp_token intern PROTO ((char *, enum dhcp_token));
+static char read_function PROTO ((struct parse *));
 
 isc_result_t new_parse (cfile, file, inbuf, buflen, name, eolp)
 	struct parse **cfile;
@@ -74,6 +75,10 @@
 	tmp -> file = file;
 	tmp -> eol_token = eolp;
 
+	if (file != -1) {
+		tmp -> read_function = read_function;;
+	}
+
 	tmp -> bufix = 0;
 	tmp -> buflen = buflen;
 	if (inbuf) {
@@ -109,22 +114,11 @@
 	int c;
 
 	if (cfile -> bufix == cfile -> buflen) {
-		if (cfile -> file != -1) {
-			cfile -> buflen =
-				read (cfile -> file,
-				      cfile -> inbuf, cfile -> bufsiz);
-			if (cfile -> buflen == 0) {
-				c = EOF;
-				cfile -> bufix = 0;
-			} else if (cfile -> buflen < 0) {
-				c = EOF;
-				cfile -> bufix = cfile -> buflen = 0;
-			} else {
-				c = cfile -> inbuf [0];
-				cfile -> bufix = 1;
-			}
-		} else
+		if (cfile -> read_function) {
+			c = cfile -> read_function (cfile);
+		} else {
 			c = EOF;
+		}
 	} else {
 		c = cfile -> inbuf [cfile -> bufix];
 		cfile -> bufix++;
@@ -1071,3 +1065,25 @@
 	}
 	return dfv;
 }
+
+
+static char
+read_function (struct parse * cfile)
+{
+  char c;
+
+	cfile -> buflen = read (cfile -> file, cfile -> inbuf, cfile -> bufsiz);
+	if (cfile -> buflen == 0) {
+		c = EOF;
+		cfile -> bufix = 0;
+	} else if (cfile -> buflen < 0) {
+		c = EOF;
+		cfile -> bufix = cfile -> buflen = 0;
+	} else {
+		c = cfile -> inbuf [0];
+		cfile -> bufix = 1;
+	}
+
+	return c;
+}
+
diff -Naur dhcp-3.0.1rc14/common/print.c dhcp-3.0.1rc14-ldap/common/print.c
--- dhcp-3.0.1rc14/common/print.c	2004-06-17 16:54:39.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/common/print.c	2004-06-22 15:18:20.000000000 -0400
@@ -166,9 +166,9 @@
 }
 
 char *print_hw_addr (htype, hlen, data)
-	int htype;
-	int hlen;
-	unsigned char *data;
+	const int htype;
+	const int hlen;
+	const unsigned char *data;
 {
 	static char habuf [49];
 	char *s;
diff -Naur dhcp-3.0.1rc14/configure dhcp-3.0.1rc14-ldap/configure
--- dhcp-3.0.1rc14/configure	2002-04-20 17:44:13.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/configure	2004-06-22 15:18:20.000000000 -0400
@@ -256,4 +256,8 @@
   make links
 fi
 
+mv $workname/server/Makefile $workname/server/Makefile.noldap
+cat $workname/server/Makefile.noldap | sed '{s/^LIBS =/LIBS=-lldap -llber/}' > $workname/server/Makefile.ldap
+ln $workname/server/Makefile.ldap $workname/server/Makefile
+
 exit 0
diff -Naur dhcp-3.0.1rc14/contrib/dhcp.schema dhcp-3.0.1rc14-ldap/contrib/dhcp.schema
--- dhcp-3.0.1rc14/contrib/dhcp.schema	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/contrib/dhcp.schema	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,343 @@
+attributetype ( 2.16.840.1.113719.1.203.4.1 
+	NAME 'dhcpPrimaryDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The DN of the dhcpServer which is the primary server for the configuration.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.2 
+	NAME 'dhcpSecondaryDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.3 
+	NAME 'dhcpStatements' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.4 
+	NAME 'dhcpRange' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen.  Each range is defined as a separate value.'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.5 
+	NAME 'dhcpPermitList' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.6 
+	NAME 'dhcpNetMask' 
+	EQUALITY integerMatch
+	DESC 'The subnet mask length for the subnet.  The mask can be easily computed from this length.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.7 
+	NAME 'dhcpOption' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'Encoded option values to be sent to clients.  Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.8 
+	NAME 'dhcpClassData' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons.  Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.9 
+	NAME 'dhcpOptionsDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.10 
+	NAME 'dhcpHostDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'the distinguished name(s) of the dhcpHost objects.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+
+attributetype ( 2.16.840.1.113719.1.203.4.11 
+	NAME 'dhcpPoolDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name(s) of pools.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.12 
+	NAME 'dhcpGroupDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name(s)   of the groups.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.13 
+	NAME 'dhcpSubnetDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name(s) of the subnets.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.14 
+	NAME 'dhcpLeaseDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name of a client address.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
+
+attributetype ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' 
+	DESC 'The distinguished name(s) client addresses.' 
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.16 
+	NAME 'dhcpClassesDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name(s) of a class(es) in a subclass.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.17 
+	NAME 'dhcpSubclassesDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name(s) of subclass(es).' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.18 
+	NAME 'dhcpSharedNetworkDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name(s) of sharedNetworks.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.19 
+	NAME 'dhcpServiceDN' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.20 
+	NAME 'dhcpVersion' DESC 'The version attribute of this object.' 
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.21 
+	NAME 'dhcpImplementation' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.22 
+	NAME 'dhcpAddressState' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'This stores information about the current binding-status of an address.  For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP".  For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.23 
+	NAME 'dhcpExpirationTime' 
+	EQUALITY generalizedTimeMatch 
+	DESC 'This is the time the current lease for an address expires.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.24 
+	NAME 'dhcpStartTimeOfState' 
+	EQUALITY generalizedTimeMatch 
+	DESC 'This is the time of the last state change for a leased address.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.25 
+	NAME 'dhcpLastTransactionTime' 
+	EQUALITY generalizedTimeMatch 
+	DESC 'This is the last time a valid DHCP packet was received from the client.'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.26 
+	NAME 'dhcpBootpFlag' 
+	EQUALITY booleanMatch 
+	DESC 'This indicates whether the address was assigned via BOOTP.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.27 
+	NAME 'dhcpDomainName' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'This is the name of the domain sent to the client by the server.  It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN.  To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.28 
+	NAME 'dhcpDnsStatus' 
+	EQUALITY integerMatch
+	DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address.  The value is a 16-bit bitmask.'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.29 
+	NAME 'dhcpRequestedHostName' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'This is the hostname that was requested by the client.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.30 
+	NAME 'dhcpAssignedHostName' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client.  The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.31 
+	NAME 'dhcpReservedForClient' 
+	EQUALITY distinguishedNameMatch
+	DESC 'The distinguished name of a "dhcpClient" that an address is reserved for.  This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.32 
+	NAME 'dhcpAssignedToClient' 
+	EQUALITY distinguishedNameMatch
+	DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to.  This attribute is only present in the class when the address is leased.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.33 
+	NAME 'dhcpRelayAgentInfo' 
+	EQUALITY octetStringMatch
+	DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request.  This is a hex-encoded option value.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.34 
+	NAME 'dhcpHWAddress' 
+	EQUALITY octetStringMatch
+	DESC 'The clients hardware address that requested this IP address.' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.35 
+	NAME 'dhcpHashBucketAssignment' 
+	EQUALITY octetStringMatch
+	DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.36 
+	NAME 'dhcpDelayedServiceParameter' 
+	EQUALITY integerMatch
+	DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in  DHC Load Balancing Algorithm [RFC 3074]. '
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.37 
+	NAME 'dhcpMaxClientLeadTime' 
+	EQUALITY integerMatch
+	DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.38 
+	NAME 'dhcpFailOverEndpointState' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]' 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.39 
+	NAME 'dhcpErrorLog' 
+	EQUALITY caseIgnoreIA5Match
+	DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# Classes
+
+objectclass ( 2.16.840.1.113719.1.203.6.1 
+	NAME 'dhcpService' 
+	DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.' 
+	SUP top 
+	MUST (cn $ dhcpPrimaryDN) 
+	MAY ( dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ 
+		dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpOptionsDN $ 
+		dhcpStatements ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.2 
+	NAME 'dhcpSharedNetwork' 
+	DESC 'This stores configuration information for a shared network.' 
+	SUP top 
+	MUST cn 
+	MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) 
+	X-NDS_CONTAINMENT ('dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.3 
+	NAME 'dhcpSubnet' 
+	DESC 'This class defines a subnet. This is a container object.' 
+	SUP top 
+	MUST ( cn $ dhcpNetMask ) 
+	MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ 
+		dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) 
+	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.4 
+	NAME 'dhcpPool' 
+	DESC 'This stores configuration information about a pool.' 
+	SUP top 
+	MUST ( cn $ dhcpRange ) 
+	MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ 
+		dhcpStatements) 
+	X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.5 
+	NAME 'dhcpGroup' 
+	DESC 'Group object that lists host DNs and parameters. This is a container object.' 
+	SUP top 
+	MUST cn 
+	MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) 
+	X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.6 
+	NAME 'dhcpHost' 
+	DESC 'This represents information about a particular client' 
+	SUP top 
+	MUST cn 
+	MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) 
+	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.7 
+	NAME 'dhcpClass' 
+	DESC 'Represents information about a collection of related clients.' 
+	SUP top 
+	MUST cn 
+	MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) 
+	X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.8 
+	NAME 'dhcpSubClass' 
+	DESC 'Represents information about a collection of related classes.' 
+	SUP top 
+	MUST cn 
+	MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements) 
+	X-NDS_CONTAINMENT 'dhcpClass' ) 
+
+objectclass ( 2.16.840.1.113719.1.203.6.9 
+	NAME 'dhcpOptions' 
+	DESC 'Represents information about a collection of options defined.' 
+	SUP top AUXILIARY
+	MUST cn 
+	MAY ( dhcpOption ) 
+	X-NDS_CONTAINMENT  ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 
+			'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.10 
+	NAME 'dhcpLeases' 
+	DESC 'This class represents an IP Address, which may or may not have been leased.' 
+	SUP top 
+	MUST ( cn $ dhcpAddressState ) 
+	MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ 
+		dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ 
+		dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ 
+		dhcpReservedForClient $ dhcpAssignedToClient $ 
+		dhcpRelayAgentInfo $ dhcpHWAddress ) 
+	X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.11 
+	NAME 'dhcpLog' 
+	DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.' 
+	SUP top 
+	MUST ( cn ) 
+	MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ 
+		dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ 
+		dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ 
+		dhcpReservedForClient $ dhcpAssignedToClient $ 
+		dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) 
+	X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 
+					'dhcpSharedNetwork' 'dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.12 
+	NAME 'dhcpServer' 
+	DESC 'DHCP Server Object' 
+	SUP top 
+	MUST (cn $ dhcpServiceDN) 
+	MAY (dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements)
+	X-NDS_CONTAINMENT ('o' 'ou' 'dc') )
+
diff -Naur dhcp-3.0.1rc14/contrib/dhcpd-conf-to-ldap.pl dhcp-3.0.1rc14-ldap/contrib/dhcpd-conf-to-ldap.pl
--- dhcp-3.0.1rc14/contrib/dhcpd-conf-to-ldap.pl	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/contrib/dhcpd-conf-to-ldap.pl	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,751 @@
+#!/usr/bin/perl -w
+
+# Brian Masney <masneyb@ntelos.net>
+# To use this script, set your base DN below. Then run 
+# ./dhcpd-conf-to-ldap.pl < /path-to-dhcpd-conf/dhcpd.conf > output-file
+# The output of this script will generate entries in LDIF format. You can use
+# the slapadd command to add these entries into your LDAP server. You will
+# definately want to double check that your LDAP entries are correct before
+# you load them into LDAP.
+
+# This script does not do much error checking. Make sure before you run this
+# that the DHCP server doesn't give any errors about your config file
+
+# FailOver notes:
+#   Failover is disabled by default, since it may need manually intervention.
+#   You can try the '--use=failover' option to see what happens :-)
+#
+#   If enabled, the failover pool references will be written to LDIF output.
+#   The failover configs itself will be added to the dhcpServer statements
+#   and not to the dhcpService object (since this script uses only one and
+#   it may be usefull to have multiple service containers in failover mode).
+#   Further, this script does not check if primary or secondary makes sense,
+#   it simply converts what it gets...
+
+use Net::Domain qw(hostname hostfqdn hostdomain);
+use Getopt::Long;
+
+my $domain = hostdomain();           # your.domain
+my $basedn = "dc=".$domain;
+   $basedn =~ s/\./,dc=/g;           # dc=your,dc=domain
+my $server = hostname();             # hostname (nodename)
+my $dhcpcn = 'DHCP Config';          # CN of DHCP config tree
+my $dhcpdn = "cn=$dhcpcn, $basedn";  # DHCP config tree DN
+my $second = '';                     # secondary server DN / hostname
+my $i_conf = '';                     # dhcp.conf file to read or stdin
+my $o_ldif = '';                     # output ldif file name or stdout
+my @use    = ();                     # extended flags (failover)
+
+sub usage($;$)
+{
+  my $rc = shift;
+  my $err= shift;
+
+  print STDERR "Error: $err\n\n" if(defined $err);
+  print STDERR <<__EOF_USAGE__;
+usage: 
+  $0 [options] < dhcpd.conf > dhcpd.ldif
+
+options:
+
+  --basedn  "dc=your,dc=domain"        ("$basedn")
+
+  --dhcpdn  "dhcp config DN"           ("$dhcpdn")
+
+  --server  "dhcp server name"         ("$server")
+
+  --second  "secondary server or DN"   ("$second")
+
+  --conf    "/path/to/dhcpd.conf"      (default is stdin)
+  --ldif    "/path/to/output.ldif"     (default is stdout)
+
+  --use     "extended features"        (see source comments)
+__EOF_USAGE__
+  exit($rc);
+}
+
+
+sub next_token
+{
+  local ($lowercase) = @_;
+  local ($token, $newline);
+
+  do 
+    {
+      if (!defined ($line) || length ($line) == 0)
+        {
+          $line = <>;
+          return undef if !defined ($line);
+          chop $line;
+          $line_number++;
+          $token_number = 0;
+        }
+
+      $line =~ s/#.*//;
+      $line =~ s/^\s+//;
+      $line =~ s/\s+$//;
+    }
+  while (length ($line) == 0);
+
+  if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
+    {
+      $line = $newline;
+    }
+  else
+    {
+      $token = $line;
+      $line = '';
+    }
+  $token_number++;
+
+  $token =~ y/[A-Z]/[a-z]/ if $lowercase;
+
+  return ($token);
+}
+
+
+sub remaining_line
+{
+  local ($block) = shift || 0;
+  local ($tmp, $str);
+
+  $str = "";
+  while (defined($tmp = next_token (0)))
+    {
+      $str .= ' ' if !($str eq "");
+      $str .= $tmp;
+      last if $tmp =~ /;\s*$/;
+      last if($block and $tmp =~ /\s*[}{]\s*$/);
+    }
+
+  $str =~ s/;$//;
+  return ($str);
+}
+
+
+sub
+add_dn_to_stack
+{
+  local ($dn) = @_;
+
+  $current_dn = "$dn, $current_dn";
+}
+
+
+sub
+remove_dn_from_stack
+{
+  $current_dn =~ s/^.*?,\s*//;
+}
+
+
+sub
+parse_error
+{
+  print "Parse error on line number $line_number at token number $token_number\n";
+  exit (1);
+}
+
+
+sub
+print_entry
+{
+  return if (scalar keys %curentry == 0);
+
+  if (!defined ($curentry{'type'}))
+    {
+      $hostdn = "cn=$server, $basedn";
+      print "dn: $hostdn\n";
+      print "cn: $server\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpServer\n";
+      print "dhcpServiceDN: $current_dn\n";
+      if(grep(/FaIlOvEr/i, @use))
+        {
+          foreach my $fo_peer (keys %failover)
+            {
+              next if(scalar(@{$failover{$fo_peer}}) <= 1);
+              print "dhcpStatements: failover peer $fo_peer { ",
+                    join('; ', @{$failover{$fo_peer}}), "; }\n";
+            }
+        }
+      print "\n";
+
+      print "dn: $current_dn\n";
+      print "cn: $dhcpcn\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpService\n";
+      if (defined ($curentry{'options'}))
+        {
+          print "objectClass: dhcpOptions\n";
+        }
+      print "dhcpPrimaryDN: $hostdn\n";
+      if(grep(/FaIlOvEr/i, @use) and ($second ne ''))
+        {
+          print "dhcpSecondaryDN: $second\n";
+        }
+    }
+  elsif ($curentry{'type'} eq 'subnet')
+    {
+      print "dn: $current_dn\n";
+      print "cn: " . $curentry{'ip'} . "\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpSubnet\n";
+      if (defined ($curentry{'options'}))
+        {
+          print "objectClass: dhcpOptions\n";
+        }
+      
+      print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
+      if (defined ($curentry{'ranges'}))
+        {
+          foreach $statement (@{$curentry{'ranges'}})
+            {
+              print "dhcpRange: $statement\n";
+            }
+        }
+    }
+  elsif ($curentry{'type'} eq 'shared-network')
+    {
+      print "dn: $current_dn\n";
+      print "cn: " . $curentry{'descr'} . "\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpSharedNetwork\n";
+      if (defined ($curentry{'options'}))
+        {
+          print "objectClass: dhcpOptions\n";
+        }
+    }
+  elsif ($curentry{'type'} eq 'group')
+    {
+      print "dn: $current_dn\n";
+      print "cn: group", $curentry{'idx'}, "\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpGroup\n";
+      if (defined ($curentry{'options'}))
+        {
+          print "objectClass: dhcpOptions\n";
+        }
+    }
+  elsif ($curentry{'type'} eq 'host')
+    {
+      print "dn: $current_dn\n";
+      print "cn: " . $curentry{'host'} . "\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpHost\n";
+      if (defined ($curentry{'options'}))
+        {
+          print "objectClass: dhcpOptions\n";
+        }
+
+      if (defined ($curentry{'hwaddress'}))
+        {
+          print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
+        }
+    }
+  elsif ($curentry{'type'} eq 'pool')
+    {
+      print "dn: $current_dn\n";
+      print "cn: pool", $curentry{'idx'}, "\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpPool\n";
+      if (defined ($curentry{'options'}))
+        {
+          print "objectClass: dhcpOptions\n";
+        }
+
+      if (defined ($curentry{'ranges'}))
+        {
+          foreach $statement (@{$curentry{'ranges'}})
+            {
+              print "dhcpRange: $statement\n";
+            }
+        }
+    }
+  elsif ($curentry{'type'} eq 'class')
+    {
+      print "dn: $current_dn\n";
+      print "cn: " . $curentry{'class'} . "\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpClass\n";
+      if (defined ($curentry{'options'}))
+        {
+          print "objectClass: dhcpOptions\n";
+        }
+    }
+  elsif ($curentry{'type'} eq 'subclass')
+    {
+      print "dn: $current_dn\n";
+      print "cn: " . $curentry{'subclass'} . "\n";
+      print "objectClass: top\n";
+      print "objectClass: dhcpSubClass\n";
+      if (defined ($curentry{'options'}))
+        {
+          print "objectClass: dhcpOptions\n";
+        }
+      print "dhcpClassData: " . $curentry{'class'} . "\n";
+    }
+
+  if (defined ($curentry{'statements'}))
+    {
+      foreach $statement (@{$curentry{'statements'}})
+        {
+          print "dhcpStatements: $statement\n";
+        }
+    }
+
+  if (defined ($curentry{'options'}))
+    {
+      foreach $statement (@{$curentry{'options'}})
+        {
+          print "dhcpOption: $statement\n";
+        }
+    }
+
+  print "\n";
+  undef (%curentry);
+}
+
+
+sub parse_netmask
+{
+  local ($netmask) = @_;
+  local ($i);
+
+  if ((($a, $b, $c, $d) = $netmask =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) != 4)
+    {
+      parse_error ();
+    }
+
+  $num = (($a & 0xff) << 24) |
+         (($b & 0xff) << 16) |
+         (($c & 0xff) << 8) |
+          ($d & 0xff);
+
+  for ($i=1; $i<=32 && $num & (1 << (32 - $i)); $i++)
+    {
+    }
+  $i--;
+
+  return ($i);
+}
+
+
+sub parse_subnet
+{
+  local ($ip, $tmp, $netmask);
+
+  print_entry () if %curentry;
+    
+  $ip = next_token (0);
+  parse_error () if !defined ($ip);
+
+  $tmp = next_token (1);
+  parse_error () if !defined ($tmp);
+  parse_error () if !($tmp eq 'netmask');
+
+  $tmp = next_token (0);
+  parse_error () if !defined ($tmp);
+  $netmask = parse_netmask ($tmp);
+
+  $tmp = next_token (0);
+  parse_error () if !defined ($tmp);
+  parse_error () if !($tmp eq '{');
+
+  add_dn_to_stack ("cn=$ip");
+  $curentry{'type'} = 'subnet';
+  $curentry{'ip'} = $ip;
+  $curentry{'netmask'} = $netmask;
+  $cursubnet = $ip;
+  $curcounter{$ip} = { pool  => 0, group => 0 };
+}
+
+
+sub parse_shared_network
+{
+  local ($descr, $tmp);
+
+  print_entry () if %curentry;
+
+  $descr = next_token (0);
+  parse_error () if !defined ($descr);
+
+  $tmp = next_token (0);
+  parse_error () if !defined ($tmp);
+  parse_error () if !($tmp eq '{');
+
+  add_dn_to_stack ("cn=$descr");
+  $curentry{'type'} = 'shared-network';
+  $curentry{'descr'} = $descr;
+}
+
+
+sub parse_host
+{
+  local ($descr, $tmp);
+
+  print_entry () if %curentry;
+
+  $host = next_token (0);
+  parse_error () if !defined ($host);
+
+  $tmp = next_token (0);
+  parse_error () if !defined ($tmp);
+  parse_error () if !($tmp eq '{');
+
+  add_dn_to_stack ("cn=$host");
+  $curentry{'type'} = 'host';
+  $curentry{'host'} = $host;
+}
+
+
+sub parse_group
+{
+  local ($descr, $tmp);
+
+  print_entry () if %curentry;
+
+  $tmp = next_token (0);
+  parse_error () if !defined ($tmp);
+  parse_error () if !($tmp eq '{');
+
+  my $idx;
+  if(exists($curcounter{$cursubnet})) {
+    $idx = ++$curcounter{$cursubnet}->{'group'};
+  } else {
+    $idx = ++$curcounter{''}->{'group'};
+  }
+
+  add_dn_to_stack ("cn=group".$idx);
+  $curentry{'type'} = 'group';
+  $curentry{'idx'} = $idx;
+}
+
+
+sub parse_pool
+{
+  local ($descr, $tmp);
+
+  print_entry () if %curentry;
+
+  $tmp = next_token (0);
+  parse_error () if !defined ($tmp);
+  parse_error () if !($tmp eq '{');
+
+  my $idx;
+  if(exists($curcounter{$cursubnet})) {
+    $idx = ++$curcounter{$cursubnet}->{'pool'};
+  } else {
+    $idx = ++$curcounter{''}->{'pool'};
+  }
+
+  add_dn_to_stack ("cn=pool".$idx);
+  $curentry{'type'} = 'pool';
+  $curentry{'idx'} = $idx;
+}
+
+
+sub parse_class
+{
+  local ($descr, $tmp);
+
+  print_entry () if %curentry;
+
+  $class = next_token (0);
+  parse_error () if !defined ($class);
+
+  $tmp = next_token (0);
+  parse_error () if !defined ($tmp);
+  parse_error () if !($tmp eq '{');
+
+  $class =~ s/\"//g;
+  add_dn_to_stack ("cn=$class");
+  $curentry{'type'} = 'class';
+  $curentry{'class'} = $class;
+}
+
+
+sub parse_subclass
+{
+  local ($descr, $tmp);
+
+  print_entry () if %curentry;
+
+  $class = next_token (0);
+  parse_error () if !defined ($class);
+
+  $subclass = next_token (0);
+  parse_error () if !defined ($subclass);
+
+  $tmp = next_token (0);
+  parse_error () if !defined ($tmp);
+  parse_error () if !($tmp eq '{');
+
+  add_dn_to_stack ("cn=$subclass");
+  $curentry{'type'} = 'subclass';
+  $curentry{'class'} = $class;
+  $curentry{'subclass'} = $subclass;
+}
+
+
+sub parse_hwaddress
+{
+  local ($type, $hw, $tmp);
+
+  $type = next_token (1);
+  parse_error () if !defined ($type);
+
+  $hw = next_token (1);
+  parse_error () if !defined ($hw);
+  $hw =~ s/;$//;
+
+  $curentry{'hwaddress'} = "$type $hw";
+}
+
+    
+sub parse_range
+{
+  local ($tmp, $str);
+
+  $str = remaining_line ();
+
+  if (!($str eq ''))
+    {
+      $str =~ s/;$//;
+      push (@{$curentry{'ranges'}}, $str);
+    }
+}
+
+
+sub parse_statement
+{
+  local ($token) = shift;
+  local ($str);
+
+  if ($token eq 'option')
+    {
+      $str = remaining_line ();
+      push (@{$curentry{'options'}}, $str);
+    }
+  elsif($token eq 'failover')
+    {
+      $str = remaining_line (1); # take care on block
+      if($str =~ /[{]/)
+        {
+          my ($peername, @statements);
+
+          parse_error() if($str !~ /^\s*peer\s+(.+?)\s+[{]\s*$/);
+          parse_error() if(($peername = $1) !~ /^\"?[^\"]+\"?$/);
+
+          #
+          # failover config block found:
+          # e.g. 'failover peer "some-name" {'
+          #
+          if(not grep(/FaIlOvEr/i, @use))
+            {
+              print STDERR "Warning: Failover config 'peer $peername' found!\n";
+              print STDERR "         Skipping it, since failover disabled!\n";
+              print STDERR "         You may try out --use=failover option.\n";
+            }
+
+          until($str =~ /[}]/ or $str eq "")
+            {
+                $str = remaining_line (1);
+                # collect all statements, except ending '}'
+                push(@statements, $str) if($str !~ /[}]/);
+            }
+          $failover{$peername} = [@statements];
+        }
+      else
+        {
+          #
+          # pool reference to failover config is fine
+          # e.g. 'failover peer "some-name";'
+          #
+          if(not grep(/FaIlOvEr/i, @use))
+            {
+              print STDERR "Warning: Failover reference '$str' found!\n";
+              print STDERR "         Skipping it, since failover disabled!\n";
+              print STDERR "         You may try out --use=failover option.\n";
+            }
+          else
+            {
+              push (@{$curentry{'statements'}}, $token. " " . $str);
+            }
+        }
+    }
+  elsif($token eq 'zone')
+    {
+      $str = $token;
+      while($str !~ /}$/) {
+        $str .= ' ' . next_token (0);
+      }
+      push (@{$curentry{'statements'}}, $str);
+    }
+  elsif($token =~ /^(authoritative)[;]*$/)
+    {
+      push (@{$curentry{'statements'}}, $1);
+    }
+  else
+    {
+      $str = $token . " " . remaining_line ();
+      push (@{$curentry{'statements'}}, $str);
+    }
+}
+
+
+my $ok = GetOptions(
+    'basedn=s'      => \$basedn,
+    'dhcpdn=s'      => \$dhcpdn,
+    'server=s'      => \$server,
+    'second=s'      => \$second,
+    'conf=s'        => \$i_conf,
+    'ldif=s'        => \$o_ldif,
+    'use=s'         => \@use,
+    'h|help|usage'  => sub { usage(0); },
+);
+
+unless($server =~ /^\w+/)
+  {
+    usage(1, "invalid server name '$server'");
+  }
+unless($basedn =~ /^\w+=[^,]+/)
+  {
+    usage(1, "invalid base dn '$basedn'");
+  }
+
+if($dhcpdn =~ /^cn=([^,]+)/i)
+  {
+    $dhcpcn = "$1";
+  }
+$second = '' if not defined $second;
+unless($second eq '' or $second =~ /^cn=[^,]+\s*,\s*\w+=[^,]+/i)
+  {
+    if($second =~ /^cn=[^,]+$/i)
+      {
+        # relative DN 'cn=name'
+        $second = "$second, $basedn";
+      }
+    elsif($second =~ /^\w+/)
+      {
+        # assume hostname only
+        $second = "cn=$second, $basedn";
+      }
+    else
+      {
+        usage(1, "invalid secondary '$second'")
+      }
+  }
+
+usage(1) unless($ok);
+
+if($i_conf ne "" and -f $i_conf)
+  {
+    if(not open(STDIN, '<', $i_conf))
+      {
+        print STDERR "Error: can't open conf file '$i_conf': $!\n";
+        exit(1);
+      }
+  }
+if($o_ldif ne "")
+  {
+    if(-e $o_ldif)
+      {
+        print STDERR "Error: output ldif name '$o_ldif' already exists!\n";
+        exit(1);
+      }
+    if(not open(STDOUT, '>', $o_ldif))
+      {
+        print STDERR "Error: can't open ldif file '$o_ldif': $!\n";
+        exit(1);
+      }
+  }
+
+
+print STDERR "Creating LDAP Configuration with the following options:\n";
+print STDERR "\tBase DN: $basedn\n";
+print STDERR "\tDHCP DN: $dhcpdn\n";
+print STDERR "\tServer DN: cn=$server, $basedn\n";
+print STDERR "\tSecondary DN: $second\n"
+             if(grep(/FaIlOvEr/i, @use) and $second ne '');
+print STDERR "\n";
+
+my $token;
+my $token_number = 0;
+my $line_number = 0;
+my %curentry;
+my $cursubnet = '';
+my %curcounter = ( '' => { pool => 0, group => 0 } );
+
+$current_dn = "$dhcpdn";
+$curentry{'descr'} = $dhcpcn;
+$line = '';
+%failover = ();
+
+while (($token = next_token (1)))
+  {
+    if ($token eq '}')
+      {
+        print_entry () if %curentry;
+        if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
+          # don't go below dhcpdn ...
+          remove_dn_from_stack ();
+        }
+      }
+    elsif ($token eq 'subnet')
+      {
+        parse_subnet ();
+        next;
+      }
+    elsif ($token eq 'shared-network')
+      {
+        parse_shared_network ();
+        next;
+      }
+    elsif ($token eq 'class')
+      {
+        parse_class ();
+        next;
+      }
+    elsif ($token eq 'subclass')
+      {
+        parse_subclass ();
+        next;
+      }
+    elsif ($token eq 'pool')
+      {
+        parse_pool ();
+        next;
+      }
+    elsif ($token eq 'group')
+      {
+        parse_group ();
+        next;
+      }
+    elsif ($token eq 'host')
+      {
+        parse_host ();
+        next;
+      }
+    elsif ($token eq 'hardware')
+      {
+        parse_hwaddress ();
+        next;
+      }
+    elsif ($token eq 'range')
+      {
+        parse_range ();
+        next;
+      }
+    else
+      {
+        parse_statement ($token);
+        next;
+      }
+  }
+
+close(STDIN)  if($i_conf);
+close(STDOUT) if($o_ldif);
+
+print STDERR "Done.\n";
+
diff -Naur dhcp-3.0.1rc14/debian/changelog dhcp-3.0.1rc14-ldap/debian/changelog
--- dhcp-3.0.1rc14/debian/changelog	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/changelog	2004-06-22 15:26:38.000000000 -0400
@@ -0,0 +1,25 @@
+dhcp3-server-ldap (3.0.1rc14-1) unstable; urgency=low
+
+  * See ChangeLog-LDAP for changes in this release
+
+ -- Brian Masney <masneyb@gftp.org>  Tue, 22 Jun 2004 15:29:07 -0400
+
+dhcp3-server-ldap (3.0.1rc13-1) unstable; urgency=low
+
+  * See ChangeLog-LDAP for changes in this release
+
+ -- Brian Masney <masneyb@gftp.org>  Wed, 05 May 2004 07:20:13 -0400
+
+dhcp3-server-ldap (3.0.1rc12-1) unstable; urgency=low
+
+  * Updated patch to work against ISC DHCPD 3.0.1rc12
+
+ -- Brian Masney <masneyb@gftp.org>  Mon, 08 Sep 2003 16:34:00 -0400
+
+dhcp3-server-ldap (3.0.1rc11-2) unstable; urgency=low
+
+  * Added these Debian files. They are mostly from the existing dhcp3-server
+    package in Debian.
+
+ -- Brian Masney <masneyb@gftp.org>  Mon, 04 Aug 2003 13:34:00 -0400
+
diff -Naur dhcp-3.0.1rc14/debian/control dhcp-3.0.1rc14-ldap/debian/control
--- dhcp-3.0.1rc14/debian/control	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/control	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,12 @@
+Source: dhcp3-server-ldap
+Section: net
+Priority: optional
+Maintainer: Brian Masney <masneyb@gftp.org>
+Build-Depends: debhelper (>= 2.1.18), dpkg-dev (>= 1.7.0), groff
+Standards-Version: 2.4.0.0
+
+Package: dhcp3-server-ldap
+Architecture: any
+Depends: debconf, debianutils (>= 1.7), dhcp3-server (>= 3.0+3.0.1rc11)
+Conflicts: dhcp, dhcp3-ldap-ntelos
+Description: This is the DHCP server with LDAP patches applied to it
diff -Naur dhcp-3.0.1rc14/debian/copyright dhcp-3.0.1rc14-ldap/debian/copyright
--- dhcp-3.0.1rc14/debian/copyright	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/copyright	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 1996, 1997 The Internet Software Consortium.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of The Internet Software Consortium nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
+ * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE INTERNET SOFTWARE CONSORTIUM OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
diff -Naur dhcp-3.0.1rc14/debian/dhcp3-server-ldap.files dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.files
--- dhcp-3.0.1rc14/debian/dhcp3-server-ldap.files	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.files	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1 @@
+usr/sbin/dhcpd3
diff -Naur dhcp-3.0.1rc14/debian/dhcp3-server-ldap.postinst dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.postinst
--- dhcp-3.0.1rc14/debian/dhcp3-server-ldap.postinst	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.postinst	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e 
+
+# Removes the left over diversions of the old package
+
+if [ "$1" = remove -o "$1" = upgrade ]; then
+	for v in `list_versions`; do
+	        dpkg-divert --package dhcp3-server-ldap --remove \
+			--rename --divert /usr/sbin/dhcpd3-noldap \
+			/usr/sbin/dhcpd3
+	done
+fi
diff -Naur dhcp-3.0.1rc14/debian/dhcp3-server-ldap.postrm dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.postrm
--- dhcp-3.0.1rc14/debian/dhcp3-server-ldap.postrm	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.postrm	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e 
+
+if [ "$1" = remove ]; then
+	dpkg-divert --package dhcp3-server-ldap --remove --rename \
+		--divert /usr/sbin/dhcpd3-noldap /usr/sbin/dhcpd3
+fi
diff -Naur dhcp-3.0.1rc14/debian/dhcp3-server-ldap.preinst dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.preinst
--- dhcp-3.0.1rc14/debian/dhcp3-server-ldap.preinst	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.preinst	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e 
+
+if [ "$1" = install -o "$1" = upgrade ]; then
+	if dpkg-divert --list /usr/sbin/dhcpd3 \
+		| grep -q "by dhcp3-server-ldap";
+	then
+		exit 0
+	fi
+		
+	dpkg-divert --package dhcp3-server-ldap --add --rename \
+		--divert /usr/sbin/dhcpd3-noldap /usr/sbin/dhcpd3
+fi
diff -Naur dhcp-3.0.1rc14/debian/dhcp3-server-ldap.substvars dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.substvars
--- dhcp-3.0.1rc14/debian/dhcp3-server-ldap.substvars	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/dhcp3-server-ldap.substvars	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1 @@
+shlibs:Depends=libc6 (>= 2.3.2.ds1-4), libldap2 (>= 2.1.17-1)
diff -Naur dhcp-3.0.1rc14/debian/dirs dhcp-3.0.1rc14-ldap/debian/dirs
--- dhcp-3.0.1rc14/debian/dirs	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/dirs	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1 @@
+usr/sbin
diff -Naur dhcp-3.0.1rc14/debian/files dhcp-3.0.1rc14-ldap/debian/files
--- dhcp-3.0.1rc14/debian/files	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/files	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1 @@
+dhcp3-server-ldap_3.0.1rc13-1_i386.deb net optional
diff -Naur dhcp-3.0.1rc14/debian/rules dhcp-3.0.1rc14-ldap/debian/rules
--- dhcp-3.0.1rc14/debian/rules	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/debian/rules	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,87 @@
+#!/usr/bin/make -f
+# Made with the iad of dh_make, by Craig Small
+# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess.
+# Also some stuff taken from debmake scripts, by Cristopt Lameter.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+export DH_COMPAT=3
+
+DESTDIR = `pwd`/debian/tmp
+
+IVARS = DESTDIR=$(DESTDIR)
+
+BVARS = PREDEFINES='-D_PATH_DHCPD_DB=\"/var/lib/dhcp3/dhcpd.leases\" \
+	-D_PATH_DHCLIENT_DB=\"/var/lib/dhcp3/dhclient.leases\" \
+	-D_PATH_DHCLIENT_SCRIPT=\"/etc/dhcp3/dhclient-script\" \
+	-D_PATH_DHCPD_CONF=\"/etc/dhcp3/dhcpd.conf\" \
+        -D_PATH_DHCLIENT_CONF=\"/etc/dhcp3/dhclient.conf\"'
+
+build: build-stamp
+build-stamp:
+	dh_testdir
+
+	./configure
+	$(MAKE) $(BVARS)
+
+	touch build-stamp
+
+clean: 
+	dh_testdir
+	rm -f build-stamp install-stamp
+
+	# Add here commands to clean up after the build process.
+	-$(MAKE) distclean
+
+	# Remove leftover junk...
+	rm -Rf work.linux-2.2/
+
+	dh_clean
+
+install: install-stamp
+install-stamp: build-stamp
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	# Add here commands to install the package into debian/tmp.
+	$(MAKE) install $(IVARS)
+
+	mv $(DESTDIR)/usr/sbin/dhcpd $(DESTDIR)/usr/sbin/dhcpd3
+
+	dh_movefiles
+
+	# Remove unwanted directories that dh_movefiles leaves around
+	rmdir $(DESTDIR)/etc
+	rm -Rf $(DESTDIR)/sbin/
+	rm -Rf $(DESTDIR)/usr/bin/
+	rm -Rf $(DESTDIR)/usr/include/
+	rm -Rf $(DESTDIR)/usr/lib/
+	rm -Rf $(DESTDIR)/usr/local/
+	rm -Rf $(DESTDIR)/usr/man/
+	rm -Rf $(DESTDIR)/var/
+	rm -f $(DESTDIR)/usr/sbin/dhcrelay
+
+	touch install-stamp
+
+# Build architecture-dependent files here (this package does not contain
+#	architecture-independent files).
+binary-arch: build install
+	dh_testdir -a
+	dh_testroot -a
+	dh_strip -a
+	dh_compress -a
+	dh_fixperms -a
+	dh_installdeb -a
+	dh_shlibdeps -a
+	dh_gencontrol -a
+	dh_md5sums -a
+	dh_builddeb -a
+
+source diff:                                                                  
+	@echo >&2 'source and diff are obsolete - use dpkg-source -b'; false
+
+binary: binary-arch
+.PHONY: build clean binary-indep binary-arch binary
diff -Naur dhcp-3.0.1rc14/doc/draft-ietf-dhc-ldap-schema-01.txt dhcp-3.0.1rc14-ldap/doc/draft-ietf-dhc-ldap-schema-01.txt
--- dhcp-3.0.1rc14/doc/draft-ietf-dhc-ldap-schema-01.txt	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/doc/draft-ietf-dhc-ldap-schema-01.txt	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,1089 @@
+
+
+
+
+
+Network Working Group                                  M. Meredith,
+Internet Draft                                         V. Nanjundaswamy,
+Document: <draft-ietf-dhc-ldap-schema-00.txt>          M. Hinckley
+Category: Proposed Standard                            Novell Inc.
+Expires: 15th December 2001                            16th June 2001
+
+
+                          LDAP Schema for DHCP
+
+Status of this Memo
+
+This document is an Internet-Draft and is in full conformance with all
+provisions of Section 10 of RFC2026 [ ].
+
+Internet-Drafts are working documents of the Internet Engineering Task
+Force (IETF), its areas, and its working groups.  Note that other groups
+may also distribute working documents as Internet-Drafts. Internet-
+Drafts are draft documents valid for a maximum of six months and may be
+updated, replaced, or obsolete by other documents at any time.  It is
+inappropriate to use Internet-Drafts as reference material or to cite
+them other than as "work in progress."  The list of current Internet-
+Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The
+list of Internet-Draft Shadow Directories can be accessed at
+http://www.ietf.org/shadow.html.
+
+1. Abstract
+
+This document defines a schema for representing DHCP configuration in an
+LDAP directory. It can be used to represent the DHCP Service
+configuration(s) for an entire enterprise network, a subset of the
+network, or even a single server. Representing DHCP configuration in an
+LDAP directory enables centralized management of DHCP services offered
+by one or more DHCP Servers within the enterprise.
+
+2. Conventions used in this document
+
+The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+"SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
+document are to be interpreted as described in RFC-2119 [ ].
+
+In places where different sets of terminology are commonly used to
+represent similar DHCP concepts, this schema uses the terminology of the
+Internet Software Consortium's DHCP server reference implementation.
+For more information see www.isc.org.
+
+3. Design Considerations
+
+The DHCP LDAP schema is designed to be a simple multi-server schema. The
+
+
+
+M. Meredith et al.        Expires December 2001                 [Page 1]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+intent of this schema is to provide a basic framework for representing
+the most common elements used in the configuration of DHCP Server.  This
+should allow other network services to obtain and use basic DHCP
+configuration information in a server-independent but knowledgeable way.
+
+It is expected that some implementations may need to extend the schema
+objects, in order to implement all of their features or needs. It is
+recommended that you use the schema defined in this draft to represent
+DHCP configuration information in an LDAP directory.  Conforming to a
+standard schema improves interoperability between DHCP implementations
+from different vendors.
+
+Some implementations may choose not to support all of the objects
+defined here.
+
+Two decisions are explicitly left up to each implementation:
+
+First, implementations may choose not to store the lease information in
+the directory, so those objects would not be used.
+
+Second, implementations may choose not to implement the auditing
+information.
+
+It is up to the implementation to determine if the data in the directory
+is considered "authoritative", or if it is simply a copy of data from an
+authoritative source. Validity of the information if used as a copy is
+to be ensured by the implementation.
+
+Primarily two types of applications will use the information in this
+schema: 1. DHCP servers (for loading their configuration) 2. Management
+Interfaces (for defining/editing configurations).
+
+The schema should be efficient for the needs of both types of
+applications.  The schema is designed to allow objects managed by DHCP
+(such as computers, subnets, etc) to be present anywhere in a directory
+hierarchy (to allow those objects to be placed in the directory for
+managing administrative control and access to the objects).
+
+The schema uses a few naming conventions - all object classes and
+attributes are prefixed with "dhcp" to decrease the chance that object
+classes and attributes will have the same name.  The schema also uses
+standard naming attributes ("cn", "ou", etc) for all objects.
+
+4. Common DHCP Configuration Attributes
+
+Although DHCP manages several different types of objects, the
+configuration of those objects is often similar.  Consequently, most of
+these objects have a common set of attributes, which are defined below.
+
+
+
+M. Meredith et al.        Expires December 2001                 [Page 2]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+4.1. Attributes Definitions
+
+The schema definitions listed below are for readability.  The LDIF
+layout for this schema will follow in section 8.
+
+Name: dhcpPrimaryDN Description: The Distinguished Name of the
+dhcpServer object, which is the primary server for the configuration.
+Syntax: DN Flags: SINGLE-VALUE
+
+Named: dhcpSecondaryDN Description: The Distinguished Name(s) of the
+dhcpServer object(s), which are secondary servers for the configuration.
+Syntax: DN
+
+Name: dhcpStatements Description: Flexible storage for representing any
+specific data depending on the object to which it is attached. Examples
+include conditional statements, Server parameters, etc.  This also
+serves as a 'catch-all' attribute that allows the standard to evolve
+without needing to update the schema.  Syntax: IA5String
+
+Name: dhcpRange Description: The starting and ending IP Addresses in the
+range (inclusive), separated by a hyphen; if the range only contains one
+address, then just the address can be specified with no hyphen.  Each
+range is defined as a separate value.  Syntax: IA5String
+
+Name: dhcpPermitList Description: This attribute contains the permit
+lists associated with a pool. Each permit list is defined as a separate
+value.  Syntax: IA5String
+
+Name: dhcpNetMask Description: The subnet mask length for the subnet.
+The mask can be easily computed from this length.  Syntax: Integer
+Flags: SINGLE-VALUE
+
+Name: dhcpOption Description: Encoded option values to be sent to
+clients.  Each value represents a single option and contains (OptionTag,
+Length, OptionData) encoded in the format used by DHCP.  For more
+information see [DHCPOPT].  Syntax: OctetString
+
+Name: dhcpClassData Description: Encoded text string or list of bytes
+expressed in hexadecimal, separated by colons. Clients match subclasses
+based on matching the class data with the results of a 'match' or 'spawn
+with' statement in the class name declarations.  Syntax: IA5String
+Flags: SINGLE-VALUE
+
+Name: dhcpSubclassesDN Description: List of subclasses, these are the
+actual DN of each subclass object.  Syntax: DN
+
+Name: dhcpClassesDN Description: List of classes, these are the actual
+DN of each class object.  Syntax: DN
+
+
+
+M. Meredith et al.        Expires December 2001                 [Page 3]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+Name: dhcpSubnetDN Description: List of subnets, these are the actual DN
+of each subnet object.  Syntax: DN
+
+Name: dhcpPoolDN Description: List of pools, these are the actual DN of
+each Pool object.  Syntax: DN
+
+Name: dhcpOptionsDN Description: List of options, these are the actual
+DN of each Options object.  Syntax: DN
+
+Name: dhcpHostDN Description: List of hosts, these are the actual DN of
+each host object.  Syntax: DN
+
+Name: dhcpSharedNetworkDN Description: List of shared networks, these
+are the actual DN of each shared network object.  Syntax: DN
+
+Name: dhcpGroupDN Description: List of groups, these are the actual DN
+of each Group object.  Syntax: DN
+
+Name: dhcpLeaseDN Description: Single Lease DN. A dhcpHost configuration
+uses this attribute to identify a static IP address assignment.  Syntax:
+DN Flags: SINGLE-VALUE
+
+Name: dhcpLeasesDN Description: List of leases, these are the actual DN
+of each lease object.  Syntax: DN
+
+Name: dhcpServiceDN Description: The DN of dhcpService object(s)which
+contain the configuration information. Each dhcpServer object has this
+attribute identifying the DHCP configuration(s) that the server is
+associated with.  Syntax: DN
+
+Name: dhcpHWAddress Description: The hardware address of the client
+associated with a lease Syntax: OctetString Flags: SINGLE-VALUE
+
+Name: dhcpVersion Description: This is the version identified for the
+object that this attribute is part of. In case of the dhcpServer object,
+this represents the DHCP software version.  Syntax: IA5String Flags:
+SINGLE-VALUE
+
+Name: dhcpImplementation Description: DHCP Server implementation
+description e.g. DHCP Vendor information.  Syntax: IA5String Flags:
+SINGLE-VALUE
+
+Name: dhcpHashBucketAssignment Description: HashBucketAssignment bit map
+for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC
+3074].  Syntax: Octet String Flags: SINGLE-VALUE
+
+Name: dhcpDelayedServiceParameter Description: Delay in seconds
+corresponding to Delayed Service Parameter configuration, as defined in
+
+
+
+M. Meredith et al.        Expires December 2001                 [Page 4]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+DHC Load Balancing Algorithm [RFC 3074].  Syntax: Integer Flags: SINGLE-
+VALUE
+
+Name: dhcpMaxClientLeadTime Description: Maximum Client Lead Time
+configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]
+Syntax: Integer Flags: SINGLE-VALUE
+
+Name: dhcpFailOverEndpointState Description: Server (Failover Endpoint)
+state, as defined in DHCP Failover Protocol [FAILOVR] Syntax: IA5String
+Flags: SINGLE-VALUE
+
+5. Configurations and Services
+
+The schema definitions below are for readability the LDIF layout for
+this schema will follow in section 8.
+
+The DHC working group is currently considering several proposals for
+fail-over and redundancy of DHCP servers.  These may require sharing of
+configuration information between servers.  This schema provides a
+generalized mechanism for supporting any of these proposals, by
+separating the definition of a server from the definition of
+configuration service provided by the server.
+
+Separating the DHCP Server (dhcpServer) and the DHCP Configuration
+(dhcpService) representations allows a configuration service to be
+provided by one or more servers. Similarly, a server may provide one or
+more configurations. The schema allows a server to be configured as
+either a primary or secondary provider of a DHCP configuration.
+
+Configurations are also defined so that one configuration can include
+some of the objects that are defined in another configuration.  This
+allows for sharing and/or a hierarchy of related configuration items.
+
+Name: dhcpService Description:  Service object that represents the
+actual DHCP Service configuration. This will be a container with the
+following attributes.  Must: cn, dhcpPrimaryDN May: dhcpSecondaryDN,
+dhcpSharedNetworkDN, dhcpSubnetDN, dhcpGroupDN, dhcpHostDN,
+dhcpClassesDN, dhcpOptionsDN, dhcpStatements
+
+The following objects could exist inside the dhcpService container:
+dhcpSharedNetwork, dhcpSubnet, dhcpGroup, dhcpHost, dhcpClass,
+dhcpOptions, dhcpLog
+
+Name: dhcpServer Description:  Server object that the DHCP server will
+login as.  The configuration information is in the dhcpService container
+that the dhcpServiceDN points to.  Must: cn, dhcpServiceDN May:
+dhcpVersion, dhcpImplementation, dhcpHashBucketAssignment,
+dhcpDelayedServiceParameter, dhcpMaxClientLeadTime, 
+
+
+
+M. Meredith et al.        Expires December 2001                 [Page 5]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+dhcpFailOverEndpointState, dhcpStatements
+
+5.1. DHCP Declaration related classes:
+
+Name: dhcpSharedNetwork Description: Shared Network class will list what
+pools and subnets are in this network.
+
+This will be a container with the following attributes.  Must: cn May:
+dhcpSubnetDN, dhcpPoolDN, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpSharedNetwork container:
+dhcpSubnet, dhcpPool, dhcpOptions, dhcpLog
+
+Name: dhcpSubnet Description: Subnet object will include configuration
+information associated with a subnet, including a range and a net mask.
+
+This will be a container with the following attributes.  Must: cn
+(Subnet address), dhcpNetMask May: dhcpRange, dhcpPoolDN, dhcpGroupDN,
+dhcpHostDN, dhcpClassesDN, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpSubnet container: dhcpPool,
+dhcpGroup, dhcpHost, dhcpClass, dhcpOptions, dhcpLease, dhcpLog
+
+Name: dhcpGroup Description: Group object will have configuration
+information associated with a group.
+
+This will be a container with the following attributes.  Must: cn May:
+dhcpHostDN, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpGroup container: dhcpHost,
+dhcpOptions
+
+Name: dhcpHost Description: The host object includes DHCP host
+declarations to assign a static IP address or declare the client as
+known or specify statements for a specific client.  Must: cn May:
+dhcpLeaseDN, dhcpHWAddress, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpHost container: dhcpLease,
+dhcpOptions
+
+Name: dhcpOptions Description: The options class is for option space
+declarations, it contains a list of options.  Must: cn, dhcpOption
+
+Name: dhcpClass Description: This is a class to group clients together
+based on matching rules.
+
+This will be a container with the following attributes.  Must: cn May:
+dhcpSubClassesDN, dhcpOptionsDN, dhcpStatements
+
+The following object can exist within a dhcpClass container:
+dhcpSubclass, dhcpOptions
+
+
+
+M. Meredith et al.        Expires December 2001                 [Page 6]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+Name: dhcpSubClass Description: This includes configuration information
+for a subclass associated with a class. The dhcpSubClass object will
+always be contained within the corresponding class container object.
+Must: cn May:  dhcpClassData, dhcpOptionsDN, dhcpStatements
+
+Name: dhcpPool Description: This contains configuration for a pool that
+will have the range of addresses, permit lists and point to classes and
+leases that are members of this pool.
+
+This will be a container that could be contained by dhcpSubnet or a
+dhcpSharedNetwork.  Must: cn, dhcpRange May: dhcpClassesDN,
+dhcpPermitList, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpPool container: dhcpClass,
+dhcpOptions, dhcpLease, dhcpLog
+
+6. Tracking Address Assignments
+
+The behavior of a DHCP server is influenced by two factors - it's
+configuration and the current state of the addresses that have been
+assigned to clients. This schema defines a set of objects for
+representing the DHCP configuration associated with a server. The
+following object classes provide the ability to record how addresses are
+used including maintaining history (audit log) on individual leases.
+Recording lease information in a directory could result in a significant
+performance impact and is therefore optional. Implementations supporting
+logging of leases need to consider the performance impact.
+
+6.1. dhcpLeases Attribute Definitions
+
+The schema definitions below are for readability the LDIF layout for
+this schema will follow in section 8.
+
+Name: dhcpAddressState Description: This stores information about the
+current binding-status of an address.  For dynamic addresses managed by
+DHCP, the values should be restricted to the states defined in the DHCP
+Failover Protocol draft [FAILOVR]: 'FREE', 'ACTIVE', 'EXPIRED',
+'RELEASED', 'RESET', 'ABANDONED', 'BACKUP'.  For more information on
+these states see [FAILOVR].  For other addresses, it SHOULD be one of
+the following: 'UNKNOWN', 'RESERVED' (an address that is managed by DHCP
+that is reserved for a specific client), 'RESERVED-ACTIVE' (same as
+reserved, but address is currently in use),  'ASSIGNED' (assigned
+manually or by some other mechanism), 'UNASSIGNED', 'NOTASSIGNABLE'.
+Syntax: IA5String Flags: SINGLE-VALUE
+
+Name: dhcpExpirationTime Description: This is the time the current lease
+for an address expires.  Syntax: DateTime Flags: SINGLE-VALUE
+
+
+
+
+M. Meredith et al.        Expires December 2001                 [Page 7]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+Name: dhcpStartTimeOfState Description: This is the time of the last
+state change for a leased address.  Syntax: DateTime Flags: SINGLE-VALUE
+
+Name: dhcpLastTransactionTime Description: This is the last time a valid
+DHCP packet was received from the client.  Syntax: DateTime Flags:
+SINGLE-VALUE
+
+Name: dhcpBootpFlag Description: This indicates whether the address was
+assigned via BOOTP Syntax: Boolean Flags: SINGLE-VALUE
+
+Name: dhcpDomainName Description: This is the name of the domain sent to
+the client by the server.  It is essentially the same as the value for
+DHCP option 15 sent to the client, and represents only the domain - not
+the full FQDN.  To obtain the full FQDN assigned to the client you must
+prepend the "dhcpAssignedHostName" to this value with a ".".  Syntax:
+IA5String Flags: SINGLE-VALUE
+
+Name: dhcpDnsStatus Description: This indicates the status of updating
+DNS resource records on behalf of the client by the DHCP server for this
+address.  The value is a 16-bit bitmask that has the same values as
+specified by the Failover-DDNS option (see [FAILOVR]).  Syntax: Integer
+Flags: SINGLE-VALUE
+
+Name: dhcpRequestedHostName Description: This is the hostname that was
+requested by the client.  Syntax: IA5String Flags: SINGLE-VALUE
+
+Name: dhcpAssignedHostName Description: This is the actual hostname that
+was assigned to a client. It may not be the name that was requested by
+the client.  The fully qualified domain name can be determined by
+appending the value of "dhcpDomainName" (with a dot separator) to this
+name.  Syntax: IA5String Flags: SINGLE-VALUE
+
+Name: dhcpReservedForClient Description: This is the distinguished name
+of the "dhcpHost" that an address is reserved for.  This may not be the
+same as the "dhcpAssignedToClient" attribute if the address is being
+reassigned but the current lease has not yet expired.  Syntax: DN Flags:
+SINGLE-VALUE
+
+Name: dhcpAssignedToClient Description: This is the distinguished name
+of a "dhcpHost" that an address is currently assigned to.  This
+attribute is only present in the class when the address is leased.
+Syntax: DN Flags: SINGLE-VALUE
+
+Name: dhcpRelayAgentInfo Description: If the client request was received
+via a relay agent, this contains information about the relay agent that
+was available from the DHCP request.  This is a hex-encoded option
+value.  Syntax: OctetString Flags: SINGLE-VALUE
+
+Name: dhcpErrorLog Description: Generic error log attribute that allows
+logging error conditions within a dhcpService or a dhcpSubnet, like no IP 
+addresses available for lease. Syntax: IA5String 
+
+M. Meredith et al.        Expires December 2001                 [Page 8]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+6.2.  dhcpLeases Object Class
+
+This class represents an IP address.  It may or may not be leaseable,
+and the object may exist even though a lease is not currently active for
+the associated IP address.
+
+It is recommended that all Lease objects for a single DHCP Service be
+centrally located within a single container. This ensures that the lease
+objects and the corresponding logs do not have to be relocated, when
+address ranges allocated to individual DHCP subnets and/or pools change.
+
+The schema definitions below are for readability the LDIF layout for
+this schema will follow in section 8.
+
+Name: dhcpLeases Description: This is the object that holds state
+information about an IP address. The cn (which is the IP address), and
+the current address-state are mandatory attributes. If the address is
+assigned then, some of the optional attributes will have valid data.
+Must: cn, dhcpAddressState May: dhcpExpirationTime,
+dhcpStartTimeOfState, dhcpLastTransactionTime, dhcpBootpFlag,
+dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName,
+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient,
+dhcpRelayAgentInfo, dhcpHWAddress
+
+6.3 Audit Log Information
+
+A dhcpLog object is created whenever a lease is assigned or released.
+This object is intended to be created under the corresponding dhcpLeases
+container, or dhcpPool, dhcpSubnet, dhcpSharedNetwork or dhcpService
+containers.
+
+The log information under the dhcpLeases container would be for
+addresses matching that lease information. The log information in the
+other containers could be used for errors, i.e. when a pool or subnet is
+out our addresses or if a server is not able to assign any more
+addresses for a particular dhcpService.
+
+Name: dhcpLog Description: This is the object that holds past
+information about an IP address. The cn is the time/date stamp when the
+address was assigned or released, the address state at the time, if the
+address was assigned or released.  Must: cn May: dhcpAddressState,
+dhcpExpirationTime, dhcpStartTimeOfState, dhcpLastTransactionTime,
+dhcpBootpFlag, dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName,
+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient,
+dhcpRelayAgentInfo, dhcpHWAddress, dhcpErrorLog
+
+
+
+
+
+
+M. Meredith et al.        Expires December 2001                 [Page 9]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+7. Determining settings
+
+The dhcpStatements attribute is the key to DHC enhancements that may
+come along, and the different key words that a particular server
+implementation may use. This attribute can be used to hold conditional
+DHCP Statements and DHCP server parameters. Having a generic settings
+attribute that is just a string, allows this schema to be extensible and
+easy to configure.
+
+All of the attributes that end with DN are references to the class that
+precedes the DN e.g. the dhcpPrimaryDN and dhcpSecondaryDN attributes
+hold the Distinguished Names of the dhcpServer objects that are
+associated with the dhcpService object.
+
+8. LDIF format for attributes and classes.
+
+# Attributes
+
+( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC
+'The DN of the dhcpServer which is the primary server for the
+configuration.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'The DN of
+dhcpServer(s) which provide backup service for the configuration.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Flexible
+storage for specific data depending on what object this exists in. Like
+conditional statements, server parameters, etc. This allows the standard
+to evolve without needing to adjust the schema.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.26 )
+
+( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The starting &
+ending IP Addresses in the range (inclusive), separated by a hyphen; if
+the range only contains one address, then just the address can be
+specified with no hyphen.  Each range is defined as a separate value.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'This attribute
+contains the permit lists associated with a pool. Each permit list is
+defined as a separate value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The subnet mask
+length for the subnet.  The mask can be easily computed from this
+length.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encoded option
+values to be sent to clients.  Each value represents a single option and
+contains (OptionTag, Length, OptionValue) encoded in the format used by
+DHCP.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+M. Meredith et al.        Expires December 2001                [Page 10]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Encoded text
+string or list of bytes expressed in hexadecimal, separated by colons.
+Clients match subclasses based on matching the class data with the
+results of match or spawn with statements in the class name
+declarations.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The
+distinguished name(s) of the dhcpOption objects containing the
+configuration options provided by the server.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the distinguished
+name(s) of the dhcpHost objects.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The distinguished
+name(s) of pools.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The
+distinguished name(s)   of the groups.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The
+distinguished name(s) of the subnets.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The
+distinguished name of a client address.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
+
+( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The
+distinguished name(s) client addresses.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'The
+distinguished name(s) of a class(es) in a subclass.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The
+distinguished name(s) of subclass(es).' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DESC 'The
+distinguished name(s) of sharedNetworks.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'The DN of
+dhcpService object(s)which contain the configuration information. Each
+dhcpServer object has this attribute identifying the DHCP
+
+
+
+M. Meredith et al.        Expires December 2001                [Page 11]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+configuration(s) that the server is associated with.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version
+attribute of this object.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
+VALUE )
+
+( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DESC
+'Description of the DHCP Server implementation e.g. DHCP Server's
+vendor.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores
+information about the current binding-status of an address.  For dynamic
+addresses managed by DHCP, the values should be restricted to the
+following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET",
+"ABANDONED", "BACKUP".  For other addresses, it SHOULD be one of the
+following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP
+that is reserved for a specific client), "RESERVED-ACTIVE" (same as
+reserved, but address is currently in use), "ASSIGNED" (assigned
+manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DESC 'This is
+the time the current lease for an address expires.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' DESC 'This is
+the time of the last state change for a leased address.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime' DESC 'This
+is the last time a valid DHCP packet was received from the client.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'This indicates
+whether the address was assigned via BOOTP.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'This is the
+name of the domain sent to the client by the server.  It is essentially
+the same as the value for DHCP option 15 sent to the client, and
+represents only the domain - not the full FQDN.  To obtain the full FQDN
+assigned to the client you must prepend the "dhcpAssignedHostName" to
+this value with a ".".' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
+VALUE )
+
+( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'This indicates
+the status of updating DNS resource records on behalf of the client by
+
+
+
+M. Meredith et al.        Expires December 2001                [Page 12]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+the DHCP server for this address.  The value is a 16-bit bitmask.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This
+is the hostname that was requested by the client.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' DESC 'This is
+the actual hostname that was assigned to a client. It may not be the
+name that was requested by the client.  The fully qualified domain name
+can be determined by appending the value of "dhcpDomainName" (with a dot
+separator) to this name.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
+VALUE )
+
+( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The
+distinguished name of a "dhcpClient" that an address is reserved for.
+This may not be the same as the "dhcpAssignedToClient" attribute if the
+address is being reassigned but the current lease has not yet expired.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' DESC 'This is
+the distinguished name of a "dhcpClient" that an address is currently
+assigned to.  This attribute is only present in the class when the
+address is leased.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DESC 'If the
+client request was received via a relay agent, this contains information
+about the relay agent that was available from the DHCP request.  This is
+a hex-encoded option value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'The clients
+hardware address that requested this IP address.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignment' DESC
+'HashBucketAssignment bit map for the DHCP Server, as defined in DHC
+Load Balancing Algorithm [RFC 3074].' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParameter' DESC
+'Delay in seconds corresponding to Delayed Service Parameter
+configuration, as defined in  DHC Load Balancing Algorithm [RFC 3074]. '
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC
+'Maximum Client Lead Time configuration in seconds, as defined in DHCP
+Failover Protocol [FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+
+
+
+M. Meredith et al.        Expires December 2001                [Page 13]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointState' DESC
+'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol
+[FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC
+Generic error log attribute that allows logging error conditions within a 
+dhcpService or a dhcpSubnet, like no IP addresses available for lease. 
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+#Classes
+
+( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC ' Service object
+that represents the actual DHCP Service configuration. This is a
+container object.' SUP top MUST (cn $ dhcpPrimaryDN) MAY
+(dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $
+dhcpHostDN $  dhcpClassesDN $ dhcpOptionsDN $ dhcpStatements ) )
+
+( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DESC 'This stores
+configuration information for a shared network.' SUP top MUST  cn MAY
+(dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) X-
+NDS_CONTAINMENT ('dhcpService' ) )
+
+( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'This class defines
+a subnet. This is a container object.' SUP top MUST ( cn $ dhcpNetMask )
+MAY (dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $
+dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
+('dhcpService' 'dhcpSharedNetwork') )
+
+( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This stores
+configuration information about a pool.' SUP top MUST ( cn $ dhcpRange )
+MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
+dhcpStatements) X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
+
+( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Group object that
+lists host DNs and parameters. This is a container object.' SUP top MUST
+cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONTAINMENT
+('dhcpSubnet' 'dhcpService' ) )
+
+( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This represents
+information about a particular client' SUP top MUST cn MAY  (dhcpLeaseDN
+$ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
+('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+
+( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Represents
+information about a collection of related clients.' SUP top MUST cn MAY
+(dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
+('dhcpService' 'dhcpSubnet' ) )
+
+( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'Represents
+information about a collection of related classes.' SUP top MUST cn MAY
+(dhcpClassData $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
+
+
+
+M. Meredith et al.        Expires December 2001                [Page 14]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+'dhcpClass' )
+
+( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Represents
+information about a collection of options defined.' SUP top MUST cn MAY
+( dhcpOption ) X-NDS_CONTAINMENT  ('dhcpService' 'dhcpSharedNetwork'
+'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' )
+
+( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'This class
+represents an IP Address, which may or may not have been leased.' SUP
+top MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $
+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $
+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $
+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $
+dhcpRelayAgentInfo $ dhcpHWAddress ) X-NDS_CONTAINMENT ( 'dhcpService'
+'dhcpSubnet' 'dhcpPool') )
+
+( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This is the object
+that holds past information about the IP address. The cn is the
+time/date stamp when the address was assigned or released, the address
+state at the time, if the address was assigned or released.' SUP top
+MUST ( cn ) MAY ( dhcpAddressState $ dhcpExpirationTime $
+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $
+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $
+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $
+dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) X-NDS_CONTAINMENT 
+('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
+
+( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'DHCP Server
+Object' SUP top MUST (cn, dhcpServiceDN) MAY (dhcpVersion $
+dhcpImplementation $ dhcpHashBucketAssignment $
+dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $
+dhcpFailOverEndpointState $ dhcpStatements) X-NDS_CONTAINMENT ('O' 'OU' 
+'dc') )
+
+9. Security Considerations
+
+Since the DHCP Configuration information is stored in a directory, the
+security of the information is limited to the security offered by the
+directory including the security of the objects within that directory.
+
+10.  Intellectual Property Rights Notices
+
+The IETF takes no position regarding the validity or scope of any
+intellectual property or other rights that might be claimed to pertain
+to the implementation or use of the technology described in this
+document or the extent to which any license under such rights might or
+might not be available; neither does it represent that it has made any
+effort to identify any such rights.  Information on the IETF's
+procedures with respect to rights in standards-track and standards-
+
+
+
+M. Meredith et al.        Expires December 2001                [Page 15]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+related documentation can be found in BCP-11.  Copies of claims of
+rights made available for publication and any assurances of licenses to
+be made available, or the result of an attempt made to obtain a general
+license or permission for the use of such proprietary rights by
+implementors or users of this specification can be obtained from the
+IETF Secretariat.
+
+The IETF invites any interested party to bring to its attention any
+copyrights, patents or patent applications, or other proprietary rights
+which may cover technology that may be required to practice this
+standard.  Please address the information to the IETF Executive
+Director.
+
+11.  Full Copyright Statement
+
+Copyright (C) The Internet Society (2001).  All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it or
+assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are included
+on all such copies and derivative works.  However, this document itself
+may not be modified in any way, such as by removing the copyright notice
+or references to the Internet Society or other Internet organizations,
+except as needed for the purpose of developing Internet standards in
+which case the procedures for copyrights defined in the Internet
+Standards process must be followed, or as required to translate it into
+languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an "AS
+IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
+FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
+INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
+FITNESS FOR A PARTICULAR PURPOSE.
+
+12. References
+
+[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
+March 1997.
+
+[RFC2132] Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor
+Extensions", RFC 2132, March 1997.
+
+
+
+
+M. Meredith et al.        Expires December 2001                [Page 16]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+[MSDHCP]  Gu, Y., Vyaghrapuri, R., "An LDAP Schema for Dynamic Host
+Configuration Protocol Service", Internet Draft <draft-gu-dhcp-ldap-
+schema-00.txt>, August 1998.
+
+[NOVDHCP] Miller, T., Patel, A., Rao, P., "Lightweight Directory Access
+Protocol (v3): Schema for Dynamic Host Configuration Protocol (DHCP)",
+Internet Draft <draft-miller-dhcp-ldap-schema-00.txt>, June 1998.
+
+[FAILOVR] Droms, R., Rabil, G., Dooley, M., Kapur, A., Gonczi, S., Volz,
+B., "DHCP Failover Protocol", Internet Draft <draft-ietf-dhc-
+failover-08.txt>, July 2000.
+
+[RFC 3074] Volz B., Gonczi S., Lemon T., Stevens R., "DHC Load Balancing
+Algorithm", February 2001
+
+[AGENT]   Patrick, M., "DHCP Relay Agent Information Option", Internet
+Draft <draft-ietf-dhc-agent-options-09.txt>, March 2000.
+
+[DHCPOPT] Carney, M., "New Option Review Guidelines and Additional
+Option Namespace", Internet Draft <draft-ietf-dhc-
+option_review_and_namespace-01.txt>, October 1999.
+
+[POLICY]  Strassner, J., Elleson, E., Moore, B., "Policy Framework LDAP
+Core Schema", Internet Draft <draft-ietf-policy-core-schema-06.txt>,
+November 1999.
+
+[RFC2251] Wahl, M., Howes, T., Kille, S., "Lightweight Directory Access
+Protocol (v3)", RFC 2251, December 1997.
+
+[RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., "Lightweight
+Directory Access Protocol (v3) Attribute Syntax Definitions", RFC 2252,
+December 1997.
+
+[RFC2255] Howes, T., Smith, M., "The LDAP URL Format", RFC 2255,
+December 1997.
+
+[RFC951]  Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC 951,
+September 1985.
+
+[RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement
+Levels", RFC 2119, March 1997.
+
+13. Acknowledgments
+
+This work is partially based on a previous draft draft-ietf-dhc-
+schema-02.doc.
+
+
+
+
+
+M. Meredith et al.        Expires December 2001                [Page 17]
+
+
+
+
+
+INTERNET-DRAFT            LDAP Schema for DHCP              16 June 2001
+
+
+14. Author's Addresses
+
+Comments regarding this draft may be sent to the authors at the
+following address:
+
+Mark Meredith
+Mark Hinckley
+Novell Inc.
+1800 S. Novell Place
+Provo, Utah 84606
+
+Vijay K. Nanjundaswamy
+Novell Software Development (I) Ltd
+49/1 & 49/3, Garvebhavi Palya,
+7th Mile, Hosur Road
+Bangalore 560068
+
+email: mark_meredith@novell.com
+email: knvijay@novell.com
+email: mhinckley@novell.com
+
+This Internet Draft expires December 16, 2001.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+M. Meredith et al.        Expires December 2001                [Page 18]
+
+
+
+
diff -Naur dhcp-3.0.1rc14/includes/dhcpd.h dhcp-3.0.1rc14-ldap/includes/dhcpd.h
--- dhcp-3.0.1rc14/includes/dhcpd.h	2004-06-10 13:59:29.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/includes/dhcpd.h	2004-06-22 15:18:20.000000000 -0400
@@ -79,6 +79,11 @@
 #include <isc-dhcp/result.h>
 #include <omapip/omapip_p.h>
 
+#if defined(LDAP_CONFIGURATION)
+# include <ldap.h>
+# include <sys/utsname.h> /* for uname() */
+#endif
+
 #if !defined (OPTION_HASH_SIZE)
 # define OPTION_HASH_SIZE 17
 # define OPTION_HASH_PTWO 32	/* Next power of two above option hash. */
@@ -139,6 +144,8 @@
 	char *inbuf;
 	unsigned bufix, buflen;
 	unsigned bufsiz;
+
+	char (*read_function) (struct parse *);
 };
 
 /* Variable-length array of data. */
@@ -241,6 +248,26 @@
 	u_int8_t hbuf [17];
 };
 
+#if defined(LDAP_CONFIGURATION)
+# define LDAP_BUFFER_SIZE		8192
+# define LDAP_METHOD_STATIC		0
+# define LDAP_METHOD_DYNAMIC		1
+
+/* This is a tree of the current configuration we are building from LDAP */
+
+struct ldap_config_stack {
+	LDAPMessage * res; 	/* Pointer returned from ldap_search */
+	LDAPMessage * ldent; 	/* Current item in LDAP that we're processing 
+				   in res */
+	int close_brace;	/* Put a closing } after we're through with
+				   this item */
+	int processed; 		/* We set this flag if this base item has been
+				   processed. After this base item is processed,
+				   we can start processing the children */
+	struct ldap_config_stack *next;
+};
+#endif
+
 typedef enum {
 	server_startup = 0,
 	server_running = 1,
@@ -417,6 +444,16 @@
 # define DEFAULT_PING_TIMEOUT 1
 #endif
 
+#if defined(LDAP_CONFIGURATION)
+# define SV_LDAP_SERVER  		47
+# define SV_LDAP_PORT  			48
+# define SV_LDAP_USERNAME  		49
+# define SV_LDAP_PASSWORD  		50
+# define SV_LDAP_BASE_DN 		51
+# define SV_LDAP_METHOD			52
+# define SV_LDAP_DEBUG_FILE		53
+#endif
+
 #if !defined (DEFAULT_DEFAULT_LEASE_TIME)
 # define DEFAULT_DEFAULT_LEASE_TIME 43200
 #endif
@@ -1520,7 +1557,7 @@
 char *quotify_string (const char *, const char *, int);
 char *quotify_buf (const unsigned char *, unsigned, const char *, int);
 char *print_base64 (const unsigned char *, unsigned, const char *, int);
-char *print_hw_addr PROTO ((int, int, unsigned char *));
+char *print_hw_addr PROTO ((const int, const int, const unsigned char *));
 void print_lease PROTO ((struct lease *));
 void dump_raw PROTO ((const unsigned char *, unsigned));
 void dump_packet_option (struct option_cache *, struct packet *,
@@ -2622,3 +2659,14 @@
 #endif /* FAILOVER_PROTOCOL */
 
 const char *binding_state_print (enum failover_state);
+
+/* ldap.c */
+#if defined(LDAP_CONFIGURATION)
+extern struct enumeration ldap_methods;
+isc_result_t ldap_read_config (void);
+int find_haddr_in_ldap (struct host_decl **, int, unsigned,
+                        const unsigned char *, const char *, int);
+int find_subclass_in_ldap (struct class *, struct class **, 
+			   struct data_string *);
+#endif
+
diff -Naur dhcp-3.0.1rc14/includes/site.h dhcp-3.0.1rc14-ldap/includes/site.h
--- dhcp-3.0.1rc14/includes/site.h	2002-03-12 13:33:39.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/includes/site.h	2004-06-22 15:18:20.000000000 -0400
@@ -177,3 +177,13 @@
    traces. */
 
 #define TRACING
+
+/* Define this if you want to read your config from LDAP. Read README.ldap
+   about how to set this up */
+
+#define LDAP_CONFIGURATION
+
+/* Define this if you want to enable LDAP over a SSL connection. You will need
+   to add -lcrypto -lssl to the LIBS= line of server/Makefile */
+
+/* #define USE_SSL */
diff -Naur dhcp-3.0.1rc14/server/Makefile.dist dhcp-3.0.1rc14-ldap/server/Makefile.dist
--- dhcp-3.0.1rc14/server/Makefile.dist	2004-06-10 13:59:50.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/server/Makefile.dist	2004-06-22 15:18:20.000000000 -0400
@@ -25,9 +25,9 @@
 CATMANPAGES = dhcpd.cat8 dhcpd.conf.cat5 dhcpd.leases.cat5
 SEDMANPAGES = dhcpd.man8 dhcpd.conf.man5 dhcpd.leases.man5
 SRCS   = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
-	 omapi.c mdb.c stables.c salloc.c ddns.c
+	 ldap.c omapi.c mdb.c stables.c salloc.c ddns.c
 OBJS   = dhcpd.o dhcp.o bootp.o confpars.o db.o class.o failover.o \
-	 omapi.o mdb.o stables.o salloc.o ddns.o
+	 ldap.o omapi.o mdb.o stables.o salloc.o ddns.o
 PROG   = dhcpd
 MAN    = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
 
diff -Naur dhcp-3.0.1rc14/server/class.c dhcp-3.0.1rc14-ldap/server/class.c
--- dhcp-3.0.1rc14/server/class.c	2004-06-10 13:59:51.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/server/class.c	2004-06-22 15:18:20.000000000 -0400
@@ -90,6 +90,7 @@
 	int matched = 0;
 	int status;
 	int ignorep;
+	int classfound;
 
 	for (class = collection -> classes; class; class = class -> nic) {
 #if defined (DEBUG_CLASS_MATCHING)
@@ -135,9 +136,19 @@
 				   class -> submatch, MDL));
 			if (status && data.len) {
 				nc = (struct class *)0;
-				if (class_hash_lookup (&nc, class -> hash,
-						       (const char *)data.data,
-						       data.len, MDL)) {
+                                classfound = class_hash_lookup (&nc, 
+						class -> hash, 
+						(const char *)data.data,
+						data.len, MDL);
+
+#ifdef LDAP_CONFIGURATION
+                                if (!classfound && 
+						find_subclass_in_ldap (class, 
+								&nc, &data)) 
+					classfound = 1;
+#endif
+
+				if (classfound) {
 #if defined (DEBUG_CLASS_MATCHING)
 					log_info ("matches subclass %s.",
 					      print_hex_1 (data.len,
diff -Naur dhcp-3.0.1rc14/server/confpars.c dhcp-3.0.1rc14-ldap/server/confpars.c
--- dhcp-3.0.1rc14/server/confpars.c	2004-06-10 13:59:51.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/server/confpars.c	2004-06-22 15:18:20.000000000 -0400
@@ -62,7 +62,17 @@
 
 isc_result_t readconf ()
 {
-	return read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
+	isc_result_t res;
+
+	res = read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
+#if defined(LDAP_CONFIGURATION)
+	if (res != ISC_R_SUCCESS)
+		return (res);
+
+	return ldap_read_config ();
+#else
+	return (res);
+#endif
 }
 
 isc_result_t read_conf_file (const char *filename, struct group *group,
diff -Naur dhcp-3.0.1rc14/server/dhcpd.c dhcp-3.0.1rc14-ldap/server/dhcpd.c
--- dhcp-3.0.1rc14/server/dhcpd.c	2004-06-10 13:59:52.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/server/dhcpd.c	2004-06-22 15:18:20.000000000 -0400
@@ -434,6 +434,9 @@
 	/* Add the ddns update style enumeration prior to parsing. */
 	add_enumeration (&ddns_styles);
 	add_enumeration (&syslog_enum);
+#if defined (LDAP_CONFIGURATION)
+	add_enumeration (&ldap_methods);
+#endif
 
 	if (!group_allocate (&root_group, MDL))
 		log_fatal ("Can't allocate root group!");
diff -Naur dhcp-3.0.1rc14/server/ldap.c dhcp-3.0.1rc14-ldap/server/ldap.c
--- dhcp-3.0.1rc14/server/ldap.c	1969-12-31 19:00:00.000000000 -0500
+++ dhcp-3.0.1rc14-ldap/server/ldap.c	2004-06-22 15:18:20.000000000 -0400
@@ -0,0 +1,1479 @@
+/* ldap.c
+
+   Routines for reading the configuration from LDAP */
+
+/*
+ * Copyright (c) 2003-2004 Ntelos, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of The Internet Software Consortium nor the names
+ *    of its contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
+ * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This LDAP module was written by Brian Masney <masneyb@ntelos.net>. It's
+ * development was sponsored by Ntelos, Inc. (www.ntelos.com).
+ */
+
+#include "dhcpd.h"
+
+#if defined(LDAP_CONFIGURATION)
+
+static LDAP * ld = NULL;
+static char *ldap_server = NULL, 
+            *ldap_username = NULL, 
+            *ldap_password = NULL,
+            *ldap_base_dn = NULL,
+            *ldap_debug_file = NULL;
+static int ldap_port = LDAP_PORT,
+           ldap_method = LDAP_METHOD_DYNAMIC,
+           ldap_debug_fd = -1;
+static struct ldap_config_stack *ldap_stack = NULL;
+
+typedef struct ldap_dn_node {
+    struct ldap_dn_node *next;
+    size_t refs;
+    char *dn;
+} ldap_dn_node;
+
+static ldap_dn_node *ldap_service_dn_head = NULL;
+static ldap_dn_node *ldap_service_dn_tail = NULL;
+
+
+static void
+ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile)
+{
+  char **tempstr;
+
+  if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
+      tempstr[0] == NULL)
+    {
+      if (tempstr != NULL)
+        ldap_value_free (tempstr);
+
+      return;
+    }
+
+  strncat (cfile->inbuf, "class \"", LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
+
+  item->close_brace = 1;
+  ldap_value_free (tempstr);
+}
+
+
+static void
+ldap_parse_subclass (struct ldap_config_stack *item, struct parse *cfile)
+{
+  char **tempstr, **classdata;
+
+  if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
+      tempstr[0] == NULL)
+    {
+      if (tempstr != NULL)
+        ldap_value_free (tempstr);
+
+      return;
+    }
+
+  if ((classdata = ldap_get_values (ld, item->ldent, 
+                                  "dhcpClassData")) == NULL || 
+      classdata[0] == NULL)
+    {
+      if (classdata != NULL)
+        ldap_value_free (classdata);
+      ldap_value_free (tempstr);
+
+      return;
+    }
+
+  strncat (cfile->inbuf, "subclass ", LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, classdata[0], LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+
+  item->close_brace = 1;
+  ldap_value_free (tempstr);
+  ldap_value_free (classdata);
+}
+
+
+static void
+ldap_parse_host (struct ldap_config_stack *item, struct parse *cfile)
+{
+  char **tempstr, **hwaddr;
+
+  if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
+      tempstr[0] == NULL)
+    {
+      if (tempstr != NULL)
+        ldap_value_free (tempstr);
+
+      return;
+    }
+
+  if ((hwaddr = ldap_get_values (ld, item->ldent, 
+                                 "dhcpHWAddress")) == NULL || 
+      hwaddr[0] == NULL)
+    {
+      if (hwaddr != NULL)
+        ldap_value_free (hwaddr);
+
+      ldap_value_free (tempstr);
+      return;
+    }
+
+  strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, hwaddr[0], LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+
+  item->close_brace = 1;
+  ldap_value_free (tempstr);
+  ldap_value_free (hwaddr);
+}
+
+
+static void
+ldap_parse_shared_network (struct ldap_config_stack *item, struct parse *cfile)
+{
+  char **tempstr;
+
+
+  if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
+      tempstr[0] == NULL)
+    {
+      if (tempstr != NULL)
+        ldap_value_free (tempstr);
+
+      return;
+    }
+
+  strncat (cfile->inbuf, "shared-network \"", LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
+
+  item->close_brace = 1;
+  ldap_value_free (tempstr);
+}
+
+
+static void
+parse_netmask (int netmask, char *netmaskbuf)
+{
+  unsigned long nm;
+  int i;
+
+  nm = 0;
+  for (i=1; i <= netmask; i++)
+    {
+      nm |= 1 << (32 - i);
+    }
+
+  sprintf (netmaskbuf, "%d.%d.%d.%d", (int) (nm >> 24) & 0xff, 
+                                      (int) (nm >> 16) & 0xff, 
+                                      (int) (nm >> 8) & 0xff, 
+                                      (int) nm & 0xff);
+}
+
+static void
+ldap_parse_subnet (struct ldap_config_stack *item, struct parse *cfile)
+{
+  char **tempstr, **netmaskstr, netmaskbuf[16];
+  int i;
+
+  if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL ||
+      tempstr[0] == NULL)
+    {
+      if (tempstr != NULL)
+        ldap_value_free (tempstr);
+
+      return;
+    }
+
+  if ((netmaskstr = ldap_get_values (ld, item->ldent, 
+                                     "dhcpNetmask")) == NULL || 
+      netmaskstr[0] == NULL)
+    {
+      if (netmaskstr != NULL)
+        ldap_value_free (netmaskstr);
+      ldap_value_free (tempstr);
+
+      return;
+    }
+
+  strncat (cfile->inbuf, "subnet ", LDAP_BUFFER_SIZE);
+  strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+
+  strncat (cfile->inbuf, " netmask ", LDAP_BUFFER_SIZE);
+  parse_netmask (strtol (netmaskstr[0], NULL, 10), netmaskbuf);
+  strncat (cfile->inbuf, netmaskbuf, LDAP_BUFFER_SIZE);
+
+  strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+
+  ldap_value_free (tempstr);
+  ldap_value_free (netmaskstr);
+
+  if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpRange")) != NULL)
+    {
+      for (i=0; tempstr[i] != NULL; i++)
+        {
+          strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
+          strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
+          strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
+          strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+        }
+      ldap_value_free (tempstr);
+    }
+
+  item->close_brace = 1;
+}
+
+
+static void
+ldap_parse_pool (struct ldap_config_stack *item, struct parse *cfile)
+{
+  char **tempstr;
+  int i;
+
+  strncat (cfile->inbuf, "pool {\n", LDAP_BUFFER_SIZE);
+
+  if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpRange")) != NULL)
+    {
+      strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
+      for (i=0; tempstr[i] != NULL; i++)
+        {
+          strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
+          strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
+        }
+      strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+      ldap_value_free (tempstr);
+    }
+
+  if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpPermitList")) != NULL)
+    {
+      for (i=0; tempstr[i] != NULL; i++)
+        {
+          strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
+          strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+        }
+      ldap_value_free (tempstr);
+    }
+
+  item->close_brace = 1;
+}
+
+
+static void
+ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile)
+{
+  strncat (cfile->inbuf, "group {\n", LDAP_BUFFER_SIZE);
+  item->close_brace = 1;
+}
+
+
+static void
+add_to_config_stack (LDAPMessage * res, LDAPMessage * ent)
+{
+  struct ldap_config_stack *ns;
+
+  ns = dmalloc (sizeof (*ns), MDL);
+  ns->res = res;
+  ns->ldent = ent;
+  ns->close_brace = 0;
+  ns->processed = 0;
+  ns->next = ldap_stack;
+  ldap_stack = ns;
+}
+
+
+static void
+ldap_start (void)
+{
+  struct option_state *options;
+  struct option_cache *oc;
+  struct data_string db;
+  int ret, version;
+
+  if (ld != NULL)
+    return;
+
+  if (ldap_server == NULL)
+    {
+      options = NULL;
+      option_state_allocate (&options, MDL);
+
+      execute_statements_in_scope ((struct binding_value **) NULL,
+                 (struct packet *) NULL, (struct lease *) NULL,
+                 (struct client_state *) NULL, (struct option_state *) NULL,
+                 options, &global_scope, root_group, (struct group *) NULL);
+
+      memset (&db, 0, sizeof (db));
+      oc = lookup_option (&server_universe, options, SV_LDAP_SERVER);
+      if (oc &&
+          evaluate_option_cache (&db,  (struct packet*) NULL,
+                (struct lease *) NULL, (struct client_state *) NULL,
+                options, (struct option_state *) NULL, &global_scope, oc, MDL))
+        {
+          ldap_server = dmalloc (db.len + 1, MDL);
+          if (!ldap_server)
+            log_fatal ("no memory for ldap server");
+          memcpy (ldap_server, db.data, db.len);
+          ldap_server[db.len] = 0;
+          data_string_forget (&db, MDL);
+        }
+
+      oc = lookup_option (&server_universe, options, SV_LDAP_USERNAME);
+      if (oc &&
+          evaluate_option_cache (&db,  (struct packet*) NULL,
+                (struct lease *) NULL, (struct client_state *) NULL,
+                options, (struct option_state *) NULL, &global_scope, oc, MDL))
+        {
+          ldap_username = dmalloc (db.len + 1, MDL);
+          if (!ldap_username)
+            log_fatal ("no memory for ldap username");
+          memcpy (ldap_username, db.data, db.len);
+          ldap_username[db.len] = 0;
+          data_string_forget (&db, MDL);
+        }
+
+      oc = lookup_option (&server_universe, options, SV_LDAP_PASSWORD);
+      if (oc &&
+          evaluate_option_cache (&db,  (struct packet*) NULL,
+                (struct lease *) NULL, (struct client_state *) NULL,
+                options, (struct option_state *) NULL, &global_scope, oc, MDL))
+        {
+          ldap_password = dmalloc (db.len + 1, MDL);
+          if (!ldap_password)
+            log_fatal ("no memory for ldap password");
+          memcpy (ldap_password, db.data, db.len);
+          ldap_password[db.len] = 0;
+          data_string_forget (&db, MDL);
+        }
+
+      oc = lookup_option (&server_universe, options, SV_LDAP_BASE_DN);
+      if (oc &&
+          evaluate_option_cache (&db,  (struct packet*) NULL,
+                (struct lease *) NULL, (struct client_state *) NULL,
+                options, (struct option_state *) NULL, &global_scope, oc, MDL))
+        {
+          ldap_base_dn = dmalloc (db.len + 1, MDL);
+          if (!ldap_base_dn)
+            log_fatal ("no memory for ldap base dn");
+          memcpy (ldap_base_dn, db.data, db.len);
+          ldap_base_dn[db.len] = 0;
+          data_string_forget (&db, MDL);
+        }
+
+      oc = lookup_option (&server_universe, options, SV_LDAP_METHOD);
+      if (oc &&
+          evaluate_option_cache (&db,  (struct packet*) NULL,
+                (struct lease *) NULL, (struct client_state *) NULL,
+                options, (struct option_state *) NULL, &global_scope, oc, MDL))
+        {
+
+          if (db.len == 1) 
+            ldap_method = db.data [0];
+          else
+            log_fatal ("invalid ldap method type");
+          data_string_forget (&db, MDL);
+        }
+
+      oc = lookup_option (&server_universe, options, SV_LDAP_DEBUG_FILE);
+      if (oc &&
+          evaluate_option_cache (&db,  (struct packet*) NULL,
+                (struct lease *) NULL, (struct client_state *) NULL,
+                options, (struct option_state *) NULL, &global_scope, oc, MDL))
+        {
+          ldap_debug_file = dmalloc (db.len + 1, MDL);
+          if (!ldap_debug_file)
+            log_fatal ("no memory for ldap debug file");
+          memcpy (ldap_debug_file, db.data, db.len);
+          ldap_debug_file[db.len] = 0;
+          data_string_forget (&db, MDL);
+        }
+
+      option_state_dereference (&options, MDL);
+    }
+
+  if (ldap_server == NULL || ldap_base_dn == NULL)
+    {
+      log_info ("Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file");
+      ldap_method = LDAP_METHOD_STATIC;
+      return;
+    }
+
+  if (ldap_debug_file != NULL && ldap_debug_fd == -1)
+    {
+      if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
+                                 S_IRUSR | S_IWUSR)) < 0)
+        log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
+                   strerror (errno));
+    }
+
+#if defined (DEBUG_LDAP)
+  log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port);
+#endif
+
+  if ((ld = ldap_init (ldap_server, ldap_port)) == NULL)
+    {
+      log_error ("Cannot init ldap session to %s", ldap_server);
+      return;
+    }
+
+  version = LDAP_VERSION3;
+  if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS)
+    {
+      log_error ("Cannot set LDAP version to %d: %s", version,
+                 ldap_err2string (ret));
+    }
+
+#if defined (USE_SSL)
+  if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
+    log_error ("Warning: Cannot start TLS session to %s: %s",
+               ldap_server, ldap_err2string (ret));
+  else
+    log_info ("TLS session successfully started to %s", ldap_server);
+#endif
+
+  if ((ret = ldap_simple_bind_s (ld, ldap_username, ldap_password)) != LDAP_SUCCESS)
+    {
+      log_error ("Error: Cannot login into ldap server %s: %s", ldap_server,
+                 ldap_err2string (ret));
+      ldap_unbind (ld);
+      ld = NULL;
+      return;
+    }
+
+#if defined (DEBUG_LDAP)
+  log_info ("Successfully logged into LDAP server %s", ldap_server);
+#endif
+}
+
+
+static void
+parse_external_dns (LDAPMessage * ent)
+{
+  char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN",
+                    "dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN", 
+                    "dhcpPoolDN", NULL};
+  LDAPMessage * newres, * newent;
+  struct ldap_config_stack *ns;
+  char **tempstr;
+  int i, j, ret;
+#if defined (DEBUG_LDAP)
+  char *dn;
+#endif
+
+  if (ld == NULL)
+    ldap_start ();
+  if (ld == NULL)
+    return;
+
+  for (i=0; search[i] != NULL; i++)
+    {
+      if ((tempstr = ldap_get_values (ld, ent, search[i])) == NULL)
+        continue;
+
+      for (j=0; tempstr[j] != NULL; j++)
+        {
+          if (*tempstr[j] == '\0')
+            continue;
+
+          if ((ret = ldap_search_s (ld, tempstr[j], LDAP_SCOPE_BASE, 
+                                    "objectClass=*", NULL, 0, 
+                                    &newres)) != LDAP_SUCCESS)
+            {
+              ldap_value_free (tempstr);
+              ldap_unbind (ld);
+              ld = NULL;
+              return;
+            }
+    
+#if defined (DEBUG_LDAP)
+          log_info ("Adding contents of subtree '%s' to config stack from '%s' reference", tempstr[j], search[i]);
+#endif
+          for (newent = ldap_first_entry (ld, newres);
+               newent != NULL;
+               newent = ldap_next_entry (ld, ent))
+            {
+#if defined (DEBUG_LDAP)
+              dn = ldap_get_dn (ld, newent);
+              if (dn != NULL)
+                {
+                  log_info ("Adding LDAP entry '%s' to config stack", dn);
+                  ldap_memfree (dn);
+                }
+#endif
+
+              add_to_config_stack (newres, newent);
+              /* don't free newres here */
+            }
+        }
+
+      ldap_value_free (tempstr);
+    }
+}
+
+
+static void
+free_stack_entry (struct ldap_config_stack *item)
+{
+  ldap_msgfree (item->res);
+  dfree (item, MDL);
+}
+
+
+static void
+next_ldap_entry (struct parse *cfile)
+{
+  struct ldap_config_stack *temp_stack;
+
+  if (ldap_stack != NULL && ldap_stack->close_brace)
+    {
+      strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+      ldap_stack->close_brace = 0;
+    }
+
+  while (ldap_stack != NULL && 
+         (ldap_stack->ldent == NULL ||
+          (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))
+    {
+      if (ldap_stack->close_brace)
+        {
+          strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+          ldap_stack->close_brace = 0;
+        }
+
+      temp_stack = ldap_stack;
+      ldap_stack = ldap_stack->next;
+      free_stack_entry (temp_stack);
+    }
+
+  if (ldap_stack != NULL && ldap_stack->close_brace)
+    {
+      strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+      ldap_stack->close_brace = 0;
+    }
+}
+
+
+static char
+check_statement_end (const char *statement)
+{
+  char *ptr;
+
+  if (statement == NULL || *statement == '\0')
+    return ('\0');
+
+  /*
+  ** check if it ends with "}", e.g.:
+  **   "zone my.domain. { ... }"
+  ** optionally followed by spaces
+  */
+  ptr = strrchr (statement, '}');
+  if (ptr != NULL)
+    {
+      /* skip following white-spaces */
+      for (++ptr; isspace ((int)*ptr); ptr++);
+
+      /* check if we reached the end */
+      if (*ptr == '\0')
+        return ('}'); /* yes, block end */
+      else
+        return (*ptr);
+    }
+
+  /*
+  ** this should not happen, but...
+  ** check if it ends with ";", e.g.:
+  **   "authoritative;"
+  ** optionally followed by spaces
+  */
+  ptr = strrchr (statement, ';');
+  if (ptr != NULL)
+    {
+      /* skip following white-spaces */
+      for (++ptr; isspace ((int)*ptr); ptr++);
+
+      /* check if we reached the end */
+      if (*ptr == '\0')
+        return (';'); /* ends with a ; */
+      else
+        return (*ptr);
+    }
+
+  return ('\0');
+}
+
+
+static isc_result_t
+ldap_parse_entry_options (LDAPMessage *ent, char *buffer, size_t size,
+                          int *lease_limit)
+{
+  char **tempstr;
+  int i;
+
+  if (ent == NULL || buffer == NULL || size == 0)
+    return (ISC_R_FAILURE);
+
+  if ((tempstr = ldap_get_values (ld, ent, "dhcpStatements")) != NULL)
+    {
+      for (i=0; tempstr[i] != NULL; i++)
+        {
+          if (lease_limit != NULL &&
+              strncasecmp ("lease limit ", tempstr[i], 12) == 0)
+            {
+              *lease_limit = (int) strtol ((tempstr[i]) + 12, NULL, 10);
+              continue;
+            }
+
+          strncat (buffer, tempstr[i], size);
+
+          switch((int) check_statement_end (tempstr[i]))
+            {
+              case '}':
+              case ';':
+                strncat (buffer, "\n", size);
+                break;
+              default:
+                strncat (buffer, ";\n", size);
+                break;
+            }
+        }
+      ldap_value_free (tempstr);
+    }
+
+  if ((tempstr = ldap_get_values (ld, ent, "dhcpOption")) != NULL)
+    {
+      for (i=0; tempstr[i] != NULL; i++)
+        {
+          strncat (buffer, "option ", size);
+          strncat (buffer, tempstr[i], size);
+          switch ((int) check_statement_end (tempstr[i]))
+            {
+              case ';':
+                strncat (buffer, "\n", size);
+                break;
+              default:
+                strncat (buffer, ";\n", size);
+                break;
+            }
+        }
+      ldap_value_free (tempstr);
+    }
+
+  return (ISC_R_SUCCESS);
+}
+
+
+static void
+ldap_generate_config_string (struct parse *cfile)
+{
+  char **objectClass, *dn;
+  struct ldap_config_stack *entry;
+  LDAPMessage * ent, * res;
+  int i, j, ignore, found;
+  int ret;
+
+  if (ld == NULL)
+    ldap_start ();
+  if (ld == NULL)
+    return;
+
+  entry = ldap_stack;
+  if ((objectClass = ldap_get_values (ld, entry->ldent, 
+                                      "objectClass")) == NULL)
+    return;
+    
+  ignore = 0;
+  found = 1;
+  for (i=0; objectClass[i] != NULL; i++)
+    {
+      if (strcmp (objectClass[i], "dhcpSharedNetwork") == 0)
+        ldap_parse_shared_network (entry, cfile);
+      else if (strcmp (objectClass[i], "dhcpClass") == 0)
+        ldap_parse_class (entry, cfile);
+      else if (strcmp (objectClass[i], "dhcpSubnet") == 0)
+        ldap_parse_subnet (entry, cfile);
+      else if (strcmp (objectClass[i], "dhcpPool") == 0)
+        ldap_parse_pool (entry, cfile);
+      else if (strcmp (objectClass[i], "dhcpGroup") == 0)
+        ldap_parse_group (entry, cfile);
+      else if (strcmp (objectClass[i], "dhcpHost") == 0)
+        {
+          if (ldap_method == LDAP_METHOD_STATIC)
+            ldap_parse_host (entry, cfile);
+          else
+            {
+              ignore = 1;
+              break;
+            }
+        }
+      else if (strcmp (objectClass[i], "dhcpSubClass") == 0)
+        {
+          if (ldap_method == LDAP_METHOD_STATIC)
+            ldap_parse_subclass (entry, cfile);
+          else
+            {
+              ignore = 1;
+              break;
+            }
+        }
+      else
+        found = 0;
+
+      if (found && cfile->inbuf[0] == '\0')
+        {
+          ignore = 1;
+          break;
+        }
+    }
+
+  ldap_value_free (objectClass);
+
+  if (ignore)
+    {
+      next_ldap_entry (cfile);
+      return;
+    }
+
+  ldap_parse_entry_options(entry->ldent, cfile->inbuf,
+                           LDAP_BUFFER_SIZE-1, NULL);
+
+  dn = ldap_get_dn (ld, entry->ldent);
+
+#if defined(DEBUG_LDAP)
+  if (dn != NULL)
+    log_info ("Found LDAP entry '%s'", dn);
+#endif
+
+  if (dn == NULL ||
+      (ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "objectClass=*", 
+                            NULL, 0, &res)) != LDAP_SUCCESS)
+    {
+      if (dn)
+        ldap_memfree (dn);
+
+      ldap_unbind (ld);
+      ld = NULL;
+      return;
+    }
+
+  ldap_memfree (dn);
+
+  if ((ent = ldap_first_entry (ld, res)) != NULL)
+    {
+      add_to_config_stack (res, ent);
+      parse_external_dns (entry->ldent);
+    }
+  else
+    {
+      ldap_msgfree (res);
+      parse_external_dns (entry->ldent);
+      next_ldap_entry (cfile);
+    }
+}
+
+
+static void
+ldap_close_debug_fd()
+{
+  if (ldap_debug_fd != -1)
+    {
+      close (ldap_debug_fd);
+      ldap_debug_fd = -1;
+    }
+}
+
+
+static void
+ldap_write_debug (const void *buff, size_t size)
+{
+  if (ldap_debug_fd != -1)
+    {
+      if (write (ldap_debug_fd, buff, size) < 0)
+        {
+          log_error ("Error writing to LDAP debug file %s: %s."
+                     " Disabling log file.", ldap_debug_file,
+                     strerror (errno));
+          ldap_close_debug_fd();
+        }
+    }
+}
+
+static char
+ldap_read_function (struct parse *cfile)
+{
+  char eofstring[2] = {EOF, '\0'};
+ 
+  cfile->inbuf[0] = '\0';
+  cfile->buflen = 0;
+
+  while (ldap_stack != NULL && *cfile->inbuf == '\0')
+    ldap_generate_config_string (cfile);
+
+  cfile->buflen = strlen (cfile->inbuf);
+  if (cfile->buflen > 0)
+    ldap_write_debug (cfile->inbuf, cfile->buflen);
+
+#if defined (DEBUG_LDAP)
+  log_info ("Sending config line '%s'", cfile->inbuf);
+#endif
+
+  if (ldap_stack == NULL)
+    strncat (cfile->inbuf, eofstring, LDAP_BUFFER_SIZE);
+
+  cfile->buflen = strlen (cfile->inbuf);
+  cfile->bufix = 1;
+
+  return (cfile->inbuf[0]);
+}
+
+
+static char *
+ldap_get_host_name (LDAPMessage * ent)
+{
+  char **name, *ret;
+
+  ret = NULL;
+  if ((name = ldap_get_values (ld, ent, "cn")) == NULL || name[0] == NULL)
+    {
+      if (name != NULL)
+        ldap_value_free (name);
+
+#if defined (DEBUG_LDAP)
+      ret = ldap_get_dn (ld, ent);
+      if (ret != NULL)
+        {
+          log_info ("Cannot get cn attribute for LDAP entry %s", ret);
+          ldap_memfree(ret);
+        }
+#endif
+      return (NULL);
+    }
+
+  ret = dmalloc (strlen (name[0]) + 1, MDL);
+  strcpy (ret, name[0]);
+  ldap_value_free (name);
+
+  return (ret);
+}
+
+
+static int
+getfqhostname(char *fqhost, size_t size)
+{
+#if defined(MAXHOSTNAMELEN)
+  char   hname[MAXHOSTNAMELEN];
+#else
+  char   hname[65];
+#endif
+  struct hostent *hp;
+
+  if(NULL == fqhost || 1 >= size)
+    return -1;
+
+  memset(hname, 0, sizeof(hname));
+  if( gethostname(hname, sizeof(hname)-1))
+    return -1;
+
+  if(NULL == (hp = gethostbyname(hname)))
+    return -1;
+
+  strncpy(fqhost, hp->h_name, size-1);
+  fqhost[size-1] = '\0';
+  return 0;
+}
+
+
+isc_result_t
+ldap_read_config (void)
+{
+  LDAPMessage * ldres, * hostres, * ent, * hostent;
+  char hfilter[1024], sfilter[1024], fqdn[257];
+  char *buffer, **tempstr = NULL, *hostdn;
+  ldap_dn_node *curr = NULL;
+  struct parse *cfile;
+  struct utsname unme;
+  isc_result_t res;
+  size_t length;
+  int ret, cnt;
+
+  if (ld == NULL)
+    ldap_start ();
+  if (ld == NULL)
+    return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE);
+ 
+  buffer = dmalloc (LDAP_BUFFER_SIZE+1, MDL);
+  if (buffer == NULL)
+    return (ISC_R_FAILURE);
+
+  cfile = (struct parse *) NULL;
+  res = new_parse (&cfile, -1, buffer, LDAP_BUFFER_SIZE, "LDAP", 0);
+  if (res != ISC_R_SUCCESS)
+    return (res);
+ 
+  uname (&unme);
+  if(0 == getfqhostname(fqdn, sizeof(fqdn)))
+    {
+      snprintf (hfilter, sizeof (hfilter),
+                "(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))", 
+                unme.nodename, fqdn);
+    }
+  else
+    {
+      snprintf (hfilter, sizeof (hfilter),
+                "(&(objectClass=dhcpServer)(cn=%s))", unme.nodename);
+    }
+
+  hostres = NULL;
+  if ((ret = ldap_search_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,
+                            hfilter, NULL, 0, &hostres)) != LDAP_SUCCESS)
+    {
+      log_error ("Cannot find host LDAP entry %s %s",
+                 unme.nodename, hfilter);
+      if(NULL != hostres)
+        ldap_msgfree (hostres);
+      ldap_unbind (ld);
+      ld = NULL;
+      return (ISC_R_FAILURE);
+    }
+
+  if ((hostent = ldap_first_entry (ld, hostres)) == NULL)
+    {
+      log_error ("Error: Cannot find LDAP entry matching %s", hfilter);
+      ldap_msgfree (hostres);
+      ldap_unbind (ld);
+      ld = NULL;
+      return (ISC_R_FAILURE);
+    }
+
+  hostdn = ldap_get_dn (ld, hostent);
+#if defined(DEBUG_LDAP)
+  if (hostdn != NULL)
+    log_info ("Found dhcpServer LDAP entry '%s'", hostdn);
+#endif
+
+  if (hostdn == NULL ||
+      (tempstr = ldap_get_values (ld, hostent, "dhcpServiceDN")) == NULL ||
+      tempstr[0] == NULL)
+    {
+      log_error ("Error: Cannot find LDAP entry matching %s", hfilter);
+
+      if (tempstr != NULL)
+        ldap_value_free (tempstr);
+
+      if (hostdn)
+        ldap_memfree (hostdn);
+      ldap_msgfree (hostres);
+      ldap_unbind (ld);
+      ld = NULL;
+      return (ISC_R_FAILURE);
+    }
+
+#if defined(DEBUG_LDAP)
+  log_info ("LDAP: Parsing dhcpServer options '%s' ...", hostdn);
+#endif
+
+  cfile->inbuf[0] = '\0';
+  ldap_parse_entry_options(hostent, cfile->inbuf, LDAP_BUFFER_SIZE, NULL);
+  cfile->buflen = strlen (cfile->inbuf);
+  if(cfile->buflen > 0)
+    {
+      ldap_write_debug (cfile->inbuf, cfile->buflen);
+
+      res = conf_file_subparse (cfile, root_group, ROOT_GROUP);
+      if (res != ISC_R_SUCCESS)
+        {
+          log_error ("LDAP: cannot parse dhcpServer entry '%s'", hostdn);
+          ldap_memfree (hostdn);
+          ldap_unbind (ld);
+          ld = NULL;
+          return res;
+        }
+      cfile->inbuf[0] = '\0';
+    }
+  ldap_msgfree (hostres);
+
+  /*
+  ** attach ldap (tree) read function now
+  */
+  cfile->bufix = cfile->buflen = 0;
+  cfile->read_function = ldap_read_function;
+
+  res = ISC_R_SUCCESS;
+  for (cnt=0; tempstr[cnt] != NULL; cnt++)
+    {
+      snprintf(sfilter, sizeof(sfilter), "(&(objectClass=dhcpService)"
+                        "(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s)))",
+                        hostdn, hostdn);
+      ldres = NULL;
+      if ((ret = ldap_search_s (ld, tempstr[cnt], LDAP_SCOPE_BASE,
+                                sfilter, NULL, 0, &ldres)) != LDAP_SUCCESS)
+        {
+          log_error ("Error searching for dhcpServiceDN '%s': %s. Please update the LDAP entry '%s'",
+                     tempstr[cnt], ldap_err2string (ret), hostdn);
+          if(NULL != ldres)
+            ldap_msgfree(ldres);
+          res = ISC_R_FAILURE;
+          break;
+        }
+
+      if ((ent = ldap_first_entry (ld, ldres)) == NULL)
+        {
+          log_error ("Error: Cannot find dhcpService DN '%s' with primary or secondary server reference. Please update the LDAP server entry '%s'",
+                     tempstr[cnt], hostdn);
+
+          ldap_msgfree(ldres);
+          res = ISC_R_FAILURE;
+          break;
+        }
+
+      /*
+      ** FIXME: how to free the remembered dn's on exit?
+      **        This should be OK if dmalloc registers the
+      **        memory it allocated and frees it on exit..
+      */
+
+      curr = dmalloc (sizeof (*curr), MDL);
+      if (curr != NULL)
+        {
+          length = strlen (tempstr[cnt]);
+          curr->dn = dmalloc (length + 1, MDL);
+          if (curr->dn == NULL)
+            {
+              dfree (curr, MDL);
+              curr = NULL;
+            }
+          else
+            strcpy (curr->dn, tempstr[cnt]);
+        }
+
+      if (curr != NULL)
+        {
+          curr->refs++;
+
+          /* append to service-dn list */
+          if (ldap_service_dn_tail != NULL)
+            ldap_service_dn_tail->next = curr;
+          else
+            ldap_service_dn_head = curr;
+
+          ldap_service_dn_tail = curr;
+        }
+      else
+        log_fatal ("no memory to remember ldap service dn");
+
+#if defined (DEBUG_LDAP)
+      log_info ("LDAP: Parsing dhcpService DN '%s' ...", tempstr[cnt]);
+#endif
+      add_to_config_stack (ldres, ent);
+      res = conf_file_subparse (cfile, root_group, ROOT_GROUP);
+      if (res != ISC_R_SUCCESS)
+        {
+          log_error ("LDAP: cannot parse dhcpService entry '%s'", tempstr[cnt]);
+          break;
+        }
+    }
+
+  end_parse (&cfile);
+  ldap_close_debug_fd();
+
+  ldap_memfree (hostdn);
+  ldap_value_free (tempstr);
+
+  if (res != ISC_R_SUCCESS)
+    {
+      struct ldap_config_stack *temp_stack;
+
+      while ((curr = ldap_service_dn_head) != NULL)
+        {
+          ldap_service_dn_head = curr->next;
+          dfree (curr->dn, MDL);
+          dfree (curr, MDL);
+        }
+
+      ldap_service_dn_tail = NULL;
+
+      while ((temp_stack = ldap_stack) != NULL)
+        {
+          ldap_stack = temp_stack->next;
+          free_stack_entry (temp_stack);
+        }
+
+      ldap_unbind (ld);
+      ld = NULL;
+    }
+
+  return (res);
+}
+
+
+/* This function will parse the dhcpOption and dhcpStatements field in the LDAP
+   entry if it exists. Right now, type will be either HOST_DECL or CLASS_DECL.
+   If we are parsing a HOST_DECL, this always returns 0. If we are parsing a 
+   CLASS_DECL, this will return what the current lease limit is in LDAP. If
+   there is no lease limit specified, we return 0 */
+
+static int
+ldap_parse_options (LDAPMessage * ent, struct group *group,
+                         int type, struct host_decl *host,
+                         struct class **class)
+{
+  int i, declaration, lease_limit;
+  char option_buffer[8192];
+  enum dhcp_token token;
+  struct parse *cfile;
+  isc_result_t res;
+  const char *val;
+
+  lease_limit = 0;
+  *option_buffer = '\0';
+  res = ldap_parse_entry_options (ent, option_buffer, sizeof(option_buffer) - 1,
+                                  &lease_limit);
+  if (res != ISC_R_SUCCESS)
+    return (lease_limit);
+
+  option_buffer[sizeof(option_buffer) - 1] = '\0';
+  if (*option_buffer == '\0')
+    return (lease_limit);
+
+  cfile = (struct parse *) NULL;
+  res = new_parse (&cfile, -1, option_buffer, strlen (option_buffer), 
+                   type == HOST_DECL ? "LDAP-HOST" : "LDAP-SUBCLASS", 0);
+  if (res != ISC_R_SUCCESS)
+    return (lease_limit);
+
+#if defined (DEBUG_LDAP)
+  log_info ("Sending the following options: '%s'", option_buffer);
+#endif
+
+  declaration = 0;
+  do
+    {
+      token = peek_token (&val, NULL, cfile);
+      if (token == END_OF_FILE)
+        break;
+       declaration = parse_statement (cfile, group, type, host, declaration);
+    } while (1);
+
+  end_parse (&cfile);
+
+  return (lease_limit);
+}
+
+
+
+int
+find_haddr_in_ldap (struct host_decl **hp, int htype, unsigned hlen,
+                    const unsigned char *haddr, const char *file, int line)
+{
+  char buf[128], *type_str, **tempstr, *addr_str;
+  LDAPMessage * res, *ent;
+  struct host_decl * host;
+  isc_result_t status;
+  ldap_dn_node *curr;
+  int ret;
+
+  if (ldap_method == LDAP_METHOD_STATIC)
+    return (0);
+
+  if (ld == NULL)
+    ldap_start ();
+  if (ld == NULL)
+    return (0);
+
+  switch (htype)
+    {
+      case HTYPE_ETHER:
+        type_str = "ethernet";
+        break;
+      case HTYPE_IEEE802:
+        type_str = "token-ring";
+        break;
+      case HTYPE_FDDI:
+        type_str = "fddi";
+        break;
+      default:
+        log_info ("Ignoring unknown type %d", htype);
+        return (0);
+    }
+
+  /*
+  ** FIXME: dhcpHWAddress attribute uses octetStringMatch
+  **        (what means exact octet match, case sensitive)!
+  **
+  **        it is not guaranted, that ldap contains _exactly_
+  **        "type addr" with one space between!
+  **        AFAIK print_hw_addr() produces a lower case string.
+  */
+  snprintf (buf, sizeof (buf),
+            "(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))",
+           type_str, print_hw_addr (htype, hlen, haddr));
+
+  res = ent = NULL;
+  for (curr = ldap_service_dn_head;
+       curr != NULL && *curr->dn != '\0';
+       curr = curr->next)
+    {
+#if defined (DEBUG_LDAP)
+      log_info ("Searching for %s in LDAP tree %s", buf, curr->dn);
+#endif
+      ret = ldap_search_s (ld, curr->dn, LDAP_SCOPE_SUBTREE,
+                           buf, NULL, 0, &res);
+      if (ret == LDAP_SUCCESS)
+        {
+          if( (ent = ldap_first_entry (ld, res)) != NULL)
+            break; /* search OK and have entry */
+
+#if defined (DEBUG_LDAP)
+          log_info ("No host entry for %s in LDAP tree %s",
+                    buf, curr->dn);
+#endif
+          if(res)
+            {
+              ldap_msgfree (res);
+              res = NULL;
+            }
+        }
+      else
+        {
+          if(res)
+            {
+              ldap_msgfree (res);
+              res = NULL;
+            }
+
+          if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS)
+            {
+              log_error ("Cannot search for %s in LDAP tree %s: %s", buf, 
+                         curr->dn, ldap_err2string (ret));
+              ldap_unbind (ld);
+              ld = NULL;
+              return (0);
+            }
+#if defined (DEBUG_LDAP)
+          else
+            {
+              log_info ("ldap_search_s returned %s when searching for %s in %s",
+                        ldap_err2string (ret), buf, curr->dn);
+            }
+#endif
+        }
+    }
+
+  if (res && ent)
+    {
+#if defined (DEBUG_LDAP)
+      char *dn = ldap_get_dn (ld, ent);
+      if (dn != NULL)
+        {
+          log_info ("Found dhcpHWAddress LDAP entry %s", dn);
+          ldap_memfree(dn);
+        }
+#endif
+
+      host = (struct host_decl *)0;
+      status = host_allocate (&host, MDL);
+      if (status != ISC_R_SUCCESS)
+        {
+          log_fatal ("can't allocate host decl struct: %s", 
+                     isc_result_totext (status)); 
+          ldap_msgfree (res);
+          return (0);
+        }
+
+      host->name = ldap_get_host_name (ent);
+      if (host->name == NULL)
+        {
+          host_dereference (&host, MDL);
+          ldap_msgfree (res);
+          return (0);
+        }
+
+      if (!clone_group (&host->group, root_group, MDL))
+        {
+          log_fatal ("can't clone group for host %s", host->name);
+          host_dereference (&host, MDL);
+          ldap_msgfree (res);
+          return (0);
+        }
+
+      /*
+      ** PROBLEM: since dhcpd uses no unique names for groups,
+      **          it seems to be not possible to find the right
+      **          one, our host may belong to.
+      **
+      ** PERHAPS: Check if parent DN is a dhcpGroup or the host-dn
+      **          is referenced via dhcpHostDN in a dhcpGroup.
+      **          If found, we may fetch and apply group options
+      **          and statements to above host->group ?
+      */
+      ldap_parse_options (ent, host->group, HOST_DECL, host, NULL);
+
+      *hp = host;
+      ldap_msgfree (res);
+      return (1);
+    }
+
+
+  if(res) ldap_msgfree (res);
+  return (0);
+}
+
+
+int
+find_subclass_in_ldap (struct class *class, struct class **newclass, 
+                       struct data_string *data)
+{
+  LDAPMessage * res, * ent;
+  int i, ret, lease_limit;
+  isc_result_t status;
+  ldap_dn_node *curr;
+  char buf[1024];
+
+  if (ldap_method == LDAP_METHOD_STATIC)
+    return (0);
+
+  if (ld == NULL)
+    ldap_start ();
+  if (ld == NULL)
+    return (0);
+
+  snprintf (buf, sizeof (buf), "(&(objectClass=dhcpSubClass)(cn=%s)(dhcpClassData=%s))", print_hex_1 (data->len, data->data, 60), print_hex_2 (strlen (class->name), class->name, 60));
+#if defined (DEBUG_LDAP)
+  log_info ("Searching LDAP for %s", buf);
+#endif
+
+  res = ent = NULL;
+  for (curr = ldap_service_dn_head;
+       curr != NULL && *curr->dn != '\0';
+       curr = curr->next)
+    {
+#if defined (DEBUG_LDAP)
+      log_info ("Searching for %s in LDAP tree %s", buf, curr->dn);
+#endif
+      ret = ldap_search_s (ld, curr->dn, LDAP_SCOPE_SUBTREE,
+                           buf, NULL, 0, &res);
+      if (ret == LDAP_SUCCESS)
+        {
+          if( (ent = ldap_first_entry (ld, res)) != NULL)
+            break; /* search OK and have entry */
+
+#if defined (DEBUG_LDAP)
+          log_info ("No subclass entry for %s in LDAP tree %s",
+                    buf, curr->dn);
+#endif
+          if(res)
+            {
+              ldap_msgfree (res);
+              res = NULL;
+            }
+        }
+      else
+        {
+          if(res)
+            {
+              ldap_msgfree (res);
+              res = NULL;
+            }
+
+          if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS)
+            {
+              log_error ("Cannot search for %s in LDAP tree %s: %s", buf, 
+                         curr->dn, ldap_err2string (ret));
+              ldap_unbind (ld);
+              ld = NULL;
+              return (0);
+            }
+#if defined (DEBUG_LDAP)
+          else
+            {
+              log_info ("ldap_search_s returned %s when searching for %s in %s",
+                        ldap_err2string (ret), buf, curr->dn);
+            }
+#endif
+        }
+    }
+
+  if (res && ent)
+    {
+#if defined (DEBUG_LDAP)
+      char *dn = ldap_get_dn (ld, ent);
+      if (dn != NULL)
+        {
+          log_info ("Found subclass LDAP entry %s", dn);
+          ldap_memfree(dn);
+        }
+#endif
+
+      status = class_allocate (newclass, MDL);
+      if (status != ISC_R_SUCCESS)
+        {
+          log_error ("Cannot allocate memory for a new class");
+          ldap_msgfree (res);
+          return (0);
+        }
+
+      group_reference (&(*newclass)->group, class->group, MDL);
+      class_reference (&(*newclass)->superclass, class, MDL);
+      lease_limit = ldap_parse_options (ent, (*newclass)->group, 
+                                        CLASS_DECL, NULL, newclass);
+      if (lease_limit == 0)
+        (*newclass)->lease_limit = class->lease_limit; 
+      else
+        class->lease_limit = lease_limit;
+
+      if ((*newclass)->lease_limit) 
+        {
+          (*newclass)->billed_leases = 
+              dmalloc ((*newclass)->lease_limit * sizeof (struct lease *), MDL);
+          if (!(*newclass)->billed_leases) 
+            {
+              log_error ("no memory for billing");
+              class_dereference (newclass, MDL);
+              ldap_msgfree (res);
+              return (0);
+            }
+          memset ((*newclass)->billed_leases, 0, 
+                ((*newclass)->lease_limit * sizeof (*newclass)->billed_leases));
+        }
+
+      data_string_copy (&(*newclass)->hash_string, data, MDL);
+
+      ldap_msgfree (res);
+      return (1);
+    }
+
+  if(res) ldap_msgfree (res);
+  return (0);
+}
+
+#endif
+
diff -Naur dhcp-3.0.1rc14/server/mdb.c dhcp-3.0.1rc14-ldap/server/mdb.c
--- dhcp-3.0.1rc14/server/mdb.c	2004-06-10 13:59:56.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/server/mdb.c	2004-06-22 15:18:20.000000000 -0400
@@ -375,6 +375,12 @@
 {
 	struct host_decl *foo;
 	struct hardware h;
+	int ret;
+
+#if defined(LDAP_CONFIGURATION)
+	if ((ret = find_haddr_in_ldap (hp, htype, hlen, haddr, file, line)))
+		return ret;
+#endif
 
 	h.hlen = hlen + 1;
 	h.hbuf [0] = htype;
diff -Naur dhcp-3.0.1rc14/server/stables.c dhcp-3.0.1rc14-ldap/server/stables.c
--- dhcp-3.0.1rc14/server/stables.c	2004-06-10 13:59:58.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/server/stables.c	2004-06-22 15:18:20.000000000 -0400
@@ -483,6 +483,15 @@
 	{ "log-facility", "Nsyslog-facilities.",	&server_universe, 44 },
 	{ "do-forward-updates", "f",			&server_universe, 45 },
 	{ "ping-timeout", "T",				&server_universe, 46 },
+#if defined(LDAP_CONFIGURATION)
+	{ "ldap-server", "t",				&server_universe, 47 },
+	{ "ldap-port", "d",				&server_universe, 48 },
+	{ "ldap-username", "t",				&server_universe, 49 },
+	{ "ldap-password", "t",				&server_universe, 50 },
+	{ "ldap-base-dn", "t",				&server_universe, 51 },
+	{ "ldap-method", "Nldap-methods.",		&server_universe, 52 },
+	{ "ldap-debug-file", "t",			&server_universe, 53 },
+#else
 	{ "unknown-47", "X",				&server_universe, 47 },
 	{ "unknown-48", "X",				&server_universe, 48 },
 	{ "unknown-49", "X",				&server_universe, 49 },
@@ -490,6 +499,7 @@
 	{ "unknown-51", "X",				&server_universe, 51 },
 	{ "unknown-52", "X",				&server_universe, 52 },
 	{ "unknown-53", "X",				&server_universe, 53 },
+#endif
 	{ "unknown-54", "X",				&server_universe, 54 },
 	{ "unknown-55", "X",				&server_universe, 55 },
 	{ "unknown-56", "X",				&server_universe, 56 },
@@ -694,6 +704,20 @@
 	{ "option-end", "e",				&server_universe, 255 },
 };
 
+#if defined(LDAP_CONFIGURATION)
+struct enumeration_value ldap_values [] = {
+	{ "static", LDAP_METHOD_STATIC },
+	{ "dynamic", LDAP_METHOD_DYNAMIC },
+	{ (char *) 0, 0 }
+};
+
+struct enumeration ldap_methods = {
+	(struct enumeration *)0,
+	"ldap-methods",
+	ldap_values
+};
+#endif
+
 struct enumeration_value ddns_styles_values [] = {
 	{ "none", 0 },
 	{ "ad-hoc", 1 },
diff -Naur dhcp-3.0.1rc14/site.conf dhcp-3.0.1rc14-ldap/site.conf
--- dhcp-3.0.1rc14/site.conf	1999-07-07 11:20:10.000000000 -0400
+++ dhcp-3.0.1rc14-ldap/site.conf	2004-06-22 15:24:59.000000000 -0400
@@ -1,2 +1,3 @@
 # Put local site configuration stuff here to override the default
 # settings in Makefile.conf
+#COPTS = -DDEBUG_LDAP -DDEBUG_CLASS_MATCHING -Wall -O -Wno-unused