From: zbyniu Date: Tue, 30 Mar 2010 18:58:49 +0000 (+0000) Subject: - http://github.com/dcantrell/ldap-for-dhcp/raw/9cfd4c277d7615777f372ea08f44cc7de9ed7... X-Git-Tag: auto/th/dhcp-4_0_1p1-3~4 X-Git-Url: http://git.pld-linux.org/?p=packages%2Fdhcp.git;a=commitdiff_plain;h=91d5e1ce69dadbb10554da1e153462a65638242b - http://github.com/dcantrell/ldap-for-dhcp/raw/9cfd4c277d7615777f372ea08f44cc7de9ed7959/README.ldap Changed files: dhcp-README.ldap -> 1.2 --- diff --git a/dhcp-README.ldap b/dhcp-README.ldap index 2263050..b7c3640 100644 --- a/dhcp-README.ldap +++ b/dhcp-README.ldap @@ -1,11 +1,13 @@ LDAP Support in DHCP -Brian Masney -Last updated 3/23/2003 +Original Author: Brian Masney +Current Maintainer: David Cantrell +Last updated 07-Jul-2009 This document describes setting up the DHCP server to read it's configuration from LDAP. This work is based on the IETF document draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the -latest version of this document, please see http://home.ntelos.net/~masneyb. +latest version of this document, please see +http://dcantrel.fedorapeople.org/dhcp/ldap-patch/ First question on most people's mind is "Why do I want to store my configuration in LDAP?" If you run a small DHCP server, and the configuration @@ -25,11 +27,11 @@ index dhcpClassData eq The first line tells it to include the dhcp schema file. You will find this file under the contrib directory in this distribution. You will need to copy -this file to where your other schema files are (maybe -/usr/local/openldap/etc/openldap/schema/). The second line sets up an index -for the dhcpHWAddress parameter. The third parameter is for reading subclasses -from LDAP every time a DHCP request comes in. Make sure you run the slapindex -command and restart slapd to have these changes to into effect. +this file to where your other schema files are (maybe /etc/openldap/schema/). +The second line sets up an index for the dhcpHWAddress parameter. The third +parameter is for reading subclasses from LDAP every time a DHCP request comes +in. Make sure you run the slapindex command and restart slapd to have these +changes to into effect. Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/) to verify that the dhcp schema file is loaded into LDAP. @@ -39,24 +41,22 @@ dhcpHost, dhcpOptions, dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and dhcpSubnet. If you do not see these, you need to check over your LDAP configuration before you go any further. -You should now be ready to build DHCP. If you would like to enable LDAP over -SSL, you will need to perform the following steps: +You should now be ready to build DHCP. If you would like to enable LDAP in +dhcpd, you will need to perform the following steps: - * Edit the includes/site.h file and uncomment the USE_SSL line - or specify "-DUSE_SSL" via CFLAGS. - * Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o - from the SRC= and OBJ= lines (around line 24) - * Now run configure in the base source directory. If you chose to enable - LDAP over SSL, you must append -lcrypto -lssl to the LIBS= line in the - file work.os/server/Makefile (replace os with your operating system, - linux-2.2 on my machine). You should now be able to type make to build - your DHCP server. - -If you choose to not enable LDAP over SSL, then you only need to run configure -and make in the toplevel source directory. + * Apply the patch here to the unpacked ISC dhcp source tree. + * Regenerate the configure script (requires GNU autoconf and automake): + aclocal + libtoolize --copy --force + autoconf + autoheader + automake --foreign --add-missing --copy + * Run ./configure with the '--with-ldap' argument to enable OpenLDAP. + If you want LDAP over SSL, also use the '--with-ldapcrypto' argument. + * Run 'make' to build ISC dhcp. Once you have DHCP installed, you will need to setup your initial plaintext -config file. In my /etc/dhcpd.conf file, I have: +config file. In my /etc/dhcp/dhcpd.conf file, I have: ldap-server "localhost"; ldap-port 389; @@ -66,10 +66,10 @@ ldap-base-dn "dc=ntelos, dc=net"; ldap-method dynamic; ldap-debug-file "/var/log/dhcp-ldap-startup.log"; -If SSL has been enabled at compile time using the USE_SSL flag, the dhcp -server trys to use TLS if possible, but continues without TLS if not. +If SSL has been enabled at compile time, the dhcp server trys to use TLS if +possible, but continues without TLS if not. -You can modify this behaviour using following option in /etc/dhcpd.conf: +You can modify this behaviour using following option in /etc/dhcp/dhcpd.conf: ldap-ssl off: disables TLS/LDAPS. @@ -100,8 +100,8 @@ give a 10.100.0.x address to machines that have a host entry in LDAP. Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace dc=ntelos, dc=net with your base dn). If you would like to convert your existing dhcpd.conf file to LDIF format, there is a script -contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type -dhcpd-conf-to-ldap.pl --help to see the usage information for this script. +dhcpd-conf-to-ldap that will convert it for you. Type +dhcpd-conf-to-ldap --help to see the usage information for this script. # You must specify the server's host name in LDAP that you are going to run # DHCP on and point it to which config tree you want to use. Whenever DHCP @@ -183,10 +183,9 @@ objectClass: dhcpHost cn: brianlaptop dhcpHWAddress: ethernet 00:00:00:00:00:00 -You can use the command slapadd to load all of these entries into your LDAP +You can use the command slapadd to load all of these entries into your LDAP server. After you load this, you should be able to start up DHCP. If you run -into problems reading the configuration, try running dhcpd with the -d flag. +into problems reading the configuration, try running dhcpd with the -d flag. If you still have problems, edit the site.conf file in the DHCP source and -add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make +add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make clean and rerun configure before you rebuild). -