Knowledge Base ISC Main Website Ask a Question/Contact ISC
LDAP
Author: Shawn Routhier Reference Number: AA-01284 Views: 6040 Created: 2015-07-31 01:20 Last Updated: 2015-08-04 20:30 0 Rating/ Voters

General

In 4.2.0 we started including some contributed code for storing and retrieving your DHCP configuration in LDAP.  This is useful if you have a number of DHCP servers and update their configurations frequently. This code was written by Brian Masney and S. Kalyanasundraram and maintained by David Cantrell.  Since then other people have been maintaining it and contributing patches.

Please note that this code is contributed by outside authors and while we distribute it with ISC_DHCP it was not developed by nor is it officially supported by ISC.  In the future we may choose to make it more official but until then we do limited testing to verify that it compiles but do NOT do testing with an LDAP server.  As always the code is "use at your own risk".

As we still consider this code to be "contrib", in order to use it you must enable it via configuration switches.  All of these default to "no".

  • --with-ldap
  • --with-ldapcrypto
  • --with-ldap-gssapi
  • --with-ldapcasa

Updates for 4.3.3

Included in the ISC_DHCP 4.3.3 release, are a number of modifications to the contributed LDAP code. These modifications are all based on patches submitted to us through tickets by contributors.  In order to facilitate the effort of incorporating these changes, the work was performed under a single collection ticket, #39056.  

Rather than try to describe all of the changes included in the release notes, we elected to do so by means of this article.  The changes are listed by their corresponding ticket numbers.

ISC_BUGS #32217:

This ticket is a collection of twenty-six patches submitted to us by Marius Tomaschewski from SUSE.  Of those twenty-six, we incorporated all but four which were either obsolete or otherwise not applicable.  Of the patches included, those which altered visible behavior are listed below:

  • 0002-Typos-in-access-of-the-tempbv-value-in-ldap-debug-lo.patch
    • Fixed typos in access of the tempbv value in ldap debug log messages guarded by DEBUG_LDAP.
  • 0003-Fix-for-object-order-related-parse-errors.patch
    • Fixes object-order related parsing errors, that occur when one object is parsed before an object it references.  The original issue stems from the somewhat random order of objects as they are returned by LDAP. 
  • 0004-Fix-to-support-dhcpServerDN-reference.patch
    • Added support for the dhcpServerDN reference to dhcpService object search filter 
  • 0005-Missed-host-brace-opening.patch
    • Modified parsing to include the "host ... {" block opening brace even if no harware address is specified for the host.
  • 0006-Case-insensitive-hardware-address-search.patch
    • Changed dhcpHWAddress search logic to be case-insensitive when searching for a given MAC address. 
  • 0007-Support-for-dhcpFailOverPeer-objects.patch
    • Added support for dhcpFailOverPeer objects (failover peering definition)
  • 0008-Meaningful-error-message-on-missed-dhcpServiceDN.patch
    • Fixed to provide a more meaningful error message in case of missed dhcpServiceDN attribute in a dhcpServer object (bnc#392354).
  • 0009-Disable-external-dhcpZoneDN-and-dhcpFailOverPeerDN.patch
    • Applied S Kalyanasundaram's patch which disables incorrect parsing of external dhcpZoneDN and dhcpFailOverPeerDN references.
  • 0012-Allow-all-local-addresses-for-dhcpd-failover.patch
    • Fixed to allow all local addresses for dhcpd failover peering by name or address and show the name of affected failover peering in log/error messages.
  • 0017-Added-with-ldapcasa-configure-switch-and-checks.patch
    • Added --with-ldapcasa configure switch and checks to enable support for CASA authentication.
  • 0019-ldap-connect-retry-loop-while-initial-startup.patch
    • Implemented optional LDAP connect retry loop during the initial startup of the dhcp server for cases where the ldap server is not yet started.  Set the ldap-init-retry <num> option in dhcpd.conf to retry to connect <num> times with one second between each try (bnc#627617).
  • 0020-Fixed-to-escape-values-used-in-ldap-filters.patch
    • Modified to use ldap_bv2escaped_filter_value to escape all values used in constructed LDAP filters, e.g. "o=*Test" in DN.
  • 0023-dhcp-ldap-reset-bufix-in-ldap_read_function.patch
    • Fixed ldap_read_function() to not (do not discard last character,  usually \n).  This was causing parsing errors.
  • 0024-Resize-ldap-buffer-to-not-truncate-bigger-objects.patch
    • Fixed parse buffer handling code to avoid truncating configurations of LDAP objects whose length exceeds the buffer size (i.e. larger than 8k).
  • 0025-Fixed-subclass-class-name-and-data-quoting-escaping.patch
    • Fixed subclass name and data parsing to include quoted values.

ISC_BUGS #33176:

Modified LDAP host searching to support multiple hosts for a given hardware address.  The function, find_haddr_in_ldap(), was modified to return all of the hosts found for a given hardware address. Prior to this  it returned only the first matching entry.  Thanks to Stéphane Gaubert  for submitting this patch. 

ISC_BUGS #29873

Modified searches for dhcpServer to only use the nodename when nodename and fqdn are the same value.  Thanks to Lestyn C. Elfick for submitting this patch.

ISC_BUGS #37876

Modified the dhcpd-conf-to-ldap script to place add all global options and option definitions to teh dhcpService object. Thanks to Alex Novak from Suse for this patch.

ISC_BUGS #36409

Modified the dhcpd-conf-to-ldap script to accept a subclass without a following "{}" block. Thanks to Alex Novak from Suse for this patch.

ISC_BUGS #32240.

Added missing strdup failure checks and subsequent memory frees to ldap.c Thanks to Bill Parker for this submission.

ISC_BUGS #37721

Added support for GSSAPI authentication for accessing the LDAP server.  This feature is enabled via a new configuration switch, --with-ldap-gssapi.  Use of this feature requires values for two additional configuration parameters, "ldap-gssapi-principal" and "ldap-gssapi-keytab".

ISC_BUGS #29787

Added support for DHCPv6 to LDAP parsing.  Thanks to Jiri Popelka and Gémes Géza for this patch.



© 2001-2017 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Quick Jump Menu