LDAP configuration file (/var/dhcp/config/dhcp_ldap.conf)
----------------------------------------------------------
schema DEN
This directive indicates that the particular (in this case DEN
based) schema is used. The search, modify, add, and delete
directives will differ depending on the schema. The attributes
under schema are config, subnet_refresh, range_refresh, leases,
logldif, and online_leases. These are discussed below.
config files|files&ldap
This attribute indicates whether only the text files in the
/var/dhcp/config directory should be used to setup the DHCP
server configuration for subnets or whether the configuration
values in the the /var/dhcp/config directory should be
overwritten by values that are redefined by the configuration in
the ldap database. By default the files are overwritten by values
found in the LDAP database if this attribute is not specified.
subnet_refresh <number>
This indicates the frequency of subnet configuration refresh. 0
indicates that the configuration will be loaded only once. The
configuration is re-read only when the DHCP server is idle. The
frequency indicates the number of times the server can be idle
before it will reread the configuration from the ldap
database. By default the configuration is read in only once at
startup.
range_refresh <number>
This behaves in a similar way to the subnet_refresh.
leases 0|1
This indicates whether the leases should be stored in the ldap
database or not. If the value is 1 leases are updated into an
LDAP database or logged locally in an ldif file depending on the
value of the online_leases option described below. By default
leases are not stored or logged into an ldif file.
online_leases 0|1
If this option is specified as 0 leases are not updated
online. The default value is 1. If the server should log leases
in a local ldif file for offline updates the user must specify
the logldif option also.
logldif [ <filename> ]
This indicates that LDAP-database-updates of leases should be
logged to a local ldif file. The default filename used for
logging is /var/dhcp/ldap_dhcp_log.ldif. A different filename can
be specified. Note that it is possible to specify both online
updates as well as logging to an ldif file, or only one of those,
or neither. Ldif records that can be input to the ldapmodify(3)
utility are created. It is the responsibility of the user to set
up an offline update procedure. Note that ldif records are
appended to the logfile and must be deleted periodically. This
may be partly or fully automated in later releases.
server hostip:[port]
This specifies the ldap server IP address and port (default
389). Attributes include base, scope, binddn, bindpwd.
base
Defines the distinguished name (dn) of the base for the ldap
search.
scope
Defines the depth used in searching for ldap entries. The value
may be one of the following: subtree - will search all entries
below the base (default), onelevel - will search one level below
base, and sbase - will search only at the base level.
binddn
Specifies the distinguished name used in binding to the
server. This attribute is optional.
bindpwd
Specifies the password used in binding to the server. This
attribute is also optional.
entry search <entry_name>
entry modify <entry_name>
entry add <entry_name>
entry delete <entry_name>
The search specification is similar to the table specification in
ldap.conf(4). In addition the search specification will allow to
override the base and scope specified in the server
specification. The base can also be modified on the fly with
substitutions similar to substitutions in the "format" specification.
For example:
entry search subnets
base DHCPService=%s, o=sgi.com
scope sub
filter_lookup
filter_list
getattr
setattr
require
A comparison with the man page for ldap.conf(4) indicates that
the "single line" and the "default" keywords are dropped since
they are not needed. The "format" keyword is replaced by the
"getattr" keyword which simply specifies a list of attributes
separated by [,: \t]. The attributes values are returned either
as strings or as binary values in "struct berval" format depending
on the specification of the "=B" modifier. For example
getattr DHCPSubnets, DHCPOptionsList=B
will get the DHCPOptionsList as a binary value.
Note that with the DEN based schema used at present, all
attributes are string values.
NOTES ABOUT LDAP SERVER USAGE.
-------------------------------
The DHCP Server should be able to run without the ldap database
also. Therefore basic internal data structures that are used are
the same regardless of whether LDAP updates are specified or not.
To improve the performance of searches the DHCP server continues
to store leases in a local ndbm file. Lease queries are made only
locally. Only lease updates are sent to a (remote) LDAP server if
online updating is specified. This has the added advantage that
if the LDAP server is down, online updates can be suspended for
some time an instead the updates can be logged to a local ldif
file. The DHCP service can continue uninterrupted because the
ndbm database is local and is always current.
An Example of entries in the configuration file.
------------------------------------------------
Suppose the DHCP server wants to know what subnets are to be
supported so that it can build the necessary "Config" structures.
For the DEN library the search entry will be:
entry search SUBNETS
filter_lookup (|(objectclass=DHCPService)(objectclass=DHCPServer))
require DHCPSubnetList
getattr DHCPSubnetList
An example configuration file is in /var/dhcp/config/dhcp_ldap.conf.
