LDAP install for DHCPd | Debian Wheezy
seanvs edited this page Dec 18, 2012
·
7 revisions
First get the required packages.
apt-get install isc-dhcp-server-ldap
apt-get install slapd
apt-get install ldap-utils
By default in Debian slapd is configured to use the "cn=config" configuration method, we are going to change this to use a flat file config to make the installation easier.
vim /etc/default/slapd
set "SLAPD_CONF=/etc/ldap/slapd.conf"
rm -rf /etc/ldap/slapd.d/
Create a new slapd.conf
- vim /etc/ldap/slapd.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/dhcp.schema
pidfile /var/run/slapd/slapd.pid
#set to '-1' if you want full logging
loglevel 256
moduleload back_bdb.la
database bdb
#Replace your domain name here
suffix "dc=domain,dc=tld"
# Create admin user
rootdn "cn=admin,dc=domain, dc=tld"
#set admin password here
rootpw 1234
#The database directory MUST exist prior to running slapd and should be owned to 'openldap'
directory /var/lib/ldap/dhcp
#Indices to maintain for this directory
index dhcpHWAddress eq
index dhcpClassData eq
- Extract the dhcp.schema file
gunzip /usr/share/doc/isc-dhcp-server-ldap/dhcp.schema.gz
cp /usr/share/doc/isc-dhcp-server-ldap/dhcp.schema /etc/ldap/schema/
- Setup database dir
mkdir /var/lib/ldap/dhcp
chown openldap: /var/lib/ldap/dhcp
- Start slapd and check syslog for any errors.
Now we must setup our base DN and import our dhcpd.conf into ldap
- Create a file import.ldif. This ldif is setup with the basic lansnap config ( needs to be edited or regenerated for the correct dn: )
# Create the base DN
dn: dc=mlp,dc=lan
objectClass: dcObject
objectClass: organization
dc: mlp
o: MassiveLan
description: Massivelan DHCP Directory
# Organizational Role for Directory Manager NOT NEEDED
dn: cn=sean,dc=mlp,dc=lan
objectClass: organizationalRole
cn: sean
description: Directory Manager
# Create DHCP Server
dn: cn=LanSNAP, dc=mlp,dc=lan
cn: LanSNAP
objectClass: top
objectClass: dhcpServer
dhcpServiceDN: cn=DHCP Config, dc=mlp,dc=lan
dn: cn=DHCP Config, dc=mlp,dc=lan
cn: DHCP Config
objectClass: top
objectClass: dhcpService
objectClass: dhcpOptions
dhcpPrimaryDN: cn=LanSNAP, dc=mlp,dc=lan
dhcpStatements: server-identifier mlp.lan
dhcpStatements: ignore bootp
dhcpStatements: ddns-updates off
dhcpOption: domain-name "mlp.lan"
dhcpOption: routers 10.0.0.1
dhcpOption: domain-name-servers 10.0.0.1, 172.16.0.1
dhcpOption: netbios-name-servers 10.0.0.1
dn: cn=LanSNAP, cn=DHCP Config, dc=mlp,dc=lan
cn: LanSNAP
objectClass: top
objectClass: dhcpSharedNetwork
dn: cn=172.16.0.0, cn=LanSNAP, cn=DHCP Config, dc=mlp,dc=lan
cn: 172.16.0.0
objectClass: top
objectClass: dhcpSubnet
dhcpNetMask: 23
dhcpStatements: authoritative
dhcpStatements: one-lease-per-client true
dn: cn=pool1, cn=172.16.0.0, cn=LanSNAP, cn=DHCP Config, dc=mlp,dc=lan
cn: pool1
objectClass: top
objectClass: dhcpPool
objectClass: dhcpOptions
dhcpRange: 172.16.0.25 172.16.1.254
dhcpStatements: max-lease-time 60
dhcpStatements: default-lease-time 60
dhcpStatements: allow unknown clients
dhcpOption: routers 172.16.0.1
dhcpOption: domain-name-servers 172.16.0.1
dhcpOption: subnet-mask 255.255.254.0
dhcpOption: broadcast-address 172.16.1.255
dn: cn=10.0.0.0, cn=LanSNAP, cn=DHCP Config, dc=mlp,dc=lan
cn: 10.0.0.0
objectClass: top
objectClass: dhcpSubnet
dhcpNetMask: 22
dhcpStatements: authoritative
dn: cn=pool1, cn=10.0.0.0, cn=LanSNAP, cn=DHCP Config, dc=mlp,dc=lan
cn: pool1
objectClass: top
objectClass: dhcpPool
objectClass: dhcpOptions
dhcpRange: 10.0.0.25 10.0.3.254
dhcpStatements: max-lease-time 3600
dhcpStatements: default-lease-time 3600
dhcpStatements: deny unknown clients
dhcpOption: routers 10.0.0.1
dhcpOption: domain-name-servers 10.0.0.1
dhcpOption: netbios-name-servers 10.0.0.1
dhcpOption: subnet-mask 255.255.252.0
dhcpOption: broadcast-address 10.0.3.255
# Set aside a group for all of our known MAC addresses
dn: cn=BYOC, cn=DHCP Config, dc=mlp,dc=lan
objectClass: top
objectClass: dhcpGroup
cn: BYOC
- Import the ldif file
sudo -u openldap ldapadd -f import.ldif -x -D"cn=admin,dc=domain,dc=tld" -w 1234
Now we will configure dhcpd
- Create new /etc/dhcp/dhcpd.conf
ldap-server "localhost";
ldap-port 389;
ldap-username "cn=admin,dc=domain,dc=tld";
ldap-password "1234";
ldap-base-dn "dc=domain,dc=tld";
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";
- Start dhcpd and check for any errors.