How to configure dhcpd

In order to have your DHCP server connected on LDAP, you have to install the LDAP backend.

On EL6 (and CentOS 6), the LDAP backend is provided by default with the dhcp service, so:

yum install dhcp

On debian and ubuntu, you have to install it explicitly:

apt-get install dhcp3-server-ldap

Now, just edit your dhcpd.conf file (/etc/dhcp/dhcpd.conf) with something like this:

dhcpd.conf
ldap-server "ldap.domain.test";
ldap-port 389;
ldap-username "cn=dhcp,ou=DSA,dc=domain,dc=test";
ldap-password "p@ssw0rd";
ldap-base-dn "dc=domain,dc=test";
ldap-method dynamic;
ldap-ssl start_tls;

In this example:

  • Our LDAP server's DNS name is ldap.domain.test
  • It's listening on the default port (389)
  • DHCP will bind to LDAP using a DSA account named dhcp (DN cn=dhcp,ou=DSA,dc=domain,dc=test)
  • the password of the dhcp DSA account is p@ssw0rd
  • We'll lookup in the whole LDAP database for dhcp entries (you could restrict it to one server, using cn=dhcp,ou=servers,ou=systems,dc=domain,dc=test as base-dn for example)
  • We'll use TLS to bind on LDAP

ldap-method can be either static or dynamic. With the dynamic method, the DHCP service will lookup in LDAP for each DHCP requests it receive, so changes in LDAP are applied immediatly. With the static method, the DHCP server will read it's config from LDAP at startup, and will keep it in memory (so you have to restart the DHCP service to propagate changes in LDAP)

Here are the slapd ACL I use for dhcp entries:

# Access to DHCP settings
access to dn.subtree=ou=servers,ou=systems,dc=domain,dc=test filter=(|(objectClass=dhcpSubnet)(objectClass=dhcpService)(objectClass=dhcpServer)(objectClass=dhcpHost))
       by dn=cn=dhcp,ou=DSA,dc=domain,dc=test peername.ip="127.0.0.1" read
       by dn=cn=dhcp,ou=DSA,dc=domain,dc=test peername.ip="[::1]" read
       by dn=cn=dhcp,ou=DSA,dc=domain,dc=test ssf=256 read
       by group.exact="cn=admins,ou=Groups,dc=domain,dc=test" peername.ip="127.0.0.1" write
       by group.exact="cn=admins,ou=Groups,dc=domain,dc=test" peername.ip="[::1]" write
       by group.exact="cn=admins,ou=Groups,dc=domain,dc=test" ssf=256 write
       by * none
en/documentation/plugin/dhcp_plugin/configure_dhcpd.txt · Last modified: 2017/10/31 10:32 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0