Univention Bugzilla – Bug 31650
Improve DHCP documentation
Last modified: 2015-04-01 13:49:55 CEST
We should improve the DHCP documentation in the following points: * It should be made clear that (if that is true ;)) one DHCP server may only hold one DHCP Service (i.e. you need another DHCP server if you want to create a second DHCP service). * There should be a description on how exactly the processing of DHCP policies works. That direct policy assignments (at DHCP service or DHCP host level) are prefered over the policies assigned to a DHCP subnet. (And that it is possible to assign DHCP policies to the subnet if there is no "direct" policy attached somewhere in the LDAP tree) * It should be described how one can evaluate the DHCP policies for a DHCP host, e.g. udm dhcp/host list --superordinate X,Y,Z --policies 1
(In reply to Janis Meybohm from comment #0) > * It should be made clear that (if that is true ;)) true. > one DHCP server may only hold one DHCP Service In LDAP the serer and service is reversed: The top-level element is the service and therein is one or more servers providing that service. > (i.e. you need another DHCP server if you want to create a second DHCP service). yes. > * There should be a description on how exactly the processing of DHCP > policies works. That direct policy assignments (at DHCP service or DHCP host > level) are prefered over the policies assigned to a DHCP subnet. (And that > it is possible to assign DHCP policies to the subnet if there is no "direct" > policy attached somewhere in the LDAP tree) Also see Bug #32585: ISC-DHCP has a built-in inheritance mechanism, which clashes with the UDM policy mechanism. The LDAP configuration/tree looks like this: Service +-Server... +-Shared-Network... | +-Shared-Subnet... | +-Pool... +-Subnet... | +-Pool... +-Host... The ISC-DHCP-Server uses the following order (highest to lowest): host, pool, subnet, network, service. But a UDM policy attached to the service also gets applied to all host entries, as they're children of that service container. So policies attached to the network/subnet/pool are more-or-less ignored, when a policy of that type is already referenced by the service container. Adding "prohibitedObjectClasses: univentionDhcpHost" the policy used for the service prevents the policy from being applied to the host entries and restores the expected order. > * It should be described how one can evaluate the DHCP policies for a DHCP > host, e.g. > udm dhcp/host list --superordinate X,Y,Z --policies 1 See Bug #21585 on why "--policies" does not work with UCS-3.2. To get the right values "univention_policy_resut" must be called for the host, pool, subnet, network, service in that order by hand and the results be merged manually. The first set value wins. The right pool/subnet/network/service must be determined manually.
(In reply to Philipp Hahn from comment #1) > > * It should be described how one can evaluate the DHCP policies for a DHCP > > host, e.g. > > udm dhcp/host list --superordinate X,Y,Z --policies 1 > > See Bug #21585 on why "--policies" does not work with UCS-3.2. UDM-CLI has some special handling for DHCP host, which evaluates the DHCP nesting to show the merged values. With Bug #21585 fixed it looks like this: # python /home/phahn/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admincli/admin.py.pmh dhcp/host list --superordinate cn=foo,cn=dhcp,dc=phahn,dc=dev --policies 0 DN: cn=xxx,cn=foo,cn=dhcp,dc=phahn,dc=dev hwaddress: ethernet 00:11:22:33:44:55 host: xxx fixedaddress: 192.168.122.12 univentionAdminMayOverrideSettings="0" univentionAdminListWebModules="modself" univentionAdminListWizards="None" univentionPWLength="8" univentionPWHistoryLen="3" univentionDhcpDomainName="phahn.dev" univentionDhcpDomainNameServers="192.168.122.11" Subnet-based Settings: univentionAdminMayOverrideSettings="0" univentionAdminListWebModules="modself" univentionAdminListWizards="None" univentionPWLength="8" univentionPWHistoryLen="3" univentionDhcpDomainName="phahn.dev" univentionDhcpDomainNameServers="192.168.122.11" Merged Settings: univentionAdminListWizards="None" univentionPWLength="8" univentionAdminMayOverrideSettings="0" univentionAdminListWebModules="modself" univentionPWHistoryLen="3" univentionDhcpDomainNameServers="192.168.122.11" univentionDhcpDomainName="phahn.dev" That is better than nothing, but is still incomplete, as the settings from a DHCP pool and the DHCP service are not merged in, which are also applicable for DHCP hosts.
(In reply to Janis Meybohm from comment #0) > We should improve the DHCP documentation in the following points: > > * It should be made clear that (if that is true ;)) one DHCP server may only > hold one DHCP Service (i.e. you need another DHCP server if you want to > create a second DHCP service). This was documented in 45930 > * There should be a description on how exactly the processing of DHCP > policies works. That direct policy assignments (at DHCP service or DHCP host > level) are prefered over the policies assigned to a DHCP subnet. (And that > it is possible to assign DHCP policies to the subnet if there is no "direct" > policy attached somewhere in the LDAP tree) > > * It should be described how one can evaluate the DHCP policies for a DHCP > host, e.g. > udm dhcp/host list --superordinate X,Y,Z --policies 1 These were cloned as Bug 33232 for the extended documentation.
OK: <http://jenkins.knut.univention.de:8080/view/Doku/job/UCS-3.2-0%20Handbook%20UCS/lastSuccessfulBuild/artifact/webroot/handbuch-3.2.html#module:dhcp:dhcp> OK: r45930 OK: Bug #33232
*** Bug 16863 has been marked as a duplicate of this bug. ***