User Tools

Site Tools


ISC dhcp3-server with LDAP backend

For large networks it might be a good idea to store DHCP-information in a central LDAP-database. Brian Masney has written a patch that gives the ISC DHCP-server an LDAP backend. You can find more information and download the patch at

Download the sources of the ISC DHCP-server at, apply the LDAP-patch and then configure and compile the software or, even better, create binary packages for your GNU/Linux distribution of choice.

We built new Debian-packages (i386 platform only) based on the Debian Sarge source packages for the ISC DHCP-server.

Install the patched packages

dpkg -i dhcp3-common_3.0.4-1ldap_i386.deb dhcp3-server_3.0.4-1ldap_i386.deb

Add the interface to bind to to /etc/default/dhcp3-server

Install an LDAP-enabling /etc/dhcp3/dhcpd.conf

ldap-server                 "";
ldap-port                   389;
# We do an anonymous bind
# ldap-username             "cn=directorymanagerloginname";
# ldap-password             "mypassword";
ldap-base-dn                "ou=DHCP,dc=intra,dc=example,dc=com";
ldap-method                 static;
ldap-debug-file             "/var/log/dhcp-ldap-startup.log";

In the chapter on installing the Fedora Directory Server we already described the custom LDAP-scheme that is required for DHCP usage (64ldapdhcp.ldif).

A basic example to fill the DHCP part of the LDAP-server is needed to get things going. You can save it eg. as /opt/dhcp-ldap.ldif

dn: ou=DHCP,dc=intra,dc=example,dc=com
ou: DHCP
objectClass: top
objectClass: organizationalUnit
description: DHCP Servers

dn: cn=DHCP Config, ou=DHCP,dc=intra,dc=example,dc=com
cn: DHCP Config
objectClass: top
objectClass: dhcpService
dhcpPrimaryDN: cn=xendns, ou=DHCP,dc=intra,dc=example,dc=com
dhcpStatements: ddns-update-style none
dhcpStatements: get-lease-hostnames true
dhcpStatements: use-host-decl-names true

dn: cn=, cn=DHCP Config, ou=DHCP,dc=intra,dc=example,dc=com
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpNetMask: 24
dhcpStatements: default-lease-time 600
dhcpStatements: max-lease-time 7200
dhcpOption: netbios-name-servers
dhcpOption: subnet-mask
dhcpOption: routers
dhcpOption: domain-name-servers
dhcpOption: domain-name ""

dn: cn=xendns, ou=DHCP,dc=intra,dc=example,dc=com
cn: xendns
objectClass: top
objectClass: dhcpServer
dhcpServiceDN: cn=DHCP Config, ou=DHCP,dc=intra,dc=example,dc=com

dn: cn=xenclient, cn=DHCP Config, ou=DHCP,dc=intra,dc=example,dc=com
cn: xenclient
objectClass: top
objectClass: dhcpHost
dhcpHWAddress: ethernet 00:16:3e:3d:eb:87
dhcpStatements: fixed-address

You can add the LDIF to the LDAP-database like so:

/opt/fedora-ds/slapd-xenfds/ldif2ldap "cn=Directory Manager" yourpassword /opt/dhcp-ldap.ldif

As an alternative you might use the available perl-script to convert your current dhcpd.conf to LDIF.

Finally start your DHCP-server and you're done. In case any debugging is needed, start with the files /var/log/dhcp-ldap-startup.log and /var/log/daemon.log, however Brian's patch and the ISC server do have additional options.

ISC dhcp3-server without LDAP backend

Below is an example of dhcpd.conf that enables running a dhcp3-server without LDAP backend.

Remember, our project doesn't support DDNS (yet).

Install the software

apt-get install dhcp3-server

Content of /etc/dhcp3/dhcpd.conf

allow booting;
allow bootp;
ddns-update-style none;
option domain-name "";
option domain-name-servers,;
option netbios-name-servers;
option subnet-mask;
option broadcast-address;
option routers;
default-lease-time 6000;
max-lease-time 72000;
subnet netmask {

In case of more than one NIC or when using a Xen domU als vehicle for your server, edit /etc/default/dhcp3-server


Start the DHCP-server

/etc/init.d/dhcp3-server start
hannibal/iscdhcp.txt · Last modified: 2008/06/25 12:44 by Olivier Brugman