Saturday, August 21, 2010

ISC merges LDAP configuration patch for DHCP

What? OK, first the acronyms:
  • ISC is the Internet Systems Consortium. They are responsible for core Internet software, the F-root name server, and many RFC documents.
  • LDAP is the Lightweight Directory Access Protocol. Read about it here.
  • DHCP is the Dynamic Host Configuration Protocol. It's the technology that runs in the background when you set up your computer to "obtain address automatically".
ISC maintains DHCP software that pretty much every operating system vendor on the planet (except Microsoft) uses. It is core networking software. Until 2007, I was maintaining this software in Fedora Linux and Red Hat Enterprise Linux (by maintain, that means I made sure we were using the latest stable version and applied any patches to the code to make the ISC work correctly on our operating system).

Enter the LDAP patch. DHCP software has two components: the server and the client. The client is what runs on your computer when you connect to the network. It speaks to a DHCP server, which is run by your ISP or a wifi router or your company's IT department. The server is configured using a configuration file usually called /etc/dhcpd.conf. It can get rather large and difficult to maintain, so large DHCP sites wanted the ability to store their configuration in some sort of database. This is what the LDAP patch allows. Your DHCP server configuration can be stored in an LDAP database and managed by any number of separate tools. In fact, the DHCP servers themselves do not necessarily need configuration data as they can just request that from the LDAP server.

Support for LDAP in the DHCP server was started by some enterprising people at Ntelos and Novell. The original authors moved on to other projects and since I was maintaining this patch in Fedora Linux, I was asked to take over ownership of the patch for upstream purposes. I said sure and moved it over to github.com. I received many bug reports, patches, and requests for this patch to make it in to various releases of Fedora Linux and RHEL. Not all could be fulfilled, but it was clear that a lot of people want LDAP configuration support in the DHCP server.

ISC was asked on numerous occassions to merge this patch in to the upstream DHCP code. I am pleased to say that as of version 4.2.0 of ISC dhcp, the LDAP configuration has been merged. This is great news because I no longer have to maintain the patch out of tree. If you are finding bugs with LDAP support in dhcp and you are using 4.2.0 or higher, send your bug reports and patches to ISC. See the README file in the source code for how to report bugs.

From the RELNOTES file in the DHCP source code:
"The LDAP Patch" that has been circulating for some time, written by Brian Masney and S.Kalyanasundraram and maintained for application to the DHCP-4 sources by David Cantrell has been included. Please be advised that these sources were contributed, and do not yet meet the high standards we place on production sources we include by default. As a result, the LDAP features are only included by using a compile-time option which defaults off, and if you enable it you do so under your own recognizance. We will be improving this software over time. [ISC-Bugs #17741]
While the "do not yet meet the high standards we place on production sources" statement is a bit subjective, the bottom line is ISC has recognized that people want this support. Many thanks to everyone who contributed patches to improve LDAP support in DHCP. And many thanks to ISC for merging this code upstream!

NOTE: I am keeping the ldap-for-dhcp project alive on github for people still wanting to use older versions of DHCP. We have patches going back to dhcp-3.1.x which may be of use to someone.

No comments: