feat(ldap): add ldap backend support

saltstack-formulas · Apr 6, 2020 · cf7d330 · cf7d330
1 parent bf8763f
commit cf7d330
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 1 deletion.
diff --git a/dhcpd/defaults.yaml b/dhcpd/defaults.yaml
@@ -17,6 +17,23 @@ dhcpd:
   use_host_decl_names: false
   allow: []
   deny: []
+  ldap_server: ''
+  ldap_port: ''
+  ldap_username: ''
+  ldap_password: ''
+  ldap_base_dn: ''
+  ldap_method: ''
+  ldap_debug_file: ''
+  ldap_init_retry: 0
+  ldap_ssl: ''
+  ldap_tls_reqcert: ''
+  ldap_tls_ca_file: ''
+  ldap_tls_ca_dir: ''
+  ldap_tls_cert: ''
+  ldap_tls_key: ''
+  ldap_tls_crlcheck: ''
+  ldap_tls_ciphers: ''
+  ldap_tls_randfile: ''
   ddns_update_style: ''
   ddns_domainname: ''
   update_static_leases: false

diff --git a/dhcpd/files/dhcpd.conf b/dhcpd/files/dhcpd.conf
@@ -73,7 +73,60 @@ use-host-decl-names on;
   {%- endif %}
 {%- endif %}
 
-# Use this to enble / disable dynamic dns updates globally.
+# LDAP Backend Configuration
+{%- if dhcpd.ldap_server %}
+ldap-server "{{ dhcpd.ldap_server }}";
+{%- endif %}
+{%- if dhcpd.ldap_port %}
+ldap-port {{ dhcpd.ldap_port }};
+{%- endif %}
+{%- if dhcpd.ldap_username %}
+ldap-username "{{ dhcpd.ldap_username }}";
+{%- endif %}
+{%- if dhcpd.ldap_password %}
+ldap-password "{{ dhcpd.ldap_password }}";
+{%- endif %}
+{%- if dhcpd.ldap_base_dn %}
+ldap-base-dn "{{ dhcpd.ldap_base_dn }}";
+{%- endif %}
+{%- if dhcpd.ldap_method %}
+ldap-method {{ dhcpd.ldap_method }};
+{%- endif %}
+{%- if dhcpd.ldap_debug_file %}
+ldap-debug-file "{{ dhcpd.ldap_debug_file }}";
+{%- endif %}
+{%- if dhcpd.ldap_init_retry %}
+ldap-init-retry {{ dhcpd.ldap_init_retry }};
+{%- endif %}
+{%- if dhcpd.ldap_ssl %}
+ldap-ssl {{ dhcpd.ldap_ssl }};
+{%- endif %}
+{%- if dhcpd.ldap_tls_reqcert %}
+ldap-tls-reqcert {{ dhcpd.ldap_tls_reqcert }};
+{%- endif %}
+{%- if dhcpd.ldap_tls_ca_file %}
+ldap-tls-ca-file "{{ dhcpd.ldap_tls_ca_file }}";
+{%- endif %}
+{%- if dhcpd.ldap_tls_ca_dir %}
+ldap-tls-ca-dir "{{ dhcpd.ldap_tls_ca_dir }}";
+{%- endif %}
+{%- if dhcpd.ldap_tls_cert %}
+ldap-tls-cert "{{ dhcpd.ldap_tls_cert }}";
+{%- endif %}
+{%- if dhcpd.ldap_tls_key %}
+ldap-tls-key "{{ dhcpd.ldap_tls_key }}";
+{%- endif %}
+{%- if dhcpd.ldap_tls_crlcheck %}
+ldap-tls-crlcheck "{{ dhcpd.ldap_tls_crlcheck }}";
+{%- endif %}
+{%- if dhcpd.ldap_tls_ciphers %}
+ldap-tls-ciphers "{{ dhcpd.ldap_tls_ciphers }}";
+{%- endif %}
+{%- if dhcpd.ldap_tls_randfile %}
+ldap-tls-randfile "{{ dhcpd.ldap_tls_randfile }}";
+{%- endif %}
+
+# Use this to enable / disable dynamic dns updates globally.
 {%- if dhcpd.ddns_update_style %}
 ddns-update-style {{ dhcpd.ddns_update_style }};
 {%- else %}

diff --git a/pillar.example b/pillar.example
@@ -5,6 +5,7 @@ dhcpd:
   # Change some defaults
   lookup:
     enable: false
+    # server: isc-dhcp-server-ldap
 
   domain_name: example.org
   domain_name_servers:
@@ -25,6 +26,18 @@ dhcpd:
   listen_interfaces:
     - em1
     - em2
+
+  ## LDAP Backend Configuration
+  ## When ldap backend configuration is used
+  ## all other configurations are ignored.
+  # ldap_server: localhost
+  # ldap_port: 389
+  # ldap_username: cn=dhcpadmin,dc=example,dc=com
+  # ldap_password: dhcppassword
+  # ldap_base_dn: ou=dhcp,dc=example,dc=com
+  # ldap_method: dynamic
+  # ldap_debug_file: /var/log/dhcp-ldap-startup.log
+
   subnets:
     10.152.187.0:
       comment: |