#939 [RFE] Add DHCP integration to IPA
Closed: wontfix a year ago Opened 8 years ago by dpal.

It looks like that, as of the 4.2 version of ISC DHCP, they have support for LDAP. I'd like to nominate this for a future IPA plugin.


From mail (simo):

DHCP has little to do with security and I fear it would add load to the
LDAP server and add additional work for the UI team w/o much benefit.

The point is that DHCP servers cannot easily be centralized, normally
you need to have them sit right in the LANs you need to serve
(although there are switches that are able to forward requests back
and forth with some limitations).

So you would have to create some sort of DHCP Server install script
that allows you to install only the DHCP server + ipa configuration on
servers that have no other ipa service, except, perhaps an LDAP read
only replica (which we do not support yet).

DHCP servers are trivial to centralize, and any router---certainly any router in an enterprise environment---will support a DHCP helper-address and/or snooping/rogue prevention.

I'd also argue that the daemon which hands out IP addresses is an integral part of the "Identity" of a machine, and hope the priority on this gets bumped up.

Replying to [comment:2 jcape]:

DHCP servers are trivial to centralize, and any router---certainly any router in an enterprise environment---will support a DHCP helper-address and/or snooping/rogue prevention.

I'd also argue that the daemon which hands out IP addresses is an integral part of the "Identity" of a machine, and hope the priority on this gets bumped up.

Is there any chance you can help? We might not have enough resources, visibility into specific use cases and expertise to do integration work at the moment. Currently realistically this functionality is not going to be looked at or touched for at least a year. We have so many other things to deliver. If you need this to be bumped, we really need someone who would be willing to get a crack at it, run with design and prototyping.

I have started working on this. My branch of work can be found at https://bitbucket.org/Firstyear/freeipa-dhcp .

Changing 3.2 priority

3.4 development was shifted by one month, moving tickets to reflect reality better.

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

It looks like we have more pressing issues to focus on. Pushing back to the Pilsner pool.

Sadly, the pressures of University life took over, and diverted my time away from this matter.

I have now had a number of my patches integrated to DHCPD and am working on GSSAPI integration with this. Once that is complete, I'll revisit this ticket.

As an update. My patches to DHCPD have been accepted, allowing DHCPD to connect with GSSAPI to ldap. This should make it easier to configure the DHCPD service to connect to IPA. I will revise the proposed design and discuss on mailing list.

Metadata Update from @dpal:
- Issue assigned to firstyear
- Issue set to the milestone: Future Releases

2 years ago

Thank you taking your time and submitting this request for FreeIPA. Unfortunately, this bug was not given a priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata