Documentation/Installation/DHCP: dhcp-3.0.5-ldap.20070318.patch

dhcp-3.0.5/Changelog-LDAP

@@ +1 @@
+2007-3-18 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c - added more debug statements and updated some of the
+        existing statements. Fixed a bug where some LDAP entries could be
+        ignored on startup.
+
+        * README.ldap - fixed problem in the example LDIF file.
+
+2007-2-23 Brian Masney <masneyb@ntelos.net>
+        * contrib/dhcpd-conf-to-ldap.pl - fixed a parsing bug in which
+        didn't handle correctly quoted string containing spaces.
+        (Rapha?l Luta <raphael.luta@aptiwan.com>)
+
+        * dst/Makefile.dist server/Makefile.dist site.conf - updated build
+        method when using -lssl.
+        (from Marius Tomaschewski <mt@suse.de>)
+
+        * server/ldap.c - fix for ldap_read_function to avoid returning
+        empty strings (skipped host declaration from ldap) that are causing
+        parsing errors in ldap-dynamic mode.
+        (from Marius Tomaschewski <mt@suse.de>)
+
+        * includes/dhcpd.h README.ldap server/dhcpd.c server/ldap.c
+        server/stables.c - added ldap-ssl <off|start_tls|ldaps|on> option and
+        several ldap-tls* options, that are described in the "man ldap.conf".
+        (from Marius Tomaschewski <mt@suse.de>)
+
+        * includes/dhcpd.h server/ldap.c server/stables.c - added ldap-referrals
+        <on|off> option. Also implemented a LDAP rebuind function
+        (from Kalyan <skalyanasundaram@novell.com>)
+
+        * includes/dhcpd.h server/ldap.c server/stables.c - renamed dhcpd.conf
+        option ldap-server-cn to ldap-dhcp-server-cn
+        (from Marius Tomaschewski <mt@suse.de>)
+
+        * contrib/dhcp.schema - schema updates 
+        (from Kalyan <skalyanasundaram@novell.com>)
+
+        * server/ldap.c server/ldap_casa.c - CASA support fixes
+        (from Marius Tomaschewski <mt@suse.de>)
+
+        * server/ldap.c - added strncat() fix
+        (from Marius Tomaschewski <mt@suse.de>)
+
+2006-12-15 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c (ldap_read_config) - unbind from the LDAP server after
+        the config file has been ran if the server is being ran in static mode
+        (from Tomas Hoger <thoger@pobox.sk>)
+
+        * server/ldap.c (ldap_read_function) - fixed bug where the entire
+        configuration was not being processed in the LDAP directory.
+
+        * server/ldap.c - added the following functions for reading values
+        from the config file: _do_lookup_dhcp_string_option(),
+        _do_lookup_dhcp_int_option() and _do_lookup_dhcp_enum_option(). This
+        helped to clean up ldap_start() start a bit. Also, various small
+        formatting changes to the code.
+
+2006-12-15 Marius Tomaschewski <mt@suse.de>
+        * Changelog-LDAP - Added / changed some of entries in
+        Changelog-LDAP, e.g.  changes to the dhcpServer and
+        dhcpService objectclasses in schema file was not mentioned.
+
+        * server/ldap.c Some a little bit paranoid checks to strchr results
+        in the group patch, avoided allocation of groupname using snprintf
+        with a "%.*s" format.
+
+        * server/ldap.c - Readded FIXME comment about one space in
+        dhcpHWAddress.
+
+        * server/ldap.c Changed "dhcpdnsZone" and "dhcpdnszoneServer" into
+        "dhcpDnsZone" and "dhcpDnsZoneServer".
+
+        * Fixed memory leak in ldap_parse_zone (dfree of keyCn), added checks
+        for dmalloc and strchr results.
+
+        * ldap_casa.c, ldap_casa.h - surrounded content of ldap_casa.h and
+        ldap_casa.c with if defined(LDAP_CASA_AUTH).
+
+        * contrib/dhcp.schema  - Reverted the equality change for dhcpOption.
+        The dhcp options are case-insensitive in dhcpd.conf.
+
+        * Changed "dhcpdnsZone" and "dhcpdnszoneServer" into "dhcpDnsZone"
+        and "dhcpDnsZoneServer".
+
+        * Changed "FQDNs" into "DNs" in dhcpLocatorDN description (DN is already
+        absolute, RDN is relative DN, FQDN means a full qualified domain name).
+
+2006-12-15 Kalyan <skalyanasundaram@novell.com>
+        * includes/ldap_casa.h server/ldap_casa.c - updated to support CASA
+        1.7
+
+2006-8-15 Kalyan <skalyanasundaram@novell.com>
+        * server/ldap.c (ldap_parse_options) - fetch option from the group
+        if the host belongs to that group in the dynamic method.
+
+        * contrib/dhcp.schema - modified dhcpServiceDN attribute in dhcpServer
+        objectclasses to be optional instead of mandatory
+
+        * contrib/dhcp.schema - modified dhcpPrimaryDN attribute in dhcpService
+        objectclasses to be optional instead of mandatory
+
+        * contrib/dhcp.schema - schema has been updated with
+        new objectclasses dhcpLocator,dhcpTsigKey,dhcpdnsZone,dhcpFailOver and
+        many attributes.
+
+        * contrib/dhcp.schema - dhcpHWAddress's equality has been modified to
+        caseIgnoreIA5Match.
+
+        * server/ldap.c - added support for reading the dhcpTsigKey and
+        dhcpdnsZone objects. 
+
+        * server/ldap.c (ldap_parse_options) Fetch option from the group if
+        the host belongs to that group in the dynamic method.
+
+        * server/ldap.c - CASA authentication is enabled.
+
+        * server/ldap.c - introduced new attribute ldap-server-cn to mention
+        the dhcpServer object name in configuration.
+
+2006-7-17 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c (ldap_read_function) - fixes for reading the data
+        from the LDAP tree in some cases (patch from
+        Darrin Smith <beldin@beldin.org>)
+
+2006-3-17 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c (ldap_read_function) - added patch from 
+        Dmitriy Bogun <kabanyura@gmail.com>. This patch fixes a bug when
+        EOF wasn't returned in some cases.
+
+2005-9-26 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c (ldap_start) - added support for reading the
+        ldap-port option. This option was not being used.
+
+2005-5-24 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c (ldap_parse_host) - allow dhcpHost entries that do
+        not have a hardware address associated with them
+
+2005-4-11 Brian Masney <masneyb@ntelos.net>
+        * README.ldap - updated directions on how to use LDAP over SSL on
+        non-Linux machines
+
+2005-2-23 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c (ldap_generate_config_string) - do a case insensitive
+        string comparsion when comparing the object classes
+
+2004-11-8 Brian Masney <masneyb@ntelos.net>
+        * debian/control - updated the depends and build-depends line
+        (from Andrew Pollock <me@andrew.net.au>)
+
+2004-10-13 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c (ldap_start) - allow doing an anonymous bind to the
+        LDAP server
+
+2004-9-27 Brian Masney <masneyb@ntelos.net>
+        * contrib/dhcpd-conf-to-ldap.pl - make sure the DHCP hardware address
+        is always lowercased
+
+2004-7-30 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c - added more debbuging statements. Fixed possible crash
+        that could occur whenever more than 1 external DN is added to an LDAP
+        entry. Fixed possible infinite loop when reading the external DNs.
+        (from Sebastian Hetze <s.hetze@linux-ag.de>)
+
+2004-7-1 Brian Masney <masneyb@ntelos.net>
+        * README.ldap - updated build instructions paragraph
+        (from Mason Schmitt <sysadmin@sunwave.net>)
+
+2004-6-29 Brian Masney <masneyb@ntelos.net>
+        * debian/control - set the minimum required version of the DHCP server
+        to be 3.0.1rc9
+
+        * configure - fix for sed when configure was run from an older shell
+
+2004-6-22 Brian Masney <masneyb@ntelos.net>
+        * Updated patch to use ISC DHCP 3.0.1rc14
+
+2004-5-24 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c - don't append a ; to the end of a dhcpStatement if it
+        ends in }
+
+        * server/ldap.c contrib/dhcpd-conf-to-ldap.pl - support having multiple
+        dhcpRange statements (from Marco D'Ettorre <marco.dettorre@sys-net.it>)
+
+2004-5-5 Brian Masney <masneyb@ntelos.net>
+        * server/ldap.c - added more debugging statements when
+        it is compiled in to help troubleshoot parsing errors. Don't free
+        a LDAP connection prematurely when there is a reference to another
+        LDAP tree. If the config entry ends in }, make sure a ; gets tacked
+        on
+
+        * debian/* - Updated version number. Renamed package from
+        dhcp3-ldap-ntelos to dhcp3-server-ldap.
+
+        * server/ldap.c - enclose the shared-network name in quotes so
+        that there can be shared network statements in LDAP that have spaces
+        in them
+
+        * configure - after the work directory is setup, add -lldap -llber
+        to the server Makefile
+
+Wed Apr 21 15:09:08 CEST 2004 - mt@suse.de
+        * contrib/dhcpd-conf-to-ldap.pl:
+          - added "--conf=file" option usable instead of stdin
+          - added "--ldif=file" option usable instead of stdout
+          - added "--second=host|dn" option usefull for failover
+          - added "--use=feature" option to enable extended features;
+            currently used to enable failover (default is disabled).
+          - extended remaining_line() to support block statements
+          - fixed / improved failover support, added notes about
+
+        * server/ldap.c:
+          - moved code checking statement ends to check_statement_end()
+          - moved parsing of entry options/statements to
+            ldap_parse_entry_options()
+          - moved code closing debug fd into ldap_close_debug_fd()
+          - moved code writing to debug fd into ldap_write_debug()
+          - added support for full hostname in dhcpServer search filter
+          - added support for multiple dhcpService entries in dhcpServer object
+          - added parsing of options and statements for dhcpServer object
+          - added verify if dhcpService contains server dn as primary or
+            secondary
+          - changed to search for dhcpHost,dhcpSubClass bellow of all
+            dhcpService trees instead of base-dn (avoids finding of hosts in
+            foreign configs)
+          - fixes to free all dn's fetched by ldap_get_dn (e.g. debug output)
+          - fixes to free ldap results, mainly in cases where no LDAP_SUCCESS
+            returned or other error conditions happened
+          - fixed/improved some log messages
+
+2004-3-30 Brian Masney <masneyb@ntelos.net>
+        * contrib/dhcpd-conf-to-ldap.pl - added option to control the
+        DHCP Config DN. Wrap the DHCP Statements in { }
+        This patch was contributed by Marius Tomaschewski <mt@suse.de>
+
+        * server/ldap.c - changed ldap_username and ldap_password to
+        be optional (anonymous bind is used then). Added {} block support
+        to dhcpStatements. (no ";" at end if statement ends with a "}").
+        Fixed writing to ldap-debug-file. Changed find_haddr_in_ldap() to
+        use dhcpHost objectClass in its filter
+        This patch was contributed by Marius Tomaschewski <mt@suse.de>
+
+2004-3-23 Brian Masney <masneyb@ntelos.net>
+        * contrib/dhcpd-conf-to-ldap.pl - added options for server, basedn
+        options and usage message (Net::Domain instead of SYS::Hostname).
+        Added handling of zone, authoritative and failover (config and
+        pool-refs) statements. Added numbering of groups and pools per
+        subnet. This patch was contributed by Marius Tomaschewski <mt@suse.de>
+
+2004-2-26 Brian Masney <masneyb@ntelos.net>
+        * fixed an instance where the LDAP server would restart, but the DHCP
+        server would not reconnect
+
+2004-2-18 Brian Masney <masneyb@ntelos.net>
+        * allow multiple dhcp*DN entries in the LDAP entry.
+
+2003-9-11 Brian Masney <masneyb@ntelos.net>
+        * updated patch to work with 3.0.1rc12
+

dhcp-3.0.5/README.ldap

@@ +1 @@
+LDAP Support in DHCP
+Brian Masney <masneyb@ntelos.net>
+Last updated 3/23/2003
+
+This document describes setting up the DHCP server to read it's configuration 
+from LDAP. This work is based on the IETF document 
+draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest
+version of this document, please see http://home.ntelos.net/~masneyb.
+
+First question on most people's mind is "Why do I want to store my 
+configuration in LDAP?" If you run a small DHCP server, and the configuration
+on it rarely changes, then you won't need to store your configuration in LDAP.
+But, if you have several DHCP servers, and you want an easy way to manage your 
+configuration, this can be a solution. 
+
+The first step will be to setup your LDAP server. I am using OpenLDAP from
+www.openldap.org. Building and installing OpenLDAP is beyond the scope of this 
+document. There is plenty of documentation out there about this. Once you have 
+OpenLDAP installed, you will have to edit your slapd.conf file. I added the 
+following 2 lines to my configuration file:
+
+include         /etc/ldap/schema/dhcp.schema
+index           dhcpHWAddress   eq
+index           dhcpClassData   eq
+
+The first line tells it to include the dhcp schema file. You will find this 
+file under the contrib directory in this distribution. You will need to copy 
+this file to where your other schema files are (maybe
+/usr/local/openldap/etc/openldap/schema/). The second line sets up
+an index for the dhcpHWAddress parameter. The third parameter is for reading 
+subclasses from LDAP every time a DHCP request comes in. Make sure you run the 
+slapindex command and restart slapd to have these changes to into effect.
+
+Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/)
+to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click
+on the Schema tab. Go under objectClasses, and you should see at least the 
+following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions, 
+dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and 
+dhcpSubnet. If you do not see these, you need to check over your LDAP 
+configuration before you go any further.
+
+You should now be ready to build DHCP. If you would like to enable LDAP over
+SSL, you will need to perform the following steps:
+
+  * Edit the includes/site.h file and uncomment the USE_SSL line
+    or specify "-DUSE_SSL" via CFLAGS.
+  * Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
+    from the SRC= and OBJ= lines (around line 24)
+  * Now run configure in the base source directory. If you chose to enable
+    LDAP over SSL, you must append -lcrypto -lssl to the LIBS= line in the file
+    work.os/server/Makefile (replace os with your operating system, linux-2.2 on
+    my machine).  You should now be able to type make to build your DHCP server.
+
+If you choose to not enable LDAP over SSL, then you only need to run configure
+and make in the toplevel source directory.
+
+Once you have DHCP installed, you will need to setup your initial plaintext 
+config file. In my /etc/dhcpd.conf file, I have:
+
+ldap-server "localhost";
+ldap-port 389;
+ldap-username "cn=DHCP User, dc=ntelos, dc=net";
+ldap-password "blah";
+ldap-base-dn "dc=ntelos, dc=net";
+ldap-method dynamic;
+ldap-debug-file "/var/log/dhcp-ldap-startup.log";
+
+If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
+server trys to use TLS if possible, but continues without TLS if not.
+
+You can modify this behaviour using following option in /etc/dhcpd.conf:
+
+ldap-ssl <off | ldaps | start_tls | on>
+   off:       disables TLS/LDAPS.
+   ldaps:     enables LDAPS -- don't forget to set ldap-port to 636.
+   start_tls: enables TLS using START_TLS command
+   on:        enables LDAPS if ldap-port is set to 636 or TLS in 
+              other cases.
+
+See also "man 5 ldap.conf" for description the following TLS related 
+options:
+   ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
+   ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
+
+All of these parameters should be self explanatory except for the ldap-method.
+You can set this to static or dynamic. If you set it to static, the 
+configuration is read once on startup, and LDAP isn't used anymore. But, if you
+set this to dynamic, the configuration is read once on startup, and the 
+hosts that are stored in LDAP are looked up every time a DHCP request comes in.
+
+When the optional statement ldap-debug-file is specified, on startup the DHCP
+server will write out the configuration that it generated from LDAP. If you are
+getting errors about your LDAP configuration, this is a good place to start
+looking.
+
+The next step is to set up your LDAP tree. Here is an example config that will
+give a 10.100.0.x address to machines that have a host entry in LDAP. 
+Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace 
+dc=ntelos, dc=net with your base dn). If you would like to convert your 
+existing dhcpd.conf file to LDIF format, there is a script 
+contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type
+dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
+
+# You must specify the server's host name in LDAP that you are going to run
+# DHCP on and point it to which config tree you want to use. Whenever DHCP 
+# first starts up, it will do a search for this entry to find out which 
+# config to use
+dn: cn=brian.ntelos.net, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpServer
+cn: brian.ntelos.net
+dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
+
+# Here is the config tree that brian.ntelos.net points to. 
+dn: cn=DHCP Service Config, dc=ntelos, dc=net
+cn: DHCP Service Config
+objectClass: top
+objectClass: dhcpService
+dhcpPrimaryDN: dc=ntelos, dc=net
+dhcpStatements: ddns-update-style none
+dhcpStatements: default-lease-time 600
+dhcpStatements: max-lease-time 7200
+
+# Set up a shared network segment
+dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: WV Test
+objectClass: top
+objectClass: dhcpSharedNetwork
+
+# Set up a subnet declaration with a pool statement. Also note that we have
+# a dhcpOptions object with this entry
+dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: 10.100.0.0
+objectClass: top
+objectClass: dhcpSubnet
+objectClass: dhcpOptions
+dhcpOption: domain-name-servers 10.100.0.2
+dhcpOption: routers 10.100.0.1
+dhcpOption: subnet-mask 255.255.255.0
+dhcpOption: broadcast-address 10.100.0.255
+dhcpNetMask: 24
+
+# Set up a pool for this subnet. Only known hosts will get these IPs
+dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: Known Pool
+objectClass: top
+objectClass: dhcpPool
+dhcpRange: 10.100.0.3 10.100.0.254
+dhcpPermitList: deny unknown-clients
+
+# Set up another subnet declaration with a pool statement
+dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: 10.200.0.0
+objectClass: top
+objectClass: dhcpSubnet
+objectClass: dhcpOptions
+dhcpOption: domain-name-servers 10.200.0.2
+dhcpOption: routers 10.200.0.1
+dhcpOption: subnet-mask 255.255.255.0
+dhcpOption: broadcast-address 10.200.0.255
+dhcpNetMask: 24
+
+# Set up a pool for this subnet. Only unknown hosts will get these IPs
+dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: Known Pool
+objectClass: top
+objectClass: dhcpPool
+dhcpRange: 10.200.0.3 10.200.0.254
+dhcpPermitList: deny known clients
+
+# Set aside a group for all of our known MAC addresses
+dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpGroup
+cn: Customers
+
+# Host entry for my laptop
+dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpHost
+cn: brianlaptop
+dhcpHWAddress: ethernet 00:00:00:00:00:00
+
+You can use the command slapadd to load all of these entries into your LDAP 
+server. After you load this, you should be able to start up DHCP. If you run
+into problems reading the configuration, try running dhcpd with the -d flag. 
+If you still have problems, edit the site.conf file in the DHCP source and
+add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make 
+clean and rerun configure before you rebuild).
+

dhcp-3.0.5/common/conflex.c

@@ -47 +47 @@
-static enum dhcp_token read_number PROTO ((int, struct parse *));
-static enum dhcp_token read_num_or_name PROTO ((int, struct parse *));
-static enum dhcp_token intern PROTO ((char *, enum dhcp_token));
+static int read_function PROTO ((struct parse *));
-
-isc_result_t new_parse (cfile, file, inbuf, buflen, name, eolp)
-        struct parse **cfile;
@@ -74 +75 @@
-        tmp -> file = file;
-        tmp -> eol_token = eolp;
-
+        if (file != -1) {
+                tmp -> read_function = read_function;;
+        }
+
-        tmp -> bufix = 0;
-        tmp -> buflen = buflen;
-        if (inbuf) {
@@ -113 +118 @@
-        int c;
-
-        if (cfile -> bufix == cfile -> buflen) {
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
-                        c = EOF;
+                }
-        } else {
-                c = cfile -> inbuf [cfile -> bufix];
-                cfile -> bufix++;
@@ -1128 +1122 @@
-        }
-        return dfv;
-}
+
+
+static int
+read_function (struct parse * cfile)
+{
+  int c;
+
+        cfile -> buflen = read (cfile -> file, cfile -> inbuf, cfile -> bufsiz);
+        if (cfile -> buflen == 0) {
+                c = EOF;
+                cfile -> bufix = 0;
+        } else if (cfile -> buflen < 0) {
+                c = EOF;
+                cfile -> bufix = cfile -> buflen = 0;
+        } else {
+                c = cfile -> inbuf [0];
+                cfile -> bufix = 1;
+        }
+
+        return c;
+}
+

dhcp-3.0.5/common/print.c

@@ -166 +166 @@
-}
-
-char *print_hw_addr (htype, hlen, data)
-
-
-
+const 
+const 
+const 
-{
-        static char habuf [49];
-        char *s;

dhcp-3.0.5/contrib/dhcp.schema

@@ +1 @@
+attributetype ( 2.16.840.1.113719.1.203.4.1 
+        NAME 'dhcpPrimaryDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The DN of the dhcpServer which is the primary server for the configuration.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.2 
+        NAME 'dhcpSecondaryDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.3 
+        NAME 'dhcpStatements' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.4 
+        NAME 'dhcpRange' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen.  Each range is defined as a separate value.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.5 
+        NAME 'dhcpPermitList' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.6 
+        NAME 'dhcpNetMask' 
+        EQUALITY integerMatch
+        DESC 'The subnet mask length for the subnet.  The mask can be easily computed from this length.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.7 
+        NAME 'dhcpOption' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Encoded option values to be sent to clients.  Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.8 
+        NAME 'dhcpClassData' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons.  Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.9 
+        NAME 'dhcpOptionsDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.10 
+        NAME 'dhcpHostDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'the distinguished name(s) of the dhcpHost objects.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+
+attributetype ( 2.16.840.1.113719.1.203.4.11 
+        NAME 'dhcpPoolDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of pools.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.12 
+        NAME 'dhcpGroupDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s)   of the groups.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.13 
+        NAME 'dhcpSubnetDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of the subnets.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.14 
+        NAME 'dhcpLeaseDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name of a client address.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
+
+attributetype ( 2.16.840.1.113719.1.203.4.15 
+        NAME 'dhcpLeasesDN' 
+        DESC 'The distinguished name(s) client addresses.' 
+        EQUALITY distinguishedNameMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.16 
+        NAME 'dhcpClassesDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of a class(es) in a subclass.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.17 
+        NAME 'dhcpSubclassesDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of subclass(es).' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.18 
+        NAME 'dhcpSharedNetworkDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of sharedNetworks.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.19 
+        NAME 'dhcpServiceDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.20 
+        NAME 'dhcpVersion'
+        DESC 'The version attribute of this object.'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.21 
+        NAME 'dhcpImplementation' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.22 
+        NAME 'dhcpAddressState' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This stores information about the current binding-status of an address.  For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP".  For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.23 
+        NAME 'dhcpExpirationTime' 
+        EQUALITY generalizedTimeMatch 
+        DESC 'This is the time the current lease for an address expires.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.24 
+        NAME 'dhcpStartTimeOfState' 
+        EQUALITY generalizedTimeMatch 
+        DESC 'This is the time of the last state change for a leased address.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.25 
+        NAME 'dhcpLastTransactionTime' 
+        EQUALITY generalizedTimeMatch 
+        DESC 'This is the last time a valid DHCP packet was received from the client.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.26 
+        NAME 'dhcpBootpFlag' 
+        EQUALITY booleanMatch 
+        DESC 'This indicates whether the address was assigned via BOOTP.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.27 
+        NAME 'dhcpDomainName' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This is the name of the domain sent to the client by the server.  It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN.  To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.28 
+        NAME 'dhcpDnsStatus' 
+        EQUALITY integerMatch
+        DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address.  The value is a 16-bit bitmask.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.29 
+        NAME 'dhcpRequestedHostName' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This is the hostname that was requested by the client.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.30 
+        NAME 'dhcpAssignedHostName' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client.  The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.31 
+        NAME 'dhcpReservedForClient' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name of a "dhcpClient" that an address is reserved for.  This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.32 
+        NAME 'dhcpAssignedToClient' 
+        EQUALITY distinguishedNameMatch
+        DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to.  This attribute is only present in the class when the address is leased.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.33 
+        NAME 'dhcpRelayAgentInfo' 
+        EQUALITY octetStringMatch
+        DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request.  This is a hex-encoded option value.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.34 
+        NAME 'dhcpHWAddress' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'The clients hardware address that requested this IP address.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.35 
+        NAME 'dhcpHashBucketAssignment' 
+        EQUALITY octetStringMatch
+        DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.36 
+        NAME 'dhcpDelayedServiceParameter' 
+        EQUALITY integerMatch
+        DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in  DHC Load Balancing Algorithm [RFC 3074]. '
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.37 
+        NAME 'dhcpMaxClientLeadTime' 
+        EQUALITY integerMatch
+        DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.38 
+        NAME 'dhcpFailOverEndpointState' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.39 
+        NAME 'dhcpErrorLog' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.40 
+        NAME 'dhcpLocatorDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype  ( 2.16.840.1.113719.1.203.4.41 
+        NAME 'dhcpKeyAlgorithm' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'Algorithm to generate TSIG Key' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype  ( 2.16.840.1.113719.1.203.4.42 
+        NAME 'dhcpKeySecret' 
+        EQUALITY octetStringMatch 
+        DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.43 
+        NAME 'dhcpDnsZoneServer' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'Master server of the DNS Zone' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.44 
+        NAME 'dhcpKeyDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys.  In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+attributetype ( 2.16.840.1.113719.1.203.4.45 
+        NAME 'dhcpZoneDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+attributetype ( 2.16.840.1.113719.1.203.4.46 
+        NAME 'dhcpFailOverPrimaryServer' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.47 
+        NAME 'dhcpFailOverSecondaryServer' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.48
+        NAME 'dhcpFailOverPrimaryPort' 
+        EQUALITY integerMatch 
+        DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+        
+attributetype ( 2.16.840.1.113719.1.203.4.49
+        NAME 'dhcpFailOverSecondaryPort' 
+        EQUALITY integerMatch 
+        DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.50
+        NAME 'dhcpFailOverResponseDelay' 
+        EQUALITY integerMatch 
+        DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.51
+        NAME 'dhcpFailOverUnackedUpdates' 
+        EQUALITY integerMatch 
+        DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.52
+        NAME 'dhcpFailOverSplit' 
+        EQUALITY integerMatch 
+        DESC 'Split between the primary and secondary servers for fail over purpose' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.53
+        NAME 'dhcpFailOverLoadBalanceTime' 
+        EQUALITY integerMatch 
+        DESC 'Cutoff time in seconds, after which load balance is disabled' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.54
+        NAME 'dhcpFailOverPeerDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+
+#List of all servers in the tree
+attributetype ( 2.16.840.1.113719.1.203.4.55
+        NAME 'dhcpServerDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'List of all  DHCP Servers in the tree. Used by dhcpLocatorObject' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.56
+        NAME 'dhcpComments' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'Generic attribute that allows coments  within any DHCP object' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# Classes
+
+objectclass ( 2.16.840.1.113719.1.203.6.1 
+        NAME 'dhcpService' 
+        DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.' 
+        SUP top 
+        MUST (cn) 
+        MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.2 
+        NAME 'dhcpSharedNetwork' 
+        DESC 'This stores configuration information for a shared network.' 
+        SUP top 
+        MUST cn 
+        MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.3 
+        NAME 'dhcpSubnet' 
+        DESC 'This class defines a subnet. This is a container object.' 
+        SUP top 
+        MUST ( cn $ dhcpNetMask ) 
+        MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.4 
+        NAME 'dhcpPool' 
+        DESC 'This stores configuration information about a pool.' 
+        SUP top 
+        MUST ( cn $ dhcpRange ) 
+        MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) 
+        X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.5 
+        NAME 'dhcpGroup' 
+        DESC 'Group object that lists host DNs and parameters. This is a container object.' 
+        SUP top 
+        MUST cn 
+        MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
+        X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.6 
+        NAME 'dhcpHost' 
+        DESC 'This represents information about a particular client' 
+        SUP top 
+        MUST cn 
+        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
+        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.7 
+        NAME 'dhcpClass' 
+        DESC 'Represents information about a collection of related clients.' 
+        SUP top 
+        MUST cn 
+        MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
+        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.8 
+        NAME 'dhcpSubClass' 
+        DESC 'Represents information about a collection of related classes.' 
+        SUP top 
+        MUST cn 
+        MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
+
+objectclass ( 2.16.840.1.113719.1.203.6.9 
+        NAME 'dhcpOptions' 
+        DESC 'Represents information about a collection of options defined.' 
+        SUP top AUXILIARY
+        MUST cn 
+        MAY ( dhcpOption $ dhcpComments ) 
+        X-NDS_CONTAINMENT  ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.10 
+        NAME 'dhcpLeases' 
+        DESC 'This class represents an IP Address, which may or may not have been leased.' 
+        SUP top 
+        MUST ( cn $ dhcpAddressState ) 
+        MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress ) 
+        X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.11 
+        NAME 'dhcpLog' 
+        DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.' 
+        SUP top 
+        MUST ( cn ) 
+        MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) 
+        X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.12 
+        NAME 'dhcpServer' 
+        DESC 'DHCP Server Object' 
+        SUP top 
+        MUST ( cn ) 
+        MAY (dhcpServiceDN  $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption) 
+        X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.13 
+        NAME 'dhcpTSigKey' 
+        DESC 'TSIG key for secure dynamic updates' 
+        SUP top