dhcp 4.3.2 with ldap backend
Kristof Van Doorsselaere
kristof.vandoorsselaere at hogent.be
Fri May 8 09:18:15 UTC 2015
Thanks for your reply.
Our current dhcp server is a centos 5.5, the new server I’m setting up is a centos 7
On this centos 7:
- dhcp 4.2.8 with ldap backend = OK
- dhcp 4.3.2 with ldap backend = NOK
The installed openldap packages are:
Name : openldap-devel
Arch : x86_64
Version : 2.4.39
Release : 6.el7
Size : 3.7 M
Repo : installed
From repo : base
Summary : LDAP development libraries and header files
URL : http://www.openldap.org/
License : OpenLDAP
Description : The openldap-devel package includes the development libraries and
: header files needed for compiling applications that use LDAP
: (Lightweight Directory Access Protocol) internals. LDAP is a set of
: protocols for enabling directory services over the Internet. Install
: this package only if you plan to develop or will need to compile
: customized LDAP clients.
Kristof
On 08/05/15 11:12, "Michael Ströder" <michael at stroeder.com> wrote:
>Kristof Van Doorsselaere wrote:
>> I’m trying to setup a new dual stack (ipv4/ipv6) dhcp server for my company.
>>
>> We are using an ldap backend (for fixed ip’s and mac address verification).
>>
>> Up till now we used a old 4.1.1 dhcp server, but for the new server I prefer to use the latest 4.3.2 source.
>
>Did you also change the OS or its version or at least libldap?
>
>> May 6 08:49:39 fulaga dhcpd: Cannot set LDAP TLS crl check option: Can't contact LDAP server
>> May 6 08:49:39 fulaga dhcpd: LDAPS session successfully enabled to ldaptest.example.com:636
>> May 6 08:49:39 fulaga dhcpd: Error: Cannot login into ldap server ldaptest.example.com:636: Can't contact LDAP server
>> May 6 08:49:39 fulaga dhcpd: Configuration file errors encountered — exiting
>
>This looks like a TLS misconfiguration to me.
>
>Are you sure your local libldap installation works as is with LDAPS or StartTLS?
>
>Sometimes OpenLDAP's libldap gets linked against GnuTLS (e.g. on Debian) or
>libnss (on Red Hat) causing misconfiguration or even triggering serious bugs.
>
>Ciao, Michael.
>
More information about the dhcp-users
mailing list