dhcp 4.3.2 with ldap backend

Kristof Van Doorsselaere kristof.vandoorsselaere at hogent.be
Fri May 8 09:18:15 UTC 2015 

Thanks for your reply.

Our current dhcp server is a centos 5.5, the new server I’m setting up is a centos 7

On this centos 7:

- dhcp 4.2.8 with ldap backend = OK
- dhcp 4.3.2 with ldap backend = NOK

The installed openldap packages are:

Name        : openldap-devel
Arch        : x86_64
Version     : 2.4.39
Release     : 6.el7
Size        : 3.7 M
Repo        : installed
From repo   : base
Summary     : LDAP development libraries and header files
URL         : http://www.openldap.org/
License     : OpenLDAP
Description : The openldap-devel package includes the development libraries and
            : header files needed for compiling applications that use LDAP
            : (Lightweight Directory Access Protocol) internals. LDAP is a set of
            : protocols for enabling directory services over the Internet. Install
            : this package only if you plan to develop or will need to compile
            : customized LDAP clients.

Kristof





On 08/05/15 11:12, "Michael Ströder" <michael at stroeder.com> wrote:

>Kristof Van Doorsselaere wrote:
>> I’m trying to setup a new dual stack (ipv4/ipv6) dhcp server for my company.
>>
>> We are using an ldap backend (for fixed ip’s and mac address verification).
>>
>> Up till now we used a old 4.1.1 dhcp server, but for the new server I prefer to use the latest 4.3.2 source.
>
>Did you also change the OS or its version or at least libldap?
>
>> May  6 08:49:39 fulaga dhcpd: Cannot set LDAP TLS crl check option: Can't contact LDAP server
>> May  6 08:49:39 fulaga dhcpd: LDAPS session successfully enabled to ldaptest.example.com:636
>> May  6 08:49:39 fulaga dhcpd: Error: Cannot login into ldap server ldaptest.example.com:636: Can't contact LDAP server
>> May  6 08:49:39 fulaga dhcpd: Configuration file errors encountered — exiting
>
>This looks like a TLS misconfiguration to me.
>
>Are you sure your local libldap installation works as is with LDAPS or StartTLS?
>
>Sometimes OpenLDAP's libldap gets linked against GnuTLS (e.g. on Debian) or 
>libnss (on Red Hat) causing misconfiguration or even triggering serious bugs.
>
>Ciao, Michael.
>

More information about the dhcp-users mailing list