dhcp 4.3.2 with ldap backend

Michael Ströder michael at stroeder.com
Fri May 8 09:12:27 UTC 2015

Kristof Van Doorsselaere wrote:
> I’m trying to setup a new dual stack (ipv4/ipv6) dhcp server for my company.
> We are using an ldap backend (for fixed ip’s and mac address verification).
> Up till now we used a old 4.1.1 dhcp server, but for the new server I prefer to use the latest 4.3.2 source.

Did you also change the OS or its version or at least libldap?

> May  6 08:49:39 fulaga dhcpd: Cannot set LDAP TLS crl check option: Can't contact LDAP server
> May  6 08:49:39 fulaga dhcpd: LDAPS session successfully enabled to ldaptest.example.com:636
> May  6 08:49:39 fulaga dhcpd: Error: Cannot login into ldap server ldaptest.example.com:636: Can't contact LDAP server
> May  6 08:49:39 fulaga dhcpd: Configuration file errors encountered — exiting

This looks like a TLS misconfiguration to me.

Are you sure your local libldap installation works as is with LDAPS or StartTLS?

Sometimes OpenLDAP's libldap gets linked against GnuTLS (e.g. on Debian) or 
libnss (on Red Hat) causing misconfiguration or even triggering serious bugs.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150508/92a05eda/attachment.bin>

More information about the dhcp-users mailing list