dhcp 4.3.2 with ldap backend

Kristof Van Doorsselaere kristof.vandoorsselaere at hogent.be
Mon May 11 10:59:53 UTC 2015


>> Does this also work if you use "-H ldaps://..."?

Yes, but only if I remove the -Z option, else I get:

 additional info: TLS already started

Kristof








On 11/05/15 10:53, "Peter Rathlev" <peter at rathlev.dk> wrote:

>On Mon, 2015-05-11 at 06:46 +0000, Kristof Van Doorsselaere wrote:
>> I just tested ldapsearch on this new dhcp server, and so far, this
>> seems to work for me,  example:
>> 
>> [root@ new_server ~]#  ldapsearch -Z -LLL -b “dc=example,dc=com" \
>>   -H ldap://ldaptest.example.com -D “uid=admin,dc=example,dc=com" \
>>   -W  "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:02:b3:d0:2a:ca))"
>> Enter LDAP Password: 
>> dn: cn=0002b3d02aca,cn=CA-NET,cn=DHCP Service Config,dc=example,dc=com
>...
>
>Does this also work if you use "-H ldaps://..."?
>
>> Also when I disable ldap-ssl: —> ldap-ssl off , it refuses to start:
>> 
>> May 11 08:43:13 new_server systemd: Starting IPv4 DHCP server on ...
>> May 11 08:43:13 new_server dhcpd: Error: Cannot login into ldap server \
>>   ldaptest.example.com:389: Can't contact LDAP server
>> May 11 08:43:13 new_server dhcpd: Configuration file errors encountered \
>>   -- exiting
>>  
>> And in all cases, I don’t see any connections towards my ldap server. 
>
>Just a shot in the dark, but could it be related to SELinux? Does it
>give you the same errors if you try "setenforce 0" first?
>
>-- 
>Peter
>
>_______________________________________________
>dhcp-users mailing list
>dhcp-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/dhcp-users


More information about the dhcp-users mailing list