[Freeipa-users] FreeIPA + DHCP-LDAP - Fedora 24 - broken

Petr Spacek pspacek at redhat.com
Wed Nov 9 07:46:21 UTC 2016 

On 7.11.2016 17:45, Raul Dias wrote:
> You are right,
> 
> This might be more a Fedora issue than FreeIPA. I am hoping that someone else
> is also using DHCP with LDAP (specially with FreeIPA).
> 
> I am using the IPA-dhcp plugin: https://github.com/jefferyharrell/IPA-dhcp
> 
> ldapsearch -x shows the entries are fine in the LDAP.
> 
> Stracing dhcpd shows that it is not making any connection to the LDAP, while
> it shows an error message.
> 
> On Fedora 24 (updated), I am using dhcp-server-4.3.4.fc24
> 
> /etc/dhcp/dhcpd.conf:
>     ldap-server "10.101.1.1"; #or localhost, or any interface ip or ns name
>     ldap-port 389;
>     ldap-base-dn "cn=dhcp,dc=dias,dc=com,dc=br";
>     ldap-method static;
>     ldap-debug-file "/var/log/dhcp-ldap-startup.log";
> 
> The STDERR output acts as if it were talking to the LDAP server:
> 
>     Cannot find host LDAP entry server.dias.com.br
> (&(objectClass=dhcpServer)(cn=server.dias.com.br))
> 
> As the output of ldapsearch, the entry is there:
>     # server.dias.com.br, dhcp, dias.com.br
>     dn: cn=server.dias.com.br,cn=dhcp,dc=dias,dc=com,dc=br
>     objectClass: dhcpserver
>     objectClass: top
>     dhcpServiceDN: cn=dhcp,dc=dias,dc=com,dc=br
>     cn: server.dias.com.br
>     dhcpStatements: authoritative
> 
> Using the same config on a ubuntu host, it works fine, which makes me wonder
> that dhcpd in Fedora 24 does not work at all with LDAP.

Do you mean that dhcpd on Ubuntu is configured against the very same FreeIPA
server?

Are you sure that dhcpd is using the same credentials to BIND to LDAP? There
might be an access control issue if different hosts use different credentials
or so. It would help if you described how you bound to LDAP using ldapsearch.

Petr^2 Spacek

> 
> Or maybe this is a reflection of some FreeIPA server way of life
> configuration, like sssd.
> 
> -rsd
> 
> 
> On 07/11/2016 05:10, Petr Spacek wrote:
>> On 6.11.2016 06:06, Raul Dias wrote:
>>> Hello,
>>>
>>> It seems that DHCP with LDAP on Fedora 24 (FreeIPA) is broken.
>>>
>>> Can anyone confirm?
>>>
>>> Doing an strace -e trace=network does not show any attempt to connect to the
>>> ldap server.
>>>
>>> OTOH, the same config on a Ubuntu 16.10 works fine.
>> Hello,
>>
>> AFAIK DHCP support was never part of official FreeIPA builds. What are you
>> trying to achieve and where did you get the builds?
>>
>> We need to know exact software versions and configuration. For further hints
>> how to report bugs please see
>> http://www.freeipa.org/page/Troubleshooting#Reporting_bugs
>>
> 


-- 
Petr^2 Spacek

More information about the Freeipa-users mailing list