You are right,

This might be more a Fedora issue than FreeIPA. I am hoping that someone else is also using DHCP with LDAP (specially with FreeIPA).


I am using the IPA-dhcp plugin: https://github.com/jefferyharrell/IPA-dhcp

ldapsearch -x shows the entries are fine in the LDAP.

Stracing dhcpd shows that it is not making any connection to the LDAP, while it shows an error message.

On Fedora 24 (updated), I am using dhcp-server-4.3.4.fc24

/etc/dhcp/dhcpd.conf:
    ldap-server "10.101.1.1"; #or localhost, or any interface ip or ns name
    ldap-port 389;
    ldap-base-dn "cn=dhcp,dc=dias,dc=com,dc=br";
    ldap-method static;
    ldap-debug-file "/var/log/dhcp-ldap-startup.log";

The STDERR output acts as if it were talking to the LDAP server:

Cannot find host LDAP entry server.dias.com.br (&(objectClass=dhcpServer)(cn=server.dias.com.br))

As the output of ldapsearch, the entry is there:
    # server.dias.com.br, dhcp, dias.com.br
    dn: cn=server.dias.com.br,cn=dhcp,dc=dias,dc=com,dc=br
    objectClass: dhcpserver
    objectClass: top
    dhcpServiceDN: cn=dhcp,dc=dias,dc=com,dc=br
    cn: server.dias.com.br
    dhcpStatements: authoritative

Using the same config on a ubuntu host, it works fine, which makes me wonder that dhcpd in Fedora 24 does not work at all with LDAP.

Or maybe this is a reflection of some FreeIPA server way of life configuration, like sssd.

-rsd


On 07/11/2016 05:10, Petr Spacek wrote:
On 6.11.2016 06:06, Raul Dias wrote:
Hello,

It seems that DHCP with LDAP on Fedora 24 (FreeIPA) is broken.

Can anyone confirm?

Doing an strace -e trace=network does not show any attempt to connect to the
ldap server.

OTOH, the same config on a Ubuntu 16.10 works fine.
Hello,

AFAIK DHCP support was never part of official FreeIPA builds. What are you
trying to achieve and where did you get the builds?

We need to know exact software versions and configuration. For further hints
how to report bugs please see
http://www.freeipa.org/page/Troubleshooting#Reporting_bugs


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to