Package: isc-dhcp-server-ldap
Version: 4.4.1-2.3
Severity: important
Dear Maintainer,
dhcpd doesn't handle LDAP sizelimits correctly.
If LDAP-server returns error code 4 (LDAP_SIZELIMIT_EXCEEDED) then dhcpd seems to hang until a
segmentation fault occurs.
When using LDAPS instead of LDAP then dhcpd prints:
-- snip --
Internet Systems Consortium DHCP Server 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Cannot set LDAP TLS crl check option: Can't contact LDAP server
LDAPS session successfully enabled to zitisrv01.ziti.uni-heidelberg.de:636
Cannot set LDAP TLS crl check option: Can't contact LDAP server
LDAPS session successfully enabled to zitisrv01.ziti.uni-heidelberg.de:636
Cannot set LDAP TLS crl check option: Can't contact LDAP server
LDAPS session successfully enabled to zitisrv01.ziti.uni-heidelberg.de:636
-- continues until segmentation fault --
relevant slapd log lines:
-- snip --
slapd[1753072]: conn=1618 fd=27 ACCEPT from IP=127.0.0.1:44080
(IP=127.0.0.1:389)
slapd[1753072]: conn=1618 op=0 BIND dn="cn=dhcp,ou=dsa,dc=example,dc=com"
method=128
slapd[1753072]: conn=1618 op=0 BIND dn="cn=dhcp,ou=dsa,dc=example,dc=com"
mech=SIMPLE ssf=0
slapd[1753072]: conn=1618 op=0 RESULT tag=97 err=0 text=
slapd[1753072]: conn=1618 op=1 SRCH base="cn=dhcp-group,cn=dhcp-config,dc=example,dc=com" scope=1
deref=0 filter="(!(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass))(objectClass=dhcpFailOverPeer)))"
slapd[1753072]: conn=1618 op=1 SEARCH RESULT tag=101 err=4 nentries=50 text=
slapd[1753072]: conn=1618 op=2 UNBIND
-- snip --
in slapd config:
sizelimit size.soft=50 size.hard=1000
The DHCP group "dhcp-group" requested in the failing LDAP search contains 100
host entries.
When changing the slapd sizelimit to 100 or larger, then dhcpd works.
Thanks!
Christian