[pkg-dhcp-devel] Bug#891767: Server doesn't use the correct filter and doesn't read the ldap configuration
Ricardo Cardoso
rfonsecacardoso at gmail.com
Wed Feb 28 16:04:09 UTC 2018
Package: isc-dhcp-server-ldap
Version: 4.3.5-3
Hi,
I am currently configuring the isc-dhcp-server-ldap on Debian 9(stretch)
but the server doesn't read LDAP conf correctly!
My configuration works both in Debian 7 (wheezy) and Debian 8(jessie) but
not in Debian 9.
When I try to start the dhcp-server service on Debian 9 with the same
configurations from Debian 8 and 7 I start to see weird searches on the
ldap log about dhcpTSigKey and dhcpFailOverPeer:
Feb 28 15:04:43 server2 slapd[12478]: conn=1028 op=1 SRCH
base="dc=mycompany,cn=com" scope=2 deref=0
filter="(&(objectClass=dhcpServer)(|(cn=server3)(cn=server3.mycompany.com
)))"
Feb 28 15:04:43 server2 slapd[12478]: conn=1028 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 28 15:04:43 server2 slapd[12478]: conn=1028 op=2 SRCH
base="cn=server3,cn=dhcp,cn=server3.mycompany.com,cn=servers,dc=company,cn=com"
scope=0 deref=0 filter="(&(objectClass=dhcpService)(|(|(dhcpPrimaryDN=cn=
server3.company.com,cn=servers,dc=company,cn=com)(dhcpSecondaryDN=cn=
server3.company.com,cn=servers,dc=company,cn=com))(?dhcpServerDN=cn=
server3.company.com,cn=servers,dc=company,cn=com)))"
Feb 28 15:04:43 server2 slapd[12478]: conn=1028 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 28 15:04:43 server2 slapd[12478]: conn=1028 op=3 SRCH
base="cn=server3,cn=dhcp,cn=server3.mycompany.com,cn=servers,dc=company,cn=com"
scope=1 deref=0
filter="(!(|(|(?objectClass=dhcpTSigKey)(objectClass=dhcpClass))(?objectClass=dhcpFailOverPeer)))"
Feb 28 15:04:43 server2 slapd[12478]: conn=1028 op=3 SEARCH RESULT tag=101
err=0 nentries=0 text=
Feb 28 15:04:43 server2 slapd[12478]: conn=1028 op=4 SRCH
base="cn=server3,cn=dhcp,cn=server3.mycompany.com,cn=servers,dc=company,cn=com"
scope=1 deref=0
filter="(|(|(?objectClass=dhcpTSigKey)(objectClass=dhcpClass))(?objectClass=dhcpFailOverPeer))"
Feb 28 15:04:43 server2 slapd[12478]: conn=1028 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
and I don't have those attributes.
By the other hand on Debian 7 (wheezy) and Debian 8(jessie) with the same
configurations the filter used is (objectClass=*):
Feb 28 15:12:12 server2 slapd[12478]: conn=1032 op=1 SRCH
base="company=sc,cn=com" scope=2 deref=0
filter="(&(objectClass=dhcpServer)(|(cn=server3)(cn=server3.mycompany.com
)))"
Feb 28 15:12:12 server2 slapd[12478]: conn=1032 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 28 15:12:12 server2 slapd[12478]: conn=1032 op=2 SRCH
base="cn=server3,cn=dhcp,cn=server3.company.com,cn=servers,dc=company,cn=com"
scope=0 deref=0 filter="(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=
server3.mycompany.com,cn=servers,dc=mycompany,cn=com)(dhcpSecondaryDN=cn=
server3.mycompany.com,cn=servers,dc=company,cn=com)))"
Feb 28 15:12:12 server2 slapd[12478]: conn=1032 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 28 15:12:12 server2 slapd[12478]: conn=1032 op=3 SRCH
base="cn=server3,cn=dhcp,cn=server3.company.com,cn=servers,dc=company,cn=com"
scope=1 deref=0 filter="(objectClass=*)"
Feb 28 15:12:12 server2 slapd[12478]: conn=1032 op=3 SEARCH RESULT tag=101
err=0 nentries=19 text=
And thus the dhcp-server-ldap works and can read my networks perfectly.
This is very similiar to bug #655364.
Could you please analyse it and tell me if I need to use an extra parameter
for new version or if this is really a bug?
Thank you for your time and sorry for the inconvinience,
Ricardo Cardoso
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20180228/dd388afa/attachment.html>
More information about the pkg-dhcp-devel
mailing list