-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SOLVED!
I updated following packages:
- - dhcp3-common_3.1.1.1_amd64.deb
- - dhcp3-server_3.1.1.1_amd64.deb
- - dhcp3-server-ldap_3.1.1.1_amd64.deb
LDAP-Authentication is now possible only with a valid
user account *and* password. Wrong password denies
authentication. ACLs takes now effect.
Thanks
Holger
José L. Redrejo Rodríguez schrieb:
> El mar, 03-06-2008 a las 11:37 +0200, Holger Luedecke escribió:
>> Package: dhcp3-server-ldap
>> Version: 3.1.1-1_ amd64
>> Severity: important
>>
>>
>>
>> -- System Information:
>> Debian Release: lenny/sid
>> APT prefers unstable
>> APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
>> Architecture: i386 (i686)
>>
>> Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
>> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored:
>> LC_ALL set to de_DE.UTF-8)
>> Shell: /bin/sh linked to /bin/bash
>>
>> dhcpd is unable to authenticate to ldap with a valid account.
>> ---syslog start---
>> Jun 3 10:34:16 sam dhcpd: Connecting to LDAP server localhost:389
>> Jun 3 10:34:16 sam slapd[26655]: conn=9 op=0 BIND
>> dn="uid=dhcp,ou=People,dc=local,dc=com" method=128
>> Jun 3 10:34:16 sam slapd[26655]: conn=9 op=0 BIND
>> dn="uid=dhcp,ou=People,dc=local,dc=com" mech=SIMPLE ssf=0
>> Jun 3 10:34:16 sam dhcpd: Error: Cannot login into ldap server
>> localhost:389: Success
>> Jun 3 10:34:16 sam dhcpd: Configuration file errors encountered -- exiting
>> ---syslog end---
>>
>> ---strace start---
>> setsockopt(6, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
>> setsockopt(6, SOL_TCP, TCP_NODELAY, [1], 4) = 0
>> connect(6, {sa_family=AF_INET, sin_port=htons(389),
>> sin_addr=inet_addr("127.0.0.1")}, 16) = 0
>> write(6, "0>\2\1\1`9\2\1\3\4&uid=dhcp, ou=People,"..., 64) = 64
>> poll([{fd=6, events=POLLIN|POLLPRI|POLLERR|POLLHUP, revents=POLLIN}], 1, -1)
>> = 1
>> read(6, "0\f\2\1\1a\7\n", 8) = 8
>> read(6, "\1\0\4\0\4\0", 6) = 6
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2295, ...}) = 0
>> sendto(3, "<27>Jun 3 11:20:54 dhcpd: Error"..., 91, MSG_NOSIGNAL, NULL, 0)
>> = 91
>> write(2, "Error: Cannot login into ldap se"..., 64Error: Cannot login into
>> ldap localhost:389: Success) = 64
>> write(2, "\n", 1
>> ) = 1
>> rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
>> write(6, "0\5\2\1\2B\0", 7) = 7
>> shutdown(6, 2 /* send and receive */) = 0
>> close(6) = 0
>> rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2295, ...}) = 0
>> sendto(3, "<27>Jun 3 11:20:54 dhcpd: Confi"..., 75, MSG_NOSIGNAL, NULL, 0)
>> = 75
>> write(2, "Configuration file errors encoun"..., 48Configuration file errors
>> encountered -- exiting) = 48
>> write(2, "\n", 1
>> ) = 1
>> exit_group(1) = ?
>> ---strace end---
>>
>> ---dhcpd.conf start---
>> ldap-server "localhost";
>> ldap-port 389;
>> ldap-username "uid=dhcp, ou=People, dc=local, dc=com";
>> ldap-password "secret";
>> ldap-base-dn "ou=DHCP, dc=local, dc=com";
>> ldap-method dynamic;
>> ldap-debug-file "/var/log/dhcpd/dhcp-ldap-startup.log";
>> ---dhcpd.conf end---
>>
>> Anonymous authentication is successful and dhcpd starts successfully
>> but this denies usage of LDAP-ACLs.
>>
>> Authentication with same account and wrong password is successfull too
>> and dhcpd starts.
>
>
> Please, can you test the packages available at
> http://linex.educarex.es/dhcpd-ldap/ to know if they fix your problem?
> You only need to upgrade the dhcp3-server-ldap package, but I've
> included also all the packages, sources and .changes file signed with my
> gpg key, so, if you like, you can verify them using my public key
> available at
> http://db.debian.org/fetchkey.cgi?fingerprint=4491BB79CD5AD94A66814B0C9AA551D966A90DE2
>
> In my tests, it works now but I prefer to be sure it works for you too
> before sending it to Andrew.
>
> Thanks
> José L.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhOeqYACgkQaq4IjezKpy6m2QCfUjWDimsHVW0YxS8N/m6qQdlK
bbQAn3Kot9/Y9ObyRqvJ5RWvyle+vR03
=wf3R
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
