dhcp 4.3.2 with ldap backend
Kristof Van Doorsselaere
kristof.vandoorsselaere at hogent.be
Tue May 12 12:59:58 UTC 2015
Is this something easy to patch? I’m willing to validate a patch if someone can come up with a path, or should I fill a bug report?
Thanks in advance,
Kristof
On 12/05/15 14:45, "Michael Ströder" <michael at stroeder.com> wrote:
>Kristof Van Doorsselaere wrote:
>> 654 ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
> > [..]
>> 765 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
>> 768 log_error ("Cannot set LDAP TLS crl check option: %s",
>> Cannot set LDAP TLS crl check option: Can't contact LDAP server
>
>I suspect that libldap does not provide setting option LDAP_OPT_X_TLS_CRLCHECK
>on your platform.
>
> From ldap_set_option(3):
>
> LDAP_OPT_X_TLS_CRLCHECK
> Sets/gets the CRL evaluation strategy, [..]
> Requires OpenSSL.
>
>That's clearly a dhcpd bug because if libldap is linked against libnss (on
>RedHat systems) or GnuTLS (e.g. Debian) the option LDAP_OPT_X_TLS_CRLCHECK is
>not usable. dhcpd has to check that and at least ignore this error during startup.
>
>Ciao, Michael.
>
More information about the dhcp-users
mailing list