dhcp 4.3.2 with ldap backend
Kristof Van Doorsselaere
kristof.vandoorsselaere at hogent.be
Wed Sep 2 06:48:24 UTC 2015
Can someone tell me if below issue is/should be resolved in 4.3.3 ?
Kristof Van Doorsselaere
hoofdmedewerker server- en netwerkbeheer
----------------------------------
Hogeschool Gent
Directie Financiën en ICT
Valentin Vaerwijckweg 1
BE-9000 Gent
T +32 9 243 35 20
HoGent.be
On 12/05/15 14:45, "dhcp-users-bounces at lists.isc.org on behalf of Michael Ströder" <dhcp-users-bounces at lists.isc.org on behalf of michael at stroeder.com> wrote:
>Kristof Van Doorsselaere wrote:
>> 654 ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
> > [..]
>> 765 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
>> 768 log_error ("Cannot set LDAP TLS crl check option: %s",
>> Cannot set LDAP TLS crl check option: Can't contact LDAP server
>
>I suspect that libldap does not provide setting option LDAP_OPT_X_TLS_CRLCHECK
>on your platform.
>
> From ldap_set_option(3):
>
> LDAP_OPT_X_TLS_CRLCHECK
> Sets/gets the CRL evaluation strategy, [..]
> Requires OpenSSL.
>
>That's clearly a dhcpd bug because if libldap is linked against libnss (on
>RedHat systems) or GnuTLS (e.g. Debian) the option LDAP_OPT_X_TLS_CRLCHECK is
>not usable. dhcpd has to check that and at least ignore this error during startup.
>
>Ciao, Michael.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4206 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150902/d5b38cbd/attachment.bin>
More information about the dhcp-users
mailing list