dhcp 4.3.2 with ldap backend

[Kristof Van Doorsselaere]

Can someone tell me if below issue is/should be resolved in 4.3.3 ?


Kristof Van Doorsselaere
hoofdmedewerker server- en netwerkbeheer 
----------------------------------


Hogeschool Gent
Directie Financiën en ICT
Valentin Vaerwijckweg 1
BE-9000 Gent
T +32 9 243 35 20
HoGent.be






On 12/05/15 14:45, "dhcp-users-bounces at lists.isc.org on behalf of Michael Ströder" <dhcp-users-bounces at lists.isc.org on behalf of michael at stroeder.com> wrote:

>Kristof Van Doorsselaere wrote:
>> 654	          ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
> > [..]
>> 765	          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
>> 768	              log_error ("Cannot set LDAP TLS crl check option: %s",
>> Cannot set LDAP TLS crl check option: Can't contact LDAP server
>
>I suspect that libldap does not provide setting option LDAP_OPT_X_TLS_CRLCHECK 
>on your platform.
>
> From ldap_set_option(3):
>
>   LDAP_OPT_X_TLS_CRLCHECK
>     Sets/gets the CRL evaluation strategy, [..]
>     Requires OpenSSL.
>
>That's clearly a dhcpd bug because if libldap is linked against libnss (on 
>RedHat systems) or GnuTLS (e.g. Debian) the option LDAP_OPT_X_TLS_CRLCHECK is 
>not usable. dhcpd has to check that and at least ignore this error during startup.
>
>Ciao, Michael.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4206 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150902/d5b38cbd/attachment.bin>