dhcp 4.3.2 with ldap backend
Michael Ströder
michael at stroeder.com
Tue May 12 12:45:43 UTC 2015
Kristof Van Doorsselaere wrote:
> 654 ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
> [..]
> 765 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
> 768 log_error ("Cannot set LDAP TLS crl check option: %s",
> Cannot set LDAP TLS crl check option: Can't contact LDAP server
I suspect that libldap does not provide setting option LDAP_OPT_X_TLS_CRLCHECK
on your platform.
From ldap_set_option(3):
LDAP_OPT_X_TLS_CRLCHECK
Sets/gets the CRL evaluation strategy, [..]
Requires OpenSSL.
That's clearly a dhcpd bug because if libldap is linked against libnss (on
RedHat systems) or GnuTLS (e.g. Debian) the option LDAP_OPT_X_TLS_CRLCHECK is
not usable. dhcpd has to check that and at least ignore this error during startup.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150512/b94680b3/attachment.bin>
More information about the dhcp-users
mailing list