dhcp 4.3.2 with ldap backend
michael at stroeder.com
Fri May 8 12:17:15 UTC 2015
Kristof Van Doorsselaere wrote:
> After configuring: TLS_REQCERT allow in /etc/openldap/ldap.conf
Hmm, you should really let libnss validate the server's cert by setting the
TLS_CACERT or TLS_CACERTDIR. Otherwise MITM attacks are possible.
> May 8 13:55:44 fulaga systemd: Starting IPv4 DHCP server on ...
> May 8 13:55:44 fulaga dhcpd: Cannot set LDAP TLS crl check option: Can't contact LDAP server
I suspect there is something in your system-wide ldap.conf which tries to set
a TLS option related to CRLs which is unknown when using libnss.
Please read the man-page ldap.conf(5) again and eventually try to use env var
LDAPNOINIT=1 when starting dhcpd.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
More information about the dhcp-users