dhcp 4.3.2 with ldap backend

Kristof Van Doorsselaere kristof.vandoorsselaere at hogent.be
Tue May 12 12:59:58 UTC 2015

Is this something easy to patch? I’m willing to validate a patch if someone can come up with a path, or should I fill a bug report?

Thanks in advance,


On 12/05/15 14:45, "Michael Ströder" <michael at stroeder.com> wrote:

>Kristof Van Doorsselaere wrote:
>> 654	          ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
> > [..]
>> 765	          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
>> 768	              log_error ("Cannot set LDAP TLS crl check option: %s",
>> Cannot set LDAP TLS crl check option: Can't contact LDAP server
>I suspect that libldap does not provide setting option LDAP_OPT_X_TLS_CRLCHECK 
>on your platform.
> From ldap_set_option(3):
>     Sets/gets the CRL evaluation strategy, [..]
>     Requires OpenSSL.
>That's clearly a dhcpd bug because if libldap is linked against libnss (on 
>RedHat systems) or GnuTLS (e.g. Debian) the option LDAP_OPT_X_TLS_CRLCHECK is 
>not usable. dhcpd has to check that and at least ignore this error during startup.
>Ciao, Michael.

More information about the dhcp-users mailing list