dhcp 4.3.2 with ldap backend

Glenn Satchell glenn.satchell at uniq.com.au
Tue May 12 13:43:18 UTC 2015

On Tue, May 12, 2015 10:22 pm, Kristof Van Doorsselaere wrote:
> On 12/05/15 13:43, "Peter Rathlev" <peter at rathlev.dk> wrote:
>>On Tue, 2015-05-12 at 08:06 +0000, Kristof Van Doorsselaere wrote:
>>When googling for the error message I can see a hit related to GnuTLS
>>and OpenSSL:
> Yes, that's the bug I was pointing to in my first message, but I'm
> confused about the last message in this bug:
>>> After all that it wasn't a bug.
> I already sent a mail to Mark, asking if and how his issue was solved, but
> so far no response, it would be nice if someone could share a working
> dhcpd 4.3.2 config (with ldap and start_tls enabled) + the corresponding
> ldap.conf

In the cipher list "my existing config SECURE256 became 256SECURE", ie the

# GnuTLS specific
#ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl";
ldap-tls-cert "/root/.pki/dhcpd.pem";
ldap-tls-key "/root/.pki/dhcpd.key";
ldap-tls-ciphers "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH";
# GnuTLS specific
#ldap-tls-ciphers "256SECURE";

There was also a comment in that bug about openssl specific calls which
fail when dhcpd is linked against libnss (the gnutls library).

As mentioned by others in this email thread it looks like dhcpd needs to
be smarter about which functions are available in the shared library. So
that's a dhcpd bug, but not a straight forward one to fix.


More information about the dhcp-users mailing list