dhcp 4.3.2 with ldap backend

Glenn Satchell glenn.satchell at uniq.com.au
Tue May 12 13:43:18 UTC 2015


On Tue, May 12, 2015 10:22 pm, Kristof Van Doorsselaere wrote:
>
> On 12/05/15 13:43, "Peter Rathlev" <peter at rathlev.dk> wrote:
>
>>On Tue, 2015-05-12 at 08:06 +0000, Kristof Van Doorsselaere wrote:
>>When googling for the error message I can see a hit related to GnuTLS
>>and OpenSSL:
>>
>>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723773
>
>
> Yes, that's the bug I was pointing to in my first message, but I'm
> confused about the last message in this bug:
>
>>> After all that it wasn't a bug.
>
>
> I already sent a mail to Mark, asking if and how his issue was solved, but
> so far no response, it would be nice if someone could share a working
> dhcpd 4.3.2 config (with ldap and start_tls enabled) + the corresponding
> ldap.conf
>

In the cipher list "my existing config SECURE256 became 256SECURE", ie the
setting:

# GnuTLS specific
#ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl";
ldap-tls-cert "/root/.pki/dhcpd.pem";
ldap-tls-key "/root/.pki/dhcpd.key";
ldap-tls-ciphers "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH";
# GnuTLS specific
#ldap-tls-ciphers "256SECURE";

There was also a comment in that bug about openssl specific calls which
fail when dhcpd is linked against libnss (the gnutls library).

As mentioned by others in this email thread it looks like dhcpd needs to
be smarter about which functions are available in the shared library. So
that's a dhcpd bug, but not a straight forward one to fix.

regards,
-glenn




More information about the dhcp-users mailing list