Protect your Mac from a malicious DHCP server
You should not use an automatic authentication search policy with a DHCP-supplied LDAP server or a DHCP-supplied shared directory domain in an environment where security is a major concern.
You can protect your Mac against malicious attacks from a DHCP server by disabling use of a DHCP-supplied LDAP directory and disabling broadcast and DHCP binding for a local directory domain (or disabling the local directory domain).