Hi, Thomas Kerkau wrote:
Hi all,
I'm trying to use openLDAP as NIS replacement. This is working fine. The Server is listening on LDAP and LDAPS and the clients are configured to use LDAPS. So far it is running. If I got this right, LDAPS is not the recomanded method for tls, but start_tls is.
I have tried to use start_tls in a perl script, and get only unencrypted connections. Making a perl script as simple as possible I found $test to be "2" (LDAPv2) which resultes in an error trying Start_tls. The script is:
#!/usr/bin/perl -w use Net::LDAP; $ldap = Net::LDAP->new('buddy.io-software.com') or die "$@"; $test = $ldap->version() ; print " $test \n";
but from /usr/sysconfig/openldap I thought it should be 3 (LDAPv3) for openldap Versions > 2:
Well, start_tls is an extended operation and isn't even supported in LDAPv2, so if the server thinks you are using that, start_tls will fail. You might wanna try telling the server that you are using v3, something like: $ldap = Net::LDAP->new($host,version=>3,port=>389,timeout=>20); if ($ldap==0) { return "ERROR connecting to LDAP server"; } $ldap->start_tls(sslversion=>sslv3); # this should start tls, no verify my $returnvalue=$ldap->bind("cn=$user,ou=$organizationalUnit,$searchbase",password=>$pwd) || return "can't bind"; $ldap->unbind(); # unbind & disconnect $returnvalue->code && return $returnvalue->error; # return errormessage on failure return undef; # undef=success (you need to feed it host, user, organizationalUnit, searchbase and password) HTH Stefan