
On Wednesday, March 17, 2004 8:12 AM
Stephan Lauffer
are there some plans to add ssl support for ldap (f.e. with Net::LDAPS)?
We are SSL-ready when it comes to LDAP, as LDAP.pm hands over any setting you make to Net::LDAP. The latter is SSL-aware already, no real need for Net::LDAPS, which I believe is merely a wrapper to Net::LDAP. As a precaution, make sure that IO::Socket::SSL _and_ its dependency Net::SSLeay are installed. Yes, OpenSSL isn't enough in this case - no way around. Get both from CPAN at last: http://search.cpan.org/~behroozi/IO-Socket-SSL-0.95/ http://search.cpan.org/~sampo/Net_SSLeay.pm-1.25/ So prepared, try out these settings - it worked like a charm for me against an OpenLDAP server just by using ldaps:// in the Host definition, nothing more was required. If you don't succeed, play a bit with the commented options. $Self->{CustomerUser} = { # ...more settings here... Host => 'ldaps://ldap.example.com', Params => { # ...more settings here... version => 3, # ldaps only work with LDAPv3 # sslversion => 'sslv2/3', # defaults to: 'tlsv1' # verify => 'require', # clientcert => '/path/to/cert.pem', # clientkey => '/path/to/key.pem', # keydecrypt => sub { 'secret'; }, # capath => '/path/to/servercerts/', }, # ...more settings here... }; A comprehensive description of all possible settings are maintained here: http://search.cpan.org/~gbarr/perl-ldap-0.31/lib/Net/LDAP.pod#start_tls For sure, you may use this not only for the CustomerUser data, but for all your ldap connections. hth, Robert Kehl -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388