
hi! thx - i hoped that i only need to take care of LDAP.pm. I just wasn't sure. On Wed, Mar 17, 2004 at 12:28:04PM +0100, Robert Kehl wrote:
From: "Robert Kehl"
To: "Development community of OTRS" Date: Wed, 17 Mar 2004 12:28:04 +0100 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 Subject: Re: [dev] ssl support for ldap backends On Wednesday, March 17, 2004 8:12 AM Stephan Lauffer
wrote: are there some plans to add ssl support for ldap (f.e. with Net::LDAPS)?
We are SSL-ready when it comes to LDAP, as LDAP.pm hands over any setting you make to Net::LDAP. The latter is SSL-aware already, no real need for Net::LDAPS, which I believe is merely a wrapper to Net::LDAP.
As a precaution, make sure that IO::Socket::SSL _and_ its dependency Net::SSLeay are installed. Yes, OpenSSL isn't enough in this case - no way around. Get both from CPAN at last: http://search.cpan.org/~behroozi/IO-Socket-SSL-0.95/ http://search.cpan.org/~sampo/Net_SSLeay.pm-1.25/
So prepared, try out these settings - it worked like a charm for me against an OpenLDAP server just by using ldaps:// in the Host definition, nothing more was required. If you don't succeed, play a bit with the commented options.
$Self->{CustomerUser} = { # ...more settings here... Host => 'ldaps://ldap.example.com', Params => { # ...more settings here... version => 3, # ldaps only work with LDAPv3 # sslversion => 'sslv2/3', # defaults to: 'tlsv1' # verify => 'require',
# clientcert => '/path/to/cert.pem', # clientkey => '/path/to/key.pem', # keydecrypt => sub { 'secret'; }, # capath => '/path/to/servercerts/',
}, # ...more settings here... };
A comprehensive description of all possible settings are maintained here: http://search.cpan.org/~gbarr/perl-ldap-0.31/lib/Net/LDAP.pod#start_tls
For sure, you may use this not only for the CustomerUser data, but for all your ldap connections.
hth,
Robert Kehl
-- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388
_______________________________________________ OTRS mailing list: dev - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/dev To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
-- Liebe Gruesse, with best regards Stephan Lauffer [ Pedagogical University Freiburg - Germany ] [ http://www.ph-freiburg.de/zik/ ] [ Fon/ Fax: +49 761 682 -459/ -486 ]