From: Jamie C. <jca...@we...> - 2008-12-01 23:31:06
|
On 30/Nov/2008 13:22 Paul R. Ganci wrote .. > Paul R. Ganci wrote: > > Here is a patch to ldap-server-lib.pl so you can see > > what I did > Ugh, I screwed up ldap-server-lib.patch from my previous Email. I > accidentally modified the distro ldap-server-lib.pl before I did the > diff, Sorry. The patch should look more like this: > > --- ./ldap-server-lib.pl.dist 2008-11-30 14:14:28.000000000 -0700 > +++ ./ldap-server-lib.pl 2008-11-30 11:21:53.000000000 -0700 > @@ -67,27 +67,21 @@ > local @ssls = $ssl eq "" ? ( 1, 0 ) : ( $ssl ); > local $ldap; > foreach $ssl (@ssls) { > - $ldap = Net::LDAP->new($server, port => $port); > + local ($proto); > + if (($port == 389) && $ssl) { # STARTTLS only on standard port > (ldapi) > + $proto='ldapi'; > + } > + elsif ($ssl) { # SSL Encryption (ldaps) > + $proto='ldaps'; > + } > + else { > + $proto='ldap'; # Standard (ldap) > + } > + $ldap = Net::LDAP->new($server, port => $port, scheme => $proto); > if (!$ldap) { > # Connection failed .. give up completely > return &text('connect_eldap', "<tt>$server</tt>", $port); > } > - if ($ssl) { > - # Switch to TLS mode > - local $mesg; > - eval { $mesg = $ldap->start_tls(); }; > - if ($@ || !$mesg || $mesg->code) { > - # Failed to switch to SSL mode. If also trying > non-SSL, > - # continue around the loop. Otherwise, give up > - if (@ssls > 1) { > - next; > - } > - else { > - return &text('connect_essl', > "<tt>$server</tt>", > - $@ ? $@ : &ldap_error($mesg)); > - } > - } > - } > } > $ldap || return "This can't happen!"; > > Watch out for line wraps due to an 80 character text formatted message > to the list. Thanks for those three patches - I see now that Webmin's support for proper LDAP over SSL was broken, as it was only able to handle TLS. I will incorporate modified versions of your fixed into the next release, with the TLS support added back in where appropriate. - Jamie |