Menu
▾
▴
Re: start_tls and Net::LDAPS
|
From: Bing Du <du...@mo...> - 2002-10-08 16:02:52
|
For testing if our directory supports TLS, I run the following script. ======== #!/usr/local/bin/perl use Net::LDAP; my $ldap_server = 'operator.tamu.edu'; my $ldcon = new Net::LDAP($ldap_server,version=>3) || die "Can't connect"; my $can_do_start_tls = 0; my $r = $ldcon->root_dse(); foreach ($r->get_value("supportedExtension")) { $can_do_start_tls = 1 if $_ eq "1.3.6.1.4.1.1466.20037"; } print "can_do_start_tls is $can_do_start_tls\n"; exit; ======== The output is 'can_do_start_tls is 1'. Now what? Bing Bing Du <bi...@ta..., 979-845-9577> Texas A&M University, CIS, Operating Systems, Unix On Tue, 8 Oct 2002, Bing Du wrote: > Now that Net::LDAPS works, does that mean our directory server supports > SSL but not necessarily supports TLS? > > From my understanding after reading the description of Net::LDAPS: > > "... > Note that the use of LDAPS is not recommended, because it is > not described by any IETF documents. Instead, you should > consider using LDAPv3 with the TLS extension defined in RFC > 2830. This will give you the same functionality as LDAPS, > but using recognized standards. See the start_tls entry in > the Net::LDAP manpage. ..." > > Start_tls should at least do what Net::LDAPS can do. Please correct me if > I'm wrong. Thanks. > > Bing > > Bing Du <bi...@ta..., 979-845-9577> > Texas A&M University, CIS, Operating Systems, Unix > > On Mon, 7 Oct 2002, Clif Harden wrote: > > > > > The first thing I would do is make sure your directory server > > supports TLS operation. > > > > Clif > > > > > > > > Bing Du wrote: > > > > > > I'd appreciate anybody providing any hints or pointing me to any online > > > sources that would be helpful for fixing my problem with > > > start_tls. Briefly Net::LDAPS works fine but start_tls does not. More > > > details as shown below. > > > > > > Net::LDAP version 0.251 > > > Net::LDAPS version 0.03 > > > > > > > |
