Menu
▾
▴
Re: ldap->ping?
|
From: Chris R. <chr...@me...> - 2000-07-31 08:45:58
|
Mark Wilcox <mew...@un...> wrote: > What's listed here needs to be split into 2 objects. > > To test for connectity, it could be Net::LDAP::isUp($ldap,[callback => > \&callback]). by default it could try with anonymous bind. $ldap is an > open Net::LDAP connection. callback is an user defined function to > determine LDAP connection status. I'm sort of nervous about this because of the side-effects. How can we implement this without side-effects? > As for things like what supported version,SASL,controls, etc. This all > should be in the server's root DSE (assuming it's LDAP 3, but an LDAP 2 > server can't give you this info). > > Thus we could have an object like Net::LDAP::DSE. No, that's too generic - servers have lots of DSEs and you are only talking about the root one. Net::LDAP::RootDSE would IMHO be a better choice. Good idea though. > Now for SSL connectivity. I don't know how to easily test for that until > we get Net::LDAPS rolled into to Net::LDAP. Because Net::LDAPS does > require a C compiler (well Net::LDAPS doesn't but the underlying SSL > modules it builds upon do), we don't really want to make this a required > object. > > Mark Servers support SSL in two ways. The first is by listening on a separate port (default 636) and requiring SSL connections on that port. That's what Net::LDAPS uses. The second is using the *normal* LDAP port (default 389) and allowing the user to switch into SSL mode (actually, TLS mode) using the startTLS extended operation. This is the recommended way of using SSL (er, TLS) with a directory, and is standardized in RFC 2830. To find out if the second mode is supported, check the supportedExtension attribute contains the startTLS OID (1.3.6.1.4.1.1466.20037) I don't think there's a way to find if the first mode's supported. You can't go by vendor names and product versions, because administrators might feasibly disable LDAPS support. Cheers, Chris |
