Re: [Fwd] Connecting to LDAP over SSL

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Graham Barr <gb...@po...> wrote:
> ----- Forwarded message from Douglas Gray Stephens
> <DGr...@sl...> -----
> 
> Date: Wed, 24 Jan 2001 19:03:25 +0000
> To: per...@li...
> Cc: gb...@po...
> From: "Douglas Gray Stephens" <DGr...@sl...>
> Subject: Connecting to LDAP over SSL
> X-Mailer: emacs 20.7.1 (via feedmail 9-beta-7 I);
>	 VM 6.90 under Emacs 20.7.1
> 
> 
> Hi,
> 
> I am trying to connect to an LDAP server over SSL (i.e. port 636).
> 
> I looked at perldap (v1.4) and perl-ldap (v 0.22), and both hint that
> they can connect to an LDAP over SSL.  However perldap appears to want
> to use a local certificate for client authenitcation, while is should
> be possible to use SSL simple to secure the communications channel.
> 
> Using the following perl-ldap snippet can connect to the LDAP server
> (without SSL):
>   use Net::LDAP;
> 
>   $ldap = new Net::LDAP('ldap:389','timeout'=>300) or die "$@";
> 
>   $mesg = $ldap->search (  # perform a search
>                           base   => "o=slb,c=AN",
>                           filter => "alias=dgraystephens"
>                          );
> 
>   $mesg->code && die $mesg->error;
> 
>   foreach $entry ($mesg->all_entries) { $entry->dump; }
> 
> however if I try to use an SSL connection, i.e.
> 
>   use Net::LDAPS;
> 
>   $ldap = new Net::LDAPS('ldap:636') or die "$@";
> 
>   $mesg = $ldap->search (  # perform a search
>                           base   => "o=slb,c=AN",
>                           filter => "alias=dgraystephens"
>                          );
> 
>   $mesg->code && die $mesg->error;
> 
>   foreach $entry ($mesg->all_entries) { $entry->dump; }
> 
> then the code fails to run 
>   Can't locate IO/Socket/SSL.pm in @INC (@INC contains:
>   D:/Applications/Perl/lib D:/Applications/Perl/site/lib .) at
>   D:/Applications/Perl/site/lib/Net/LDAPS.pm line 14. BEGIN
>   failed--compilation aborted at
>   D:/Applications/Perl/site/lib/Net/LDAPS.pm line 14. Compilation failed
>   in require at temp.pl line 6.
>   BEGIN failed--compilation aborted at temp.pl line 6.
> 
> I can connect to over SSL to a WEB server (i.e. HTTPS).
> 
> The IO::Socket::SSL module is not included in the perl-ldap module
> that is available via the package manager.  I believe that the module
> is (or was)  part of the Bundle::Net::LDAP package 
>  http://www.perldoc.com/cpan/Bundle/Net/LDAP.html 
> which I cannot locate?

Well I don't think it should be, as SSL support is pretty optional for
Net::LDAP.

> Is IO::Socket::SSL (or the Bundle::Net::LDAP package) available for
> windows?

There's no real reason why it shouldn't be, although it relies on another
module which needs to be built using a C compiler so it might not be a
straightforward install.

Have you looked at ActiveState's web site, or CPAN?

> Has anyone managed to use perl-ldap (or another LDAP module) to
> communicate with an LDAP server over SSL?

I have, and a couple of folks who beta tested the code have as well. I
suspect none of us were using Windows though.

> Thanks in advance,
> 
> Douglas.
> 
> -- 
> 
> ================================
> Dr. Douglas GRAY STEPHENS        
> SL-IT Security (Directories)
> Schlumberger Cambridge Research
> High Cross,
> Madingley Road,
> Cambridge.
> CB3 0EL
> ENGLAND
> 
> Phone +44 1223 325295
> Fax   +44 1223 311830
> Email DGr...@sl...
> ================================
> 
> 
> ----- End forwarded message -----
> 

Cheers,

Chris