Start TLS problems...

Thu, 18 Mar 2004 02:51:58 -0800 

I am having all sorts of problems getting a secure connection to my ldap
server.
I am using:

openldap 2-1.25
Net::LDAP: 0.26
IO:Socket:SSL 1.26
Perl v5.6.1

My code is (Actually, it is an example I found on the net.):

----------------------------------------------------------------------------
----------
#!/usr/bin/perl -w
use Net::LDAPS;
$dn = "uid=mylogin,ou=myusers,ou=myunit,o=myorg";
$pw = "mypass";

my $ldap_server = "myserver.some.com";
my $cafile = "/usr/local/etc/openldap/cacert.pem";

my $ldcon = new Net::LDAPS($ldap_server, port=> "636", version => 3,
verify=>'none', cafile=>"$cafile") || die "Can't connect $@";

my $mesg = $ldcon->bind(dn => $dn,password => $pw, version=>3);

$version = $ldcon->version;
print "version is $version\n";

$mesg = $ldcon->cipher();
print "cipher is ",$mesg,"\n";
----------------------------------------------------------------------------
----------
I get:
Can't connect IO::Socket::SSL: Timeout at ./sslconn.pl line 9.

I also tried a TLS version:
----------------------------------------------------------------------------
----------
#!/usr/bin/perl -w

use Net::LDAP qw(:all);

my $ldaphost = "myserver.some.com";
my $port = 389;
my $ldapconn = Net::LDAP->new($ldaphost,port=>$port,
  version=>3) or die "$@";

my $cafile = "/usr/local/etc/openldap/cacert.pem";
my $result = $ldapconn->start_tls(verify=>'require',cafile=>"$cafile");
if ($result->code)
{
 # Something went wrong.
 # There was an LDAP error.
 print ("code: " . $result->code . "\n");
 print ("done: " . $result->done . "\n");
 print ("error: " . $result->error . "\n");
 print ("is_error: " . $result->is_error . "\n");
}
print (ref($ldapconn->socket) . "\n");

print("cipher chosen:",$ldapconn->cipher,"\n");
$servercert = $ldapconn->certificate;
print("LDAP server cert issuer:\n",$servercert->issuer_name,"\n\n");
print("LDAP server cert subject:\n",$servercert->subject_name,"\n\n");
----------------------------------------------------------------------------
----------
and I get:

code: 1
done: 1
error: Operations error
is_error: 1
IO::Socket::INET
Use of uninitialized value in print at ./tlsconn3.pl line 23.
cipher chosen:
Can't call method "issuer_name" on an undefined value at ./tlsconn3.pl line
25.

I printed out the ldapconn->socket becuase I had seen an earlier reference
to a bug in IO:Socket:SSL.

Using the java ldap-browser I can connect to the server on port 636 when I
enable the SSL checkbox (Is this SSL or TLS?)...
If anyone has any ideas I'd love to hear them....

Reply via email to