hi! thx - i hoped that i only need to take care of LDAP.pm. I just wasn't sure.
On Wed, Mar 17, 2004 at 12:28:04PM +0100, Robert Kehl wrote: > From: "Robert Kehl" <[EMAIL PROTECTED]> > To: "Development community of OTRS" <[EMAIL PROTECTED]> > Date: Wed, 17 Mar 2004 12:28:04 +0100 > X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > Subject: Re: [dev] ssl support for ldap backends > > On Wednesday, March 17, 2004 8:12 AM > Stephan Lauffer <[EMAIL PROTECTED]> wrote: > > are there some plans to add ssl support for ldap (f.e. with > > Net::LDAPS)? > > We are SSL-ready when it comes to LDAP, as LDAP.pm hands over any > setting you make to Net::LDAP. The latter is SSL-aware already, no real > need for Net::LDAPS, which I believe is merely a wrapper to Net::LDAP. > > As a precaution, make sure that IO::Socket::SSL _and_ its dependency > Net::SSLeay are installed. Yes, OpenSSL isn't enough in this case - no > way around. Get both from CPAN at last: > http://search.cpan.org/~behroozi/IO-Socket-SSL-0.95/ > http://search.cpan.org/~sampo/Net_SSLeay.pm-1.25/ > > So prepared, try out these settings - it worked like a charm for me > against an OpenLDAP server just by using ldaps:// in the Host > definition, nothing more was required. If you don't succeed, play a bit > with the commented options. > > $Self->{CustomerUser} = { > # ...more settings here... > Host => 'ldaps://ldap.example.com', > Params => { > # ...more settings here... > version => 3, # ldaps only work with LDAPv3 > # sslversion => 'sslv2/3', # defaults to: 'tlsv1' > # verify => 'require', > > # clientcert => '/path/to/cert.pem', > # clientkey => '/path/to/key.pem', > # keydecrypt => sub { 'secret'; }, > # capath => '/path/to/servercerts/', > > }, > # ...more settings here... > }; > > A comprehensive description of all possible settings are maintained > here: > http://search.cpan.org/~gbarr/perl-ldap-0.31/lib/Net/LDAP.pod#start_tls > > For sure, you may use this not only for the CustomerUser data, but for > all your ldap connections. > > hth, > > Robert Kehl > > -- > ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg > http://www.otrs.de/ :: Tel. +49 (0)6172 4832388 > > _______________________________________________ > OTRS mailing list: dev - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/dev > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev -- Liebe Gruesse, with best regards Stephan Lauffer [ Pedagogical University Freiburg - Germany ] [ http://www.ph-freiburg.de/zik/ ] [ Fon/ Fax: +49 761 682 -459/ -486 ] _______________________________________________ OTRS mailing list: dev - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/dev To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
