I'm using Net::LDAP in a program that parses the openldap ldap.conf file
(/etc/openldap/ldap.conf on RHEL systems) for it's LDAP settings.
I would like program to start TLS if the connections isn't already
SSL-encrypted. What is the best way to check that a connection is
SSL-encrypted? I tried using the scheme() method, but I get an error.
Here's the code:
# Connect to LDAP server
my $ldap = Net::LDAP->new(\...@ldap_servers,
onerror => 'die'
) || die "Could not connect to LDAP servers.\n";
$connection_scheme = $ldap->scheme();
# Check that we have an encrypted connection. If not, start TLS
if ($connection_scheme ne 'ldaps') {
$ldap->start_tls( verify => 'require',
cafile => $tls_cacert,
capath => $tls_cacertdir
);
}
And here's the error:
Can't locate object method "scheme" via package "Net::LDAP" at
./sns_chsh.pl line 92, <LDAP_CONF> line 16.
Am I using scheme incorrectly?
I could check for the string 'ldaps' in each entry in @ldap_servers, but
I don't know in advance which server new() will connect to, and it's
possible to have this in ldap.conf:
URI ldap://ldap1.example.com ldaps:://ldap2.exmaple.com
so scheme() looks like the most reliable method.
--
Prentice Bisbal
Linux Software Support Specialist/System Administrator
School of Natural Sciences
Institute for Advanced Study
Princeton, NJ
