Greetings,
Red Hat version 6.4. I have yum installed openldap and Net::LDAP. I'm trying to use SSL/TLS with LDAP. If I issue this command, it appears to me that TLS/SSL seems to be working. ldapsearch -d -1 -x -LLL -ZZ Here's my ldap.conf: TLS_CACERT /etc/openldap/cacerts/5e5a5bcb.0 URI ldap://xxxxxx.securesites.com/ BASE dc=wh,dc=local TLS_CIPHER_SUITE HIGH:MEDIUM:-SSLv2 TLS_REQCERT demand TLS_CACERTDIR /etc/openldap/cacerts But when I try to use Net::LDAP, I get this error: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 'errorMessage' => 'Bad file descriptor', Below is my script: #!/usr/bin/perl use warnings; use strict; use Net::LDAP; use Data::Dumper; my $ldap = Net::LDAP->new( xxxxxxxxxx.com) or die "$@"; my $mesg = $ldap->start_tls( verify => 'require', clientcert => '/etc/openldap/certs/f401c64e.0', clientkey => '/etc/openldap/keys/xxxxxxxx.com.key', capath => '/etc/openldap/cacerts' ); print Dumper($mesg); $mesg = $ldap->bind("dc=wh,dc=local", password => "xxxxxx"); print Dumper($mesg); $mesg = $ldap->unbind; Below is the Dumper: [root@fl1-lsh99apa006 DataStore]# ./x.pl $VAR1 = bless( { 'parent' => bless( { 'net_ldap_version' => 3, 'net_ldap_scheme' => 'ldap', 'net_ldap_debug' => 0, 'net_ldap_socket' => bless( \*Symbol::GEN0, 'IO::Socket::INET6' ), 'net_ldap_host' => 'fl1-lsh99apa006.xxxxx.com', 'net_ldap_uri' => 'fl1-lsh99apa006.xxxxx.com', 'net_ldap_resp' => {}, 'net_ldap_mesg' => {}, 'net_ldap_async' => 0, 'net_ldap_port' => 389, 'net_ldap_refcnt' => 1 }, 'Net::LDAP' ), 'errorMessage' => 'SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 'ctrl_hash' => undef, 'resultCode' => 1, 'callback' => undef, 'mesgid' => 1, 'matchedDN' => '', 'controls' => undef, 'raw' => undef }, 'Net::LDAP::Extension' ); $VAR1 = bless( { 'resultCode' => 82, 'parent' => bless( { 'net_ldap_version' => 3, 'net_ldap_scheme' => 'ldap', 'net_ldap_debug' => 0, 'net_ldap_socket' => bless( \*Symbol::GEN0, 'IO::Socket::INET6' ), 'net_ldap_host' => 'fl1-lsh99apa006.xxxxx.com', 'net_ldap_uri' => 'fl1-lsh99apa006xxxxx.com', 'net_ldap_resp' => {}, 'net_ldap_mesg' => {}, 'net_ldap_async' => 0, 'net_ldap_port' => 389, 'net_ldap_refcnt' => 1 }, 'Net::LDAP' ), 'callback' => undef, 'mesgid' => 2, 'pdu' => '0 `c=wh,dc=localGrrrV', 'errorMessage' => 'Bad file descriptor', 'raw' => undef }, 'Net::LDAP::Bind' ); This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
