hi,
in my host (fedora 20)I have imported the root CA certificate of our
corporate AD domain. Using ldapsearch it works, and visiting secure sites
signed by that CA are verified.
But I do not exactly know hot to tell my script how to do the same.
This is it:
use Net::LDAP;
use Data::Dumper;
my $ldap = Net::LDAP->new( 'd01.domain.tldl' ) or die "$@";
my $mesg = $ldap->start_tls(
verify => 'require',
capath => '/etc/ssl/certs/',
sslversion => 'tlsv1',
);
print Dumper $mesg;
$mesg =$ldap->bind (
"user",
password => 'pwd',
version => 3,
);
my $search = $mesg->search(
base => "dc=domain,dc=tld",
scope => "sub",
filter => "(samaccountname=*)",
attr => ['samaccountname'],
);
$mesg->code ;
for my $entry ( $mesg->entries) {
print $entry->get_value( 'samaccountname'), "\n";;
}
$ldap->unbind;
$ perl department.pl
$VAR1 = bless( {
'responseName' => '1.3.6.1.4.1.1466.20037',
'matchedDN' => '',
'raw' => undef,
'mesgid' => 1,
'ctrl_hash' => undef,
'callback' => undef,
'controls' => undef,
'resultCode' => 1,
'parent' => bless( {
'net_ldap_rawsocket' => bless(
\*Symbol::GEN0, 'IO::Socket::INET' ),
'net_ldap_debug' => 0,
'net_ldap_mesg' => {},
'net_ldap_host' => 'dc01.domain.tld',
'net_ldap_port' => 389,
'net_ldap_async' => 0,
'net_ldap_uri' => 'dc01.domain.tld',
'net_ldap_socket' =>
$VAR1->{'parent'}{'net_ldap_rawsocket'},
'net_ldap_resp' => {},
'net_ldap_scheme' => 'ldap',
'net_ldap_version' => 3,
'net_ldap_refcnt' => 1
}, 'Net::LDAP' ),
'errorMessage' => 'SSL connect attempt failed
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed'
}, 'Net::LDAP::Extension' );
Can't locate object method "search" via package "Net::LDAP::Bind" at
department.pl line 43, <DATA> line 751.
So it clearly does not trust the certificate. The certificate is in
/etc/ssl/certs/ca-bundle.trust.crt.
Any tips greatyl appreciated.
--
Groeten,
natxo
