Le ven 2005-10-07 a 18:57:54 -0400, Simon Law <[EMAIL PROTECTED]> a dit: > On Fri, Oct 07, 2005 at 06:47:59PM -0400, SR, ESC wrote: > > does for everything else. both hosts resolve to a single IP, the certs > > are freshly done (the first was done up not so long ago, and the > > second was re-done [had expired]), the CNs match, and i've been > > operating like this for a while. have heimdal kerberos working, etc. > > Hmm... I'm puzzled, really I am. > > It would be nice if I could get a login on a machine of yours with Perl > and strace on it, because I can't really reproduce it here. I'm very > sorry about this!
i don't usually do this, but since it'll bebnfit others, sure. sending private e-mail with relevant info. > Man, that's too bizarre. Like, Net::LDAP::new _knows_ how to get > https:// and use SSL. If you fire up the Perl debugger, does it at > least try to use SSL? AFAIK, doesn't seem to: i see lookjups in */ASN1/*/*.pm (Convert/ASN1/_encode.pm) but no Net::LDAPS look ups, and it still looks up on port 389: Net::LDAP::_connect(/usr/lib/perl5/Net/LDAP.pm:119): 119: $ldap->{net_ldap_socket} = IO::Socket::INET->new( 120: PeerAddr => $host, 121: PeerPort => $arg->{port} || '389', 122: Proto => 'tcp', 123: Timeout => defined $arg->{timeout} 124: ? $arg->{timeout} 125: : 120 126: ); DB<1> > > ./finger-ldap -m simon [it's the v 1.17 checkout]. i don't see any > > ldap lookups going on, lemme check the other DS's log... none there, > > but it is working. > > The -m switch is designed to pass things directly to finger.real, > without doing any queries. ah ok. wasn't working even with -m switch before the fixes. > -- > Simon Law http://www.law.yi.org/~sfllaw/ -- Cold pizza and cold coffee, second best thing to cold pizza and warm beer. -- me
pgpa0czp8GH9v.pgp
Description: PGP signature