On 11 Dec 2003, at 18:09, D.Kreft wrote:
Thanks for your help yesterday, now I'm hoping you can help me untangle another "mess" I'm in.
Big picture: I've written a subclass of Net::LDAP that transparently handles
referrals (Amazon::Net::LDAP). The referral-handling code is in another
module (Amazon::Net::LDAP::Referral, one "public" function) for ease of
re-use.
The problem: When I chase the referrals, I need to create a new Net::LDAP
object that is identical to the one passed into
Amazon::Net::LDAP::Referral::referral_exec(), including all the TLS options
(capath, ciphers, sslversion...everything that was passed to start_tls() in
the orignal object). Otherwise, my original connection might use TLS, but
subsequent connections will not (which would be bad).
I see how to get the cipher actually in use ($ldap->socket()->get_cipher()),
but this won't tell me the list of ciphers that the caller said are
acceptable (in my case 'DES-CBC3-SHA:RC4-MD5'). Since I'm being referred to
another server, I feel very uneasy about saying "Okay, just use this cipher
here...you support that, right?". I also don't see an obvious way to
pass-along information about the capath and the other params. :-(
Personally I think it is wrong for Net::LDAP to remember that. Also, its not very generic to re-use the same credentials, the referral could be to a different server that requires different credentials.
My original plan to add referral handling into Net::LDAP, that never got implemented, was to allow the user to pass a sub ref to ->new that would be called to create any connection.
Graham.
