On 26/7/04 7:09 pm, Bousquet Francois <[EMAIL PROTECTED]> wrote:
> I am trying to setup an OpenLDAP server with TLS on Solaris 7.
>
> I am setup slapd.conf with TLS settings and my LDAP client too. Everything
> is working fine because I can use the ldapsearch command as will.
>
> I am trying to use Perl scripts to connect to the ldap server and I get the
> following error when trying to list the supported extension of the server,
> do you have any idea which config is missing in my slapd.conf ?
>
> THE SCRIPT :
>
> #!/usr/bin/perl -w
>
> use Net::LDAP;
> use Net::LDAP::Constant qw(LDAP_EXTENSION_START_TLS);
>
> print "Before new\n";
> $ldap = Net::LDAP->new('ud1981wfx01', port => 636, onerror => undef,
> debug=>'8');
>
> print "Before root\n";
> $root = $ldap->root_dse();
>
> print "Before supported_ext\n";
> if ($root->supported_extension(LDAP_EXTENSION_START_TLS)) {
> # try start_tls now
> print "should start_tls here\n";
> }
> else {
> print "not working !\n";
> }
>
>
>
> THE ERROR :
>
> Before new
> Before root
> Net::LDAP=HASH(0x3ee040) sending:
> Before supported_ext
> Can't call method "supported_extension" on an undefined value at ./test.pl
> line 13, <DATA> line 225.
>
>
> It seems like root_dse() doesn`t return anything... because it can't
> access the rootdse on the ldap server.
>
> Any idea
Isn't port 636 the LDAPS port? I wouldn't expect you to be able to do
anything if you talk LDAP to an LDAPS port. Use either 'port => 389' or
Net::LDAPS instead of Net::LDAP.
Your server might also prevent you from doing a START_TLS extended operation
on an already-SSL-protected connection, so your script might not work even
assuming you get it talking protocol to your server ;-)
Cheers,
Chris
