Hello,
I'm experimenting with "start_tls()" in Net::LDAP. The manual suggests to check
the RootDSE for LDAPv3 and TLS extension. Somhow I managed that creating the LDAP
object (i.e. connect) suceeds, but $ldap->root_dse() returns undef. Interesting to
say that you cannot get much information out of an undef:
May code fragment is this:
sub start_TLS($$)
{
my ($ldap, $q) = @_;
my $dse = $ldap->root_dse(); if ($dse && $dse->supported_version(3) &&
$dse->supported_extension(LDAP_EXTENSION_START_TLS)) {
my $msg = $ldap->start_tls('verify' => 'none');The "$dse &&" is a workaround against an undefined $dse.
I don't know exactly what the problem is, but I suspect that the server wants to
have a secured connection before returning the RootDSE. In my case I have
OpenLDAP2 configured with
security ssf=1 update_ssf=112 simple_bind=64
# indended use: ensure integrity of reads while ensuring confidentiality on
updates and binds
I can get the root DSE if I use the configuration line
security ssf=0 update_ssf=112 simple_bind=64
instead, but I'd wish for root_dse() to report an error on failure, because the
LDAP server actually reported an error:
slapd[1163]: conn=11 op=0 SRCH base="" scope=0 deref=2 filter="(objectClass=*)"
slapd[1163]: conn=11 op=0 SRCH attr=subschemaSubentry namingContexts altServer
supportedExtension supportedControl supportedSASLMechanisms supportedLDAPVersion
slapd[1163]: conn=11 op=0 SEARCH RESULT tag=101 err=13 nentries=0
text=confidentiality required
Regards, Ulrich
