On 03/08/2012 03:44 AM, Clément OUDOT wrote:
> Le 7 mars 2012 21:43, Prentice Bisbal <[email protected]> a écrit :
>> Okay,
>>
>> I'm sure this error has come up repeatedly on this list, but I've
>> googled and googled, and can't find an answer, probably because "Use of
>> unitialized value" comes up for just about every perl error.
>>
>> I'm an occasional Perl programmer that occasionally used Net::LDAP. I'm
>> trying to connect to an Active Directory domain controller over SSL
>> using this code:
>>
>> #!/usr/local/bin/perl -w
>>
>> use strict;
>> use Net::LDAPS;
>>
>> my $ad = Net::LDAP->new('dc1.domain.tld',
>> onerror=> 'warn',
>> scheme => 'ldaps',
>> verify => 'require',
>> cafile => '/path/to/windows.pem',
>> ) || die 'Couldn\'t connect to Active Directory
>> server';
>> my $mesg = $ad->bind;
>> my $code = $mesg->code;
>> if ($code != 0) {
>> my $error = $mesg->error;
>> print "error\n";
>> } else {
>> print "No error binding\n";
>> }
>> $ad->unbind;
>>
>> Which produces this output:
>>
>> Use of uninitialized value $cn in substitution (s///) at
>> /usr/local/perl-5.14.2/lib/site_perl/5.14.2/IO/Socket/SSL.pm line 1076,
>> <DATA> line 558.
>> Use of uninitialized value $commonName in concatenation (.) or string at
>> /usr/local/perl-5.14.2/lib/site_perl/5.14.2/IO/Socket/SSL.pm line 1177,
>> <DATA> line 558.
>> No error binding
>>
>> I read somewhere online that this is a harmless error, and this seems to
>> be true, since my program doesn't die, and I can bind without an error.
>>
>> If this is harmless, why am I seeing it? If I remove the '-w' from the
>> interpreter line this goes away, but is that the right way to handle
>> this? I'm pretty sure earlier versions of my code didn't produce this
>> error, even with the "-w". This error is a relatively recent development
>> - my code didn't always do this. This error appeared after I upgraded
>> from RHEL 5 to RHEL 6, as I recall.
>>
>> Any ideas? I'm sorry if this question has come up repeatedly on here.
> Maybe the error come from the CA certificate, which should contain a
> CN in his subject?
>
That was my first guess, too. I checked out the certificate with openssl
and everything looks okay
openssl x509 -noout -text -in windows.pem | egrep -i "Subject|Issuer"
Issuer: DC=edu, DC=ias, DC=XXX, CN=XXX-DC1-CA
Subject: DC=edu, DC=ias, DC=XXX, CN=XXX-DC1-CA
Maybe that's not in the right form? The CA information for my LDAP cert
looks like this:
Issuer: C=US, ST=New Jersey, L=Princeton, O=IAS, OU=Some Group,
CN=YYY.ZZZ.ias.edu/[email protected]
Subject: C=US, ST=New Jersey, L=Princeton, O=IAS, OU=Some Group,
CN=YYY.ZZZ.ias.edu/[email protected]
--
Prentice
