Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: LDAPS authentication possible / How to discover all?
(Basti S.)
2. Re: LDAPS authentication possible / How to discover all?
(Oliver Gorwits)
3. Re: LDAPS authentication possible / How to discover all?
(Christian Ramseyer)
--- Begin Message ---
It would be very nice if somebody patch this and make LDAPS possible. :-)
In the meantime I would say LDAPS is state of the art and normal LDAP
should no longer be used.
Thanks for the help with the discovery. I will use the loop with a text
file, good idea!
Regards
Bastian
Am Fr., 12. Nov. 2021 um 13:35 Uhr schrieb Christian Ramseyer <
ramse...@netnea.com>:
> Hi Bastian
>
> On 12.11.21 09:26, Basti S. wrote:
> > Hello,
> >
> > In the past we used the LDAP authentication for netdisco, a very nice
> thing.
> > But as far as I know LDAPS is not possible - is there a way to make it
> > possible?
>
> Yes it unsupported according to the doc:
> <https://github.com/netdisco/netdisco/wiki/Configuration#ldap>. I never
> looked into it too closely but Net::LDAP does ldaps just fine, so I
> imagine it couldn't be too hard to patch in. Most likely nobody wanted
> it bad enough to submit a Patch/PR.
>
> >
> > Second question: Should Netdisco find all other connected switches if I
> > just do the discovery for the back bone switch? Or how can I achieve
> > that without do it for every single switch?
>
> Theoretically Netdisco should find your whole network from a single
> switch, but in practice that's not always working. If you have chunks of
> the network missing you can manually discover some IPs in these chunks.
>
> Alternatively you can also discover whole IP ranges, e.g.
>
> netdisco-do discover --enqueue -d 192.168.7.0/24
>
> or discover a list of ip addresses from your inventory with:
>
> for ip in $(< mylist.txt) ; do netdisco-do discover --enqueue -d $ip ; done
>
>
> Cheers
> Christian
>
>
> --
> Christian Ramseyer, netnea ag
> Network Management. Security. OpenSource.
> Phone: +41 79 644 77 64
>
>
--- End Message ---
--- Begin Message ---
Hi Bastian
To clarify:
- Netdisco _does_ support secure LDAP using TLS, using the
official StartTLS extension (see the docs...).
- Netdisco (and Net::LDAP) does not support the non-standard LDAPS
I googled and found this explanation of the two approaches:
https://kb.sos-berlin.com/pages/viewpage.action?pageId=18778435
This is very similar to SMTP where the standard model is also using
StartTLS over the standard SMTP ports. SMTPS is an old and outdated model.
I expect that whatever software you use for LDAP should support StartTLS.
regards
Oliver.
On Tue, 16 Nov 2021 at 10:44, Basti S. <derbas...@gmail.com> wrote:
> It would be very nice if somebody patch this and make LDAPS possible. :-)
> In the meantime I would say LDAPS is state of the art and normal LDAP
> should no longer be used.
>
> Thanks for the help with the discovery. I will use the loop with a text
> file, good idea!
>
> Regards
> Bastian
>
>
> Am Fr., 12. Nov. 2021 um 13:35 Uhr schrieb Christian Ramseyer <
> ramse...@netnea.com>:
>
>> Hi Bastian
>>
>> On 12.11.21 09:26, Basti S. wrote:
>> > Hello,
>> >
>> > In the past we used the LDAP authentication for netdisco, a very nice
>> thing.
>> > But as far as I know LDAPS is not possible - is there a way to make it
>> > possible?
>>
>> Yes it unsupported according to the doc:
>> <https://github.com/netdisco/netdisco/wiki/Configuration#ldap>. I never
>> looked into it too closely but Net::LDAP does ldaps just fine, so I
>> imagine it couldn't be too hard to patch in. Most likely nobody wanted
>> it bad enough to submit a Patch/PR.
>>
>> >
>> > Second question: Should Netdisco find all other connected switches if I
>> > just do the discovery for the back bone switch? Or how can I achieve
>> > that without do it for every single switch?
>>
>> Theoretically Netdisco should find your whole network from a single
>> switch, but in practice that's not always working. If you have chunks of
>> the network missing you can manually discover some IPs in these chunks.
>>
>> Alternatively you can also discover whole IP ranges, e.g.
>>
>> netdisco-do discover --enqueue -d 192.168.7.0/24
>>
>> or discover a list of ip addresses from your inventory with:
>>
>> for ip in $(< mylist.txt) ; do netdisco-do discover --enqueue -d $ip ;
>> done
>>
>>
>> Cheers
>> Christian
>>
>>
>> --
>> Christian Ramseyer, netnea ag
>> Network Management. Security. OpenSource.
>> Phone: +41 79 644 77 64
>>
>> _______________________________________________
> Netdisco mailing list
> netdisco-users@lists.sourceforge.net
> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
--- End Message ---
--- Begin Message ---
Yet https://metacpan.org/pod/Net::LDAP has an ldaps URL as the second
example. Maybe it used not to support it but does now?
Cheers
Christian
On 16.11.21 12:24, Oliver Gorwits wrote:
Hi Bastian
To clarify:
* Netdisco _does_ support secure LDAP using TLS, using the
official StartTLS extension (see the docs...).
* Netdisco (and Net::LDAP) does not support the non-standard LDAPS
I googled and found this explanation of the two approaches:
https://kb.sos-berlin.com/pages/viewpage.action?pageId=18778435
<https://kb.sos-berlin.com/pages/viewpage.action?pageId=18778435>
This is very similar to SMTP where the standard model is also using
StartTLS over the standard SMTP ports. SMTPS is an old and outdated model.
I expect that whatever software you use for LDAP should support StartTLS.
regards
Oliver.
On Tue, 16 Nov 2021 at 10:44, Basti S. <derbas...@gmail.com
<mailto:derbas...@gmail.com>> wrote:
It would be very nice if somebody patch this and make LDAPS
possible. :-)
In the meantime I would say LDAPS is state of the art and normal
LDAP should no longer be used.
Thanks for the help with the discovery. I will use the loop with a
text file, good idea!
Regards
Bastian
Am Fr., 12. Nov. 2021 um 13:35 Uhr schrieb Christian Ramseyer
<ramse...@netnea.com <mailto:ramse...@netnea.com>>:
Hi Bastian
On 12.11.21 09:26, Basti S. wrote:
> Hello,
>
> In the past we used the LDAP authentication for netdisco, a
very nice thing.
> But as far as I know LDAPS is not possible - is there a way
to make it
> possible?
Yes it unsupported according to the doc:
<https://github.com/netdisco/netdisco/wiki/Configuration#ldap
<https://github.com/netdisco/netdisco/wiki/Configuration#ldap>>.
I never
looked into it too closely but Net::LDAP does ldaps just fine, so I
imagine it couldn't be too hard to patch in. Most likely nobody
wanted
it bad enough to submit a Patch/PR.
>
> Second question: Should Netdisco find all other connected
switches if I
> just do the discovery for the back bone switch? Or how can I
achieve
> that without do it for every single switch?
Theoretically Netdisco should find your whole network from a single
switch, but in practice that's not always working. If you have
chunks of
the network missing you can manually discover some IPs in these
chunks.
Alternatively you can also discover whole IP ranges, e.g.
netdisco-do discover --enqueue -d 192.168.7.0/24
<http://192.168.7.0/24>
or discover a list of ip addresses from your inventory with:
for ip in $(< mylist.txt) ; do netdisco-do discover --enqueue -d
$ip ; done
Cheers
Christian
--
Christian Ramseyer, netnea ag
Network Management. Security. OpenSource.
Phone: +41 79 644 77 64
_______________________________________________
Netdisco mailing list
netdisco-users@lists.sourceforge.net
<mailto:netdisco-users@lists.sourceforge.net>
https://sourceforge.net/p/netdisco/mailman/netdisco-users/
<https://sourceforge.net/p/netdisco/mailman/netdisco-users/>
--
Christian Ramseyer, netnea ag
Network Management. Security. OpenSource.
https://www.netnea.com
Phone: +41 79 644 77 64
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
