Skip to Content.
Sympa Menu

devel - LDAPs for authentication modification suggestion

Subject: Developers of Sympa

List archive

LDAPs for authentication modification suggestion

Chronological Thread  
    < Chronological >       < Thread >
  • From: John Douglass <address@concealed>
  • To: address@concealed
  • Subject: LDAPs for authentication modification suggestion
  • Date: Wed, 04 Dec 2002 11:29:55 -0500
I'm not that great at documenting changes in code (not sure what the best procedure is) but here are my suggestions
for the authentication changes to support SSL.

I'm working on possible modifications on the other LDAP related files (List.pm and Ldap.pm) but that will take a little longer.

Hopefully this makes sense to the authors:

- John Douglass, Georgia Institute of Technology

-----

Two things for the config:

1) If ANY auth.conf ldap servers use SSL, define (in wwsympa.conf)
secure_ldap_auth = 1

2) Within the auth.conf file, if a server uses SSL, define the fields
ssl_version = sslv3
ssl_ciphers = MEDIUM:HIGH

In wwsympa.fcgi

Line 1332:

## LDAPS
+ if($wwsconf->{'secure_ldap_auth'})
+ {
+ unless (require Net::LDAPS)
+ {
+ do_log ('err',"Unable to use LDAPS library, Net::LDAPS required");
+ return undef;
+ }
+ }
## LDAPS

------

1361: ##anonymous bind in order to have the user's DN
### LDAPS
+ if($ldap->{'ssl_version'} && $wwsconf->{'secure_ldap_auth'})
+ {
+ $ldap_anonymous = Net::LDAPS->new($host,timeout => $ldap->{'timeout'}, sslversion => $ldap->{'ssl_version'}, ciphers => $ldap->{'ssl_ciphers'} );
+ }
+ else
+ {
$ldap_anonymous = Net::LDAP->new($host,timeout => $ldap->{'timeout'});
+ }
### LDAPS

------

1406: ## bind with the DN and the pwd
### LDAPS
if($ldap->{'ssl_version'} && $wwsconf->{'secure_ldap_auth'})
{
$ldap_passwd = Net::LDAPS->new($host,timeout => $ldap->{'timeout'}, sslversio
n => $ldap->{'ssl_version'}, ciphers => $ldap->{'ssl_ciphers'} );
}
else
{
$ldap_passwd = Net::LDAP->new($host, timeout => $ldap->{'timeout'});
}
### LDAPS

------

1610: ## !! une fonction get_dn_by_email/uid

### LDAPS
if($ldap->{'ssl_version'} && $wwsconf->{'secure_ldap_auth'})
{
$ldap_anonymous = Net::LDAPS->new($host,timeout => $ldap->{'timeout'}, sslversion => $ldap->{'ssl_version'}, ciphers => $ldap->{'ssl_ciphers'});
}
else
{
$ldap_anonymous = Net::LDAP->new($host, timeout => $ldap->{'timeout'});
}
### LDAPS


Archive powered by MHonArc 2.6.19+.

Top of Page