NAME¶
Net::SSLGlue::LDAP - proper certificate checking for ldaps in Net::LDAP
SYNOPSIS¶
use Net::SSLGlue::LDAP;
local %Net::SSLGlue::LDAP = ( SSL_verifycn_name => $hostname_in_cert );
my $ldap = Net::LDAP->new( $hostname, capath => ... );
$ldap->start_tls;
DESCRIPTION¶
Net::SSLGlue::LDAP modifies Net::LDAP so that it does proper certificate
checking using the "ldap" SSL_verify_scheme from IO::Socket::SSL.
Because Net::LDAP does not have a mechanism to forward arbitrary parameters for
the construction of the underlying socket these parameters can be set globally
when including the package, or with local settings of the
%Net::SSLGlue::LDAP::SSLopts variable.
All of the "SSL_*" parameters from IO::Socket::SSL can be used; the
following parameter is especially useful:
- SSL_verifycn_name
- Usually the name given as the hostname in the constructor is used to
verify the identity of the certificate. If you want to check the
certificate against another name you can specify it with this
parameter.
"SSL_ca_path", "SSL_ca_file" for IO::Socket::SSL can be set
with the "capath" and "cafile" parameters of
Net::LDAP::new and "SSL_verify_mode" can be set with
"verify", but the meaning of the values differs ("none" is
0, e.g. disable certificate verification).
SEE ALSO¶
IO::Socket::SSL, LWP, Net::LDAP
COPYRIGHT¶
This module is copyright (c) 2008, Steffen Ullrich. All Rights Reserved. This
module is free software. It may be used, redistributed and/or modified under
the same terms as Perl itself.