Revision 8403
Added by Jing Tao about 11 years ago
src/perl/ldapweb.cgi | ||
---|---|---|
80 | 80 |
my $cgiPrefix = "/" . $context . "/cgi-bin"; |
81 | 81 |
my $styleSkinsPath = $contextUrl . "/style/skins"; |
82 | 82 |
my $styleCommonPath = $contextUrl . "/style/common"; |
83 |
my $ldapServerCACertFile = $workingDirectory. "/../" . $properties->getProperty('ldap.server.ca.certificate'); |
|
83 | 84 |
|
84 | 85 |
#recaptcha key information |
85 | 86 |
my $recaptchaPublicKey=$properties->getProperty('ldap.recaptcha.publickey'); |
... | ... | |
348 | 349 |
debug("clearTemporaryAccounts: connecting to $ldapurl, $timeout"); |
349 | 350 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
350 | 351 |
if ($ldap) { |
351 |
$ldap->start_tls( verify => 'none'); |
|
352 |
$ldap->start_tls( verify => 'require', |
|
353 |
cafile => $ldapServerCACertFile); |
|
352 | 354 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
353 | 355 |
$mesg = $ldap->search ( |
354 | 356 |
base => $tmpSearchBase, |
... | ... | |
811 | 813 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
812 | 814 |
|
813 | 815 |
if ($ldap) { |
814 |
#$ldap->start_tls( verify => 'require', |
|
815 |
#cafile => '/usr/share/ssl/ldapcerts/cacert.pem'); |
|
816 |
$ldap->start_tls( verify => 'none'); |
|
816 |
$ldap->start_tls( verify => 'require', |
|
817 |
cafile => $ldapServerCACertFile); |
|
817 | 818 |
debug("changePassword: attempting to bind to $bindDN"); |
818 | 819 |
my $bindresult = $ldap->bind( version => 3, dn => $bindDN, |
819 | 820 |
password => $bindPass ); |
... | ... | |
877 | 878 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
878 | 879 |
|
879 | 880 |
if ($ldap) { |
880 |
$ldap->start_tls( verify => 'none'); |
|
881 |
$ldap->start_tls( verify => 'require', |
|
882 |
cafile => $ldapServerCACertFile); |
|
881 | 883 |
my $bindresult = $ldap->bind; |
882 | 884 |
if ($bindresult->code) { |
883 | 885 |
return $entry; |
... | ... | |
983 | 985 |
debug("findExistingAccounts: connecting to $ldapurl, $timeout"); |
984 | 986 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
985 | 987 |
if ($ldap) { |
986 |
$ldap->start_tls( verify => 'none'); |
|
988 |
#$ldap->start_tls( verify => 'none'); |
|
989 |
$ldap->start_tls( verify => 'require', |
|
990 |
cafile => $ldapServerCACertFile); |
|
987 | 991 |
$ldap->bind( version => 3, anonymous => 1); |
988 | 992 |
$mesg = $ldap->search ( |
989 | 993 |
base => $base, |
... | ... | |
1249 | 1253 |
#if main ldap server is down, a html file containing warning message will be returned |
1250 | 1254 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
1251 | 1255 |
if ($ldap) { |
1252 |
$ldap->start_tls( verify => 'none'); |
|
1256 |
$ldap->start_tls( verify => 'require', |
|
1257 |
cafile => $ldapServerCACertFile); |
|
1253 | 1258 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword"); |
1254 | 1259 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
1255 | 1260 |
my $result = $ldap->add ( 'dn' => $dn, 'attr' => [@$additions ]); |
... | ... | |
1309 | 1314 |
#if main ldap server is down, a html file containing warning message will be returned |
1310 | 1315 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
1311 | 1316 |
if ($ldap) { |
1312 |
$ldap->start_tls( verify => 'none'); |
|
1317 |
$ldap->start_tls( verify => 'require', |
|
1318 |
cafile => $ldapServerCACertFile); |
|
1313 | 1319 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
1314 | 1320 |
my $mesg = $ldap->search(base => $dn, scope => 'base', filter => '(objectClass=*)'); #This dn is with the dc=tmp. So it will find out the temporary account registered in registration step. |
1315 | 1321 |
my $max = $mesg->count; |
... | ... | |
1453 | 1459 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
1454 | 1460 |
|
1455 | 1461 |
if ($ldap) { |
1456 |
$ldap->start_tls( verify => 'none'); |
|
1462 |
$ldap->start_tls( verify => 'require', |
|
1463 |
cafile => $ldapServerCACertFile); |
|
1457 | 1464 |
$ldap->bind( version => 3, anonymous => 1); |
1458 | 1465 |
my $mesg = $ldap->search ( |
1459 | 1466 |
base => $base, |
Also available in: Unified diff
When start tls, the verify was changed to "require" rather than "none".