Project

General

Profile

« Previous | Next » 

Revision 8403

Added by Jing Tao about 11 years ago

When start tls, the verify was changed to "require" rather than "none".

View differences:

ldapweb.cgi
80 80
my $cgiPrefix = "/" . $context . "/cgi-bin";
81 81
my $styleSkinsPath = $contextUrl . "/style/skins";
82 82
my $styleCommonPath = $contextUrl . "/style/common";
83
my $ldapServerCACertFile = $workingDirectory. "/../" . $properties->getProperty('ldap.server.ca.certificate');
83 84

  
84 85
#recaptcha key information
85 86
my $recaptchaPublicKey=$properties->getProperty('ldap.recaptcha.publickey');
......
348 349
    debug("clearTemporaryAccounts: connecting to $ldapurl, $timeout");
349 350
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
350 351
    if ($ldap) {
351
    	$ldap->start_tls( verify => 'none');
352
    	$ldap->start_tls( verify => 'require',
353
                      cafile => $ldapServerCACertFile);
352 354
        $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); 
353 355
		$mesg = $ldap->search (
354 356
			base   => $tmpSearchBase,
......
811 813
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
812 814
    
813 815
    if ($ldap) {
814
        #$ldap->start_tls( verify => 'require',
815
                      #cafile => '/usr/share/ssl/ldapcerts/cacert.pem');
816
        $ldap->start_tls( verify => 'none');
816
        $ldap->start_tls( verify => 'require',
817
                      cafile => $ldapServerCACertFile);
817 818
        debug("changePassword: attempting to bind to $bindDN");
818 819
        my $bindresult = $ldap->bind( version => 3, dn => $bindDN, 
819 820
                                  password => $bindPass );
......
877 878
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
878 879
    
879 880
    if ($ldap) {
880
    	$ldap->start_tls( verify => 'none');
881
        $ldap->start_tls( verify => 'require',
882
                      cafile => $ldapServerCACertFile);
881 883
    	my $bindresult = $ldap->bind;
882 884
    	if ($bindresult->code) {
883 885
        	return $entry;
......
983 985
    debug("findExistingAccounts: connecting to $ldapurl, $timeout");
984 986
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
985 987
    if ($ldap) {
986
    	$ldap->start_tls( verify => 'none');
988
    	#$ldap->start_tls( verify => 'none');
989
    	$ldap->start_tls( verify => 'require',
990
                      cafile => $ldapServerCACertFile);
987 991
    	$ldap->bind( version => 3, anonymous => 1);
988 992
		$mesg = $ldap->search (
989 993
			base   => $base,
......
1249 1253
    #if main ldap server is down, a html file containing warning message will be returned
1250 1254
    my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1251 1255
    if ($ldap) {
1252
            $ldap->start_tls( verify => 'none');
1256
            $ldap->start_tls( verify => 'require',
1257
                      cafile => $ldapServerCACertFile);
1253 1258
            debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword");
1254 1259
            $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); 
1255 1260
            my $result = $ldap->add ( 'dn' => $dn, 'attr' => [@$additions ]);
......
1309 1314
   #if main ldap server is down, a html file containing warning message will be returned
1310 1315
   my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1311 1316
   if ($ldap) {
1312
        $ldap->start_tls( verify => 'none');
1317
        $ldap->start_tls( verify => 'require',
1318
                      cafile => $ldapServerCACertFile);
1313 1319
        $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword );
1314 1320
        my $mesg = $ldap->search(base => $dn, scope => 'base', filter => '(objectClass=*)'); #This dn is with the dc=tmp. So it will find out the temporary account registered in registration step.
1315 1321
        my $max = $mesg->count;
......
1453 1459
    my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1454 1460
    
1455 1461
    if ($ldap) {
1456
    	$ldap->start_tls( verify => 'none');
1462
    	$ldap->start_tls( verify => 'require',
1463
                      cafile => $ldapServerCACertFile);
1457 1464
    	$ldap->bind( version => 3, anonymous => 1);
1458 1465
    	my $mesg = $ldap->search (
1459 1466
        	base   => $base,

Also available in: Unified diff