Project

General

Profile

« Previous | Next » 

Revision 8501

Added by Jing Tao almost 11 years ago

Use the verity=>none for start_tls method on some search methods.
These methods will search the referral servers, some of which is using self-signed certificate. There is a difficuty to verify it.
The search methods don't have any critical data, so the down-grade doesn't have too much impact.

View differences:

ldapweb.cgi
883 883
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
884 884
    
885 885
    if ($ldap) {
886
        $ldap->start_tls( verify => 'require',
887
                      cafile => $ldapServerCACertFile);
886
        $ldap->start_tls( verify => 'none');
887
        #$ldap->start_tls( verify => 'require',
888
        #              cafile => $ldapServerCACertFile);
888 889
    	my $bindresult = $ldap->bind;
889 890
    	if ($bindresult->code) {
890 891
        	return $entry;
......
993 994
    debug("findExistingAccounts: connecting to $ldapurl, $timeout");
994 995
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
995 996
    if ($ldap) {
996
    	#$ldap->start_tls( verify => 'none');
997
    	$ldap->start_tls( verify => 'require',
998
                      cafile => $ldapServerCACertFile);
997
    	$ldap->start_tls( verify => 'none');
998
    	#$ldap->start_tls( verify => 'require',
999
        #              cafile => $ldapServerCACertFile);
999 1000
    	$ldap->bind( version => 3, anonymous => 1);
1000 1001
		$mesg = $ldap->search (
1001 1002
			base   => $base,

Also available in: Unified diff