Revision 8501
Added by Jing Tao almost 11 years ago
ldapweb.cgi | ||
---|---|---|
883 | 883 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
884 | 884 |
|
885 | 885 |
if ($ldap) { |
886 |
$ldap->start_tls( verify => 'require', |
|
887 |
cafile => $ldapServerCACertFile); |
|
886 |
$ldap->start_tls( verify => 'none'); |
|
887 |
#$ldap->start_tls( verify => 'require', |
|
888 |
# cafile => $ldapServerCACertFile); |
|
888 | 889 |
my $bindresult = $ldap->bind; |
889 | 890 |
if ($bindresult->code) { |
890 | 891 |
return $entry; |
... | ... | |
993 | 994 |
debug("findExistingAccounts: connecting to $ldapurl, $timeout"); |
994 | 995 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
995 | 996 |
if ($ldap) { |
996 |
#$ldap->start_tls( verify => 'none');
|
|
997 |
$ldap->start_tls( verify => 'require', |
|
998 |
cafile => $ldapServerCACertFile); |
|
997 |
$ldap->start_tls( verify => 'none'); |
|
998 |
#$ldap->start_tls( verify => 'require',
|
|
999 |
# cafile => $ldapServerCACertFile);
|
|
999 | 1000 |
$ldap->bind( version => 3, anonymous => 1); |
1000 | 1001 |
$mesg = $ldap->search ( |
1001 | 1002 |
base => $base, |
Also available in: Unified diff
Use the verity=>none for start_tls method on some search methods.
These methods will search the referral servers, some of which is using self-signed certificate. There is a difficuty to verify it.
The search methods don't have any critical data, so the down-grade doesn't have too much impact.