Bug 122066

Summary: Unable to establish LDAP over SSL or TLS
Product: [Fedora] Fedora Reporter: Dax Kelson <dkelson>
Component: perl-LDAPAssignee: Chip Turner <cturner>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jose.p.oliveira.oss, perl-devel, steve
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-11 22:07:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dax Kelson 2004-04-30 05:22:38 UTC 
Description of problem:

Much thanks for adding perl-LDAP to the distro. There are many many
admin scripts out there for managing LDAP directories, in particular
directories used a NIS a replacement that require perl-LDAP.

However, most well implemented directories require either LDAP over
SSL or LDAP with StartTLS.

This requires that a few more perl modules be added:

perl-IO-Socket-SSL
perl-Net_SSLeay
perl-Authen-SASL (optional, but useful for Kerberos using folks)

To keep an eye on the competition, SUSE Enterprise 8, SUSE Linux
8.2/9.0 and 9.1 all have perl-LDAP plus the these three modules I'm
requesting.
Comment 1 Chip Turner 2004-05-03 14:47:32 UTC 
these may make it in the next release, but it's too late right now for
FC2.  for fc3 we can see if we can get it in.  if those packages don't
have dependencies on other packages, it shouldn't be hard to get them in.
Comment 2 Dax Kelson 2004-05-23 21:45:38 UTC 
Ok, can these go into rawhide now?
Comment 3 Dax Kelson 2004-08-18 18:30:10 UTC 
Just checking back. It would be really really nice to have:

perl-IO-Socket-SSL
perl-Net_SSLeay
perl-Authen-SASL 

In FC3 / RHEL4.  Again, they are very useful and doing a LDAP over a
secure connection is best practice by far.  Oh yeah, SUSE ships em. :)
Comment 4 Jose Pedro Oliveira 2005-04-05 15:43:21 UTC 
I agree that the above modules should be in core.  Right now perl-IO-Socket-SSL
and perl-Net-SSLeay are available in the Fedora Extras repo.  perl-Authen-SASL
should be there in a few days (already approved by still not built).
Comment 5 Jose Pedro Oliveira 2005-04-06 11:37:40 UTC 
perl-Authen-SASL is now available in Fedora.Extras
Comment 6 Warren Togami 2005-04-11 22:07:08 UTC 
notting said "not for now".  It is good enough to be in Extras.
Comment 7 Jose Pedro Oliveira 2005-04-11 22:45:32 UTC 
Sniff! Sniff!

Can I re-open this for FC5?
Comment 8 Warren Togami 2005-04-11 22:52:36 UTC 
Doesn't FC's perl-LDAP work when these packages are installed?
What software uses perl-LDAP?  Anything in Core?
Comment 9 Jose Pedro Oliveira 2005-04-11 23:04:13 UTC 
Warren,

There are several perl modules in core that I don't know what they are used for.
Do you know if there is some kind of requirement tree that we could check?
If not I think it would make a good starting point for the new fedora-perl
mailing list ;)

Examples: perl-BSD-Resource, perl-Bit-Vector/perl-Date-Calc, ...

Regarding perl-LDAP
-------------------
I think samba has several scripts that use perl-LDAP but the requirement is
being filtered out (will check again and if they require LDAPS).
Comment 10 Steven Pritchard 2006-04-29 21:10:25 UTC 
It really seems like perl-LDAP should have a hard dependency on
perl(IO::Socket::SSL).  Right now trying to use smbldap-tools results in this error:

Can't locate IO/Socket/SSL.pm in @INC (@INC contains: /usr/sbin/
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.7/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.6/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.5/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.4/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.3/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7
/usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5
/usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3
/usr/lib/perl5/site_perl
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.7/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.6/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.5/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.4/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.3/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7
/usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5
/usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3
/usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/5.8.8 .) at /usr/lib/perl5/vendor_perl/5.8.8/Net/LDAP.pm line 920.
Comment 11 Jose Pedro Oliveira 2006-04-29 21:41:22 UTC 
At least MS AD requires a secure connection (LDAPS) in order to allow password
fields to be modified.  I believe other LDAP servers have the same impositions.
Comment 12 Dax Kelson 2006-07-19 22:53:50 UTC 
These just got added to rawhide, so they should be part of core and RHEL5. yah.
Finally.
Comment 13 Jason Vas Dias 2006-07-19 23:53:54 UTC 
*** Bug 190887 has been marked as a duplicate of this bug. ***