Red Hat Bugzilla – Bug 122066
Unable to establish LDAP over SSL or TLS
Last modified: 2007-11-30 17:10:41 EST
Description of problem:
Much thanks for adding perl-LDAP to the distro. There are many many
admin scripts out there for managing LDAP directories, in particular
directories used a NIS a replacement that require perl-LDAP.
However, most well implemented directories require either LDAP over
SSL or LDAP with StartTLS.
This requires that a few more perl modules be added:
perl-Authen-SASL (optional, but useful for Kerberos using folks)
To keep an eye on the competition, SUSE Enterprise 8, SUSE Linux
8.2/9.0 and 9.1 all have perl-LDAP plus the these three modules I'm
these may make it in the next release, but it's too late right now for
FC2. for fc3 we can see if we can get it in. if those packages don't
have dependencies on other packages, it shouldn't be hard to get them in.
Ok, can these go into rawhide now?
Just checking back. It would be really really nice to have:
In FC3 / RHEL4. Again, they are very useful and doing a LDAP over a
secure connection is best practice by far. Oh yeah, SUSE ships em. :)
I agree that the above modules should be in core. Right now perl-IO-Socket-SSL
and perl-Net-SSLeay are available in the Fedora Extras repo. perl-Authen-SASL
should be there in a few days (already approved by still not built).
perl-Authen-SASL is now available in Fedora.Extras
notting said "not for now". It is good enough to be in Extras.
Can I re-open this for FC5?
Doesn't FC's perl-LDAP work when these packages are installed?
What software uses perl-LDAP? Anything in Core?
There are several perl modules in core that I don't know what they are used for.
Do you know if there is some kind of requirement tree that we could check?
If not I think it would make a good starting point for the new fedora-perl
mailing list ;)
Examples: perl-BSD-Resource, perl-Bit-Vector/perl-Date-Calc, ...
I think samba has several scripts that use perl-LDAP but the requirement is
being filtered out (will check again and if they require LDAPS).
It really seems like perl-LDAP should have a hard dependency on
perl(IO::Socket::SSL). Right now trying to use smbldap-tools results in this error:
Can't locate IO/Socket/SSL.pm in @INC (@INC contains: /usr/sbin/
/usr/lib/perl5/5.8.8 .) at /usr/lib/perl5/vendor_perl/5.8.8/Net/LDAP.pm line 920.
At least MS AD requires a secure connection (LDAPS) in order to allow password
fields to be modified. I believe other LDAP servers have the same impositions.
These just got added to rawhide, so they should be part of core and RHEL5. yah.
*** Bug 190887 has been marked as a duplicate of this bug. ***