Bug 122066 - Unable to establish LDAP over SSL or TLS
Unable to establish LDAP over SSL or TLS
Product: Fedora
Classification: Fedora
Component: perl-LDAP (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chip Turner
: 190887 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2004-04-30 01:22 EDT by Dax Kelson
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-11 18:07:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dax Kelson 2004-04-30 01:22:38 EDT
Description of problem:

Much thanks for adding perl-LDAP to the distro. There are many many
admin scripts out there for managing LDAP directories, in particular
directories used a NIS a replacement that require perl-LDAP.

However, most well implemented directories require either LDAP over
SSL or LDAP with StartTLS.

This requires that a few more perl modules be added:

perl-Authen-SASL (optional, but useful for Kerberos using folks)

To keep an eye on the competition, SUSE Enterprise 8, SUSE Linux
8.2/9.0 and 9.1 all have perl-LDAP plus the these three modules I'm
Comment 1 Chip Turner 2004-05-03 10:47:32 EDT
these may make it in the next release, but it's too late right now for
FC2.  for fc3 we can see if we can get it in.  if those packages don't
have dependencies on other packages, it shouldn't be hard to get them in.
Comment 2 Dax Kelson 2004-05-23 17:45:38 EDT
Ok, can these go into rawhide now?
Comment 3 Dax Kelson 2004-08-18 14:30:10 EDT
Just checking back. It would be really really nice to have:


In FC3 / RHEL4.  Again, they are very useful and doing a LDAP over a
secure connection is best practice by far.  Oh yeah, SUSE ships em. :)
Comment 4 Jose Pedro Oliveira 2005-04-05 11:43:21 EDT
I agree that the above modules should be in core.  Right now perl-IO-Socket-SSL
and perl-Net-SSLeay are available in the Fedora Extras repo.  perl-Authen-SASL
should be there in a few days (already approved by still not built).
Comment 5 Jose Pedro Oliveira 2005-04-06 07:37:40 EDT
perl-Authen-SASL is now available in Fedora.Extras
Comment 6 Warren Togami 2005-04-11 18:07:08 EDT
notting said "not for now".  It is good enough to be in Extras.
Comment 7 Jose Pedro Oliveira 2005-04-11 18:45:32 EDT
Sniff! Sniff!

Can I re-open this for FC5?
Comment 8 Warren Togami 2005-04-11 18:52:36 EDT
Doesn't FC's perl-LDAP work when these packages are installed?
What software uses perl-LDAP?  Anything in Core?
Comment 9 Jose Pedro Oliveira 2005-04-11 19:04:13 EDT

There are several perl modules in core that I don't know what they are used for.
Do you know if there is some kind of requirement tree that we could check?
If not I think it would make a good starting point for the new fedora-perl
mailing list ;)

Examples: perl-BSD-Resource, perl-Bit-Vector/perl-Date-Calc, ...

Regarding perl-LDAP
I think samba has several scripts that use perl-LDAP but the requirement is
being filtered out (will check again and if they require LDAPS).
Comment 10 Steven Pritchard 2006-04-29 17:10:25 EDT
It really seems like perl-LDAP should have a hard dependency on
perl(IO::Socket::SSL).  Right now trying to use smbldap-tools results in this error:

Can't locate IO/Socket/SSL.pm in @INC (@INC contains: /usr/sbin/
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7
/usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5
/usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7
/usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5
/usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3
/usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/5.8.8 .) at /usr/lib/perl5/vendor_perl/5.8.8/Net/LDAP.pm line 920.
Comment 11 Jose Pedro Oliveira 2006-04-29 17:41:22 EDT
At least MS AD requires a secure connection (LDAPS) in order to allow password
fields to be modified.  I believe other LDAP servers have the same impositions.
Comment 12 Dax Kelson 2006-07-19 18:53:50 EDT
These just got added to rawhide, so they should be part of core and RHEL5. yah.
Comment 13 Jason Vas Dias 2006-07-19 19:53:54 EDT
*** Bug 190887 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.