Net::SSLGlue::LDAP(3) User Contributed Perl DocumentationNet::SSLGlue::LDAP(3)NAMENet::SSLGlue::LDAP - proper certificate checking for ldaps in Net::LDAP
SYNOPSIS
use Net::SSLGlue::LDAP;
local %Net::SSLGlue::LDAP = ( SSL_verifycn_name => $hostname_in_cert );
my $ldap = Net::LDAP->new( $hostname, capath => ... );
$ldap->start_tls;
DESCRIPTIONNet::SSLGlue::LDAP modifies Net::LDAP so that it does proper
certificate checking using the "ldap" SSL_verify_scheme from
IO::Socket::SSL.
Because Net::LDAP does not have a mechanism to forward arbitrary
parameters for the construction of the underlying socket these
parameters can be set globally when including the package, or with
local settings of the %Net::SSLGlue::LDAP::SSLopts variable.
All of the "SSL_*" parameters from IO::Socket::SSL can be used; the
following parameter is especially useful:
SSL_verifycn_name
Usually the name given as the hostname in the constructor is used
to verify the identity of the certificate. If you want to check the
certificate against another name you can specify it with this
parameter.
"SSL_ca_path", "SSL_ca_file" for IO::Socket::SSL can be set with the
"capath" and "cafile" parameters of Net::LDAP::new and
"SSL_verify_mode" can be set with "verify", but the meaning of the
values differs ("none" is 0, e.g. disable certificate verification).
SEE ALSO
IO::Socket::SSL, LWP, Net::LDAP
COPYRIGHT
This module is copyright (c) 2008, Steffen Ullrich. All Rights
Reserved. This module is free software. It may be used, redistributed
and/or modified under the same terms as Perl itself.
perl v5.14.1 2011-05-02 Net::SSLGlue::LDAP(3)