Hi!
When trying to require integrity for LDAP connections by specifying
"ssf=1" in Security, I have a problem with Perl where the cat bites its
tail:
It's recommended to query the root DSE for TLS extension before trying to
use TLS like this:
my $dse = $ldap->root_dse();
if ($dse->supported_extension(LDAP_EXTENSION_START_TLS)) {
my $msg = $ldap->start_tls('verify' => 'require',
'capath' => '/etc/ssl/certs');
...
Personally, I just always try to startTLS regardless. Then you can decide whether or not you wish to continue after that point based on whether or not it succeeds or fails.
--Quanha -- Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration