Package: smbldap-tools
Version: 0.9.5-1
Severity: important
Tags: patch squeeze sid
Hi,
I'm using slapd via ldaps://. smbldap-tools work fine as far as operation from
an account with access to smbldap_bind.conf is concerned. However users can't
change their own passwords since the bind operation in the perl package is
implemented only for TLS but not for SSL. The attached patch fixes that, works
for me.
Cheers
Daniel
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-dhr-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages smbldap-tools depends on:
ii libcrypt-smbhash-perl 0.12-3 generate LM/NT hash of a password
ii libdigest-sha1-perl 2.13-1 NIST SHA-1 message digest algorith
ii libio-socket-ssl-perl 1.33-1+squeeze1 Perl module implementing object or
ii libnet-ldap-perl 1:0.4001-2 client interface to LDAP servers
ii libunicode-maputf8-per 1.11-2 Perl module for conversing between
ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction
smbldap-tools recommends no packages.
smbldap-tools suggests no packages.
-- no debconf information
--- /usr/share/perl5/smbldap_tools.pm-orig 2011-11-06 23:44:19.295629801
+0100
+++ /usr/share/perl5/smbldap_tools.pm 2011-11-06 23:55:47.547629647 +0100
@@ -529,23 +529,38 @@
# try to bind with user dn and password to validate current password
sub is_user_valid {
my ( $user, $dn, $pass ) = @_;
- my $userLdap = Net::LDAP->new(
- "$config{slaveLDAP}",
- port => "$config{slavePort}",
- version => 3,
- timeout => 60
- )
- or warn
-"erreur LDAP: Can't contact slave ldap server ($@)\n=>trying to contact the
master server\n";
+ my $userLdap;
+ if ( $config{ldapSSL} ) {
+ $userLdap = Net::LDAP->new(
+ "ldaps://$config{slaveLDAP}:$config{slavePort}",
+ verify => "$config{verify}",
+ cafile => "$config{cafile}"
+ ) or warn "LDAP error: Can't contact slave ldap server with SSL
($@)\n=>trying to contact the master server\n";
+ } else {
+ $userLdap = Net::LDAP->new(
+ "$config{slaveLDAP}",
+ port => "$config{slavePort}",
+ version => 3,
+ timeout => 60,
+ ) or warn "LDAP error: Can't contact slave ldap server ($@)\n=>trying
to contact the master server\n";
+ }
if ( !$userLdap ) {
# connection to the slave failed: trying to contact the master ...
- $userLdap = Net::LDAP->new(
- "$config{masterLDAP}",
- port => "$config{masterPort}",
- version => 3,
- timeout => 60
- ) or die "erreur LDAP: Can't contact master ldap server ($@)\n";
+ if ( $config{ldapSSL} ) {
+ $userLdap = Net::LDAP->new(
+ "ldaps://$config{masterLDAP}:$config{masterPort}",
+ verify => "$config{verify}",
+ cafile => "$config{cafile}"
+ ) or die "erreur LDAP: Can't contact master ldap server with SSL
($@)\n";
+ } else {
+ $userLdap = Net::LDAP->new(
+ "$config{masterLDAP}",
+ port => "$config{masterPort}",
+ version => 3,
+ timeout => 60,
+ ) or die "erreur LDAP: Can't contact master ldap server ($@)\n";
+ }
}
if ($userLdap) {
if ( $config{ldapTLS} == 1 ) {
