use strict;
use Date::Manip qw(ParseDate);
+use Net::LDAP qw(:all);
my $blocksize = 8; # A blowfish block is 8 bytes
my $configfile = "/etc/userdir-ldap/userdir-ldap.conf";
return %config;
}
+sub UpgradeConnection($) {
+ my ($ldap) = @_;
+ my $mesg = $ldap->start_tls(
+ verify => 'require',
+ capath => '/etc/ssl/certs/'
+ );
+ $mesg->sync;
+ if ($mesg->code != LDAP_SUCCESS) {
+ print "Content-type: text/html; charset=utf-8\n\n";
+ print "<html><body><h1>STARTTLS failed: "..$mesg->error."</h1></body></html>\n";
+ exit(1);
+ };
+};
1;
* Make machines.cgi display the purpose attribute from LDAP [HE].
* Add VoIP field to CGI [zobel].
* make summaryattrs sortable [zobel].
+ * Use SSL/TLS when configured to do so, and Depend on libio-socket-ssl-perl
+ for that.
- -- Peter Palfrader <weasel@debian.org> Sun, 25 May 2008 18:05:06 +0200
+ -- Peter Palfrader <weasel@debian.org> Sun, 25 May 2008 18:21:45 +0200
userdir-ldap-cgi (0.3.9) unstable; urgency=low
Package: userdir-ldap-cgi
Architecture: all
-Depends: userdir-ldap, perl5, libnet-ldap-perl, libcrypt-blowfish-perl, gnupg (>= 1.0.3), libdate-manip-perl, liburi-perl
+Depends: userdir-ldap, perl5, libnet-ldap-perl, libcrypt-blowfish-perl, gnupg (>= 1.0.3), libdate-manip-perl, liburi-perl, libio-socket-ssl-perl
Replaces: userdir-ldap
Description: CGI programs for the db.debian.org
These programs are run on http://db.debian.org/ to simplify the
my $cipher = new Crypt::Blowfish $key;
my $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
my $username = $query->param('username');
my $password = $query->param('password');
&Util::HTMLSendHeader;
$ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
$mesg;
$ldap->bind;
# Now, we are ready to connect to the LDAP server.
$ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+ &Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
my $auth = 0;
my $mesg;
$SIG{__DIE__} = \&DieHandler;
$ldap = Net::LDAP->new($config{ldaphost});
+&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
my $auth = 0;
my $mesg;
$mesg = $ldap->bind($editdn, password => $password);