Skip to content
Permalink
Browse files Browse the repository at this point in the history
Add ldapVerify option for SSL cert validation
  • Loading branch information
maxbes committed Sep 4, 2020
1 parent 61563d0 commit 490722b
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
2 changes: 2 additions & 0 deletions lib/Apache/Session/LDAP.pm
Expand Up @@ -44,6 +44,8 @@ Apache::Session::LDAP - An implementation of Apache::Session
ldapObjectClass => 'applicationProcess',
ldapAttributeId => 'cn',
ldapAttributeContent => 'description',
ldapVerify => 'require',
ldapCAFile => '/etc/ssl/certs/ca-certificates.crt',
};
=head1 DESCRIPTION
Expand Down
16 changes: 13 additions & 3 deletions lib/Apache/Session/Store/LDAP.pm
Expand Up @@ -119,22 +119,32 @@ sub ldap {
push @servers, $server;
}

# Compatibility
my $caFile = $self->{args}->{ldapCAFile} || $self->{args}->{caFile};
my $caPath = $self->{args}->{ldapCAPath} || $self->{args}->{caPath};

# Connect
my $ldap = Net::LDAP->new(
\@servers,
onerror => undef,
verify => $self->{args}->{ldapVerify} || "require",
( $caFile ? ( cafile => $caFile ) : () ),
( $caPath ? ( capath => $caPath ) : () ),

(
$self->{args}->{ldapPort}
? ( port => $self->{args}->{ldapPort} )
: ()
),
) or die( 'Unable to connect to ' . join( ' ', @servers ) );
) or die( 'Unable to connect to ' . join( ' ', @servers ) . ': ' . $@ );

# Start TLS if needed

if ($useTls) {
my %h = split( /[&=]/, $tlsParam );
$h{cafile} = $self->{args}->{caFile} if ( $self->{args}->{caFile} );
$h{capath} = $self->{args}->{caPath} if ( $self->{args}->{caPath} );
$h{verify} ||= ( $self->{args}->{ldapVerify} || "require" );
$h{cafile} ||= $caFile if ($caFile);
$h{capath} ||= $caPath if ($caPath);
my $start_tls = $ldap->start_tls(%h);
if ( $start_tls->code ) {
$self->logError($start_tls);
Expand Down

0 comments on commit 490722b

Please sign in to comment.