#!/usr/bin/perl -w use strict; use Getopt::Long; use Net::LDAP; my ($host,$user,$port,$pass,$debug); my $result = GetOptions('h=s'=>\$host, 'p=s'=>\$port, 'u=s'=>\$user, 'w=s'=>\$pass, 'd+'=>\$debug, 'q'=>\&usage ); # Set some options if necessary and carp # if no user/pass was supplied unless($user && $pass){ &usage; } unless($host){ $host = 'yourserver.yourdomain.com'; } unless($port){ $port = '389'; } unless($debug){ $debug = 0; } print "\n\nTesting TLS...\n\n"; testtls(); sub testtls { if($debug ne 0){ print "h: [$host]\n p: [$port]\n u: [$user]\n w: [$pass]\n d: [$debug]\n "; } # Make an LDAP Object my $ldap=new Net::LDAP($host, port=>$port, version=>3, debug=>$debug, ) || die "ldap failed"; if ($debug ne 0){ print "New Net::LDAP object created successfully\n"; } # Start TLS my $mesg=$ldap->start_tls(verify=>'none', sslversion=>'sslv2/3', ) || die "start tls failed: $!\n"; my $code= $mesg->code; print "TLS Status: ",$mesg->error,"\n"; unless($mesg->code == 0){ print "CODE: ",$mesg->code,"\n"; die; } # Bind with dn and password $mesg = $ldap->bind(dn=>$user, password=>$pass, ) || die "bind failed: $!\n"; $code = $mesg->code; print "Bind Status: ",$mesg->error,"\n\n"; } sub usage{ print "\n\n"; print "test_tls.pl -h [host] -p [port] -u [DN] -w [passwd] -d [debug]\n"; print "\n\n"; print "[host] is the fully qualified domain name or ip address of the ldap server\n"; print " ldapserver\.domain\.tld || 192.168.1.100\n"; print "\n"; print "[port] is the port over which communication takes places (usually 389)\n"; print "\n"; print "[DN] is the distinguished name of a valid user in LDAP:\n"; print " \"cn=Alan Smithee,dc=orgunit,dc=com\"\n"; print "\n"; print "[password] is the LDAP password associated with the valid user's dn\n"; print " \'133tpasswd!\'\n"; print "\n"; print "[debug] is set for debugging information (default is 0 - success/fail info only)\n"; print "\n\n"; exit; }