Category: | Miscellaneous |
Author/Contact Info | beernuts (perlmonk@slb.com) |
Description: | This is a chunk of code (test_tls.pl) that can be used to test LDAP servers for their ability to do TLS. It's culled from a bigger script I use to test an in-house LDAP proxy for proper installation of the script (it's in perl too) as well as the required modules. usage: 'test_tls.pl -q' for details |
#!/usr/bin/perl -w use strict; use Getopt::Long; use Net::LDAP; my ($host,$user,$port,$pass,$debug); my $result = GetOptions('h=s'=>\$host, 'p=s'=>\$port, 'u=s'=>\$user, 'w=s'=>\$pass, 'd+'=>\$debug, 'q'=>\&usage ); # Set some options if necessary and carp # if no user/pass was supplied unless($user && $pass){ &usage; } unless($host){ $host = 'yourserver.yourdomain.com'; } unless($port){ $port = '389'; } unless($debug){ $debug = 0; } print "\n\nTesting TLS...\n\n"; testtls(); sub testtls { if($debug ne 0){ print "h: [$host]\n p: [$port]\n u: [$user]\n w: [$pass]\n d: [$debug]\n "; } # Make an LDAP Object my $ldap=new Net::LDAP($host, port=>$port, version=>3, debug=>$debug, ) || die "ldap failed"; if ($debug ne 0){ print "New Net::LDAP object created successfully\ +n"; } # Start TLS my $mesg=$ldap->start_tls(verify=>'none', sslversion=>'sslv2/3', ) || die "start tls failed: $!\n"; my $code= $mesg->code; print "TLS Status: ",$mesg->error,"\n"; unless($mesg->code == 0){ print "CODE: ",$mesg->code,"\n"; die; } # Bind with dn and password $mesg = $ldap->bind(dn=>$user, password=>$pass, ) || die "bind failed: $!\n"; $code = $mesg->code; print "Bind Status: ",$mesg->error,"\n\n"; } sub usage{ print "\n\n"; print "test_tls.pl -h [host] -p [port] -u [DN] -w [passwd] -d [debu +g]\n"; print "\n\n"; print "[host] is the fully qualified domain name or ip address of t +he ldap server\n"; print " ldapserver\.domain\.tld || 192.168.1.100\n"; print "\n"; print "[port] is the port over which communication takes places (us +ually 389)\n"; print "\n"; print "[DN] is the distinguished name of a valid user in LDAP:\n"; print " \"cn=Alan Smithee,dc=orgunit,dc=com\"\n"; print "\n"; print "[password] is the LDAP password associated with the valid us +er's dn\n"; print " \'133tpasswd!\'\n"; print "\n"; print "[debug] is set for debugging information (default is 0 - suc +cess/fail info only)\n"; print "\n\n"; exit; } |
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: LDAP Server TLS tester
by Arien (Pilgrim) on Jan 18, 2003 at 08:03 UTC | |
by beernuts (Pilgrim) on Jan 19, 2003 at 16:34 UTC |
Back to
Code Catacombs