Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

LDAP Server TLS tester

by beernuts (Pilgrim)
on Jan 17, 2003 at 19:05 UTC ( [id://227766]=sourcecode: print w/replies, xml ) Need Help??
Category: Miscellaneous
Author/Contact Info beernuts (perlmonk@slb.com)
Description: This is a chunk of code (test_tls.pl) that can be used to test LDAP servers for their ability to do TLS. It's culled from a bigger script I use to test an in-house LDAP proxy for proper installation of the script (it's in perl too) as well as the required modules.

usage:

'test_tls.pl -q' for details

#!/usr/bin/perl -w

use strict;
use Getopt::Long;
use Net::LDAP;

my ($host,$user,$port,$pass,$debug);

my $result = GetOptions('h=s'=>\$host, 
                        'p=s'=>\$port, 
                        'u=s'=>\$user, 
                        'w=s'=>\$pass, 
                        'd+'=>\$debug, 
                        'q'=>\&usage
                       );

# Set some options if necessary and carp
# if no user/pass was supplied
unless($user && $pass){ &usage; }
unless($host){ $host = 'yourserver.yourdomain.com'; }
unless($port){ $port = '389'; }
unless($debug){ $debug = 0; }

print "\n\nTesting TLS...\n\n";
testtls();

sub testtls {

   if($debug ne 0){
      print "h: [$host]\n
             p: [$port]\n
             u: [$user]\n
             w: [$pass]\n
             d: [$debug]\n
            ";
   }

   # Make an LDAP Object
   my $ldap=new Net::LDAP($host,
                          port=>$port,
                          version=>3,
                          debug=>$debug,
                          ) || die "ldap failed";
   if ($debug ne 0){ print "New Net::LDAP object created successfully\
+n"; }

   # Start TLS
   my $mesg=$ldap->start_tls(verify=>'none',
                             sslversion=>'sslv2/3',
                             ) || die "start tls failed: $!\n";
   my $code= $mesg->code;
   print "TLS Status: ",$mesg->error,"\n";
   unless($mesg->code == 0){ print "CODE: ",$mesg->code,"\n"; die; }

   # Bind with dn and password
   $mesg = $ldap->bind(dn=>$user,
                       password=>$pass,
                      ) || die "bind failed: $!\n";
   $code = $mesg->code;
   print "Bind Status: ",$mesg->error,"\n\n";
}


sub usage{
   print "\n\n";
   print "test_tls.pl -h [host] -p [port] -u [DN] -w [passwd] -d [debu
+g]\n";
   print "\n\n";
   print "[host] is the fully qualified domain name or ip address of t
+he ldap server\n";
   print "   ldapserver\.domain\.tld  ||  192.168.1.100\n";
   print "\n";
   print "[port] is the port over which communication takes places (us
+ually 389)\n";
   print "\n";
   print "[DN] is the distinguished name of a valid user in LDAP:\n";
   print "   \"cn=Alan Smithee,dc=orgunit,dc=com\"\n";
   print "\n";
   print "[password] is the LDAP password associated with the valid us
+er's dn\n";
   print "   \'133tpasswd!\'\n";
   print "\n";
   print "[debug] is set for debugging information (default is 0 - suc
+cess/fail info only)\n";
   print "\n\n";

   exit;
}
Replies are listed 'Best First'.
Re: LDAP Server TLS tester
by Arien (Pilgrim) on Jan 18, 2003 at 08:03 UTC

    I haven't had the opportunity to use Net::LDAP yet, so I will comment on the rest of the code.

    Instead of printing line by line, why not use a here-doc for your usage message? Or use Pod::Usage and document your script in POD.

    The following might make your defaults stand out more:

    my ($user, $pass); my $host = 'yourserver.yourdomain.com'; my $port = 389; my $debug = 0; GetOptions( 'h=s' => \$host, 'p=s' => \$port, 'u=s' => \$user, 'w=s' => \$pass, 'd+' => \$debug, 'q' => \&usage );

    Often, things like if ($debug ne 0) { ... } are better written as if ($debug) { ... }.

    I would write debug and status messages to STDERR instead of STDOUT and include $0 (or similar) in error messages.

    Hope this helps.

    — Arien

      Very useful tips, Arien. Thanks! ++!

      I've not used Pod::Usage before, so I'll have to give it a look-see.

      Thanks also for the debug tip. My original code had debug set as 'd=i' (hence the test). As a 'd+' it's definitely slicker with a simple if ($debug).

      -beernuts

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: sourcecode [id://227766]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (8)
As of 2024-03-28 11:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found