Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

LDAP Server TLS tester

by beernuts (Pilgrim)
on Jan 17, 2003 at 19:05 UTC ( #227766=sourcecode: print w/replies, xml ) Need Help??
Category: Miscellaneous
Author/Contact Info beernuts (perlmonk@slb.com)
Description: This is a chunk of code (test_tls.pl) that can be used to test LDAP servers for their ability to do TLS. It's culled from a bigger script I use to test an in-house LDAP proxy for proper installation of the script (it's in perl too) as well as the required modules.

usage:

'test_tls.pl -q' for details

#!/usr/bin/perl -w

use strict;
use Getopt::Long;
use Net::LDAP;

my ($host,$user,$port,$pass,$debug);

my $result = GetOptions('h=s'=>\$host, 
                        'p=s'=>\$port, 
                        'u=s'=>\$user, 
                        'w=s'=>\$pass, 
                        'd+'=>\$debug, 
                        'q'=>\&usage
                       );

# Set some options if necessary and carp
# if no user/pass was supplied
unless($user && $pass){ &usage; }
unless($host){ $host = 'yourserver.yourdomain.com'; }
unless($port){ $port = '389'; }
unless($debug){ $debug = 0; }

print "\n\nTesting TLS...\n\n";
testtls();

sub testtls {

   if($debug ne 0){
      print "h: [$host]\n
             p: [$port]\n
             u: [$user]\n
             w: [$pass]\n
             d: [$debug]\n
            ";
   }

   # Make an LDAP Object
   my $ldap=new Net::LDAP($host,
                          port=>$port,
                          version=>3,
                          debug=>$debug,
                          ) || die "ldap failed";
   if ($debug ne 0){ print "New Net::LDAP object created successfully\
+n"; }

   # Start TLS
   my $mesg=$ldap->start_tls(verify=>'none',
                             sslversion=>'sslv2/3',
                             ) || die "start tls failed: $!\n";
   my $code= $mesg->code;
   print "TLS Status: ",$mesg->error,"\n";
   unless($mesg->code == 0){ print "CODE: ",$mesg->code,"\n"; die; }

   # Bind with dn and password
   $mesg = $ldap->bind(dn=>$user,
                       password=>$pass,
                      ) || die "bind failed: $!\n";
   $code = $mesg->code;
   print "Bind Status: ",$mesg->error,"\n\n";
}


sub usage{
   print "\n\n";
   print "test_tls.pl -h [host] -p [port] -u [DN] -w [passwd] -d [debu
+g]\n";
   print "\n\n";
   print "[host] is the fully qualified domain name or ip address of t
+he ldap server\n";
   print "   ldapserver\.domain\.tld  ||  192.168.1.100\n";
   print "\n";
   print "[port] is the port over which communication takes places (us
+ually 389)\n";
   print "\n";
   print "[DN] is the distinguished name of a valid user in LDAP:\n";
   print "   \"cn=Alan Smithee,dc=orgunit,dc=com\"\n";
   print "\n";
   print "[password] is the LDAP password associated with the valid us
+er's dn\n";
   print "   \'133tpasswd!\'\n";
   print "\n";
   print "[debug] is set for debugging information (default is 0 - suc
+cess/fail info only)\n";
   print "\n\n";

   exit;
}
Replies are listed 'Best First'.
Re: LDAP Server TLS tester
by Arien (Pilgrim) on Jan 18, 2003 at 08:03 UTC

    I haven't had the opportunity to use Net::LDAP yet, so I will comment on the rest of the code.

    Instead of printing line by line, why not use a here-doc for your usage message? Or use Pod::Usage and document your script in POD.

    The following might make your defaults stand out more:

    my ($user, $pass); my $host = 'yourserver.yourdomain.com'; my $port = 389; my $debug = 0; GetOptions( 'h=s' => \$host, 'p=s' => \$port, 'u=s' => \$user, 'w=s' => \$pass, 'd+' => \$debug, 'q' => \&usage );

    Often, things like if ($debug ne 0) { ... } are better written as if ($debug) { ... }.

    I would write debug and status messages to STDERR instead of STDOUT and include $0 (or similar) in error messages.

    Hope this helps.

    — Arien

      Very useful tips, Arien. Thanks! ++!

      I've not used Pod::Usage before, so I'll have to give it a look-see.

      Thanks also for the debug tip. My original code had debug set as 'd=i' (hence the test). As a 'd+' it's definitely slicker with a simple if ($debug).

      -beernuts

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: sourcecode [id://227766]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (4)
As of 2022-01-25 09:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (65 votes). Check out past polls.

    Notices?