http://qs1969.pair.com?node_id=227766
Category: Miscellaneous
Author/Contact Info beernuts (perlmonk@slb.com)
Description: This is a chunk of code (test_tls.pl) that can be used to test LDAP servers for their ability to do TLS. It's culled from a bigger script I use to test an in-house LDAP proxy for proper installation of the script (it's in perl too) as well as the required modules.

usage:

'test_tls.pl -q' for details

 
#!/usr/bin/perl -w

use strict;
use Getopt::Long;
use Net::LDAP;

my ($host,$user,$port,$pass,$debug);

my $result = GetOptions('h=s'=>\$host, 
                        'p=s'=>\$port, 
                        'u=s'=>\$user, 
                        'w=s'=>\$pass, 
                        'd+'=>\$debug, 
                        'q'=>\&usage
                       );

# Set some options if necessary and carp
# if no user/pass was supplied
unless($user && $pass){ &usage; }
unless($host){ $host = 'yourserver.yourdomain.com'; }
unless($port){ $port = '389'; }
unless($debug){ $debug = 0; }

print "\n\nTesting TLS...\n\n";
testtls();

sub testtls {

   if($debug ne 0){
      print "h: [$host]\n
             p: [$port]\n
             u: [$user]\n
             w: [$pass]\n
             d: [$debug]\n
            ";
   }

   # Make an LDAP Object
   my $ldap=new Net::LDAP($host,
                          port=>$port,
                          version=>3,
                          debug=>$debug,
                          ) || die "ldap failed";
   if ($debug ne 0){ print "New Net::LDAP object created successfully\
+n"; }

   # Start TLS
   my $mesg=$ldap->start_tls(verify=>'none',
                             sslversion=>'sslv2/3',
                             ) || die "start tls failed: $!\n";
   my $code= $mesg->code;
   print "TLS Status: ",$mesg->error,"\n";
   unless($mesg->code == 0){ print "CODE: ",$mesg->code,"\n"; die; }

   # Bind with dn and password
   $mesg = $ldap->bind(dn=>$user,
                       password=>$pass,
                      ) || die "bind failed: $!\n";
   $code = $mesg->code;
   print "Bind Status: ",$mesg->error,"\n\n";
}


sub usage{
   print "\n\n";
   print "test_tls.pl -h [host] -p [port] -u [DN] -w [passwd] -d [debu
+g]\n";
   print "\n\n";
   print "[host] is the fully qualified domain name or ip address of t
+he ldap server\n";
   print "   ldapserver\.domain\.tld  ||  192.168.1.100\n";
   print "\n";
   print "[port] is the port over which communication takes places (us
+ually 389)\n";
   print "\n";
   print "[DN] is the distinguished name of a valid user in LDAP:\n";
   print "   \"cn=Alan Smithee,dc=orgunit,dc=com\"\n";
   print "\n";
   print "[password] is the LDAP password associated with the valid us
+er's dn\n";
   print "   \'133tpasswd!\'\n";
   print "\n";
   print "[debug] is set for debugging information (default is 0 - suc
+cess/fail info only)\n";
   print "\n\n";

   exit;
}

Back to Code Catacombs