Changed the LDAP client connection code to handle both pure-SSL and TLS modes, thanks to a patch from Paul R. Ganci.
---- Changes since 1.450 ----
Improved support for older versions of Net::LDAP without the hosts() function.
+---- Changes since 1.500 ----
+If a TLS certificate and key are defined in the LDAP client configuration file, they will be used by Webmin when connecting to the LDAP database.
local $uri = &find_svalue("uri", $conf);
local ($ldap, $use_ssl, $err);
local $ssl = &find_svalue("ssl", $conf);
+local $cafile = &find_svalue("tls_cacertfile", $conf);
+local $certfile = &find_svalue("tls_cert", $conf);
+local $keyfile = &find_svalue("tls_key", $conf);
+local $ciphers = &find_svalue("tls_ciphers", $conf);
if ($ldap_hosts) {
# Using hosts from parameter
local @hosts = split(/[ \t,]+/, $ldap_hosts);
# Start TLS if configured
if ($use_ssl == 2 && !$err) {
local $mesg;
- eval { $mesg = $ldap->start_tls; };
+ if ($certfile) {
+ # Use cert to connect
+ eval { $mesg = $ldap->start_tls(
+ cafile => $cafile,
+ clientcert => $certfile,
+ clientkey => $keyfile,
+ ciphers => $ciphers
+ ); };
+
+ }
+ else {
+ eval { $mesg = $ldap->start_tls(); };
+ }
if ($@ || !$mesg || $mesg->code) {
$err = &text('ldap_etls', $@ ? $@ : $mesg ? $mesg->error :
"Unknown error");