$self->{port} = $args{port};
$self->{groupbasedn} = $args{groupbasedn};
$self->{filter} = $args{filter};
+ $self->{verify} = $args{verify};
+ $self->{cafile} = $args{cafile};
if ($args{syncmode} == 1) {
# read local data only
my $opts = { timeout => 10, onerror => 'die' };
$opts->{port} = $self->{port} if $self->{port};
- $opts->{schema} = $self->{mode};
+ if ($self->{mode} eq 'ldaps') {
+ $opts->{scheme} = 'ldaps';
+ $opts->{verify} = 'require' if $self->{verify};
+ if ($self->{cafile}) {
+ $opts->{cafile} = $self->{cafile};
+ } else {
+ $opts->{capath} = '/etc/ssl/certs/';
+ }
+ } else {
+ $opts->{scheme} = 'ldap';
+ }
return Net::LDAP->new($hosts, %$opts);
}
enum => ['ldap', 'ldaps'],
default => 'ldap',
},
+ verify => {
+ description => "Verify server certificate. Only useful with ldaps.",
+ type => 'boolean',
+ default => 0,
+ optional => 1,
+ },
+ cafile => {
+ description => "Path to CA file. Only useful with option 'verify'",
+ type => 'string',
+ optional => 1,
+ },
server1 => {
description => "Server address.",
type => 'string', format => 'address',
accountattr => { optional => 1 },
mailattr => { optional => 1 },
groupclass => { optional => 1 },
+ verify => { optional => 1 },
+ cafile => { optional => 1 },
};
}