adds a new mode 'ldap+starttls' that enables the start_tls after
connection
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
my $mesg;
+ if ($self->{mode} eq 'ldap+starttls') {
+ my $opts = {
+ verify => $self->{verify} ? 'require' : 'none',
+ };
+
+ if ($self->{cafile}) {
+ $opts->{cafile} = $self->{cafile};
+ } else {
+ $opts->{capath} = '/etc/ssl/certs/';
+ }
+
+ $ldap->start_tls(%$opts);
+ }
+
if ($self->{binddn}) {
$mesg = $ldap->bind($self->{binddn}, password => $self->{bindpw});
} else {
maxLength => 4096,
},
mode => {
- description => "LDAP protocol mode ('ldap' or 'ldaps').",
+ description => "LDAP protocol mode ('ldap', 'ldaps' or 'ldap+starttls').",
type => 'string',
- enum => ['ldap', 'ldaps'],
+ enum => ['ldap', 'ldaps', 'ldap+starttls'],
default => 'ldap',
},
verify => {
- description => "Verify server certificate. Only useful with ldaps.",
+ description => "Verify server certificate. Only useful with ldaps or ldap+starttls.",
type => 'boolean',
default => 0,
optional => 1,