| Subject: | Error connecting to multiple server with Net::LDAPS |
| Date: | Sun, 23 Oct 2016 18:56:42 +0200 |
| To: | bug-perl-ldap [...] rt.cpan.org |
| From: | Roland Schnabel <info [...] rolandschnabel.de> |
Hi,
I am using perl-ldap Version 0.64 with Debian 8 Jessie.
When I try to create a new LDAPS connection using multiple URIs in the
connection string, it will only succeed if the connection to the first
server succeeds. If the connection to the first server fails, all
subsequent servers will fail too.
Here is an example:
I am using 2 servers that are listening on port 636 (LDAPS). Let's say
one of these servers is down.
Server with valid LDAPS connection: ok.example.org
Server with invalid LDAPS connection: error.example.org
my @Servers = ("ok.example.org", "error.example.org");
$ldap = Net::LDAP->new(\@Servers,
verify => 'optional',
inet4 => 1,
timeout => 3,
async => 0,
scheme => 'ldaps',
onerror => 'warn',
cafile => '/etc/ssl/certs/ldap_slapd_cacert.pem'
) or die $@;
Works ok, LDAPS connection can be established to ok.example.org.
Now I just switch the order of the server URIs. All other parameters
stay the same.
my @Servers = ("error.example.org", "ok.example.org");
$ldap = Net::LDAP->new(\@Servers,
verify => 'optional',
inet4 => 1,
timeout => 3,
async => 0,
scheme => 'ldaps',
onerror => 'warn',
cafile => '/etc/ssl/certs/ldap_slapd_cacert.pem'
) or die $@;
Does not work. First connection attempt to error.example.org fails
(because server is down), but second connection to ok.example.org fails
too, even though it worked before!
I tried to debug and think it has something to do with the certificate
verification, but I am not sure. Please notice that the second
connection attempt to ok.example.org fails even though verify is set to
"optional". The ca certificate pointed to by the "cafile" parameter is a
valid ca certificate for the SSL connection. It works in the first
connection attempt.
Please contact me if you need further information on this bug.
Kind regards,
Roland Schnabel