I have now established that ELSA uses port 389 and no encryption if you configure ldap authentication. If you give a different port number in the config it is ignored.
It turns out that getting ELSA to do encrypted LDAP is mostly straight forward. LDAP calls occurr in three contexts:
1/ initial authentication called from the web server Web.psgi. This uses Authen::Simple( ::LDAP if you are doing ldap)
2/ User.pm. and Controller.pm (uses Net::LDAP::Express) - this is effectivly authorisation not authentication .
The authorisation stuff is straight forward to fix. It requires two addtional parameters to the call the the LDAP module to pass the port and scheme parameters from the elsa_web.conf (you need to add these to the ldap section in the config ).
Web.psgi is more problematic. It uses a perl module Authen::Simple to do all the initial authentication. If you select LDAP then it uses Authen::Simple::LDAP (surprise ;) which has no options for doing encryption. To get around this I patched web.psgi to define a new perl class Authen::Simple::LDAPS which effectively copies the original code and adds the scheme parameter to the call to Net::LDAP. This is messy : (
I have put in feature request on github forAuthen::Simple to add an parameter to use encryption.
Russell
> --
> You received this message because you are subscribed to the Google Groups "enterprise-log-search-and-archive" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
enterprise-log-search-...@googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.