[rt-users] LDAP ExternalAuth broken after upgrade from 4.0.2 to 4.0.4
Kevin Falcone
falcone at bestpractical.com
Wed Nov 23 16:15:46 EST 2011
On Wed, Nov 23, 2011 at 02:20:14PM -0600, Karl Boyken wrote:
> From the LDAP server logs, it looks like a TLS negotiation failure.
> So, how does upgrading to 4.0.4 break RT::ExternalAuth TLS
> negotiation? I'm using the same settings for 4.0.4 as I do for
> 4.0.2. I reverted to 4.0.2, and LDAP works.
There have been some weird interaction with the crypt/ssl libs under
mod_perl and the gnupg libs. It's possible that there is also
something going on with Net::LDAP's ssl settings, but that's pure
speculation. It'd be interesting to know your apache config.
> >Message: 6 Date: Wed, 23 Nov 2011 13:53:22 -0500 From: Kevin Falcone <falcone at bestpractical.com> To: rt-users at lists.bestpractical.com Subject: Re: [rt-users] LDAP ExternalAuth broken after upgrade from 4.0.2 to 4.0.4 Message-ID: <20111123185322.GU1021 at jibsheet.com> Content-Type: text/plain; charset="us-ascii" On Wed, Nov 23, 2011 at 11:46:44AM -0600, Karl Boyken wrote:
> >>> We run RT on RedHat Enterprise Server 6.1, with Perl 5.14.2. We set
> >>> up RT::ExternalAuth to authenticate against our OpenLDAP server, and
> >>> it works fine with RT 4.0.2. But after upgrading to RT 4.0.4, LDAP
> >>> authentication breaks. I'd appreciate any helpful ideas. Here's
> >>> the relevant log entry--it's an LDAP bind() error:
> >>>
> >>>
> >>> Nov 23 11:27:28 serv07 RT:
> >>> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> >>> LDAP_OPERATIONS_ERROR 1 (/path_to_our_RT/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
> >This usually means that the LDAP server rejected you in some way.
> >You may find more information in the server logs, you may also set
> >net_ldap_args => [ debug => 2 or 8 ] in addition to your current args
> >to get back the full dumps of packets coming over the wire.
> >Please note that the debug dumps may contain privileged info, so it's
> >really just a debugging shim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111123/b360f3b7/attachment.sig>
More information about the rt-users
mailing list