[rt-users] RT-Authen-ExternalAuth - how to confirm that ssl ldap bind is used?

Darin Perusich darin at darins.net
Tue Oct 16 08:19:28 EDT 2012


On Tue, Oct 16, 2012 at 6:46 AM, Marko Cupać <marko.cupac at gmail.com> wrote:
> I have been using rt4 for some time now in plain protocols (site is on
> http, fetchmail is plain pop3, external auth is done from ldap without
> ssl). Now, I am increasing security by switching to encrypted
> protocols.
>
> Switching apache to https was easy thing to do, and I spent a few hours
> with fetchmail and certificates but it also works now.
>
> RT::Extension::LDAPimport "just worked" when switching ldaphost to
> ldaps:
>
> Set($LDAPHost,'ldaps://ldap.company.tld');
>
> Also, after setting
> Set($ExternalAuthPriority,['My_LDAP']);
> Set($ExternalInfoPriority,['My_LDAP']);
> Set($ExternalServiceUsesSSLorTLS,1);
> Set($ExternalSettings,{
>         'My_LDAP'       =>  {
>                     ...
>                     'tls'         =>  1,
>                     'ssl_version' =>  3,
>                     ...
>          }
> }
>
> ... i can still authenticate.
>
> I can not believe this can be so simple :) Is there a way to check that
> ssl is really used?
>

Check your ldap servers logs or run wireshark/tcpdump from the RT
server and inspect the traffic.



More information about the rt-users mailing list