[rt-users] Ldap Authentication setup question
John McCoy
jmccoy at ggu.edu
Thu Oct 23 18:15:23 EDT 2008
So I have just gotten this working with RHEL5, RT-3.8.1,
ExternalAuth-0.06_02 and eDIR.
A few things i had to hack:
/opt/rt3/local/lib/RT/User_Vendor.pm
Change line 1050 from:
$msg = $ldap->bind($ldap_user, password => $ldap_pass);
to:
$msg = $ldap->bind($ldap_user, ); #This fixed the Novell null
password idiocy
I also had to import or eDIR CA (not sure this is really needed)
certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i
~/eDirCACert.pem
My Netware Admin exported this for me from Console1; Security -->
Organizational CA
Modify /etc/openldap/ldap.conf to use the CA too
[root at tickets-dev:~]# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERT /etc/pki/tls/certs/eDirCACert.pem
# Self signed server cert (nothing to do with eDir)
TLS_CERT /etc/pki/tls/certs/server.crt
TLS_KEY /etc/pki/tls/private/server.key
I had to use the short name of the eDir server as its Certificate was
not FQDN (stupid!)
I also did not define d_filter but plan too just my Netware Admin is in
training.
'base' => 'o=ggu',
'filter' =>
'(objectClass=Person)',
'd_filter' => '',
'tls' => 1,
Hope this is useful for anybody trying to get this to work with eDir.
Mike Peachey wrote:
> Michael Mollard wrote:
>
>> Mike,
>> RE: the wiki 'PostInstall'
>> although I have progressed slightly, I think I didn't realise that I needed to put
>> Set( @Plugins,(qw(RT::Authen::ExternalAuth)));
>>
>
> I will add this when I can, this was not required for 3.6 installs.
>
>
--
*************************************
John McCoy, Jr
Sr. Systems and Network Administrator
Enterprise Technology Services
Golden Gate University
*************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081023/3496301b/attachment.htm>
More information about the rt-users
mailing list