[rt-users] Ldap Authentication setup question

John McCoy jmccoy at ggu.edu
Thu Oct 23 18:15:23 EDT 2008


So I have just gotten this working with RHEL5, RT-3.8.1, 
ExternalAuth-0.06_02 and eDIR.

A few things i had to hack:
/opt/rt3/local/lib/RT/User_Vendor.pm
Change line 1050 from:
         $msg = $ldap->bind($ldap_user, password => $ldap_pass);
to:
         $msg = $ldap->bind($ldap_user, ); #This fixed the Novell null 
password idiocy

I also had to import or eDIR CA (not sure this is really needed)
certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i 
~/eDirCACert.pem
My Netware Admin exported this for me from Console1; Security --> 
Organizational CA

Modify /etc/openldap/ldap.conf to use the CA too
[root at tickets-dev:~]# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERT /etc/pki/tls/certs/eDirCACert.pem
# Self signed server cert (nothing to do with eDir)
TLS_CERT /etc/pki/tls/certs/server.crt
TLS_KEY /etc/pki/tls/private/server.key

I had to use the short name of the eDir server as its Certificate was 
not FQDN (stupid!)
I also did not define d_filter but plan too just my Netware Admin is in 
training.

                           'base'                      =>  'o=ggu',
                           'filter'                    =>  
'(objectClass=Person)',
                           'd_filter'                  =>  '',
                           'tls'                       =>  1,


Hope this is useful for anybody trying to get this to work with eDir.



Mike Peachey wrote:
> Michael Mollard wrote:
>   
>> Mike,
>> RE: the wiki 'PostInstall'
>> although I have progressed slightly, I think I didn't realise that I needed to put
>> Set( @Plugins,(qw(RT::Authen::ExternalAuth)));
>>     
>
> I will add this when I can, this was not required for 3.6 installs.
>
>   

-- 
*************************************
John McCoy, Jr
Sr. Systems and Network Administrator
Enterprise Technology Services
Golden Gate University
*************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081023/3496301b/attachment.htm>


More information about the rt-users mailing list