[rt-users] External Authentication with LDAPS

Mike Johnson mike.johnson at nosm.ca
Thu Jul 29 08:58:37 EDT 2010 

Oops, looking at it again, i was looking at the mysql config part, not ldap.

i think the only way you can adjust what port you are connecting to through
LDAP is specifying if it's TLS or not(I believe TLS is 636? google to
confirm).

You said you are supposed to be connecting on 636, so set the tls argument
in your LDAP settings to 1.

restart apache and give it a shot.

Good luck!
Mike.

On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson <mike.johnson at nosm.ca> wrote:

> If you read the ExternalAuth's RT_SiteConfig.pm in
> /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
>
> It shows you how to set the port you are connecting on.
>
> Set that to the port your LDAP server is listening to.
>
> Good luck
> MIke.
>   On Thu, Jul 29, 2010 at 4:04 AM, Anthony BRODARD <
> brodard.anthony at gmail.com> wrote:
>
>> Hi Mike, thanks to help me!
>>
>> I've turned on RT's debug mode ( add "   Set($LogToFile, '*debug*'); Set($LogDir,
>> '/var/log/rt');  " in my RT_Siteconfig.pm).
>>
>> Now, when I try to loggin with a LDAP account, this lines are written in
>> my log file:
>>
>>  [Thu Jul 29 07:46:08 2010] [debug]: Reloading RT::User to work around a
>> bug in RT-3.8.0 and RT-3.8.1
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
>> [Thu Jul 29 07:46:08 2010] [debug]: Attempting to use external auth
>> service: LDAP
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
>> [Thu Jul 29 07:46:08 2010] [debug]: Calling UserExists with $username
>> (anthony.brodard) and $service (LDAP)
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
>> [Thu Jul 29 07:46:08 2010] [debug]: UserExists params:
>> username: anthony.brodard , service: LDAP
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
>> *[Thu Jul 29 07:46:30 2010] [critical]:
>> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
>> ldap.[Blanked].fr
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
>> *
>> [Thu Jul 29 07:46:30 2010] [debug]: Autohandler called ExternalAuth.
>> Response: (0, No User)
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
>> [Thu Jul 29 07:46:30 2010] [error]: FAILED LOGIN for anthony.brodard from
>> [IP] (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
>>
>>
>>
>> I try a telnet on server:
>>
>>  [rt-test]~ # telnet ldap.[Blanked].fr 636
>> Trying [IP]...
>> Connected to ldap.[Blanked].fr.
>> Escape character is '^]'.
>>
>>
>> Maybe RT use the LDAP's default port (389), not the LDAPS (636). How can i
>> see it or modify in RT_Siteconfig.pm ?
>>
>> Regards,
>> Anthony
>>
>>
>>
>>
>>
>> 2010/7/28 Mike Johnson <mike.johnson at nosm.ca>
>>
>>  Hi,
>>>
>>> Try turning on RT's logging in debug mode.  That helped me figure out
>>> what was going on with my ExternalAuth.  In the log, before the FAILED line
>>> you should see a few lines showing you if it's connecting to your LDAP,
>>> finding user etc.
>>>
>>> Work from there!
>>> Mike.
>>>
>>
>
>
>  --
> Mike Johnson
> Datatel Programmer/Analyst
> Northern Ontario School of Medicine
> 955 Oliver Road
> Thunder Bay, ON   P7B 5E1
> Phone: (807) 766-7331
> Email: mike.johnson at nosm.ca
>



-- 
Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON   P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson at nosm.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100729/f2b0511a/attachment.htm>

More information about the rt-users mailing list