[rt-users] RT Authen: External Auth won't work over ssl

john s. fireskyer at gmx.de
Wed May 11 10:31:36 EDT 2011


Hello Guys


I have a problem to run the Auth. Plugin over ssl....

My settings are: 

1. AD Server Windows 2008 

2. Client Linux Ubuntu Lynx 10.04 LTS Version

So what i have done on the ServerSide: 

Create a zertificate refered by this Document 
http://technet.microsoft.com/en-us/library/ee411009%28WS.10%29.aspx
Microsoft  

I had tested the ldap connection over ssl  on the server side, by the help
of ldp.exe ...  this works perfectly 

On the client side: 

I had converted the certifiacte from the server Server with openssl in an pm
file and  installed the imported Certificate in the directory
/etc/ssl/certs. 

But no ssl connections take place ... the plugin  makes an fallback (
proofed with thshark,perfmon and ssldump) on port 389 ( i wonder why).

so here is my plugin config:


##RT Authenth#############
Set( @Plugins,qw(RT::Authen::ExternalAuth));

Set($ExternalAuthPriority,['My_LDAP']);
Set($ExternalInfoPriority,['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS,1);
Set($AutoCreateNonExternalUsers,1);
Set($AutoCreate,{Privileged => 1});


Set($ExternalSettings,{'My_LDAP' =>{   ## GENERIC SECTION
                                        'type' => 'ldap',
                                        'server' =>  'xxxxxxxxxxxxxx',
					'user' => 'CN=xxxxxxxxx,OU=xxxxxxxxx,OU=xxxx,DC=xxxxxxxxxxxl',
                                        'pass' =>  'xxxxxxxxxxxxx',
					'base' =>  'OU=Benutzer,OU=xxxx,DC=xxxx,DC=xxx',
                                        'filter'  => 
'(memberOf=CN=xxxx,OU=Gruppen,OU=xxxx,DC=xxxxxxxx)',
                                        'd_filter' => 
'(userAccountControl=514)',
                                        'tls'    =>  1,
                                        'ssl_version'  =>  3,
                                        'net_ldap_args' => [    version => 
3   ],
                                        #'group'  =>  '', 
                                        #'group_attr' =>  '', 
                     'attr_match_list'           => [    'Name',
                                                         'EmailAddress',
                                                    ],
                     'attr_map'                  =>  {  'Name' =>
'sAMAccountName',
                                                        'RealName' => 'cn',
                                                        'EmailAddress' =>
'mail',
                                                        'Organization' =>
'physicalDeliveryOfficeName',
                                                        'ExternalAuthId' =>
'sAMAccountName',
							'WorkPhone' => 'telephoneNumber',
                                                        'Address1' =>
'streetAddress',
                                                        'City' => 'l',
							'Zip' => 'postalCode',




Does the plugin need an self signed certificate ?... if so, how i can create
this with windows 2008 server?

 or do i need some software like likewise , that the server can authorize
against the linux client ? 

i tried to make an  ldapsearch with the following command: 

ldapsearch -h xxx.local -p 636 -Z   -D "sbah\admin" -w "password" -b "
CN=Configuration,DC=xxx,DC=local" -s sub "sAMAccountName=USER"

comes an error: 

ldap_start_tls: Can't contact LDAP server (-1) ldap_sasl_bind(SIMPLE): Can't
contact LDAP server (-1)


don't have a clue whats wrong 

best regards skyerjoe 















-- 
View this message in context: http://old.nabble.com/RT-Authen%3A-External-Auth-won%27t-work-over-ssl-tp31594799p31594799.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.




More information about the rt-users mailing list