[rt-users] RT Authen: External Auth won't work over ssl
john s.
fireskyer at gmx.de
Wed May 11 10:31:36 EDT 2011
Hello Guys
I have a problem to run the Auth. Plugin over ssl....
My settings are:
1. AD Server Windows 2008
2. Client Linux Ubuntu Lynx 10.04 LTS Version
So what i have done on the ServerSide:
Create a zertificate refered by this Document
http://technet.microsoft.com/en-us/library/ee411009%28WS.10%29.aspx
Microsoft
I had tested the ldap connection over ssl on the server side, by the help
of ldp.exe ... this works perfectly
On the client side:
I had converted the certifiacte from the server Server with openssl in an pm
file and installed the imported Certificate in the directory
/etc/ssl/certs.
But no ssl connections take place ... the plugin makes an fallback (
proofed with thshark,perfmon and ssldump) on port 389 ( i wonder why).
so here is my plugin config:
##RT Authenth#############
Set( @Plugins,qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority,['My_LDAP']);
Set($ExternalInfoPriority,['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS,1);
Set($AutoCreateNonExternalUsers,1);
Set($AutoCreate,{Privileged => 1});
Set($ExternalSettings,{'My_LDAP' =>{ ## GENERIC SECTION
'type' => 'ldap',
'server' => 'xxxxxxxxxxxxxx',
'user' => 'CN=xxxxxxxxx,OU=xxxxxxxxx,OU=xxxx,DC=xxxxxxxxxxxl',
'pass' => 'xxxxxxxxxxxxx',
'base' => 'OU=Benutzer,OU=xxxx,DC=xxxx,DC=xxx',
'filter' =>
'(memberOf=CN=xxxx,OU=Gruppen,OU=xxxx,DC=xxxxxxxx)',
'd_filter' =>
'(userAccountControl=514)',
'tls' => 1,
'ssl_version' => 3,
'net_ldap_args' => [ version =>
3 ],
#'group' => '',
#'group_attr' => '',
'attr_match_list' => [ 'Name',
'EmailAddress',
],
'attr_map' => { 'Name' =>
'sAMAccountName',
'RealName' => 'cn',
'EmailAddress' =>
'mail',
'Organization' =>
'physicalDeliveryOfficeName',
'ExternalAuthId' =>
'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' =>
'streetAddress',
'City' => 'l',
'Zip' => 'postalCode',
Does the plugin need an self signed certificate ?... if so, how i can create
this with windows 2008 server?
or do i need some software like likewise , that the server can authorize
against the linux client ?
i tried to make an ldapsearch with the following command:
ldapsearch -h xxx.local -p 636 -Z -D "sbah\admin" -w "password" -b "
CN=Configuration,DC=xxx,DC=local" -s sub "sAMAccountName=USER"
comes an error:
ldap_start_tls: Can't contact LDAP server (-1) ldap_sasl_bind(SIMPLE): Can't
contact LDAP server (-1)
don't have a clue whats wrong
best regards skyerjoe
--
View this message in context: http://old.nabble.com/RT-Authen%3A-External-Auth-won%27t-work-over-ssl-tp31594799p31594799.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
More information about the rt-users
mailing list