[rt-users] ExternalAuth to active directory over SSL

Brent Wiese bwiese at ElementPS.com
Tue Mar 27 12:48:54 EDT 2012


> 
> On Fri, 2012-03-23 at 15:05 -0700, Brent Wiese wrote:
> > I noticed in the notes that when you enable SSL/TLS, it invokes
> > NET::SSLeay.
> 
> This is why RT::Authen::ExternalAuth prompts about "SSL LDAP
> Connections" when you run `perl Makefile.PL`.

I'd installed via cpan so didn't notice that before.

> > Didn’t appear to be installed. I installed via cpan… and now Apache
> > seg faults when I try to start it. It’s seg faulting on:
> 
> This generally means that you're running mod_perl, and Net::SSLeay is
> disagreeing with something else in the system (be it Apache, or your
> database handle) which also wants to load the SSL libraries -- and the
> libraries are ending up in an inconsistent state.
>   As a first step, try disabling Apache's SSL, or switching from
> mod_perl to mod_fcgid or mod_fastcgi, and see if it helps.
>  - Alex
> 

I switched to fcgid and was able to get apache running again. Still same problems with the external auth.

Figuring maybe there was an issue when I first installed because Net::SSLeay wasn't installed, I grabbed the latest stable and manually built. Looks like it found everything correctly:

*** Module::AutoInstall version 1.04
*** Checking for Perl dependencies...
[SSL LDAP Connections]
- Net::SSLeay ...loaded. (1.45)
[External LDAP Sources]
- Net::LDAP   ...loaded. (0.44)
[External DBI Sources]
- DBI         ...loaded. (1.618)
[SSO Cookie Sources]
- CGI::Cookie ...loaded. (1.30)
*** Module::AutoInstall configuration finished.
Checking if your kit is complete...
Looks good

Alas, no, it didn't help:
[Tue Mar 27 16:43:36 2012] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_OPERATIONS_ERROR 1 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:492)

I'm not convinced it works. I challenge someone to respond with "yes, I can successfully use ExternalAuth against AD via SSL" and post their challenges/config. :) 

I just don't know where to go from here. 



More information about the rt-users mailing list