[rt-users] RT::Authen::ExternalAuth LDAPS

Darin Perusich darin at darins.net
Tue Mar 4 12:50:39 EST 2014


Is the CA certificate which signed your LDAP servers certs on your RT
host? It would need to be installed in /etc/ssl/certs or
/etc/pki/trust/anchors and hashed to be trusted.
--
Later,
Darin


On Tue, Mar 4, 2014 at 12:29 PM, Dewhirst, Rob <robdewhirst at gmail.com> wrote:
> I am successfully authenticating via LDAP (cleartext) over TCP 389
> using RT::Authen::ExternalAuth
>
> However, once I change:
>
> Set($ExternalServiceUsesSSLorTLS,    1);
>
> and in the ExternalSettings for My_LDAP:
>
>         'tls'                       =>  1,
>         'ssl_version'               =>  3,
>
> It still authenticates (successfully) over TCP 389.
>
> I noticed someone else had a similar problem but was lacking
> Net::SSLeay.  Not my case here (I don't see how you can use Net::LDAP
> without Net:SSLeay)
>
> [root at rtir-test ~]# cpan -i Net::SSLeay
> CPAN: Storable loaded ok (v2.20)
> Reading '/root/.cpan/Metadata'
>   Database was generated on Mon, 03 Mar 2014 20:17:02 GMT
> CPAN: Module::CoreList loaded ok (v2.18)
> Net::SSLeay is up to date (1.58).
> [root at rtir-test ~]#
>
> I have debug logging enabled in RT, but it doesn't seem to tell me
> anything useful since nothing is failing.
>
> RT-Authen-ExternalAuth-0.17
> --
> RT Training London, March 19-20 and Dallas May 20-21
> http://bestpractical.com/training



More information about the rt-users mailing list