[rt-users] RT::Authen::ExternalAuth LDAPS

Gerald Vogt vogt at spamcop.net
Wed Mar 5 11:22:12 EST 2014


It's always much easier to help if you post the full settings instead of
some parts.

Did you use ldaps in the server definition or did you add ldaps or the
different port number in net_ldap_args?

-Gerald

On 05.03.2014 17:08, Dewhirst, Rob wrote:
> thanks, I should have clarified that LDAP over TLS on 389 is not an
> option for us.  We can only do LDAPS over 636.
> 
> On Tue, Mar 4, 2014 at 11:32 AM, ktm at rice.edu <ktm at rice.edu> wrote:
>> TLS would still be over port 389 if it was being used.
>>
>> Regards,
>> Ken
>>
>> On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote:
>>> I am successfully authenticating via LDAP (cleartext) over TCP 389
>>> using RT::Authen::ExternalAuth
>>>
>>> However, once I change:
>>>
>>> Set($ExternalServiceUsesSSLorTLS,    1);
>>>
>>> and in the ExternalSettings for My_LDAP:
>>>
>>>         'tls'                       =>  1,
>>>         'ssl_version'               =>  3,
>>>
>>> It still authenticates (successfully) over TCP 389.
>>>
>>> I noticed someone else had a similar problem but was lacking
>>> Net::SSLeay.  Not my case here (I don't see how you can use Net::LDAP
>>> without Net:SSLeay)
>>>
>>> [root at rtir-test ~]# cpan -i Net::SSLeay
>>> CPAN: Storable loaded ok (v2.20)
>>> Reading '/root/.cpan/Metadata'
>>>   Database was generated on Mon, 03 Mar 2014 20:17:02 GMT
>>> CPAN: Module::CoreList loaded ok (v2.18)
>>> Net::SSLeay is up to date (1.58).
>>> [root at rtir-test ~]#
>>>
>>> I have debug logging enabled in RT, but it doesn't seem to tell me
>>> anything useful since nothing is failing.
>>>
>>> RT-Authen-ExternalAuth-0.17




More information about the rt-users mailing list