[rt-users] RT::Authen::ExternalAuth LDAPS

Kevin Falcone falcone at bestpractical.com
Wed Mar 5 11:25:13 EST 2014


On Wed, Mar 05, 2014 at 10:08:53AM -0600, Dewhirst, Rob wrote:
> thanks, I should have clarified that LDAP over TLS on 389 is not an
> option for us.  We can only do LDAPS over 636.

If you want to do LDAPS to the LDAPS port and not STARTTLS on the
standard port, you probably want
server => 'ldaps://my.server'
Net::LDAP's default LDAPS port is 636 so you don't need to specify it.

It's possibly you'll need to turn off tls if Net::LDAP::start_tls
breaks you.  It's also possible you might need some extra things in
net_ldap_args, refer to the Net::LDAP documentation for that.

-kevin

> > On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote:
> >> I am successfully authenticating via LDAP (cleartext) over TCP 389
> >> using RT::Authen::ExternalAuth
> >>
> >> However, once I change:
> >>
> >> Set($ExternalServiceUsesSSLorTLS,    1);
> >>
> >> and in the ExternalSettings for My_LDAP:
> >>
> >>         'tls'                       =>  1,
> >>         'ssl_version'               =>  3,
> >>
> >> It still authenticates (successfully) over TCP 389.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140305/a3e5ac01/attachment.sig>


More information about the rt-users mailing list