[rt-users] RT::Authen::ExternalAuth LDAPS
Dewhirst, Rob
robdewhirst at gmail.com
Wed Mar 5 11:52:19 EST 2014
It' always a judgement call what to post and what to leave out. I
can't post the full settings, strictly speaking.
'server' => 'ldaps://server',
seems to have fixed it. Thanks all.
On Wed, Mar 5, 2014 at 10:22 AM, Gerald Vogt <vogt at spamcop.net> wrote:
> It's always much easier to help if you post the full settings instead of
> some parts.
>
> Did you use ldaps in the server definition or did you add ldaps or the
> different port number in net_ldap_args?
>
> -Gerald
>
> On 05.03.2014 17:08, Dewhirst, Rob wrote:
>> thanks, I should have clarified that LDAP over TLS on 389 is not an
>> option for us. We can only do LDAPS over 636.
>>
>> On Tue, Mar 4, 2014 at 11:32 AM, ktm at rice.edu <ktm at rice.edu> wrote:
>>> TLS would still be over port 389 if it was being used.
>>>
>>> Regards,
>>> Ken
>>>
>>> On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote:
>>>> I am successfully authenticating via LDAP (cleartext) over TCP 389
>>>> using RT::Authen::ExternalAuth
>>>>
>>>> However, once I change:
>>>>
>>>> Set($ExternalServiceUsesSSLorTLS, 1);
>>>>
>>>> and in the ExternalSettings for My_LDAP:
>>>>
>>>> 'tls' => 1,
>>>> 'ssl_version' => 3,
>>>>
>>>> It still authenticates (successfully) over TCP 389.
>>>>
>>>> I noticed someone else had a similar problem but was lacking
>>>> Net::SSLeay. Not my case here (I don't see how you can use Net::LDAP
>>>> without Net:SSLeay)
>>>>
>>>> [root at rtir-test ~]# cpan -i Net::SSLeay
>>>> CPAN: Storable loaded ok (v2.20)
>>>> Reading '/root/.cpan/Metadata'
>>>> Database was generated on Mon, 03 Mar 2014 20:17:02 GMT
>>>> CPAN: Module::CoreList loaded ok (v2.18)
>>>> Net::SSLeay is up to date (1.58).
>>>> [root at rtir-test ~]#
>>>>
>>>> I have debug logging enabled in RT, but it doesn't seem to tell me
>>>> anything useful since nothing is failing.
>>>>
>>>> RT-Authen-ExternalAuth-0.17
>
> --
> RT Training London, March 19-20 and Dallas May 20-21
> http://bestpractical.com/training
More information about the rt-users
mailing list