Is the CA certificate which signed your LDAP servers certs on your RT host? It would need to be installed in /etc/ssl/certs or /etc/pki/trust/anchors and hashed to be trusted. -- Later, Darin
On Tue, Mar 4, 2014 at 12:29 PM, Dewhirst, Rob <robdewhi...@gmail.com> wrote: > I am successfully authenticating via LDAP (cleartext) over TCP 389 > using RT::Authen::ExternalAuth > > However, once I change: > > Set($ExternalServiceUsesSSLorTLS, 1); > > and in the ExternalSettings for My_LDAP: > > 'tls' => 1, > 'ssl_version' => 3, > > It still authenticates (successfully) over TCP 389. > > I noticed someone else had a similar problem but was lacking > Net::SSLeay. Not my case here (I don't see how you can use Net::LDAP > without Net:SSLeay) > > [root@rtir-test ~]# cpan -i Net::SSLeay > CPAN: Storable loaded ok (v2.20) > Reading '/root/.cpan/Metadata' > Database was generated on Mon, 03 Mar 2014 20:17:02 GMT > CPAN: Module::CoreList loaded ok (v2.18) > Net::SSLeay is up to date (1.58). > [root@rtir-test ~]# > > I have debug logging enabled in RT, but it doesn't seem to tell me > anything useful since nothing is failing. > > RT-Authen-ExternalAuth-0.17 > -- > RT Training London, March 19-20 and Dallas May 20-21 > http://bestpractical.com/training -- RT Training London, March 19-20 and Dallas May 20-21 http://bestpractical.com/training