thanks, I should have clarified that LDAP over TLS on 389 is not an option for us. We can only do LDAPS over 636.
On Tue, Mar 4, 2014 at 11:32 AM, k...@rice.edu <k...@rice.edu> wrote: > TLS would still be over port 389 if it was being used. > > Regards, > Ken > > On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote: >> I am successfully authenticating via LDAP (cleartext) over TCP 389 >> using RT::Authen::ExternalAuth >> >> However, once I change: >> >> Set($ExternalServiceUsesSSLorTLS, 1); >> >> and in the ExternalSettings for My_LDAP: >> >> 'tls' => 1, >> 'ssl_version' => 3, >> >> It still authenticates (successfully) over TCP 389. >> >> I noticed someone else had a similar problem but was lacking >> Net::SSLeay. Not my case here (I don't see how you can use Net::LDAP >> without Net:SSLeay) >> >> [root@rtir-test ~]# cpan -i Net::SSLeay >> CPAN: Storable loaded ok (v2.20) >> Reading '/root/.cpan/Metadata' >> Database was generated on Mon, 03 Mar 2014 20:17:02 GMT >> CPAN: Module::CoreList loaded ok (v2.18) >> Net::SSLeay is up to date (1.58). >> [root@rtir-test ~]# >> >> I have debug logging enabled in RT, but it doesn't seem to tell me >> anything useful since nothing is failing. >> >> RT-Authen-ExternalAuth-0.17 -- RT Training London, March 19-20 and Dallas May 20-21 http://bestpractical.com/training