It's always much easier to help if you post the full settings instead of
some parts.

Did you use ldaps in the server definition or did you add ldaps or the
different port number in net_ldap_args?

-Gerald

On 05.03.2014 17:08, Dewhirst, Rob wrote:
> thanks, I should have clarified that LDAP over TLS on 389 is not an
> option for us.  We can only do LDAPS over 636.
> 
> On Tue, Mar 4, 2014 at 11:32 AM, k...@rice.edu <k...@rice.edu> wrote:
>> TLS would still be over port 389 if it was being used.
>>
>> Regards,
>> Ken
>>
>> On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote:
>>> I am successfully authenticating via LDAP (cleartext) over TCP 389
>>> using RT::Authen::ExternalAuth
>>>
>>> However, once I change:
>>>
>>> Set($ExternalServiceUsesSSLorTLS,    1);
>>>
>>> and in the ExternalSettings for My_LDAP:
>>>
>>>         'tls'                       =>  1,
>>>         'ssl_version'               =>  3,
>>>
>>> It still authenticates (successfully) over TCP 389.
>>>
>>> I noticed someone else had a similar problem but was lacking
>>> Net::SSLeay.  Not my case here (I don't see how you can use Net::LDAP
>>> without Net:SSLeay)
>>>
>>> [root@rtir-test ~]# cpan -i Net::SSLeay
>>> CPAN: Storable loaded ok (v2.20)
>>> Reading '/root/.cpan/Metadata'
>>>   Database was generated on Mon, 03 Mar 2014 20:17:02 GMT
>>> CPAN: Module::CoreList loaded ok (v2.18)
>>> Net::SSLeay is up to date (1.58).
>>> [root@rtir-test ~]#
>>>
>>> I have debug logging enabled in RT, but it doesn't seem to tell me
>>> anything useful since nothing is failing.
>>>
>>> RT-Authen-ExternalAuth-0.17

-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Reply via email to