Hi Claude,
Your english is much better than my french :)
I've cc'd the RT users list as they may have additional suggestions.
The short answer is no I don't believe your problem is caused by TLS
bugs.
You seem to be mixing up the new RT 4.4 LDAP configuration syntax with
the older RT::Authen::ExternalAuth syntax.
If you are using RT 4.4.x then you don't need the following, because it
is the old style syntax:
Set($LDAPBase,'MYLDAPSERVER');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name => 'uid',
EmailAddress => 'mail',
RealName => 'cn'
});
The following option should also be removed when using RT4.4.x
'ssl_version' => 3,
Is RT able to read your CAcert file? Please could you check the file
permissions.
Do you see any errors in the logs?
Best Regards
Martin
On 2016-12-05 13:22, clauded...@gmail.com wrote:
Hi Martin,
I try to configure LDAP authentication but it don't work.
I'm sure all my config is correct (see below). I tried with
ladapsearch and all it's OK. I look my ldap's server logs and i bind
users correctly. Do you thinks it's TLS bugs ?
(sorry for my english I'm french)
Thank you.
--------------
Set($LDAPBase,'MYLDAPSERVER');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name => 'uid',
EmailAddress => 'mail',
RealName => 'cn'
});
# Use the below LDAP source for both authentication, as well as
user
# information
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalServiceUsesSSLorTLS, 1);
# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 0);
# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP
for
# further details and examples
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ldaps://MYLDAPSERVER',
'user' => 'MYUSER',
'pass' => 'MYPASS',
'base' => 'MYBASE',
'filter' => '(objectClass=privperson)',
'tls' => { verify => "require", cafile =>
"/etc/CA.crt" },
'ssl_version' => 3,
'net_ldap_args' => [ version => 3, debug => 8 ],
'attr_match_list' => [
'Name',
'EmailAddress',
],
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'Gecos' => 'uid',
'Country' => 'co',
}
},
}
);
1;
_____________________________________
Sent from http://requesttracker.8502.n7.nabble.com
---------
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017
