Alas, no, it didn’t help: [Tue Mar 27 16:43:36 2012] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_OPERATIONS_ERROR 1
(/opt/rt4/local/plugins/RT-Authen-
ExternalAuth/lib/RT/Authen/ExternalA
uth/LDAP.pm:492)Note that you’re no longer getting segfaults from Apache, meaning you
solved the SSL lib conflict between Perl and Apache. The error above
is a pure bind error.What’s your ExternalAuth config? I suspect you configured it to talk
TLS to your SSL port.Thomas
I’ve tried setting tls to 0 and 1. When it’s set to 1, it looks like it sends the bind in cleartext (I see the bind credentials in tcpdump). When set to 0 it looks fully encrypted.
Again, the server/user/pw/port stuff all works right with ldapsearch…
Here is my config at present (sanitized of course):
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);
Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);
Set($ExternalServiceUsesSSLorTLS, 1);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, { ‘My_LDAP’ => { ## GENERIC SECTION
‘type’ => ‘ldap’,
‘server’ => ‘dc05.my.ad’,
‘user’ => ‘CN=Apache LDAP,OU=Service Accounts,DC=my,DC=ad’,
‘pass’ => ‘xxx’,
‘base’ => ‘DC=my,DC=ad’,
‘filter’ => ‘(ObjectClass=User)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3, port => 636, debug => 8 ],
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’
}
},
}
);