FW: ExternalAuth to active directory over SSL

Alas, no, it didn’t help: [Tue Mar 27 16:43:36 2012] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_OPERATIONS_ERROR 1
(/opt/rt4/local/plugins/RT-Authen-
ExternalAuth/lib/RT/Authen/ExternalA
uth/LDAP.pm:492)

Note that you’re no longer getting segfaults from Apache, meaning you
solved the SSL lib conflict between Perl and Apache. The error above
is a pure bind error.

What’s your ExternalAuth config? I suspect you configured it to talk
TLS to your SSL port.

Thomas

I’ve tried setting tls to 0 and 1. When it’s set to 1, it looks like it sends the bind in cleartext (I see the bind credentials in tcpdump). When set to 0 it looks fully encrypted.

Again, the server/user/pw/port stuff all works right with ldapsearch…

Here is my config at present (sanitized of course):

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);

Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);

Set($ExternalServiceUsesSSLorTLS, 1);

Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, { ‘My_LDAP’ => { ## GENERIC SECTION
’type’ => ‘ldap’,
‘server’ => ‘dc05.my.ad’,
‘user’ => ‘CN=Apache LDAP,OU=Service Accounts,DC=my,DC=ad’,
‘pass’ => ‘xxx’,
‘base’ => ‘DC=my,DC=ad’,
‘filter’ => ‘(ObjectClass=User)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3, port => 636, debug => 8 ],
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’
}
},
}
);

                                  'tls'                       =>  0,
                                  'ssl_version'               =>  3,
                                  'net_ldap_args'             => [ version =>  3, port => 636, debug => 8 ],

You’re mixing TLS with the SSL port. Try this:

tls => 1,
net_ldap_args => [ version => 3, debug => 8 ],

Don’t include ssl_version or port.

Thomas