LDAP ExternalAuth not even attempting to connect


#1

I’m having a strange issue getting LDAP ExternalAuth working in RT 4.4.3 on Fedora 29. This very LDAP server was working fine during testing on another box, but now I’m having issues getting connected at all. I get the following log message:

[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to my.ldap.server.address (/usr/share/perl5/vendor_perl/RT/Authen/ExternalAuth/LDAP.pm:649)

This cannot be an authentication issue, as (looking at the source) this error is thrown before authentication even gets tried. Also, from my somewhat bumbling use of tcpdump, it looks like no connection to the server is even being attempted.

Relevant parts of config:

Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);

Set($ExternalSettings, {
	'My_LDAP' => {
		'type' => 'ldap',

		'server' => 'my.ldap.server.address',
		'user' => 'CN=Request Tracker,OU=...etc',
		'pass' => 'myPassword1',

		'base' => 'dc=our,dc=domain',
		'filter' => '(objectClass=user)',
		'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',

		'attr_match_list' => [
			'Name',
			'EmailAddress',
		],
		'attr_map' => {
			'Name' => 'sAMAccountName',
			'EmailAddress' => 'mail',
			'RealName' => 'cn',
		},

		'tls' => 0,
	},
});

Has anyone seen behaviour like this before? Have I made a silly typo somewhere?

P.S. ldapsearch with these exact settings works perfectly.


#2

I don’t supposed you have SELinux enabled do you? That can sometimes get in the way of scripts executing in the web server context from opening their own out bound network connections (for things like LDAP).


#3

Sorry for the late reply - this was exactly the issue, and disabling enforcing fixed both this and another unrelated issue I was having with sendmail.