Re: [rt-users] Ldap Authentication setup question

Thu, 23 Oct 2008 15:25:49 -0700

So I have just gotten this working with RHEL5, RT-3.8.1, ExternalAuth-0.06_02 and eDIR. 

A few things i had to hack:
/opt/rt3/local/lib/RT/User_Vendor.pm
Change line 1050 from:
        $msg = $ldap->bind($ldap_user, password => $ldap_pass);
to:
$msg = $ldap->bind($ldap_user, ); #This fixed the Novell null password idiocy 

I also had to import or eDIR CA (not sure this is really needed)

certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i 
~/eDirCACert.pem
My Netware Admin exported this for me from Console1; Security --> 
Organizational CA


Modify /etc/openldap/ldap.conf to use the CA too
[EMAIL PROTECTED]:~]# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERT /etc/pki/tls/certs/eDirCACert.pem
# Self signed server cert (nothing to do with eDir)
TLS_CERT /etc/pki/tls/certs/server.crt
TLS_KEY /etc/pki/tls/private/server.key


I had to use the short name of the eDir server as its Certificate was 
not FQDN (stupid!)
I also did not define d_filter but plan too just my Netware Admin is in 
training.


                          'base'                      =>  'o=ggu',

                          'filter'                    =>  
'(objectClass=Person)',

                          'd_filter'                  =>  '',
                          'tls'                       =>  1,


Hope this is useful for anybody trying to get this to work with eDir.



Mike Peachey wrote:

Michael Mollard wrote:

  

Mike,
RE: the wiki 'PostInstall'
although I have progressed slightly, I think I didn't realise that I needed to 
put
Set( @Plugins,(qw(RT::Authen::ExternalAuth)));

    


I will add this when I can, this was not required for 3.6 installs.


  


--
*************************************
John McCoy, Jr
Sr. Systems and Network Administrator
Enterprise Technology Services
Golden Gate University
*************************************


_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com






















					Reply via email to