From the LDAP server logs, it looks like a TLS negotiation failure.
So, how does upgrading to 4.0.4 break RT::ExternalAuth TLS negotiation?
I'm using the same settings for 4.0.4 as I do for 4.0.2. I reverted
to 4.0.2, and LDAP works.
Karl
Message: 6 Date: Wed, 23 Nov 2011 13:53:22 -0500 From: Kevin Falcone
<[email protected]> To: [email protected] Subject: Re: [rt-users] LDAP
ExternalAuth broken after upgrade from 4.0.2 to 4.0.4 Message-ID:
<[email protected]> Content-Type: text/plain; charset="us-ascii" On
Wed, Nov 23, 2011 at 11:46:44AM -0600, Karl Boyken wrote:
> We run RT on RedHat Enterprise Server 6.1, with Perl 5.14.2. We set
> up RT::ExternalAuth to authenticate against our OpenLDAP server, and
> it works fine with RT 4.0.2. But after upgrading to RT 4.0.4, LDAP
> authentication breaks. I'd appreciate any helpful ideas. Here's
> the relevant log entry--it's an LDAP bind() error:
>
>
> Nov 23 11:27:28 serv07 RT:
> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_OPERATIONS_ERROR 1
(/path_to_our_RT/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
This usually means that the LDAP server rejected you in some way.
You may find more information in the server logs, you may also set
net_ldap_args => [ debug => 2 or 8 ] in addition to your current args
to get back the full dumps of packets coming over the wire.
Please note that the debug dumps may contain privileged info, so it's
really just a debugging shim.
-kevin
--
Karl Boyken, system administrator
[email protected]
303A MLH, Dept. of Comp. Sci.
http://www.cs.uiowa.edu/~boyken/
The U. of Iowa, Iowa City, IA 52242 319-335-2730 (voice)
319-335-3668 (fax)
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Barcelona, Spain November 28 & 29, 2011
