Hi Claude,

Your english is much better than my french :)
I've cc'd the RT users list as they may have additional suggestions.
The short answer is no I don't believe your problem is caused by TLS bugs.

You seem to be mixing up the new RT 4.4 LDAP configuration syntax with the older RT::Authen::ExternalAuth syntax.

If you are using RT 4.4.x then you don't need the following, because it is the old style syntax:

Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
        Name            => 'uid',
        EmailAddress    => 'mail',
        RealName        => 'cn'

The following option should also be removed when using RT4.4.x

'ssl_version'      => 3,

Is RT able to read your CAcert file? Please could you check the file permissions.
Do you see any errors in the logs?

Best Regards


On 2016-12-05 13:22, clauded...@gmail.com wrote:
Hi Martin,

I try to configure LDAP authentication but it don't work.
I'm sure all my config is correct (see below). I tried with
ladapsearch and all it's OK. I look my ldap's server logs and i bind
users correctly. Do you thinks it's TLS bugs ?

(sorry for my english I'm french)
Thank you.

Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
        Name            => 'uid',
        EmailAddress    => 'mail',
        RealName        => 'cn'

# Use the below LDAP source for both authentication, as well as user
    # information
    Set( $ExternalAuthPriority, ["My_LDAP"] );
    Set( $ExternalInfoPriority, ["My_LDAP"] );
    Set($ExternalServiceUsesSSLorTLS, 1);

    # Make users created from LDAP Privileged
    Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

    # Users should still be autocreated by RT as internal users if they
    # fail to exist in an external service; this is so requestors (who
    # are not in LDAP) can still be created when they email in.
    Set($AutoCreateNonExternalUsers, 0);

# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
    # further details and examples
    Set($ExternalSettings, {
        'My_LDAP'       =>  {
            'type'             =>  'ldap',
            'server'           =>  'ldaps://MYLDAPSERVER',
            'user'             =>  'MYUSER',
            'pass'             =>  'MYPASS',
            'base'             =>  'MYBASE',
            'filter'           =>  '(objectClass=privperson)',
            'tls'              => { verify => "require", cafile =>
"/etc/CA.crt" },
            'ssl_version'      => 3,
            'net_ldap_args'    => [    version =>  3, debug => 8   ],
            'attr_match_list'  => [

            'attr_map' => {
                'Name'         => 'uid',
                'EmailAddress' => 'mail',
                'RealName'     => 'cn',
                'Gecos'        => 'uid',
                'Country'      => 'co',


Sent from http://requesttracker.8502.n7.nabble.com
RT 4.4 and RTIR training sessions, and a new workshop day! 
* Los Angeles - January 9-11 2017

Reply via email to