Skip Menu |

This queue is for tickets about the RT-Authen-ExternalAuth CPAN distribution.

Report information
The Basics
Id: 46900
Status: new
Priority: 0/
Queue: RT-Authen-ExternalAuth

People
Owner: Nobody in particular
Requestors: benjamin [...] boksa.de
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: [Patch] Allow specification of start_tls options in RT::Authen::ExternalAuth
I am in the process of setting up RT 3.8.3. The LDAP server I am working with requires a client certificate when using TLS, so I had to modify RT::Authen::ExternalAuth (against trunk in Rev. 19912). Hope I did everything right (espacially regarding the format of the patch) - would be glad to get some feedback, please feel free to include the patch in the next release. Thanks for developing such a powerful tool.
Subject: RT-Authen-ExternalAuth-19912-start_tls-options.patch
Index: lib/RT/Authen/ExternalAuth/LDAP.pm =================================================================== --- lib/RT/Authen/ExternalAuth/LDAP.pm (Revision 19912) +++ lib/RT/Authen/ExternalAuth/LDAP.pm (Arbeitskopie) @@ -428,6 +428,7 @@ my $ldap_user = $config->{'user'}; my $ldap_pass = $config->{'pass'}; my $ldap_tls = $config->{'tls'}; + my $ldap_tls_args = $config->{'tls_args'}; my $ldap_ssl_ver = $config->{'ssl_version'}; my $ldap_args = $config->{'net_ldap_args'}; @@ -443,7 +444,7 @@ if ($ldap_tls) { $Net::SSLeay::ssl_version = $ldap_ssl_ver; # Thanks to David Narayan for the fault tolerance bits - eval { $ldap->start_tls; }; + eval { $ldap->start_tls(@$ldap_tls_args); }; if ($@) { $RT::Logger->critical( (caller(0))[3], "Can't start TLS: ", Index: etc/RT_SiteConfig.pm =================================================================== --- etc/RT_SiteConfig.pm (Revision 19912) +++ etc/RT_SiteConfig.pm (Arbeitskopie) @@ -122,6 +122,12 @@ # # Should we try to use TLS to encrypt connections? 'tls' => 0, + # Special argument for start_tls (see perldoc Net::LDAP for details) + #'tls_args' => [ 'verify' => 'require', + # 'clientcert' => '/etc/ssl/certs/cert.pem', + # 'clientkey' => '/etc/ssl/private/cert.key', + # 'cafile' => '/etc/ssl/certs/ca.pem' + # ], # SSL Version to provide to Net::SSLeay *if* using SSL 'ssl_version' => 3, # What other args should I pass to Net::LDAP->new($host,@args)?