| Subject: | [Patch] Allow specification of start_tls options in RT::Authen::ExternalAuth |
I am in the process of setting up RT 3.8.3. The LDAP server I am working with requires a client
certificate when using TLS, so I had to modify RT::Authen::ExternalAuth (against trunk in Rev.
19912). Hope I did everything right (espacially regarding the format of the patch) - would be
glad to get some feedback, please feel free to include the patch in the next release.
Thanks for developing such a powerful tool.
| Subject: | RT-Authen-ExternalAuth-19912-start_tls-options.patch |
Index: lib/RT/Authen/ExternalAuth/LDAP.pm
===================================================================
--- lib/RT/Authen/ExternalAuth/LDAP.pm (Revision 19912)
+++ lib/RT/Authen/ExternalAuth/LDAP.pm (Arbeitskopie)
@@ -428,6 +428,7 @@
my $ldap_user = $config->{'user'};
my $ldap_pass = $config->{'pass'};
my $ldap_tls = $config->{'tls'};
+ my $ldap_tls_args = $config->{'tls_args'};
my $ldap_ssl_ver = $config->{'ssl_version'};
my $ldap_args = $config->{'net_ldap_args'};
@@ -443,7 +444,7 @@
if ($ldap_tls) {
$Net::SSLeay::ssl_version = $ldap_ssl_ver;
# Thanks to David Narayan for the fault tolerance bits
- eval { $ldap->start_tls; };
+ eval { $ldap->start_tls(@$ldap_tls_args); };
if ($@) {
$RT::Logger->critical( (caller(0))[3],
"Can't start TLS: ",
Index: etc/RT_SiteConfig.pm
===================================================================
--- etc/RT_SiteConfig.pm (Revision 19912)
+++ etc/RT_SiteConfig.pm (Arbeitskopie)
@@ -122,6 +122,12 @@
#
# Should we try to use TLS to encrypt connections?
'tls' => 0,
+ # Special argument for start_tls (see perldoc Net::LDAP for details)
+ #'tls_args' => [ 'verify' => 'require',
+ # 'clientcert' => '/etc/ssl/certs/cert.pem',
+ # 'clientkey' => '/etc/ssl/private/cert.key',
+ # 'cafile' => '/etc/ssl/certs/ca.pem'
+ # ],
# SSL Version to provide to Net::SSLeay *if* using SSL
'ssl_version' => 3,
# What other args should I pass to Net::LDAP->new($host,@args)?