Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SASL LDAP binds and Start TLS #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Support SASL LDAP binds and Start TLS #2

wants to merge 1 commit into from

Conversation

btb
Copy link

@btb btb commented Jul 16, 2013

@tsibley
Copy link
Contributor

tsibley commented Jul 23, 2013

Hi Bradley,

Thanks for the patch! I've taken a look at it, and have some changes I'd like to see.

Overall, this commit should really be split into two: one for TLS and the other for SASL.

Other changes I'd like to see:

  • Config values should be hashes not hashrefs as they're less prone to user config error. You can do this by setting $RT::Config::META{OptionName}->{Type} = 'HASH'; and then accessing via RT->Config->Get("OptionName") in list context (scalar context will still get you a ref).
  • $LDAPStartTLSArgs serves the dual purpose of both enabling TLS after connect and providing a place to modify args. It should be a boolean $LDAPStartTLS plus $LDAPStartTLSArgs for any advanced changes. This also means that the parameters to start_tls() should have some sane defaults provided by LDAPImport. In particular, verify => "require".
  • The POD for $LDAPStartTLSArgs should link to Net::LDAP's start_tls documentation.
  • Ditto for references to Authen::SASL.

Are you up for making those changes and repushing your branch / creating a new pull request?

@btb
Copy link
Author

btb commented Jul 24, 2013

sure, I can do that

@btb
Copy link
Author

btb commented Jul 26, 2013

It looks like META{...}->{Type} = 'HASH' would have to be set before the loading of, or inside of, the user's siteconfig file, is that correct? Should this plugin be providing an etc/LDAPImport_Config.pm file where we could put that as well as the defaults?

@tsibley
Copy link
Contributor

tsibley commented Jul 30, 2013

You can set the type in LDAPImport.pm. The type is not necessary when setting values from the config files, but is necessary for calls to RT->Config->Set and ->Get to behave as expected. There doesn't need to be an etc/LDAPImport_Config.pm file.

@btb
Copy link
Author

btb commented Sep 23, 2013

sorry I havent finished this yet. I'm wondering, are there any plans to roll group support into RT::Authen::ExternalAuth? Being able to grab groups from a shibboleth assertion for instance, seems really nice.

@ailin-nemui
Copy link

ping, TLS support would be awesome

@btb
Copy link
Author

btb commented May 21, 2015

If someone else wants to make those changes that'd be great, I no longer deal very much with RT.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@btb @tsibley @ailin-nemui