[rt-users] LDAP overlay problems

Tue Mar 1 16:18:05 EST 2005

I'm struggling trying to get the LDAP overlay to work correctly.  Here are the relative log entries.  I'm assuming that the problem is that it is matching 0 results even though from a manual request I see a result.    I'm using the http://wiki.bestpractical.com/index.cgi?LdapOverlay instructions with the couple of bug fixes listed for User_Local.pm. Any suggestions?

Matt

>From rt.log:
[Tue Mar  1 20:13:31 2005] [info]: Using External Authentication
 (/rt/rt3.4/lib/RT/User_Local.pm:61)
[Tue Mar  1 20:13:31 2005] [debug]: GetExternalUserWithLDAP: First search filter '(&(&(objectclass=person)(CN=A123456))(objectclass=*))'
 (/rt/rt3.4/lib/RT/User_Local.pm:84)
[Tue Mar  1 20:13:32 2005] [debug]: GetExternalUserWithLDAP: First search produced  0  results
 (/rt/rt3.4/lib/RT/User_Local.pm:94)
[Tue Mar  1 20:13:32 2005] [info]: AUTH FAILED: A123456
 (/rt/rt3.4/lib/RT/User_Local.pm:98)
[Tue Mar  1 20:13:32 2005] [error]: FAILED LOGIN for A123456 from 162.131.196.166 (/rt/rt3.4/share/html/autohandler:191)

>From httpd rt3_error_log:
[Tue Mar 01 14:13:32 2005] [error] [client 162.131.196.166] FastCGI: server "/rt/rt3.4/bin/mason_handler.fcgi" stderr: [Tue Mar  1 20:13:32 2005] [error]: FAILED LOGIN for A123456 from 162.131.196.166 (/rt/rt3.4/share/html/autohandler:191), referer: http://rt/

>From RT_Siteconfig.pm:
$LDAPExternalAuth=1;
$LdapServer="exampledc001.exampleusa.corp.example.com:389";
$LdapBase="DC=exampleusa,DC=corp,DC=example,DC=com";
$LdapUidAttr="CN";
$LdapFilter="(objectclass=*)";
$LdapUser="CN=TJUNXAD,OU=Users,OU=IS,DC=exampleusa,DC=corp,DC=example,DC=com";
$LdapPass="thisismypassword";

Also if I do a manual ldapsearch with the same filter I get this:
[root at ul089 scripts]# ldapsearch -D "CN=TJUNXAD,OU=Users,OU=IS,DC=principalusa,DC=corp,DC=example,DC=com" -w tl02mm21 -x -b "DC=exampleusa,DC=corp,DC=example,DC=com" -h exampledc001.exampleusa.corp.example.com "(&(&(objectclass=person)(CN=A123456))(objectclass=*))" CN
version: 2

#
# filter: (&(&(objectclass=person)(CN=a123456))(objectclass=*))
# requesting: CN
#

# A123456, Users, IS, exampleusa, corp, example, com
dn: CN=A123456,OU=Users,OU=IS,DC=exampleusa,DC=corp,DC=example,DC=com
cn: A123456

# search reference
ref: ldap://DomainDnsZones.exampleusa.corp.example.com/DC=DomainDnsZones,D
 C=exampleusa,DC=corp,DC=example,DC=com

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 1
# numReferences: 1

-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect at principal.com and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.