[rt-users] Problem creating new user account with LDAP auth

eric.valor at daimlerchrysler.com eric.valor at daimlerchrysler.com
Tue Apr 18 20:37:43 EDT 2006 

All:

While my users authenticate and a very basic account is created on RT, 
apparently the full account creation fails.  I've attached the final 
relevant bits from my logging.

You can see that the user (myuser) is successfully logged in and 
authenticated against my Active Directory server at domain.com.  But the 
population of info into the account fails.  Apparently the account 
information is not being read from the AD server.

I've used the Mosemann LDAP contribution with a more AD-friendly modified 
RT_SiteConfig.pm.  I've also tried using the Automatic Account Creation 
via LDAP 
(http://wiki.bestpractical.com/index.cgi?AutoCreateFromExternalUserInfo).

Any ideas?  I suspect that nobody is really doing a full account dump from 
an AD server into RT.  I'm a medium-weight PERL hacker, but not at the 
level of attacking RT code unguided.

Logging:

[Wed Apr 19 00:09:35 2006] [warning]: DBD::mysql::st execute failed: You 
have an error in your SQL syntax.  Check the manual that corresponds to 
your MySQL server version for the right syntax to use near 'user 
paramater, LastUpdated) VALUES ('Autocreated with LDAP Dat at 
/usr/share/perl5/DBIx/SearchBuilder/Handle.pm line 480.
 (/usr/share/request-tracker3.4/lib/RT.pm:277)
[Wed Apr 19 00:09:35 2006] [warning]: RT::Handle=HASH(0x99adbdc) couldn't 
execute the query 'INSERT INTO Users (Comments, RealName, EmailAddress, 
Creator, LastUpdatedBy, Password, Created, id, Name, RT user paramater, 
LastUpdated) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' at 
/usr/share/perl5/DBIx/SearchBuilder/Handle.pm line 494.
 (/usr/share/request-tracker3.4/lib/RT.pm:277)
[Wed Apr 19 00:09:35 2006] [error]: Could not create a new user - 
(/usr/share/request-tracker3.4/lib/RT/User_Overlay.pm:267)
[Wed Apr 19 00:09:36 2006] [debug]: About to think about scrips for 
transaction #30 
(/usr/share/request-tracker3.4/lib/RT/Transaction_Overlay.pm:154)
[Wed Apr 19 00:09:36 2006] [debug]: About to think about scrips for 
transaction #31 
(/usr/share/request-tracker3.4/lib/RT/Transaction_Overlay.pm:154)
[Wed Apr 19 00:09:36 2006] [info]: Using LDAP External Authentication
 (/usr/local/share/request-tracker3.4/lib/RT/User_Local.pm:101)
[Wed Apr 19 00:09:36 2006] [debug]: LDAPAuth: First search filter 
'(&(sAMAccountName=<myuser>)(objectclass=user))'
 (/usr/local/share/request-tracker3.4/lib/RT/User_Local.pm:136)
[Wed Apr 19 00:09:36 2006] [debug]: LDAPAuth: First search produced  1 
results
 (/usr/local/share/request-tracker3.4/lib/RT/User_Local.pm:146)
[Wed Apr 19 00:09:36 2006] [debug]: LDAP DN: 
CN=<myuser>,CN=Users,DC=<domain>,DC=com
 (/usr/local/share/request-tracker3.4/lib/RT/User_Local.pm:154)
[Wed Apr 19 00:09:36 2006] [debug]: AUTH OK: <myuser> - LDAP 
(CN=<myuser>,CN=Users,DC=<domain>,DC=com)
 (/usr/local/share/request-tracker3.4/lib/RT/User_Local.pm:162)
[Wed Apr 19 00:09:36 2006] [info]: Successful login for <myuser> from 
111.222.333.444 (/usr/local/share/request-tracker3.4/html/autohandler:153)

Here's my RT_SiteConfig relevant parts:

$LdapBase="cn=Users,dc=<domain>,dc=com";          # search base
$LdapUidAttr="sAMAccountName";                  # attribute for RT account 
name
$LdapNameAttr="cn";                             # attribute for RT user 
name
$LdapMailAttr="mail";                           # attribute for RT email 
addy
$LdapFilter="(objectclass=user)";               # filter LDAP entries 
(e.g., only people)
$LdapMailBase="cn=Users,cn=<domain>,cn=com";      # set email entries 
$LdapMailFilter="(objectclass=user)";           # filter LDAP entries 
(e.g., only people)
$LdapMailScope="sub";                           # 
$LdapMap = {                            # map LDAP attributes to RT3
    'RT user paramater'   => 'LDAP entry',
    'Name'                => $RT::LdapUidAttr,
    'EmailAddress'        => 'mail',
    'RealName'            => 'cn',
};


--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
eric.valor at daimlerchrysler.com
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536

: This Space Intentionally Left Blank :
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060418/7313e393/attachment.htm>

More information about the rt-users mailing list