[rt-users] Re: RT LDAP

Kyle Gordon kyle at lodge.glasgownet.com
Sun Oct 29 19:10:51 EST 2006 

On Thursday 26 October 2006 17:15, Jim Meyer wrote:
> On 10/23/06, Kyle Gordon <kyle at lodge.glasgownet.com> wrote:
> > Hey Jim,
> >
> > Great work on the LDAP overlay for RT :-) Ive gotten it talking to
> > eDirectory nicely now. Just two things though... :-p
> >
> > The documentation up on wiki.bestpractical.com suggests use the
> > Set($foo, 'bar') style, yet I could only get it to work with $foo='bar';
> > style directives. Dunno if this is intended or not :-)
>
> Hmm. Works for me with RT 3.5.x and 3.6.x with Set(...) syntax. What
> version of RT are you using?
>

I'm using version v3.4.4 on Ubuntu Edgy. Not quite upgrade to 3.6 yet. The 
rest of the 3.4.4 configuration directives use Set(...), so looks like an 
oddity.

> > Also, I'm trying to get it to recursively search our directory for the
> > username that is entered. This is all well and good if I give it an OU to
> > search in along with the organisation. However, if I leave the OU out and
> > try to get it to search the entire organisation from the ground up, it
> > fails.
> >
> > Any thoughts on this? I have users from several parts of the NHS in the
> > facility here, and only about 75% of them are in the OU for the facility.
> > It makes it a little troublesome to roll out a fantastic new ticketing
> > system when some of them can't access it (although I'd prefer if they
> > couldn't log any problems at all :-)
>
> Hmmm. I'm not an LDAP expert, so I've copied this to the list in hopes
> we'll hear from one. My first instinct is to be sure the limitation
> isn't on the directory server's part (e.g. they've limited the depth
> of a search to avoid lots of full-depth searches) but that's probably
> not right.
>

The server at work doesn't have any recursion/depth limits on it, so I'm not 
sure where it's playing up. I've just tested RT on my home eDirectory setup, 
and it worked fine when the user was dropped straight into the top level of 
the organization, as well as when the the user was several OU's down the 
tree. This is all with the $LdapBase="o=glasgownet" I've tried moving the 
object at work into the top level, but it still bailed out. 

My object at work is cn=KyleG,ou=Net_Team,ou=CLIFTON,o=SCPMDE, and it'll only 
work with $LdapBase="ou=CLIFTON,o=SCPMDE", and my object at home is 
cn=kylegordon,ou=Home,ou=lodge,o=glasgownet yet it'll work with 
$LdapBase="o=glasgownet" This shows that it's probably something up with our 
eDir configuration, but I'm not sure where to start looking. Is it possible 
to get more debug output from RT or Perl?

Any thoughts would be appreciated :-)
 
> --j

Kyle
-- 
Kyle Gordon
kyle at lodge.glasgownet.com
http://lodge.glasgownet.com

More information about the rt-users mailing list