[rt-users] LDAP Auth to Novell eDirectory (working... kinda)
Tim Wilson
twilson at buffalo.k12.mn.us
Fri Sep 22 13:38:06 EDT 2006
Hi all,
Anyone using LDAP Auth for RT with Novell eDirectory?
I've been working through the LDAP documentation at the wiki
(http://wiki.bestpractical.com/index.cgi?LDAP) and I've got things
mostly working with RT 3.6.1 and Novell eDirectory 8.7.x. I can log in
to RT and everything seems to work fine except that every time I log in,
eDirectory decrements my grace login total. Once I'm down to zero I
can't log in to RT until I go into eDirectory (via ConsoleOne in my
case) and give myself some more grace logins.
When I look at the eDirectory log I find a socket error (-5871) every
time RT sends a search request. RT does a number of LDAP searches for
every log in attempt. The odd thing is that I don't get an actual NDS
error until RT tries to use the LDAP filter settings that are included
in RT_SiteConfig. For example:
filter: "(cn=twilson)" isn't a problem. Neither is filter:
"(mail=twilson at mycompany.com)". After those two searches RT tries
one that looks like this:
filter: "(&(cn=twilson)(objectclass=person))"
That one produces an "NDS error: bad password (-222)". Presumably
that's when the grace login count gets decremented. The next time I try
to log in it fails and the eDirectory log shows "NDS error: password
expired (-223)".
I've disabled the grace login feature for now, but that's not an
effective long-term solution.
I'd love to hear some suggestions.
-Tim
--
Tim Wilson, Director of Technology
Buffalo-Hanover-Montrose Schools
214 1st Ave NE Buffalo, MN 55313
ph: 763.682.8740 fax: 763.682.8743 http://www.buffalo.k12.mn.us
More information about the rt-users
mailing list