[rt-users] Active Directory Authentication Issue
Kevin Falcone
falcone at bestpractical.com
Tue Feb 8 16:32:06 EST 2011
On Tue, Feb 08, 2011 at 01:20:43AM -0800, Dragan wrote:
> Hi everyone, I'm having problem to set the authentication to work with active directory. I'm
> using domain administrator user for binding the AD. This is the error from syslog
>
> [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_INVALID_CREDENTIALS 49 (/usr/local/lib/rt3/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
>
> and this is from ldapsearch tool:
>
> ldapsearch -h example -b "cn=some user, ou=Users, dc=example,dc=com,dc=mk" -D "admin,
> dc=example=com,dc=mk" -w "password"
>
> ldap_bind: Invalid credentials (49)
> additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error,
> data 525, vece
>
> it is obviously something to do with username and password. My question is do I need special
> user for binding the active directory? or it is some mismatch in the config. Thanks
I'd be looking at your ldap server error logs to figure out the format
it wants
-kevin
> This is the config from RT_SiteConfig.pm
>
> Set( @Plugins, qw(RT::Authen::ExternalAuth) );
>
> Set($ExternalAuthPriority, [ 'My_LDAP', ]
> );
> Set($ExternalInfoPriority, [ 'My_LDAP' ]
> );
>
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 0);
> Set($ExternalSettings, {
>
> 'My_LDAP' => {
> 'type' => 'ldap',
> 'auth' => 1,
> 'server' => 'example',
> 'user' => 'user',
> 'pass' => 'password',
> 'base' =>
> 'ou=Users,Groups,DC=unibank,DC=com,DC=mk',
> 'net_ldap_args' => [ version => 3 ],
> 'ssl_version' => 3,
> 'filter' => '(objectClass=*)',
> # 'filter' => '(sAMAccountName=%u)',
> 'd_filter' =>
> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
> # 'd_filter' => '(&(objectCategory=person)(objectClass=user))',
> 'attr_match_list' => [
> 'Name',
> 'EmailAddress',
> 'RealName',
> # 'WorkPhone',
> # 'Address2'
> ],
> 'attr_map' => { 'Name' =>
> 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> 'Organization' => 'physicalDeliveryOfficeName',
> }
> },
> }
> );
>
>
>
> ----------------------------------------------------------------------------------------------
>
> ---
> http://mail.secureroot.com/ - free mailbox for hackers and geeks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110208/f0fed2d9/attachment.sig>
More information about the rt-users
mailing list