[rt-users] ExternalAuth help needed

Josh Narins jnarins at seniorbridge.com
Tue Jan 11 08:49:26 EST 2011 

I have fiddled only a little with LDAP.

The error message sounds like it isn't recognizing something as a DN.

To me, your username doesn't look quite right. Is there really an LDAP server at ucsc.edu? Shouldn't it be more like DC=ldap1,DC=ucsc,DC=edu, to specify the machine name?

I'm not even very good with windows, so, I could be way off, here.




Josh Narins

Director of Application Development
SeniorBridge
845 Third Ave
7th Floor
New York, NY 10022
Tel: (212) 994-6194
Fax: (212) 994-4260
Mobile: (917) 488-6248
jnarins at seniorbridge.com
seniorbridge.com<http://www.seniorbridge.com/>

[http://www.seniorbridge.com/images/seniorbridgedisclaimerTAG.gif]


________________________________
SeniorBridge Statement of Confidentiality: The contents of this email message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. Any dissemination, distribution or copying of this email by an unintended or mistaken recipient is strictly prohibited. In said event, kindly reply to the sender and destroy all entries of this message and any attachments from your system. Thank you.
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Wes Modes
Sent: Monday, January 10, 2011 9:04 PM
To: RT Users
Subject: [rt-users] ExternalAuth help needed

I am using ExternalAuth to connect RT3.8.8 to LDAP.

Detailed documentation seems to be woefully absent, and I've scoured the web and tried the dozens of conflicting suggestions, so I'm turning to y'all.

Here's the error I get:
[Tue Jan 11 01:41:56 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)

Here's the LDAP section from my RT_Authen-ExternalAuth.pm
    'My_LDAP'       =>  {
        ## GENERIC SECTION
        # The type of service (db/ldap/cookie)
        'type'                      =>  'ldap',
        # The server hosting the service
        'server'                    =>  'dir1.library.ucsc.edu',
        ## SERVICE-SPECIFIC SECTION
        # If you can bind to your LDAP server anonymously you should
        # remove the user and pass config lines, otherwise specify them here:
        #
        # The username RT should use to connect to the LDAP server
        'user'                      =>  'cn=admin,dc=ucsc,dc=edu',
        # The password RT should use to connect to the LDAP server
        'pass'                    =>  'PASSWORD',
        #
        # The LDAP search base
        'base'                      =>  'ou=people,dc=ucsc,dc=edu',
        #
        # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
        # YOU **MUST** SPECIFY A filter AND A d_filter!!
        #
        # The filter to use to match RT-Users
        'filter'                    =>  '(objectClass=person)',
        # A catch-all example filter: '(objectClass=*)'
        #
        # The filter that will only match disabled users
        'd_filter'                  =>  '(objectClass=FooBarBaz)',
        # A catch-none example d_filter: '(objectClass=FooBarBaz)'
        #
        # Should we try to use TLS to encrypt connections?
        'tls'                       =>  0,
        # SSL Version to provide to Net::SSLeay *if* using SSL
        'ssl_version'               =>  3,
        # What other args should I pass to Net::LDAP->new($host, at args)?
        'net_ldap_args'             => [    version =>  3   ],
        # Does authentication depend on group membership? What group name?
        'group'                     =>  'staff',
        # What is the attribute for the group object that determines membership?
        'group_attr'                =>  'ou=group,dc=ucsc,dc=edu',
        ## RT ATTRIBUTE MATCHING SECTION
        # The list of RT attributes that uniquely identify a user

        # This example shows what you *can* specify.. I recommend reducing this

        # to just the Name and EmailAddress to save encountering problems later.
        'attr_match_list'           => [    'Name',
                                            'EmailAddress',
                                        ],
        # The mapping of RT attributes on to LDAP attributes
        'attr_map'                  =>  {   'Name' => 'uid',
                                            'EmailAddress' => 'mail',
                                            'RealName' => 'cn',
                                            'ExternalAuthId' => 'uid',
                                            'Gecos' => 'gecos',
                                            'WorkPhone' => 'telephoneNumber',
                                        }

    },

What more do you need to know to help me get this working?

Wes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110111/7e6d8a5d/attachment.htm>

More information about the rt-users mailing list