[rt-users] RT-Extension-LDAPImport

April Rosenberg aprilr at yelp.com
Tue Oct 18 19:33:17 EDT 2011


Good Afternoon,



I seem to be hitting my head against a problem I am having after updating to
4.0.1.  I have both LDAPImport and ExternalAuth::LDAP installed.  It seems
that I can’t import users who have blanks in some of the fields during the
import, however name and email address are not blank, so the required fields
should be filled in.  There are no errors when run
/usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/bin/rtldapimport
--debug but when I run
/usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/bin/rtldapimport
--debug --import causes the below error.  Further down is the
RT_SiteConfig.pm sections.



I have tried looking this error up, and I am able to run the query,
(&(&(ObjectCategory=User)(ObjectClass=Person)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(mail=
aprilr at yelp.com)), in the error message w/o problems.  Most other things I
have found on the internet have to do with not being able to connect to LDAP
or info not being in it.



Any help would be hugely appreciated. Thanks!



April



[Tue Oct 18 23:07:48 2011] [critical]:
RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo : Search for
(&(&(ObjectCategory=User)(ObjectClass=Person)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(mail=
aprilr at yelp.com))  failed:  LDAP_OPERATIONS_ERROR 1
(/usr/local/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:210)

[Tue Oct 18 23:07:48 2011] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: ,
Country: , Disabled: 0, EmailAddress: aprilr at yelp.com, ExternalAuthId:
aprilr, Gecos: aprilr, Name: aprilr, Organization: , Privileged: 0,
RealName: April Rosenberg, State: , WorkPhone: , Zip:
(/usr/local/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)

[Tue Oct 18 23:07:48 2011] [error]: couldn't create user_obj for aprilr:
Could not set user info
(/usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:866)

couldn't create user_obj for aprilr: Could not set user info



RT_SiteConfig.pm



Set($LDAPHost,'XXXXXX');

Set($LDAPUser, 'XXXXXX');

Set($LDAPPassword, 'XXXXXX');

Set($LDAPBase, 'XXXXXX');



Set($LDAPFilter,
'(&(ObjectCategory=User)(ObjectClass=Person)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))');

Set($LDAPDisabledFilter,
'(&(ObjectCategory=User)(ObjectClass=Person)(userAccountControl:1.2.840.113556.1.4.803:=2))');



#Attribute in RT => Attribute in LDAP

#(this has changed since version 1, which was the other way around)

Set($LDAPMapping, {Name => 'sAMAccountName',

                   EmailAddress => 'mail',

                   Organization => 'department',

                   RealName => 'cn',

                   ExternalAuthId => 'sAMAccountName',

                   Gecos => 'sAMAccountName',

                   WorkPhone => 'telephoneNumber',

                   Address1 => 'physicalDeliveryOfficeName',

                   City => 'l',

                   State => 'st',

                   Zip => 'postalCode',

                   Country => 'co'

                  });



Set($LDAPSkipAutogeneratedGroup, 1);



Set($LDAPUpdateUsers,1);



Set($ExternalSettings, {   # LDAP SERVICE

                        'My_LDAP'       =>  {

                        'type'                      =>  'ldap',

                        'server'                    =>  $LDAPHost,

                        'user'                      =>  $LDAPUser,

                        'pass'                      =>  $LDAPPass,

                        'base'                      =>  $LDAPBase,

                        # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN
PARENTHESES!

                        # YOU **MUST** SPECIFY A filter AND A d_filter!!

                        #

                        # The filter to use to match RT-Users

                        'filter'                    =>  $LDAPFilter,

                        #

                        # The filter that will only match disabled users

                        'd_filter'                  =>  $LDAPDisabledFilter,

                        #

                        'tls'                       =>  0,

                        'ssl_version'               =>  3,

                        'net_ldap_args'             => [    version =>  3
],

                        # Does authentication depend on group membership?
What group name?

                        #'group'                     =>  'cn=Domain
Users,cn=Users,dc=example,dc=com',

                        # What is the attribute for the group object that
determines membership?

                        #'group_attr'                =>  'member',

                        ## RT ATTRIBUTE MATCHING SECTION

                        # The list of RT attributes that uniquely identify a
user

                        # This example shows what you *can* specify.. I
recommend reducing this

                        # to just the Name and EmailAddress to save
encountering problems later.

                        'attr_match_list'           => [ 'EmailAddress' ],

                        # The mapping of RT attributes on to LDAP attributes

                        'attr_map'                  =>  {   'Name' =>
'sAMAccountName',

                                                            'EmailAddress'
=> 'mail',

                                                            'Organization'
=> 'department',

                                                            'RealName' =>
'cn',

                                                            'ExternalAuthId'
=> 'sAMAccountName',

                                                            'Gecos' =>
'sAMAccountName',

                                                            'WorkPhone' =>
'telephoneNumber',

                                                            'Address1' =>
'physicalDeliveryOfficeName',

                                                            'City' => 'l',

                                                            'State' => 'st',

                                                            'Zip' =>
'postalCode',

                                                        }

                       }

});
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111018/7dc64487/attachment.htm>


More information about the rt-users mailing list