[rt-users] LDAPImport succeds with user LDAP bind but fails with group

Elliott, Kevin C (DOR) kevin.elliott at alaska.gov
Mon Aug 5 13:45:58 EDT 2013


Continuing onwards with my attempt to pull groups and their members from Active Directory into Request Tracker I've made some progress. However, I'm currently stymied - LDAPImport will successfully connect and search for users but when re-using the LDAP connection it fails to connect for the group search.

Here's the debugging information from an rtldapimport run:

Running test import, no data will be changed
Rerun command with --import to perform the import
Rerun command with --debug for more information
connecting to ldap://domaincontroller.alaska.gov
binding as CN=dor-requesttracker,OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov
searching with: base => 'OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov' control => 'Net::LDAP::Control::Paged=HASH(0x524cd80)' filter => '(&(cn = users))'
search found 0 objects
No results found, no import
Testing group import
searching with: base => 'OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov' control => 'Net::LDAP::Control::Paged=HASH(0x86973b8)' filter => '(|(CN=dor-requesttracker-admins)(CN=dor-asd-rt-staff))'
[Mon Aug  5 17:10:47 2013] [error]: LDAP search failed Can't contact LDAP server (/usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:1237)
LDAP search failed Can't contact LDAP server
search found 0 objects
No results found, no group import
Finished test


Looking at the perl for LDAPImport.pm shows me that the _run_search method is generating the "LDAP search failed" part of the debugging output. I'm assuming this means that Net::LDAP is generating the "Can't contact LDAP server" from $result->code. I feel this hypothesis is further supported by the fact that a 'grep "contact" LDAPImport.pm' turn up nothing. It looks like Net:LDAP just gets the base and filter and off it goes. I've confirmed that my filter works with ldapsearch.

I there something different I need to do get a successful LDAP bind when looking performing the group import?



---
Kevin Elliott
Networking Specialist II
Alaska Department of Revenue, ASD-IT
(907) 465-2314

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130805/d6bba944/attachment.htm>


More information about the rt-users mailing list