[rt-users] RT 4.4.1 LDAP Authentication issue.

Claude EDUMA claudeduma at gmail.com
Fri Dec 9 09:05:04 EST 2016 

Hi,

Sorry, i used the shredder to remove all user from RT user's DB an now it's
work fine.

Thank you everyone for your help.


Regards,

2016-12-09 14:56 GMT+01:00 Martin Wheldon <
martin.wheldon at greenhills-it.co.uk>:

> Hi,
>
> Sorry, please disregard my last response, the user account has been found.
> Could you post the RT logs please?
>
> Best Regards
>
> Martin
>
>
> On 2016-12-09 13:44, Martin Wheldon wrote:
>
>> Hi,
>>
>> Looks like a ldap acl issue, is your ldap search user able to access
>> the users mail attribute?
>>
>> Best Regards
>>
>> Martin
>>
>> On 2016-12-09 13:37, Claude EDUMA wrote:
>>
>>> LDAP logs show that user is retreive, but not bind.
>>>
>>> -----
>>>
>>> SRCH base="o=corp.mycorp.com [2]" scope=2
>>> filter="(&(objectClass=privperson)(mail=claude.eduma at ext.mycorp.com))"
>>> attrs="cn mail mail"
>>> [09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
>>> tag=101 nentries=1 etime=0
>>>
>>> ----
>>>
>>> Regards.
>>>
>>> 2016-12-09 14:21 GMT+01:00 Claude EDUMA <claudeduma at gmail.com>:
>>>
>>> Well,
>>>>
>>>> I will try to use user mail for authentication.
>>>>
>>>> here is conf i tested without success :(
>>>>
>>>> -----
>>>>
>>>> Set($ExternalSettings, {
>>>> 'My_LDAP'       =>  {
>>>> 'type'             =>  'ldap',
>>>> 'server'           =>
>>>> 'ldap://ypmycorpldap.corp.mycorp.com [1]',
>>>> 'user'             =>
>>>> 'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com
>>>> [2]',
>>>> 'pass'             =>
>>>> 'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
>>>> 'base'             =>  'o=corp.mycorp.com [2]',
>>>> 'filter'           =>  '(objectClass=person)',
>>>> 'tls'              => { verify => "require", cafile =>
>>>> "/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
>>>> 'net_ldap_args'    => [    version =>  3, debug => 8
>>>> ],
>>>> 'attr_match_list'  => [
>>>> 'Name' ,
>>>> 'EmailAddress',
>>>> ],
>>>> # Import the following properties of the user from LDAP
>>>> upon
>>>> # login
>>>> 'attr_map' => {
>>>> 'Name'         => 'mail',
>>>> 'EmailAddress' => 'mail',
>>>> 'RealName'     => 'cn',
>>>> }
>>>> },
>>>> }
>>>> );
>>>>
>>>> ---
>>>>
>>>> Regards
>>>>
>>>> 2016-12-09 13:59 GMT+01:00 Martin Wheldon
>>>> <martin.wheldon at greenhills-it.co.uk>:
>>>> Hi,
>>>>
>>>> You could either use another unique attribute i.e mail or add
>>>> another uid to each RT user prefixed by a letter.
>>>>
>>>> dn: uid=123456,dc=my,dc=domain
>>>> uid: 123456
>>>> uid: x123456
>>>>
>>>> Best Regards
>>>>
>>>> Martin
>>>>
>>>> On 2016-12-09 12:49, Joop wrote:
>>>> On 9-12-2016 13:38, Claude EDUMA wrote:
>>>> Hi Joop,
>>>>
>>>> Thank you for your quick answer.
>>>> We have tested with non numerical username and result is OK.
>>>> Well in my organisation we use ldap uid for username. Any suggestion
>>>> to resolve this issue ?
>>>>
>>>> Please keep the list in the loop.
>>>>
>>>> I think the problem is in the function(s) which load the user info.
>>>> These functions take a name OR an id and then load the corresponding
>>>> info. When  usernames are IDs that doesn't work any more. Other than
>>>> patching all functions which use this I don't see another solution
>>>> than
>>>> to change the use of uid as a username, sorry.
>>>>
>>>> Joop
>>>>
>>>> ---------
>>>> RT 4.4 and RTIR training sessions, and a new workshop day!
>>>> https://bestpractical.com/training [3]
>>>> * Los Angeles - January 9-11 2017
>>>>
>>>  ---------
>>> RT 4.4 and RTIR training sessions, and a new workshop day!
>>> https://bestpractical.com/training [3]
>>> * Los Angeles - January 9-11 2017
>>>
>>>
>>>
>>> Links:
>>> ------
>>> [1] http://ypmycorpldap.corp.mycorp.com
>>> [2] http://corp.mycorp.com
>>> [3] https://bestpractical.com/training
>>>
>> ---------
>> RT 4.4 and RTIR training sessions, and a new workshop day!
>> https://bestpractical.com/training
>> * Los Angeles - January 9-11 2017
>>
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Los Angeles - January 9-11 2017
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20161209/9854ef5c/attachment.htm>

More information about the rt-users mailing list