<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
How can I set anything in UserObj (see previous message) if the code
snippet below (User_Overlay.pm) does not allow that ?<br>
sub _Set {<br>
...<br>
if ( ($self->Id == $RT::SystemUser->Id ) || <br>
($self->Id == $RT::Nobody->Id)) {<br>
return ( 0, $self->loc("Can not modify system users") );<br>
}<br>
...<br>
}<br>
And if this cannot be set, then the LDAP filter will not be created
successfully since sAMAccountName value will be missing.<br>
I wonder why some of you got the auto creation working.<br>
To prove my theory, I commented out the lines above and the SetName
operation worked fine.<br>
I think I am missing something, but can't figure out what.<br>
Please help me understand how you got the auto creation working.<br>
<br>
Thanks,<br>
Dário<br>
<br>
<br>
Dario Luis Coneglian Oliveros wrote:
<blockquote cite="mid44C127E6.50808@cpqd.com.br" type="cite">
<meta http-equiv="Context-Type"
content="text/html; charset=ISO-8859-1">
<title></title>
I noticed the user name is not being set in Auth callback.<br>
<pre> my $UserObj = RT::User->new($RT::SystemUser);
my ($val, $msg) = $UserObj->SetName($user);</pre>
When printing $msg from above, I get 'Can not modify system users'.<br>
Any clues ?<br>
<br>
Dario Luis Coneglian Oliveros wrote:
<blockquote cite="mid44C120DA.6020706@cpqd.com.br" type="cite">
<title></title>
I finally got it working !!! It was configuration data issues (cn, ou,
...). Thanks to everyone !!!<br>
To solve that, I installed Softerra Ldap Browser to get the correct
LDAP settings and also to do some LDAP searchs. Special thanks to
Joachim and Helmuth.<br>
Now everything looks fine, except for the user auto creation.<br>
When trying to login with a LDAP user who does not exist in RT database
yet, the user authentication fails. Somehow the LDAP filter got messed
up and the sAMAccountName is not filled. Starting from the Auth
callback, the IsPassword method is called and it does, the filter gets
created before LDAP search.<br>
<br>
autohandler/Auth callback:<br>
<pre>unless ($session{'CurrentUser'}) {
if (defined ($user) && defined ($pass) ) {
$session{'CurrentUser'} = RT::CurrentUser->new();
$session{'CurrentUser'}->Load($user);
unless ($session{'CurrentUser'}->Id) {
// IT GETS HERE IF USER DOES NOT EXIST IN RT DB
my $UserObj = RT::User->new($RT::SystemUser);
my ($val, $msg) = $UserObj->SetName($user);
if ($UserObj->IsPassword($pass)) { // CALL IsPassword in User_Local.pm
...
</pre>
User_Local.pm<br>
<pre>sub IsLDAPPassword {
...
my $filter_string = '(&(' . $RT::LdapAttrMap->{'Name'} . '=' .
$self->Name . ')' . $ldap_filter . ')';
// filter_string = (&(sAMAccountName=)(objectclass=user))</pre>
...<br>
}<br>
<br>
Not sure why sAMAccountName is empty. If I create the same user locally
in RT and log in again, the LDAP authentication will be OK.<br>
Any help will be appreciated.<br>
<br>
Regards,<br>
Dário<br>
<br>
<br>
Helmuth Ramirez wrote:
<blockquote
cite="mid7314881427FC8A4081673E8CEEA79249022602E6@EXMIAMI01.compupay.com"
type="cite">
<pre>One thing that got me (due to my COMPLETE LAMP newness) was installing the Net::LDAP module. The other thing I did differently was my objectclass=user not PosixAccount
-----Original Message-----
From: Dario Luis Coneglian Oliveros [<a
href="mailto:oliveros@cpqd.com.br">mailto:oliveros@cpqd.com.br</a>]
Sent: Thursday, July 20, 2006 2:13 PM
To: Helmuth Ramirez
Cc: <a href="mailto:rt-users@lists.bestpractical.com">rt-users@lists.bestpractical.com</a>
Subject: Re: [rt-users] Question about LdapOverlay and Windows Active Directory
Hi Helmuth,
That's the one I looked at, but even though I could not get it working.
Whenever I try to login, I got the following error:
RT::User::IsLDAPPassword search for
(&(sAMAccountName=oliveros)(objectclass=posixAccount)) failed:
LDAP_REFERRAL 10 (/l/disk0/tools/rt/local/lib/RT/User_Local.pm:177
I am not sure whether it's just a configuration problem or not.
Do you happen to know what this error means ?
FYI the only step I did not follow in the "New Installs" section of
<a href="http://wiki.bestpractical.com/?LDAP">http://wiki.bestpractical.com/?LDAP</a> was #4, which is optional.
Thanks,
Dário
Helmuth Ramirez wrote:
</pre>
<blockquote type="cite">
<pre>There were two ways of doing it in the Wiki...one I failed miserably with, the one that worked for me was this one:
<a href="http://wiki.bestpractical.com/?LDAP">http://wiki.bestpractical.com/?LDAP</a>
-----Original Message-----
From: <a href="mailto:rt-users-bounces@lists.bestpractical.com">rt-users-bounces@lists.bestpractical.com</a> [<a
href="mailto:rt-users-bounces@lists.bestpractical.com">mailto:rt-users-bounces@lists.bestpractical.com</a>] On Behalf Of Dario Luis Coneglian Oliveros
Sent: Thursday, July 20, 2006 1:41 PM
To: <a href="mailto:rt-users@lists.bestpractical.com">rt-users@lists.bestpractical.com</a>
Subject: [rt-users] Question about LdapOverlay and Windows Active Directory
Hi there,
Has anyone gotten the LdapOverlay working with Windows Active Directory ?
Basically I would like to authenticate user against Windows AD without
doing it thru Apache.
I followed the steps in the section LDAP at RT Wiki, but couldn't get it
working yet.
Any tips, suggestions or working samples will be appreciated.
Thanks,
Dário
_______________________________________________
<a
href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</a>
Community help: <a href="http://wiki.bestpractical.com">http://wiki.bestpractical.com</a>
Commercial support: <a href="mailto:sales@bestpractical.com">sales@bestpractical.com</a>
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at <a href="http://rtbook.bestpractical.com">http://rtbook.bestpractical.com</a>
We're hiring! Come hack Perl for Best Practical: <a
href="http://bestpractical.com/about/jobs.html">http://bestpractical.com/about/jobs.html</a>
</pre>
</blockquote>
<pre> </pre>
</blockquote>
<br>
<pre>
_______________________________________________
<a
href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</a>
Community help: <a href="http://wiki.bestpractical.com">http://wiki.bestpractical.com</a>
Commercial support: <a href="mailto:sales@bestpractical.com">sales@bestpractical.com</a>
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at <a href="http://rtbook.bestpractical.com">http://rtbook.bestpractical.com</a>
We're hiring! Come hack Perl for Best Practical: <a
href="http://bestpractical.com/about/jobs.html">http://bestpractical.com/about/jobs.html</a></pre>
</blockquote>
<br>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
<a class="moz-txt-link-freetext" href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</a>
Community help: <a class="moz-txt-link-freetext" href="http://wiki.bestpractical.com">http://wiki.bestpractical.com</a>
Commercial support: <a class="moz-txt-link-abbreviated" href="mailto:sales@bestpractical.com">sales@bestpractical.com</a>
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at <a class="moz-txt-link-freetext" href="http://rtbook.bestpractical.com">http://rtbook.bestpractical.com</a>
We're hiring! Come hack Perl for Best Practical: <a class="moz-txt-link-freetext" href="http://bestpractical.com/about/jobs.html">http://bestpractical.com/about/jobs.html</a></pre>
</blockquote>
<br>
</body>
</html>