Mike,<br><br>First off, check to see how you've set $WebExternalAuto. I'm not sure how that would affect LDAP if it was turned on.<br><br>Second, I'll assume you've set your "Plugins" appropriately to include "RT::Authen::ExternalAuth".<br>
<br>Thirdly, you have to make sure certain LDAP parameters are consistent (ie. if you're using TLS, etc.).<br><br>Below is what we use for our list of parameters:<br><br><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CKFCROC%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<p class="MsoNormal"><b style="">Set($ExternalAuthPriority,<span style=""> </span>[ 'My_LDAP' ] );</b></p>
<p class="MsoNormal"><b style="">Set($ExternalInfoPriority,<span style=""> </span>[ 'My_LDAP' ] );</b></p>
<p class="MsoNormal"><b style="">Set($ExternalServiceUsesSSLorTLS,
1);</b></p>
<p class="MsoNormal"><b style="">Set($AutoCreateNonExternalUsers,
0);</b></p><p class="MsoNormal"><br></p><p class="MsoNormal"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CKFCROC%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
</p><p class="MsoNormal"><b style="">Set(</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>$ExternalSettings,</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>{</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>'My_LDAP' =></b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>{</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘type’<span style=""> </span><span style=""> </span>=> 'ldap',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span>‘server’<span style="">
</span>=> '<a href="http://ldap.lbl.gov">ldap.lbl.gov</a>’,</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘user’<span style=""> </span>=><span style="">
</span>‘’,</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘pass’ <span style=""> </span>=><span style="">
</span>‘’,</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘base’<span style=""> </span><span style=""> </span>=> 'ou=People,o=name of our company,c=US’,</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘filter’<span style=""> </span><span style=""> </span>=>
'(&(status that equals active)(|(dicision code)))’,</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘d_filter’<span style=""> </span>=> '(!(|(lblEmpStat=Staff)(lblEmpStat=Guest)))',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘tls’<span style=""> </span><span style=""> </span>=> 1,</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘net_ldap_args’<span style=""> </span><span style=""> </span>=>
[ version => 3],</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘attr_match_list’ <span style=""> </span>=> ['Name',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span>'EmailAddress',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span><span style=""> </span><span style=""> </span>'RealName',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span>'uid'</b></p>
<p class="MsoNormal"><b style=""><span style="">
</span>],</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>‘attr_map’<span style=""> </span>=><span style=""> </span>{'Name' <span style=""> </span>=> 'uid',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span><span style=""> </span><span style=""> </span><span style=""> </span>'EmailAddress' <span style=""> </span>=> 'mail',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span><span style=""> </span>'Organization'<span style=""> </span>=> ‘o’,</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span><span style=""> </span>'RealName'<span style=""> </span>=> 'cn',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span><span style=""> </span>'ExternalAuthId' <span style=""> </span>=> 'uid',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span><span style=""> </span><span style=""> </span>'Gecos' <span style=""> </span>=> 'uid',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span><span style=""> </span>'WorkPhone' <span style=""> </span>=> 'telephonenumber',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span><span style=""> </span>'Address1' <span style=""> </span>=> 'lblmailstop',</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span><span style=""> </span>'Address2'<span style=""> </span>=> 'postaladdress’</b></p>
<p class="MsoNormal"><b style=""><span style="">
</span>}</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>}</b></p>
<p class="MsoNormal"><b style=""><span style=""> </span>}</b></p>
<p class="MsoNormal" style=""><b style=""><span style=""> </span>);</b></p>
<b style=""><span style="font-size: 12pt; font-family: "Times New Roman";">1;</span></b><br><b style=""></b><p></p>
<br>I don't think the attr_map would affect this, but your match list could.<br><br>Anyway, check it all out cause if there are any inconsistencies (like TLS being <i>used</i> and <i>on</i>), it will fail.<br><br>Hope this helps.<br>
<br>Kenn<br>LBNL<br><br><br><div class="gmail_quote">On Thu, Jul 22, 2010 at 6:59 AM, Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca">mike.johnson@nosm.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div>Hi everyone,</div>
<div> </div>
<div>Where do I start debugging my setup??</div>
<div> </div>
<div>I have CentOS5.5, RT3.8.8, ExternalAuth 0.8 attempting to connect to an Active Drectory LDAP.</div>
<div> </div>
<div>Everything loads fine(I get no errors from my config files). I've loaded the ExternalAuth plugin, but when I attempt to login to the UI with an LDAP user, I get an invalid user/pass. The only error/logging I can find anywhere is in syslog and that just tells me the same thing... </div>
<div> </div>
<div>I'm connecting to an Active Directory server, and with some googling/rt-users searching I found the following settings to use.</div>
<div> </div>
<div>'filter' => '(objectCategory=User)',</div>
<div> 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',</div>
<div> </div>
<div> </div>
<div>I've left group and group_attr blank(is that allowed?) as I want all users found under my base DN to be able to use RT.</div>
<div> </div>
<div>In the attr_match_list I have name and email address only</div>
<div>In attr_map I have the sAMAccountName mail and cn mapped to their respective places in RT.</div>
<div> </div>
<div>I've tested the user/pass I'm using(our LDAP is setup to not allow anonymous unfortunately, so I have to use an account to bind.</div>
<div> </div>
<div>I can't seem to find where ExternalAuth would toss an error out for me to read if it's failling because of the arguments I've set...</div>
<div> </div>
<div>Any help would be appreciated.<br>-- <br>Mike Johnson<br>Datatel Programmer/Analyst<br>Northern Ontario School of Medicine<br>955 Oliver Road<br>Thunder Bay, ON P7B 5E1<br>Phone: (807) 766-7331<br>Email: <a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a><br>
</div>
<br><br>
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.<br>
Buy a copy at <a href="http://rtbook.bestpractical.com" target="_blank">http://rtbook.bestpractical.com</a><br></blockquote></div><br>