<div>I found another guide that outlines how to setup ExternalAuth for AD on the wiki</div>
<div> </div>
<div><a href="http://wiki.bestpractical.com/view/CentOS5InstallPlusSome">http://wiki.bestpractical.com/view/CentOS5InstallPlusSome</a></div>
<div> </div>
<div>Others following this thread might find it useful...</div>
<div> </div>
<div>I did learn that you're looking for the full cn/ou path for your user, not just a username...(I forgot that's how LDAP finds users)....</div>
<div> </div>
<div>Haris you might want to check that in your config... didn't help me *shrug* but might help you.</div>
<div> </div>
<div>Thanks!</div>
<div>Mike.</div>
<div> </div>
<div><br><br> </div>
<div class="gmail_quote">On Fri, Jul 23, 2010 at 9:18 AM, Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca">mike.johnson@nosm.ca</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>Hi Haris,</div>
<div> </div>
<div>No go yet.</div>
<div> </div>
<div>Kenneth did send some info for me to check out, perhaps it may help you...</div>
<div> </div>
<div>**Kenneth's email cut/pasted**</div>
<div>
<div></div>
<div class="h5">
<div>Mike,</div>
<div>First off, check to see how you've set $WebExternalAuto. I'm not sure how that would affect LDAP if it was turned on.</div>
<div>Second, I'll assume you've set your "Plugins" appropriately to include "RT::Authen::ExternalAuth".</div>
<div>Thirdly, you have to make sure certain LDAP parameters are consistent (ie. if you're using TLS, etc.).</div>
<div>Below is what we use for our list of parameters:</div>
<div><br>Set($ExternalAuthPriority, [ 'My_LDAP' ] );<br>Set($ExternalInfoPriority, [ 'My_LDAP' ] );<br>Set($ExternalServiceUsesSSLorTLS, 1);<br>Set($AutoCreateNonExternalUsers, 0);</div>
<div><br>Set(<br> $ExternalSettings,<br> {<br> 'My_LDAP' =><br> {<br> ‘type’ => 'ldap',<br> ‘server’ => '<a href="http://ldap.lbl.gov/" target="_blank">ldap.lbl.gov</a>’,<br>
‘user’ => ‘’,<br> ‘pass’ => ‘’,<br> ‘base’ => 'ou=People,o=name of our company,c=US’,<br> ‘filter’ => '(&(status that equals active)(|(dicision code)))’,<br>
‘d_filter’ => '(!(|(lblEmpStat=Staff)(lblEmpStat=Guest)))',<br> ‘tls’ => 1,<br> ‘net_ldap_args’ => [ version => 3],<br> ‘attr_match_list’ => ['Name',<br>
'EmailAddress',<br> 'RealName',<br> 'uid'<br> ],<br>
‘attr_map’ => {'Name' => 'uid',<br> 'EmailAddress' => 'mail',<br> 'Organization' => ‘o’,<br>
'RealName' => 'cn',<br> 'ExternalAuthId' => 'uid',<br> 'Gecos' => 'uid',<br>
'WorkPhone' => 'telephonenumber',<br> 'Address1' => 'lblmailstop',<br>
'Address2' => 'postaladdress’<br> }<br> }<br> }<br> );<br>1;</div>
<div><br>I don't think the attr_map would affect this, but your match list could.</div>
<div>Anyway, check it all out cause if there are any inconsistencies (like TLS being used and on), it will fail.</div>
<div>Hope this helps.</div>
<div>Kenn<br>LBNL</div>
<div> </div></div></div>
<div>*** end cut/paste**<br><br></div>
<div>
<div></div>
<div class="h5">
<div class="gmail_quote">On Thu, Jul 22, 2010 at 7:23 PM, M.F.Haris <span dir="ltr"><<a href="mailto:mfharis@gmail.com" target="_blank">mfharis@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div dir="ltr">hi Mike,
<div>I am also facing the same problem and i have checked my configuration over and over, also compared with some available on internet.</div>
<div>in my case i didn't enter any attribute with blank value like 'group' attribute in your case. but rest of the things are similar to what i have entered.</div>
<div><br></div>
<div>I get a message 'Failed to Login with user (myuser) ... '</div>
<div><br></div>
<div>do you get the same error message? please share your experience if you are able to solve this crap.</div>
<div><br></div>
<div>thanks<br clear="all"><font color="#888888">
<div dir="ltr"><font style="FONT-FAMILY: trebuchet ms,sans-serif" size="2">Haris </font><br style="FONT-FAMILY: trebuchet ms,sans-serif"></div><br><br></font>
<div class="gmail_quote">
<div>On Thu, Jul 22, 2010 at 3:59 PM, Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a>></span> wrote:<br></div>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>
<div></div>
<div>
<div>Hi everyone,</div>
<div> </div>
<div>Where do I start debugging my setup??</div>
<div> </div>
<div>I have CentOS5.5, RT3.8.8, ExternalAuth 0.8 attempting to connect to an Active Drectory LDAP.</div>
<div> </div>
<div>Everything loads fine(I get no errors from my config files). I've loaded the ExternalAuth plugin, but when I attempt to login to the UI with an LDAP user, I get an invalid user/pass. The only error/logging I can find anywhere is in syslog and that just tells me the same thing... </div>
<div> </div>
<div>I'm connecting to an Active Directory server, and with some googling/rt-users searching I found the following settings to use.</div>
<div> </div>
<div>'filter' => '(objectCategory=User)',</div>
<div> 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',</div>
<div> </div>
<div> </div>
<div>I've left group and group_attr blank(is that allowed?) as I want all users found under my base DN to be able to use RT.</div>
<div> </div>
<div>In the attr_match_list I have name and email address only</div>
<div>In attr_map I have the sAMAccountName mail and cn mapped to their respective places in RT.</div>
<div> </div>
<div>I've tested the user/pass I'm using(our LDAP is setup to not allow anonymous unfortunately, so I have to use an account to bind.</div>
<div> </div>
<div>I can't seem to find where ExternalAuth would toss an error out for me to read if it's failling because of the arguments I've set...</div>
<div> </div>
<div>Any help would be appreciated.<br>-- <br>Mike Johnson<br>Datatel Programmer/Analyst<br>Northern Ontario School of Medicine<br>955 Oliver Road<br>Thunder Bay, ON P7B 5E1<br>Phone: (807) 766-7331<br>Email: <a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a><br>
</div><br><br></div></div>
<div>Discover RT's hidden secrets with RT Essentials from O'Reilly Media.<br>Buy a copy at <a href="http://rtbook.bestpractical.com/" target="_blank">http://rtbook.bestpractical.com</a><br></div></blockquote></div>
<br></div></div></blockquote></div><br><br clear="all"><br>-- <br>Mike Johnson<br>Datatel Programmer/Analyst<br>Northern Ontario School of Medicine<br>955 Oliver Road<br>Thunder Bay, ON P7B 5E1<br>Phone: (807) 766-7331<br>
Email: <a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a><br></div></div></blockquote></div><br><br clear="all"><br>-- <br>Mike Johnson<br>Datatel Programmer/Analyst<br>Northern Ontario School of Medicine<br>
955 Oliver Road<br>Thunder Bay, ON P7B 5E1<br>Phone: (807) 766-7331<br>Email: <a href="mailto:mike.johnson@nosm.ca">mike.johnson@nosm.ca</a><br>