Hi Mike!<div><br></div><div>Thanks for your replies.</div><div>After i had try what you said in your last mail, i've decide to reinstall a new clean RT, and test only the external authentication plugin.</div><div><br></div>
<div>So, this is a part of my new RT_SiteConfig, with your last recommendations:</div><div><br></div><div><br></div><div><div>Set( @Plugins, qw(RT::Authen::ExternalAuth) );</div><div><br></div><div>Set($ExternalAuthPriority, ['My_LDAP']);</div>
<div>Set($ExternalInfoPriority, ['My_LDAP']);</div><div>Set($ExternalServiceUsesSSLorTLS, 1);</div><div>Set($AutoCreateNonExternalUsers, 0);</div><div>Set($ExternalSettings, { 'My_LDAP' => {</div>
<div> 'type' => 'ldap',</div><div> 'server' => 'ldap.mydomain',</div><div> 'user' => 'cn=auth,o=others,dc=blanked,dc=fr',</div><div> 'pass' => 'xxxxx',</div>
<div> 'base' => 'dc=blanked,dc=fr',</div><div> 'filter' => '(uid=*)',</div><div> 'd_filter' => 'objectClass=Nothing',</div><div> 'tls' => 1,</div>
<div> 'ssl_version' => 3,</div><div> 'net_ldap_args' => [ version => 3 ],</div><div># 'group' =></div><div># 'group_attr' =></div><div> 'attr_match_list' => ['Name'],</div>
<div> 'attr_map' => { 'Name' => 'uid'},</div><div> }</div><div>});</div><div><br></div><div>And in my error-rt.log:</div><div><br></div><div><div>[Mon Aug 2 09:26:09 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to <a href="http://ldap.blank.fr">ldap.blank.fr</a> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)</div>
<div>[Mon Aug 2 09:26:09 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)</div></div><div><br></div><div>I don't understand how to sets the fields "d_filter", "group", "group_attr".</div>
<div><br></div><div>Thanks</div><div><br></div><div>Anthony BRODARD</div><div><br></div><br><div class="gmail_quote">2010/7/29 Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca">mike.johnson@nosm.ca</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div>make sure you reply to the list, very important to share all this so others can learn.</div>
<div> </div>
<div>The only thing I could think of is your LDAP settings are incorrect somewhere.</div>
<div> </div>
<div>Some things I found when I was setting things up</div>
<div> </div>
<div> </div>
<div>1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local</div>
<div>2. filter and d_filter have to have valid settings</div>
<div>3. Group/Group_Attr had to have settings.</div>
<div> </div>
<div>I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP.</div>
<div> </div>
<div>HTH</div>
<div>Mike.<font color="#888888"><br><br></font></div><div><div></div><div class="h5">
<div class="gmail_quote">On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD <span dir="ltr"><<a href="mailto:brodard.anthony@gmail.com" target="_blank">brodard.anthony@gmail.com</a>></span> wrote:<br>
<blockquote style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" class="gmail_quote">TLS argument is already sets to 1.
<div><br></div>
<div>I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem.<br>
<div><br></div>
<div><br><br>
<div class="gmail_quote">2010/7/29 Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a>></span>
<div><br>
<blockquote style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" class="gmail_quote">
<div>Oops, looking at it again, i was looking at the mysql config part, not ldap.</div>
<div> </div>
<div>i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm).</div>
<div> </div>
<div>You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1.</div>
<div> </div>
<div>restart apache and give it a shot.</div>
<div> </div>
<div>Good luck!</div>
<div>Mike.<font color="#888888"><br><br></font></div>
<div>
<div></div>
<div>
<div class="gmail_quote">On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a>></span> wrote:<br>
<blockquote style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" class="gmail_quote">
<div>If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm</div>
<div> </div>
<div>It shows you how to set the port you are connecting on.</div>
<div> </div>
<div>Set that to the port your LDAP server is listening to.</div>
<div> </div>
<div>Good luck</div>
<div>MIke.<font color="#888888"><br></font></div>
<div>
<div></div>
<div>
<div class="gmail_quote"><br></div></div></div></blockquote></div></div></div></blockquote></div></div><br></div></div></blockquote></div><br><br clear="all"><br></div></div><div><div></div><div class="h5">-- <br>Mike Johnson<br>
Datatel Programmer/Analyst<br>Northern Ontario School of Medicine<br>
955 Oliver Road<br>Thunder Bay, ON P7B 5E1<br>Phone: (807) 766-7331<br>Email: <a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a><br>
</div></div><br><br>
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.<br>
Buy a copy at <a href="http://rtbook.bestpractical.com" target="_blank">http://rtbook.bestpractical.com</a><br></blockquote></div><br></div>