<div>filter is your LDAP query string to determine if a particular CN is a user. If you are connecting to an AD it would be (&(objectCategory=User) (Object Class=Person))</div>
<div> </div>
<div>d_filter is your LDAP query to determine disabled users. If you are connecting to an AD it would be a bitmask like so (userAccountControl:1.2.840.113556.1.4.803:=2)</div>
<div> </div>
<div>group is your LDAP CN that all your RT users would be a part of. This should be the full CN</div>
<div> </div>
<div>group_attr is the attribute of the user CN that determines what groups they are in. In AD this would be member</div>
<div> </div>
<div> </div>
<div>One thing I would test is getting an LDAP browser and connecting using the same info you are attempting to connect with in RT, verify the user you are using works...</div>
<div> </div>
<div>Then troubleshoot from there..</div>
<div> </div>
<div>Good luck!</div>
<div>Mike.<br><br></div>
<div class="gmail_quote">On Mon, Aug 2, 2010 at 8:08 AM, Anthony BRODARD <span dir="ltr"><<a href="mailto:brodard.anthony@gmail.com">brodard.anthony@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">And here, another logs generate with debug:
<div><br></div>
<div><br></div>
<div>
<div>[Mon Aug 2 12:05:00 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to <a href="http://ldap.blanked.fr/" target="_blank">ldap.blanked.fr</a> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)</div>
<div>[Mon Aug 2 12:05:00 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)</div>
<div>[Mon Aug 2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)</div>
<div>[Mon Aug 2 12:05:01 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)</div>
<div>[Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)</div>
<div>[Mon Aug 2 12:05:01 2010] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)</div>
<div>[Mon Aug 2 12:05:01 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)</div>
<div>[Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/<a href="http://webmux.pl:168/" target="_blank">webmux.pl:168</a>)</div>
<div>[Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)</div>
<div>[Mon Aug 2 12:05:01 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)</div>
<div>[Mon Aug 2 12:05:01 2010] [debug]: UserExists params:</div>
<div>username: anthony.brodard , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)</div>
<div>[Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/<a href="http://webmux.pl:168/" target="_blank">webmux.pl:168</a>)</div>
<div><br></div><br>
<div class="gmail_quote">
<div>
<div></div>
<div class="h5">2010/7/29 Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a>></span><br></div></div>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>
<div></div>
<div class="h5">
<div>make sure you reply to the list, very important to share all this so others can learn.</div>
<div> </div>
<div>The only thing I could think of is your LDAP settings are incorrect somewhere.</div>
<div> </div>
<div>Some things I found when I was setting things up</div>
<div> </div>
<div> </div>
<div>1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local</div>
<div>2. filter and d_filter have to have valid settings</div>
<div>3. Group/Group_Attr had to have settings.</div>
<div> </div>
<div>I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP.</div>
<div> </div>
<div>HTH</div>
<div>Mike.<font color="#888888"><br><br></font></div>
<div>
<div></div>
<div>
<div class="gmail_quote">On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD <span dir="ltr"><<a href="mailto:brodard.anthony@gmail.com" target="_blank">brodard.anthony@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">TLS argument is already sets to 1.
<div><br></div>
<div>I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem.<br>
<div><br></div>
<div><br><br>
<div class="gmail_quote">2010/7/29 Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a>></span>
<div><br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>Oops, looking at it again, i was looking at the mysql config part, not ldap.</div>
<div> </div>
<div>i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm).</div>
<div> </div>
<div>You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1.</div>
<div> </div>
<div>restart apache and give it a shot.</div>
<div> </div>
<div>Good luck!</div>
<div>Mike.<font color="#888888"><br><br></font></div>
<div>
<div></div>
<div>
<div class="gmail_quote">On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson <span dir="ltr"><<a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm</div>
<div> </div>
<div>It shows you how to set the port you are connecting on.</div>
<div> </div>
<div>Set that to the port your LDAP server is listening to.</div>
<div> </div>
<div>Good luck</div>
<div>MIke.<font color="#888888"><br></font></div>
<div>
<div></div>
<div>
<div class="gmail_quote"><br></div></div></div></blockquote></div></div></div></blockquote></div></div><br></div></div></blockquote></div><br><br clear="all"><br></div></div>
<div>
<div></div>
<div>-- <br>Mike Johnson<br>Datatel Programmer/Analyst<br>Northern Ontario School of Medicine<br>955 Oliver Road<br>Thunder Bay, ON P7B 5E1<br>Phone: (807) 766-7331<br>Email: <a href="mailto:mike.johnson@nosm.ca" target="_blank">mike.johnson@nosm.ca</a><br>
</div></div><br><br></div></div>
<div class="im">Discover RT's hidden secrets with RT Essentials from O'Reilly Media.<br>Buy a copy at <a href="http://rtbook.bestpractical.com/" target="_blank">http://rtbook.bestpractical.com</a><br></div></blockquote>
</div><br></div></blockquote></div><br><br clear="all"><br>-- <br>Mike Johnson<br>Datatel Programmer/Analyst<br>Northern Ontario School of Medicine<br>955 Oliver Road<br>Thunder Bay, ON P7B 5E1<br>Phone: (807) 766-7331<br>
Email: <a href="mailto:mike.johnson@nosm.ca">mike.johnson@nosm.ca</a><br>