<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
I am using ExternalAuth to connect RT3.8.8 to LDAP.<br>
<br>
Detailed documentation seems to be woefully absent, and I've scoured
the web and tried the dozens of conflicting suggestions, so I'm
turning to y'all.<br>
<br>
Here's the error I get:<br>
<br>
<blockquote><font face="Courier New, Courier, monospace">[Tue Jan 11
01:41:56 2011] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_DN_SYNTAX 34
(/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)</font><br>
</blockquote>
<br>
Here's the LDAP section from my RT_Authen-ExternalAuth.pm <br>
<br>
<blockquote><font face="Courier New, Courier, monospace">
'My_LDAP' => { </font><br>
<font face="Courier New, Courier, monospace"> ## GENERIC
SECTION</font><br>
<font face="Courier New, Courier, monospace"> # The type of
service (db/ldap/cookie) </font><br>
<font face="Courier New, Courier, monospace">
'type' => 'ldap',</font><br>
<font face="Courier New, Courier, monospace"> # The server
hosting the service</font><br>
<font face="Courier New, Courier, monospace">
'server' => 'dir1.library.ucsc.edu',</font><br>
<font face="Courier New, Courier, monospace"> ##
SERVICE-SPECIFIC SECTION</font><br>
<font face="Courier New, Courier, monospace"> # If you can
bind to your LDAP server anonymously you should </font><br>
<font face="Courier New, Courier, monospace"> # remove the
user and pass config lines, otherwise specify them here:</font><br>
<font face="Courier New, Courier, monospace"> # </font><br>
<font face="Courier New, Courier, monospace"> # The
username RT should use to connect to the LDAP server </font><br>
<font face="Courier New, Courier, monospace">
'user' => 'cn=admin,dc=ucsc,dc=edu',</font><br>
<font face="Courier New, Courier, monospace"> # The
password RT should use to connect to the LDAP server</font><br>
<font face="Courier New, Courier, monospace">
'pass' => 'PASSWORD',</font><br>
<font face="Courier New, Courier, monospace"> #</font><br>
<font face="Courier New, Courier, monospace"> # The LDAP
search base</font><br>
<font face="Courier New, Courier, monospace">
'base' => 'ou=people,dc=ucsc,dc=edu',</font><br>
<font face="Courier New, Courier, monospace"> #</font><br>
<font face="Courier New, Courier, monospace"> # ALL FILTERS
MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!</font><br>
<font face="Courier New, Courier, monospace"> # YOU
**MUST** SPECIFY A filter AND A d_filter!!</font><br>
<font face="Courier New, Courier, monospace"> #</font><br>
<font face="Courier New, Courier, monospace"> # The filter
to use to match RT-Users</font><br>
<font face="Courier New, Courier, monospace">
'filter' => '(objectClass=person)',</font><br>
<font face="Courier New, Courier, monospace"> # A catch-all
example filter: '(objectClass=*)'</font><br>
<font face="Courier New, Courier, monospace"> #</font><br>
<font face="Courier New, Courier, monospace"> # The filter
that will only match disabled users</font><br>
<font face="Courier New, Courier, monospace">
'd_filter' => '(objectClass=FooBarBaz)',</font><br>
<font face="Courier New, Courier, monospace"> # A
catch-none example d_filter: '(objectClass=FooBarBaz)'</font><br>
<font face="Courier New, Courier, monospace"> #</font><br>
<font face="Courier New, Courier, monospace"> # Should we
try to use TLS to encrypt connections?</font><br>
<font face="Courier New, Courier, monospace">
'tls' => 0,</font><br>
<font face="Courier New, Courier, monospace"> # SSL Version
to provide to Net::SSLeay *if* using SSL</font><br>
<font face="Courier New, Courier, monospace">
'ssl_version' => 3,</font><br>
<font face="Courier New, Courier, monospace"> # What other
args should I pass to Net::LDAP->new($host,@args)?</font><br>
<font face="Courier New, Courier, monospace">
'net_ldap_args' => [ version => 3 ],</font><br>
<font face="Courier New, Courier, monospace"> # Does
authentication depend on group membership? What group name?</font><br>
<font face="Courier New, Courier, monospace">
'group' => 'staff',</font><br>
<font face="Courier New, Courier, monospace"> # What is the
attribute for the group object that determines membership?</font><br>
<font face="Courier New, Courier, monospace">
'group_attr' => 'ou=group,dc=ucsc,dc=edu',</font><br>
<font face="Courier New, Courier, monospace"> ## RT
ATTRIBUTE MATCHING SECTION</font><br>
<font face="Courier New, Courier, monospace"> # The list of
RT attributes that uniquely identify a user</font><br>
<br>
<font face="Courier New, Courier, monospace"> # This
example shows what you *can* specify.. I recommend reducing this</font><br>
<br>
<font face="Courier New, Courier, monospace"> # to just the
Name and EmailAddress to save encountering problems later.</font><br>
<font face="Courier New, Courier, monospace">
'attr_match_list' => [ 'Name',</font><br>
<font face="Courier New, Courier, monospace">
'EmailAddress', </font><br>
<font face="Courier New, Courier, monospace">
],</font><br>
<font face="Courier New, Courier, monospace"> # The mapping
of RT attributes on to LDAP attributes</font><br>
<font face="Courier New, Courier, monospace">
'attr_map' => { 'Name' => 'uid',</font><br>
<font face="Courier New, Courier, monospace">
'EmailAddress' => 'mail',</font><br>
<font face="Courier New, Courier, monospace">
'RealName' => 'cn',</font><br>
<font face="Courier New, Courier, monospace">
'ExternalAuthId' => 'uid',</font><br>
<font face="Courier New, Courier, monospace">
'Gecos' => 'gecos',</font><br>
<font face="Courier New, Courier, monospace">
'WorkPhone' => 'telephoneNumber',</font><br>
<font face="Courier New, Courier, monospace">
}</font><br>
<br>
<font face="Courier New, Courier, monospace"> },</font><br>
</blockquote>
<br>
What more do you need to know to help me get this working?<br>
<br>
Wes<br>
<br>
</body>
</html>