<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
    <title></title>
  </head>
  <body bgcolor="#ffffff" text="#000000">
    The machine name is specified elsewhere, but that is what the root
    DN looks like.  Now whether that is the right format for that
    variable value or not, I don't know.  <br>
    <br>
    W.<br>
    <br>
    On 1/11/2011 5:49 AM, Josh Narins wrote:
    <blockquote
cite="mid:F61EA32D7A6A79478142BA12E77AEE832651E898BC@MS3.nyc.seniorbridgeinternal.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 12 (filtered
        medium)">
      <style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
-->
</style><!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
      <!--ppd1000037--><!--ppd1000035-->
      <div class="WordSection1">
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);">I have fiddled only a little with LDAP.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);">The error message sounds like it isn't
            recognizing something as
            a DN.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);">To me, your username doesn't look quite right. Is
            there really
            an LDAP server at ucsc.edu? Shouldn't it be more like
            DC=ldap1,DC=ucsc,DC=edu,
            to specify the machine name?<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);">I'm not even very good with windows, so, I could
            be way off,
            here.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);"><o:p> </o:p></span></p>
        <br>
        <br>
        <p><font face="Verdana" size="2"><em></em></font></p>
        <p><font face="Verdana" size="2"><strong>Josh Narins</strong></font><br>
          <br>
          <font face="Verdana" size="1">Director of Application
            Development<br>
            SeniorBridge<br>
            845 Third Ave<br>
            7th Floor<br>
            New York, NY 10022 <br>
            Tel: (212) 994-6194 <br>
            Fax: (212) 994-4260 <br>
            Mobile: (917) 488-6248<br>
            <a class="moz-txt-link-abbreviated" href="mailto:jnarins@seniorbridge.com">jnarins@seniorbridge.com</a><br>
            <a moz-do-not-send="true"
              href="http://www.seniorbridge.com/">seniorbridge.com</a></font><br>
          <br>
          <img moz-do-not-send="true" alt="SeniorBridge"
            src="http://www.seniorbridge.com/images/seniorbridgedisclaimerTAG.gif"
            align="baseline" border="0" hspace="0"></p>
        <br>
        <br>
        <hr style="height: 1px;">
        <font face="Verdana" size="1"><font color="silver"><strong>SeniorBridge
              Statement of Confidentiality:</strong> The contents of
            this email message are intended for the exclusive use of the
            addressee(s) and may contain confidential or privileged
            information. Any dissemination, distribution or copying of
            this email by an unintended or mistaken recipient is
            strictly prohibited. In said event, kindly reply to the
            sender and destroy all entries of this message and any
            attachments from your system. Thank you.</font></font>
        <div style="border-width: medium medium medium 1.5pt;
          border-style: none none none solid; border-color:
          -moz-use-text-color -moz-use-text-color -moz-use-text-color
          blue; padding: 0in 0in 0in 4pt;">
          <div>
            <div style="border-right: medium none; border-width: 1pt
              medium medium; border-style: solid none none;
              border-color: rgb(181, 196, 223) -moz-use-text-color
              -moz-use-text-color; padding: 3pt 0in 0in;">
              <p class="MsoNormal"><b><span style="font-size: 10pt;
                    font-family:
                    "Tahoma","sans-serif"; color:
                    windowtext;">From:</span></b><span style="font-size:
                  10pt; font-family:
                  "Tahoma","sans-serif"; color:
                  windowtext;">
                  <a class="moz-txt-link-abbreviated" href="mailto:rt-users-bounces@lists.bestpractical.com">rt-users-bounces@lists.bestpractical.com</a>
                  [<a class="moz-txt-link-freetext" href="mailto:rt-users-bounces@lists.bestpractical.com">mailto:rt-users-bounces@lists.bestpractical.com</a>] <b>On
                    Behalf Of </b>Wes Modes<br>
                  <b>Sent:</b> Monday, January 10, 2011 9:04 PM<br>
                  <b>To:</b> RT Users<br>
                  <b>Subject:</b> [rt-users] ExternalAuth help needed<o:p></o:p></span></p>
            </div>
          </div>
          <p class="MsoNormal"><o:p> </o:p></p>
          <p class="MsoNormal" style="margin-bottom: 12pt;">I am using
            ExternalAuth to
            connect RT3.8.8 to LDAP.<br>
            <br>
            Detailed documentation seems to be woefully absent, and I've
            scoured the web
            and tried the dozens of conflicting suggestions, so I'm
            turning to y'all.<br>
            <br>
            Here's the error I get:<o:p></o:p></p>
          <p class="MsoNormal"><span style="font-family: "Courier
              New";">[Tue Jan 11 01:41:56
              2011] [critical]:
              RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't
              bind:
              LDAP_INVALID_DN_SYNTAX 34
(/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)</span><o:p></o:p></p>
          <p class="MsoNormal" style="margin-bottom: 12pt;"><br>
            Here's the LDAP section from my RT_Authen-ExternalAuth.pm <o:p></o:p></p>
          <p class="MsoNormal"><span style="font-family: "Courier
              New";">   
              'My_LDAP'       =>  {   </span><br>
            <span style="font-family: "Courier New";">       
              ## GENERIC SECTION</span><br>
            <span style="font-family: "Courier New";">       
              # The type of service (db/ldap/cookie) </span><br>
            <span style="font-family: "Courier New";">       
              'type'                     
              =>  'ldap',</span><br>
            <span style="font-family: "Courier New";">       
              # The server hosting the service</span><br>
            <span style="font-family: "Courier New";">       
              'server'                   
              =>  'dir1.library.ucsc.edu',</span><br>
            <span style="font-family: "Courier New";">       
              ## SERVICE-SPECIFIC SECTION</span><br>
            <span style="font-family: "Courier New";">       
              # If you can bind to your LDAP server anonymously you
              should </span><br>
            <span style="font-family: "Courier New";">       
              # remove the user and pass config lines, otherwise specify
              them here:</span><br>
            <span style="font-family: "Courier New";">       
              # </span><br>
            <span style="font-family: "Courier New";">       
              # The username RT should use to connect to the LDAP server
            </span><br>
            <span style="font-family: "Courier New";">       
              'user'                     
              =>  'cn=admin,dc=ucsc,dc=edu',</span><br>
            <span style="font-family: "Courier New";">       
              # The password RT should use to connect to the LDAP server</span><br>
            <span style="font-family: "Courier New";">       
              'pass'                   
              =>  'PASSWORD',</span><br>
            <span style="font-family: "Courier New";">       
              #</span><br>
            <span style="font-family: "Courier New";">       
              # The LDAP search base</span><br>
            <span style="font-family: "Courier New";">       
              'base'                     
              =>  'ou=people,dc=ucsc,dc=edu',</span><br>
            <span style="font-family: "Courier New";">       
              #</span><br>
            <span style="font-family: "Courier New";">       
              # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN
              PARENTHESES!</span><br>
            <span style="font-family: "Courier New";">       
              # YOU **MUST** SPECIFY A filter AND A d_filter!!</span><br>
            <span style="font-family: "Courier New";">       
              #</span><br>
            <span style="font-family: "Courier New";">       
              # The filter to use to match RT-Users</span><br>
            <span style="font-family: "Courier New";">       
              'filter'                   
              =>  '(objectClass=person)',</span><br>
            <span style="font-family: "Courier New";">       
              # A catch-all example filter: '(objectClass=*)'</span><br>
            <span style="font-family: "Courier New";">       
              #</span><br>
            <span style="font-family: "Courier New";">       
              # The filter that will only match disabled users</span><br>
            <span style="font-family: "Courier New";">       
              'd_filter'                 
              =>  '(objectClass=FooBarBaz)',</span><br>
            <span style="font-family: "Courier New";">       
              # A catch-none example d_filter: '(objectClass=FooBarBaz)'</span><br>
            <span style="font-family: "Courier New";">       
              #</span><br>
            <span style="font-family: "Courier New";">       
              # Should we try to use TLS to encrypt connections?</span><br>
            <span style="font-family: "Courier New";">       
              'tls'                      
              =>  0,</span><br>
            <span style="font-family: "Courier New";">       
              # SSL Version to provide to Net::SSLeay *if* using SSL</span><br>
            <span style="font-family: "Courier New";">       
              'ssl_version'              
              =>  3,</span><br>
            <span style="font-family: "Courier New";">       
              # What other args should I pass to
              Net::LDAP->new($host,@args)?</span><br>
            <span style="font-family: "Courier New";">       
              'net_ldap_args'            
              => [    version =>  3   ],</span><br>
            <span style="font-family: "Courier New";">       
              # Does authentication depend on group membership? What
              group name?</span><br>
            <span style="font-family: "Courier New";">       
              'group'                    
              =>  'staff',</span><br>
            <span style="font-family: "Courier New";">       
              # What is the attribute for the group object that
              determines membership?</span><br>
            <span style="font-family: "Courier New";">       
              'group_attr'               
              =>  'ou=group,dc=ucsc,dc=edu',</span><br>
            <span style="font-family: "Courier New";">       
              ## RT ATTRIBUTE MATCHING SECTION</span><br>
            <span style="font-family: "Courier New";">       
              # The list of RT attributes that uniquely identify a user</span><br>
            <br>
            <span style="font-family: "Courier New";">       
              # This example shows what you *can* specify.. I recommend
              reducing this</span><br>
            <br>
            <span style="font-family: "Courier New";">       
              # to just the Name and EmailAddress to save encountering
              problems later.</span><br>
            <span style="font-family: "Courier New";">       
              'attr_match_list'          
              => [    'Name',</span><br>
            <span style="font-family: "Courier New";">                                           
'EmailAddress',
            </span><br>
            <span style="font-family: "Courier New";">                                       
              ],</span><br>
            <span style="font-family: "Courier New";">       
              # The mapping of RT attributes on to LDAP attributes</span><br>
            <span style="font-family: "Courier New";">       
              'attr_map'                 
              =>  {   'Name' => 'uid',</span><br>
            <span style="font-family: "Courier New";">                                           
'EmailAddress'
              => 'mail',</span><br>
            <span style="font-family: "Courier New";">                                           
'RealName'
              => 'cn',</span><br>
            <span style="font-family: "Courier New";">                                           
'ExternalAuthId'
              => 'uid',</span><br>
            <span style="font-family: "Courier New";">                                           
'Gecos'
              => 'gecos',</span><br>
            <span style="font-family: "Courier New";">                                           
'WorkPhone'
              => 'telephoneNumber',</span><br>
            <span style="font-family: "Courier New";">                                       
              }</span><br>
            <br>
            <span style="font-family: "Courier New";">    },</span><o:p></o:p></p>
          <p class="MsoNormal" style="margin-bottom: 12pt;"><br>
            What more do you need to know to help me get this working?<br>
            <br>
            Wes<o:p></o:p></p>
        </div>
      </div>
    </blockquote>
  </body>
</html>