<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
The machine name is specified elsewhere, but that is what the root
DN looks like. Now whether that is the right format for that
variable value or not, I don't know. <br>
<br>
W.<br>
<br>
On 1/11/2011 5:49 AM, Josh Narins wrote:
<blockquote
cite="mid:F61EA32D7A6A79478142BA12E77AEE832651E898BC@MS3.nyc.seniorbridgeinternal.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<!--ppd1000037--><!--ppd1000035-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);">I have fiddled only a little with LDAP.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);">The error message sounds like it isn't
recognizing something as
a DN.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);">To me, your username doesn't look quite right. Is
there really
an LDAP server at ucsc.edu? Shouldn't it be more like
DC=ldap1,DC=ucsc,DC=edu,
to specify the machine name?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);">I'm not even very good with windows, so, I could
be way off,
here.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);"><o:p> </o:p></span></p>
<br>
<br>
<p><font face="Verdana" size="2"><em></em></font></p>
<p><font face="Verdana" size="2"><strong>Josh Narins</strong></font><br>
<br>
<font face="Verdana" size="1">Director of Application
Development<br>
SeniorBridge<br>
845 Third Ave<br>
7th Floor<br>
New York, NY 10022 <br>
Tel: (212) 994-6194 <br>
Fax: (212) 994-4260 <br>
Mobile: (917) 488-6248<br>
<a class="moz-txt-link-abbreviated" href="mailto:jnarins@seniorbridge.com">jnarins@seniorbridge.com</a><br>
<a moz-do-not-send="true"
href="http://www.seniorbridge.com/">seniorbridge.com</a></font><br>
<br>
<img moz-do-not-send="true" alt="SeniorBridge"
src="http://www.seniorbridge.com/images/seniorbridgedisclaimerTAG.gif"
align="baseline" border="0" hspace="0"></p>
<br>
<br>
<hr style="height: 1px;">
<font face="Verdana" size="1"><font color="silver"><strong>SeniorBridge
Statement of Confidentiality:</strong> The contents of
this email message are intended for the exclusive use of the
addressee(s) and may contain confidential or privileged
information. Any dissemination, distribution or copying of
this email by an unintended or mistaken recipient is
strictly prohibited. In said event, kindly reply to the
sender and destroy all entries of this message and any
attachments from your system. Thank you.</font></font>
<div style="border-width: medium medium medium 1.5pt;
border-style: none none none solid; border-color:
-moz-use-text-color -moz-use-text-color -moz-use-text-color
blue; padding: 0in 0in 0in 4pt;">
<div>
<div style="border-right: medium none; border-width: 1pt
medium medium; border-style: solid none none;
border-color: rgb(181, 196, 223) -moz-use-text-color
-moz-use-text-color; padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span style="font-size: 10pt;
font-family:
"Tahoma","sans-serif"; color:
windowtext;">From:</span></b><span style="font-size:
10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;">
<a class="moz-txt-link-abbreviated" href="mailto:rt-users-bounces@lists.bestpractical.com">rt-users-bounces@lists.bestpractical.com</a>
[<a class="moz-txt-link-freetext" href="mailto:rt-users-bounces@lists.bestpractical.com">mailto:rt-users-bounces@lists.bestpractical.com</a>] <b>On
Behalf Of </b>Wes Modes<br>
<b>Sent:</b> Monday, January 10, 2011 9:04 PM<br>
<b>To:</b> RT Users<br>
<b>Subject:</b> [rt-users] ExternalAuth help needed<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom: 12pt;">I am using
ExternalAuth to
connect RT3.8.8 to LDAP.<br>
<br>
Detailed documentation seems to be woefully absent, and I've
scoured the web
and tried the dozens of conflicting suggestions, so I'm
turning to y'all.<br>
<br>
Here's the error I get:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-family: "Courier
New";">[Tue Jan 11 01:41:56
2011] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't
bind:
LDAP_INVALID_DN_SYNTAX 34
(/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom: 12pt;"><br>
Here's the LDAP section from my RT_Authen-ExternalAuth.pm <o:p></o:p></p>
<p class="MsoNormal"><span style="font-family: "Courier
New";">
'My_LDAP' => { </span><br>
<span style="font-family: "Courier New";">
## GENERIC SECTION</span><br>
<span style="font-family: "Courier New";">
# The type of service (db/ldap/cookie) </span><br>
<span style="font-family: "Courier New";">
'type'
=> 'ldap',</span><br>
<span style="font-family: "Courier New";">
# The server hosting the service</span><br>
<span style="font-family: "Courier New";">
'server'
=> 'dir1.library.ucsc.edu',</span><br>
<span style="font-family: "Courier New";">
## SERVICE-SPECIFIC SECTION</span><br>
<span style="font-family: "Courier New";">
# If you can bind to your LDAP server anonymously you
should </span><br>
<span style="font-family: "Courier New";">
# remove the user and pass config lines, otherwise specify
them here:</span><br>
<span style="font-family: "Courier New";">
# </span><br>
<span style="font-family: "Courier New";">
# The username RT should use to connect to the LDAP server
</span><br>
<span style="font-family: "Courier New";">
'user'
=> 'cn=admin,dc=ucsc,dc=edu',</span><br>
<span style="font-family: "Courier New";">
# The password RT should use to connect to the LDAP server</span><br>
<span style="font-family: "Courier New";">
'pass'
=> 'PASSWORD',</span><br>
<span style="font-family: "Courier New";">
#</span><br>
<span style="font-family: "Courier New";">
# The LDAP search base</span><br>
<span style="font-family: "Courier New";">
'base'
=> 'ou=people,dc=ucsc,dc=edu',</span><br>
<span style="font-family: "Courier New";">
#</span><br>
<span style="font-family: "Courier New";">
# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN
PARENTHESES!</span><br>
<span style="font-family: "Courier New";">
# YOU **MUST** SPECIFY A filter AND A d_filter!!</span><br>
<span style="font-family: "Courier New";">
#</span><br>
<span style="font-family: "Courier New";">
# The filter to use to match RT-Users</span><br>
<span style="font-family: "Courier New";">
'filter'
=> '(objectClass=person)',</span><br>
<span style="font-family: "Courier New";">
# A catch-all example filter: '(objectClass=*)'</span><br>
<span style="font-family: "Courier New";">
#</span><br>
<span style="font-family: "Courier New";">
# The filter that will only match disabled users</span><br>
<span style="font-family: "Courier New";">
'd_filter'
=> '(objectClass=FooBarBaz)',</span><br>
<span style="font-family: "Courier New";">
# A catch-none example d_filter: '(objectClass=FooBarBaz)'</span><br>
<span style="font-family: "Courier New";">
#</span><br>
<span style="font-family: "Courier New";">
# Should we try to use TLS to encrypt connections?</span><br>
<span style="font-family: "Courier New";">
'tls'
=> 0,</span><br>
<span style="font-family: "Courier New";">
# SSL Version to provide to Net::SSLeay *if* using SSL</span><br>
<span style="font-family: "Courier New";">
'ssl_version'
=> 3,</span><br>
<span style="font-family: "Courier New";">
# What other args should I pass to
Net::LDAP->new($host,@args)?</span><br>
<span style="font-family: "Courier New";">
'net_ldap_args'
=> [ version => 3 ],</span><br>
<span style="font-family: "Courier New";">
# Does authentication depend on group membership? What
group name?</span><br>
<span style="font-family: "Courier New";">
'group'
=> 'staff',</span><br>
<span style="font-family: "Courier New";">
# What is the attribute for the group object that
determines membership?</span><br>
<span style="font-family: "Courier New";">
'group_attr'
=> 'ou=group,dc=ucsc,dc=edu',</span><br>
<span style="font-family: "Courier New";">
## RT ATTRIBUTE MATCHING SECTION</span><br>
<span style="font-family: "Courier New";">
# The list of RT attributes that uniquely identify a user</span><br>
<br>
<span style="font-family: "Courier New";">
# This example shows what you *can* specify.. I recommend
reducing this</span><br>
<br>
<span style="font-family: "Courier New";">
# to just the Name and EmailAddress to save encountering
problems later.</span><br>
<span style="font-family: "Courier New";">
'attr_match_list'
=> [ 'Name',</span><br>
<span style="font-family: "Courier New";">
'EmailAddress',
</span><br>
<span style="font-family: "Courier New";">
],</span><br>
<span style="font-family: "Courier New";">
# The mapping of RT attributes on to LDAP attributes</span><br>
<span style="font-family: "Courier New";">
'attr_map'
=> { 'Name' => 'uid',</span><br>
<span style="font-family: "Courier New";">
'EmailAddress'
=> 'mail',</span><br>
<span style="font-family: "Courier New";">
'RealName'
=> 'cn',</span><br>
<span style="font-family: "Courier New";">
'ExternalAuthId'
=> 'uid',</span><br>
<span style="font-family: "Courier New";">
'Gecos'
=> 'gecos',</span><br>
<span style="font-family: "Courier New";">
'WorkPhone'
=> 'telephoneNumber',</span><br>
<span style="font-family: "Courier New";">
}</span><br>
<br>
<span style="font-family: "Courier New";"> },</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom: 12pt;"><br>
What more do you need to know to help me get this working?<br>
<br>
Wes<o:p></o:p></p>
</div>
</div>
</blockquote>
</body>
</html>