<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
As suggested in a thread in this forum, I connected with ldapsearch
with no problem:<br>
<br>
<blockquote><font face="Courier New, Courier, monospace">[root@rt2]#
ldapsearch -x -LLL -D "cn=admin,dc=ucsc,dc=edu" -W -h
dir1.library.ucsc.edu -b "ou=people,dc=ucsc,dc=edu" uid=wmodes
cn telephoneNumber</font><br>
<font face="Courier New, Courier, monospace">Enter LDAP Password:
</font><br>
<font face="Courier New, Courier, monospace">dn:
uid=wmodes,ou=people,dc=ucsc,dc=edu</font><br>
<font face="Courier New, Courier, monospace">cn: Wes Modes</font><br>
<font face="Courier New, Courier, monospace">telephoneNumber:
831-459-5208</font><br>
</blockquote>
This was run from the server running RT. The DN and password I'm
using to connect is the same here and in the config file. Now what?<br>
<br>
Wes<br>
<br>
<br>
On 1/11/2011 7:43 AM, Kevin Falcone wrote:
<blockquote cite="mid:20110111154359.GI731@jibsheet.com" type="cite">
<pre wrap="">On Mon, Jan 10, 2011 at 06:03:37PM -0800, Wes Modes wrote:
</pre>
<blockquote type="cite">
<pre wrap=""> I am using ExternalAuth to connect RT3.8.8 to LDAP.
Detailed documentation seems to be woefully absent, and I've scoured the web and tried the
dozens of conflicting suggestions, so I'm turning to y'all.
Here's the error I get:
[Tue Jan 11 01:41:56 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj
Can't bind: LDAP_INVALID_DN_SYNTAX 34
(/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
</pre>
</blockquote>
<pre wrap="">
The error seems clear, something in your username or password isn't
valid DN syntax according to your server.
Try connecting using the ldapsearch command line client.
-kevin
</pre>
<blockquote type="cite">
<pre wrap=""> Here's the LDAP section from my RT_Authen-ExternalAuth.pm
'My_LDAP' => {
## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type' => 'ldap',
# The server hosting the service
'server' => 'dir1.library.ucsc.edu',
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them here:
#
# The username RT should use to connect to the LDAP server
'user' => 'cn=admin,dc=ucsc,dc=edu',
# The password RT should use to connect to the LDAP server
'pass' => 'PASSWORD',
#
# The LDAP search base
'base' => 'ou=people,dc=ucsc,dc=edu',
#
# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST** SPECIFY A filter AND A d_filter!!
#
# The filter to use to match RT-Users
'filter' => '(objectClass=person)',
# A catch-all example filter: '(objectClass=*)'
#
# The filter that will only match disabled users
'd_filter' => '(objectClass=FooBarBaz)',
# A catch-none example d_filter: '(objectClass=FooBarBaz)'
#
# Should we try to use TLS to encrypt connections?
'tls' => 0,
# SSL Version to provide to Net::SSLeay *if* using SSL
'ssl_version' => 3,
# What other args should I pass to Net::LDAP->new($host,@args)?
'net_ldap_args' => [ version => 3 ],
# Does authentication depend on group membership? What group name?
'group' => 'staff',
# What is the attribute for the group object that determines membership?
'group_attr' => 'ou=group,dc=ucsc,dc=edu',
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
# This example shows what you *can* specify.. I recommend reducing this
# to just the Name and EmailAddress to save encountering problems later.
'attr_match_list' => [ 'Name',
'EmailAddress',
],
# The mapping of RT attributes on to LDAP attributes
'attr_map' => { 'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'ExternalAuthId' => 'uid',
'Gecos' => 'gecos',
'WorkPhone' => 'telephoneNumber',
}
},
What more do you need to know to help me get this working?
Wes
</pre>
</blockquote>
</blockquote>
</body>
</html>