
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">

<meta name=Generator content="Microsoft Word 12 (filtered medium)">

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";

        color:black;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

-->

</style>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]-->

</head>


<body bgcolor=white lang=EN-US link=blue vlink=purple><!--ppd1000037--><!--ppd1000035-->


<div class=WordSection1>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>I have fiddled only a little with LDAP.<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>The error message sounds like it isn't recognizing something as

a DN.<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>To me, your username doesn't look quite right. Is there really

an LDAP server at ucsc.edu? Shouldn't it be more like DC=ldap1,DC=ucsc,DC=edu,

to specify the machine name?<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>I'm not even very good with windows, so, I could be way off,

here.<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p> </o:p></span></p>


<br /><br />

<P><FONT size=2 face=Verdana><EM></EM></FONT></P>

<P><FONT size=2 face=Verdana><STRONG>Josh Narins</STRONG></FONT><BR><BR><FONT size=1 

face=Verdana>Director of Application Development<BR>SeniorBridge<BR>845 Third Ave<br/>

7th Floor<BR>New York, NY 10022 <br/>

Tel: (212) 994-6194 <br/>

Fax: (212) 994-4260 <br/>

Mobile: 

(917) 488-6248<BR>jnarins@seniorbridge.com<BR><A 

href="http://www.seniorbridge.com/">seniorbridge.com</A></FONT><BR><BR><IMG 

border=0 hspace=0 alt=SeniorBridge align=baseline 

src="http://www.seniorbridge.com/images/seniorbridgedisclaimerTAG.gif"></P></FONT><br /><br />

<HR style="HEIGHT: 1px">

<FONT size=1 face=Verdana><FONT color=silver><STRONG>SeniorBridge Statement of 

Confidentiality:</STRONG> The contents of this email message are intended for 

the exclusive use of the addressee(s) and may contain confidential or privileged 

information. Any dissemination, distribution or copying of this email by an 

unintended or mistaken recipient is strictly prohibited. In said event, kindly 

reply to the sender and destroy all entries of this message and any attachments 

from your system. Thank you.</FONT></FONT><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>


<div>


<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:

"Tahoma","sans-serif";color:windowtext'>

rt-users-bounces@lists.bestpractical.com

[mailto:rt-users-bounces@lists.bestpractical.com] <b>On Behalf Of </b>Wes Modes<br>

<b>Sent:</b> Monday, January 10, 2011 9:04 PM<br>

<b>To:</b> RT Users<br>

<b>Subject:</b> [rt-users] ExternalAuth help needed<o:p></o:p></span></p>


</div>


</div>


<p class=MsoNormal><o:p> </o:p></p>


<p class=MsoNormal style='margin-bottom:12.0pt'>I am using ExternalAuth to

connect RT3.8.8 to LDAP.<br>

<br>

Detailed documentation seems to be woefully absent, and I've scoured the web

and tried the dozens of conflicting suggestions, so I'm turning to y'all.<br>

<br>

Here's the error I get:<o:p></o:p></p>


<p class=MsoNormal><span style='font-family:"Courier New"'>[Tue Jan 11 01:41:56

2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:

LDAP_INVALID_DN_SYNTAX 34

(/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)</span><o:p></o:p></p>


<p class=MsoNormal style='margin-bottom:12.0pt'><br>

Here's the LDAP section from my RT_Authen-ExternalAuth.pm <o:p></o:p></p>


<p class=MsoNormal><span style='font-family:"Courier New"'>   

'My_LDAP'       =>  {   </span><br>

<span style='font-family:"Courier New"'>       

## GENERIC SECTION</span><br>

<span style='font-family:"Courier New"'>       

# The type of service (db/ldap/cookie) </span><br>

<span style='font-family:"Courier New"'>       

'type'                     

=>  'ldap',</span><br>

<span style='font-family:"Courier New"'>       

# The server hosting the service</span><br>

<span style='font-family:"Courier New"'>       

'server'                   

=>  'dir1.library.ucsc.edu',</span><br>

<span style='font-family:"Courier New"'>       

## SERVICE-SPECIFIC SECTION</span><br>

<span style='font-family:"Courier New"'>       

# If you can bind to your LDAP server anonymously you should </span><br>

<span style='font-family:"Courier New"'>       

# remove the user and pass config lines, otherwise specify them here:</span><br>

<span style='font-family:"Courier New"'>       

# </span><br>

<span style='font-family:"Courier New"'>       

# The username RT should use to connect to the LDAP server </span><br>

<span style='font-family:"Courier New"'>       

'user'                     

=>  'cn=admin,dc=ucsc,dc=edu',</span><br>

<span style='font-family:"Courier New"'>       

# The password RT should use to connect to the LDAP server</span><br>

<span style='font-family:"Courier New"'>       

'pass'                   

=>  'PASSWORD',</span><br>

<span style='font-family:"Courier New"'>       

#</span><br>

<span style='font-family:"Courier New"'>       

# The LDAP search base</span><br>

<span style='font-family:"Courier New"'>       

'base'                     

=>  'ou=people,dc=ucsc,dc=edu',</span><br>

<span style='font-family:"Courier New"'>       

#</span><br>

<span style='font-family:"Courier New"'>       

# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!</span><br>

<span style='font-family:"Courier New"'>       

# YOU **MUST** SPECIFY A filter AND A d_filter!!</span><br>

<span style='font-family:"Courier New"'>       

#</span><br>

<span style='font-family:"Courier New"'>       

# The filter to use to match RT-Users</span><br>

<span style='font-family:"Courier New"'>       

'filter'                   

=>  '(objectClass=person)',</span><br>

<span style='font-family:"Courier New"'>       

# A catch-all example filter: '(objectClass=*)'</span><br>

<span style='font-family:"Courier New"'>       

#</span><br>

<span style='font-family:"Courier New"'>       

# The filter that will only match disabled users</span><br>

<span style='font-family:"Courier New"'>       

'd_filter'                 

=>  '(objectClass=FooBarBaz)',</span><br>

<span style='font-family:"Courier New"'>       

# A catch-none example d_filter: '(objectClass=FooBarBaz)'</span><br>

<span style='font-family:"Courier New"'>       

#</span><br>

<span style='font-family:"Courier New"'>       

# Should we try to use TLS to encrypt connections?</span><br>

<span style='font-family:"Courier New"'>       

'tls'                      

=>  0,</span><br>

<span style='font-family:"Courier New"'>       

# SSL Version to provide to Net::SSLeay *if* using SSL</span><br>

<span style='font-family:"Courier New"'>       

'ssl_version'              

=>  3,</span><br>

<span style='font-family:"Courier New"'>       

# What other args should I pass to Net::LDAP->new($host,@args)?</span><br>

<span style='font-family:"Courier New"'>       

'net_ldap_args'            

=> [    version =>  3   ],</span><br>

<span style='font-family:"Courier New"'>       

# Does authentication depend on group membership? What group name?</span><br>

<span style='font-family:"Courier New"'>       

'group'                    

=>  'staff',</span><br>

<span style='font-family:"Courier New"'>       

# What is the attribute for the group object that determines membership?</span><br>

<span style='font-family:"Courier New"'>       

'group_attr'               

=>  'ou=group,dc=ucsc,dc=edu',</span><br>

<span style='font-family:"Courier New"'>       

## RT ATTRIBUTE MATCHING SECTION</span><br>

<span style='font-family:"Courier New"'>       

# The list of RT attributes that uniquely identify a user</span><br>

<br>

<span style='font-family:"Courier New"'>       

# This example shows what you *can* specify.. I recommend reducing this</span><br>

<br>

<span style='font-family:"Courier New"'>       

# to just the Name and EmailAddress to save encountering problems later.</span><br>

<span style='font-family:"Courier New"'>       

'attr_match_list'          

=> [    'Name',</span><br>

<span style='font-family:"Courier New"'>                                           

'EmailAddress', </span><br>

<span style='font-family:"Courier New"'>                                       

],</span><br>

<span style='font-family:"Courier New"'>       

# The mapping of RT attributes on to LDAP attributes</span><br>

<span style='font-family:"Courier New"'>       

'attr_map'                 

=>  {   'Name' => 'uid',</span><br>

<span style='font-family:"Courier New"'>                                           

'EmailAddress' => 'mail',</span><br>

<span style='font-family:"Courier New"'>                                           

'RealName' => 'cn',</span><br>

<span style='font-family:"Courier New"'>                                           

'ExternalAuthId' => 'uid',</span><br>

<span style='font-family:"Courier New"'>                                           

'Gecos' => 'gecos',</span><br>

<span style='font-family:"Courier New"'>                                           

'WorkPhone' => 'telephoneNumber',</span><br>

<span style='font-family:"Courier New"'>                                       

}</span><br>

<br>

<span style='font-family:"Courier New"'>    },</span><o:p></o:p></p>


<p class=MsoNormal style='margin-bottom:12.0pt'><br>

What more do you need to know to help me get this working?<br>

<br>

Wes<o:p></o:p></p>


</div>


</div>


</body>


</html>