<div>Guys,</div>
<div> </div>
<div>I am new to RT, and I've encounter the following issue:</div>
<div> </div>
<div>I have changed the domain on the email address for some of our users, but now when they send a request to our queue, they get the following response.</div>
<div> </div>
<div>Could not load a valid user</div>
<div> </div>
<div>What do I need to change so that it does not happen again?</div>
<div> </div>
<div>Thank you so much.</div>
<div> </div>
<div>Alberto<br><br></div>
<div class="gmail_quote">On Wed, Jan 12, 2011 at 3:05 PM, Kevin Falcone <span dir="ltr"><<a href="mailto:falcone@bestpractical.com">falcone@bestpractical.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div class="im">On Wed, Jan 12, 2011 at 03:00:30PM -0800, Wes Modes wrote:<br>> Kevin, you said the error is clear. but it seems less than clear to<br>> me. Especially since I have no problem connecting to ldap with<br>
> ldapsearch using the same DN.<br>><br>> Are we stalled out here, then? If this forum can not offer help, any<br>> suggestions where to turn to for help?<br>><br>> In my experience with other software, LDAP is one of the simplest<br>
> integrations possible. In total one has to configure maybe three, maybe<br>> four things. The server FQDN, maybe the port, the base DN, and maybe<br>> the root DN. Voila! That's it! LDAP integration.<br>
><br>> I have a difficult time believing that RT is so difficult to integrate<br>> with LDAP, that there is so little step-by-step documentation, and that<br>> the user forums offer so little help. This has been a surprisingly<br>
> difficult process, but I'd still like to be proved completely wrong.<br><br></div>Wes, plenty of folks have this working and I've set it up more times<br>than I can count. You've cherry picked an error that tells me that<br>
your LDAP server is rejecting the connection attempt. What do your<br>LDAP logs say?<br><br>As someone observed, your group settings look interestingly wrong, but<br>since I'm staring at one log line it's kind of hard to tell if this is<br>
the initial bind or a later bind failure.<br><font color="#888888"><br>-kevin<br></font>
<div>
<div></div>
<div class="h5"><br>> On 1/11/2011 7:43 AM, Kevin Falcone wrote:<br>> > On Mon, Jan 10, 2011 at 06:03:37PM -0800, Wes Modes wrote:<br>> >> I am using ExternalAuth to connect RT3.8.8 to LDAP.<br>> >><br>
> >> Detailed documentation seems to be woefully absent, and I've scoured the web and tried the<br>> >> dozens of conflicting suggestions, so I'm turning to y'all.<br>> >><br>> >> Here's the error I get:<br>
> >><br>> >> [Tue Jan 11 01:41:56 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj<br>> >> Can't bind: LDAP_INVALID_DN_SYNTAX 34<br>> >> (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)<br>
> > The error seems clear, something in your username or password isn't<br>> > valid DN syntax according to your server.<br>> ><br>> > Try connecting using the ldapsearch command line client.<br>
> ><br>> > -kevin<br>> ><br>> >> Here's the LDAP section from my RT_Authen-ExternalAuth.pm<br>> >><br>> >> 'My_LDAP' => {<br>> >> ## GENERIC SECTION<br>
> >> # The type of service (db/ldap/cookie)<br>> >> 'type' => 'ldap',<br>> >> # The server hosting the service<br>
> >> 'server' => '<a href="http://dir1.library.ucsc.edu/" target="_blank">dir1.library.ucsc.edu</a>',<br>> >> ## SERVICE-SPECIFIC SECTION<br>
> >> # If you can bind to your LDAP server anonymously you should<br>> >> # remove the user and pass config lines, otherwise specify them here:<br>> >> #<br>
> >> # The username RT should use to connect to the LDAP server<br>> >> 'user' => 'cn=admin,dc=ucsc,dc=edu',<br>> >> # The password RT should use to connect to the LDAP server<br>
> >> 'pass' => 'PASSWORD',<br>> >> #<br>> >> # The LDAP search base<br>> >> 'base' => 'ou=people,dc=ucsc,dc=edu',<br>
> >> #<br>> >> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!<br>> >> # YOU **MUST** SPECIFY A filter AND A d_filter!!<br>> >> #<br>
> >> # The filter to use to match RT-Users<br>> >> 'filter' => '(objectClass=person)',<br>> >> # A catch-all example filter: '(objectClass=*)'<br>
> >> #<br>> >> # The filter that will only match disabled users<br>> >> 'd_filter' => '(objectClass=FooBarBaz)',<br>> >> # A catch-none example d_filter: '(objectClass=FooBarBaz)'<br>
> >> #<br>> >> # Should we try to use TLS to encrypt connections?<br>> >> 'tls' => 0,<br>> >> # SSL Version to provide to Net::SSLeay *if* using SSL<br>
> >> 'ssl_version' => 3,<br>> >> # What other args should I pass to Net::LDAP->new($host,@args)?<br>> >> 'net_ldap_args' => [ version => 3 ],<br>
> >> # Does authentication depend on group membership? What group name?<br>> >> 'group' => 'staff',<br>> >> # What is the attribute for the group object that determines membership?<br>
> >> 'group_attr' => 'ou=group,dc=ucsc,dc=edu',<br>> >> ## RT ATTRIBUTE MATCHING SECTION<br>> >> # The list of RT attributes that uniquely identify a user<br>
> >><br>> >> # This example shows what you *can* specify.. I recommend reducing this<br>> >><br>> >> # to just the Name and EmailAddress to save encountering problems later.<br>
> >> 'attr_match_list' => [ 'Name',<br>> >> 'EmailAddress',<br>> >> ],<br>
> >> # The mapping of RT attributes on to LDAP attributes<br>> >> 'attr_map' => { 'Name' => 'uid',<br>> >> 'EmailAddress' => 'mail',<br>
> >> 'RealName' => 'cn',<br>> >> 'ExternalAuthId' => 'uid',<br>> >> 'Gecos' => 'gecos',<br>
> >> 'WorkPhone' => 'telephoneNumber',<br>> >> }<br>> >><br>> >> },<br>
> >><br>> >> What more do you need to know to help me get this working?<br>> >><br>> >> Wes<br></div></div></blockquote></div><br><br clear="all"><br>-- <br>Alberto Vazquez-Dzul<br>
Email: <a href="mailto:betovaz@gmail.com">betovaz@gmail.com</a><br>Mobile: (805) 444-0835<br>GVoice: (805) 768-4798<br>