<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:860123940;
        mso-list-type:hybrid;
        mso-list-template-ids:1464097142 -406295220 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
        {mso-level-start-at:24;
        mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:.75in;
        text-indent:-.25in;
        mso-ansi-font-size:12.0pt;
        font-family:Symbol;
        mso-fareast-font-family:"Times New Roman";
        mso-bidi-font-family:"Times New Roman";
        color:black;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Wes,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Your user DN for the admin user is odd. I would expect it included some sort of “ou” component, something more along the lines of:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>'user'                      =>  'cn=admin,ou=people,dc=ucsc,dc=edu',<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>A couple more questions for you:<o:p></o:p></p><p class=MsoListParagraph style='margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]>What kind of LDAP server are you running?<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]>Do you have any sort of LDAP browser software on your machine? (ldapsearch is fine, but sometimes a little hard to get going).<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>That should solve your LDAP DN syntax issue.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks,<o:p></o:p></p><p class=MsoNormal>Jok<br><br><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] <b>On Behalf Of </b>Wes Modes<br><b>Sent:</b> Thursday, January 13, 2011 1:42 PM<br><b>To:</b> rt-users@lists.bestpractical.com<br><b>Subject:</b> Re: [rt-users] ExternalAuth help needed<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>I found that I don't need to define MySQL as an external auth source because, uh, it is not external.  I am using the default mysql authentication for rt.  So I removed mysql from the ExternalAuthPriority and ExternalInfoPriority arrays.<br>This quiets some of the more perplexing "Password Encryption" errors, but still leaves me with these similar errors:<br><br>For a local rt user:<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>[Thu Jan 13 21:39:34 2011] [critical]: Search for (ou=group,dc=ucsc,dc=edu=uid=wmodes,ou=people,dc=ucsc,dc=edu) failed: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:116)</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><br>and for an LDAP only user:<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>[Thu Jan 13 21:40:27 2011] [critical]: Search for (ou=group,dc=ucsc,dc=edu=uid=rjohnson,ou=people,dc=ucsc,dc=edu) failed: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:116)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>[Thu Jan 13 21:40:27 2011] [error]: FAILED LOGIN for rjohnson from 128.114.163.50 (/usr/lib/rt/RT/Interface/Web.pm:424)</span><o:p></o:p></p><p class=MsoNormal><br>Here are the config files:<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'># Any configuration directives you include  here will override</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># RT's default configuration file, RT_Config.pm</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># To include a directive here, just copy the equivalent statement</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># from RT_Config.pm and change the value. We've included a single</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># sample value below.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># This file is actually a perl module, so you can include valid</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># perl code, as well.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># The converse is also true, if this file isn't valid perl, you're</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># going to run into trouble. To check your SiteConfig file, use</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># this comamnd:</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#   perl -c /path/to/your/etc/RT_SiteConfig.pm</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>#Set( $rtname, 'example.com');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#Set( $rtname, 'example.com');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#Set(@Plugins,(qw(Extension::QuickDelete RT::FM)));</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set(@Plugins,qw(RT::Extension::ExtractCustomFieldValues</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>RT::Authen::ExternalAuth));</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>require "/etc/rt/RT_Authen-ExternalAuth.pm";</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># Look into the zoneinfo database for valid values (/usr/share/zoneinfo/)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># Set( $Timezone , 'US/Eastern');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># Set( $WebBaseURL , <a href="http://localhost">"http://localhost"</a>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set( $WebPath , "/rt");</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($rtname , "rt.library.ucsc.edu");</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($Organization , "rt.library.ucsc.edu");</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($Timezone , 'US/Pacific');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($DatabaseUser , 'root');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($DatabasePassword , 'r3c@ll');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($DatabaseName , 'rt3');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($CanonicalizeEmailAddressMatch   , 'rt2.library.ucsc.edu$');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#Set($CanonicalizeEmailAddressReplace , 'library.ucsc.edu');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($RTAddressRegexp, '\@rt2.library.ucsc.edu$');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($OwnerEmail, 'rootmail');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($WebBaseURL, <a href="http://rt2.library.ucsc.edu">"http://rt2.library.ucsc.edu"</a>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># $LogoURL points to the URL of the RT logo displayed in the web UI</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($LogoURL , $WebImagesURL . "library.gif");</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($LogToFile, 'error');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>1;</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><br>and the external auth config:<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'># The order in which the services defined in ExternalSettings</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># should be used to authenticate users. User is authenticated</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># if successfully confirmed by any service - no more services</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># are checked.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($ExternalAuthPriority,  [   'My_LDAP',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                            ]</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># The order in which the services defined in ExternalSettings</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># should be used to get information about users. This includes</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># RealName, Tel numbers etc, but also whether or not the user</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># should be considered disabled. </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># Once user info is found, no more services are checked.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># You CANNOT use a SSO cookie for authentication.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($ExternalInfoPriority,  [</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                'My_LDAP'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                            ]</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># If this is set to true, then the relevant packages will</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># be loaded to use SSL/TLS connections. At the moment,</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># this just means "use Net::SSLeay;"</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($ExternalServiceUsesSSLorTLS,    0);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># If this is set to 1, then users should be autocreated by RT</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># as internal users if they fail to authenticate from an</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># external service.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($AutoCreateNonExternalUsers,    0);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># These are the full settings for each external service as a HashOfHashes</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># Note that you may have as many external services as you wish. They will</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># be checked in the order specified in the Priority directives above.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># e.g. </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#   Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($ExternalSettings,      {   </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>    # AN EXAMPLE DB SERVICE</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>    'My_MySQL'   =>  {      </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        ## GENERIC SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The type of service (db/ldap/cookie) </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'type'                      =>  'db',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The server hosting the service</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'server'                    =>  'rt2.library.ucsc.edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        ## SERVICE-SPECIFIC SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The database name</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'database'                  =>  'rt3',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The database table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'table'                     =>  'Users',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The user to connect to the database as</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'user'                      =>  'root',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The password to use to connect with</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'pass'                      =>  'xxxxxxxx',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The port to use to connect with (e.g. 3306)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'port'                      =>  '3306',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The name of the Perl DBI driver to use (e.g. mysql)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'dbi_driver'                =>  'mysql',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The field in the table that holds usernames</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'u_field'                   =>  'Name',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The field in the table that holds passwords</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'p_field'                   =>  'Password',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The Perl package & subroutine used to encrypt passwords</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # e.g. if the passwords are stored using the MySQL v3.23 "PASSWORD"</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # function, then you will need Crypt::MySQL::password, but for the</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # MySQL4+ password function you will need Crypt::MySQL::password41</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # Alternatively, you could use Digest::MD5::md5_hex or any other</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # encryption subroutine you can load in your perl installation</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'p_enc_pkg'                 =>  'Crypt::MySQL',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'p_enc_sub'                 =>  'password',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # If your p_enc_sub takes a salt as a second parameter, </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # uncomment this line to add your salt</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        #'p_salt'                    =>  'SALT',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The field and values in the table that determines if a user should</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # be disabled. For example, if the field is 'user_status' and the values</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # are ['0','1','2','disabled'] then the user will be disabled if their</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # user_status is set to '0','1','2' or the string 'disabled'.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # Otherwise, they will be considered enabled.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'd_field'                   =>  'disabled',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'd_values'                  =>  ['0'],</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        ## RT ATTRIBUTE MATCHING SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The list of RT attributes that uniquely identify a user</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'attr_match_list'           =>  [   'Gecos',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'Name'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                        ],</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The mapping of RT attributes on to field names</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'attr_map'                  =>  {   'Name' => 'username',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'EmailAddress' => 'email',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'ExternalAuthId' => 'username',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'Gecos' => 'userID'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                        }</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>    },</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>    # AN EXAMPLE LDAP SERVICE</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>    'My_LDAP'       =>  {   </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        ## GENERIC SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The type of service (db/ldap/cookie) </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'type'                      =>  'ldap',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The server hosting the service</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'server'                    =>  'dir1.library.ucsc.edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        ## SERVICE-SPECIFIC SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # If you can bind to your LDAP server anonymously you should </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # remove the user and pass config lines, otherwise specify them here:</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The username RT should use to connect to the LDAP server </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'user'                      =>  'cn=admin,dc=ucsc,dc=edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The password RT should use to connect to the LDAP server</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'pass'                    =>  'xxxxxxxx',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The LDAP search base</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'base'                      =>  'ou=people,dc=ucsc,dc=edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # YOU **MUST** SPECIFY A filter AND A d_filter!!</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The filter to use to match RT-Users</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'filter'                    =>  '(objectClass=person)',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # A catch-all example filter: '(objectClass=*)'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The filter that will only match disabled users</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'd_filter'                  =>  '(objectClass=FooBarBaz)',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # A catch-none example d_filter: '(objectClass=FooBarBaz)'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # Should we try to use TLS to encrypt connections?</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'tls'                       =>  0,</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # SSL Version to provide to Net::SSLeay *if* using SSL</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'ssl_version'               =>  3,</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # What other args should I pass to Net::LDAP->new($host,@args)?</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'net_ldap_args'             => [    version =>  3   ],</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # Does authentication depend on group membership? What group name?</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'group'                     =>  'staff',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # What is the attribute for the group object that determines membership?</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'group_attr'                =>  'ou=group,dc=ucsc,dc=edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        ## RT ATTRIBUTE MATCHING SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The list of RT attributes that uniquely identify a user</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # This example shows what you *can* specify.. I recommend reducing this</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # to just the Name and EmailAddress to save encountering problems later.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'attr_match_list'           => [    'Name',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'EmailAddress', </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                        ],</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The mapping of RT attributes on to LDAP attributes</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'attr_map'                  =>  {   'Name' => 'uid',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'EmailAddress' => 'mail',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'RealName' => 'cn',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'ExternalAuthId' => 'uid',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'Gecos' => 'gecos',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                            'WorkPhone' => 'telephoneNumber',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>                                        }</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>    },</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>    # An example SSO cookie service</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>    'My_SSO_Cookie'  => {   </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # # The type of service (db/ldap/cookie)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'type'                      =>  'cookie',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The name of the cookie to be used</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'name'                      =>  'loginCookieValue',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The users table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'u_table'                   =>  'users',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The username field in the users table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'u_field'                   =>  'username',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The field in the users table that uniquely identifies a user</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # and also exists in the cookies table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'u_match_key'               =>  'userID',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The cookies table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'c_table'                   =>  'login_cookie',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The field that stores cookie values</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'c_field'                   =>  'loginCookieValue',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The field in the cookies table that uniquely identifies a user</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # and also exists in the users table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'c_match_key'               =>  'loginCookieUserID',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        # The DB service in this configuration to use to lookup the cookie information</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>        'db_service_name'           =>  'My_MySQL'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>    }</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>}</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>1;</span><o:p></o:p></p><p class=MsoNormal>Any help would be appreciated.  Thanks.<br><br>Wes<br><br><br>On 1/12/2011 4:14 PM, Kevin Falcone wrote: <o:p></o:p></p><pre>On Wed, Jan 12, 2011 at 04:01:08PM -0800, Wes Modes wrote:<o:p></o:p></pre><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre>     [Wed Jan 12 23:31:22 2011] [error]: AUTH FAILED, Couldn't Load Password Encryption Package.<o:p></o:p></pre><pre>     Error: Can't locate Crypt/MySQL.pm in @INC (@INC contains: /usr/local/rt/lib<o:p></o:p></pre></blockquote><pre><o:p> </o:p></pre><pre>What are you doing to load that?<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>You should send along the other parts of your RT_SiteConfig.pm, it<o:p></o:p></pre><pre>appears you've got something 'interesting' running.  Did you tell<o:p></o:p></pre><pre>RT-Authen-ExternalAuth to look at LDAP and a mysql database?<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>-kevin<o:p></o:p></pre></div></body></html>