<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:860123940;
mso-list-type:hybrid;
mso-list-template-ids:1464097142 -406295220 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:24;
mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
font-family:Symbol;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";
color:black;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Wes,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Your user DN for the admin user is odd. I would expect it included some sort of “ou” component, something more along the lines of:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>'user' => 'cn=admin,ou=people,dc=ucsc,dc=edu',<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>A couple more questions for you:<o:p></o:p></p><p class=MsoListParagraph style='margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>What kind of LDAP server are you running?<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>Do you have any sort of LDAP browser software on your machine? (ldapsearch is fine, but sometimes a little hard to get going).<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>That should solve your LDAP DN syntax issue.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks,<o:p></o:p></p><p class=MsoNormal>Jok<br><br><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] <b>On Behalf Of </b>Wes Modes<br><b>Sent:</b> Thursday, January 13, 2011 1:42 PM<br><b>To:</b> rt-users@lists.bestpractical.com<br><b>Subject:</b> Re: [rt-users] ExternalAuth help needed<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>I found that I don't need to define MySQL as an external auth source because, uh, it is not external. I am using the default mysql authentication for rt. So I removed mysql from the ExternalAuthPriority and ExternalInfoPriority arrays.<br>This quiets some of the more perplexing "Password Encryption" errors, but still leaves me with these similar errors:<br><br>For a local rt user:<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>[Thu Jan 13 21:39:34 2011] [critical]: Search for (ou=group,dc=ucsc,dc=edu=uid=wmodes,ou=people,dc=ucsc,dc=edu) failed: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:116)</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><br>and for an LDAP only user:<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>[Thu Jan 13 21:40:27 2011] [critical]: Search for (ou=group,dc=ucsc,dc=edu=uid=rjohnson,ou=people,dc=ucsc,dc=edu) failed: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:116)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>[Thu Jan 13 21:40:27 2011] [error]: FAILED LOGIN for rjohnson from 128.114.163.50 (/usr/lib/rt/RT/Interface/Web.pm:424)</span><o:p></o:p></p><p class=MsoNormal><br>Here are the config files:<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'># Any configuration directives you include here will override</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># RT's default configuration file, RT_Config.pm</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># To include a directive here, just copy the equivalent statement</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># from RT_Config.pm and change the value. We've included a single</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># sample value below.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># This file is actually a perl module, so you can include valid</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># perl code, as well.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># The converse is also true, if this file isn't valid perl, you're</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># going to run into trouble. To check your SiteConfig file, use</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># this comamnd:</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># perl -c /path/to/your/etc/RT_SiteConfig.pm</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>#Set( $rtname, 'example.com');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#Set( $rtname, 'example.com');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#Set(@Plugins,(qw(Extension::QuickDelete RT::FM)));</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set(@Plugins,qw(RT::Extension::ExtractCustomFieldValues</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>RT::Authen::ExternalAuth));</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>require "/etc/rt/RT_Authen-ExternalAuth.pm";</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># Look into the zoneinfo database for valid values (/usr/share/zoneinfo/)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># Set( $Timezone , 'US/Eastern');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># Set( $WebBaseURL , <a href="http://localhost">"http://localhost"</a>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set( $WebPath , "/rt");</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($rtname , "rt.library.ucsc.edu");</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($Organization , "rt.library.ucsc.edu");</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($Timezone , 'US/Pacific');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($DatabaseUser , 'root');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($DatabasePassword , 'r3c@ll');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($DatabaseName , 'rt3');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($CanonicalizeEmailAddressMatch , 'rt2.library.ucsc.edu$');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#Set($CanonicalizeEmailAddressReplace , 'library.ucsc.edu');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($RTAddressRegexp, '\@rt2.library.ucsc.edu$');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($OwnerEmail, 'rootmail');</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($WebBaseURL, <a href="http://rt2.library.ucsc.edu">"http://rt2.library.ucsc.edu"</a>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># $LogoURL points to the URL of the RT logo displayed in the web UI</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($LogoURL , $WebImagesURL . "library.gif");</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($LogToFile, 'error');</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>1;</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><br>and the external auth config:<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'># The order in which the services defined in ExternalSettings</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># should be used to authenticate users. User is authenticated</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># if successfully confirmed by any service - no more services</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># are checked.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($ExternalAuthPriority, [ 'My_LDAP',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ]</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># The order in which the services defined in ExternalSettings</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># should be used to get information about users. This includes</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># RealName, Tel numbers etc, but also whether or not the user</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># should be considered disabled. </span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># Once user info is found, no more services are checked.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># You CANNOT use a SSO cookie for authentication.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($ExternalInfoPriority, [</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'My_LDAP'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ]</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># If this is set to true, then the relevant packages will</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># be loaded to use SSL/TLS connections. At the moment,</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># this just means "use Net::SSLeay;"</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($ExternalServiceUsesSSLorTLS, 0);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># If this is set to 1, then users should be autocreated by RT</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># as internal users if they fail to authenticate from an</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># external service.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($AutoCreateNonExternalUsers, 0);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'># These are the full settings for each external service as a HashOfHashes</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># Note that you may have as many external services as you wish. They will</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># be checked in the order specified in the Priority directives above.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'># e.g. </span><br><span style='font-size:10.0pt;font-family:"Courier New"'># Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>#</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>Set($ExternalSettings, { </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # AN EXAMPLE DB SERVICE</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'My_MySQL' => { </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ## GENERIC SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The type of service (db/ldap/cookie) </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'type' => 'db',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The server hosting the service</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'server' => 'rt2.library.ucsc.edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ## SERVICE-SPECIFIC SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The database name</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'database' => 'rt3',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The database table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'table' => 'Users',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The user to connect to the database as</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'user' => 'root',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The password to use to connect with</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'pass' => 'xxxxxxxx',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The port to use to connect with (e.g. 3306)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'port' => '3306',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The name of the Perl DBI driver to use (e.g. mysql)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'dbi_driver' => 'mysql',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The field in the table that holds usernames</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'u_field' => 'Name',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The field in the table that holds passwords</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'p_field' => 'Password',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The Perl package & subroutine used to encrypt passwords</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # e.g. if the passwords are stored using the MySQL v3.23 "PASSWORD"</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # function, then you will need Crypt::MySQL::password, but for the</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # MySQL4+ password function you will need Crypt::MySQL::password41</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # Alternatively, you could use Digest::MD5::md5_hex or any other</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # encryption subroutine you can load in your perl installation</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'p_enc_pkg' => 'Crypt::MySQL',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'p_enc_sub' => 'password',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # If your p_enc_sub takes a salt as a second parameter, </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # uncomment this line to add your salt</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> #'p_salt' => 'SALT',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The field and values in the table that determines if a user should</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # be disabled. For example, if the field is 'user_status' and the values</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # are ['0','1','2','disabled'] then the user will be disabled if their</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # user_status is set to '0','1','2' or the string 'disabled'.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # Otherwise, they will be considered enabled.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'd_field' => 'disabled',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'd_values' => ['0'],</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ## RT ATTRIBUTE MATCHING SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The list of RT attributes that uniquely identify a user</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'attr_match_list' => [ 'Gecos',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'Name'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ],</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The mapping of RT attributes on to field names</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'attr_map' => { 'Name' => 'username',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'EmailAddress' => 'email',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'ExternalAuthId' => 'username',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'Gecos' => 'userID'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> }</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> },</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # AN EXAMPLE LDAP SERVICE</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'My_LDAP' => { </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ## GENERIC SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The type of service (db/ldap/cookie) </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'type' => 'ldap',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The server hosting the service</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'server' => 'dir1.library.ucsc.edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ## SERVICE-SPECIFIC SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # If you can bind to your LDAP server anonymously you should </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # remove the user and pass config lines, otherwise specify them here:</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The username RT should use to connect to the LDAP server </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'user' => 'cn=admin,dc=ucsc,dc=edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The password RT should use to connect to the LDAP server</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'pass' => 'xxxxxxxx',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The LDAP search base</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'base' => 'ou=people,dc=ucsc,dc=edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # YOU **MUST** SPECIFY A filter AND A d_filter!!</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The filter to use to match RT-Users</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'filter' => '(objectClass=person)',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # A catch-all example filter: '(objectClass=*)'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The filter that will only match disabled users</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'd_filter' => '(objectClass=FooBarBaz)',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # A catch-none example d_filter: '(objectClass=FooBarBaz)'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> #</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # Should we try to use TLS to encrypt connections?</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'tls' => 0,</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # SSL Version to provide to Net::SSLeay *if* using SSL</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'ssl_version' => 3,</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # What other args should I pass to Net::LDAP->new($host,@args)?</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'net_ldap_args' => [ version => 3 ],</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # Does authentication depend on group membership? What group name?</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'group' => 'staff',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # What is the attribute for the group object that determines membership?</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'group_attr' => 'ou=group,dc=ucsc,dc=edu',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ## RT ATTRIBUTE MATCHING SECTION</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The list of RT attributes that uniquely identify a user</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'> # This example shows what you *can* specify.. I recommend reducing this</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'> # to just the Name and EmailAddress to save encountering problems later.</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'attr_match_list' => [ 'Name',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'EmailAddress', </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> ],</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The mapping of RT attributes on to LDAP attributes</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'attr_map' => { 'Name' => 'uid',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'EmailAddress' => 'mail',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'RealName' => 'cn',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'ExternalAuthId' => 'uid',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'Gecos' => 'gecos',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'WorkPhone' => 'telephoneNumber',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> }</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'> },</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # An example SSO cookie service</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'My_SSO_Cookie' => { </span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # # The type of service (db/ldap/cookie)</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'type' => 'cookie',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The name of the cookie to be used</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'name' => 'loginCookieValue',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The users table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'u_table' => 'users',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The username field in the users table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'u_field' => 'username',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The field in the users table that uniquely identifies a user</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # and also exists in the cookies table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'u_match_key' => 'userID',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The cookies table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'c_table' => 'login_cookie',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The field that stores cookie values</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'c_field' => 'loginCookieValue',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The field in the cookies table that uniquely identifies a user</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # and also exists in the users table</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'c_match_key' => 'loginCookieUserID',</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> # The DB service in this configuration to use to lookup the cookie information</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> 'db_service_name' => 'My_MySQL'</span><br><span style='font-size:10.0pt;font-family:"Courier New"'> }</span><br><span style='font-size:10.0pt;font-family:"Courier New"'>}</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>);</span><br><br><span style='font-size:10.0pt;font-family:"Courier New"'>1;</span><o:p></o:p></p><p class=MsoNormal>Any help would be appreciated. Thanks.<br><br>Wes<br><br><br>On 1/12/2011 4:14 PM, Kevin Falcone wrote: <o:p></o:p></p><pre>On Wed, Jan 12, 2011 at 04:01:08PM -0800, Wes Modes wrote:<o:p></o:p></pre><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre> [Wed Jan 12 23:31:22 2011] [error]: AUTH FAILED, Couldn't Load Password Encryption Package.<o:p></o:p></pre><pre> Error: Can't locate Crypt/MySQL.pm in @INC (@INC contains: /usr/local/rt/lib<o:p></o:p></pre></blockquote><pre><o:p> </o:p></pre><pre>What are you doing to load that?<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>You should send along the other parts of your RT_SiteConfig.pm, it<o:p></o:p></pre><pre>appears you've got something 'interesting' running. Did you tell<o:p></o:p></pre><pre>RT-Authen-ExternalAuth to look at LDAP and a mysql database?<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>-kevin<o:p></o:p></pre></div></body></html>