<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 02/04/14 20:44, Jason Batchelor
      wrote:<br>
    </div>
    <blockquote
cite="mid:CANWz5X8-k4_fLorQrpJrQ08DSyq303HeHBBQre+EeruoiWnGyg@mail.gmail.com"
      type="cite">
      <div dir="ltr">I have been trying for sometime to get AD auth
        working correctly on my server. I've managed to get most of the
        way there I think but am consistently getting hung up on an
        error.
      </div>
    </blockquote>
    <br>
    <blockquote
cite="mid:CANWz5X8-k4_fLorQrpJrQ08DSyq303HeHBBQre+EeruoiWnGyg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>Set($ExternalSettings, {<br>
        </div>
        <div>    'My_LDAP'       =>  {<br>
                  'type'                      =>  'ldap',<br>
                  'server'                    =>  '<a class="moz-txt-link-freetext" href="ldaps://">ldaps://</a><a
            moz-do-not-send="true" href="http://example.company.org">example.company.org</a>',<br>
                  'base'                      =>  'dc=xxxxx,dc=org',<br>
                  'filter'                    =>  '(objectClass=*)',<br>
                  'd_filter'                  => 
          '(userAccountControl:1.2.840.113556.1.4.803:=2)',<br>
                  'tls'                       =>  0,<br>
                  'ssl_version'               =>  3,<br>
                  'net_ldap_args'             => [ version =>  3 ]<br>
                  },<br>
          } );</div>
        <br>
      </div>
    </blockquote>
    <br>
    Some questions:<br>
    - Do you have SSL configured on port tcp/636 for your AD? (It's not
    an out-of-the-box option.) We've dropped back to using mandatory TLS
    on tcp/389.<br>
    - Have you tried using something like ldapsearch to confirm that
    your connection parameters are correct?<br>
    - IME, AD requires authentication to bind to anything other than the
    base scope. Have you omitted this just for the email, or in its
    entirety?<br>
    <br>
    <br>
    The following is a configuration that "works for me"<br>
    <br>
        'type' => 'ldap', <br>
        'server' => 'dc.example.org',<br>
        'user' => '<a class="moz-txt-link-abbreviated" href="mailto:user@example.org">user@example.org</a>',<br>
        'pass' => 'secretpassword',<br>
        'base' => 'dc=example,dc=org',<br>
        'filter' => '(ObjectClass=User)',<br>
        'd_filter' =>
    '(userAccountControl:1.2.840.113556.1.4.803:=2)',<br>
        'attr_match_list' => [ 'Name', 'EmailAddress', 'displayName'
    ],<br>
        'attr_map' => {<br>
                'Name' => 'sAMAccountName',<br>
                'EmailAddress' => 'mail', <br>
                'Organization' => 'physicalDeliveryOfficeName',<br>
                'RealName' => 'cn',<br>
                'ExternalAuthId' => 'sAMAccountName',<br>
                'Gecos' => 'sAMAccountName',<br>
                'WorkPhone' => 'telephoneNumber',<br>
                'Address1' => 'streetAddress',<br>
                'City' => 'l', <br>
                'State' => 'st',<br>
                'Zip' => 'postalCode',<br>
                'Country' => 'co',<br>
        },<br>
        # Permit domain prefix on username ("EXAMPLE\user")<br>
        # 'ad_domain_prefix' => 'EXAMPLE',      # case insensitive<br>
        # 'ad_domain_required' => 'no',         # { 'yes' | 'no' }<br>
        # 'ad_domain_separator' => '\\',        # split here    <br>
    <br>
    <br>
    Here are some URLs of configurations that according to my notes were
    useful at the time<br>
    - <a class="moz-txt-link-freetext" href="http://www.gossamer-threads.com/lists/rt/users/109309">http://www.gossamer-threads.com/lists/rt/users/109309</a><br>
    - <a class="moz-txt-link-freetext" href="http://requesttracker.wikia.com/wiki/ExternalAuth">http://requesttracker.wikia.com/wiki/ExternalAuth</a><br>
    - /opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm<br>
    - /root/.cpan/build/RT-Authen-ExternalAuth-0.12-9Em3TJ/README<br>
    <br>
    Regards,<br>
    Chris<br>
  </body>
</html>