[rt-users] LDAP authentication..

Jim Meyer purp at acm.org
Mon Nov 28 16:06:41 EST 2005


Hello!

Have you read:

  http://wiki.bestpractical.com/index.cgi?LDAP
  http://wiki.bestpractical.com/index.cgi?LdapOverlay

I ask this because both mention attributes you've not set in your
RT_SiteConfig.pm. Meanwhile, here's what the pertinent bits of ours look
like:

Set($LDAPExternalAuth, 1);
Set($LdapServer, "ldap.foo.com");
Set($LdapUser, "");
Set($LdapPass, "");
Set($LdapBase, "ou=People,dc=foo,dc=com");
Set($LdapUidAttr, "uid");
Set($LdapFilter, "(objectclass=posixAccount)");

So we look in the People branch of our LDAP tree for a person whose
posixAccount matches the login name, then auth that. While our LDAP
server doesn't require authentication, I've left both fields set as
blank; I don't know if it matters, but it worked so I haven't twiddled
it to understand better.


On Mon, 2005-11-28 at 12:22, TeleMole wrote:
> Mon Nov 28 15:15:33 2005] [error] [client 192.75.12.248] FastCGI:
> server "/opt/rt3/bin/mason_handler.fcgi" stderr: [Mon Nov 28 20:15:33
> 2005] [critical]: IsLdapPassword: Cannot bind to LDAP:  retval= 48  
> LDAP_INAPPROPRIATE_AUTH (/opt/rt3/lib/RT/User_Local.pm:382)

I'm guessing this means that the ldap_proxy user you spec'd isn't able
to authenticate without a password. For our installation I didn't need a
user/password; access control is via host groups instead.

> Set($WebExternalAuth , '1');
> Set($WebFallbackToInternalAuth , '1');
> Set($WebExternalGecos , undef);
> Set($WebExternalAuto , '1');

Interestingly, I don't have any of these set in my config. It works just
fine without them, it seems.

Good luck!

--j
-- 
Jim Meyer, Geek at Large                                    purp at acm.org




More information about the rt-users mailing list