[rt-users] LDAP authentication..
Jim Meyer
purp at acm.org
Mon Nov 28 16:06:41 EST 2005
Hello!
Have you read:
http://wiki.bestpractical.com/index.cgi?LDAP
http://wiki.bestpractical.com/index.cgi?LdapOverlay
I ask this because both mention attributes you've not set in your
RT_SiteConfig.pm. Meanwhile, here's what the pertinent bits of ours look
like:
Set($LDAPExternalAuth, 1);
Set($LdapServer, "ldap.foo.com");
Set($LdapUser, "");
Set($LdapPass, "");
Set($LdapBase, "ou=People,dc=foo,dc=com");
Set($LdapUidAttr, "uid");
Set($LdapFilter, "(objectclass=posixAccount)");
So we look in the People branch of our LDAP tree for a person whose
posixAccount matches the login name, then auth that. While our LDAP
server doesn't require authentication, I've left both fields set as
blank; I don't know if it matters, but it worked so I haven't twiddled
it to understand better.
On Mon, 2005-11-28 at 12:22, TeleMole wrote:
> Mon Nov 28 15:15:33 2005] [error] [client 192.75.12.248] FastCGI:
> server "/opt/rt3/bin/mason_handler.fcgi" stderr: [Mon Nov 28 20:15:33
> 2005] [critical]: IsLdapPassword: Cannot bind to LDAP: retval= 48
> LDAP_INAPPROPRIATE_AUTH (/opt/rt3/lib/RT/User_Local.pm:382)
I'm guessing this means that the ldap_proxy user you spec'd isn't able
to authenticate without a password. For our installation I didn't need a
user/password; access control is via host groups instead.
> Set($WebExternalAuth , '1');
> Set($WebFallbackToInternalAuth , '1');
> Set($WebExternalGecos , undef);
> Set($WebExternalAuto , '1');
Interestingly, I don't have any of these set in my config. It works just
fine without them, it seems.
Good luck!
--j
--
Jim Meyer, Geek at Large purp at acm.org
More information about the rt-users
mailing list