[rt-users] LDAP authentication..
Nathan, Ahalya
Ahalya_Nathan at mudnebr.com
Mon Nov 28 16:13:31 EST 2005
I used the attached file for doing the LDAP authentication and it
worked. Hope it's helpful.
Ahalya Nathan
Senior Programmer / Analyst
Information Technology, Metropolitan Utilities District
(402) 504-7180 phone
(402) 504-5180 fax
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com
[mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Jim Meyer
Sent: Monday, November 28, 2005 3:07 PM
To: TeleMole
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] LDAP authentication..
Hello!
Have you read:
http://wiki.bestpractical.com/index.cgi?LDAP
http://wiki.bestpractical.com/index.cgi?LdapOverlay
I ask this because both mention attributes you've not set in your
RT_SiteConfig.pm. Meanwhile, here's what the pertinent bits of ours look
like:
Set($LDAPExternalAuth, 1);
Set($LdapServer, "ldap.foo.com");
Set($LdapUser, "");
Set($LdapPass, "");
Set($LdapBase, "ou=People,dc=foo,dc=com");
Set($LdapUidAttr, "uid");
Set($LdapFilter, "(objectclass=posixAccount)");
So we look in the People branch of our LDAP tree for a person whose
posixAccount matches the login name, then auth that. While our LDAP
server doesn't require authentication, I've left both fields set as
blank; I don't know if it matters, but it worked so I haven't twiddled
it to understand better.
On Mon, 2005-11-28 at 12:22, TeleMole wrote:
> Mon Nov 28 15:15:33 2005] [error] [client 192.75.12.248] FastCGI:
> server "/opt/rt3/bin/mason_handler.fcgi" stderr: [Mon Nov 28 20:15:33
> 2005] [critical]: IsLdapPassword: Cannot bind to LDAP: retval= 48
> LDAP_INAPPROPRIATE_AUTH (/opt/rt3/lib/RT/User_Local.pm:382)
I'm guessing this means that the ldap_proxy user you spec'd isn't able
to authenticate without a password. For our installation I didn't need a
user/password; access control is via host groups instead.
> Set($WebExternalAuth , '1');
> Set($WebFallbackToInternalAuth , '1');
> Set($WebExternalGecos , undef);
> Set($WebExternalAuto , '1');
Interestingly, I don't have any of these set in my config. It works just
fine without them, it seems.
Good luck!
--j
--
Jim Meyer, Geek at Large purp at acm.org
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Be sure to check out the RT Wiki at http://wiki.bestpractical.com
Download a free sample chapter of RT Essentials from O'Reilly Media at
http://rtbook.bestpractical.com
WE'RE COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and
San Francisco - Find out more at
http://bestpractical.com/services/training.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RT_SiteConfig_LDAP.pm
Type: application/octet-stream
Size: 1647 bytes
Desc: RT_SiteConfig_LDAP.pm
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20051128/08e6a594/attachment.obj>
More information about the rt-users
mailing list