[rt-users] Re: LDAP issues with new install
eric.valor at daimlerchrysler.com
eric.valor at daimlerchrysler.com
Wed Jul 5 15:37:39 EDT 2006
I don't think your lookups are working. The user you specified in
RT_SiteConfig.pm probably can't search the LDAP tree.
Try "Set($LdapUser, '[user]');" in your RT_SiteConfig.pm (without the
"@smwm.com"). Make sure you have the correct LdapBase setting. Check by
looking at a user record on your AD in the Object tab. If it is
smwm.com/Users/<user> then your current setting should be OK.
Also, unless you're getting a dump of the LDAP record, your ldapsearch
isn't working either.
--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
eric.valor at daimlerchrysler.com
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536
: This Space Intentionally Left Blank :
rt-users-request at lists.bestpractical.com
Sent by: rt-users-bounces at lists.bestpractical.com
07/05/2006 12:10 PM
Please respond to
rt-users at lists.bestpractical.com
To
rt-users at lists.bestpractical.com
cc
Subject
RT-Users Digest, Vol 28, Issue 8
From: "Sean W. Mahan" <smahan at smwm.com>
Hello all,
I've been having some trouble setting up a new install of
3.6
(on Ubuntu server 6.06) with LDAP authenticating against AD (on 2003 R1
SP1). Login fails for new AD users. I set up an account in RT (with a
different-from-in-AD password) and tried to log in using the AD
password, and the log reported having updated the user information, but
authentication failed. Logging in with the password set in RT seems to
find the user in AD and update info, but IsLDAPPassword fails. One
mystery is the "Transaction->Create couldn't, as you didn't specify an
object type and id" error. The other is that LDAP lookups seem to be
working - although LookupExternalUserInfo doesn't report the values for
any of the fields - but authentication does not. At this point, I
really don't know if my problem is in AD somewhere, or in my RT config.
Apologies for the lengthy, log-filled email, but can anyone offer any
hints? Thanks,
-Sean
** Here's the LDAP sections of my SiteConfig **
Set($AuthMethods, ['LDAP','Internal']);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($LdapAttrMap, {'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'company',
'RealName' => 'cn',
'ExternalContactInfoId' => 'dn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'}
);
Set($LdapRTAttrMatchList, ['Name','ExternalContactInfoId',
'EmailAddress', 'RealName']
);
Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
'mailAlternateAddress']
);
Set($LdapServer, '[DC ip address]');
Set($LdapBase, 'CN=users,DC=smwm,DC=com');
#Set($LdapBase, 'CN=SMWM,OU=SMWMSF Distribution Lists,DC=smwm,DC=com');
Set($LdapFilter, "(objectclass=sAMAccountName)");
Set($LdapUser, '[user]@smwm.com');
Set($LdapPass, '[password]');
Set($LdapSSLVersion, 3);
Now some logs:
**First off, a search to make sure LDAP is actually working, DNs are
correct, etc**
ldapsearch -x -h [ip address] -b "CN=users,DC=smwm,DC=com" -D
"SMWMSF\[user]" -w "[password]" "sn=smahan"
# extended LDIF
#
# LDAPv3
# base <CN=users,DC=smwm,DC=com> with scope sub
# filter: sn=smahan
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060705/fd1d0138/attachment.htm>
More information about the rt-users
mailing list