[rt-users] Question about LdapOverlay and Windows Active Directory

Thu Jul 20 14:56:10 EDT 2006

I used the Mosemann overlay listed on the : http://wiki.bestpractical.com/index.cgi?LdapSummary
Page.  It also comes with a perl script that will search your existing userbase and attempt to convert them to AD type accounts.

Integration was easy, but configuration got me for a bit until I realized:

-- Windows 2003 Active Directory has no anonymous ldap queries, thus ldapsearch & Net::LDAP wont bind properly.  I had to create a separate account that had read permission on the directory before I could get it to work.  Once I got binding working, the RT config didn't work properly, that is when I realized that I had to configure LdapUser with the proper distinguished name instead of just a username.  So:

Set($LdapUser, 'cn=ADbindUser,cn=Users,dc=corp,dc=domainname,dc=com');
Set($LdapPass, 'ADbindUserPassword');

Once I fixed those, I was up and authenticating.   I also tried the LDAP at /index.cgi?LDAP, and couldn't get it to work at all.

Hope that helps,
-Jay

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Helmuth Ramirez
Sent: Thursday, July 20, 2006 11:20 AM
To: Dario Luis Coneglian Oliveros
Cc: rt-users at lists.bestpractical.com
Subject: RE: [rt-users] Question about LdapOverlay and Windows Active Directory

One thing that got me (due to my COMPLETE LAMP newness) was installing the Net::LDAP module.  The other thing I did differently was my objectclass=user not PosixAccount

-----Original Message-----
From: Dario Luis Coneglian Oliveros [mailto:oliveros at cpqd.com.br] 
Sent: Thursday, July 20, 2006 2:13 PM
To: Helmuth Ramirez
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Question about LdapOverlay and Windows Active Directory

Hi Helmuth,
That's the one I looked at, but even though I could not get it working. 
Whenever I try to login, I got the following error:
RT::User::IsLDAPPassword search for 
(&(sAMAccountName=oliveros)(objectclass=posixAccount)) failed: 
LDAP_REFERRAL 10 (/l/disk0/tools/rt/local/lib/RT/User_Local.pm:177
I am not sure whether it's just a configuration problem or not.
Do you happen to know what this error means ?
FYI the only step I did not follow in the "New Installs" section of 
http://wiki.bestpractical.com/?LDAP was #4, which is optional.
Thanks,
Dário

Helmuth Ramirez wrote:

>There were two ways of doing it in the Wiki...one I failed miserably with, the one that worked for me was this one:
>
>http://wiki.bestpractical.com/?LDAP
>
>
>-----Original Message-----
>From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Dario Luis Coneglian Oliveros
>Sent: Thursday, July 20, 2006 1:41 PM
>To: rt-users at lists.bestpractical.com
>Subject: [rt-users] Question about LdapOverlay and Windows Active Directory
>
>Hi there,
>
>Has anyone gotten the LdapOverlay working with Windows Active Directory ?
>Basically I would like to authenticate user against Windows AD without 
>doing it thru Apache.
>I followed the steps in the section LDAP at RT Wiki, but couldn't get it 
>working yet.
>Any tips, suggestions or working samples will be appreciated.
>
>Thanks,
>Dário
>
>
>
>_______________________________________________
>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
>Community help: http://wiki.bestpractical.com
>Commercial support: sales at bestpractical.com
>
>
>Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
>Buy a copy at http://rtbook.bestpractical.com
>
>
>We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
>  
>

_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales at bestpractical.com

Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html