[rt-users] Question about LdapOverlay and Windows Active Directory

Dario Luis Coneglian Oliveros oliveros at cpqd.com.br
Fri Jul 21 15:15:50 EDT 2006 

I noticed the user name is not being set in Auth callback.

   my $UserObj = RT::User->new($RT::SystemUser);
   my ($val, $msg) = $UserObj->SetName($user);

When printing $msg from above, I get 'Can not modify system users'.
Any clues ?

Dario Luis Coneglian Oliveros wrote:

> I finally got it working !!! It was configuration data issues (cn, ou, 
> ...). Thanks to everyone !!!
> To solve that, I installed Softerra Ldap Browser to get the correct 
> LDAP settings and also to do some LDAP searchs. Special thanks to 
> Joachim and Helmuth.
> Now everything looks fine, except for the user auto creation.
> When trying to login with a LDAP user who does not exist in RT 
> database yet, the user authentication fails. Somehow the LDAP filter 
> got messed up and the sAMAccountName is not filled. Starting from the 
> Auth callback, the IsPassword method is called and it does, the filter 
> gets created before LDAP search.
>
> autohandler/Auth callback:
>
>unless ($session{'CurrentUser'}) {
>    if (defined ($user) && defined ($pass) ) {
>        $session{'CurrentUser'} = RT::CurrentUser->new();
>        $session{'CurrentUser'}->Load($user);
>	
>        unless ($session{'CurrentUser'}->Id) {
>	    // IT GETS HERE IF USER DOES NOT EXIST IN RT DB
>            my $UserObj = RT::User->new($RT::SystemUser);
>            my ($val, $msg) = $UserObj->SetName($user);
>
>            if ($UserObj->IsPassword($pass)) { // CALL IsPassword in User_Local.pm
>	...
>  
>
> User_Local.pm
>
>sub IsLDAPPassword {
>    ...
>    my $filter_string = '(&(' . $RT::LdapAttrMap->{'Name'} . '=' . 
>      $self->Name . ')' . $ldap_filter . ')';
>    // filter_string = (&(sAMAccountName=)(objectclass=user))
>
>        ...
> }
>
> Not sure why sAMAccountName is empty. If I create the same user 
> locally in RT and log in again, the LDAP authentication will be OK.
> Any help will be appreciated.
>
> Regards,
> Dário
>
>
> Helmuth Ramirez wrote:
>
>>One thing that got me (due to my COMPLETE LAMP newness) was installing the Net::LDAP module.  The other thing I did differently was my objectclass=user not PosixAccount
>>
>>-----Original Message-----
>>From: Dario Luis Coneglian Oliveros [mailto:oliveros at cpqd.com.br] 
>>Sent: Thursday, July 20, 2006 2:13 PM
>>To: Helmuth Ramirez
>>Cc: rt-users at lists.bestpractical.com <mailto:rt-users at lists.bestpractical.com>
>>Subject: Re: [rt-users] Question about LdapOverlay and Windows Active Directory
>>
>>Hi Helmuth,
>>That's the one I looked at, but even though I could not get it working. 
>>Whenever I try to login, I got the following error:
>>RT::User::IsLDAPPassword search for 
>>(&(sAMAccountName=oliveros)(objectclass=posixAccount)) failed: 
>>LDAP_REFERRAL 10 (/l/disk0/tools/rt/local/lib/RT/User_Local.pm:177
>>I am not sure whether it's just a configuration problem or not.
>>Do you happen to know what this error means ?
>>FYI the only step I did not follow in the "New Installs" section of 
>>http://wiki.bestpractical.com/?LDAP was #4, which is optional.
>>Thanks,
>>Dário
>>
>>Helmuth Ramirez wrote:
>>
>>  
>>
>>>There were two ways of doing it in the Wiki...one I failed miserably with, the one that worked for me was this one:
>>>
>>>http://wiki.bestpractical.com/?LDAP
>>>
>>>
>>>-----Original Message-----
>>>From: rt-users-bounces at lists.bestpractical.com <mailto:rt-users-bounces at lists.bestpractical.com> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Dario Luis Coneglian Oliveros
>>>Sent: Thursday, July 20, 2006 1:41 PM
>>>To: rt-users at lists.bestpractical.com <mailto:rt-users at lists.bestpractical.com>
>>>Subject: [rt-users] Question about LdapOverlay and Windows Active Directory
>>>
>>>Hi there,
>>>
>>>Has anyone gotten the LdapOverlay working with Windows Active Directory ?
>>>Basically I would like to authenticate user against Windows AD without 
>>>doing it thru Apache.
>>>I followed the steps in the section LDAP at RT Wiki, but couldn't get it 
>>>working yet.
>>>Any tips, suggestions or working samples will be appreciated.
>>>
>>>Thanks,
>>>Dário
>>>
>>>
>>>
>>>_______________________________________________
>>>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>>
>>>Community help: http://wiki.bestpractical.com
>>>Commercial support: sales at bestpractical.com <mailto:sales at bestpractical.com>
>>>
>>>
>>>Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
>>>Buy a copy at http://rtbook.bestpractical.com
>>>
>>>
>>>We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
>>> 
>>>
>>>    
>>>
>>  
>>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
>Community help: http://wiki.bestpractical.com
>Commercial support: sales at bestpractical.com
>
>
>Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
>Buy a copy at http://rtbook.bestpractical.com
>
>
>We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060721/173a6e7b/attachment.htm>

More information about the rt-users mailing list