[rt-users] Question about LdapOverlay and Windows Active Directory

Dario Luis Coneglian Oliveros oliveros at cpqd.com.br
Fri Jul 21 17:33:54 EDT 2006 

How can I set anything in UserObj (see previous message) if the code 
snippet below (User_Overlay.pm) does not allow that ?
sub _Set {
    ...
    if ( ($self->Id == $RT::SystemUser->Id )  ||
         ($self->Id == $RT::Nobody->Id)) {
        return ( 0, $self->loc("Can not modify system users") );
    }
    ...
}
And if this cannot be set, then the LDAP filter will not be created 
successfully since sAMAccountName value will be missing.
I wonder why some of you got the auto creation working.
To prove my theory, I commented out the lines above and the SetName 
operation worked fine.
I think I am missing something, but can't figure out what.
Please help me understand how you got the auto creation working.

Thanks,
Dário


Dario Luis Coneglian Oliveros wrote:

> I noticed the user name is not being set in Auth callback.
>
>   my $UserObj = RT::User->new($RT::SystemUser);
>   my ($val, $msg) = $UserObj->SetName($user);
>
> When printing $msg from above, I get 'Can not modify system users'.
> Any clues ?
>
> Dario Luis Coneglian Oliveros wrote:
>
>> I finally got it working !!! It was configuration data issues (cn, 
>> ou, ...). Thanks to everyone !!!
>> To solve that, I installed Softerra Ldap Browser to get the correct 
>> LDAP settings and also to do some LDAP searchs. Special thanks to 
>> Joachim and Helmuth.
>> Now everything looks fine, except for the user auto creation.
>> When trying to login with a LDAP user who does not exist in RT 
>> database yet, the user authentication fails. Somehow the LDAP filter 
>> got messed up and the sAMAccountName is not filled. Starting from the 
>> Auth callback, the IsPassword method is called and it does, the 
>> filter gets created before LDAP search.
>>
>> autohandler/Auth callback:
>>
>>unless ($session{'CurrentUser'}) {
>>    if (defined ($user) && defined ($pass) ) {
>>        $session{'CurrentUser'} = RT::CurrentUser->new();
>>        $session{'CurrentUser'}->Load($user);
>>	
>>        unless ($session{'CurrentUser'}->Id) {
>>	    // IT GETS HERE IF USER DOES NOT EXIST IN RT DB
>>            my $UserObj = RT::User->new($RT::SystemUser);
>>            my ($val, $msg) = $UserObj->SetName($user);
>>
>>            if ($UserObj->IsPassword($pass)) { // CALL IsPassword in User_Local.pm
>>	...
>>  
>>
>> User_Local.pm
>>
>>sub IsLDAPPassword {
>>    ...
>>    my $filter_string = '(&(' . $RT::LdapAttrMap->{'Name'} . '=' . 
>>      $self->Name . ')' . $ldap_filter . ')';
>>    // filter_string = (&(sAMAccountName=)(objectclass=user))
>>
>>        ...
>> }
>>
>> Not sure why sAMAccountName is empty. If I create the same user 
>> locally in RT and log in again, the LDAP authentication will be OK.
>> Any help will be appreciated.
>>
>> Regards,
>> Dário
>>
>>
>> Helmuth Ramirez wrote:
>>
>>>One thing that got me (due to my COMPLETE LAMP newness) was installing the Net::LDAP module.  The other thing I did differently was my objectclass=user not PosixAccount
>>>
>>>-----Original Message-----
>>>From: Dario Luis Coneglian Oliveros [mailto:oliveros at cpqd.com.br] 
>>>Sent: Thursday, July 20, 2006 2:13 PM
>>>To: Helmuth Ramirez
>>>Cc: rt-users at lists.bestpractical.com <mailto:rt-users at lists.bestpractical.com>
>>>Subject: Re: [rt-users] Question about LdapOverlay and Windows Active Directory
>>>
>>>Hi Helmuth,
>>>That's the one I looked at, but even though I could not get it working. 
>>>Whenever I try to login, I got the following error:
>>>RT::User::IsLDAPPassword search for 
>>>(&(sAMAccountName=oliveros)(objectclass=posixAccount)) failed: 
>>>LDAP_REFERRAL 10 (/l/disk0/tools/rt/local/lib/RT/User_Local.pm:177
>>>I am not sure whether it's just a configuration problem or not.
>>>Do you happen to know what this error means ?
>>>FYI the only step I did not follow in the "New Installs" section of 
>>>http://wiki.bestpractical.com/?LDAP was #4, which is optional.
>>>Thanks,
>>>Dário
>>>
>>>Helmuth Ramirez wrote:
>>>
>>>  
>>>
>>>>There were two ways of doing it in the Wiki...one I failed miserably with, the one that worked for me was this one:
>>>>
>>>>http://wiki.bestpractical.com/?LDAP
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: rt-users-bounces at lists.bestpractical.com <mailto:rt-users-bounces at lists.bestpractical.com> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Dario Luis Coneglian Oliveros
>>>>Sent: Thursday, July 20, 2006 1:41 PM
>>>>To: rt-users at lists.bestpractical.com <mailto:rt-users at lists.bestpractical.com>
>>>>Subject: [rt-users] Question about LdapOverlay and Windows Active Directory
>>>>
>>>>Hi there,
>>>>
>>>>Has anyone gotten the LdapOverlay working with Windows Active Directory ?
>>>>Basically I would like to authenticate user against Windows AD without 
>>>>doing it thru Apache.
>>>>I followed the steps in the section LDAP at RT Wiki, but couldn't get it 
>>>>working yet.
>>>>Any tips, suggestions or working samples will be appreciated.
>>>>
>>>>Thanks,
>>>>Dário
>>>>
>>>>
>>>>
>>>>_______________________________________________
>>>>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>>>
>>>>Community help: http://wiki.bestpractical.com
>>>>Commercial support: sales at bestpractical.com <mailto:sales at bestpractical.com>
>>>>
>>>>
>>>>Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
>>>>Buy a copy at http://rtbook.bestpractical.com
>>>>
>>>>
>>>>We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
>>>> 
>>>>
>>>>    
>>>>
>>>  
>>>
>>
>> 
>>_______________________________________________
>>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>>Community help: http://wiki.bestpractical.com
>>Commercial support: sales at bestpractical.com <mailto:sales at bestpractical.com>
>>
>>
>>Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
>>Buy a copy at http://rtbook.bestpractical.com
>>
>>
>>We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
>>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
>Community help: http://wiki.bestpractical.com
>Commercial support: sales at bestpractical.com
>
>
>Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
>Buy a copy at http://rtbook.bestpractical.com
>
>
>We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060721/4c7eba11/attachment.htm>

More information about the rt-users mailing list