[rt-users] Can't bind: LDAP_INVALID_CREDENTIALS 49

Wade Naveja wade at naveja.net
Tue Jun 6 15:57:52 EDT 2006 

Jim - Thanks for the feedback.  I'm sure you're right about the AD server 
not accepting anonymous binding.

I've got the values populated for 
LdapUser and LdapPass.  We have a service account that we use for Apache 
LDAP authentication, so the username/password are definitely valid.

I'm wondering if this bit from my RT_SiteConfig.pm looks okay:

# The basics; if set, these override $RT::LdapAuth* and $RT::LdapInfo*
Set($LdapServer, 'server.example.com');
Set($LdapBase, 'cn=Users,dc=subdomain,dc=example,dc=com');
Set($LdapFilter, "(objectclass=user)");
Set($LdapUser, 'genericid');
Set($LdapPass, 'sekrit_password');

Any suggestions?

Regards,

Wade Naveja <wade at naveja.net>


On Tue, 6 Jun 2006, Jim Meyer wrote:

> Hello!
> 
> Bless you for all the precise information below. =]
> 
> On 6/5/06, Wade Naveja <wade at naveja.net> wrote:
> > I'm running Request Tracker 3.4.5 on a FreeBSD 5.4 server with Apache
> > 1.3.34 and MySQL 4.1.13.  The installation went smooth, and my team is
> > very happy with RT over our current home brew ticketing application.
> >
> > I'm running into trouble with LDAP authentication against a Windows 2003
> > domain controller.  I've followed the
> > instructions found at:
> >
> > http://wiki.bestpractical.com/?LDAP
> > http://wiki.bestpractical.com/index.cgi?LdapUserLocalOverlay
> > http://wiki.bestpractical.com/index.cgi?LdapSiteConfigSettings
> >
> > I've got loggin cranked up, and I'm seeing the following:
> >
> > [Tue Jun  6 01:51:01 2006] [critical]: RT::User::LookupExternalUserInfo
> > Can't bind: LDAP_INVALID_CREDENTIALS 49
> > (/usr/local/rt3/lib/RT/User_Local.pm:475)
> 
> Hmmm. I'm hoping that Ole's messages were helpful to you as my only
> guess is that your LDAP server (aka AD server) won't accept anonymous
> (unauthenticated) bindings. Here's the code in and around the
> complaining line:
> 
>     my $msg = undef;
>     if ($ldap_user) {
>         $msg = $ldap->bind($ldap_user, password => $ldap_pass);
>     } else {
>         $msg = $ldap->bind;
>     }
> 
>     unless ($msg->code == LDAP_SUCCESS) {
>         $RT::Logger->critical((caller(0))[3], "Can't bind:",
>                              ldap_error_name($msg->code), $msg->code);
>     } else {
>         ...
> 
> Have you set LdapUser and LdapPass in RT_SiteConfig.pm? If not, try
> setting them to a user/pass combo that should allow you to bind to the
> server and let me know how it goes.
> 
> Thanks!
> 
> --j
> -- 
> Jim Meyer, Geek at Large                                    purp at acm.org
>

More information about the rt-users mailing list