[rt-users] Problem configuring LDAP with AD

eric.valor at daimlerchrysler.com eric.valor at daimlerchrysler.com
Thu Oct 26 16:16:52 EDT 2006 

I'm not an expert in AD or LDAP, but "ou=ActiveUsers,dc=domain,dc=local" 
doesn't look right to me.  I don't see "ActiveUsers" in either my 2k or 
2k3 domain controllers' schemas.  Also, I think your base should be 
"cn=,dc=,dc=" format not "ou=,dc=,dc=".

Can you run "ldapsearch" on your RT box?  The output from  ldapsearch -x 
-h <server> -b "cn=Users,dc=<domain>,dc=<com|net|etc>"  -D <ldapbinduser> 
-w  <password> sAMAccountName=<domainuser> would be helpful.

--
Eric N. Valor
Information Technology Manager
DaimlerChrysler Research & Technology North America, Inc.
eric.valor at daimlerchrysler.com
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536

: This Space Intentionally Left Blank :




Andrew Hodgson <andrew at plaintalkit.com> 
10/24/2006 11:58 AM

To
rt-users at lists.bestpractical.com
cc
eric.valor at daimlerchrysler.com
Subject
Re: [rt-users] Problem configuring LDAP with AD






eric.valor at daimlerchrysler.com wrote:
> 
> AFAIK, "inetOrgPerson" doesn't exist in Active Directory.

I've changed it to "user", which is one of the choices I can see in 
ADSIEdit (the others are organizationalPerson, top, person.)

> Use the LDAPAttrMap I posted to the Wiki at 
> http://wiki.bestpractical.com/index.cgi?LdapAttrMap

I have done, thank you for the page. I used this page when I set up the 
LDAP overlay originally.


> In your RT_SiteConfig.pm make sure you have the correct MatchList and 
base:

Check. My base is an OU (ou=ActiveUsers,dc=domain,dc=local).

> # A list of RT attrs which can uniquely identify a user,
> # # ordered from most to least preferred.
> Set($LdapRTAttrMatchList, ['Name', 'ExternalContactInfoId',
>                            'EmailAddress', 'RealName',
>                            'WorkPhone', 'Address1']

The final entry was set to Address2, so I've changed it to "1".

<snip...all in check>

I've doubled checked the configuration and I still get the 
LDAP_OPERATIONS_ERROR 1. I've tried it with different credentials, and 
different settings for objectClass, but as far as I can see there's no 
effect.

Any further help appreciated,

Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20061026/c584627e/attachment.htm>

More information about the rt-users mailing list