[rt-users] RT 3.6.5 Setup / LDAP

David ROBERT drobert at generix.fr
Fri Oct 19 12:39:51 EDT 2007 

At least I'm able to use the ldapsearch command line utility to query properly our AD servers. I have to use the -x options to force simple auth method otherwise I get an error (I put all needed options in the command line, not relying on /etc/ldap.conf)

But... this leads me to ask a question that may be a really silly one: do we need a properly configured /etc/ldap.conf file to get the LDAP Auth to work in RT? I thought all the server and connection info put in the RT/Apache conf file would be enough.

Now I'll try to install the ldap overlay and configure it.

-----Message d'origine-----
De : Scott Golby [mailto:sgolby at freshdirect.com] 
Envoyé : vendredi 19 octobre 2007 15:57
À : David ROBERT
Objet : RE: [rt-users] RT 3.6.5 Setup / LDAP

Oh, go for debug on, you'll get tons of LDAP messages every step of the way.

Set($LogToFile      , 'debug');
Set($LogDir, '/opt/rt3/var/log');
Set($LogToFileNamed , "rt.log");    #log to rt.log

Very obvious when you get it right, you'll see the response from the server with the Real Name, Address, etc, etc, in the logs.


-----Original Message-----
From: David ROBERT [mailto:drobert at generix.fr] 
Sent: Friday, October 19, 2007 9:53 AM
To: Scott Golby
Subject: RE: [rt-users] RT 3.6.5 Setup / LDAP

Since I get no LDAP error whatsoever in my log files I'll try the ldapsearch approach first.

At the same time I am reviewing wiki articles about a FastCGI setup instead of the mod_perl method (found a RHEL4u2+RT3.6.2 method that I try on my RHEL5+RT3.6.5)
Will keep you posted on the ldapsearch attempt.

-----Message d'origine-----
De : Scott Golby [mailto:sgolby at freshdirect.com] 
Envoyé : vendredi 19 octobre 2007 15:30
À : David ROBERT; rt-users at lists.bestpractical.com
Objet : RE: [rt-users] RT 3.6.5 Setup / LDAP

Hi David,

The link that Jose posted is pretty similar to what I used to hook into
our ActiveDirectory on Win2k3 server here.

I did make these changes to get it to work however.  The Doc I read 12
months ago said to filter on sAMAccountName, that didn't work for me.

#Set($LdapFilter, '(objectclass=sAMAccountName)');
Set($LdapFilter, '(objectclass=*)');


Getting the Set($LdapBase, ''); right can be a challenge, use ldapsearch
on linux to walk your AD server, it will also confirm that your
Set($LdapUser) is setup correctly.  That you have to be sure of, we've
had our LdapUser expire on the AD server and it locked everyone out of
RT because it couldn't bind.


Unlike the link instructions, I do have SSL turned on, worked for me.

# These turn on SSL for LDAP
Set($LdapTLS, 0);
Set($LdapSSLVersion, 3);


- Scott

More information about the rt-users mailing list