[rt-users] LDAP_INVALID_CREDENTIALS error with 'ExternalAuth' extension
Mike Peachey
mike.peachey at jennic.com
Thu Apr 10 04:51:40 EDT 2008
James Treleaven wrote:
> I have installed the ExternalAuth extension (thanks Mike!) to try and
> validate against my Active Directory server, but I am failing with the
> following message in my apache error_log:
>
> [Wed Apr 9 22:20:09 2008] [critical]: RT::User::_GetBoundLdapObj Can't
> bind: LDAP_INVALID_CREDENTIALS 49
> (/usr/local/rt3/lib/RT/User_Vendor.pm:1056)
>
>
> This looked to me (and other messages on this list seemed to indicate)
> that my problem was one of not providing a correct username/password
> pair with which to connect to the AD server. This seemed strange to me
> because I was able to validate, on the same machine that is running RT,
> against AD using the same username/password pair using ldapsearch.
>
>
> So I had our AD admin configure AD to allow "Anonymous Binding". Now I
> am still getting the same error message as above
When you set anonymous binding, did you remove the user and pass lines
from the LDAP config? There's no reason I know of why anonymous
shouldn't work so long as you don't specify those two lines.
As for doing it WITH the credentials it's possible we could be looking
at a bug, but it's difficult for me to tell because I don't have a
non-anonymous LDAP server to test against.
If you want to do any debugging yourself, you need to be looking at the
_GetBoundLdapObj function in $RTHOME/local/lib/RT/User_Vendor.pm which
is pretty small and just reads in the config as you've written it.
This is only a small suggestion, but is there any chance that Active
Directory is expecting a username in the form DOMAIN\USERNAME rather
than just username? That causes problems all over the place.
--
Kind Regards,
__________________________________________________
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________
More information about the rt-users
mailing list