[rt-users] SOLVED? LDAP_INVALID_CREDENTIALS error with 'ExternalAuth' extension

Mike Peachey mike.peachey at jennic.com
Thu Apr 10 10:36:42 EDT 2008


I've been working on this and I think I have the answer (although I know 
one person has already told me they tried it and didn't work for them.. 
perhaps there was some other issue there?).

I used this script to test against my Active Directory servers and found 
that, if you specify the windows domain in the "user" field as well as 
the username it will not only work with anonymous binding off.. but it 
should still work with anonymous binding on!

##################################################################

#!/usr/bin/perl

use Net::LDAP;
use Net::LDAP::Util qw(ldap_error_name);
use Data::Dumper;
use strict;

my $ldap_server = 'server';
my $ldap_user = 'DOMAIN\username';
my $ldap_pass = 'password';
my $ldap_args = [version=>3];

my $ldap = new Net::LDAP($ldap_server, @$ldap_args);

my $msg = $ldap->bind($ldap_user, password => $ldap_pass);

print(Dumper($msg));
print("\n");
print("LDAP MESSAGE: ");
print(ldap_error_name($msg->code));
print("\n");

##################################################################

To repeat myself.. you SHOULD be able to solve this problem by correctly 
specifying your username in the full domain\username format as specified 
by Active Directory.

e.g.
Domain = MYDOMAIN
Username = myaccount

'user'	=> 'MYDOMAIN\myaccount',


Also, be careful that you should be using single quotes and therefore 
ensuring that the backslash isn't interpreted as an escaping character.

Please let me know your results, people!
-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________



More information about the rt-users mailing list