[rt-users] SOLVED? LDAP_INVALID_CREDENTIALS error with 'ExternalAuth' extension
Mike Peachey
mike.peachey at jennic.com
Thu Apr 10 14:36:50 EDT 2008
Pedro Lobo S. da Rocha wrote:
> Mike,
>
> I change somethings on my configuration and it seems almost right. I am
> now receiving the following log messages:
>
> 18. [Thu Apr 10 17:38:19 2008] [debug]: LDAP Search === Base:
dc=DOMAIN,dc=com == Filter: (&(objectclass=*)(sAMAccountName=teste)) ==
Attrs: uid (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:890)
> 19. [Thu Apr 10 17:38:19 2008] [info]: DISABLED user teste per
External Service (1, Disabled changed from (no value) to "1")
>
> I don't know whats happening at line 19. Do you?
>
Err... bugger! You've just found a bug.
I will fix this tomorrow morning when I get to work. The problem is that
I hadn't programmed for the possibility of there being no d_filter,
therefore, if you don't specify a d_filter (disable filter) it will
consider ALL of your users disabled instead of none of them.
Whoops.
You can fix this temporarily in one of two ways:
1. Specify a disable filter.
2. Edit User_Vendor.pm manually.
HOWTO:
1. Since you're using Active Directory, the simplest way for you to sort
this out is to use the Active Directory disable filter since I doubt
there's any reason you would want someone to still be able to access RT
if you've set their account to disabled in Active Directory.
To do this, add this line to your LDAP settings (add it under 'filter'):
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
2. If you want to allow access to RT to users that have been disabled in
Active Directory, change line 904 in $RTHOME/local/lib/RT/UserVendor.pm
from this:
$user_disabled = 1;
to this:
$user_disabled = 0;
And it will then be overwritten with a fix once I update the code and
release v0.06 tomorrow.
P.S. Please join the RT-Users mailing list and then CC
rt-users at lists.bestpractical.com in any replies if you can so that
others may benefit.
--
Kind Regards,
___________________________________________________
Mike Peachey, IT
Tel: +44 (0) 114 281 2655
Fax: +44 (0) 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
http://www.jennic.com
Confidential
___________________________________________________
More information about the rt-users
mailing list