[rt-users] cannot connect even after succesful Ldap search
Kevin Falcone
falcone at bestpractical.com
Wed Sep 29 17:42:07 EDT 2010
On Wed, Sep 29, 2010 at 03:24:43PM -0500, Ashrock wrote:
> Hi,
>
> I am trying to connect my AD to RT, to let users in AD access RT with their user names. I
> tried configuring LDAP different ways, but it always returns cannot connect to LDAP, Invalid
> Credentials.
> [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to 10.10.0.5:389
>
> I assume the LDAP search was successful through this command.
>
> LDAP Search:
> ldapsearch -LLL -x -H [1]ldap://10.10.0.5:389 -b 'ou=IT, ou=Support, dc=mcfc, dc=local' -D
> 'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local' -w 'abc123!@#' '(&(ObjectClass=User)(CN= RT))'
> <returned no errors>
> Does that mean, the ldap search was successful?
Your ldapsearch command specified a password, your RT config does not
-kevin
> My RT Site Config is below.
> Do i have to use AutoCanonical for user to get connected to LDAP.
>
> Where am i doing wrong. Please let me know if you may need some more files to know where am i
> doing it wrong.
>
> ------------------------RT SITE CONFIG
> ---------------------------------------------------------------
> Set($WebBaseURL,'[2]http://10.10.10.10:443'); Set($WebPath,'');
> Set($DatabaseName, 'rt3'); Set($DatabaseType, 'mysql');
> Set($DatbaseUser, 'rtuser'); Set($DatabasePassword, 'pass');
> Set($rtname,'Ticket'); Set($Organization,[3]"http://www.mcfc.com");
>
> #Set(@Plugins,(qw(Extension::QuickDelete)));
> #Set(@Plguins,(qw(RT::FM)));
> #Set($LogtoFileNamed, "rt.log");
> #Set($LogtoFile, 'debug');
>
> Set(@Plugins,qw(RT::Authen::ExternalAuth));
> Set($CorrespondAddress, '[4]rt-its at mcfc.com');
> Set($CommentAddress, '[5]rt-comment at mcfc.com');
>
> @MailCommand , 'sendmail';
> $SendMailArguments = "-oi -t";
> $SendMailPath = "/usr/sbin/sendmail";
> $SenderMustExistInExternalDatabase = undef;
>
> #Set($MailCommand, 'sendmail');
> #Set($SendMailArguments, "-bm --rt-its at mcfc.com");
> #Set($SendmailPath, "/usr/sbin/exim4");
>
> Set($NotifyActor, 1);
> Set($RecordOutgoingEmail, 1);
> Set($Timezone, 'US/Central');
>
> $WebURL = $WebBaseURL . $WebPath . "/";
>
> #Set($WebExternalAuth, 1);
> #Set($WebFallbackToInternalAuth, true);
> #Set($WebExternalAuto , 1);
>
> Set ($ExternalAuthPriority, [ 'My_LDAP' ]);
> Set ($ExternalInfoPriority, [ 'My_LDAP' ]);
> Set ($ExternalServiceUsesSSLorTLS, 1);
> Set ($AutoCreateNonExternalUsers, 1);
> Set ($Autocreate, 'Privileged=>1');
>
> Set($ExternalSettings, { 'My_LDAP' =>
> {
> 'type' => 'ldap',
> 'server' => '10.10.10.10:389',
> 'user' => 'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local',
> #'filter' => '(uid=*)',
> #'filter' => '(&(ObjectCategory =
> User)(ObjectClass=Person))',
> 'filter' => '(&(ObjectCategory = User)',
> 'd_filter' => '(userAccountControl=514)',
> #'d_filter' =>
> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
> 'tls' => 0,
> #'ssl_version' => 3,
> 'net_ldap_args' => [version => 3],
> #'group' =>'cn= ou=Users dc=server, dc=mcfc, dc=local',
> #'group_attr' => 'member',
> 'attr_match_list' => ['Name','Email Address'],
> #'attr_map' => {'Name' => 'uid', 'EmailAddress' =>
> 'mail'}
> 'attr_map' => {
> 'Name' => 'sAMAaccountName',
> 'EmailAddress' => 'mail',
> 'Organization' =>
> 'physicalDeliveryOfficeName',
> 'RealName' => 'cn',
> 'ExternalAuthId'=> 'sAMAccountname',
> 'Gecos' => 'sAMAccountName',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => '1',
> 'State' => 'st',
> 'Zip' =>'postalCode',
> 'Country' => 'co'
> }
>
> }
> }
> );
> 1;
>
> References
>
> Visible links
> 1. file:///Users/falcone/tmp/ldap:/10.10.0.5:389
> 2. http://10.10.10.10:443/
> 3. http://www.mcfc.com/
> 4. mailto:rt-its at mcfc.com
> 5. mailto:rt-comment at mcfc.com
>
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100929/b20461df/attachment.sig>
More information about the rt-users
mailing list