[rt-users] cannot connect even after succesful Ldap search

Kevin Falcone falcone at bestpractical.com
Wed Sep 29 17:42:07 EDT 2010


On Wed, Sep 29, 2010 at 03:24:43PM -0500, Ashrock wrote:
>    Hi,
> 
>    I am trying to connect my AD to RT, to let users in AD access RT with their user names. I
>    tried configuring LDAP different ways, but it always returns cannot connect to LDAP, Invalid
>    Credentials.
>    [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to 10.10.0.5:389
> 
>    I assume the LDAP search was successful through this command.
> 
>    LDAP Search:
>    ldapsearch -LLL -x -H [1]ldap://10.10.0.5:389 -b 'ou=IT, ou=Support, dc=mcfc, dc=local' -D
>    'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local' -w 'abc123!@#' '(&(ObjectClass=User)(CN= RT))'
>    <returned no errors>
>    Does that mean, the ldap search was successful?

Your ldapsearch command specified a password, your RT config does not

-kevin

>    My RT Site Config is below.
>    Do i have to use AutoCanonical for user to get connected to LDAP.
> 
>    Where am i doing wrong. Please let me know if you may need some more files to know where am i
>    doing it wrong.
> 
>    ------------------------RT SITE CONFIG
>    ---------------------------------------------------------------
>    Set($WebBaseURL,'[2]http://10.10.10.10:443'); Set($WebPath,'');
>    Set($DatabaseName, 'rt3'); Set($DatabaseType, 'mysql');
>    Set($DatbaseUser, 'rtuser'); Set($DatabasePassword, 'pass');
>    Set($rtname,'Ticket'); Set($Organization,[3]"http://www.mcfc.com");
> 
>    #Set(@Plugins,(qw(Extension::QuickDelete)));
>    #Set(@Plguins,(qw(RT::FM)));
>    #Set($LogtoFileNamed, "rt.log");
>    #Set($LogtoFile, 'debug');
> 
>    Set(@Plugins,qw(RT::Authen::ExternalAuth));
>    Set($CorrespondAddress, '[4]rt-its at mcfc.com');
>    Set($CommentAddress, '[5]rt-comment at mcfc.com');
> 
>    @MailCommand , 'sendmail';
>    $SendMailArguments = "-oi -t";
>    $SendMailPath = "/usr/sbin/sendmail";
>    $SenderMustExistInExternalDatabase = undef;
> 
>    #Set($MailCommand, 'sendmail');
>    #Set($SendMailArguments, "-bm --rt-its at mcfc.com");
>    #Set($SendmailPath, "/usr/sbin/exim4");
> 
>    Set($NotifyActor, 1);
>    Set($RecordOutgoingEmail, 1);
>    Set($Timezone, 'US/Central');
> 
>    $WebURL = $WebBaseURL . $WebPath . "/";
> 
>    #Set($WebExternalAuth, 1);
>    #Set($WebFallbackToInternalAuth, true);
>    #Set($WebExternalAuto , 1);
> 
>    Set ($ExternalAuthPriority, [ 'My_LDAP' ]);
>    Set ($ExternalInfoPriority, [ 'My_LDAP' ]);
>    Set ($ExternalServiceUsesSSLorTLS, 1);
>    Set ($AutoCreateNonExternalUsers, 1);
>    Set ($Autocreate, 'Privileged=>1');
> 
>    Set($ExternalSettings, { 'My_LDAP' =>
>                                         {
>                                          'type' => 'ldap',
>                                          'server' => '10.10.10.10:389',
>                                          'user' => 'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local',
>                                          #'filter' => '(uid=*)',
>                                         #'filter' => '(&(ObjectCategory =
>    User)(ObjectClass=Person))',
>                                          'filter' => '(&(ObjectCategory = User)',
>                                          'd_filter' => '(userAccountControl=514)',
>                                         #'d_filter' =>
>    '(userAccountControl:1.2.840.113556.1.4.803:=2)',
>                                          'tls' => 0,
>                                         #'ssl_version' => 3,
>                                          'net_ldap_args' => [version => 3],
>                                         #'group' =>'cn= ou=Users dc=server, dc=mcfc, dc=local',
>                                         #'group_attr' => 'member',
>                                          'attr_match_list' => ['Name','Email Address'],
>                                         #'attr_map' => {'Name' => 'uid', 'EmailAddress' =>
>    'mail'}
>                                          'attr_map' => {
>                                                         'Name' => 'sAMAaccountName',
>                                                         'EmailAddress' => 'mail',
>                                                         'Organization' =>
>    'physicalDeliveryOfficeName',
>                                                         'RealName' => 'cn',
>                                                         'ExternalAuthId'=> 'sAMAccountname',
>                                                         'Gecos' => 'sAMAccountName',
>                                                         'WorkPhone' => 'telephoneNumber',
>                                                         'Address1' => 'streetAddress',
>                                                         'City' => '1',
>                                                         'State' => 'st',
>                                                         'Zip' =>'postalCode',
>                                                         'Country' => 'co'
>                                                        }
> 
>                                         }
>    }
>    );
>    1;
> 
> References
> 
>    Visible links
>    1. file:///Users/falcone/tmp/ldap:/10.10.0.5:389
>    2. http://10.10.10.10:443/
>    3. http://www.mcfc.com/
>    4. mailto:rt-its at mcfc.com
>    5. mailto:rt-comment at mcfc.com

> 
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100929/b20461df/attachment.sig>


More information about the rt-users mailing list