[rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
Kevin Falcone
falcone at bestpractical.com
Mon Aug 29 19:59:33 EDT 2011
On Mon, Aug 29, 2011 at 03:50:57PM -0800, James Zuelow wrote:
> Josh,
>
> I have been just barely following this thread, so please forgive me if I'm off base here.
>
> I think an issue is this:
>
> 'attr_match_list' => [ 'ExternalAuthId','EmailAddress' ],
attr_match_list is documented as
# The list of RT attributes that uniquely identify a user
not an LDAP aatribute.
The error message you point to means that the user was aunable to be
canonicalized from LDAP. If it was supposed to be there, then the
search args are wrong (or the user logging into RT doesn't have rights
on LDAP to canonicalize themselves). If the user wasn't supposed to be
in LDAP, but should be created, then the user wants to read the docs for
AutoCreateNonExternalUsers.
-kevin
> And your LDAP is failing because:
>
> > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E
> > xternalAuth.pm:458) [Mon Aug 29 23:15:41 2011] [debug]: Attempting to
> > use this canonicalization key: ExternalAuthId
> > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E
> > xternalAuth.pm:472) [Mon Aug 29 23:15:41 2011] [debug]: This
> > attribute (
> > ExternalAuthId ) is
> > null or incorrectly defined in the attr_map for this service (
> > Active_Directory )
>
> Your AD schema does not have an "ExternalAuthID" field in it.
>
> You have ExternalAuthID mapped to sAMAccountName. What happens if you try:
>
> 'attr_match_list' => [ 'sAMAccountName','EmailAddress' ],
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110829/3b9b974d/attachment.sig>
More information about the rt-users
mailing list