[rt-users] rt4 and External Auth to AD 2008 non-ssl
Brian Murphy
blmurphy at eiu.edu
Tue Aug 30 11:32:58 EDT 2011
I can do the following with ldapsearch notice the filter:
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=eiuad,dc=eiu,dc=edu> with scope subtree
# filter: (&(sAMAccountName=blmurphy))
# requesting: ALL
#
# Murphy\2C Brian, ITS Employees, Employee Accounts, EIU USERS, eiuad.eiu.edu
dn: CN=Murphy\, Brian,OU=ITS Employees,OU=Employee Accounts,OU=EIU USERS,DC=ei
uad,DC=eiu,DC=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Murphy, Brian
sn: Murphy
title: Associate Director
description: Information Technology Services
physicalDeliveryOfficeName: Technical Support & Operations
telephoneNumber: 581-7618
givenName: Brian
distinguishedName: CN=Murphy\, Brian,OU=ITS Employees,OU=Employee Accounts,OU=
EIU USERS,DC=eiuad,DC=eiu,DC=edu
instanceType: 4
whenCreated: 20011219230613.0Z
whenChanged: 20110829133938.0Z
displayName: Murphy, Brian
uSNCreated: 43124
info: Associate Director - higher limits allowed
memberOf: CN=RT_Access,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=Outlook SSL Change,OU=GPO Scripting Groups,OU=Groups,DC=eiuad,DC=
eiu,DC=edu
memberOf: CN=Hyperic Administrators,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=Global Psynch Helpdesk Staff,OU=ITS Groups,OU=Business Affairs Re
source Sharing Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=Xythos Users,OU=Groups,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=ITS group for Xythos sharing,OU=ITS Groups,OU=Business Affairs Re
source Sharing Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=BannerINBJavaUpdater,OU=Groups,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=ITS PLs Prgmrs,OU=ITS Groups,OU=Business Affairs Resource Sharing
Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=ITSDEPT,OU=ITS Groups,OU=Business Affairs Resource Sharing Groups
,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=Tech Support,OU=ITS Groups,OU=Business Affairs Resource Sharing G
roups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=Systems & Tech Supt,OU=ITS Groups,OU=Business Affairs Resource Sh
aring Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=Server Ops,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=ONORDER,OU=ITS Groups,OU=Business Affairs Resource Sharing Groups
,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=ILOM Admins,OU=Infrastructure Management,OU=Groups,DC=eiuad,DC=ei
u,DC=edu
memberOf: CN=Brian Murphys Group,OU=ITS Groups,OU=Business Affairs Resource Sh
aring Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=Others,OU=EISE Project,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC
=eiu,DC=edu
memberOf: CN=Degree Audit Process Team,OU=EISE Project,OU=EIU RESOURCE SHARING
GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=EIU Faculty and Staff for Citrix Access,OU=Citrix,DC=eiuad,DC=eiu
,DC=edu
memberOf: CN=DISASTER,OU=ITS Groups,OU=Business Affairs Resource Sharing Group
s,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=SECURITY,OU=Lumpkin Hall Computer Labs,DC=eiuad,DC=eiu,DC=edu
memberOf: CN=Backup Operators,CN=Builtin,DC=eiuad,DC=eiu,DC=edu
uSNChanged: 12145001
department: Information Technology Services
company: Eastern Illinois University
streetAddress:: U3R1ZGVudCBTZXJ2aWNlcyBCdWlsZGluZw0KQjk=
directReports: CN=Bensley\, Brett,OU=ITS Employees,OU=Employee Accounts,OU=EIU
USERS,DC=eiuad,DC=eiu,DC=edu
directReports: CN=Clayton\, Allen,OU=ITS Employees,OU=Employee Accounts,OU=EIU
USERS,DC=eiuad,DC=eiu,DC=edu
directReports: CN=Wilson\, Julie,OU=Net Admin OU,OU=Sensitive,DC=eiuad,DC=eiu,
DC=edu
name: Murphy, Brian
objectGUID:: RlmmJv+FGEWZvik8YlZYmw==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 129495066522016517
lastLogoff: 0
lastLogon: 129591191145074682
logonHours:: ////////////////////////////
pwdLastSet: 129470205541973909
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAkDCgJUtYtjLperlb6gMAAA==
adminCount: 1
accountExpires: 0
logonCount: 122
sAMAccountName: blmurphy
sAMAccountType: 805306368
userPrincipalName: blmurphy at eiuad.eiu.edu
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=eiuad,DC=eiu,DC=edu
dSCorePropagationData: 20110809183717.0Z
dSCorePropagationData: 20110803191151.0Z
dSCorePropagationData: 20110628195950.0Z
dSCorePropagationData: 20110525205317.0Z
dSCorePropagationData: 16010714223651.0Z
lastLogonTimestamp: 129590987787492303
mail: blmurphy at eiu.edu
# search reference
ref: ldap://DomainDnsZones.eiuad.eiu.edu/DC=DomainDnsZones,DC=eiuad,DC=eiu,DC=
edu
# search reference
ref: ldap://ForestDnsZones.eiuad.eiu.edu/DC=ForestDnsZones,DC=eiuad,DC=eiu,DC=
edu
# search reference
ref: ldap://eiuad.eiu.edu/CN=Configuration,DC=eiuad,DC=eiu,DC=edu
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 1
# numReferences: 3
----- Original Message -----
From: "Brian Murphy" <blmurphy at eiu.edu>
To: rt-users at lists.bestpractical.com
Sent: Tuesday, August 30, 2011 10:08:56 AM
Subject: Re: [rt-users] rt4 and External Auth to AD 2008 non-ssl
A bit confused about that whole filter thing.
If I specify objectClass=person and the sAMAccountName on the same filter it does not work with ldapsearch. if I use either one by titself, I get back my user record from AD.
Brian
----- Original Message -----
From: "Kevin Falcone" <falcone at bestpractical.com>
To: rt-users at lists.bestpractical.com
Sent: Tuesday, August 30, 2011 9:41:57 AM
Subject: Re: [rt-users] rt4 and External Auth to AD 2008 non-ssl
On Tue, Aug 30, 2011 at 09:35:39AM -0500, Brian Murphy wrote:
> I am making progress in that I am at least now getting some indication that the code is trying to authenticate my user in my active directory.
> I now receive the following after I upgraded my RT::Auth::External to 0.09.
Yes, you must use the newest version (0.09) for it to work with RT4
> [Tue Aug 30 14:32:12 2011] [debug]: LDAP Search === Base: ou=its employees,ou=employee accounts,ou=eiu users,dc=eiuad,dc=eiu.dc=edu == Filter: (&(objectClass=person)(sAMAccountName=blmurphy)) == Attrs: sAMAccountName (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
Is that the right OU and Filter? Does that OU and Filter work from
ldapsearch?
-kevin
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Chicago, IL, USA � September 26 & 27, 2011
* San Francisco, CA, USA � October 18 & 19, 2011
* Washington DC, USA � October 31 & November 1, 2011
* Melbourne VIC, Australia � November 28 & 29, 2011
* Barcelona, Spain � November 28 & 29, 2011
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Chicago, IL, USA September 26 & 27, 2011
* San Francisco, CA, USA October 18 & 19, 2011
* Washington DC, USA October 31 & November 1, 2011
* Melbourne VIC, Australia November 28 & 29, 2011
* Barcelona, Spain November 28 & 29, 2011
More information about the rt-users
mailing list