[rt-users] ExternalAuth help needed

Kevin Falcone falcone at bestpractical.com
Tue Jan 11 10:43:59 EST 2011


On Mon, Jan 10, 2011 at 06:03:37PM -0800, Wes Modes wrote:
>    I am using ExternalAuth to connect RT3.8.8 to LDAP.
> 
>    Detailed documentation seems to be woefully absent, and I've scoured the web and tried the
>    dozens of conflicting suggestions, so I'm turning to y'all.
> 
>    Here's the error I get:
> 
>      [Tue Jan 11 01:41:56 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj
>      Can't bind: LDAP_INVALID_DN_SYNTAX 34
>      (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)

The error seems clear, something in your username or password isn't
valid DN syntax according to your server.

Try connecting using the ldapsearch command line client.

-kevin

>    Here's the LDAP section from my RT_Authen-ExternalAuth.pm
> 
>          'My_LDAP'       =>  {
>              ## GENERIC SECTION
>              # The type of service (db/ldap/cookie)
>              'type'                      =>  'ldap',
>              # The server hosting the service
>              'server'                    =>  'dir1.library.ucsc.edu',
>              ## SERVICE-SPECIFIC SECTION
>              # If you can bind to your LDAP server anonymously you should
>              # remove the user and pass config lines, otherwise specify them here:
>              #
>              # The username RT should use to connect to the LDAP server
>              'user'                      =>  'cn=admin,dc=ucsc,dc=edu',
>              # The password RT should use to connect to the LDAP server
>              'pass'                    =>  'PASSWORD',
>              #
>              # The LDAP search base
>              'base'                      =>  'ou=people,dc=ucsc,dc=edu',
>              #
>              # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
>              # YOU **MUST** SPECIFY A filter AND A d_filter!!
>              #
>              # The filter to use to match RT-Users
>              'filter'                    =>  '(objectClass=person)',
>              # A catch-all example filter: '(objectClass=*)'
>              #
>              # The filter that will only match disabled users
>              'd_filter'                  =>  '(objectClass=FooBarBaz)',
>              # A catch-none example d_filter: '(objectClass=FooBarBaz)'
>              #
>              # Should we try to use TLS to encrypt connections?
>              'tls'                       =>  0,
>              # SSL Version to provide to Net::SSLeay *if* using SSL
>              'ssl_version'               =>  3,
>              # What other args should I pass to Net::LDAP->new($host, at args)?
>              'net_ldap_args'             => [    version =>  3   ],
>              # Does authentication depend on group membership? What group name?
>              'group'                     =>  'staff',
>              # What is the attribute for the group object that determines membership?
>              'group_attr'                =>  'ou=group,dc=ucsc,dc=edu',
>              ## RT ATTRIBUTE MATCHING SECTION
>              # The list of RT attributes that uniquely identify a user
> 
>              # This example shows what you *can* specify.. I recommend reducing this
> 
>              # to just the Name and EmailAddress to save encountering problems later.
>              'attr_match_list'           => [    'Name',
>                                                  'EmailAddress',
>                                              ],
>              # The mapping of RT attributes on to LDAP attributes
>              'attr_map'                  =>  {   'Name' => 'uid',
>                                                  'EmailAddress' => 'mail',
>                                                  'RealName' => 'cn',
>                                                  'ExternalAuthId' => 'uid',
>                                                  'Gecos' => 'gecos',
>                                                  'WorkPhone' => 'telephoneNumber',
>                                              }
> 
>          },
> 
>    What more do you need to know to help me get this working?
> 
>    Wes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110111/82abf98b/attachment.sig>


More information about the rt-users mailing list