[rt-users] ExternalAuth help needed
Kevin Falcone
falcone at bestpractical.com
Tue Jan 11 10:43:59 EST 2011
On Mon, Jan 10, 2011 at 06:03:37PM -0800, Wes Modes wrote:
> I am using ExternalAuth to connect RT3.8.8 to LDAP.
>
> Detailed documentation seems to be woefully absent, and I've scoured the web and tried the
> dozens of conflicting suggestions, so I'm turning to y'all.
>
> Here's the error I get:
>
> [Tue Jan 11 01:41:56 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj
> Can't bind: LDAP_INVALID_DN_SYNTAX 34
> (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
The error seems clear, something in your username or password isn't
valid DN syntax according to your server.
Try connecting using the ldapsearch command line client.
-kevin
> Here's the LDAP section from my RT_Authen-ExternalAuth.pm
>
> 'My_LDAP' => {
> ## GENERIC SECTION
> # The type of service (db/ldap/cookie)
> 'type' => 'ldap',
> # The server hosting the service
> 'server' => 'dir1.library.ucsc.edu',
> ## SERVICE-SPECIFIC SECTION
> # If you can bind to your LDAP server anonymously you should
> # remove the user and pass config lines, otherwise specify them here:
> #
> # The username RT should use to connect to the LDAP server
> 'user' => 'cn=admin,dc=ucsc,dc=edu',
> # The password RT should use to connect to the LDAP server
> 'pass' => 'PASSWORD',
> #
> # The LDAP search base
> 'base' => 'ou=people,dc=ucsc,dc=edu',
> #
> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
> # YOU **MUST** SPECIFY A filter AND A d_filter!!
> #
> # The filter to use to match RT-Users
> 'filter' => '(objectClass=person)',
> # A catch-all example filter: '(objectClass=*)'
> #
> # The filter that will only match disabled users
> 'd_filter' => '(objectClass=FooBarBaz)',
> # A catch-none example d_filter: '(objectClass=FooBarBaz)'
> #
> # Should we try to use TLS to encrypt connections?
> 'tls' => 0,
> # SSL Version to provide to Net::SSLeay *if* using SSL
> 'ssl_version' => 3,
> # What other args should I pass to Net::LDAP->new($host, at args)?
> 'net_ldap_args' => [ version => 3 ],
> # Does authentication depend on group membership? What group name?
> 'group' => 'staff',
> # What is the attribute for the group object that determines membership?
> 'group_attr' => 'ou=group,dc=ucsc,dc=edu',
> ## RT ATTRIBUTE MATCHING SECTION
> # The list of RT attributes that uniquely identify a user
>
> # This example shows what you *can* specify.. I recommend reducing this
>
> # to just the Name and EmailAddress to save encountering problems later.
> 'attr_match_list' => [ 'Name',
> 'EmailAddress',
> ],
> # The mapping of RT attributes on to LDAP attributes
> 'attr_map' => { 'Name' => 'uid',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> 'ExternalAuthId' => 'uid',
> 'Gecos' => 'gecos',
> 'WorkPhone' => 'telephoneNumber',
> }
>
> },
>
> What more do you need to know to help me get this working?
>
> Wes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110111/82abf98b/attachment.sig>
More information about the rt-users
mailing list