[rt-users] ExternalAuth help needed

Wes Modes wmodes at ucsc.edu
Tue Jan 11 18:11:36 EST 2011


The machine name is specified elsewhere, but that is what the root DN
looks like.  Now whether that is the right format for that variable
value or not, I don't know. 

W.

On 1/11/2011 5:49 AM, Josh Narins wrote:
>
> I have fiddled only a little with LDAP.
>
>  
>
> The error message sounds like it isn't recognizing something as a DN.
>
>  
>
> To me, your username doesn't look quite right. Is there really an LDAP
> server at ucsc.edu? Shouldn't it be more like DC=ldap1,DC=ucsc,DC=edu,
> to specify the machine name?
>
>  
>
> I'm not even very good with windows, so, I could be way off, here.
>
>  
>
>
>
> //
>
> *Josh Narins*
>
> Director of Application Development
> SeniorBridge
> 845 Third Ave
> 7th Floor
> New York, NY 10022
> Tel: (212) 994-6194
> Fax: (212) 994-4260
> Mobile: (917) 488-6248
> jnarins at seniorbridge.com
> seniorbridge.com <http://www.seniorbridge.com/>
>
> SeniorBridge
>
>
>
> ------------------------------------------------------------------------
> *SeniorBridge Statement of Confidentiality:* The contents of this
> email message are intended for the exclusive use of the addressee(s)
> and may contain confidential or privileged information. Any
> dissemination, distribution or copying of this email by an unintended
> or mistaken recipient is strictly prohibited. In said event, kindly
> reply to the sender and destroy all entries of this message and any
> attachments from your system. Thank you.
>
> *From:*rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com] *On Behalf Of *Wes Modes
> *Sent:* Monday, January 10, 2011 9:04 PM
> *To:* RT Users
> *Subject:* [rt-users] ExternalAuth help needed
>
>  
>
> I am using ExternalAuth to connect RT3.8.8 to LDAP.
>
> Detailed documentation seems to be woefully absent, and I've scoured
> the web and tried the dozens of conflicting suggestions, so I'm
> turning to y'all.
>
> Here's the error I get:
>
> [Tue Jan 11 01:41:56 2011] [critical]:
> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_INVALID_DN_SYNTAX 34
> (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
>
>
> Here's the LDAP section from my RT_Authen-ExternalAuth.pm
>
>     'My_LDAP'       =>  {  
>         ## GENERIC SECTION
>         # The type of service (db/ldap/cookie)
>         'type'                      =>  'ldap',
>         # The server hosting the service
>         'server'                    =>  'dir1.library.ucsc.edu',
>         ## SERVICE-SPECIFIC SECTION
>         # If you can bind to your LDAP server anonymously you should
>         # remove the user and pass config lines, otherwise specify
> them here:
>         #
>         # The username RT should use to connect to the LDAP server
>         'user'                      =>  'cn=admin,dc=ucsc,dc=edu',
>         # The password RT should use to connect to the LDAP server
>         'pass'                    =>  'PASSWORD',
>         #
>         # The LDAP search base
>         'base'                      =>  'ou=people,dc=ucsc,dc=edu',
>         #
>         # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
>         # YOU **MUST** SPECIFY A filter AND A d_filter!!
>         #
>         # The filter to use to match RT-Users
>         'filter'                    =>  '(objectClass=person)',
>         # A catch-all example filter: '(objectClass=*)'
>         #
>         # The filter that will only match disabled users
>         'd_filter'                  =>  '(objectClass=FooBarBaz)',
>         # A catch-none example d_filter: '(objectClass=FooBarBaz)'
>         #
>         # Should we try to use TLS to encrypt connections?
>         'tls'                       =>  0,
>         # SSL Version to provide to Net::SSLeay *if* using SSL
>         'ssl_version'               =>  3,
>         # What other args should I pass to Net::LDAP->new($host, at args)?
>         'net_ldap_args'             => [    version =>  3   ],
>         # Does authentication depend on group membership? What group name?
>         'group'                     =>  'staff',
>         # What is the attribute for the group object that determines
> membership?
>         'group_attr'                =>  'ou=group,dc=ucsc,dc=edu',
>         ## RT ATTRIBUTE MATCHING SECTION
>         # The list of RT attributes that uniquely identify a user
>
>         # This example shows what you *can* specify.. I recommend
> reducing this
>
>         # to just the Name and EmailAddress to save encountering
> problems later.
>         'attr_match_list'           => [    'Name',
>                                             'EmailAddress',
>                                         ],
>         # The mapping of RT attributes on to LDAP attributes
>         'attr_map'                  =>  {   'Name' => 'uid',
>                                             'EmailAddress' => 'mail',
>                                             'RealName' => 'cn',
>                                             'ExternalAuthId' => 'uid',
>                                             'Gecos' => 'gecos',
>                                             'WorkPhone' =>
> 'telephoneNumber',
>                                         }
>
>     },
>
>
> What more do you need to know to help me get this working?
>
> Wes
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110111/20b82b4f/attachment.htm>


More information about the rt-users mailing list