[rt-users] ExternalAuth help needed
Wes Modes
wmodes at ucsc.edu
Tue Jan 11 18:11:36 EST 2011
The machine name is specified elsewhere, but that is what the root DN
looks like. Now whether that is the right format for that variable
value or not, I don't know.
W.
On 1/11/2011 5:49 AM, Josh Narins wrote:
>
> I have fiddled only a little with LDAP.
>
>
>
> The error message sounds like it isn't recognizing something as a DN.
>
>
>
> To me, your username doesn't look quite right. Is there really an LDAP
> server at ucsc.edu? Shouldn't it be more like DC=ldap1,DC=ucsc,DC=edu,
> to specify the machine name?
>
>
>
> I'm not even very good with windows, so, I could be way off, here.
>
>
>
>
>
> //
>
> *Josh Narins*
>
> Director of Application Development
> SeniorBridge
> 845 Third Ave
> 7th Floor
> New York, NY 10022
> Tel: (212) 994-6194
> Fax: (212) 994-4260
> Mobile: (917) 488-6248
> jnarins at seniorbridge.com
> seniorbridge.com <http://www.seniorbridge.com/>
>
> SeniorBridge
>
>
>
> ------------------------------------------------------------------------
> *SeniorBridge Statement of Confidentiality:* The contents of this
> email message are intended for the exclusive use of the addressee(s)
> and may contain confidential or privileged information. Any
> dissemination, distribution or copying of this email by an unintended
> or mistaken recipient is strictly prohibited. In said event, kindly
> reply to the sender and destroy all entries of this message and any
> attachments from your system. Thank you.
>
> *From:*rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com] *On Behalf Of *Wes Modes
> *Sent:* Monday, January 10, 2011 9:04 PM
> *To:* RT Users
> *Subject:* [rt-users] ExternalAuth help needed
>
>
>
> I am using ExternalAuth to connect RT3.8.8 to LDAP.
>
> Detailed documentation seems to be woefully absent, and I've scoured
> the web and tried the dozens of conflicting suggestions, so I'm
> turning to y'all.
>
> Here's the error I get:
>
> [Tue Jan 11 01:41:56 2011] [critical]:
> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_INVALID_DN_SYNTAX 34
> (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
>
>
> Here's the LDAP section from my RT_Authen-ExternalAuth.pm
>
> 'My_LDAP' => {
> ## GENERIC SECTION
> # The type of service (db/ldap/cookie)
> 'type' => 'ldap',
> # The server hosting the service
> 'server' => 'dir1.library.ucsc.edu',
> ## SERVICE-SPECIFIC SECTION
> # If you can bind to your LDAP server anonymously you should
> # remove the user and pass config lines, otherwise specify
> them here:
> #
> # The username RT should use to connect to the LDAP server
> 'user' => 'cn=admin,dc=ucsc,dc=edu',
> # The password RT should use to connect to the LDAP server
> 'pass' => 'PASSWORD',
> #
> # The LDAP search base
> 'base' => 'ou=people,dc=ucsc,dc=edu',
> #
> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
> # YOU **MUST** SPECIFY A filter AND A d_filter!!
> #
> # The filter to use to match RT-Users
> 'filter' => '(objectClass=person)',
> # A catch-all example filter: '(objectClass=*)'
> #
> # The filter that will only match disabled users
> 'd_filter' => '(objectClass=FooBarBaz)',
> # A catch-none example d_filter: '(objectClass=FooBarBaz)'
> #
> # Should we try to use TLS to encrypt connections?
> 'tls' => 0,
> # SSL Version to provide to Net::SSLeay *if* using SSL
> 'ssl_version' => 3,
> # What other args should I pass to Net::LDAP->new($host, at args)?
> 'net_ldap_args' => [ version => 3 ],
> # Does authentication depend on group membership? What group name?
> 'group' => 'staff',
> # What is the attribute for the group object that determines
> membership?
> 'group_attr' => 'ou=group,dc=ucsc,dc=edu',
> ## RT ATTRIBUTE MATCHING SECTION
> # The list of RT attributes that uniquely identify a user
>
> # This example shows what you *can* specify.. I recommend
> reducing this
>
> # to just the Name and EmailAddress to save encountering
> problems later.
> 'attr_match_list' => [ 'Name',
> 'EmailAddress',
> ],
> # The mapping of RT attributes on to LDAP attributes
> 'attr_map' => { 'Name' => 'uid',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> 'ExternalAuthId' => 'uid',
> 'Gecos' => 'gecos',
> 'WorkPhone' =>
> 'telephoneNumber',
> }
>
> },
>
>
> What more do you need to know to help me get this working?
>
> Wes
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110111/20b82b4f/attachment.htm>
More information about the rt-users
mailing list