[rt-users] RT::Authen::ExternalAuth with AD...

Kevin Falcone falcone at bestpractical.com
Fri Apr 20 08:49:56 EDT 2012


On Fri, Apr 20, 2012 at 08:52:34AM +0200, Joop wrote:
> Glenn Sieb wrote:
> >On 4/19/12 9:23 PM, Jeff Blaine wrote:
> >>Share the solution?
> >
> >In the LDAP definition of RT_SiteConfig, where you set up the user to
> >query as, and such, the ldap user login wasn't working until we added
> >the @domain.ou bit to the end of it.
> >
> >So if the AD domain is dc=intranet,dc=local, the user had to be
> >user at intranet.local then it started working.
> I'm also using AD and I don't have to add the @domain.local to my
> login. I had a look at your RT_SiteConfig but didn't see the
> obvious. Will check later to see what difference there is between my
> and yours.

AD varies wildly.  Sometimes a username is enough, sometimes you need
username at realm and sometimes you need a full DN.  If you're lucky, you
can get an AD Admin to read the logs, but most of the time you just
have to try all three until it works.

This is why the list often suggests testing with ldapsearch to debug
auth problems.

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120420/53892091/attachment.sig>


More information about the rt-users mailing list