[rt-users] LDAP & Mac OS X Server OD

[Kevin Falcone]

On Thu, Nov 29, 2012 at 03:44:30PM -0600, Erich Prinz wrote:
> Installed on Ubuntu 10.04 server and need to authenticate to the OD
> running on a OS X 10.6.8 server. We currently have the users log into
> the Ubuntu box via thin clients (LTSP) and utilize kerberos tickets
> (PAM SASL) from the OD machine. Yet it seems even the simplest of
> configs breaks RT.

> I've installed the RT::Authen::ExternalAuth plugin and have done a very basic config.
> 
> Adding Set($LogToFile , 'debug'); to RT_SiteConfig.pm breaks RT. Zero
> response in the web gui and nothing (RT) gets logged in
> /var/log/syslog or /var/log/messages after restart of the web server.

Does the default of /opt/rt4/var/log/rt.log exist and is the file
writable?  Depending on your apache configuration, RT's complaint
about writing to that file may be eaten.

Try just logging to $LogToScreen instead so that it ends up in the
normal apache logs.

> RT: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_DN_SYNTAX 34 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:495)

This implies your server probably doesn't like

>                                                        'user' => 'admin',
>                                                        'pass' => 'xxxxx',

This format for username.

You may need to use a full DN format, depends on the server.  You can
test with a tiny Net::LDAP script or the command line ldapsearch
program.

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20121204/3ba2af93/attachment.sig>