[rt-users] LDAP & Mac OS X Server OD

Erich Prinz erich.rt at bpisys.com
Thu Nov 29 16:44:30 EST 2012

Hello All,

Brand new to RT here.


Installed on Ubuntu 10.04 server and need to authenticate to the OD running on a OS X 10.6.8 server. We currently have the users log into the Ubuntu box via thin clients (LTSP) and utilize kerberos tickets (PAM SASL) from the OD machine. Yet it seems even the simplest of configs breaks RT.

I've installed the RT::Authen::ExternalAuth plugin and have done a very basic config.


Issue No. 1

Adding Set($LogToFile , 'debug'); to RT_SiteConfig.pm breaks RT. Zero response in the web gui and nothing (RT) gets logged in /var/log/syslog or /var/log/messages after restart of the web server.

Issue No. 2

I can't begin to debug the setup w/o debug turned on! (okay, very obvious I know.)
For what it's worth, here is the initial error in the log (std out):
RT: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_DN_SYNTAX 34 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:495)

Desired Outcome

To enable users to authenticate against the existing O.D. install with their existing i.d. and pass along with avoiding the additional administrative burden of managing multiple user accounts for access to RT.

Relavant bits from the Plugin .pm:

Set($ExternalAuthPriority,  [ 'My_LDAP' ]);
Set($ExternalInfoPriority,  ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    0);

'My_LDAP'       =>  {   ## GENERIC SECTION
                                                       'type' => 'ldap',
                                                       'server' => 's1-osx.domain.org',
                                                       'user' => 'admin',
                                                       'pass' => 'xxxxx',
                                                       'base' => 'dc=s1-osx,dc=domain,dc=org',
                                                       'tls' => 0,
                                                       'net_ldap_args' => [ version => 3 ],
                                                       'group'  =>  'cn=admins,ou=Admins,dc=domain,dc=org',
                                                       'group_scope'   =>  'base',   
                                                       'attr_match_list'           => [    'Name',
                                                       # The mapping of RT attributes on to LDAP attributes
                                                       'attr_map'                  =>  {   'Name' => 'sAMAccountName',
                                                                                           'EmailAddress' => 'mail',
                                                                                           'Organization' => 'physicalDeliveryOfficeName',
                                                                                           'RealName' => 'cn',
                                                                                           'ExternalAuthId' => 'sAMAccountName',
                                                                                           'Gecos' => 'sAMAccountName',
                                                                                           'WorkPhone' => 'telephoneNumber',
                                                                                           'Address1' => 'streetAddress',
                                                                                           'City' => 'l',
                                                                                           'State' => 'st',
                                                                                           'Zip' => 'postalCode',
                                                                                           'Country' => 'co'

... And the main RT_SiteConfig.pm

Set( $rtname, 'domain.org');
Set( $WebDomain, 'rt.domain.org');

Set(@Plugins,(qw(RT::Extension::QuickDelete RT::Extension::CommandByMail)));
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
require "/opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";

Set( $DatabaseType, 'mysql');

Set( $DatabaseHost, '');
Set( $DatabaseUser, '');
Set( $DatabasePassword, 'xxxx');
Set( $DatabaseName, 'requesttracker');


More information about the rt-users mailing list