[rt-users] Issue Trying To Get AD Integration Working
Jason Batchelor
jxbatchelor at gmail.com
Fri Apr 4 13:29:30 EDT 2014
Kevin/Chris:
Thanks for taking the time to reply. After taking both your suggestions
into account I got a service account setup and configured the attr_map
attribute. Initially, I was trying to get this working using just my
certificate and then binding as the user who was authenticating (not
needing a service account). As I understand now however, this is necessary
for this plugin.
Thanks,
Jason
On Thu, Apr 3, 2014 at 1:55 PM, Kevin Falcone <falcone at bestpractical.com>wrote:
> On Wed, Apr 02, 2014 at 02:44:31PM -0500, Jason Batchelor wrote:
> > Set($ExternalSettings, {
> > 'My_LDAP' => {
> > 'type' => 'ldap',
> > 'server' => 'ldaps://[1]example.company.org',
> > 'base' => 'dc=xxxxx,dc=org',
> > 'filter' => '(objectClass=*)',
> > 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
> > 'tls' => 0,
> > 'ssl_version' => 3,
> > 'net_ldap_args' => [ version => 3 ]
> > },
> > } );
> > --------------------------------------
> > I am trying to do this via LDAPS using our root CAs (which I have
> already configured via
> > openLDAP). Each time I attempt to authenticate I get the following
> error in the logs...
>
> The debugging line blows up because the filter constructed is invalid
> because you've not provided attr_map, which means RT has no idea how
> to map things in LDAP to things in RT.
>
> You'll need a complete config to use RT::Authen::ExternalAuth
>
> Also, since you're just setting up, upgrade to the current release of
> the module.
>
> The docs cover the needed config settings
>
> https://metacpan.org/source/FALCONE/RT-Authen-ExternalAuth-0.18/etc/RT_SiteConfig.pm#L212
>
> -kevin
>
> --
> RT Training - Dallas May 20-21
> http://bestpractical.com/training
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140404/b131a12c/attachment.htm>
More information about the rt-users
mailing list