[rt-users] RT 4.4.1 LDAP Authentication issue.

Claude EDUMA claudeduma at gmail.com
Fri Dec 9 08:37:35 EST 2016


LDAP logs show that user is retreive, but not bind.

-----

SRCH base="o=corp.mycorp.com" scope=2
filter="(&(objectClass=privperson)(mail=claude.eduma at ext.mycorp.com))"
attrs="cn mail mail"
[09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
tag=101 nentries=1 etime=0

----

Regards.

2016-12-09 14:21 GMT+01:00 Claude EDUMA <claudeduma at gmail.com>:

> Well,
>
> I will try to use user mail for authentication.
>
> here is conf i tested without success :(
>
> -----
>  Set($ExternalSettings, {
>         'My_LDAP'       =>  {
>             'type'             =>  'ldap',
>             'server'           =>  'ldap://ypmycorpldap.corp.mycorp.com',
>             'user'             =>  'uid=mycorp-rtir-reader,ou=
> applicationAccounts,o=corp.mycorp.com',
>             'pass'             =>  'SikH2mmKLtPi0E4ZYcqldTXAgILVxG
> VhXWlHBF3o21',
>             'base'             =>  'o=corp.mycorp.com',
>             'filter'           =>  '(objectClass=person)',
>             'tls'              => { verify => "require", cafile =>
> "/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
>             'net_ldap_args'    => [    version =>  3, debug => 8   ],
>             'attr_match_list'  => [
>                 'Name' ,
> 'EmailAddress',
>             ],
>             # Import the following properties of the user from LDAP upon
>             # login
>             'attr_map' => {
>                 'Name'         => 'mail',
>                 'EmailAddress' => 'mail',
>                 'RealName'     => 'cn',
>             }
>         },
>     }
> );
>
> ---
>
> Regards
>
>
>
> 2016-12-09 13:59 GMT+01:00 Martin Wheldon <martin.wheldon at greenhills-it.
> co.uk>:
>
>> Hi,
>>
>> You could either use another unique attribute i.e mail or add another uid
>> to each RT user prefixed by a letter.
>>
>> dn: uid=123456,dc=my,dc=domain
>> uid: 123456
>> uid: x123456
>>
>> Best Regards
>>
>> Martin
>>
>>
>> On 2016-12-09 12:49, Joop wrote:
>>
>>> On 9-12-2016 13:38, Claude EDUMA wrote:
>>>
>>>> Hi Joop,
>>>>
>>>>
>>>> Thank you for your quick answer.
>>>> We have tested with non numerical username and result is OK.
>>>> Well in my organisation we use ldap uid for username. Any suggestion
>>>> to resolve this issue ?
>>>>
>>>> Please keep the list in the loop.
>>>
>>> I think the problem is in the function(s) which load the user info.
>>> These functions take a name OR an id and then load the corresponding
>>> info. When  usernames are IDs that doesn't work any more. Other than
>>> patching all functions which use this I don't see another solution than
>>> to change the use of uid as a username, sorry.
>>>
>>> Joop
>>>
>>> ---------
>>> RT 4.4 and RTIR training sessions, and a new workshop day!
>>> https://bestpractical.com/training
>>> * Los Angeles - January 9-11 2017
>>>
>> ---------
>> RT 4.4 and RTIR training sessions, and a new workshop day!
>> https://bestpractical.com/training
>> * Los Angeles - January 9-11 2017
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20161209/1854eaa1/attachment.html>


More information about the rt-users mailing list