[rt-users] RT 4.4.1 LDAP Authentication issue.
Martin Wheldon
martin.wheldon at greenhills-it.co.uk
Fri Dec 9 08:56:22 EST 2016
Hi,
Sorry, please disregard my last response, the user account has been
found.
Could you post the RT logs please?
Best Regards
Martin
On 2016-12-09 13:44, Martin Wheldon wrote:
> Hi,
>
> Looks like a ldap acl issue, is your ldap search user able to access
> the users mail attribute?
>
> Best Regards
>
> Martin
>
> On 2016-12-09 13:37, Claude EDUMA wrote:
>> LDAP logs show that user is retreive, but not bind.
>>
>> -----
>>
>> SRCH base="o=corp.mycorp.com [2]" scope=2
>> filter="(&(objectClass=privperson)(mail=claude.eduma at ext.mycorp.com))"
>> attrs="cn mail mail"
>> [09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
>> tag=101 nentries=1 etime=0
>>
>> ----
>>
>> Regards.
>>
>> 2016-12-09 14:21 GMT+01:00 Claude EDUMA <claudeduma at gmail.com>:
>>
>>> Well,
>>>
>>> I will try to use user mail for authentication.
>>>
>>> here is conf i tested without success :(
>>>
>>> -----
>>>
>>> Set($ExternalSettings, {
>>> 'My_LDAP' => {
>>> 'type' => 'ldap',
>>> 'server' =>
>>> 'ldap://ypmycorpldap.corp.mycorp.com [1]',
>>> 'user' =>
>>> 'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com
>>> [2]',
>>> 'pass' =>
>>> 'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
>>> 'base' => 'o=corp.mycorp.com [2]',
>>> 'filter' => '(objectClass=person)',
>>> 'tls' => { verify => "require", cafile =>
>>> "/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
>>> 'net_ldap_args' => [ version => 3, debug => 8
>>> ],
>>> 'attr_match_list' => [
>>> 'Name' ,
>>> 'EmailAddress',
>>> ],
>>> # Import the following properties of the user from LDAP
>>> upon
>>> # login
>>> 'attr_map' => {
>>> 'Name' => 'mail',
>>> 'EmailAddress' => 'mail',
>>> 'RealName' => 'cn',
>>> }
>>> },
>>> }
>>> );
>>>
>>> ---
>>>
>>> Regards
>>>
>>> 2016-12-09 13:59 GMT+01:00 Martin Wheldon
>>> <martin.wheldon at greenhills-it.co.uk>:
>>> Hi,
>>>
>>> You could either use another unique attribute i.e mail or add
>>> another uid to each RT user prefixed by a letter.
>>>
>>> dn: uid=123456,dc=my,dc=domain
>>> uid: 123456
>>> uid: x123456
>>>
>>> Best Regards
>>>
>>> Martin
>>>
>>> On 2016-12-09 12:49, Joop wrote:
>>> On 9-12-2016 13:38, Claude EDUMA wrote:
>>> Hi Joop,
>>>
>>> Thank you for your quick answer.
>>> We have tested with non numerical username and result is OK.
>>> Well in my organisation we use ldap uid for username. Any suggestion
>>> to resolve this issue ?
>>>
>>> Please keep the list in the loop.
>>>
>>> I think the problem is in the function(s) which load the user info.
>>> These functions take a name OR an id and then load the corresponding
>>> info. When usernames are IDs that doesn't work any more. Other than
>>> patching all functions which use this I don't see another solution
>>> than
>>> to change the use of uid as a username, sorry.
>>>
>>> Joop
>>>
>>> ---------
>>> RT 4.4 and RTIR training sessions, and a new workshop day!
>>> https://bestpractical.com/training [3]
>>> * Los Angeles - January 9-11 2017
>> ---------
>> RT 4.4 and RTIR training sessions, and a new workshop day!
>> https://bestpractical.com/training [3]
>> * Los Angeles - January 9-11 2017
>>
>>
>>
>> Links:
>> ------
>> [1] http://ypmycorpldap.corp.mycorp.com
>> [2] http://corp.mycorp.com
>> [3] https://bestpractical.com/training
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Los Angeles - January 9-11 2017
More information about the rt-users
mailing list