[rt-users] Bad characters in names loaded from LDAP (AD)

Jan Burian burian at vsup.cz
Mon Oct 10 16:26:51 EDT 2016


Hi all,

we have RT 4.4.0 on CentOS 7 and Perl v5.22.1. And we are starting to
use RT in production.

We configured RT to authenticate users via LDAP
(RT::Authen::ExternalAuth::LDAP). Our LDAP server is MS AD (Win 2008 R2).

Our config of LDAP ExternalAuth in RT:

Set($ExternalSettings, {
        'My_LDAP'       =>  {
                'type'             =>  'ldap',
                'server'           =>  'ldaps://ADserver:636',
                'user'             =>  'ldap-user',
                'pass'             =>  'password',
                'base'             =>  'dc=domain,dc=com',
                'filter'           =>  '(objectClass=person)',
                'd_filter'         => 
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
                'tls'              =>  { verify => "require", capath =>
"/etc/openldap/certs/cacert.pem" },
                'net_ldap_args'    =>  [ version => 3, debug => 8 ],
                'attr_match_list'  => [
                        'Name',
                        'EmailAddress',
                ],
                'attr_map' => {
                        'Name'         => 'sAMAccountName',
                        'EmailAddress' => 'mail',
                        'RealName'     => 'displayName',
                        'WorkPhone'    => 'telephoneNumber',
                },
        },
} );

Authentication is working fine. Users can log in, if the user doesn't
exist in RT the account is autocreated. All the configured attributes
are transferred.
But we have problem with encoding of RealName which is mapped from
displayName attribute in MS AD.
For Example:
displayName in MS AD: Matouš Novák
is loaded and saved in RT Real Name as:
RealName: Matouš Novák

Log file:

[6937] [Tue Sep 27 15:59:25 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Disabled: ,
EmailAddress: novak at domain.com, Gecos: novak, Name: novak, Privileged:
1, RealName: Matouš Novák, WorkPhone: 
(/opt/rt4/sbin/../lib/RT/User.pm:811)

We had similar problem with Moodle. When we configured Moodle against
Active Directory and set cp1250 encoding, then it was doing exactly same
thing. After we changed encoding for LDAP connector to utf-8 then the
names was
corrected.

If you know how we can specify encoding in LDAP configuration that will
be great. I didn't find any description about encoding option in LDAP
configuration in RT.

I was searching in:
- RT documentatiton
- RT comunity wiki
- RT mailing lists archives
- google

I found only this question in mailing list but without answer:
http://www.gossamer-threads.com/lists/rt/users/128318?search_string=encoding;#128318

Also I red thath MS AD in LDAP protocol version 3 returns any string to
LDAP client in utf-8 encoding.
I really don't know where could be a problem.

Any help will be appreciated.
Thanks in advance for any hint.

Best regards
Jan Burian


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20161010/c2132f45/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3136 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20161010/c2132f45/attachment.bin>


More information about the rt-users mailing list