I don't think your lookups are working. The user you specified in RT_SiteConfig.pm probably can't search the LDAP tree.
Try "Set($LdapUser, '[user]');" in your RT_SiteConfig.pm (without the "@smwm.com"). Make sure you have the correct LdapBase setting. Check by looking at a user record on your AD in the Object tab. If it is smwm.com/Users/<user> then your current setting should be OK.
Also, unless you're getting a dump of the LDAP record, your ldapsearch isn't working either.
--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
[EMAIL PROTECTED]
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536
: This Space Intentionally Left Blank :
| [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED] 07/05/2006 12:10 PM
|
|
From: "Sean W. Mahan" <[EMAIL PROTECTED]>
Hello all,
I've been having some trouble setting up a new install of 3.6
(on Ubuntu server 6.06) with LDAP authenticating against AD (on 2003 R1
SP1). Login fails for new AD users. I set up an account in RT (with a
different-from-in-AD password) and tried to log in using the AD
password, and the log reported having updated the user information, but
authentication failed. Logging in with the password set in RT seems to
find the user in AD and update info, but IsLDAPPassword fails. One
mystery is the "Transaction->Create couldn't, as you didn't specify an
object type and id" error. The other is that LDAP lookups seem to be
working - although LookupExternalUserInfo doesn't report the values for
any of the fields - but authentication does not. At this point, I
really don't know if my problem is in AD somewhere, or in my RT config.
Apologies for the lengthy, log-filled email, but can anyone offer any
hints? Thanks,
-Sean
** Here's the LDAP sections of my SiteConfig **
Set($AuthMethods, ['LDAP','Internal']);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($LdapAttrMap, {'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'company',
'RealName' => 'cn',
'ExternalContactInfoId' => 'dn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'}
);
Set($LdapRTAttrMatchList, ['Name','ExternalContactInfoId',
'EmailAddress', 'RealName']
);
Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
'mailAlternateAddress']
);
Set($LdapServer, '[DC ip address]');
Set($LdapBase, 'CN=users,DC=smwm,DC=com');
#Set($LdapBase, 'CN=SMWM,OU=SMWMSF Distribution Lists,DC=smwm,DC=com');
Set($LdapFilter, "(objectclass=sAMAccountName)");
Set($LdapUser, '[EMAIL PROTECTED]');
Set($LdapPass, '[password]');
Set($LdapSSLVersion, 3);
Now some logs:
**First off, a search to make sure LDAP is actually working, DNs are
correct, etc**
ldapsearch -x -h [ip address] -b "CN=users,DC=smwm,DC=com" -D
"SMWMSF\[user]" -w "[password]" "sn=smahan"
# extended LDIF
#
# LDAPv3
# base <CN=users,DC=smwm,DC=com> with scope sub
# filter: sn=smahan
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
