At least I'm able to use the ldapsearch command line utility to query properly our AD servers. I have to use the -x options to force simple auth method otherwise I get an error (I put all needed options in the command line, not relying on /etc/ldap.conf)
But... this leads me to ask a question that may be a really silly one: do we need a properly configured /etc/ldap.conf file to get the LDAP Auth to work in RT? I thought all the server and connection info put in the RT/Apache conf file would be enough. Now I'll try to install the ldap overlay and configure it. -----Message d'origine----- De : Scott Golby [mailto:[EMAIL PROTECTED] Envoyé : vendredi 19 octobre 2007 15:57 À : David ROBERT Objet : RE: [rt-users] RT 3.6.5 Setup / LDAP Oh, go for debug on, you'll get tons of LDAP messages every step of the way. Set($LogToFile , 'debug'); Set($LogDir, '/opt/rt3/var/log'); Set($LogToFileNamed , "rt.log"); #log to rt.log Very obvious when you get it right, you'll see the response from the server with the Real Name, Address, etc, etc, in the logs. -----Original Message----- From: David ROBERT [mailto:[EMAIL PROTECTED] Sent: Friday, October 19, 2007 9:53 AM To: Scott Golby Subject: RE: [rt-users] RT 3.6.5 Setup / LDAP Since I get no LDAP error whatsoever in my log files I'll try the ldapsearch approach first. At the same time I am reviewing wiki articles about a FastCGI setup instead of the mod_perl method (found a RHEL4u2+RT3.6.2 method that I try on my RHEL5+RT3.6.5) Will keep you posted on the ldapsearch attempt. -----Message d'origine----- De : Scott Golby [mailto:[EMAIL PROTECTED] Envoyé : vendredi 19 octobre 2007 15:30 À : David ROBERT; [email protected] Objet : RE: [rt-users] RT 3.6.5 Setup / LDAP Hi David, The link that Jose posted is pretty similar to what I used to hook into our ActiveDirectory on Win2k3 server here. I did make these changes to get it to work however. The Doc I read 12 months ago said to filter on sAMAccountName, that didn't work for me. #Set($LdapFilter, '(objectclass=sAMAccountName)'); Set($LdapFilter, '(objectclass=*)'); Getting the Set($LdapBase, ''); right can be a challenge, use ldapsearch on linux to walk your AD server, it will also confirm that your Set($LdapUser) is setup correctly. That you have to be sure of, we've had our LdapUser expire on the AD server and it locked everyone out of RT because it couldn't bind. Unlike the link instructions, I do have SSL turned on, worked for me. # These turn on SSL for LDAP Set($LdapTLS, 0); Set($LdapSSLVersion, 3); - Scott _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
