And I think I have found a bug when using Ldap Groups.
In LdapUserLocalOverlay the code that validates group membership is executed after user authentication, as a side effect the $ldap variable is "binded" to the ldap server using the user's login credentials instead of the credentials specified in the config file, namely $LdapUser and $LdapPass.
The following is a excerpt from my User_Local.pm that solves this (around line 200).
---------------
# Is there an LDAP Group to check?
if ($ldap_group) {
# Close current connection and rebind
$ldap->unbind;
$ldap = $self->_GetBoundLdapObj('Auth', version=>3);
return unless $ldap;
$filter = Net::LDAP::Filter->new("(${ldap_group_attr}=$
{ldap_dn})");
---------------Note that the current code will work if the user login in has access to the ldap groups information, which is not my case.
Thank you for your time, Paulo F. Andrade [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
