Good day all! I've set up LDAP integration on a fresh RT 3.6.6 install to authenticate with our Windows 2003 Active Directory, as per http://wiki.bestpractical.com/view/LDAP. It seems to be working quite nicely (including authentication and user record field population), with one exception: enabling group membership checks breaks things.
These are the lines for our LDAP group settings in RT_SiteConfig.pm: # If you set these, only members of this group can auth via LDAP Set($LdapGroup, 'cn=RT,ou=ITST,ou=Everyone,dc=domain,dc=tld'); Set($LdapGroupAttr, 'uniqueMember'); The group RT in the OU ITST in the OU Everyone in the AD root definitely exists. It contains users that can log in just fine if those lines are commented out and RT is restarted. When we try to log in with these settings uncommented, the web interface says "Error: Your username or password is incorrect" and we get these lines in the debug logs: Feb 29 12:32:26 stilgar RT: RT::User::CanonicalizeUserInfo called by RT::User /var/www/rt/local/lib/RT/User_Local.pm 628 with: Name: rttestuser Feb 29 12:32:26 stilgar RT: RT::User::LookupExternalUserInfo called with baseDN "dc=domain,dc=tld" and filter "sAMAccountName=rttestuser" by RT::User /var/www/rt/local/lib/RT/User_Local.pm 404 Feb 29 12:32:26 stilgar RT: RT::User::CanonicalizeEmailAddress : called with "[EMAIL PROTECTED]" by RT::User /var/www/rt/local/lib/RT/User_Local.pm 413 Feb 29 12:32:26 stilgar RT: RT::User::LookupExternalUserInfo called with baseDN "dc=domain,dc=tld" and filter "[EMAIL PROTECTED]" by RT::User /var/www/rt/local/lib/RT/User_Local.pm 343 Feb 29 12:32:26 stilgar RT: FOUND OK Feb 29 12:32:26 stilgar RT: UPDATED user rttestuser from LDAP Feb 29 12:32:26 stilgar RT: RT::User::CanonicalizeUserInfo called by RT::User /var/www/rt/local/lib/RT/User_Local.pm 628 with: Name: rttestuser Feb 29 12:32:26 stilgar RT: RT::User::LookupExternalUserInfo called with baseDN "dc=domain,dc=tld" and filter "sAMAccountName=rttestuser" by RT::User /var/www/rt/local/lib/RT/User_Local.pm 404 Feb 29 12:32:26 stilgar RT: RT::User::CanonicalizeEmailAddress : called with "[EMAIL PROTECTED]" by RT::User /var/www/rt/local/lib/RT/User_Local.pm 413 Feb 29 12:32:26 stilgar RT: RT::User::LookupExternalUserInfo called with baseDN "dc=domain,dc=tld" and filter "[EMAIL PROTECTED]" by RT::User /var/www/rt/local/lib/RT/User_Local.pm 343 Feb 29 12:32:26 stilgar RT: FOUND OK Feb 29 12:32:26 stilgar RT: UPDATED user rttestuser from LDAP Feb 29 12:32:26 stilgar RT: Trying LDAP authentication Feb 29 12:32:26 stilgar RT: RT::User::IsLDAPPassword Found LDAP DN: CN=rttestuser,OU=ITST,OU=Everyone,DC=domain,dc=tld Feb 29 12:32:26 stilgar RT: RT::User::IsLDAPPassword AUTH FAILED: rttestuser Additional LDAP settings in RT_SiteConfig.pm: Set($LdapServer, 'dc.domain.tld'); Set($LdapBase, 'dc=domain,dc=tld'); Set($LdapFilter, '(objectclass=*)'); Set($LdapUser, 'cn=ldapuser,ou=ITST,ou=Everyone,dc=domain,dc=tld'); Set($LdapPass, 'passwordgoeshere'); I've been banging my head against the wall on this for a while and am starting to run out of ideas. If any of you fine folks can offer a suggestion, it would be highly appreciated :) -Matt
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com