I tried what Ken said, and it didn't work on my login because of this
code in the RT-External-Authen plugin :
ExternalAuth/LDAP.pm : line 230
[...]
} else {
# If there's only one match, we're good; more than one and
# we don't know which is the right one so we skip it.
if ($ldap_msg->count == 1) {
my $entry = $ldap_msg->first_entry();
[...]
I had two sAMAccountName returned because my AD account with my email
address has one normal sAMAccountName, and another admin one (in the
same AD entry).
To make it work, I modified the ldap filter :
Set($EmailCompletionLdapFilter,
"(&(objectclass=organizationalPerson)(!(sAMAccountName=admin*)))");
This filter will match my sAMAccountName but not the one starting with
"admin" (replace this filter in your config). (Be careful of regular
users having a login matching this string)
Once I had only one and only one sAMAccountName, I disabled my current
account (changed all the values insided), I sent an email to my RT in
debug mode and here my new account got created with the AD login.
If a developer of this plugin read this, I think it would be nice to
add a $RT::Logger->info at this step in the code...
--
L.B.
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [email protected]
2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22 & 23
Dublin, Ireland - Mar 15 & 16
Boston, MA, USA - April 5 & 6
Washington DC, USA - Oct 25 & 26
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
