filter is your LDAP query string to determine if a particular CN is a user. If you are connecting to an AD it would be (&(objectCategory=User) (Object Class=Person))
d_filter is your LDAP query to determine disabled users. If you are connecting to an AD it would be a bitmask like so (userAccountControl:1.2.840.113556.1.4.803:=2) group is your LDAP CN that all your RT users would be a part of. This should be the full CN group_attr is the attribute of the user CN that determines what groups they are in. In AD this would be member One thing I would test is getting an LDAP browser and connecting using the same info you are attempting to connect with in RT, verify the user you are using works... Then troubleshoot from there.. Good luck! Mike. On Mon, Aug 2, 2010 at 8:08 AM, Anthony BRODARD <[email protected]>wrote: > And here, another logs generate with debug: > > > [Mon Aug 2 12:05:00 2010] [critical]: > RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to > ldap.blanked.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) > [Mon Aug 2 12:05:00 2010] [debug]: Autohandler called ExternalAuth. > Response: (0, No User) > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) > [Mon Aug 2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from > 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) > [Mon Aug 2 12:05:01 2010] [debug]: Reloading RT::User to work around a bug > in RT-3.8.0 and RT-3.8.1 > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) > [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth > service: My_LDAP > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) > [Mon Aug 2 12:05:01 2010] [debug]: SSO Failed and no user to test with. > Nexting > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) > [Mon Aug 2 12:05:01 2010] [debug]: Autohandler called ExternalAuth. > Response: (0, No User) > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) > [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) > Software caused connection abort at > /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 > (/opt/rt3/bin/webmux.pl:168) > [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth > service: My_LDAP > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) > [Mon Aug 2 12:05:01 2010] [debug]: Calling UserExists with $username > (anthony.brodard) and $service (My_LDAP) > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) > [Mon Aug 2 12:05:01 2010] [debug]: UserExists params: > username: anthony.brodard , service: My_LDAP > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) > [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) > Software caused connection abort at > /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 > (/opt/rt3/bin/webmux.pl:168) > > > 2010/7/29 Mike Johnson <[email protected]> > >> make sure you reply to the list, very important to share all this so >> others can learn. >> >> The only thing I could think of is your LDAP settings are incorrect >> somewhere. >> >> Some things I found when I was setting things up >> >> >> 1. user = the fully qualified CN of the user(ie CN=Mike >> Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local >> 2. filter and d_filter have to have valid settings >> 3. Group/Group_Attr had to have settings. >> >> I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 >> and 2 hold true for any LDAP. >> >> HTH >> Mike. >> >> On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD < >> [email protected]> wrote: >> >>> TLS argument is already sets to 1. >>> >>> I don't know how to see if it's the ldap's server which refuses the >>> connection, or it's an other problem. >>> >>> >>> >>> 2010/7/29 Mike Johnson <[email protected]> >>> >>> Oops, looking at it again, i was looking at the mysql config part, not >>>> ldap. >>>> >>>> i think the only way you can adjust what port you are connecting to >>>> through LDAP is specifying if it's TLS or not(I believe TLS is 636? google >>>> to confirm). >>>> >>>> You said you are supposed to be connecting on 636, so set the tls >>>> argument in your LDAP settings to 1. >>>> >>>> restart apache and give it a shot. >>>> >>>> Good luck! >>>> Mike. >>>> >>>> On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson >>>> <[email protected]>wrote: >>>> >>>>> If you read the ExternalAuth's RT_SiteConfig.pm in >>>>> /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm >>>>> >>>>> It shows you how to set the port you are connecting on. >>>>> >>>>> Set that to the port your LDAP server is listening to. >>>>> >>>>> Good luck >>>>> MIke. >>>>> >>>>> >>> >> >> >> -- >> Mike Johnson >> Datatel Programmer/Analyst >> Northern Ontario School of Medicine >> 955 Oliver Road >> Thunder Bay, ON P7B 5E1 >> Phone: (807) 766-7331 >> Email: [email protected] >> >> >> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. >> Buy a copy at http://rtbook.bestpractical.com >> > > -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: [email protected]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
