Guys, I am new to RT, and I've encounter the following issue:
I have changed the domain on the email address for some of our users, but now when they send a request to our queue, they get the following response. Could not load a valid user What do I need to change so that it does not happen again? Thank you so much. Alberto On Wed, Jan 12, 2011 at 3:05 PM, Kevin Falcone <[email protected]>wrote: > On Wed, Jan 12, 2011 at 03:00:30PM -0800, Wes Modes wrote: > > Kevin, you said the error is clear. but it seems less than clear to > > me. Especially since I have no problem connecting to ldap with > > ldapsearch using the same DN. > > > > Are we stalled out here, then? If this forum can not offer help, any > > suggestions where to turn to for help? > > > > In my experience with other software, LDAP is one of the simplest > > integrations possible. In total one has to configure maybe three, maybe > > four things. The server FQDN, maybe the port, the base DN, and maybe > > the root DN. Voila! That's it! LDAP integration. > > > > I have a difficult time believing that RT is so difficult to integrate > > with LDAP, that there is so little step-by-step documentation, and that > > the user forums offer so little help. This has been a surprisingly > > difficult process, but I'd still like to be proved completely wrong. > > Wes, plenty of folks have this working and I've set it up more times > than I can count. You've cherry picked an error that tells me that > your LDAP server is rejecting the connection attempt. What do your > LDAP logs say? > > As someone observed, your group settings look interestingly wrong, but > since I'm staring at one log line it's kind of hard to tell if this is > the initial bind or a later bind failure. > > -kevin > > > On 1/11/2011 7:43 AM, Kevin Falcone wrote: > > > On Mon, Jan 10, 2011 at 06:03:37PM -0800, Wes Modes wrote: > > >> I am using ExternalAuth to connect RT3.8.8 to LDAP. > > >> > > >> Detailed documentation seems to be woefully absent, and I've > scoured the web and tried the > > >> dozens of conflicting suggestions, so I'm turning to y'all. > > >> > > >> Here's the error I get: > > >> > > >> [Tue Jan 11 01:41:56 2011] [critical]: > RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj > > >> Can't bind: LDAP_INVALID_DN_SYNTAX 34 > > >> > > (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467) > > > The error seems clear, something in your username or password isn't > > > valid DN syntax according to your server. > > > > > > Try connecting using the ldapsearch command line client. > > > > > > -kevin > > > > > >> Here's the LDAP section from my RT_Authen-ExternalAuth.pm > > >> > > >> 'My_LDAP' => { > > >> ## GENERIC SECTION > > >> # The type of service (db/ldap/cookie) > > >> 'type' => 'ldap', > > >> # The server hosting the service > > >> 'server' => 'dir1.library.ucsc.edu', > > >> ## SERVICE-SPECIFIC SECTION > > >> # If you can bind to your LDAP server anonymously you > should > > >> # remove the user and pass config lines, otherwise > specify them here: > > >> # > > >> # The username RT should use to connect to the LDAP > server > > >> 'user' => > 'cn=admin,dc=ucsc,dc=edu', > > >> # The password RT should use to connect to the LDAP > server > > >> 'pass' => 'PASSWORD', > > >> # > > >> # The LDAP search base > > >> 'base' => > 'ou=people,dc=ucsc,dc=edu', > > >> # > > >> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN > PARENTHESES! > > >> # YOU **MUST** SPECIFY A filter AND A d_filter!! > > >> # > > >> # The filter to use to match RT-Users > > >> 'filter' => '(objectClass=person)', > > >> # A catch-all example filter: '(objectClass=*)' > > >> # > > >> # The filter that will only match disabled users > > >> 'd_filter' => > '(objectClass=FooBarBaz)', > > >> # A catch-none example d_filter: > '(objectClass=FooBarBaz)' > > >> # > > >> # Should we try to use TLS to encrypt connections? > > >> 'tls' => 0, > > >> # SSL Version to provide to Net::SSLeay *if* using SSL > > >> 'ssl_version' => 3, > > >> # What other args should I pass to > Net::LDAP->new($host,@args)? > > >> 'net_ldap_args' => [ version => 3 ], > > >> # Does authentication depend on group membership? What > group name? > > >> 'group' => 'staff', > > >> # What is the attribute for the group object that > determines membership? > > >> 'group_attr' => > 'ou=group,dc=ucsc,dc=edu', > > >> ## RT ATTRIBUTE MATCHING SECTION > > >> # The list of RT attributes that uniquely identify a user > > >> > > >> # This example shows what you *can* specify.. I recommend > reducing this > > >> > > >> # to just the Name and EmailAddress to save encountering > problems later. > > >> 'attr_match_list' => [ 'Name', > > >> 'EmailAddress', > > >> ], > > >> # The mapping of RT attributes on to LDAP attributes > > >> 'attr_map' => { 'Name' => 'uid', > > >> 'EmailAddress' => > 'mail', > > >> 'RealName' => 'cn', > > >> 'ExternalAuthId' => > 'uid', > > >> 'Gecos' => 'gecos', > > >> 'WorkPhone' => > 'telephoneNumber', > > >> } > > >> > > >> }, > > >> > > >> What more do you need to know to help me get this working? > > >> > > >> Wes > -- Alberto Vazquez-Dzul Email: [email protected] Mobile: (805) 444-0835 GVoice: (805) 768-4798
