Re: [rt-users] Active Directory Authentication Issue

Tue, 08 Feb 2011 13:32:27 -0800 

On Tue, Feb 08, 2011 at 01:20:43AM -0800, Dragan wrote:
>    Hi everyone, I'm having problem to set the authentication to work with 
> active directory. I'm
>    using domain administrator user for binding the AD. This is the error from 
> syslog
> 
>    [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
>    LDAP_INVALID_CREDENTIALS 49 
> (/usr/local/lib/rt3/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
> 
>    and this is from ldapsearch tool:
> 
>    ldapsearch -h example -b "cn=some user, ou=Users, dc=example,dc=com,dc=mk" 
> -D "admin,
>    dc=example=com,dc=mk" -w "password"
> 
>    ldap_bind: Invalid credentials (49)
>        additional info: 80090308: LdapErr: DSID-0C090334, comment: 
> AcceptSecurityContext error,
>    data 525, vece
> 
>    it is obviously something to do with username and password. My question is 
> do I need special
>    user for binding the active directory? or it is some mismatch in the 
> config. Thanks

I'd be looking at your ldap server error logs to figure out the format
it wants

-kevin

>    This is the config from RT_SiteConfig.pm
> 
>    Set( @Plugins, qw(RT::Authen::ExternalAuth) );
> 
>    Set($ExternalAuthPriority,      [   'My_LDAP',  ]
>    );
>    Set($ExternalInfoPriority,  [  'My_LDAP' ]
>    );
> 
>    Set($ExternalServiceUsesSSLorTLS,    0);
>    Set($AutoCreateNonExternalUsers,    0);
>    Set($ExternalSettings,      {
> 
>                                    'My_LDAP'       =>  {
>                                    'type'                      =>  'ldap',
>                                    'auth'                      =>  1,
>                                    'server'                    =>  'example',
>                                    'user'                      =>  'user',
>                                    'pass'                    =>  'password',
>                                    'base'                      =>
>    'ou=Users,Groups,DC=unibank,DC=com,DC=mk',
>                                    'net_ldap_args'             => [    
> version =>  3   ],
>                                    'ssl_version'               =>  3,
>                                    'filter' => '(objectClass=*)',
>    #                               'filter' => '(sAMAccountName=%u)',
>                                    'd_filter'      =>
>    '(userAccountControl:1.2.840.113556.1.4.803:=2)',
>    #                               'd_filter' => 
> '(&(objectCategory=person)(objectClass=user))',
>                                    'attr_match_list'           => [
>                                                                            
> 'Name',
>                                                                            
> 'EmailAddress',
>                                                                        
> 'RealName',
>    #                                                                    
> 'WorkPhone',
>    #                                                                    
> 'Address2'
>                                                                               
>          ],
>                                    'attr_map'                  =>  {   'Name' 
> =>
>    'sAMAccountName',
>                                    'EmailAddress' => 'mail',
>                                    'RealName' => 'cn',
>                                    'Organization' => 
> 'physicalDeliveryOfficeName',
>                                                                    }
>                                                        },
>                                    }
>    );
> 
> 
> 
>    
> ----------------------------------------------------------------------------------------------
> 
>    ---
>    http://mail.secureroot.com/ - free mailbox for hackers and geeks

Attachment: pgp5hwlK69GAd.pgp
Description: PGP signature

Reply via email to