On Tue, Feb 08, 2011 at 01:20:43AM -0800, Dragan wrote: > Hi everyone, I'm having problem to set the authentication to work with > active directory. I'm > using domain administrator user for binding the AD. This is the error from > syslog > > [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: > LDAP_INVALID_CREDENTIALS 49 > (/usr/local/lib/rt3/lib/RT/Authen/ExternalAuth/LDAP.pm:467) > > and this is from ldapsearch tool: > > ldapsearch -h example -b "cn=some user, ou=Users, dc=example,dc=com,dc=mk" > -D "admin, > dc=example=com,dc=mk" -w "password" > > ldap_bind: Invalid credentials (49) > additional info: 80090308: LdapErr: DSID-0C090334, comment: > AcceptSecurityContext error, > data 525, vece > > it is obviously something to do with username and password. My question is > do I need special > user for binding the active directory? or it is some mismatch in the > config. Thanks
I'd be looking at your ldap server error logs to figure out the format it wants -kevin > This is the config from RT_SiteConfig.pm > > Set( @Plugins, qw(RT::Authen::ExternalAuth) ); > > Set($ExternalAuthPriority, [ 'My_LDAP', ] > ); > Set($ExternalInfoPriority, [ 'My_LDAP' ] > ); > > Set($ExternalServiceUsesSSLorTLS, 0); > Set($AutoCreateNonExternalUsers, 0); > Set($ExternalSettings, { > > 'My_LDAP' => { > 'type' => 'ldap', > 'auth' => 1, > 'server' => 'example', > 'user' => 'user', > 'pass' => 'password', > 'base' => > 'ou=Users,Groups,DC=unibank,DC=com,DC=mk', > 'net_ldap_args' => [ > version => 3 ], > 'ssl_version' => 3, > 'filter' => '(objectClass=*)', > # 'filter' => '(sAMAccountName=%u)', > 'd_filter' => > '(userAccountControl:1.2.840.113556.1.4.803:=2)', > # 'd_filter' => > '(&(objectCategory=person)(objectClass=user))', > 'attr_match_list' => [ > > 'Name', > > 'EmailAddress', > > 'RealName', > # > 'WorkPhone', > # > 'Address2' > > ], > 'attr_map' => { 'Name' > => > 'sAMAccountName', > 'EmailAddress' => 'mail', > 'RealName' => 'cn', > 'Organization' => > 'physicalDeliveryOfficeName', > } > }, > } > ); > > > > > ---------------------------------------------------------------------------------------------- > > --- > http://mail.secureroot.com/ - free mailbox for hackers and geeks
pgp5hwlK69GAd.pgp
Description: PGP signature