On Tue, Nov 15, 2011 at 12:34:26PM -0500, Kevin Falcone wrote: > On Tue, Nov 15, 2011 at 12:21:52PM -0500, Thomas Misilo wrote: > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Kevin Falcone > > Sent: Tuesday, November 15, 2011 12:05 PM > > To: [email protected] > > Subject: Re: [rt-users] External Auth (LDAP) and Mail Attribute > > > > On Tue, Nov 15, 2011 at 11:55:41AM -0500, Thomas Misilo wrote: > > > > > > Okay I think I see what my problem is. > > > > > > In the log is see "== Attrs: displayName,mail,cn,cn,cn" and when I try > > > and select the attributes like that from the AD it doesn't find them. > > > They are separated by ; I believe with windows AD. > > > > That's a debugging convention, not the literal command sent. > > The filter is right above it in the logs. > > > > The usual next step is to run ldapsearch manually with the filter and see > > what you get back > > > > -kevin > > > > Okay I ran; > > > > ldapsearch -h server-x -b "dc=server,dc=tld" -D "CN=user,OU=Group User > > Accounts,OU=Groups ,DC=server,DC=tld" -W "(&(cn=userIwant))" displayName > > mail cn > > > > and it displays correctly the following: > > > > cn: userIwant > > displayName: Name > > mail: [email protected] > > > > > > I have tried changing line 304 in LDAP.pm to join with spaces, but that > > doesn't work. > > Line 304 is a debug line. > > It has absolutely no bearing on the operation of the search and > return. > > The actual search is run a few lines later.
Also - to be clear, you're concentrating on the part of the code that checks to see if a user exists. You're not looking at the later queries that *actually* sync the data. -kevin
pgpG8xJjfQBV1.pgp
Description: PGP signature
-------- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 & 29, 2011
