On Fri, Apr 20, 2012 at 08:52:34AM +0200, Joop wrote: > Glenn Sieb wrote: > >On 4/19/12 9:23 PM, Jeff Blaine wrote: > >>Share the solution? > > > >In the LDAP definition of RT_SiteConfig, where you set up the user to > >query as, and such, the ldap user login wasn't working until we added > >the @domain.ou bit to the end of it. > > > >So if the AD domain is dc=intranet,dc=local, the user had to be > >user@intranet.local then it started working. > I'm also using AD and I don't have to add the @domain.local to my > login. I had a look at your RT_SiteConfig but didn't see the > obvious. Will check later to see what difference there is between my > and yours.
AD varies wildly. Sometimes a username is enough, sometimes you need username@realm and sometimes you need a full DN. If you're lucky, you can get an AD Admin to read the logs, but most of the time you just have to try all three until it works. This is why the list often suggests testing with ldapsearch to debug auth problems. -kevin
pgpcY06HvdtDq.pgp
Description: PGP signature
