For your ‘server’ try using IP rather than hostname.
Second for the ‘user’ field try using the DN name for your AD Binding
user…{cn=some_user,ou=some_ou,dc=some_domain,dc=com
Hope this helps..
Jeff
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Mathew Snyder
Sent: Thursday, October 17, 2013 1:19 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings,
please
These are the settings I've started with:
Set($ExternalSettings, {
'AD' => {
'type' => 'ldap',
'server' =>
'domain_controller.example.com<http://domain_controller.example.com>',
'base' => 'dc=example,dc=com',
'user' => 'rtuser',
'pass' => '********',
'filter' => '(ObjectClass=*)',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'attr_match_list' => [
'EmailAddress',
],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'RealName' => 'cn',
},
They aren't working. Whenever someone attempts an initial login with just their
username (which should create their RT account) the following error is logged:
Oct 17 15:02:29 zen-rt RT: [23131] Use of uninitialized value in string eq at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 613.
Oct 17 15:02:29 zen-rt RT: [23131]
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
EmailAddress: , Gecos: user, Name: user, Privileged:
Oct 17 16:14:01 zen-rt RT: [24382] Couldn't create user user: Could not set
user info
Oct 17 16:14:01 zen-rt RT: [24382] FAILED LOGIN for user from 192.168.236.102
When initial logins are attempted with either example\username or
example.com<http://example.com>\username only the FAILED LOGIN line is
displayed.
We also have our Openfire Jabber server authenticating successfully. Those
settings are
ldap.autoFollowAliasReferrals = true
ldap.autoFollowReferrals = false
ldap.baseDN = dc=example,dc=com
ldap.connectionPoolEnabled = true
ldap.debugEnabled = false
ldap.emailField = mail
ldap.encloseDNs = true
ldap.groupDescriptionField = description
ldap.groupMemberField = member
ldap.groupNameField = cn
ldap.groupSearchFilter = (objectClass=group)
ldap.host = domain_controller.example.com<http://domain_controller.example.com>
ldap.ldapDebugEnabled = false
ldap.nameField = cn
ldap.port = 389
ldap.searchFilter = (objectClass=*)
ldap.usernameField = sAMAccountName
I know they don't match up exactly in terms of what Openfire calls the settings
vs. what RT does, but I'm hoping someone can help me sort out what should be
plugged in where on the RT side. For example, I don't know what the group_attr
or group_attr_value setting should contain (if anything) in the
RT_SiteConfig.pm file. Basically, anything from the "group" settings.
-Mathew
"When you do things right, people won't be sure you've done anything at all." -
God; Futurama
"We'll get along much better once you accept that you're wrong and neither am
I." - Me
