Here is mine which is working great # WorkingLDAP Connection 'Connect_LDAP' => { 'type' => 'ldap', 'server' => '192.168.250.49', 'user' => 'CN=Secret,OU=Users_Special,OU=Copesan,DC=Copesan,DC=local', 'pass' => Secret, 'base' => 'DC=copesan,DC=local', 'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))', 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)', 'tls' => 0, # 'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ], # 'group' => 'CN=RTUsers,OU=CampusServices,DC= mydomain,DC=mydomain,DC=edu', # 'group_attr' => 'member', 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' } } } I would question the conical name of the user the log email address is different from the name .local versus .com.br. Should the local have a .br as well? Also in the conical name you do not have an OU in the path. Thanks Bryon Baker Network Operations Manager Copesan - Specialists in Pest Solutions 800-267-3726 * 262-783-6261 ext. 2296 bba...@copesan.com<mailto:cstep...@copesan.com> www.copesan.com<http://www.copesan.com/> "Servicing North America with Local Care" From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Diego Andrade Sent: Thursday, February 06, 2014 11:46 AM To: rt-users@lists.bestpractical.com Subject: [rt-users] Help with Active Directory Auth on 4.2.2 Hi, I need some help from you whom have already Request Tracker with Active Directory! After struggle for some days trying to authenticate Active Directory users with the External Auth module I bring you my Apache Log and configuration of the Plugin. May someone help me with advices??? I would love to see my Request Tracker linked to the Active Directory of the company. My Operational Systems are: Request Tracker 4.2.2 - Ubuntu 13.10 Active Directory - Windows 2008 Server Well after trying to figure out how the Plugin Works I wanted to make sure my Active Directory was acessible and the Bind account was working. So I check with the command: ldapsearch -x -h pdcsti.stitelecom.local -p 389 -D "cn=rt-ldap,cn=Users,dc=stitelecom,dc=local" -w secret -s sub -b 'cn=Users,dc=stitelecom,dc=local' "(&(objectClass=*))" When I do it the output is a loto f Users, Groups and other objects from the AD. So I suppose the AD is ready right?? Follow the RT part... +++++In the /var/log/apache2/error.log++++++ [4638] [Thu Feb 6 14:41:01 2014] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: r...@stitelecom.com.br<mailto:r...@stitelecom.com.br>, ExternalAuthId: rtop, Gecos: rtop, Name: rtop, Privileged: , RealName: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685) [4638] [Thu Feb 6 14:41:01 2014] [info]: Autocreated external user rtop ( 118 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:281) [4638] [Thu Feb 6 14:41:01 2014] [info]: My_LDAP AUTH FAILED rtop (can't bind: LDAP_INVALID_CREDENTIALS 49 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:227) [4638] [Thu Feb 6 14:41:01 2014] [error]: FAILED LOGIN for rtop from 10.10.1.137 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814) ++++++ In the RT_Siteconfig.pm: +++++++ Plugin( "RT::Authen::ExternalAuth" ); Set($ExternalAuthPriority, [ 'My_LDAP' ] ); Set($ExternalInfoPriority, [ 'My_LDAP' ] ); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'pdcsti.stitelecom.local', 'user' => 'cn=rt-ldap,cn=Users,dc=stitelecom,dc=local', 'pass' => 'secret', 'base' => 'dc=stitelecom,dc=local', 'filter' => '(objectclass=*)', 'group' => 'cn=RTUsers,ou=RT4,ou=STI,dc=stitelecom,dc=local', 'group_attr' => 'uniqueMember', 'tls' => 0, 'ssl_version' => 3, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'ExternalAuthId' => 'sAMAccountName', }, }, } ); 1; THANK YOU IN ADVANCE! [Diego2013]
<<inline: image001.jpg>>