Hi,

Looks like a ldap acl issue, is your ldap search user able to access the users mail attribute?

Best Regards

Martin

On 2016-12-09 13:37, Claude EDUMA wrote:
LDAP logs show that user is retreive, but not bind.

-----

SRCH base="o=corp.mycorp.com [2]" scope=2
filter="(&(objectClass=privperson)(mail=claude.ed...@ext.mycorp.com))"
attrs="cn mail mail"
[09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
tag=101 nentries=1 etime=0

----

Regards.

2016-12-09 14:21 GMT+01:00 Claude EDUMA <clauded...@gmail.com>:

Well,

I will try to use user mail for authentication.

here is conf i tested without success :(

-----

Set($ExternalSettings, {
'My_LDAP'       =>  {
'type'             =>  'ldap',
'server'           =>
'ldap://ypmycorpldap.corp.mycorp.com [1]',
'user'             =>
'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com
[2]',
'pass'             =>
'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
'base'             =>  'o=corp.mycorp.com [2]',
'filter'           =>  '(objectClass=person)',
'tls'              => { verify => "require", cafile =>
"/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
'net_ldap_args'    => [    version =>  3, debug => 8
],
'attr_match_list'  => [
'Name' ,
'EmailAddress',
],
# Import the following properties of the user from LDAP
upon
# login
'attr_map' => {
'Name'         => 'mail',
'EmailAddress' => 'mail',
'RealName'     => 'cn',
}
},
}
);

---

Regards

2016-12-09 13:59 GMT+01:00 Martin Wheldon
<martin.whel...@greenhills-it.co.uk>:
Hi,

You could either use another unique attribute i.e mail or add
another uid to each RT user prefixed by a letter.

dn: uid=123456,dc=my,dc=domain
uid: 123456
uid: x123456

Best Regards

Martin

On 2016-12-09 12:49, Joop wrote:
On 9-12-2016 13:38, Claude EDUMA wrote:
Hi Joop,

Thank you for your quick answer.
We have tested with non numerical username and result is OK.
Well in my organisation we use ldap uid for username. Any suggestion
to resolve this issue ?

Please keep the list in the loop.

I think the problem is in the function(s) which load the user info.
These functions take a name OR an id and then load the corresponding
info. When  usernames are IDs that doesn't work any more. Other than
patching all functions which use this I don't see another solution
than
to change the use of uid as a username, sorry.

Joop

---------
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017
 ---------
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017



Links:
------
[1] http://ypmycorpldap.corp.mycorp.com
[2] http://corp.mycorp.com
[3] https://bestpractical.com/training
---------
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Reply via email to