Here is mine which is working great
# WorkingLDAP Connection
'Connect_LDAP' = {
'type' = 'ldap',
'server'= '192.168.250.49',
'user' =
'CN=Secret,OU=Users_Special,OU=Copesan,DC=Copesan,DC=local',
'pass' = Secret,
'base' = 'DC=copesan,DC=local',
'filter'= '((ObjectCategory=User)(ObjectClass=Person))',
'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' = 0,
# 'ssl_version' = 3,
'net_ldap_args' = [ version = 3 ],
# 'group' = 'CN=RTUsers,OU=CampusServices,DC=
mydomain,DC=mydomain,DC=edu',
# 'group_attr'= 'member',
'attr_match_list' = [ 'Name', 'EmailAddress' ],
'attr_map' = { 'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
}
}
}
I would question the conical name of the user the log email address is
different from the name .local versus .com.br. Should the local have a .br as
well? Also in the conical name you do not have an OU in the path.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 * 262-783-6261 ext. 2296
bba...@copesan.commailto:cstep...@copesan.com
www.copesan.comhttp://www.copesan.com/
Servicing North America with Local Care
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Diego Andrade
Sent: Thursday, February 06, 2014 11:46 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Help with Active Directory Auth on 4.2.2
Hi,
I need some help from you whom have already Request Tracker with Active
Directory!
After struggle for some days trying to authenticate Active Directory users with
the External Auth module I bring you my Apache Log and configuration of the
Plugin. May someone help me with advices??? I would love to see my Request
Tracker linked to the Active Directory of the company.
My Operational Systems are:
Request Tracker 4.2.2 - Ubuntu 13.10
Active Directory - Windows 2008 Server
Well after trying to figure out how the Plugin Works I wanted to make sure my
Active Directory was acessible and the Bind account was working. So I check
with the command:
ldapsearch -x -h pdcsti.stitelecom.local -p 389 -D
cn=rt-ldap,cn=Users,dc=stitelecom,dc=local -w secret -s sub -b
'cn=Users,dc=stitelecom,dc=local' ((objectClass=*))
When I do it the output is a loto f Users, Groups and other objects from the
AD. So I suppose the AD is ready right??
Follow the RT part...
+In the /var/log/apache2/error.log++
[4638] [Thu Feb 6 14:41:01 2014] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
EmailAddress: r...@stitelecom.com.brmailto:r...@stitelecom.com.br,
ExternalAuthId: rtop, Gecos: rtop, Name: rtop, Privileged: , RealName:
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)
[4638] [Thu Feb 6 14:41:01 2014] [info]: Autocreated external user rtop ( 118
)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:281)
[4638] [Thu Feb 6 14:41:01 2014] [info]: My_LDAP AUTH FAILED rtop (can't bind:
LDAP_INVALID_CREDENTIALS 49 )
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:227)
[4638] [Thu Feb 6 14:41:01 2014] [error]: FAILED LOGIN for rtop from
10.10.1.137 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814)
++ In the RT_Siteconfig.pm: +++
Plugin( RT::Authen::ExternalAuth );
Set($ExternalAuthPriority, [ 'My_LDAP' ] );
Set($ExternalInfoPriority, [ 'My_LDAP' ] );
Set($AutoCreateNonExternalUsers,0);
Set($ExternalSettings, {
'My_LDAP' = {
'type' = 'ldap',
'server'= 'pdcsti.stitelecom.local',
'user' =
'cn=rt-ldap,cn=Users,dc=stitelecom,dc=local',
'pass' = 'secret',
'base' = 'dc=stitelecom,dc=local',
'filter'= '(objectclass=*)',
'group' =
'cn=RTUsers,ou=RT4,ou=STI,dc=stitelecom,dc=local',
'group_attr'= 'uniqueMember',
'tls' = 0,
'ssl_version' = 3