Hi everyone, I’m having problem to set the authentication to work with active directory. I’m using domain administrator user for binding the AD. This is the error from syslog
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind: LDAP_INVALID_CREDENTIALS 49 (/usr/local/lib/rt3/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
and this is from ldapsearch tool:
ldapsearch -h example -b “cn=some user, ou=Users, dc=example,dc=com,dc=mk” -D “admin, dc=example=com,dc=mk” -w “password”
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
it is obviously something to do with username and password. My question is do I need special user for binding the active directory? or it is some mismatch in the config. Thanks
This is the config from RT_SiteConfig.pm
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ ‘My_LDAP’, ]
);
Set($ExternalInfoPriority, [ ‘My_LDAP’ ]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'auth' => 1,
'server' => 'example',
'user' => 'user',
'pass' => 'password',
'base' => 'ou=Users,Groups,DC=unibank,DC=com,DC=mk',
'net_ldap_args' => [ version => 3 ],
'ssl_version' => 3,
'filter' => '(objectClass=*)',
‘filter’ => ‘(sAMAccountName=%u)’,
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
‘d_filter’ => ‘(&(objectCategory=person)(objectClass=user))’,
'attr_match_list' => [
'Name',
'EmailAddress',
'RealName',
‘WorkPhone’,
‘Address2’
],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'Organization' => 'physicalDeliveryOfficeName',
}
},
}
);
---
http://mail.secureroot.com/ - free mailbox for hackers and geeks