Cannot connect even after succesful Ldap search

Hi,

I am trying to connect my AD to RT, to let users in AD access RT with
their user names. I tried configuring LDAP different ways, but it always
returns cannot connect to LDAP, Invalid Credentials.
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot
connect to 10.10.0.5:389

I assume the LDAP search was successful through this command.

LDAP Search:
ldapsearch -LLL -x -H ldap://10.10.0.5:389 -b ‘ou=IT, ou=Support,
dc=mcfc, dc=local’ -D ‘cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local’ -w
’abc123!@#’ '(&(ObjectClass=User)(CN= RT))'

Does that mean, the ldap search was successful?

My RT Site Config is below.
Do i have to use AutoCanonical for user to get connected to LDAP.

Where am i doing wrong. Please let me know if you may need some more
files to know where am i doing it wrong.

------------------------RT SITE CONFIG
Set($WebBaseURL,‘http://10.10.10.10:443’); Set($WebPath,’’);
Set($DatabaseName, ‘rt3’); Set($DatabaseType, ‘mysql’);
Set($DatbaseUser, ‘rtuser’); Set($DatabasePassword, ‘pass’);
Set($rtname,‘Ticket’); Set($Organization,“http://www.mcfc.com”);

#Set(@Plugins,(qw(Extension::QuickDelete)));
#Set(@Plguins,(qw(RT::FM)));
#Set($LogtoFileNamed, “rt.log”);
#Set($LogtoFile, ‘debug’);

Set(@Plugins,qw(RT::Authen::ExternalAuth));
Set($CorrespondAddress, ‘rt-its@mcfc.com’);
Set($CommentAddress, ‘rt-comment@mcfc.com’);

@MailCommand , ‘sendmail’;
$SendMailArguments = “-oi -t”;
$SendMailPath = “/usr/sbin/sendmail”;
$SenderMustExistInExternalDatabase = undef;

#Set($MailCommand, ‘sendmail’);
#Set($SendMailArguments, “-bm --rt-its@mcfc.com”);
#Set($SendmailPath, “/usr/sbin/exim4”);

Set($NotifyActor, 1);
Set($RecordOutgoingEmail, 1);
Set($Timezone, ‘US/Central’);

$WebURL = $WebBaseURL . $WebPath . “/”;

#Set($WebExternalAuth, 1);
#Set($WebFallbackToInternalAuth, true);
#Set($WebExternalAuto , 1);

Set ($ExternalAuthPriority, [ ‘My_LDAP’ ]);
Set ($ExternalInfoPriority, [ ‘My_LDAP’ ]);
Set ($ExternalServiceUsesSSLorTLS, 1);
Set ($AutoCreateNonExternalUsers, 1);
Set ($Autocreate, ‘Privileged=>1’);

Set($ExternalSettings, { ‘My_LDAP’ =>
{
‘type’ => ‘ldap’,
‘server’ => ‘10.10.10.10:389’,
‘user’ => ‘cn=RT, ou=IT,
ou=Support, dc=mcfc, dc=local’,
#‘filter’ => ‘(uid=*)’,
#‘filter’ => ‘(&(ObjectCategory =
User)(ObjectClass=Person))’,
‘filter’ => ‘(&(ObjectCategory =
User)’,
‘d_filter’ =>
’(userAccountControl=514)’,
#‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
#‘ssl_version’ => 3,
‘net_ldap_args’ => [version => 3],
#‘group’ =>‘cn= ou=Users
dc=server, dc=mcfc, dc=local’,
#‘group_attr’ => ‘member’,
‘attr_match_list’ =>
[‘Name’,‘Email Address’],
#‘attr_map’ => {‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’}
‘attr_map’ => {
‘Name’ =>
‘sAMAaccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’=>
‘sAMAccountname’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘1’,
‘State’ => ‘st’,
‘Zip’ =>‘postalCode’,
‘Country’ => ‘co’
}

                                  }

}
);
1;

Hi,

I am trying to connect my AD to RT, to let users in AD access RT with their user names. I
tried configuring LDAP different ways, but it always returns cannot connect to LDAP, Invalid
Credentials.
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to 10.10.0.5:389

I assume the LDAP search was successful through this command.

LDAP Search:
ldapsearch -LLL -x -H [1]ldap://10.10.0.5:389 -b ‘ou=IT, ou=Support, dc=mcfc, dc=local’ -D
’cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local’ -w ‘abc123!@#’ '(&(ObjectClass=User)(CN= RT))'

Does that mean, the ldap search was successful?

Your ldapsearch command specified a password, your RT config does not

-kevin

I specified the password this time.
But it still does not connect to LDAP even then.On 9/29/2010 4:42 PM, Kevin Falcone wrote:

On Wed, Sep 29, 2010 at 03:24:43PM -0500, Ashrock wrote:

Hi,

I am trying to connect my AD to RT, to let users in AD access RT with their user names. I
tried configuring LDAP different ways, but it always returns cannot connect to LDAP, Invalid
Credentials.
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to 10.10.0.5:389

I assume the LDAP search was successful through this command.

LDAP Search:
ldapsearch -LLL -x -H [1]ldap://10.10.0.5:389 -b 'ou=IT, ou=Support, dc=mcfc, dc=local' -D
'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local' -w 'abc123!@#' '(&(ObjectClass=User)(CN= RT))'
<returned no errors>
Does that mean, the ldap search was successful?

Your ldapsearch command specified a password, your RT config does not

-kevin

My RT Site Config is below.
Do i have to use AutoCanonical for user to get connected to LDAP.

Where am i doing wrong. Please let me know if you may need some more files to know where am i
doing it wrong.

------------------------RT SITE CONFIG
---------------------------------------------------------------
Set($WebBaseURL,'[2]http://10.10.10.10:443'); Set($WebPath,'');
Set($DatabaseName, 'rt3'); Set($DatabaseType, 'mysql');
Set($DatbaseUser, 'rtuser'); Set($DatabasePassword, 'pass');
Set($rtname,'Ticket'); Set($Organization,[3]"http://www.mcfc.com");

#Set(@Plugins,(qw(Extension::QuickDelete)));
#Set(@Plguins,(qw(RT::FM)));
#Set($LogtoFileNamed, "rt.log");
#Set($LogtoFile, 'debug');

Set(@Plugins,qw(RT::Authen::ExternalAuth));
Set($CorrespondAddress, '[4]rt-its@mcfc.com');
Set($CommentAddress, '[5]rt-comment@mcfc.com');

@MailCommand , 'sendmail';
$SendMailArguments = "-oi -t";
$SendMailPath = "/usr/sbin/sendmail";
$SenderMustExistInExternalDatabase = undef;

#Set($MailCommand, 'sendmail');
#Set($SendMailArguments, "-bm --rt-its@mcfc.com");
#Set($SendmailPath, "/usr/sbin/exim4");

Set($NotifyActor, 1);
Set($RecordOutgoingEmail, 1);
Set($Timezone, 'US/Central');

$WebURL = $WebBaseURL . $WebPath . "/";

#Set($WebExternalAuth, 1);
#Set($WebFallbackToInternalAuth, true);
#Set($WebExternalAuto , 1);

Set ($ExternalAuthPriority, [ 'My_LDAP' ]);
Set ($ExternalInfoPriority, [ 'My_LDAP' ]);
Set ($ExternalServiceUsesSSLorTLS, 1);
Set ($AutoCreateNonExternalUsers, 1);
Set ($Autocreate, 'Privileged=>1');

Set($ExternalSettings, { 'My_LDAP' =>
                                     {
                                      'type' =>  'ldap',
                                      'server' =>  '10.10.10.10:389',
                                      'user' =>  'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local',
                                      #'filter' =>  '(uid=*)',
                                     #'filter' =>  '(&(ObjectCategory =
User)(ObjectClass=Person))',
                                      'filter' =>  '(&(ObjectCategory = User)',
                                      'd_filter' =>  '(userAccountControl=514)',
                                     #'d_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                      'tls' =>  0,
                                     #'ssl_version' =>  3,
                                      'net_ldap_args' =>  [version =>  3],
                                     #'group' =>'cn= ou=Users dc=server, dc=mcfc, dc=local',
                                     #'group_attr' =>  'member',
                                      'attr_match_list' =>  ['Name','Email Address'],
                                     #'attr_map' =>  {'Name' =>  'uid', 'EmailAddress' =>
'mail'}
                                      'attr_map' =>  {
                                                     'Name' =>  'sAMAaccountName',
                                                     'EmailAddress' =>  'mail',
                                                     'Organization' =>
'physicalDeliveryOfficeName',
                                                     'RealName' =>  'cn',
                                                     'ExternalAuthId'=>  'sAMAccountname',
                                                     'Gecos' =>  'sAMAccountName',
                                                     'WorkPhone' =>  'telephoneNumber',
                                                     'Address1' =>  'streetAddress',
                                                     'City' =>  '1',
                                                     'State' =>  'st',
                                                     'Zip' =>'postalCode',
                                                     'Country' =>  'co'
                                                    }

                                     }
}
);
1;

References

Visible links
1. file:///Users/falcone/tmp/ldap:/10.10.0.5:389
2. http://10.10.10.10:443/
3. http://www.mcfc.com/
4. mailto:rt-its@mcfc.com
5. mailto:rt-comment@mcfc.com

RT Training in Washington DC, USA on Oct 25& 26 2010
Last one this year – Learn how to get the most out of RT!

RT Training in Washington DC, USA on Oct 25& 26 2010
Last one this year – Learn how to get the most out of RT!

I specified the password this time.
But it still does not connect to LDAP even then.

Your servers are also different.

-kevin> On 9/29/2010 4:42 PM, Kevin Falcone wrote:

On Wed, Sep 29, 2010 at 03:24:43PM -0500, Ashrock wrote:

Hi,

I am trying to connect my AD to RT, to let users in AD access RT with their user names. I
tried configuring LDAP different ways, but it always returns cannot connect to LDAP, Invalid
Credentials.
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to 10.10.0.5:389

I assume the LDAP search was successful through this command.

LDAP Search:
ldapsearch -LLL -x -H [1][1]ldap://10.10.0.5:389 -b 'ou=IT, ou=Support, dc=mcfc, dc=local' -D
'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local' -w 'abc123!@#' '(&(ObjectClass=User)(CN= RT))'
<returned no errors>
Does that mean, the ldap search was successful?

Your ldapsearch command specified a password, your RT config does not

-kevin

My RT Site Config is below.
Do i have to use AutoCanonical for user to get connected to LDAP.

Where am i doing wrong. Please let me know if you may need some more files to know where am i
doing it wrong.

------------------------RT SITE CONFIG
---------------------------------------------------------------
Set($WebBaseURL,'[2][2]http://10.10.10.10:443'); Set($WebPath,'');
Set($DatabaseName, 'rt3'); Set($DatabaseType, 'mysql');
Set($DatbaseUser, 'rtuser'); Set($DatabasePassword, 'pass');
Set($rtname,'Ticket'); Set($Organization,[3][3]"http://www.mcfc.com");

#Set(@Plugins,(qw(Extension::QuickDelete)));
#Set(@Plguins,(qw(RT::FM)));
#Set($LogtoFileNamed, "rt.log");
#Set($LogtoFile, 'debug');

Set(@Plugins,qw(RT::Authen::ExternalAuth));
Set($CorrespondAddress, '[[4]4]rt-its@mcfc.com');
Set($CommentAddress, '[[5]5]rt-comment@mcfc.com');

@MailCommand , 'sendmail';
$SendMailArguments = "-oi -t";
$SendMailPath = "/usr/sbin/sendmail";
$SenderMustExistInExternalDatabase = undef;

#Set($MailCommand, 'sendmail');
#Set($SendMailArguments, "-bm --rt-its@mcfc.com");
#Set($SendmailPath, "/usr/sbin/exim4");

Set($NotifyActor, 1);
Set($RecordOutgoingEmail, 1);
Set($Timezone, 'US/Central');

$WebURL = $WebBaseURL . $WebPath . "/";

#Set($WebExternalAuth, 1);
#Set($WebFallbackToInternalAuth, true);
#Set($WebExternalAuto , 1);

Set ($ExternalAuthPriority, [ 'My_LDAP' ]);
Set ($ExternalInfoPriority, [ 'My_LDAP' ]);
Set ($ExternalServiceUsesSSLorTLS, 1);
Set ($AutoCreateNonExternalUsers, 1);
Set ($Autocreate, 'Privileged=>1');

Set($ExternalSettings, { 'My_LDAP' =>
                                     {
                                      'type' => 'ldap',
                                      'server' => '10.10.10.10:389',
                                      'user' => 'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local',
                                      #'filter' => '(uid=*)',
                                     #'filter' => '(&(ObjectCategory =
User)(ObjectClass=Person))',
                                      'filter' => '(&(ObjectCategory = User)',
                                      'd_filter' => '(userAccountControl=514)',
                                     #'d_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                      'tls' => 0,
                                     #'ssl_version' => 3,
                                      'net_ldap_args' => [version => 3],
                                     #'group' =>'cn= ou=Users dc=server, dc=mcfc, dc=local',
                                     #'group_attr' => 'member',
                                      'attr_match_list' => ['Name','Email Address'],
                                     #'attr_map' => {'Name' => 'uid', 'EmailAddress' =>
'mail'}
                                      'attr_map' => {
                                                     'Name' => 'sAMAaccountName',
                                                     'EmailAddress' => 'mail',
                                                     'Organization' =>
'physicalDeliveryOfficeName',
                                                     'RealName' => 'cn',
                                                     'ExternalAuthId'=> 'sAMAccountname',
                                                     'Gecos' => 'sAMAccountName',
                                                     'WorkPhone' => 'telephoneNumber',
                                                     'Address1' => 'streetAddress',
                                                     'City' => '1',
                                                     'State' => 'st',
                                                     'Zip' =>'postalCode',
                                                     'Country' => 'co'
                                                    }

                                     }
}
);
1;

References

Visible links
1. [6]file:///Users/falcone/tmp/ldap:/10.10.0.5:389
2. [7]http://10.10.10.10:443/
3. [8]http://www.mcfc.com/
4. [9]mailto:rt-its@mcfc.com
5. [10]mailto:rt-comment@mcfc.com

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year – Learn how to get the most out of RT!

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year – Learn how to get the most out of RT!

References

Visible links

  1. file:///Users/falcone/tmp/ldap:/10.10.0.5:389
  2. http://10.10.10.10:443/
  3. http://www.mcfc.com/
  4. mailto:4]rt-its@mcfc.com
  5. mailto:5]rt-comment@mcfc.com
  6. file:///Users/falcone/tmp/ldap:/10.10.0.5:389
  7. http://10.10.10.10:443/
  8. http://www.mcfc.com/
  9. mailto:rt-its@mcfc.com
  10. mailto:rt-comment@mcfc.com

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year – Learn how to get the most out of RT!

I just typed it different to copy paste in forums.
But i used the same server address while configuring.

Do you see any error in my RT Site Config.
is there somewhere else i can look for possible errors.On 9/29/2010 4:50 PM, Kevin Falcone wrote:

On Wed, Sep 29, 2010 at 04:48:55PM -0500, Ashrock wrote:

I specified the password this time.
But it still does not connect to LDAP even then.

Your servers are also different.

-kevin

On 9/29/2010 4:42 PM, Kevin Falcone wrote:

On Wed, Sep 29, 2010 at 03:24:43PM -0500, Ashrock wrote:

 Hi,

 I am trying to connect my AD to RT, to let users in AD access RT with their user names. I
 tried configuring LDAP different ways, but it always returns cannot connect to LDAP, Invalid
 Credentials.
 [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to 10.10.0.5:389

 I assume the LDAP search was successful through this command.

 LDAP Search:
 ldapsearch -LLL -x -H [1][1]ldap://10.10.0.5:389 -b 'ou=IT, ou=Support, dc=mcfc, dc=local' -D
 'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local' -w 'abc123!@#' '(&(ObjectClass=User)(CN= RT))'
 <returned no errors>
 Does that mean, the ldap search was successful?

Your ldapsearch command specified a password, your RT config does not

-kevin

 My RT Site Config is below.
 Do i have to use AutoCanonical for user to get connected to LDAP.

 Where am i doing wrong. Please let me know if you may need some more files to know where am i
 doing it wrong.

 ------------------------RT SITE CONFIG
 ---------------------------------------------------------------
 Set($WebBaseURL,'[2][2]http://10.10.10.10:443'); Set($WebPath,'');
 Set($DatabaseName, 'rt3'); Set($DatabaseType, 'mysql');
 Set($DatbaseUser, 'rtuser'); Set($DatabasePassword, 'pass');
 Set($rtname,'Ticket'); Set($Organization,[3][3]"http://www.mcfc.com");

 #Set(@Plugins,(qw(Extension::QuickDelete)));
 #Set(@Plguins,(qw(RT::FM)));
 #Set($LogtoFileNamed, "rt.log");
 #Set($LogtoFile, 'debug');

 Set(@Plugins,qw(RT::Authen::ExternalAuth));
 Set($CorrespondAddress, '[[4]4]rt-its@mcfc.com');
 Set($CommentAddress, '[[5]5]rt-comment@mcfc.com');

 @MailCommand , 'sendmail';
 $SendMailArguments = "-oi -t";
 $SendMailPath = "/usr/sbin/sendmail";
 $SenderMustExistInExternalDatabase = undef;

 #Set($MailCommand, 'sendmail');
 #Set($SendMailArguments, "-bm --rt-its@mcfc.com");
 #Set($SendmailPath, "/usr/sbin/exim4");

 Set($NotifyActor, 1);
 Set($RecordOutgoingEmail, 1);
 Set($Timezone, 'US/Central');

 $WebURL = $WebBaseURL . $WebPath . "/";

 #Set($WebExternalAuth, 1);
 #Set($WebFallbackToInternalAuth, true);
 #Set($WebExternalAuto , 1);

 Set ($ExternalAuthPriority, [ 'My_LDAP' ]);
 Set ($ExternalInfoPriority, [ 'My_LDAP' ]);
 Set ($ExternalServiceUsesSSLorTLS, 1);
 Set ($AutoCreateNonExternalUsers, 1);
 Set ($Autocreate, 'Privileged=>1');

 Set($ExternalSettings, { 'My_LDAP' =>
                                      {
                                       'type' =>  'ldap',
                                       'server' =>  '10.10.10.10:389',
                                       'user' =>  'cn=RT, ou=IT, ou=Support, dc=mcfc, dc=local',
                                       #'filter' =>  '(uid=*)',
                                      #'filter' =>  '(&(ObjectCategory =
 User)(ObjectClass=Person))',
                                       'filter' =>  '(&(ObjectCategory = User)',
                                       'd_filter' =>  '(userAccountControl=514)',
                                      #'d_filter' =>
 '(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                       'tls' =>  0,
                                      #'ssl_version' =>  3,
                                       'net_ldap_args' =>  [version =>  3],
                                      #'group' =>'cn= ou=Users dc=server, dc=mcfc, dc=local',
                                      #'group_attr' =>  'member',
                                       'attr_match_list' =>  ['Name','Email Address'],
                                      #'attr_map' =>  {'Name' =>  'uid', 'EmailAddress' =>
 'mail'}
                                       'attr_map' =>  {
                                                      'Name' =>  'sAMAaccountName',
                                                      'EmailAddress' =>  'mail',
                                                      'Organization' =>
 'physicalDeliveryOfficeName',
                                                      'RealName' =>  'cn',
                                                      'ExternalAuthId'=>  'sAMAccountname',
                                                      'Gecos' =>  'sAMAccountName',
                                                      'WorkPhone' =>  'telephoneNumber',
                                                      'Address1' =>  'streetAddress',
                                                      'City' =>  '1',
                                                      'State' =>  'st',
                                                      'Zip' =>'postalCode',
                                                      'Country' =>  'co'
                                                     }

                                      }
 }
 );
 1;

References

 Visible links
 1. [6]file:///Users/falcone/tmp/ldap:/10.10.0.5:389
 2. [7]http://10.10.10.10:443/
 3. [8]http://www.mcfc.com/
 4. [9]mailto:rt-its@mcfc.com
 5. [10]mailto:rt-comment@mcfc.com

RT Training in Washington DC, USA on Oct 25& 26 2010
Last one this year – Learn how to get the most out of RT!

RT Training in Washington DC, USA on Oct 25& 26 2010
Last one this year – Learn how to get the most out of RT!

References

Visible links
1. file:///Users/falcone/tmp/ldap:/10.10.0.5:389
2. http://10.10.10.10:443/
3. http://www.mcfc.com/
4. mailto:4]rt-its@mcfc.com
5. mailto:5]rt-comment@mcfc.com
6. file:///Users/falcone/tmp/ldap:/10.10.0.5:389
7. http://10.10.10.10:443/
8. http://www.mcfc.com/
9. mailto:rt-its@mcfc.com
  1. mailto:rt-comment@mcfc.com
    RT Training in Washington DC, USA on Oct 25& 26 2010
    Last one this year – Learn how to get the most out of RT!

RT Training in Washington DC, USA on Oct 25& 26 2010
Last one this year – Learn how to get the most out of RT!