Debug LDAP integration on RT 4.4.1

Hi all,

I’m trying to configure LDAP integration. How do I go about testing it? If I search for users, I only get local ones returned. I’ve set up my RT_SiteConfig.d entries, and enabled debug for logging, but I’m not seeing anything pertaining to LDAP. How/where do I find some debugging info to point me at how to test authentication?



After a little digging, I stumbled across a post that says
Set($ExternalAuth, 1);
is required. I enabled it, and now I have some debug info to chew on.

I was able to get things working! Hints that others may find helpful. In my

  • Set($ExternalAuth, 1); # Enable external authentication.
  • Set($LogToFile, ‘debug’); # Verbose logging while you troubleshoot!

for Set($ExternalSettings…)

  • ‘group’ and ‘user’ should be entered via their fully distinguished names, e.g. ‘CN=rt_service,OU=anOU,DC=example,DC=com’

  • If you want to determine group membership, look at the attribute that defines this, e.g, “member.” So if you want to restrict user lookups to members of a certain group, the ‘group’ would point to the distinguished name the group, and ‘group_attr’ would point to, in the case of my Active Directory, an attribute called ‘member.’

  • I also wanted to make sure we left out disabled users, so for the ‘d_filter’ I used ‘(UserAccountControl=514’)’ and for ‘filter’ I used ‘(Objectclass=user)’

Hopefully this may be useful for someone else doing LDAP.


Thank you for posting your working config!

In RT 4.4.0, Set($ExternalAuth, 1); was required. But in 4.4.1, you shouldn’t need it since ExternalSettings suggests you want ExternalAuth. In the interest of finding the best config could you try removing it to see if it still works?

Yup, it is indeed working without that option now, so I must have changed
something else to get it to work and not realized this.

1 Like