I am unable to use LDAP

Hello,

I have had some problem getting LDAP to work on my version of RT. I am running RT version 3.8.2 and the version of RT::Authen::ExternalAuth I installed via CPAN is 0.08. RT is installed on a CentOS 5.1 OS. I tried using some examples from a Google search to try and modify RT_SiteConfig.pm, but when I try to log into the RT Webpage (with an LDAP user), it fails. Beforehand, I did create the user as a “user” in RT, but left the password blank. Should I set a user up in RT first before trying to log the user into RT? Here is an example of my RT_SiteConfig.pm settings. Everytime I try to log in with an LDAP user, I get “Your username or password is incorrect.” Can I setup a log file to track this as well? Please help and thank you for any assistance.

Any configuration directives you include here will override

RT’s default configuration file, RT_Config.pm

To include a directive here, just copy the equivalent statement

from RT_Config.pm and change the value. We’ve included a single

sample value below.

This file is actually a perl module, so you can include valid

perl code, as well.

The converse is also true, if this file isn’t valid perl, you’re

going to run into trouble. To check your SiteConfig file, use

this comamnd:

perl -c /path/to/your/etc/RT_SiteConfig.pm

Set( $rtname, ‘example.com’);

Set(@Plugins,(qw(Extension::QuickDelete)));

Set($WebPath, “/rt3”);

Set($rtname, “broadvox.local”);
Set($Organization, ‘broadvox.local’);

Set($CorrespondAddress, ‘echatham@broadvox.net’);

Set($CommentAddress, ‘echatham@infotelecom.us’);

Set($Timezone, ‘US/Eastern’);

Set($WebBaseURL, ‘http://rt.broadvox.local/’);

Set(@Plugins,(qw(RT::Authen::ExternalAuth)));

Debugging

Set($LogToSyslog, ‘info’);
Set($LogStackTraces, ‘debug’);

Database

Set($DatabaseType, ‘mysql’);

Set($DatabaseUser, ‘rt_user’);

Set($DatabasePassword, ‘rt_pass’);

Set($DatabaseRTHost, ‘localhost’);

External Authentication

Set($ExternalAuthPriority, [‘My_LDAP’]);

LDAP

Set($ExternalSettings, {‘My_LDAP’ => {‘type’ => ‘ldap’,
‘auth’ => 1,
‘info’ => 1,
‘server’ => ‘clehbdc01.broadvox.local’,
‘user’ => ‘secmanager’,
‘pass’ => ‘’,
‘port’ => ‘389’,
‘base’ => ‘ou=USA,dc=broadvox,dc=local’,
‘filter’ => ‘(objectclass=user)’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
‘WorkPhone’,
‘Address2’
],
‘attr_map’ => {‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Orginazation’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthID’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’}
}
});
1;

Eric Chatham
MIS Department
Phone: (216) 373-4683
Fax: (216) 373-4669
echatham@broadvox.com
[cid:image001.gif@01CA04A9.1E0D6960]

CONFIDENTIAL. This e-mail and any attached files are confidential and should be destroyed and/or returned if you are not the intended and proper recipient.

Eric,

I’ll work off line with you. I have just finished setting mine up and we are using the same version of RT (3.8.2).

Kevin W. Gagel
Network Administrator
Local 5448
My blog:
http://mail.cnc.bc.ca/blogs/gagel
My shared files:
http://mail.cnc.bc.ca/users/gagel--- Original message —
Subject: [rt-users] I am unable to use LDAP
From: Eric Chatham echatham@broadvox.com
To: rt-users@lists.bestpractical.com rt-users@lists.bestpractical.com
Date: 07/14/2009 2:47 PM

Hello,

I have had some problem getting LDAP to work on my version of RT. I am running RT version 3.8.2 and the version of RT::Authen::ExternalAuth I installed via CPAN is 0.08. RT is installed on a CentOS 5.1 OS. I tried using some examples from a Google search to try and modify RT_SiteConfig.pm, but when I try to log into the RT Webpage (with an LDAP user), it fails. Beforehand, I did create the user as a “user” in RT, but left the password blank. Should I set a user up in RT first before trying to log the user into RT? Here is an example of my RT_SiteConfig.pm settings. Everytime I try to log in with an LDAP user, I get “Your username or password is incorrect.” Can I setup a log file to track this as well? Please help and thank you for any assistance.

Any configuration directives you include here will override

RT’s default configuration file, RT_Config.pm

To include a directive here, just copy the equivalent statement

from RT_Config.pm and change the value. We’ve included a single

sample value below.

This file is actually a perl module, so you can include valid

perl code, as well.

The converse is also true, if this file isn’t valid perl, you’re

going to run into trouble. To check your SiteConfig file, use

this comamnd:

perl -c /path/to/your/etc/RT_SiteConfig.pm

Set( $rtname, ‘example.com’);

Set(@Plugins,(qw(Extension::QuickDelete)));

Set($WebPath, “/rt3”);

Set($rtname, “broadvox.local”);
Set($Organization, ‘broadvox.local’);

Set($CorrespondAddress, ‘echatham@broadvox.net’);

Set($CommentAddress, ‘echatham@infotelecom.us’);

Set($Timezone, ‘US/Eastern’);

Set($WebBaseURL, ‘http://rt.broadvox.local/’);

Set(@Plugins,(qw(RT::Authen::ExternalAuth)));

Debugging

Set($LogToSyslog, ‘info’);
Set($LogStackTraces, ‘debug’);

Database

Set($DatabaseType, ‘mysql’);

Set($DatabaseUser, ‘rt_user’);

Set($DatabasePassword, ‘rt_pass’);

Set($DatabaseRTHost, ‘localhost’);

External Authentication

Set($ExternalAuthPriority, [‘My_LDAP’]);

LDAP

Set($ExternalSettings, {‘My_LDAP’ => {‘type’ => ‘ldap’,
‘auth’ => 1,
‘info’ => 1,
‘server’ => ‘clehbdc01.broadvox.local’,
‘user’ => ‘secmanager’,
‘pass’ => ‘’,
‘port’ => ‘389’,
‘base’ => ‘ou=USA,dc=broadvox,dc=local’,
‘filter’ => ‘(objectclass=user)’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
‘WorkPhone’,
‘Address2’
],
‘attr_map’ => {‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Orginazation’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthID’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’}
}
});
1;

Eric Chatham
MIS Department
Phone: (216) 373-4683
Fax: (216) 373-4669
echatham@broadvox.com

CONFIDENTIAL. This e-mail and any attached files are confidential and should be destroyed and/or returned if you are not the intended and proper recipient.

Hello,

I have had some problem getting LDAP to work on my version of RT. I am
running RT version 3.8.2 and the version of RT::Authen::ExternalAuth I
installed via CPAN is 0.08. RT is installed on a CentOS 5.1 OS. I tried
using some examples from a Google search to try and modify RT_SiteConfig.pm,
but when I try to log into the RT Webpage (with an LDAP user), it fails.
Beforehand, I did create the user as a ³user² in RT, but left the password
blank. Should I set a user up in RT first before trying to log the user into
RT? Here is an example of my RT_SiteConfig.pm settings. Everytime I try to
log in with an LDAP user, I get ³Your username or password is incorrect.² Can
I setup a log file to track this as well? Please help and thank you for any
assistance.
[snip config]

Are you using OpenLDAP, or Active Directory? The configuration you have is
for AD and won’t work for OpenLDAP.

Also, if you have to bind for the directory access, you need to put in the
complete Distinguished Name for it, eg:

CN=secmanager,OU=USA,DC=broadvox,DC=local

Gary L. Greene, Jr.
IT Operations
Minerva Networks, Inc.
Cell: (650) 704-6633
Phone: (408) 240-1239

Tue 14 Jul 2009 23:01:28 GMT
Gary Greene wrote:> On 7/14/09 2:41 PM, “Eric Chatham” echatham@broadvox.com wrote:

Hello,

I have had some problem getting LDAP to work on my version of RT. I am
running RT version 3.8.2 and the version of RT::Authen::ExternalAuth I
installed via CPAN is 0.08. RT is installed on a CentOS 5.1 OS. I tried
using some examples from a Google search to try and modify RT_SiteConfig.pm,
but when I try to log into the RT Webpage (with an LDAP user), it fails.
Beforehand, I did create the user as a �user� in RT, but left the password
blank. Should I set a user up in RT first before trying to log the user into
RT? Here is an example of my RT_SiteConfig.pm settings. Everytime I try to
log in with an LDAP user, I get �Your username or password is incorrect.� Can
I setup a log file to track this as well? Please help and thank you for any
assistance.
[snip config]

Are you using OpenLDAP, or Active Directory? The configuration you have is
for AD and won’t work for OpenLDAP.

Also, if you have to bind for the directory access, you need to put in the
complete Distinguished Name for it, eg:

CN=secmanager,OU=USA,DC=broadvox,DC=local

Further to the above, you should set LogToFile, LogToFileNamed, turn off
LogStackTraces and set normal logging level to debug… then you can
actually watch what’s going on.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com