LDAP (AD) supported?

RT Users
1

Hello,

Does RT support AD?

Michael

2

Does RT support AD?

http://www.mosemann.com/software/LDAPSMB1.2_RT3.tar.gz

Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
“In order for some things to succeed, you have to be able to fake
sincerity.” - a friend

3

Hello,

I downloaded the LDAPSMB1.2_RT3 package and installed everything.
However, I am having problems connecting to AD…I keep getting “Logon
failed”

Here is my config…the config has been sanitized…

Set($HomeRefreshPeriod, “300”);
Set($TicketsRefreshPeriod, “300”);
@AuthOrder = (“LDAP”, “Web”, “Internal”);
$LDAPExternalAuto = 1;
$LDAPDeferToInternalAuth = undef;
$LdapServer=“servername.domain.com”; (Real name has been removed)
$LdapCert= “”;
$LdapCertDir= “”;
$LdapUser=“CN=my-account-name,OU=PGIC Users,DC=domain,DC=com”;
$LdapPass=“my-password”;

The following attributes specify where the search should start in

the tree, the attributes to use and the filter to apply to the

search.

$LdapBase=“DC=domain,DC=com”; # search base
$LdapUidAttr=“SAMAccountName”; # attribute for RT user name
$LdapFilter=“(objectclass=*)”; # filter LDAP entries (e.g., only
people)
$LdapMap = { # map LDAP attributes to RT3

‘RT user paramater’ => ‘LDAP entry’,

'Name'                => $RT::LdapUidAttr,
'EmailAddress'        => 'mail',
'RealName'            => 'cn',

};

SMB Authentication

$SMBExternalAuto = 1;
$SMBDeferToInternalAuth = 1;
@SmbDomains = ([“domain1”, “pdc1”, “bdc1”],
[“domain2”, “pdc2”, “bdc2”],
[“domain3”, “pdc3”, “bdc3”]
);

The rest was the original config before adding support

for LDAP.On Mon, 18 Apr 2005, Michael Pelletier wrote:

Does RT support AD?

http://www.mosemann.com/software/LDAPSMB1.2_RT3.tar.gz

Russell Mosemann, Ph.D. * Computing Services * Concordia University,
Nebraska
“In order for some things to succeed, you have to be able to fake
sincerity.” - a friend

4

Let me test it. This is a pre production box so I have used simple user
names (ie on RT my account is Michael in AD my account is
michael.pelletier) I will test it…give me a minute…

MichaelFrom: Kevin Sonney [mailto:KevinSonney@zumiez.com]
Sent: Wednesday, April 20, 2005 4:36 PM
To: Michael Pelletier; rt-users@lists.bestpractical.com
Subject: RE: [rt-users] RE: LDAP (AD) supported?

I just installed this also but RT is only authenticating users with LDAP
that already have RT user accounts. I’m getting a Login Failed for
Active Directory users without an RT account. Are you seeing the same
behavior?

Thanks,

Kevin Sonney

From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Michael
Pelletier
Sent: Wednesday, April 20, 2005 3:29 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] RE: LDAP (AD) supported?

Hello,

I downloaded the LDAPSMB1.2_RT3 package and installed everything.
However, I am having problems connecting to AD…I keep getting “Logon
failed”

Here is my config…the config has been sanitized…

Set($HomeRefreshPeriod, “300”);
Set($TicketsRefreshPeriod, “300”);
@AuthOrder = (“LDAP”, “Web”, “Internal”);
$LDAPExternalAuto = 1;
$LDAPDeferToInternalAuth = undef;
$LdapServer=“servername.domain.com”; (Real name has been removed)
$LdapCert= “”;
$LdapCertDir= “”;
$LdapUser=“CN=my-account-name,OU=PGIC Users,DC=domain,DC=com”;
$LdapPass=“my-password”;

The following attributes specify where the search should start in

the tree, the attributes to use and the filter to apply to the

search.

$LdapBase=“DC=domain,DC=com”; # search base
$LdapUidAttr=“SAMAccountName”; # attribute for RT user name
$LdapFilter=“(objectclass=*)”; # filter LDAP entries (e.g., only
people)
$LdapMap = { # map LDAP attributes to RT3

‘RT user paramater’ => ‘LDAP entry’,

'Name'                => $RT::LdapUidAttr,
'EmailAddress'        => 'mail',
'RealName'            => 'cn',

};

SMB Authentication

$SMBExternalAuto = 1;
$SMBDeferToInternalAuth = 1;
@SmbDomains = ([“domain1”, “pdc1”, “bdc1”],
[“domain2”, “pdc2”, “bdc2”],
[“domain3”, “pdc3”, “bdc3”]
);

The rest was the original config before adding support

for LDAP.

5

YES…This is the same situation…From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Michael
Pelletier
Sent: Wednesday, April 20, 2005 4:37 PM
To: Kevin Sonney; rt-users@lists.bestpractical.com
Subject: RE: [rt-users] RE: LDAP (AD) supported?

Let me test it. This is a pre production box so I have used simple user
names (ie on RT my account is Michael in AD my account is
michael.pelletier) I will test it…give me a minute…

Michael

From: Kevin Sonney [mailto:KevinSonney@zumiez.com]
Sent: Wednesday, April 20, 2005 4:36 PM
To: Michael Pelletier; rt-users@lists.bestpractical.com
Subject: RE: [rt-users] RE: LDAP (AD) supported?

I just installed this also but RT is only authenticating users with LDAP
that already have RT user accounts. I’m getting a Login Failed for
Active Directory users without an RT account. Are you seeing the same
behavior?

Thanks,

Kevin Sonney

From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Michael
Pelletier
Sent: Wednesday, April 20, 2005 3:29 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] RE: LDAP (AD) supported?

Hello,

I downloaded the LDAPSMB1.2_RT3 package and installed everything.
However, I am having problems connecting to AD…I keep getting “Logon
failed”

Here is my config…the config has been sanitized…

Set($HomeRefreshPeriod, “300”);
Set($TicketsRefreshPeriod, “300”);
@AuthOrder = (“LDAP”, “Web”, “Internal”);
$LDAPExternalAuto = 1;
$LDAPDeferToInternalAuth = undef;
$LdapServer=“servername.domain.com”; (Real name has been removed)
$LdapCert= “”;
$LdapCertDir= “”;
$LdapUser=“CN=my-account-name,OU=PGIC Users,DC=domain,DC=com”;
$LdapPass=“my-password”;

The following attributes specify where the search should start in

the tree, the attributes to use and the filter to apply to the

search.

$LdapBase=“DC=domain,DC=com”; # search base
$LdapUidAttr=“SAMAccountName”; # attribute for RT user name
$LdapFilter=“(objectclass=*)”; # filter LDAP entries (e.g., only
people)
$LdapMap = { # map LDAP attributes to RT3

‘RT user paramater’ => ‘LDAP entry’,

'Name'                => $RT::LdapUidAttr,
'EmailAddress'        => 'mail',
'RealName'            => 'cn',

};

SMB Authentication

$SMBExternalAuto = 1;
$SMBDeferToInternalAuth = 1;
@SmbDomains = ([“domain1”, “pdc1”, “bdc1”],
[“domain2”, “pdc2”, “bdc2”],
[“domain3”, “pdc3”, “bdc3”]
);

The rest was the original config before adding support

for LDAP.

6

I downloaded the LDAPSMB1.2_RT3 package and installed everything.
However, I am having problems connecting to AD…I keep getting “Logon
failed”

Have you tried the parameters by hand to make sure that they work?

$LdapServer=“servername.domain.com”; (Real name has been removed)
$LdapUser=“CN=my-account-name,OU=PGIC Users,DC=domain,DC=com”;
$LdapPass=“my-password”;
$LdapBase=“DC=domain,DC=com”; # search base
$LdapUidAttr=“SAMAccountName”; # attribute for RT user name
$LdapFilter=“(objectclass=*)”; # filter LDAP entries (e.g., only

ldapsearch -D “CN=my-account-name,OU=PGIC Users,DC=domain,DC=com” -w my-password -b “DC=domain,DC=com” “(&(objectclass=*)(SAMAccountName=some-username)”

$LdapMap = { # map LDAP attributes to RT3

‘RT user paramater’ => ‘LDAP entry’,

'Name'                => $RT::LdapUidAttr,
'EmailAddress'        => 'mail',
'RealName'            => 'cn',

};

The LDAP fields mail and cn exist?

Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
“Spit happens” - seen on a bib

7

ldapsearch -D “CN=my-account-name,OU=PGIC Users,DC=domain,DC=com” -w my-password -b “DC=domain,DC=com” “(&(objectclass=*)(SAMAccountName=some-username)”

Ugh. Missing a closing ).

ldapsearch -D “CN=my-account-name,OU=PGIC Users,DC=domain,DC=com” -w my-password -b “DC=domain,DC=com” “(&(objectclass=*)(SAMAccountName=some-username))”

Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
“Does a psychic’s phone ever ring?”

8

It was a bad cut-n-paste job…-----Original Message-----
From: Russell Mosemann [mailto:mose@ns.cune.edu]
Sent: Thursday, April 21, 2005 6:11 AM
To: Michael Pelletier
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RE: LDAP (AD) supported?

On Thu, 21 Apr 2005, Russell Mosemann wrote:

ldapsearch -D “CN=my-account-name,OU=PGIC Users,DC=domain,DC=com” -w
my-password -b “DC=domain,DC=com”
“(&(objectclass=*)(SAMAccountName=some-username)”

Ugh. Missing a closing ).

ldapsearch -D “CN=my-account-name,OU=PGIC Users,DC=domain,DC=com” -w
my-password -b “DC=domain,DC=com”
“(&(objectclass=*)(SAMAccountName=some-username))”

Russell Mosemann, Ph.D. * Computing Services * Concordia University,
Nebraska
“Does a psychic’s phone ever ring?”