LDAP and user info

RT Users
1

Hi, I have an instance of RT 3.4.6 running nicely, thank you, that serves as our internal Helpdesk. I use LDAP to authenticate users, and I’m having a problem with some users. I think these users were created before I got the LDAP mods installed.

So, these users can’t login to RT using their network credentials. If I set a password for them, they can get in fine. How do I tweak RT to make it authenticate these users with LDAP instead? (Other users can login fine using their network id / password.)

Or, maybe I’m on the wrong track… Other suggestions also welcomed.

Thanks, Mike

The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify Stonebridge Bank immediately by replying to this message and deleting it from your computer.

2

I think I had to set my pre-existing user’s passwords to NO-PASSWORD
before their network credentials would work. I did it in psql instead
of the web interface. Hope it helps.

Les

Les Driggers :black_small_square: Manager, Corporate IT
T 662/236-8200 :black_small_square: F 662/236-2037 :black_small_square: ldriggers@fncinc.com
FNC Inc. :black_small_square: 1214 Office Park Drive :black_small_square: Oxford, MS 38655
www.fncinc.com

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf
Of Michael James
Sent: Friday, March 23, 2007 6:12 PM
To: RT Users <rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP and user info

Hi, I have an instance of RT 3.4.6 running nicely, thank you,
that serves as our internal Helpdesk. I use LDAP to
authenticate users, and I’m having a problem with some users.
I think these users were created before I got the LDAP mods installed.

So, these users can’t login to RT using their network
credentials. If I set a password for them, they can get in
fine. How do I tweak RT to make it authenticate these users
with LDAP instead? (Other users can login fine using their
network id / password.)

Or, maybe I’m on the wrong track… Other suggestions also welcomed.

Thanks, Mike

The information in this message may be proprietary and/or
confidential, and protected from disclosure. If the reader of
this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly
prohibited. If you have received this communication in error,
please notify Stonebridge Bank immediately by replying to
this message and deleting it from your computer.

The rt-users Archives

Community help: http://wiki.bestpractical.com Commercial
support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Confidentiality Notice: This message is for the sole use of the intended recipient(s).
It may contain confidential or proprietary information and may be subject to the
attorney-client privilege or other confidentiality protections. If this message was
misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any
confidentiality, privilege, or trade secrets. If you are not a designated recipient,
you may not review, print, copy, retransmit, disseminate, or otherwise use this message.
If you have received this message in error, please notify the sender by reply e-mail
and delete this message.

3

I did track down the LDAP problem, and it didn’t have anything specifically to do with RT.

We use Novell eDirectory here. Some of our older accounts were apparently created with NWADMIN, which does not create a UID for those users. Following the instructions on the wiki (Request Tracker Wiki ) I had set the attribute ‘Name’ = ‘uid’ and it worked for 95% of the users. Turns out that a few users did not have uid’s defined in their LDAP accounts.

Fixed their LDAP accounts, and now everything is cool. Thanks for your help!

As far as logging on with LDAP or password, see the above wiki page.
Line 2 of the code there says:

What auth methods do you like and in what order?

Set($AuthMethods, [‘LDAP’, ‘Internal’]);

So, users with internal RT passwords can still get in.

Thanks, Mike

The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify Stonebridge Bank immediately by replying to this message and deleting it from your computer.

“Scott Golby” sgolby@freshdirect.com 3/26/2007 12:27 PM >>>

Hi, I have an instance of RT 3.4.6 running nicely, thank you, that
serves
as our internal Helpdesk. I use LDAP to authenticate users, and I’m
having
a problem with some users. I think these users were created before I
got
the LDAP mods installed.

We have almost the opposite here, accounts created before the LDAP was
installed can login with either their LDAP password or their old RT
password. It does a fall through, you can see it in the logs, I did a
quick look and I don’t spot a config which turns that on or off.

One issue I came up against with the LDAP / Email causing account
creation was userids would get created as username@emailaddress.com,
where our Active Directory server would only allow ‘username’. I wrote
a little cleaner script to go into the Database and strip the
@emailaddress.com out of the name.users table.

Doesn’t sound like your exact problem, but maybe your LDAP wants those
user-id’s in Format A. and your historical pre-LDAP accounts are in
Format B. and what is actually happening is they are falling through to
the RT password (which you mention you set) and that’s how they get in ?

Turning the debug on gives quite a lot of useful info
Set($LogToFile , ‘debug’);

Good luck.

Scott