LDAP Integration in RT


I’m having some LDAP woes with RT. I’ve followed the instructions from

  • New Installs - This is a new installation of rt-3.6.3

Here are the instructions I’ve followed:

Installation is very straightforward if you haven’t installed any
previous LDAP auth/info implementations and don’t currently have a

  1. Copy the code from LdapUserLocalOverlay
    http://wiki.bestpractical.com/index.cgi?LdapUserLocalOverlay into
    ${RTHOME}/local/lib/RT/User_Local.pm (if it doesn’t exist, create it)

  2. Copy the config settings from LdapSiteConfigSettings
    http://wiki.bestpractical.com/index.cgi?LdapSiteConfigSettings into
    ${RTHOME}/etc/RT_SiteConfig.pm (I’d put it at the end, but it shouldn’t

  3. Customize the configuration settings; pay careful attention to
    LdapAttrMap http://wiki.bestpractical.com/index.cgi?LdapAttrMap, which
    is a hash reference to map RT’s attributes to the appropriate fields of
    your LDAP schema. It’s very unlikely that the LdapAttrMap
    http://wiki.bestpractical.com/index.cgi?LdapAttrMap shown in
    http://wiki.bestpractical.com/index.cgi?LdapSiteConfigSettings will
    work for you without customization! In particular, ActiveDirectory
    http://wiki.bestpractical.com/index.cgi?ActiveDirectory users should

Name => ‘sAMAccountName’

If your LDAP server does not allow anonymous binding, $LdapUser
http://wiki.bestpractical.com/index.cgi?LdapUser and $LdapPass
http://wiki.bestpractical.com/index.cgi?LdapPass should be set to the
appropriate DN and password for intial connection.

  1. Optionally, copy the code from LdapAutocreateAuthCallback
    into ${RTHOME}/local/html/Callbacks/LDAP/autohandler/Auth (most likely
    this doesn’t exist, so create it)

  2. If you haven’t already done so, you will need to install the Perl
    Net::LDAP module from CPAN. ( perl -MCPAN -eshell ; install Net::LDAP ).

  3. Stop your RT instance (e.g., /sbin/service httpd stop ) and
    http://wiki.bestpractical.com/index.cgi?CleanMasonCache then start the
    web server back up.

Here’s what I’ve done, so far:

I’ve installed Net::LDAP module, set the $AuthMethod for LDAP only -
Internal is disabled. Existing internal users still authenticate.
Added the relevant pieces to /opt/rt3/etc/RT_SiteConfig.pm for LDAP
support from Request Tracker Wiki
Configured the parameters for $LdapServer, $LdapBase, $LdapFilter
Enabled debugging (aware of the passwords getting logged - using a test
account), but that only tells me that it didn’t work. Any way to set
this for more output?
Copied User_Local.pm into /opt/rt3/local/lib
Stopped and restarted Apache after making changes and cleared the
/opt/rt3/var/mason_data/obj/*, as needed.

Sample from rt.log contains:

[Thu Apr 26 22:12:23 2007] [error]: FAILED LOGIN for jsamples from

I can’t see anything from the RT side or the LDAP side;
/var/log/ldap.log shows nothing out of the ordinary; they’re not even
talking to each other from what I can tell.

Relevant software

Web server: Apache 2.0.54
RT version: 3.6.3
Perl version: 5.8.7
OS: Linux
LDAP: OpenLDAP 2.2.28

I’ve been through some of the archives (it’s late in the day), but
haven’t had any luck. Any help or advice is greatly appreciated!

Best regards,
Randy Thompson