LDAP & Mac OS X Server OD

RT Users
1

Hello All,

Brand new to RT here.

Background:

Installed on Ubuntu 10.04 server and need to authenticate to the OD running on a OS X 10.6.8 server. We currently have the users log into the Ubuntu box via thin clients (LTSP) and utilize kerberos tickets (PAM SASL) from the OD machine. Yet it seems even the simplest of configs breaks RT.

I’ve installed the RT::Authen::ExternalAuth plugin and have done a very basic config.

Issue No. 1

Adding Set($LogToFile , ‘debug’); to RT_SiteConfig.pm breaks RT. Zero response in the web gui and nothing (RT) gets logged in /var/log/syslog or /var/log/messages after restart of the web server.

Issue No. 2

I can’t begin to debug the setup w/o debug turned on! (okay, very obvious I know.)
For what it’s worth, here is the initial error in the log (std out):
RT: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:495)

Desired Outcome

To enable users to authenticate against the existing O.D. install with their existing i.d. and pass along with avoiding the additional administrative burden of managing multiple user accounts for access to RT.

Relavant bits from the Plugin .pm:

Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);
Set($ExternalInfoPriority, [‘My_LDAP’]);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

‘My_LDAP’ => { ## GENERIC SECTION
‘type’ => ‘ldap’,
‘server’ => ‘s1-osx.domain.org’,
‘user’ => ‘admin’,
‘pass’ => ‘xxxxx’,
‘base’ => ‘dc=s1-osx,dc=domain,dc=org’,
‘tls’ => 0,
‘net_ldap_args’ => [ version => 3 ],
‘group’ => ‘cn=admins,ou=Admins,dc=domain,dc=org’,
‘group_scope’ => ‘base’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
# The mapping of RT attributes on to LDAP attributes
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
},
1;

… And the main RT_SiteConfig.pm

Set( $rtname, ‘domain.org’);
Set( $WebDomain, ‘rt.domain.org’);

Set(@Plugins,(qw(RT::Extension::QuickDelete RT::Extension::CommandByMail)));
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
require “/opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm”;

Set( $DatabaseType, ‘mysql’);

Set( $DatabaseHost, ‘’);
Set( $DatabaseUser, ‘’);
Set( $DatabasePassword, ‘xxxx’);
Set( $DatabaseName, ‘requesttracker’);

1;

2

Installed on Ubuntu 10.04 server and need to authenticate to the OD
running on a OS X 10.6.8 server. We currently have the users log into
the Ubuntu box via thin clients (LTSP) and utilize kerberos tickets
(PAM SASL) from the OD machine. Yet it seems even the simplest of
configs breaks RT.

I’ve installed the RT::Authen::ExternalAuth plugin and have done a very basic config.

Adding Set($LogToFile , ‘debug’); to RT_SiteConfig.pm breaks RT. Zero
response in the web gui and nothing (RT) gets logged in
/var/log/syslog or /var/log/messages after restart of the web server.

Does the default of /opt/rt4/var/log/rt.log exist and is the file
writable? Depending on your apache configuration, RT’s complaint
about writing to that file may be eaten.

Try just logging to $LogToScreen instead so that it ends up in the
normal apache logs.

RT: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:495)

This implies your server probably doesn’t like

                                                   'user' => 'admin',
                                                   'pass' => 'xxxxx',

This format for username.

You may need to use a full DN format, depends on the server. You can
test with a tiny Net::LDAP script or the command line ldapsearch
program.

-kevin