LDAP woes

I am trying to get the LDAP overlay working so I can get RT users
authenticating against our windows AD server and I’ve been having a few
problems, and I have a ton of questions.

Firstly, If an account does not exist in RT, it doesn’t even seem to
query LDAP. Do accounts need to be created in both? I would like to only
have account information in LDAP, is that possible?

I was seeing the same error that someone had posted about before,
referred to in the bottom of the message of the following post:

http://marc.free.net.ph/message/20040303.190901.a2d55cc6.html - this was
related to DBIx::SearchBuilder I believe. I upgraded it last night to
the latest one and I’m no longer seeing those error messages. This would
occur when an account existed in RT, and it tried the LDAP
authentication, I would get that error, and if I hit refresh, regardless
of wether or not if I put in the right password for the account, I would
be taken to the main RT page for our site.

Now what is happening is if I try to authenticate using the password I
have in the ActiveDirectory, it fails. If I try my local password first,
it doesn’t even query the LDAP server, and I am able to login fine.

People with no local accounts in RT, but just in the AD, are also not
able to login at all.

Any ideas?

Michael J. Freeman

NETCO Government Services