Problem with LDAP Overlay script

For a school project, we are to install RT3 on a RHEL3 server. That’s all fine and well, we have that up. The next step is to get it to authenticate to the iPlanet LDAP server.

We are using the LDAP overlay script (found in the contrib section of best practical) and cannot get it to work correctly. We fill out the information in RT_SiteConfig.pm as follows:

$LDAPExternalAuth = 1; # will enable LDAP-Auth
#$LDAPInternalAuthRequired = 0; # will require internal password
# in preference to LDAP-Auth
#$LDAPExternalAuto = 1; # will create accounts “on the fly”
$LdapServer=“999datdsr004.ittesi.com”; # LDAP server for authentication
#$LdapCert= “”; # enables TLS, name is checked instead
# of the server name
#$LdapCertDir= “”; # enables TLS, will check server name
# and certificate vs. CA chain from dir
$LdapUser=“uid=testrt,ou=People,dc=app,dc=ittesi,dc=com”; # user name for binding
$LdapPass=“testrt”; # password for binding
$LdapBase=""; # search base
$LdapUidAttr=“uid”; # attribute for RT user name
$LdapFilter="(objectclass=*)"; # additional filter
$LdapMap = { # mapping LDAP attributes to RT3

‘RT user paramater’ => ‘LDAP entry’,

            'Name'                  => $RT::LdapUidAttr,
            'EmailAddress'          => 'mail',
            'RealName'              => 'cn',
            'Department'            => 'departmentNumber',
       };

The testrt user was created to test user binding (we are unsure if we are to bind as a specific user and then search the database for authentication or not). We’ve tried doing it leaving those two user fields blank. We’ve tried playing around with case (out of desperation) and have had no luck.

If anyone has any documentation on this subject, we would be eternally grateful. Links leading to possible guides have always turned up dead. Thank you for your time.

a message of 33 lines which said:

We are using the LDAP overlay script (found in the contrib section
of best practical) and cannot get it to work correctly.

I use it (with great satisfaction) against an OpenLDAP server so be
patient, there is hope.

$LdapServer=“999datdsr004.ittesi.com”; # LDAP server for

I assume that:

  1. you tested it with ldapsearch to check it works OK?

  2. you examined its log to see if RT is actually sending something (I
    do not know iPlanet but, with OpenLDAP, just logging the requests
    solve 99 % of LDAP authentication problems)?

$LdapBase=""; # search base

Are you sure? You certainly have a root like ‘dc=yourschool,dc=edu’.

The testrt user was created to test user binding (we are unsure if
we are to bind as a specific user and then search the database for
authentication or not).

My LDAP server allows anonymous requests so I do not use this.

We’ve tried doing it leaving those two user fields blank. We’ve
tried playing around with case (out of desperation) and have had no
luck.

Examine the log of the LDAP server and the log of RT (in Apache’s log
file).