I’m attempting to get RT to authenticate users from Active Directory. I’m
currently stuck on the Apache portion of the project. I’m using
Apache::AuthenLDAP and here’s the relevant portion of my httpd.conf:
<Directory /usr/local/rt2/WebRT/html>
AuthName “RT Authentication”
AuthType Basic
PerlSetVar AuthenUidAttrType sAMAccountName
PerlSetVar AuthenBaseDN DC=olchs,DC=org
PerlSetVar AuthenLDAPServer ads.olchs.org
PerlAuthenHandler Apache::AuthenLDAP
require valid-user
I supply the username ‘williams’ (DN: CN=williams,OU=IT,DC=olchs,DC=org) and
my password, Apache always returns a Referral (which I realize comes from
the Active Directory server). If I try changing the base DN to either “” or
“OU=IT,DC=olchs,DC=org” I generally just get a failure in the search portion
of the LDAP lookup and an error about the user not being found.
I’m not sure why I get the referral, if the AD server pointed to by
AuthenLDAPServer doesn’t know about an object, it won’t exist. Is there a
way, from Apache::AuthenLDAP that I can tell the AD Server to chase
referrals?
The following code using Net::LDAP works (it will also return a referral if
I get rid of the ou=IT from the basedn. Although, the results are correct
if I just ignore the return status):
use Net::LDAP;
$ldap = Net::LDAP->new('ads.olchs.org') or die "$@";
$ldap->bind (dn => 'cn=williams,ou=IT,dc=olchs,dc=org',
password => 'xxxxxx');
$mesg = $ldap->search ( # perform a search
base => "ou=IT,dc=olchs,dc=org",
scope => "sub",
filter => "sAMAccountName=williams",
attrs => "*"
);
print $mesg->count;
print $mesg->code;
$mesg->code && die $mesg->error;
foreach $entry ($mesg->all_entries) { $entry->dump; }
$ldap->unbind; # take down session