I’ve been passed a working RT 3.6.6 and asked to add the LDAP
component so that we can authenticate against an Active Directory
So I’ve installed the RT::Authen::ExternalAuth module from CPAN and
used my google-fu to get the configuration started, however at this
point I’m stymied.
Right now local users authenticate, but AD users do not.
When I attempt to authenticate as a AD user, I get these errors:
Sep 19 15:25:59 rt RT: Transaction->Create couldn’t, as you didn’t specify an object type and id (/opt/rt3/lib/RT/Record.pm:1486)
Sep 19 15:25:59 rt RT: My_LDAP AUTH FAILED: gridwayAdmin User not found or more than one user found (/opt/rt3/local/lib/RT/User_Vendor.pm:208)
Sep 19 15:25:59 rt RT: RT::User::IsExternalPassword External Auth Failed: gridwayAdmin (/opt/rt3/local/lib/RT/User_Vendor.pm:294)
Sep 19 15:25:59 rt RT: RT::User::IsInternalPassword AUTH FAILED (no passwd): gridwayAdmin (/opt/rt3/local/lib/RT/User_Vendor.pm:305)
I know that RT is connecting to teh AD because when I change the connecting
password, I get the error:
Sep 19 15:24:47 rt RT: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_CREDENTIALS 49 (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
So I’m presuming I have either incorrectly defined my my ‘base’, my
’filter’ my ‘d_filter’, or my ‘group’.
Here’s what I have. I have a domain, abcsystems.com. Inside
abcsystems.com I have a folder ABC, and under there a folder Users
which is where all the users are. I want to restrict access to users
who are members in the group ‘Request Tracker Users’.
So my definitions look like:
'base' => 'ou=Users,ou=ABC,dc=abcsystems,dc=com', 'filter' => '(objectclass=Person)', 'd_filter' => '(userAccountControl:1.2.840.1135188.8.131.523:=2)', 'group' => 'Request Tracker Users',
I’m probably doing something trivially wrong here since I’m not
familiar with LDAP or AD in any depth.
Can someone point me at a web page that can get me started to
figure this out?