RT authing off of LDAP

I am currently running RT 3.6.6 on Centos 5.0 and I want RT to authorize
users from an LDAP directory (specifically sun one directory). I have tried
the different methods listed on the LDAP wiki page with little success. The
Overly method seems to give the “best” response. When using it I get the
error: [warning]: Transaction->Create couldn’t, as you didn’t specify an
object type and id (/apps/rt3/lib/RT/Record.pm:1488) when I try to login as
a user who does not exist locally in RT. If I create the user in RT (just
the user name. No password or anything else.) I can see in the RT logs it
contacting my ldap server and pulling down all the user info for that user.
I can then login to RT as root and see this info in the users config. But
that user still cannot login because of a auth failure.

Does anyone have any ideas how I can try to fix this???

Thanks,
Louis
Louis Bohm
Jackpot Rewards, Inc.
275 Grove Street, Suite 3-120
Newton, MA 02466
617-795-2850, x. 2343 (office)
978.314.3476 (mobile)
lbohm@jackpotrewardsinc.com mailto:lbohm@jackpotrewardsinc.com
www.JackpotRewards.com http://www.JackpotRewards.com/

Louis Bohm wrote:

I am currently running RT 3.6.6 on Centos 5.0 and I want RT to authorize
users from an LDAP directory (specifically sun one directory). I have tried
the different methods listed on the LDAP wiki page with little success. The
Overly method seems to give the “best” response. When using it I get the
error: [warning]: Transaction->Create couldn’t, as you didn’t specify an
object type and id (/apps/rt3/lib/RT/Record.pm:1488) when I try to login as
a user who does not exist locally in RT. If I create the user in RT (just
the user name. No password or anything else.) I can see in the RT logs it
contacting my ldap server and pulling down all the user info for that user.
I can then login to RT as root and see this info in the users config. But
that user still cannot login because of a auth failure.

Does anyone have any ideas how I can try to fix this???

You will need to set logging level to debug and work through it. There
are a number of places where you can go wrong here and you don’t always
get decent debug messages about it… often it’s a simple config error,
but you may need to add your own debug messages to the overlay to find
out what’s happening.

The most common mistake with this is to not specify an LDAP filter
because you don’t want to filter the results. If that is the case you
will need to specify (objectClass=*) as your LDAP filter.

Also, when did you last look at the LDAP page
(ExternalAuthentication - Request Tracker Wiki)?

I updated it yesterday to take account of the new extension I have added
to CPAN for external authentication which includes a rewrite of the LDAP
User_Local overlay with more debugging statements and better code
commenting as well as the ability to use multiple and/or separate
sources for authentication and information as well as DBI supported
sources such as SQL databases.

Just a thought.
Kind Regards,

Mike Peachey, IT
Tel: +44 (0) 114 281 2655
Fax: +44 (0) 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
http://www.jennic.com
Confidential

Thank you Mike. I did not use your Perl module but the overlay method and
got it to work. It was the LdapFilter that was the last bit I needed.

Thank you very much for suggesting I put one in and for telling me what to
use.

Thanks,
LouisOn 3/26/08 12:58 PM, “Mike Peachey” mike.peachey@jennic.com wrote:

(objectClass=*)

Louis Bohm
Jackpot Rewards, Inc.
275 Grove Street, Suite 3-120
Newton, MA 02466
617-795-2850, x. 2343 (office)
978.314.3476 (mobile)
lbohm@jackpotrewardsinc.com mailto:lbohm@jackpotrewardsinc.com
www.JackpotRewards.com http://www.JackpotRewards.com/