Re: [rt-users] Question about LdapOverlay and Windows Active Directory

[Dario Luis Coneglian Oliveros]

How can I set anything in UserObj (see previous message) if the code snippet below (User_Overlay.pm) does not allow that ? sub _Set {     ...     if ( ($self->Id == $RT::SystemUser->Id )  ||          ($self->Id == $RT::Nobody->Id)) {         return ( 0, $self->loc("Can not modify system users") );     }     ... } And if this cannot be set, then the LDAP filter will not be created successfully since sAMAccountName value will be missing. I wonder why some of you got the auto creation working. To prove my theory, I commented out the lines above and the SetName operation worked fine. I think I am missing something, but can't figure out what. Please help me understand how you got the auto creation working. Thanks, Dário Dario Luis Coneglian Oliveros wrote: I noticed the user name is not being set in Auth callback. my $UserObj = RT::User->new($RT::SystemUser); my ($val, $msg) = $UserObj->SetName($user); When printing $msg from above, I get 'Can not modify system users'. Any clues ? Dario Luis Coneglian Oliveros wrote: I finally got it working !!! It was configuration data issues (cn, ou, ...). Thanks to everyone !!! To solve that, I installed Softerra Ldap Browser to get the correct LDAP settings and also to do some LDAP searchs. Special thanks to Joachim and Helmuth. Now everything looks fine, except for the user auto creation. When trying to login with a LDAP user who does not exist in RT database yet, the user authentication fails. Somehow the LDAP filter got messed up and the sAMAccountName is not filled. Starting from the Auth callback, the IsPassword method is called and it does, the filter gets created before LDAP search. autohandler/Auth callback: unless ($session{'CurrentUser'}) { if (defined ($user) && defined ($pass) ) { $session{'CurrentUser'} = RT::CurrentUser->new(); $session{'CurrentUser'}->Load($user); unless ($session{'CurrentUser'}->Id) { // IT GETS HERE IF USER DOES NOT EXIST IN RT DB my $UserObj = RT::User->new($RT::SystemUser); my ($val, $msg) = $UserObj->SetName($user); if ($UserObj->IsPassword($pass)) { // CALL IsPassword in User_Local.pm ... User_Local.pm sub IsLDAPPassword { ... my $filter_string = '(&(' . $RT::LdapAttrMap->{'Name'} . '=' . $self->Name . ')' . $ldap_filter . ')'; // filter_string = (&(sAMAccountName=)(objectclass=user))        ... } Not sure why sAMAccountName is empty. If I create the same user locally in RT and log in again, the LDAP authentication will be OK. Any help will be appreciated. Regards, Dário Helmuth Ramirez wrote: One thing that got me (due to my COMPLETE LAMP newness) was installing the Net::LDAP module. The other thing I did differently was my objectclass=user not PosixAccount -----Original Message----- From: Dario Luis Coneglian Oliveros [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 20, 2006 2:13 PM To: Helmuth Ramirez Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Question about LdapOverlay and Windows Active Directory Hi Helmuth, That's the one I looked at, but even though I could not get it working. Whenever I try to login, I got the following error: RT::User::IsLDAPPassword search for (&(sAMAccountName=oliveros)(objectclass=posixAccount)) failed: LDAP_REFERRAL 10 (/l/disk0/tools/rt/local/lib/RT/User_Local.pm:177 I am not sure whether it's just a configuration problem or not. Do you happen to know what this error means ? FYI the only step I did not follow in the "New Installs" section of http://wiki.bestpractical.com/?LDAP was #4, which is optional. Thanks, Dário Helmuth Ramirez wrote: There were two ways of doing it in the Wiki...one I failed miserably with, the one that worked for me was this one: http://wiki.bestpractical.com/?LDAP -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dario Luis Coneglian Oliveros Sent: Thursday, July 20, 2006 1:41 PM To: rt-users@lists.bestpractical.com Subject: [rt-users] Question about LdapOverlay and Windows Active Directory Hi there, Has anyone gotten the LdapOverlay working with Windows Active Directory ? Basically I would like to authenticate user against Windows AD without doing it thru Apache. I followed the steps in the section LDAP at RT Wiki, but couldn't get it working yet. Any tips, suggestions or working samples will be appreciated. Thanks, Dário _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html

_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


We're hiring! Come hack Perl for Best Practical: 
http://bestpractical.com/about/jobs.html