Here's my RT_SiteConfig:
# Any configuration directives you include here will override # RT's default configuration file, RT_Config.pm # # To include a directive here, just copy the equivalent statement # from RT_Config.pm and change the value. We've included a single # sample value below. # # This file is actually a perl module, so you can include valid # perl code, as well. # # The converse is also true, if this file isn't valid perl, you're # going to run into trouble. To check your SiteConfig file, use # this comamnd: # # perl -c /path/to/your/etc/RT_SiteConfig.pm Set( $rtname, 'helpdesk.uttyler.edu'); 1; ### What auth methods do you like and in what order? #Set($AuthMethods, ['LDAP', 'Internal']); Set($AuthMethods, ['LDAP']); ### LDAP Settings # # There are two different branches of this: LdapAuth* and LdapInfo*; # additionally, most of the old Ldap* variables are honored, too. # # This means if you only have one LDAP server/config you can just set # "LdapServer", "LdapUser", etc. and they will be used for both # authentication and information ### Enable/Disable LDAP services Set($LdapExternalAuth, 1); Set($LdapExternalInfo, 1); ### Common Settings: affecting both auth and info services # Should we create accounts for users who aren't in LDAP? Set($LdapAutoCreateNonLdapUsers, 1); # Map RT attributes to LDAP attributes # ### THE MAPPING BELOW WILL NOT WORK FOR YOU UNLESS YOU CHANGE ### IT TO MATCH YOUR LDAP SCHEMA! See http://wiki.bestpractical.com/?LdapAttrMap ### to learn how to set this variable properly for either LDAP or Windows ### Active Directory. Set($LdapAttrMap, {'Name' => 'uid', 'EmailAddress' => 'mail', 'Organization' => 'o', 'RealName' => 'cn', 'ExternalContactInfoId' => 'dn', 'ExternalAuthId' => 'uid', 'Gecos' => 'uid', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'ou', 'Address2' => 'physicalDeliveryOfficeName'} ); # A list of RT attrs which can uniquely identify a user, # ordered from most to least preferred. Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 'Address2'] ); # A list of LDAP attrs to examine when canonicalizing email addresses, # ordered from most to least preferred Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress', 'mailAlternateAddress'] ); # A list of prefixes to apply to email address matches. # Windows 2003 AD uses prefixes or smtp: or SMTP:. # If not required just leave '' Set($LdapEmailAttrMatchPrefix, ['', 'smtp:', 'SMTP:'] ); # The basics; if set, these override $RT::LdapAuth* and $RT::LdapInfo* Set($LdapServer, 'ldap.uttyler.edu'); Set($LdapBase, 'ou=People,dc=uttyler,dc=edu'); Set($LdapFilter, '(objectclass=uid)'); # Windows 2003 Active Directory does not allow anonymous LDAP binding # thus you must pass Net::LDAP a username and password that has # access to read the directory. # # You may also need to specify the full distinguished name instead of # just a username for LdapUser below. # e.g. cn=Username,cn=Users,dc=yourdomain,dc=com # Set($LdapUser, 'uid=<our RT user>,ou=<our RT OU>,dc=uttyler,dc=edu'); Set($LdapPass, '********'); # This filter is used by RT::User::UpdateFromLdap to test whether an # LDAP user's RT account should be disabled. Any user whose LDAP record # passes this filter (returns true) will be disabled at login Set($LdapDisableFilter, '(employmentStatus=Terminated)'); # If you set these, only members of this group can auth via LDAP #Set($LdapGroup, 'cn=RT,ou=Group,dc=example,dc=com'); #Set($LdapGroupAttr, 'uniqueMember'); # These turn on SSL for LDAP #Set($LdapTLS, 0); #Set($LdapSSLVersion, 3); ### IF YOU USE THE SAME LDAP SERVER FOR AUTH AND INFO STOP HERE ### ### Authentication settings # # These are used only if their $RT::Ldap* analogs are not set; # if you want one of these variables to be honored, you must comment # out the corresponding $RT::Ldap* variable above #Set($LdapAuthServer, 'ldap.example.com'); #Set($LdapAuthBase, 'ou=People,dc=example,dc=com'); #Set($LdapAuthFilter, "(objectclass=posixAccount)"); #Set($LdapAuthUser, ''); #Set($LdapAuthPass, ''); # This filter is used by RT::User::UpdateFromLdap to test whether an # LDAP user's RT account should be disabled. Any user whose LDAP record # passes this filter (returns true) will be disabled at login # Set($LdapAuthDisableFilter, '(employmentStatus=Terminated)'); # If you set these, only members of this group can auth via LDAP #Set($LdapAuthGroup, 'cn=RT,ou=Group,dc=example,dc=com'); #Set($LdapAuthGroupAttr, 'uniqueMember'); # These turn on SSL for LDAP #Set($LdapAuthTLS, 0); #Set($LdapAuthSSLVersion, 3); ### Information settings # # These are used only if their $RT::Ldap* analogs are not set; # if you want one of these variables to be honored, you must comment # out the corresponding $RT::Ldap* variable above #Set($LdapAuthServer, 'ldap.example.com'); #Set($LdapAuthBase, 'ou=People,dc=example,dc=com'); #Set($LdapAuthFilter, "(objectclass=posixAccount)"); #Set($LdapAuthUser, ''); #Set($LdapAuthPass, ''); # This filter is used by RT::User::UpdateFromLdap to test whether an # LDAP user's RT account should be disabled. Any user whose LDAP record # passes this filter (returns true) will be disabled at login # Set($LdapAuthDisableFilter, '(employmentStatus=Terminated)'); # If you set these, only members of this group can auth via LDAP #Set($LdapAuthGroup, 'cn=RT,ou=Group,dc=example,dc=com'); #Set($LdapAuthGroupAttr, 'uniqueMember'); # These turn on SSL for LDAP #Set($LdapAuthTLS, 0); #Set($LdapAuthSSLVersion, 3); ### Information settings # # These are used only if their $RT::Ldap* analogs are not set; # if you want one of these variables to be honored, you must comment # out the corresponding $RT::Ldap* variable above #Set($LdapInfoServer, 'ldap.example.com'); #Set($LdapInfoBase, 'ou=People,dc=example,dc=com'); #Set($LdapInfoFilter, "(objectclass=posixAccount)"); #Set($LdapInfoUser, ''); #Set($LdapInfoPass, ''); # This filter is used by RT::User::UpdateFromLdap to test whether an # LDAP user's RT account should be disabled. Any user whose LDAP record # passes this filter (returns true) will be disabled at login # Set($LdapInfoDisableFilter, '(employmentStatus=Terminated)'); # These turn on SSL for LDAP #Set($LdapInfoTLS, 0); #Set($LdapInfoSSLVersion, 3); Tim Crouch Systems Administrator Campus Computing Services University of Texas at Tyler 903-566-7476 chaim rieger <[EMAIL PROTECTED]> 03/20/07 05:10 PM To [EMAIL PROTECTED] cc [email protected] Subject Re: [rt-users] LDAP auth failing [EMAIL PROTECTED] wrote: > I have just installed RT 3.6.1 on FC6. I have read the WIKI on LDAP Auth > but am not able to get a successful auth. This is the error I get in my > logs: > > [error]: FAILED LOGIN for username from xxx.xxx.xxx.xxx > (/opt/rt3/share/html/autohandler:238) > > I added the LdapSiteConfigSettings as per the Wiki > > I configured my LDAP settings per the Wiki, but to no avail. Any help out > there? > > can you post the lines from SiteConfig. -- -- Chaim Rieger _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
