Hi Mike! Thanks for your replies. After i had try what you said in your last mail, i've decide to reinstall a new clean RT, and test only the external authentication plugin.
So, this is a part of my new RT_SiteConfig, with your last recommendations: Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, ['My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 1); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ldap.mydomain', 'user' => 'cn=auth,o=others,dc=blanked,dc=fr', 'pass' => 'xxxxx', 'base' => 'dc=blanked,dc=fr', 'filter' => '(uid=*)', 'd_filter' => 'objectClass=Nothing', 'tls' => 1, 'ssl_version' => 3, 'net_ldap_args' => [ version => 3 ], # 'group' => # 'group_attr' => 'attr_match_list' => ['Name'], 'attr_map' => { 'Name' => 'uid'}, } }); And in my error-rt.log: [Mon Aug 2 09:26:09 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.blank.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [Mon Aug 2 09:26:09 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) I don't understand how to sets the fields "d_filter", "group", "group_attr". Thanks Anthony BRODARD 2010/7/29 Mike Johnson <mike.john...@nosm.ca> > make sure you reply to the list, very important to share all this so others > can learn. > > The only thing I could think of is your LDAP settings are incorrect > somewhere. > > Some things I found when I was setting things up > > > 1. user = the fully qualified CN of the user(ie CN=Mike > Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local > 2. filter and d_filter have to have valid settings > 3. Group/Group_Attr had to have settings. > > I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and > 2 hold true for any LDAP. > > HTH > Mike. > > On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD < > brodard.anth...@gmail.com> wrote: > >> TLS argument is already sets to 1. >> >> I don't know how to see if it's the ldap's server which refuses the >> connection, or it's an other problem. >> >> >> >> 2010/7/29 Mike Johnson <mike.john...@nosm.ca> >> >> Oops, looking at it again, i was looking at the mysql config part, not >>> ldap. >>> >>> i think the only way you can adjust what port you are connecting to >>> through LDAP is specifying if it's TLS or not(I believe TLS is 636? google >>> to confirm). >>> >>> You said you are supposed to be connecting on 636, so set the tls >>> argument in your LDAP settings to 1. >>> >>> restart apache and give it a shot. >>> >>> Good luck! >>> Mike. >>> >>> On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson <mike.john...@nosm.ca>wrote: >>> >>>> If you read the ExternalAuth's RT_SiteConfig.pm in >>>> /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm >>>> >>>> It shows you how to set the port you are connecting on. >>>> >>>> Set that to the port your LDAP server is listening to. >>>> >>>> Good luck >>>> MIke. >>>> >>>> >> > > > -- > Mike Johnson > Datatel Programmer/Analyst > Northern Ontario School of Medicine > 955 Oliver Road > Thunder Bay, ON P7B 5E1 > Phone: (807) 766-7331 > Email: mike.john...@nosm.ca > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com >
Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com